diff --git a/.github/workflows/release-extension.yml b/.github/workflows/release-extension.yml
index 73a16283..94006e97 100644
--- a/.github/workflows/release-extension.yml
+++ b/.github/workflows/release-extension.yml
@@ -10,6 +10,11 @@ on:
         description: 已存在的 release tag，留空则自动按 manifest.json 版本拼成 v{version}
         required: false
         type: string
+      agent_bridge_disclosure_confirmed:
+        description: 如果本版本包含 Agent Bridge，确认已更新 Chrome/Edge/Firefox 商店隐私披露、数据用途说明、用户可见说明和 release note
+        required: false
+        type: boolean
+        default: false
 
 permissions:
   contents: write
@@ -37,9 +42,143 @@ jobs:
       - name: 安装依赖
         run: pnpm install --frozen-lockfile
 
-      - name: 构建扩展
+      - name: Lint
+        run: pnpm run lint
+
+      - name: 构建注入脚本
+        run: pnpm run build:injected
+
+      - name: 单元测试
+        run: pnpm run test:unit
+
+      - name: 类型检查（仓库脚本会刷新 dist）
+        run: pnpm run typecheck
+
+      - name: 文档构建
+        run: pnpm run docs:build
+
+      - name: 发布前刷新扩展 dist
         run: pnpm run build
 
+      - name: 校验发布产物边界
+        shell: bash
+        run: |
+          set -euo pipefail
+
+          node --input-type=module <<'NODE'
+          import { readdirSync, readFileSync, statSync } from 'node:fs'
+          import { basename, join, relative } from 'node:path'
+
+          const root = 'dist'
+          const manifest = JSON.parse(readFileSync(join(root, 'manifest.json'), 'utf8'))
+          const failures = []
+          const agentOnlySourceFiles = [
+            'stackprism-bridge.mjs',
+            'stackprism_bridge.py',
+            'capture-site.mjs',
+            'capture-site-args.mjs',
+            'capture-runtime.mjs',
+            'capture-screenshot-artifact.mjs',
+            'capture-store.mjs',
+            'http-handlers.mjs',
+            'http-server.mjs',
+            'open-browser.mjs',
+            'protocol.mjs',
+            'security.mjs',
+            'url-policy.mjs'
+          ]
+          const agentOnlySourceFileSet = new Set(agentOnlySourceFiles)
+          const agentOnlyPathPatterns = [
+            /(?:^|\/)agent-skill(?:\/|$)/,
+            /(?:^|\/)docs\/superpowers(?:\/|$)/,
+            /(?:^|\/)tests(?:\/|$)/
+          ]
+          const pathBasename = value => basename(String(value || '').replaceAll('\\', '/'))
+          const isAgentOnlySourcePath = path => agentOnlySourceFileSet.has(pathBasename(path))
+
+          if (Object.prototype.hasOwnProperty.call(manifest, 'externally_connectable')) {
+            failures.push('dist/manifest.json must not expose externally_connectable')
+          }
+
+          for (const resource of manifest.web_accessible_resources || []) {
+            for (const path of resource.resources || []) {
+              if (
+                agentOnlyPathPatterns.some(pattern => pattern.test(path)) ||
+                isAgentOnlySourcePath(path) ||
+                path.includes('experience-profiler.iife.js')
+              ) {
+                failures.push(`web_accessible_resources exposes agent-only path: ${path}`)
+              }
+            }
+          }
+
+          const disallowed = [
+            ...agentOnlyPathPatterns,
+            /(?:^|\/)__pycache__(?:\/|$)/,
+            /\.py[co]?$/
+          ]
+
+          const walk = dir => {
+            for (const entry of readdirSync(dir)) {
+              const full = join(dir, entry)
+              const rel = relative(root, full)
+              if (statSync(full).isDirectory()) {
+                walk(full)
+                continue
+              }
+              if (disallowed.some(pattern => pattern.test(rel)) || isAgentOnlySourcePath(rel)) {
+                failures.push(`dist contains agent-only or test artifact: ${rel}`)
+              }
+            }
+          }
+          walk(root)
+
+          if (failures.length) {
+            for (const failure of failures) console.error(`::error::${failure}`)
+            process.exit(1)
+          }
+          NODE
+
+      - name: 校验 Agent Bridge 发布披露确认
+        shell: bash
+        env:
+          AGENT_BRIDGE_DISCLOSURE_CONFIRMED: ${{ inputs.agent_bridge_disclosure_confirmed }}
+        run: |
+          set -euo pipefail
+
+          node --input-type=module <<'NODE'
+          import { readFileSync } from 'node:fs'
+          import { join } from 'node:path'
+
+          const manifest = JSON.parse(readFileSync(join('dist', 'manifest.json'), 'utf8'))
+          const bridgeMatches = entry => (entry.matches || []).includes('http://127.0.0.1/*')
+          const hasAgentBridgeContentScript = (manifest.content_scripts || []).some(entry =>
+            bridgeMatches(entry) && (entry.js || []).some(path => path.includes('agent-bridge'))
+          )
+          const hasAgentBridgeResource = (manifest.web_accessible_resources || []).some(entry =>
+            bridgeMatches(entry) && (entry.resources || []).some(path => path.includes('agent-bridge'))
+          )
+
+          if (!hasAgentBridgeContentScript && !hasAgentBridgeResource) {
+            process.exit(0)
+          }
+
+          const eventPath = process.env.GITHUB_EVENT_PATH
+          const event = eventPath ? JSON.parse(readFileSync(eventPath, 'utf8')) : {}
+          const releaseBody = event.release?.body || ''
+          const workflowDispatchConfirmed = process.env.AGENT_BRIDGE_DISCLOSURE_CONFIRMED === 'true'
+          const releaseBodyConfirmed = /\[(x|X)\]\s*Agent Bridge disclosure confirmed/.test(releaseBody)
+
+          if (workflowDispatchConfirmed || releaseBodyConfirmed) {
+            process.exit(0)
+          }
+
+          console.error(
+            '::error::Agent Bridge is present in dist. Confirm Chrome Web Store / Edge Add-ons / Firefox Add-ons privacy disclosure, user-visible data-use text, and release notes before packaging. For workflow_dispatch set agent_bridge_disclosure_confirmed=true; for release events add a checked release-note line: [x] Agent Bridge disclosure confirmed.'
+          )
+          process.exit(1)
+          NODE
+
       - name: 读取版本号并校验
         id: meta
         shell: bash
diff --git a/.gitignore b/.gitignore
index f900e0cf..c7e9fb21 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,6 +1,7 @@
 # Local dependencies and caches
 node_modules/
 .cache/
+cache/
 .parcel-cache/
 .vite/
 docs/.vitepress/cache/
@@ -15,6 +16,7 @@ release/
 releases/
 artifacts/
 public/injected/
+vite.config.ts.timestamp-*.mjs
 *.zip
 *.crx
 *.xpi
@@ -33,9 +35,15 @@ pnpm-debug.log*
 # Local-only scripts and scratch tools
 tools/
 scripts/
+!agent-skill/
+!agent-skill/**/
+!agent-skill/**/scripts/
+!agent-skill/**/scripts/**
 tmp/
 temp/
 *.local.*
+__pycache__/
+*.py[cod]
 
 # Editor and OS files
 .DS_Store
diff --git a/.prettierignore b/.prettierignore
index 4833d71e..4239737c 100644
--- a/.prettierignore
+++ b/.prettierignore
@@ -1,4 +1,5 @@
 node_modules/
+!agent-skill/**/scripts/**
 dist/
 build/
 release/
diff --git a/AGENTS.md b/AGENTS.md
new file mode 100644
index 00000000..a4ea2f98
--- /dev/null
+++ b/AGENTS.md
@@ -0,0 +1,139 @@
+# AGENTS.md - StackPrism 仓库执行约束
+
+## 1. 沟通与事实边界
+
+- 全程使用中文沟通，答案直接收束当次诉求，不附加无关建议。
+- 结论必须基于代码、测试、构建、日志、浏览器验证或 git 证据，不凭印象判断。
+- 本仓库是基于 Vite、Vue 3、TypeScript、`@crxjs/vite-plugin` 的 Chrome/Edge Manifest V3 扩展。不要套用 Rust、Python、后端服务或数据库项目流程。
+- 阶段目标优先级：先保证检测、消息、构建和导出行为等价，再考虑性能优化、压缩体积和基准测试。
+- 禁止为“先跑通”添加隐藏回退、静默容错、假成功 Mock 或吞异常继续的路径。失败必须显式暴露到错误、日志、状态或失败测试。
+
+## 2. 任务来源与原子边界
+
+- 当前仓库没有固定的 `issues.csv` 或 `tasks.md`。默认任务来源按优先级为：用户当前明确指令、已确认的 GitHub issue/PR、正在执行的 `docs/superpowers/plans/` 计划。
+- `docs/reviews/` 是验证与审计记录目录，不是默认任务驱动源。若用户明确指定某份审计报告或阶段计划，则以该文件中的未完成项作为当前边界。
+- 每次只处理一个原子任务。开始前先确认目标文件、验收标准和最小验证命令；发现范围扩大时先记录事实，再等待明确指令或单独开新任务。
+- 不并行开发多个任务，不顺手修无关问题。可在回复或审计文档中记录遗漏，但不要混进当前 diff。
+- 修改前先看 `git status --short --branch`。工作区可能已有用户改动，禁止回滚或覆盖非本次改动。
+- 每个原子任务结束前必须自审：对照验收标准、对照审查要求、运行最小相关验证、用 `git diff --name-only` 确认无范围外残余。
+
+## 3. 最新认知索引
+
+- 架构总览优先查 `docs/dev/architecture.md`。
+- 规则格式与贡献约束优先查 `docs/dev/rule-format.md` 和 `docs/dev/contribute-rules.md`。
+- Agent Bridge 当前设计优先查 `docs/dev/agent-bridge.md`。
+- Agent Bridge 阶段计划优先查 `docs/superpowers/plans/2026-05-21-stackprism-agent-bridge-plan.md`。
+- Agent Bridge 当前验证状态优先查 `docs/reviews/CR-AGENT-BRIDGE-E2E-2026-05-22.md`。
+- README 面向用户安装、规则维护、功能说明；当 README 和代码事实冲突时，以代码事实和最新验证记录为准，并同步回写文档。
+
+## 4. 仓库结构速查
+
+- `src/background/`：MV3 service worker、消息路由、检测调度、规则加载、tab 缓存、响应头采集、Agent Bridge 捕获编排。
+- `src/content/`：content script，负责 DOM、资源、交互与 Agent Bridge 传输。
+- `src/injected/`：注入到页面 MAIN world 的检测脚本，由 `build-scripts/build-injected.mjs` 单独构建为 IIFE。
+- `src/ui/`：popup、settings、help 三个 Vue 页面及共享组件、样式 token。
+- `src/types/`：跨脚本共享类型，尤其是 `messages.ts`、`rules.ts`、`settings.ts`、`popup.ts`。
+- `src/utils/`：共享 helper。跨 background、content、ui 使用前确认不会引入不兼容的 Chrome 或 DOM 运行时依赖。
+- `public/rules/`：技术识别规则 JSON。规则变更优先只改数据文件，除非现有 matcher 无法表达需求。
+- `public/tech-links.json`：技术名到官网链接映射。
+- `agent-skill/stackprism-site-experience/`：仓库内 Agent Bridge skill 包，不会自动安装到全局 skill registry。
+- `docs/`：VitePress 文档。
+- `dist/` 和 `docs/.vitepress/dist/` 是构建产物，除非任务明确要求，不纳入提交。
+
+## 5. 开发命令
+
+- 安装依赖：`pnpm install`
+- 开发服务：`pnpm run dev`
+- 注入脚本构建：`pnpm run build:injected`
+- 生产构建：`pnpm run build`
+- 单元测试：`pnpm run test:unit`
+- 类型与构建检查：`pnpm run typecheck`
+- Lint：`pnpm run lint`
+- 文档开发：`pnpm run docs:dev`
+- 文档构建：`pnpm run docs:build`
+- 技术链接检查：`pnpm run check:links`
+
+验证优先级按风险选择：小工具函数改动至少跑相关 `node --test` 或 `pnpm run test:unit`；类型、消息协议、构建链路、manifest、规则预编译、注入脚本相关改动至少跑 `pnpm run typecheck` 或 `pnpm run build`；文档站改动跑 `pnpm run docs:build`。浏览器扩展可加载性以 `pnpm run build` 后的 `dist/manifest.json` 和加载 `/Volumes/Work/code/stackprism-1.3.70/dist` 为准。
+
+## 6. MV3、消息协议与运行时约束
+
+- Service worker 不是常驻进程。不要依赖内存中的长期状态；需要跨事件保留的数据优先使用 `chrome.storage.session` 或已有缓存模块。
+- 所有跨脚本消息必须经过 `src/types/messages.ts` 的 discriminated union 和 `src/utils/messaging.ts`。新增消息要同步更新类型、发送端、接收端和测试。
+- `src/injected/*` 不能依赖扩展上下文 API。注入脚本通过 IIFE 文件注入页面 MAIN world，输入输出边界必须显式、可序列化。
+- 不要把 `public/rules/` 或 `public/tech-links.json` 直接 `import` 进 runtime bundle；运行时通过 `chrome.runtime.getURL` 与 `fetch` 加载，避免 service worker 冷启动膨胀。
+- 主动检测、动态快照、tab 状态和 popup 缓存改动要考虑标签页切换、页面跳转、URL 最终态、Chrome 系统页不可注入、service worker 重启。
+- 修改 Agent Bridge、active tab、capture 或 profile 传输逻辑时，必须显式覆盖目标 URL 校验、最终 URL 校验、tab 关闭、扩展重载、service worker 重启、超时、取消和重复提交边界。
+
+## 7. 规则、数据格式与报告 schema
+
+- 规则 JSON 的文件清单由 `public/rules/index.json` 管理。新增或移动规则文件必须同步清单。
+- 规则字段、分组和置信度参考 `docs/dev/rule-format.md` 与 `docs/dev/contribute-rules.md`。
+- 优先使用高特征信号：专属响应头、专属资源 URL、`meta generator`、明确全局变量、专属 selector、官方 SDK 包名。
+- 避免短 keyword、宽泛 regex 和裸 `html` 命中。拿不准时降低置信度，并补充能复现误报边界的测试或说明。
+- 处理 JSON、manifest、消息 payload、导出报告、Agent Bridge profile schema 时，必须明确字段顺序、类型和含义；相关测试要覆盖缺字段、空值、错位和兼容分支。
+- 复制报告功能的边界是“当前弹窗结果”，不是未过滤的全部检测结果；不要把 raw JSON、完整原始线索和完整技术栈报告混成同一个交互面。
+
+## 8. Agent Bridge 安全与隐私边界
+
+- Agent Bridge 默认关闭，只能由用户在扩展设置中显式启用。
+- 本机 bridge 只能绑定 `127.0.0.1`。API token 只允许保存在进程内或请求头中，禁止写入源码、文档示例的真实值、日志或测试 fixture。
+- `bridgeToken`、nonce、capture id 只能绑定一次捕获流程。不得复用旧 token，不得把失败捕获伪装成成功 profile。
+- 目标 URL 仅允许 `http:` 和 `https:`。私有网络目标必须显式设置 `allowPrivateNetworkTarget`，默认 fail closed。
+- 禁止采集或输出 Cookie、Authorization、localStorage/sessionStorage 明文、完整敏感文本、签名 URL 和账号私密内容。
+- 首版信任边界是“本机用户启动的 bridge 进程和当前浏览器 profile”。不要宣称它能防同机恶意进程或同 profile 其他恶意扩展。
+
+## 9. UI 与前端约束
+
+- UI 改动遵循现有 Vue 单文件组件、组合式 API 和 `src/ui/tokens.css` 设计 token，不引入新的状态管理库。
+- popup、settings、help 是独立扩展页面。共享状态以 `chrome.storage.sync`、消息协议或明确的 utility 表达，不假设页面间共享内存。
+- 控件优先复用 `src/ui/components/` 现有组件。按钮、输入、选择器、复选框和主题切换要保持现有视觉密度和键盘可用性。
+- 不在界面上加入解释功能实现、快捷键或内部机制的说明性文字，除非产品本身需要。
+- UI 文案必须区分当前弹窗结果、完整原始线索、完整技术栈报告和 Agent Bridge profile，不用同一词描述不同数据面。
+
+## 10. 代码质量红线
+
+- 只改当前原子任务需要的文件。提交前用 `git diff --name-only` 确认没有范围外残余。
+- 函数尽量保持短小，超过约 50 行应优先拆分。嵌套超过 3 层时用卫语句或提取函数降低复杂度。
+- 不硬编码密钥、私有路径、用户环境或只为测试成立的假设。
+- 外部输入包括页面 DOM、URL、响应头、storage、用户自定义规则、剪贴板内容、本机 bridge 请求和导入的 JSON，必须在边界处校验或规范化。
+- 代码、注释、日志、Markdown 文档中禁止使用 Emoji 或装饰性 Unicode 符号。列表用 `-`、`*` 或数字，强调用 Markdown 加粗。
+- 注释只解释非直观原因、协议约束或复杂边界；不要复述代码做了什么。
+
+## 11. 测试与验证记录
+
+- 测试放在 `tests/*.test.mjs` 或现有测试目录，不在 `src/` 内新增内联测试块。
+- Node 测试使用仓库脚本 `pnpm run test:unit`，该脚本已设置 `--test-timeout=60000`。
+- 对消息协议、Agent Bridge、manifest、报告格式、规则匹配、动态采集等行为改动，优先新增或更新自动化测试。
+- 结构化数据、规则 JSON、manifest、profile schema、报告 schema 的变更必须有格式校验或契约测试，至少覆盖缺字段、错字段类型、空值和多版本兼容分支。
+- 无法运行完整验证时，必须说明未运行的命令、原因和剩余风险。不得把局部测试通过表述成真实浏览器环境已通过。
+- 主线回归或阶段验收应记录到 `docs/reviews/`，包含命令、退出码、通过或失败摘要、跳过原因和未覆盖风险。
+
+## 12. Code Review 模式
+
+- 当任务标题或用户请求包含 `Code Review`、`review`、`审计`、`检查未提交更改` 时，先进入只读审查：读取 `git status`、`git diff`、相关文件和可用测试结果。
+- 审查输出优先列问题，按严重程度排序，绑定具体文件和行号。没有问题时明确说明，并列出未覆盖的验证缺口。
+- 正式审计报告写入 `docs/reviews/CR-{ID}.md` 或用户指定路径。若发现严重问题，在报告中列出后续修复任务；只有用户明确要求时才修改业务代码。
+- 若用户要求“review 并修复”，先给发现，再实施明确可验证的修复。
+
+## 13. Skills 使用规则
+
+- 开始任务前只需轻量确认仓库内可用技能文档。当前已知 repo-local skill 是 `agent-skill/stackprism-site-experience/SKILL.md`。
+- 当任务需要通过用户已安装的 StackPrism 扩展采集目标网站体验 profile 时，必须阅读并遵循该 skill。
+- JavaScript bridge 优先使用 `node agent-skill/stackprism-site-experience/scripts/stackprism-bridge.mjs`；仅当 Node 不可用时使用 Python fallback。
+- bridge stdout 只能读取 ready JSON 行；普通日志和启动错误应在 stderr。解析失败要显式报错，不得继续伪造 ready 状态。
+- 启用技能时在沟通中声明技能名称与用途。
+
+## 14. 提交与文件卫生
+
+- 每个原子任务单独提交。提交信息说明实际改动，不使用泛泛标题。
+- 提交前至少检查：`git status --short`、`git diff --name-only`、相关测试或构建命令。
+- 不提交临时文件、日志、缓存、个人配置、`dist/`、`docs/.vitepress/dist/`、`node_modules/`。
+- PR-only 截图或演示资产不要留在主项目 diff 中；如需保留，使用单独资产分支或用户指定位置。
+- 分支创建默认使用 `codex/` 前缀，除非用户指定其它命名。
+
+## 15. 历史踩坑备忘
+
+- 安装扩展时必须给出真实构建产物路径：`/Volumes/Work/code/stackprism-1.3.70/dist`，不要只说 `dist/`。
+- `typecheck` 会触发生产构建；报告验证结果时要说明它覆盖了 `vue-tsc --noEmit` 和 `pnpm build`。
+- Agent Bridge 不能只靠单元测试宣称完成真实 E2E；真实浏览器加载、目标捕获、profile 轮询和扩展重启边界必须单独验证或记录缺口。
+- 文档、README、guide 和 UI 文案必须同步区分 raw JSON、完整原始线索、当前弹窗结果和完整技术栈报告。
diff --git a/PRIVACY.md b/PRIVACY.md
index 81261794..3647fe7a 100644
--- a/PRIVACY.md
+++ b/PRIVACY.md
@@ -8,7 +8,7 @@ StackPrism / 栈棱镜(以下简称「本扩展」)是一款基于 Chrome / Edge
 
 ## 访问的数据
 
-为了实现「识别您当前访问页面所使用的技术栈」这一唯一功能,本扩展会在您主动访问网页时**本地读取**以下信息。所有读取到的内容**仅在您的浏览器内存或 chrome.storage 中处理**,绝不会离开您的浏览器。
+为了实现「识别您当前访问页面所使用的技术栈」这一核心功能,本扩展会在您主动访问网页时**本地读取**以下信息。默认情况下，所有读取到的内容**仅在您的浏览器内存或 chrome.storage 中处理**。只有当您在设置页显式启用 Agent Bridge 时，浏览器侧可观测的技术栈与体验摘要才会发送到您本机 `127.0.0.1` 上的 bridge 进程，供本机 Agent 读取。
 
 ### 1. 网站内容
 
@@ -34,12 +34,14 @@ StackPrism / 栈棱镜(以下简称「本扩展」)是一款基于 Chrome / Edge
 
 - **识别结果**:仅存储在 `chrome.storage.session`,浏览器关闭即销毁,且每个标签页独立保存
 - **您的设置**(禁用的分类、黑名单技术名、自定义规则、主题偏好等):存储在 `chrome.storage.sync`,由浏览器加密同步至您的 Google / Microsoft 账号,本扩展**无法访问**您账号内的任何其他数据
+- **Agent Bridge 启用状态**:仅存储在当前浏览器 profile 的本机 `chrome.storage.local`,不会随 Chrome sync 同步到其他设备、其他浏览器或其他 profile。换设备、换浏览器 profile 或重装扩展后，需要在设置页重新显式启用
 - 本扩展**不**存储完整页面 HTML、Cookie 完整值、登录凭据、表单填写内容、密码或任何其他敏感信息
 
 ## 数据传输
 
 - 本扩展**不会**向任何远程服务器上传您的浏览数据、识别结果、个人信息或任何其他数据
 - 没有遥测、没有广告 SDK、没有第三方分析、没有错误上报到云端
+- 若您在设置页显式启用 Agent Bridge，本扩展可以把当前浏览器可观测的技术栈与体验摘要发送到您本机 `127.0.0.1` 上由您或本机 Agent 启动的 bridge 进程。该能力默认关闭，不会向远程服务器发送数据，也不会采集 Cookie、Authorization、localStorage/sessionStorage 明文或完整敏感文本。本版本不防同机恶意进程伪造兼容 bridge，也不把 DOM 中的 bridge token 视为对其他已安装扩展保密。
 - 扩展只发起两类网络请求,**均不**携带您的任何身份信息或浏览数据:
   1. 异步抓取**您当前访问页面自身已经加载的**少量 JS 文件首段(走浏览器缓存,不增加额外网络流量),用于在本地扫描该 JS 中的版权注释和 OAuth 入口 URL
   2. 技术品牌图标**优先从本扩展内置的图标库读取**(已离线打包 1300+ 主流技术的 SVG / PNG,不发起任何网络请求);仅当某项技术不在内置图标库中时,才会从 `cdn.simpleicons.org` 拉取兜底(请求体只包含一个公开技术名 slug,例如 react / vuedotjs / docker,不含您正在访问的页面 URL、识别结果或任何个人信息);CDN 如果 2 秒内未加载成功,扩展会自动回落到本地生成的首字母色块,绝不阻塞识别流程
diff --git a/README.md b/README.md
index 6de9bc7d..39e3c71e 100644
--- a/README.md
+++ b/README.md
@@ -10,31 +10,26 @@
 [![Platform](https://img.shields.io/badge/Platform-Chrome%20%7C%20Edge%20%7C%20Firefox-26A69A)](#安装)
 [![PRs welcome!](https://img.shields.io/badge/PRs-Welcome-FF6F61)](https://github.com/setube/stackprism/issues)
 
-# StackPrism / 栈棱镜 —— 网页技术栈识别浏览器扩展
+# StackPrism / 栈棱镜
 
-> 从页面运行时、DOM、资源 URL、响应头、动态加载和源码版权注释 6 个维度收集线索,把站点用的前后端栈分门别类列清楚。
+> 浏览器里的网页技术栈识别与体验采集工具。
 
-[简介](#简介) • [功能特性](#功能特性) • [规则维护](#规则维护) • [注意事项](#注意事项) • [参与共建](#参与共建) • [赞助者](SPONSORS.md) • [星标趋势](#星标趋势) • [开源协议](#开源协议)
+[简介](#简介) • [安装](#安装) • [Agent Bridge](#agent-bridge) • [规则维护](#规则维护) • [参与共建](#参与共建) • [开源协议](#开源协议)
 
 </div>
 
 ## 简介
 
-StackPrism(以下简称 **栈棱镜**)是一款基于 **Manifest V3** 的网页技术栈识别扩展,支持 **Chrome / Edge / Firefox**。
+StackPrism 是一款基于 **Manifest V3** 的网页技术栈识别扩展，支持 **Chrome / Edge / Firefox**。它从页面运行时、DOM、资源 URL、响应头、动态资源和 JS 版权注释中收集证据，把前端、后端、CDN、SaaS、统计、支付、登录、CMS 等线索按类目展示。
 
-不同于市面上多数只看 HTML 资源 URL 的同类工具,栈棱镜把检测拆成 4 个独立通道并行收集线索:
+检测链路分成 4 个互补通道：
 
-- **静态扫描**:页面加载时由注入脚本扫 DOM、全局变量、CSS 类名、CSS 变量、`<meta>`
-- **响应头观察**:Service Worker 监听 `webRequest.onHeadersReceived`,捕获主文档/XHR/iframe 的响应头与 HTTP 版本
-- **动态资源监听**:content script 用 `PerformanceObserver` + `MutationObserver` 累积页面交互后新加载的脚本/样式/iframe/feed
-- **JS 版权注释扫描**:后台异步抓主 bundle 的开头版权注释,识别打包进 `index/main/vendor` chunk 的第三方依赖
+- **静态扫描**：DOM、全局变量、CSS 类名、CSS 变量、`<meta>`
+- **响应头观察**：主文档、XHR、iframe 的响应头与 HTTP 版本
+- **动态资源监听**：交互后新增脚本、样式、iframe、feed
+- **源码版权注释扫描**：主 bundle 开头注释中的第三方依赖
 
-4 路结果合并去重后,按 50+ 个类目分组展示,并对**伪造响应头、自指检测、模糊误报**等场景做了主动收敛。
-
-### 技术特性
-
-- **MV3 service worker 架构**:无后台常驻进程,事件驱动,内存占用低
-- **规则即数据**:50+ 个 JSON 规则文件(`public/rules/`)集中维护,构建期预编译 hint prefilter 与 keyword 合并正则,运行时只跑命中候选
+结果会合并去重并按 50+ 个类目分组，同时对伪造响应头、自指检测、宽泛关键词误报做主动收敛。
 
 ### 识别覆盖
 
@@ -47,9 +42,9 @@ StackPrism(以下简称 **栈棱镜**)是一款基于 **Manifest V3** 的网页
 | 营销   | 广告 / 营销 / 统计 / 分析 / 标签管理            |
 | 安全   | HTTPS / HTTP/2 / HTTP/3 / CSP / Cookie 同意     |
 
-### 安装
+## 安装
 
-**从源码加载**(开发模式):
+从源码加载：
 
 ```bash
 git clone https://github.com/setube/stackprism.git
@@ -62,37 +57,62 @@ pnpm run build:firefox    # Firefox
 **Chrome / Edge:**
 
 1. 打开 `chrome://extensions` 或 `edge://extensions`
-2. 右上角开启「开发者模式」
-3. 点「加载已解压的扩展程序」,选 `dist/` 目录
-4. 访问任意网页,扩展图标显示识别数量
+2. 开启「开发者模式」
+3. 选择「加载已解压的扩展程序」，加载构建出的 `dist/`
+4. 刷新目标网页并打开扩展 popup 查看结果
 
 **Firefox:**
 
 1. 打开 `about:debugging#/runtime/this-firefox`
-2. 点「临时载入附加组件」,选 `dist-firefox/manifest.json`
-3. 或者运行 `pnpm run build:firefox` 后在 `release/` 目录获取 `.xpi` 文件双击安装
+2. 选择「临时载入附加组件」，加载 `dist-firefox/manifest.json`
+3. 或运行 `pnpm run build:firefox`，在 `release/` 目录获取 `.xpi`
 
-### 开发
+## 开发
 
 ```bash
-pnpm run dev          # 开发模式 + HMR
-pnpm run typecheck    # vue-tsc 类型检查
-pnpm run lint         # ESLint
-pnpm run build        # 生产构建(含规则预编译)
-pnpm run build:firefox # Firefox 构建 + .xpi 打包
-pnpm run docs:dev     # VitePress 文档站本地预览
+pnpm run dev
+pnpm run test:unit
+pnpm run lint
+pnpm run typecheck
+pnpm run build
+pnpm run build:firefox
+pnpm run docs:dev
 ```
 
+`pnpm run typecheck` 会执行 `vue-tsc --noEmit` 并触发生产构建。
+
+## Agent Bridge
+
+Agent Bridge 是默认关闭的本机能力。用户在扩展设置中显式启用后，本机 AI Agent 可以通过 `127.0.0.1` bridge 获取 `stackprism.site_experience_profile.v1`，用于参考目标站点的技术、视觉、布局、组件、交互、UX 和资源摘要。
+
+- 只读采集：不会点击页面、提交表单或登录账号。
+- 本机边界：启用状态保存在当前浏览器 profile 的 `chrome.storage.local`，不随 Chrome sync 同步。
+- 隐私约束：不采集 Cookie、Authorization、localStorage/sessionStorage 明文或完整敏感文本。
+- Profile 下载：下载的是纯 JSON；截图不内嵌 base64，而是提供按需下载链接。要核对实际视觉效果，请打开或下载 `visualProfile.screenshot.downloadUrl`。
+
+常用采集命令：
+
+```bash
+TARGET_URL="https://public-or-desensitized.example"
+node agent-skill/stackprism-site-experience/scripts/capture-site.mjs \
+  --url "$TARGET_URL" \
+  --out /tmp/stackprism-profile.json \
+  --include tech,visual,layout,components,interaction,ux,assets
+```
+
+本机开发目标、`localhost`、`127.0.0.1`、私网地址和真实内网目标需要同时在扩展设置中开启高风险网络目标选项，并在 helper 请求中使用 `--allow-private-network`。不要复用被 `PRIVATE_NETWORK_TARGET_BLOCKED` 拒绝的旧 bridge URL。
+
+更完整的协议、生命周期和安全说明见 [docs/dev/agent-bridge.md](docs/dev/agent-bridge.md) 与 [agent-skill/stackprism-site-experience/SKILL.md](agent-skill/stackprism-site-experience/SKILL.md)。
+
 ## 规则维护
 
-栈棱镜的规则系统是数据驱动的——绝大多数检测改规则 JSON 即可,无需碰代码。
+StackPrism 的规则系统是数据驱动的。绝大多数检测只需要修改规则 JSON，不需要改运行时代码。
 
-- **加载清单**:[public/rules/index.json](public/rules/index.json) 列出所有要加载的规则文件
-- **页面规则**:`public/rules/page/*.json` 处理页面源码、DOM、资源 URL、动态资源
-- **响应头规则**:`public/rules/headers/*.json` 处理服务端响应头与 Cookie
-- **自指抑制**:[public/rules/self-host-suppress.json](public/rules/self-host-suppress.json) 当用户在某主流站点上时跳过同名识别
-- **技术链接**:[public/tech-links.json](public/tech-links.json) 集中维护技术名 → 官网/仓库 URL 的映射,识别结果可点击跳转
-- **构建期 prefilter**:[vite.config.ts](vite.config.ts) 的 `precompileRulesPlugin` 在 `closeBundle` 阶段为每条 leaf rule 注入 `__hints`(最长 literal 段去重排序取前 3)和 `__keywordCombined`(keyword 合并正则),运行时 `rule-matcher.ts` 优先用它们做候选过滤
+- [public/rules/index.json](public/rules/index.json)：规则加载清单
+- `public/rules/page/*.json`：页面源码、DOM、资源 URL、动态资源
+- `public/rules/headers/*.json`：响应头与 Cookie 线索
+- [public/rules/self-host-suppress.json](public/rules/self-host-suppress.json)：自指抑制
+- [public/tech-links.json](public/tech-links.json)：技术名到官网/仓库 URL 映射
 
 新规则的字段:
 
@@ -111,11 +131,11 @@ pnpm run docs:dev     # VitePress 文档站本地预览
 }
 ```
 
-### 规则质量约束
+### 规则质量
 
-- 优先用**高特征信号**:响应头、专属资源 URL、`<meta name="generator">`、`window.<global>`、独家 CSS 选择器、JS 版权注释、官方 SDK 包名
-- 避免短或过宽的 keyword(`spring` / `phoenix` / `column` / `container` 这些会命中竞品讨论、Bootstrap 与 Tailwind 通用类)
-- 优先限定 `matchIn`,**优先** `resources` / `url` / `headers` 而不是裸 `html`,减少正文误报
+- 优先使用响应头、专属资源 URL、`<meta name="generator">`、`window.<global>`、独家 CSS 选择器、JS 版权注释、官方 SDK 包名。
+- 避免短 keyword 和宽泛 regex，例如 `spring`、`phoenix`、`column`、`container`。
+- 优先限定 `matchIn`，尽量用 `resources`、`url`、`headers`，少用裸 `html`。
 
 ## 注意事项
 
@@ -128,19 +148,13 @@ pnpm run docs:dev     # VitePress 文档站本地预览
 
 ## 参与共建
 
-栈棱镜目前内置 50+ 类目下 2000+ 条识别规则,但前端生态变化快,**新框架、新 SaaS、新规则误报**都欢迎参与:
+StackPrism 目前内置 50+ 类目下 2000+ 条识别规则。新框架、新 SaaS、漏识别和误报都欢迎反馈：
 
 - **Bug / 误识 / 漏识反馈**:[Issues](https://github.com/setube/stackprism/issues) — popup 上直接点「识别不准确」按钮会自动填好议题模板
 - **规则贡献**:扩展设置页点「提交规则贡献」,或直接 PR 到 [`public/rules/`](public/rules/)
 - **讨论与提案**:[Discussions](https://github.com/setube/stackprism/discussions)
 
-提交代码前请跑 `pnpm run typecheck && pnpm run lint && pnpm run build` 三个检查全过。
-
-## 星标趋势
-
-如果觉得有帮助,欢迎点 Star 让更多人看到这个项目。
-
-<img src="https://api.star-history.com/svg?repos=setube/stackprism&type=Date" style="width: 60%; height: auto;" alt="Star History">
+提交代码前请至少运行 `pnpm run test:unit && pnpm run lint && pnpm run typecheck`。
 
 ## 开源协议
 
diff --git a/agent-skill/stackprism-site-experience/README.md b/agent-skill/stackprism-site-experience/README.md
new file mode 100644
index 00000000..111f02d8
--- /dev/null
+++ b/agent-skill/stackprism-site-experience/README.md
@@ -0,0 +1,61 @@
+# StackPrism Site Experience Skill
+
+This is a repo-local skill package for StackPrism Agent Bridge.
+
+It is not automatically installed into Codex or any global skill registry. Run the scripts by path from this repository, or copy/symlink this directory into your agent's skill directory if you want global discovery.
+
+Paths in this package are relative to the StackPrism repository root. If an agent starts from another working directory, it should either `cd <repo-root>` before launching the bridge or resolve `agent-skill/...` to an absolute script path. The bridge scripts are repo-local tools, not global commands.
+
+## Scripts
+
+- `scripts/capture-site.mjs`: preferred one-shot capture client. It starts the JavaScript bridge, keeps stdin open, creates the capture, polls for the completed profile, writes the profile JSON, downloads the screenshot image when present, and rewrites the Profile screenshot reference to the local image file before exiting.
+- `scripts/stackprism-bridge.mjs`: JavaScript loopback bridge, preferred.
+- `scripts/stackprism_bridge.py`: Python standard-library fallback.
+
+The direct bridge scripts print a single ready JSON line to stdout after the HTTP server is bound. Logs and startup errors go to stderr.
+
+Use `capture-site.mjs` for ordinary agent work. Use `stackprism-bridge.mjs` or the Python fallback directly only for protocol debugging or custom orchestration.
+
+`capture-site.mjs` prints one JSON summary to stdout on success and one JSON error object to stderr on failure. It bounds each bridge API request with `--request-timeout-ms`, defaulting to 30000 ms, so a stalled local bridge fails explicitly instead of hanging the calling agent. It also accepts `--include tech,visual,layout,components,interaction,ux,assets` and `--max-resource-urls <n>` so retry attempts can reduce profile size without editing scripts.
+
+The bridge page opened in the browser becomes a result workbench after completion: target URL, screenshot preview, enlarged screenshot preview, screenshot download/copy, one-click Markdown summary, and grouped profile content cards. The page reads only the status preview with its one-capture `bridgeToken`; raw `/profile` still requires the API token.
+
+The JavaScript bridge and Python fallback intentionally share the same bridge page CSS and client script text. If `scripts/bridge/bridge-page-assets.mjs` changes, update `scripts/stackprism_bridge_lib/bridge_page_assets.py` in the same patch and keep `tests/stackprism_bridge_py.test.mjs` passing.
+
+Profile JSON is standard JSON and cannot contain comments. Screenshot guidance is stored in `note`, `profileJsonNote`, and `agentGuidance.recreationPlan.visualReference.screenshotDownloadHint`. Screenshot base64 is intentionally omitted; open `visualProfile.screenshot.downloadUrl` to inspect the actual visual appearance.
+
+Lifecycle: direct bridge screenshot links are valid only while the local bridge process is running and before the completed result TTL expires. The capture helper avoids that race by downloading the image during the live bridge window and saving a stable local `file://` URL plus `localPath` in the written Profile.
+
+When selecting a non-default browser or profile, keep the opener executable and its arguments separate: `STACKPRISM_BROWSER_OPEN_COMMAND` is only the executable or platform opener, while `STACKPRISM_BROWSER_OPEN_ARGS_JSON` is a JSON string array of opener/profile arguments. The bridge URL is appended by the script as the final argv item.
+
+Local development targets such as `localhost`, `127.0.0.1`, RFC1918 addresses, and real intranet hosts require both the extension's high-risk all-network-targets setting and the helper/request `--allow-private-network` override. Treat a `PRIVATE_NETWORK_TARGET_BLOCKED` response as a safety gate, not as a reason to reuse the old bridge URL. Localhost support is only for public, demo, or explicitly desensitized development pages; do not capture local or internal pages that contain private data.
+
+For local development captures, open the browser profile where StackPrism is installed. Replace the profile placeholder below; use `Default` only if StackPrism is really enabled there.
+
+```bash
+cd <repo-root>
+STACKPRISM_BROWSER_OPEN_COMMAND="/Applications/Google Chrome.app/Contents/MacOS/Google Chrome" \
+STACKPRISM_BROWSER_OPEN_ARGS_JSON='["--profile-directory=<profile-directory-with-stackprism>"]' \
+node agent-skill/stackprism-site-experience/scripts/capture-site.mjs \
+  --url http://127.0.0.1:5173/ \
+  --allow-private-network \
+  --out /tmp/stackprism-local-profile.json \
+  --result-out /tmp/stackprism-local-result.json \
+  --screenshot-out /tmp/stackprism-local-screenshot.jpg \
+  --include tech,visual,layout,components,interaction,ux,assets
+```
+
+Do not capture private or logged-in pages. Use a public demo URL, a desensitized test URL, a design brief, or an already-redacted screenshot/recording instead. Do not ask users to create new screenshots of private pages. If they say "current browser page" without a URL, ask for a public or desensitized `http:` or `https:` URL.
+
+Large-page transfer failures should retry with less data, not partial results. Keep the same URL, browser/profile env, and private-network flag on every retry. First use `--include tech,visual,layout,components,ux --max-resource-urls 150`; only if the user accepts losing screenshot evidence, use `--include tech,layout,components,ux --max-resource-urls 50 --no-screenshot`.
+
+For Firefox E2E, use an exact safe public URL and an explicit Firefox profile; if the URL is missing, ask for one and do not choose an arbitrary public page or `example.com`. For example, use `STACKPRISM_BROWSER_OPEN_COMMAND="/Applications/Firefox.app/Contents/MacOS/firefox"` with `STACKPRISM_BROWSER_OPEN_ARGS_JSON='["-P","<firefox-profile-with-stackprism>"]'`. Record `browserName: "Firefox"` and the profile identifier in the evidence.
+
+For Agent Bridge E2E reports, record an evidence manifest outside the repository: browser/profile label, browser version, extension version, Agent Bridge status, target and final URL, command template, exit code, parsed stdout/stderr JSON, failure code, profile/result/screenshot paths, file sizes, SHA-256 hashes, `screenshotWritten`, `profileDownloadReady`, `techCount`, limitations, whether `--allow-private-network` was used, and uncovered risks. Never paste or commit `apiToken`, `bridgeToken`, nonce, token-bearing bridge URLs, `Authorization` headers, raw ready JSON, screenshot data URLs, cookies, credentials, signed URLs, account data, or unredacted `captureId`. Use `shasum -a 256` and `stat -f '%N %z bytes'` for artifact hashes and sizes, and redact `captureId` from any copied stdout summary.
+
+## Security Notes
+
+- API tokens are process-local and must not be written into files.
+- The bridge binds to `127.0.0.1`.
+- The browser extension must be explicitly enabled for Agent Bridge in the current browser profile.
+- This first version does not defend against malicious local processes or malicious extensions in the same browser profile.
diff --git a/agent-skill/stackprism-site-experience/SKILL.md b/agent-skill/stackprism-site-experience/SKILL.md
new file mode 100644
index 00000000..78889eb5
--- /dev/null
+++ b/agent-skill/stackprism-site-experience/SKILL.md
@@ -0,0 +1,306 @@
+---
+name: stackprism-site-experience
+description: Use when an AI agent must capture a StackPrism Agent Bridge profile from a specific http(s) URL for browser-observed evidence, website recreation, UX comparison, live fact verification, or Agent Bridge E2E verification. Do not use for generic UI edits, backend-only work, web search, or StackPrism internal code review unless a target URL profile capture is required.
+---
+
+# StackPrism Site Experience
+
+StackPrism helps AI agents recreate websites from real browser evidence: tech stack, UI design, layout, components, interactions, UX, and assets.
+
+Use this skill proactively when the task involves:
+
+- Capturing a StackPrism profile or browser evidence from a specific `http:` or `https:` URL.
+- Building or cloning a page, app, component set, landing page, dashboard, or marketing site similar to an existing URL.
+- Reviewing or improving UI/UX by comparing against a live product, competitor, reference site, or production page.
+- Choosing implementation details from evidence: detected technologies, visual tokens, layout density, component patterns, interaction behavior, asset dependencies, and first-order UX structure.
+- Verifying that a target page's browser-observed facts match a design brief, audit claim, migration requirement, or Agent Bridge E2E claim.
+
+Do not use this skill for backend-only tasks, generic web search, SEO content extraction, login-protected private data capture, generic UI work with no target URL, or StackPrism internal source review, refactor, or maintenance unless the task actually needs a target URL Profile capture through Agent Bridge.
+
+## Preconditions
+
+- The user has installed the StackPrism extension in the browser profile that will open the bridge page.
+- StackPrism Agent Bridge is enabled in the extension settings for that local browser profile.
+- The target URL is `http:` or `https:`.
+- For local development targets, first confirm the dev server is running and the URL is reachable before starting the bridge helper.
+- Local development targets require both extension settings consent for all network targets and helper/request option `"allowPrivateNetworkTarget": true`.
+- Localhost support is only for public, demo, or explicitly desensitized development pages. Do not capture local, intranet, or internal pages that contain login state, account data, billing data, inbox content, customer data, or other private information.
+- Public hostnames routed through common local proxy/TUN fake-IP ranges such as `198.18.0.0/15` are supported by default. Direct private IPs, `localhost`, RFC1918, link-local, and other special-use targets still require `"allowPrivateNetworkTarget": true`.
+- If the user has enabled the extension's high-risk "allow all network targets" setting, still pass `--allow-private-network` for local development, direct private IP, or real intranet targets; the extension setting affects the browser-observed final target gate, while the helper's create-stage URL policy remains explicit per capture.
+
+## Private Page Boundary
+
+Do not run the helper or manual Bridge API against login-protected, account-specific, billing, admin, inbox, dashboard, internal, or private user pages, even when the user says they own the account. Screenshots are not pixel-redacted and profile summaries can still expose private text patterns.
+
+Use this refusal template:
+
+```text
+I cannot automatically capture that private or logged-in page with StackPrism. Please provide a public demo URL, a desensitized test-environment URL, a design brief, or an anonymized page-structure summary. If you already have a redacted screenshot or recording with private content removed, you can provide it; do not create a new screenshot of the private page for this request. I can use StackPrism only after the target is public or explicitly desensitized.
+```
+
+If the user provides a safe public demo or desensitized target, continue with the normal capture flow. Do not request screenshots for private pages, do not ask the user to create screenshots for private pages, and do not add `--allow-private-network` as a workaround for privacy.
+
+If the user says the target is "the current browser page" but does not provide a URL, do not use `active_tab` or infer a target. Ask for a public or explicitly desensitized `http:` or `https:` URL first. Accept a user-provided redacted screenshot or recording only if the user already has one and has removed private content; do not ask the user to create a screenshot of a private page for StackPrism capture.
+
+## Preferred Capture Command
+
+Use the capture helper first. It keeps the bridge child process alive, creates one fresh bridge per capture, polls the profile endpoint, and can decode the optional screenshot:
+
+```bash
+cd <repo-root>
+node agent-skill/stackprism-site-experience/scripts/capture-site.mjs \
+  --url https://target.example \
+  --out /tmp/stackprism-profile.json \
+  --result-out /tmp/stackprism-result.json \
+  --screenshot-out /tmp/stackprism-screenshot.jpg \
+  --include tech,visual,layout,components,interaction,ux,assets
+```
+
+Set `STACKPRISM_BROWSER_OPEN_COMMAND` and `STACKPRISM_BROWSER_OPEN_ARGS_JSON` only when the default opener is not the browser/profile with StackPrism installed. On macOS, for example, use `STACKPRISM_BROWSER_OPEN_COMMAND=open` and `STACKPRISM_BROWSER_OPEN_ARGS_JSON='["-a","Google Chrome"]'` to force Chrome.
+
+For localhost or direct private-network development targets, use a full explicit command and record that the override was controlled. Replace `<profile-directory-with-stackprism>` with the browser profile that actually has StackPrism installed; do not use `Default` unless the user confirms StackPrism is installed and enabled there.
+
+```bash
+cd <repo-root>
+STACKPRISM_BROWSER_OPEN_COMMAND="/Applications/Google Chrome.app/Contents/MacOS/Google Chrome" \
+STACKPRISM_BROWSER_OPEN_ARGS_JSON='["--profile-directory=<profile-directory-with-stackprism>"]' \
+node agent-skill/stackprism-site-experience/scripts/capture-site.mjs \
+  --url http://127.0.0.1:5173/ \
+  --allow-private-network \
+  --out /tmp/stackprism-local-profile.json \
+  --result-out /tmp/stackprism-local-result.json \
+  --screenshot-out /tmp/stackprism-local-screenshot.jpg \
+  --include tech,visual,layout,components,interaction,ux,assets
+```
+
+The helper prints one JSON summary on stdout. On failure it writes one JSON error object to stderr with `error.code`, `error.message`, and sanitized `error.details`. `screenshotPresent` means the profile contains screenshot evidence; `screenshotWritten` means the screenshot image was written to `screenshotPath` and can be opened by image-capable coding tools. If `--screenshot-out` is omitted, the helper writes a sidecar image next to `--out` and rewrites the Profile screenshot reference to that local file URL before saving the JSON.
+
+Reference files are available for deeper consumption details. Read `references/site-experience-profile-schema.md` when implementing or validating Profile schema handling, and read `references/agent-consumption-guide.md` when translating a captured Profile into a target UI or app implementation.
+
+By default the helper opens a fresh target tab and does not force-refresh it. Use `--force-refresh` only when you need a controlled cache-bypass capture; this avoids treating browser-superseded initial navigations as target load failures on large public sites.
+
+Each bridge API request has a bounded timeout. The default is 30000 ms; use `--request-timeout-ms <ms>` only when a slower local browser opener or debug bridge needs more time. If it exits with `BRIDGE_REQUEST_TIMEOUT`, stop that attempt and start one fresh helper process rather than reusing a partial capture.
+
+The opened bridge page is also a local result workbench. After completion it shows the target URL, screenshot preview, click-to-enlarge preview, screenshot download/copy buttons, a Profile download button for the current capture, a one-click Markdown summary, and grouped profile content cards. That page uses the bridge-token status preview for rendering and a current-capture download endpoint for saving the completed Profile; direct raw `/profile` API reads still require the API token. For programmatic use, prefer the helper output or the API-token profile endpoint.
+
+Profile JSON is standard JSON and cannot contain comments. Screenshot handling instructions are carried in `visualProfile.screenshot.note`, `visualProfile.screenshot.profileJsonNote`, and `agentGuidance.recreationPlan.visualReference.screenshotDownloadHint`.
+
+If the helper exits with `PRIVATE_NETWORK_TARGET_BLOCKED` for a local development, direct private IP, or real intranet target, first confirm the StackPrism settings page has the high-risk "allow all network targets" option enabled for this browser profile, then run a second fresh helper process with `--allow-private-network` and record that this was a controlled override. Do not reuse the first bridge URL, capture id, session, or token. Do not add `--allow-private-network` just because a public hostname is routed through `198.18.0.0/15`; that proxy/TUN case is allowed by default.
+
+If the helper exits with `CAPTURE_BUSY`, wait a few seconds, stop any bridge child process from that attempt, and run one fresh helper process. Do not keep polling an old capture after a terminal or stale status.
+
+For large-page transfer failures, use a bounded retry ladder instead of inventing partial results. On `BRIDGE_TRANSPORT_DISCONNECTED`, `PROFILE_TRANSPORT_FAILED`, `PROFILE_CHUNK_MISSING`, `CAPTURE_TIMEOUT`, or `BRIDGE_REQUEST_TIMEOUT`, stop the old bridge child process and start a fresh helper.
+
+Retry attempts must preserve the original capture context exactly: the same `TARGET_URL`, same `STACKPRISM_BROWSER_OPEN_COMMAND`, same `STACKPRISM_BROWSER_OPEN_ARGS_JSON`, same browser/profile, and same target policy flags such as `--allow-private-network`. If the first command used command-prefix env assignments, repeat those same assignments on every reduced retry. If it used `--allow-private-network`, add that flag directly after `--url "$TARGET_URL"` on every reduced retry. The only intended retry changes are `--include`, `--max-resource-urls`, and the final `--no-screenshot` boundary.
+
+First keep visual evidence but reduce high-volume sections:
+
+```bash
+cd <repo-root>
+# Public target form. For an original local/private attempt, add
+# --allow-private-network immediately after --url "$TARGET_URL".
+# Repeat any original STACKPRISM_BROWSER_OPEN_COMMAND/ARGS_JSON env prefix here.
+node agent-skill/stackprism-site-experience/scripts/capture-site.mjs \
+  --url "$TARGET_URL" \
+  --out /tmp/stackprism-profile-retry-1.json \
+  --result-out /tmp/stackprism-result-retry-1.json \
+  --screenshot-out /tmp/stackprism-screenshot-retry-1.jpg \
+  --include tech,visual,layout,components,ux \
+  --max-resource-urls 150
+```
+
+If that still fails and the user explicitly accepts losing screenshot evidence, run one final reduced non-visual attempt, then stop and report the remaining failure. Do not run the final `--no-screenshot` retry until the user confirms that losing screenshot and visual evidence is acceptable, unless that approval is already stated in the current request.
+
+Before the final non-visual attempt, state this boundary explicitly: "I can retry without screenshot evidence, but the result can only support structural, technology, component, and limited UX findings; it cannot support visual parity or exact visual claims."
+
+```bash
+cd <repo-root>
+# Preserve the same browser/profile env. If the original command used
+# --allow-private-network, add it immediately after --url "$TARGET_URL".
+node agent-skill/stackprism-site-experience/scripts/capture-site.mjs \
+  --url "$TARGET_URL" \
+  --out /tmp/stackprism-profile-retry-2.json \
+  --result-out /tmp/stackprism-result-retry-2.json \
+  --include tech,layout,components,ux \
+  --max-resource-urls 50 \
+  --no-screenshot
+```
+
+Without `visualProfile` or screenshot evidence, only claim structural, technology, and limited UX findings from the returned sections. Do not claim visual parity, pixel-level accuracy, exact colors, exact spacing, or that missing visual elements do not exist.
+
+The current experience profile is passive. It can surface observed hover, focus, transition, animation, loading, scroll, and UX cues, but it does not click, type, submit forms, or exercise workflows. For interaction comparison, pair the profile with destination-app smoke tests and state which interactions were not actively exercised.
+
+When wrapping retries in shell scripts, avoid reserved or readonly shell variable names such as `status` in zsh. Use names like `capture_status` instead so a successful helper run is not masked by wrapper errors.
+
+## Advanced Bridge API
+
+All script paths in this skill are repository-relative. Run commands from the StackPrism checkout root, or resolve `agent-skill/...` to an absolute script path before spawning the bridge from another working directory. These scripts are repo-local tools, not global executables. Use the manual bridge API only when you need protocol-level debugging or custom orchestration beyond the capture helper.
+
+For advanced use, prefer the JavaScript bridge:
+
+```bash
+cd <repo-root>
+node agent-skill/stackprism-site-experience/scripts/stackprism-bridge.mjs
+```
+
+Use the Python fallback only when Node is unavailable:
+
+```bash
+cd <repo-root>
+python3 agent-skill/stackprism-site-experience/scripts/stackprism_bridge.py
+```
+
+The Python fallback is a compatibility path built on the standard library HTTP server. Prefer the JavaScript bridge for long-running or repeated captures; if the Python fallback stalls under local connection pressure, stop the child process, start a fresh bridge, and retry the capture instead of reusing partial state.
+
+Read exactly one JSON line from stdout within 10 seconds. Treat timeout as `BRIDGE_START_TIMEOUT`, any non-JSON stdout before readiness as `BRIDGE_READY_PARSE_FAILED`, and a missing or mismatched `protocolVersion` as `BRIDGE_PROTOCOL_UNSUPPORTED`.
+
+The ready line contains `baseUrl`, `healthUrl`, and `apiToken`. Send ordinary logs to stderr only. Never paste or store the token in source files.
+
+Always stop the bridge child process in a `finally` block after the capture finishes or fails. On startup failure, protocol mismatch, or parse failure, terminate the child process and wait for it to exit before reporting the error. If a fixed `STACKPRISM_BRIDGE_PORT` is already occupied, the script exits non-zero with `PORT_IN_USE` on stderr and no ready JSON.
+
+If StackPrism is installed in a non-default browser or browser profile, set `STACKPRISM_BROWSER_OPEN_COMMAND` to the platform opener or browser executable, and put only opener/profile arguments in `STACKPRISM_BROWSER_OPEN_ARGS_JSON` as a JSON string array. The bridge script appends the bridge URL as the final argv item. Do not include the bridge URL in the environment variable.
+
+Keep the executable and arguments separate. For example, use `STACKPRISM_BROWSER_OPEN_COMMAND=open` with `STACKPRISM_BROWSER_OPEN_ARGS_JSON='["-a","Google Chrome"]'`, not `STACKPRISM_BROWSER_OPEN_COMMAND='open -a Google Chrome'`.
+
+Platform notes:
+
+- macOS default opener: `open`. To force Chrome, use `STACKPRISM_BROWSER_OPEN_COMMAND=open` and `STACKPRISM_BROWSER_OPEN_ARGS_JSON='["-a","Google Chrome"]'`. To select a Chrome profile, use the Chrome executable as the command and pass profile args, for example `["--profile-directory=Default"]`.
+- Firefox profiles: set `STACKPRISM_BROWSER_OPEN_COMMAND` to the Firefox executable and put profile arguments in `STACKPRISM_BROWSER_OPEN_ARGS_JSON`, for example `["-P","default-release"]` or `["--profile","/absolute/path/to/profile"]`. Do not pass the bridge URL in those args.
+- Windows default opener: command `rundll32.exe` with the built-in argument `url.dll,FileProtocolHandler`. To force Chrome or Edge, set `STACKPRISM_BROWSER_OPEN_COMMAND` to the full browser `.exe` path and put profile args such as `["--profile-directory=Default"]` in `STACKPRISM_BROWSER_OPEN_ARGS_JSON`.
+- Linux default opener: `xdg-open`. To force Chrome or Chromium, set `STACKPRISM_BROWSER_OPEN_COMMAND` to `google-chrome`, `chromium`, or the absolute executable path, and put profile args such as `["--profile-directory=Default"]` in `STACKPRISM_BROWSER_OPEN_ARGS_JSON`.
+
+Cross-platform explicit profile examples:
+
+Set environment variables with the syntax of the current shell; the examples below describe the values, not portable copy-paste shell assignments.
+
+- Windows Chrome: set `STACKPRISM_BROWSER_OPEN_COMMAND` to `C:\Program Files\Google\Chrome\Application\chrome.exe` with `STACKPRISM_BROWSER_OPEN_ARGS_JSON=["--profile-directory=<profile-directory-with-stackprism>"]`.
+- Windows Edge: use the full `msedge.exe` path and the same `--profile-directory=<profile-directory-with-stackprism>` args JSON.
+- Linux Chrome/Chromium: `STACKPRISM_BROWSER_OPEN_COMMAND=google-chrome` or `chromium` with `STACKPRISM_BROWSER_OPEN_ARGS_JSON=["--profile-directory=<profile-directory-with-stackprism>"]`.
+- Linux Firefox: `STACKPRISM_BROWSER_OPEN_COMMAND=firefox` with `STACKPRISM_BROWSER_OPEN_ARGS_JSON=["-P","<firefox-profile-with-stackprism>"]`.
+
+## Firefox E2E Validation
+
+For Firefox Agent Bridge E2E verification, require an exact safe public `http:` or `https:` smoke URL. If no exact safe public smoke URL is provided, ask for one; do not choose an arbitrary public page and do not use `https://example.com` as a default target.
+
+Use an explicit Firefox executable and profile so the bridge opens in the profile where StackPrism is installed:
+
+```bash
+cd <repo-root>
+STACKPRISM_BROWSER_OPEN_COMMAND="/Applications/Firefox.app/Contents/MacOS/firefox" \
+STACKPRISM_BROWSER_OPEN_ARGS_JSON='["-P","<firefox-profile-with-stackprism>"]' \
+node agent-skill/stackprism-site-experience/scripts/capture-site.mjs \
+  --url "$TARGET_URL" \
+  --out /tmp/stackprism-firefox-profile.json \
+  --result-out /tmp/stackprism-firefox-result.json \
+  --screenshot-out /tmp/stackprism-firefox-screenshot.jpg \
+  --include tech,visual,layout,components,interaction,ux,assets
+```
+
+If the profile is identified by path instead of name, use `STACKPRISM_BROWSER_OPEN_ARGS_JSON='["--profile","/absolute/path/to/firefox-profile"]'`. In the E2E manifest, set `browserName` to `Firefox` and set `profileIdentifier` to the exact `-P` profile name or `--profile` path label used for the run.
+
+## Capture A Target
+
+Call `POST /v1/captures` with `Authorization: Bearer {apiToken}`:
+
+```json
+{
+  "url": "https://target.example",
+  "mode": "experience",
+  "waitMs": 3000,
+  "include": ["tech", "visual", "layout", "components", "interaction", "ux", "assets"],
+  "viewports": [{ "name": "desktop", "width": 1440, "height": 900, "deviceScaleFactor": 1 }],
+  "options": {
+    "forceRefresh": false,
+    "captureScreenshotMetadata": false,
+    "captureScreenshot": true,
+    "keepTabOpen": false,
+    "allowPrivateNetworkTarget": false,
+    "targetMode": "reuse_or_new_tab",
+    "maxResourceUrls": 300
+  }
+}
+```
+
+Use the real target URL for the task. Do not treat `https://example.com` as the default smoke target. Public hostnames routed through `198.18.*` by local proxy/TUN software are accepted by default, but direct private IPs, `localhost`, RFC1918, link-local, and real intranet targets remain fail-closed unless private-network targets are explicitly allowed for a controlled test.
+
+Then poll `GET /v1/captures/{id}` and read `GET /v1/captures/{id}/profile` when status is `completed`.
+
+If the consuming model can read images, set `"captureScreenshot": true` with `include` containing `"visual"`. Chrome may capture the visible target viewport and the saved Profile will expose it as `visualProfile.screenshot.downloadUrl`, not as embedded base64. To inspect actual visual appearance, download or open that image. When using `capture-site.mjs`, the helper downloads the image while the bridge is still alive and rewrites `downloadUrl` to a local `file://` URL plus `localPath`; this remains available after the bridge exits as long as the file is not moved or deleted. When reading directly from the live bridge API or manually downloading from the bridge page, the screenshot URL is a temporary `127.0.0.1` endpoint and must be used before the local bridge exits or the capture result expires. The screenshot is not text-redacted pixel by pixel, so do not request it for login-protected or private user pages.
+
+Large pages can produce multi-chunk profile transfers. If the browser extension reports `BRIDGE_TRANSPORT_DISCONNECTED`, `PROFILE_TRANSPORT_FAILED`, `PROFILE_CHUNK_MISSING`, or `CAPTURE_TIMEOUT`, treat the capture as failed and follow the bounded retry ladder above. Do not synthesize a profile from partial chunks.
+
+Handle user-actionable failures explicitly:
+
+- `AGENT_BRIDGE_DISABLED`: ask the user to enable Agent Bridge in the StackPrism settings for this local browser profile. Do not retry or fall back to a mock profile.
+- `EXTENSION_NOT_CONNECTED`: the opened browser/profile probably does not have StackPrism installed or enabled. Set `STACKPRISM_BROWSER_OPEN_COMMAND` and `STACKPRISM_BROWSER_OPEN_ARGS_JSON` for the correct Chrome, Edge, or Firefox profile.
+- `BROWSER_OPEN_FAILED`: surface the sanitized stderr/details and keep the capture failed. Do not ask the user to paste a token-bearing bridge URL.
+
+## E2E Evidence Manifest
+
+For Agent Bridge E2E validation, write evidence outside the repository or to an explicitly ignored artifact directory. Record this manifest shape in the report:
+
+- `browserName`, `browserVersion`, `profileIdentifier`, `extensionVersion`, and `agentBridgeEnabled`.
+- `targetUrl`, `finalUrl`, `privateNetworkOverrideUsed`, command template, exit code, and parsed stdout/stderr JSON status.
+- `errorCode`, `errorMessage`, and sanitized `error.details` when failed.
+- `profilePath`, `resultPath`, `screenshotPath`, file sizes, SHA-256 hashes, `screenshotWritten`, `profileDownloadReady`, `techCount`, `limitations`, and uncovered risks.
+
+Safe to report: sanitized error code/message/details, target/final URL after redaction, artifact paths outside the repo, hashes, file sizes, exit code, extension version, browser/profile label, and whether `--allow-private-network` was used.
+
+Never paste or commit: `apiToken`, `bridgeToken`, nonce, token-bearing bridge URLs, `Authorization` headers, raw ready JSON, raw profile JSON containing private content, screenshot data URLs, cookies, credentials, signed URLs, or account data. `captureId` may appear in local result artifacts, but redact it from public issue text and PR summaries unless it is needed for a local-only debug handoff.
+
+Collect file metadata with ordinary shell tools after the helper exits:
+
+```bash
+shasum -a 256 /tmp/stackprism-profile.json /tmp/stackprism-result.json /tmp/stackprism-screenshot.jpg
+stat -f '%N %z bytes' /tmp/stackprism-profile.json /tmp/stackprism-result.json /tmp/stackprism-screenshot.jpg
+```
+
+Use this public report template instead of pasting raw stdout:
+
+```json
+{
+  "browserName": "<Chrome|Edge|Firefox>",
+  "browserVersion": "recorded separately",
+  "profileIdentifier": "<profile-label-used-for-this-run>",
+  "extensionVersion": "1.3.74",
+  "agentBridgeEnabled": true,
+  "targetUrl": "https://target.example/",
+  "finalUrl": "https://target.example/",
+  "privateNetworkOverrideUsed": false,
+  "exitCode": 0,
+  "stdout": {
+    "ok": true,
+    "captureId": "[redacted]",
+    "screenshotWritten": true,
+    "profileDownloadReady": true,
+    "techCount": 0
+  },
+  "artifacts": {
+    "profilePath": "/tmp/stackprism-profile.json",
+    "resultPath": "/tmp/stackprism-result.json",
+    "screenshotPath": "/tmp/stackprism-screenshot.jpg",
+    "sha256": ["recorded separately"],
+    "fileSizes": ["recorded separately"]
+  },
+  "limitations": []
+}
+```
+
+If browser/profile identity matters for the E2E claim, record one non-sensitive proof such as the browser name/version from the browser UI or CLI, the profile label used in `STACKPRISM_BROWSER_OPEN_ARGS_JSON`, the StackPrism extension version shown on the extension details page, and the Agent Bridge enabled state shown in StackPrism settings. Do not include extension internal UUIDs, bridge URLs, or tokens.
+
+## Use The Profile
+
+- Read `limitations` first. Do not infer that a missing section means the site lacks that feature.
+- When the user asks for a recreation brief, read `references/agent-consumption-guide.md` and structure the brief from `agentGuidance.recreationPlan` plus screenshot-backed visual evidence when available.
+- Record the captured viewport names and dimensions in briefs and E2E notes. Do not infer mobile or responsive breakpoint behavior unless that viewport was captured or verified separately.
+- Start from `agentGuidance.recreationPlan`. Follow its `implementationOrder`, then map `designTokens`, `layoutBlueprint`, `componentInventory`, `interactionChecklist`, `uxChecklist`, `assetHints`, `visualReference`, and `verificationChecklist` into the target project.
+- Use `visualProfile.screenshot.downloadUrl` as an optional visual reference only when it is present and your model supports image input. The Profile JSON intentionally omits screenshot base64; download or open the image to see the actual visual effect, and do not use screenshots from login-protected or private pages because pixels are not redacted.
+- Treat `techProfile` as implementation guidance, not a mandate to copy the source site's private stack.
+- Prioritize layout density, visual hierarchy, interaction feedback, and information architecture.
+- Respect `limitations`; missing fields may mean a section was not requested or was truncated.
+- Verify the result with `agentGuidance.recreationPlan.verificationChecklist` plus destination-app screenshots, DOM geometry, and interaction smoke tests.
+- Do not reproduce sensitive text, account data, tokens, signed URLs, or private user content.
+
+## Trust Boundary
+
+The first version trusts the local bridge process started by the user or agent. Loopback, nonce, and `bridgeToken` bind one capture to one local browser page, but they do not prove the process was not spoofed by another local process. The DOM-readable `bridgeToken` is also not secret from other installed extensions in the same browser profile.
diff --git a/agent-skill/stackprism-site-experience/agents/openai.yaml b/agent-skill/stackprism-site-experience/agents/openai.yaml
new file mode 100644
index 00000000..57f9b7dc
--- /dev/null
+++ b/agent-skill/stackprism-site-experience/agents/openai.yaml
@@ -0,0 +1,7 @@
+interface:
+  display_name: 'StackPrism Site Experience'
+  short_description: 'Capture StackPrism Agent Bridge URL profiles'
+  brand_color: '#0F766E'
+  default_prompt: 'Use $stackprism-site-experience to capture StackPrism Agent Bridge profile for http(s) URL website recreation, UX comparison, live browser evidence, or Agent Bridge E2E validation; confirm extension/Bridge are enabled and target is not private login/account.'
+policy:
+  allow_implicit_invocation: true
diff --git a/agent-skill/stackprism-site-experience/references/agent-consumption-guide.md b/agent-skill/stackprism-site-experience/references/agent-consumption-guide.md
new file mode 100644
index 00000000..91c9434b
--- /dev/null
+++ b/agent-skill/stackprism-site-experience/references/agent-consumption-guide.md
@@ -0,0 +1,43 @@
+# Agent Consumption Guide
+
+Use the profile as evidence for recreating a similar website, not as a copyable page dump. For recreation briefs, structure the brief from `agentGuidance.recreationPlan` plus screenshot-backed visual evidence when available.
+
+1. Read `limitations` first. Do not infer that a missing section means the site lacks that feature.
+2. Start from `agentGuidance.recreationPlan`; it turns observed evidence into implementation order, design tokens, layout blueprint, component inventory, interaction checklist, UX checklist, asset hints, visual reference, and verification checks.
+3. Open or download `visualProfile.screenshot.downloadUrl` only when present and needed for visual comparison. The Profile JSON intentionally omits screenshot base64; do not assume the JSON text alone shows the final visual appearance.
+4. Cross-check `visualProfile`, `layoutProfile`, and `componentProfile` before choosing layout, density, and component patterns.
+5. Use `techProfile` to select equivalent implementation tools only when the destination project has no stronger local convention.
+6. Use `interactionProfile` conservatively. The first version is passive and does not click or submit controls.
+7. Use `assetProfile` for dependency and CDN clues, but do not copy signed or sensitive URLs.
+8. Implement against the destination project's conventions, then verify with `agentGuidance.recreationPlan.verificationChecklist`, screenshots, DOM geometry, and interaction smoke tests.
+
+Recreation brief structure:
+
+- Evidence and limitations: target URL, final URL, captured viewport names and dimensions, screenshot availability, unavailable sections, and explicit non-claims.
+- Technical direction: observed stack, destination-project conventions that override the source, and dependencies worth matching or replacing.
+- Visual direction: screenshot-backed colors, typography, spacing, density, hierarchy, and any visual unknowns.
+- Layout and components: first-viewport structure, landmarks, repeated regions, component inventory, states, and responsive assumptions that still need verification.
+- Interaction and UX: observed hover, focus, transitions, scroll, loading, navigation cues, friction points, and workflows not actively exercised.
+- Assets and verification: key resource domains, asset handling notes, acceptance checks, smoke tests, and follow-up captures needed before claiming parity.
+
+Hard evidence gates:
+
+- If `visualProfile` or screenshot evidence is missing, do not claim visual parity. Limit the conclusion to the available sections, or recapture with `include` containing `visual` and screenshot capture enabled.
+- A tech-only profile supports technology, dependency, and runtime observations only. It is not sufficient for UI implementation, visual comparison, or visual verification.
+- A reduced non-visual retry supports structural, technology, and limited UX findings only. Do not claim pixel-level accuracy, exact colors, exact spacing, visual parity, or that missing visual elements do not exist.
+- A reduced retry is valid only if it preserved the original capture context: same target URL, browser/profile opener env, and target policy flags such as `--allow-private-network`.
+- Destination project conventions override the source page's stack for component library, routing, state, CSS architecture, test framework, accessibility baseline, and build tooling.
+- Interaction smoke tests should cover viewport, key path, hover and focus states, empty and error states, overlays or navigation, scroll and sticky behavior, responsive breakpoint, screenshot or DOM geometry evidence, and explicit limitations.
+- StackPrism experience capture is passive. It can report observed interaction cues, but it does not click, type, submit forms, or exercise workflows.
+
+The bridge page status preview, `copyText`, and grouped `contentSummary` are convenience views derived from the completed profile. Raw `/profile` access still requires the API token.
+
+Safe report fields are sanitized error code/message/details, redacted target and final URL, artifact paths outside the repository, hashes, file sizes, exit code, extension version, browser/profile label, `screenshotWritten`, `profileDownloadReady`, `techCount`, limitations, and whether `--allow-private-network` was used. Never copy `apiToken`, `bridgeToken`, nonce, token-bearing bridge URLs, `Authorization` headers, raw ready JSON, raw profile JSON containing private content, screenshot data URLs, cookies, credentials, signed URLs, account data, or unredacted `captureId` into downstream code, issue text, PR summaries, or prompts.
+
+Never reproduce private text, account identifiers, credentials, tokens, or user-specific data from a target page. Screenshots are not pixel-redacted, so do not request or consume them for login-protected, account-specific, billing, admin, inbox, dashboard, internal, or private user pages, even when the user owns the account. Use this response and ask for safer inputs instead:
+
+```text
+I cannot automatically capture that private or logged-in page with StackPrism. Please provide a public demo URL, a desensitized test-environment URL, a design brief, or an anonymized page-structure summary. If you already have a redacted screenshot or recording with private content removed, you can provide it; do not create a new screenshot of the private page for this request. I can use StackPrism only after the target is public or explicitly desensitized.
+```
+
+Localhost or intranet targets are acceptable only when they are public, demo, or explicitly desensitized development pages. If the user refers to the "current browser page" without a URL, ask for a public or desensitized `http:` or `https:` URL first instead of using active-tab capture. Accept redacted screenshots or recordings only when the user already has them and has removed private content; do not ask the user to create new screenshots of private pages.
diff --git a/agent-skill/stackprism-site-experience/references/site-experience-profile-schema.md b/agent-skill/stackprism-site-experience/references/site-experience-profile-schema.md
new file mode 100644
index 00000000..253dcf62
--- /dev/null
+++ b/agent-skill/stackprism-site-experience/references/site-experience-profile-schema.md
@@ -0,0 +1,22 @@
+# Site Experience Profile Schema
+
+Schema id: `stackprism.site_experience_profile.v1`
+
+Top-level fields:
+
+- `target`: normalized target URL, final URL, title, `language`, viewport summaries, and page support status. `language` is taken from page language attributes when available; it is not inferred from user identity or account data.
+- `browserContext`: extension version, capture time, requested viewports, bridge protocol version, and extension capabilities.
+- `techProfile`: detected technologies, confidence summary, and implementation notes.
+- `visualProfile`: colors, typography, spacing, shape, elevation, density, theme mode, and optional screenshot reference. Screenshot image base64 is intentionally omitted from downloaded Profile JSON. When present, `visualProfile.screenshot.downloadUrl` points to the image to open for actual visual inspection; direct bridge URLs expire with the local bridge/result TTL, while helper-written profiles use a local `file://` URL and `localPath`.
+- `layoutProfile`: landmarks, hero, grids, responsive behavior, sticky elements, and above-fold summary.
+- `componentProfile`: buttons, links, forms, cards, navigation, overlays, and data display patterns.
+- `interactionProfile`: passive hover/focus/transition/animation evidence and loading or scroll behavior.
+- `uxProfile`: bounded first-order UX signals: `pagePurpose`, `primaryUserPath`, `informationHierarchy`, `ctaStrategy`, `trustSignals`, `navigationDepth`, `contentGrouping`, `frictionPoints`, and limited `textSamples`.
+- `assetProfile`: scripts, stylesheets, resource domains, image/font hints, manifest, favicon, and redaction policy.
+- `evidence`: confidence buckets, raw counts, source coverage, and truncation metadata.
+- `limitations`: explicit capture boundaries and omitted sections.
+- `agentGuidance`: implementation priorities, cautions, and `recreationPlan` for downstream agents. `recreationPlan` contains `implementationOrder` for task order, `designTokens` for visual system choices, `layoutBlueprint` for structure, `componentInventory` for reusable UI pieces, `interactionChecklist` for passive behavior cues, `uxChecklist` for user-flow priorities, `assetHints` for dependency and media clues, `visualReference` for optional screenshot handling, and `verificationChecklist` for destination-app acceptance checks.
+
+Profiles must not contain cookie values, authorization values, localStorage/sessionStorage plaintext, signed URL secrets, full sensitive query strings, or copied private page text. UX labels and text samples must be short, best-effort summaries with token-like values, email, phone numbers, long numeric identifiers, hashes, and sensitive query values redacted before they reach the bridge.
+
+Profile JSON is standard JSON and cannot include comments. Durable handling guidance is stored as fields such as `visualProfile.screenshot.note`, `visualProfile.screenshot.profileJsonNote`, and `agentGuidance.recreationPlan.visualReference.screenshotDownloadHint`.
diff --git a/agent-skill/stackprism-site-experience/scripts/bridge/bridge-page-assets.mjs b/agent-skill/stackprism-site-experience/scripts/bridge/bridge-page-assets.mjs
new file mode 100644
index 00000000..22a743d8
--- /dev/null
+++ b/agent-skill/stackprism-site-experience/scripts/bridge/bridge-page-assets.mjs
@@ -0,0 +1,82 @@
+export const bridgePageStyle = `
+:root{color-scheme:light dark;--sp-bg:#eef7f5;--sp-panel:#ffffff;--sp-panel-alt:#fbfefd;--sp-line:#c3ddd7;--sp-soft-line:#dce9e6;--sp-neutral-line:#e5e9ee;--sp-ink:#111827;--sp-muted:#637381;--sp-accent:#0f766e;--sp-accent-2:#14b8a6;--sp-accent-soft:#e8f8f3;--sp-warn:#a45a00;--sp-danger:#b42318;--sp-danger-soft:#fff5f5;--sp-warn-soft:#fff8ed;--sp-shadow:0 26px 70px rgba(15,118,110,.13)}
+*{box-sizing:border-box}body{margin:0;min-height:100vh;background:linear-gradient(180deg,#fbfdfd 0%,var(--sp-bg) 100%);color:var(--sp-ink);font:15px/1.5 Inter,ui-sans-serif,system-ui,-apple-system,BlinkMacSystemFont,"Segoe UI",sans-serif}.bridge-shell{min-height:100vh;padding:24px 24px 42px}.bridge-card{width:min(1240px,100%);margin:0 auto 24px;overflow:hidden;border:1px solid var(--sp-line);border-radius:16px;background:var(--sp-panel);box-shadow:var(--sp-shadow)}
+.bridge-header{display:flex;align-items:center;justify-content:space-between;gap:24px;padding:24px 30px;border-bottom:1px solid var(--sp-line);background:linear-gradient(90deg,#f3fbf8 0%,#fff 74%)}.bridge-brand{display:flex;min-width:0;align-items:center;gap:16px}.bridge-mark{width:44px;height:44px;border-radius:10px;display:grid;place-items:center;background:var(--sp-accent);color:#fff;font-size:17px;font-weight:800;letter-spacing:0;box-shadow:0 14px 30px rgba(15,118,110,.24)}.bridge-kicker{margin:0 0 3px;color:var(--sp-accent);font-size:12px;font-weight:800;letter-spacing:0;text-transform:uppercase}.bridge-title{margin:0;font-size:24px;line-height:1.15;letter-spacing:0}.bridge-copy{margin:6px 0 0;color:var(--sp-muted);font-size:15px}.bridge-badge{flex:0 0 auto;padding:8px 14px;border:1px solid var(--sp-line);border-radius:999px;background:var(--sp-accent-soft);color:var(--sp-accent);font-weight:800;white-space:nowrap}
+.bridge-body{padding:20px 26px 26px}.status-panel{display:grid;grid-template-columns:minmax(0,1fr);gap:10px;margin-bottom:14px}.bridge-card[data-status="completed"] .status-panel{display:none}.state-label{font-size:20px;font-weight:850;letter-spacing:0}.status-text{margin:3px 0 0;color:var(--sp-muted)}.progress-row{display:grid;grid-template-columns:minmax(0,1fr);align-items:center}.progress{height:8px;overflow:hidden;border-radius:999px;background:#ecf3f2}.progress span{position:relative;display:block;width:8%;height:100%;overflow:hidden;border-radius:inherit;background:linear-gradient(90deg,var(--sp-accent),var(--sp-accent-2));transition:width .25s ease}.bridge-card[data-status="failed"] .progress span,.bridge-card[data-status="expired"] .progress span{background:linear-gradient(90deg,#b42318,#ef4444)}.bridge-card[data-status="cancelled"] .progress span,.bridge-card[data-status="disconnected"] .progress span{background:linear-gradient(90deg,#a45a00,#f59e0b)}.bridge-card[data-status="running"] .progress span::after,.bridge-card[data-status="cancel_requested"] .progress span::after{content:"";position:absolute;inset:0;background:linear-gradient(90deg,transparent,rgba(255,255,255,.42),transparent);animation:sp-progress-sweep 1.2s linear infinite}@keyframes sp-progress-sweep{from{transform:translateX(-100%)}to{transform:translateX(100%)}}
+.target-panel{display:grid;grid-template-columns:minmax(0,1fr) auto;gap:10px 18px;align-items:center;margin-bottom:14px;padding:16px 18px;border:1px solid #a9d8cd;border-radius:12px;background:linear-gradient(90deg,#f3fbf8 0%,#fff 70%);box-shadow:0 12px 28px rgba(15,118,110,.08)}.target-copy{min-width:0}.preview-label{margin:0 0 5px;color:var(--sp-muted);font-size:12px;font-weight:800;letter-spacing:0;text-transform:uppercase}.target-url{margin:0;display:-webkit-box;overflow:hidden;overflow-wrap:anywhere;word-break:break-word;-webkit-line-clamp:2;-webkit-box-orient:vertical;color:var(--sp-ink);font-size:17px;font-weight:850;line-height:1.25;text-decoration:none}.target-url[href]{cursor:pointer}.target-url[href]:hover{text-decoration:underline;text-decoration-thickness:2px;text-underline-offset:4px}.target-url[aria-disabled="true"]{cursor:default}.target-helper{margin:5px 0 0;overflow-wrap:anywhere;color:var(--sp-muted);font-size:13px}.target-actions{display:flex;min-width:0;flex-wrap:wrap;gap:10px;justify-content:flex-end}.target-open-link{min-width:132px;display:inline-flex;align-items:center;justify-content:center;text-decoration:none}.profile-download-button{min-width:132px}.copy-status{grid-column:1/-1;min-height:0;margin:0;padding:0;overflow-wrap:anywhere;color:var(--sp-muted);font-size:14px;opacity:0;transform:translateY(-2px);transition:opacity .16s ease,transform .16s ease}.copy-status[data-visible="true"]{min-height:32px;padding:6px 10px;border:1px solid var(--sp-line);border-radius:8px;background:var(--sp-accent-soft);color:var(--sp-accent);opacity:1;transform:translateY(0)}.copy-status[data-state="error"]{border-color:#f0b7b2;background:var(--sp-danger-soft);color:var(--sp-danger)}
+.result-grid{display:grid;grid-template-columns:minmax(0,1.22fr) minmax(320px,.82fr);gap:16px;align-items:start}.capture-panel,.screenshot-panel{padding:16px;border:1px solid var(--sp-soft-line);border-radius:12px;background:var(--sp-panel-alt)}.capture-panel{min-width:0}.section-title{display:flex;align-items:center;gap:10px;margin-bottom:12px}.section-title h2{margin:0;font-size:17px;line-height:1.2}.section-dot{flex:0 0 auto;width:8px;height:22px;border:0;border-radius:999px;background:var(--sp-accent);box-shadow:none}.panel-copy{margin:-4px 0 12px;color:var(--sp-muted);font-size:13px}.summary-grid{display:grid;grid-template-columns:repeat(4,minmax(0,1fr));gap:8px;margin-bottom:10px}.summary-tile{min-height:58px;padding:10px;border:1px solid var(--sp-neutral-line);border-radius:10px;background:#fff}.summary-tile p{margin:0 0 4px;color:var(--sp-muted);font-size:12px;font-weight:800}.summary-tile strong{display:block;overflow-wrap:anywhere;font-size:14px;line-height:1.25}.summary-note{padding:10px 12px;border:1px solid var(--sp-neutral-line);border-radius:10px;background:#fff}.summary-note p{margin:0 0 5px;color:var(--sp-accent);font-size:12px;font-weight:850;letter-spacing:0}.summary-note ul{display:grid;grid-template-columns:repeat(3,minmax(0,1fr));gap:6px;margin:0;padding-left:18px;color:var(--sp-muted);font-size:13px}.summary-note li{line-height:1.35}.summary-handoff{display:flex;align-items:center;gap:12px;margin-top:12px;padding-top:10px;color:var(--sp-muted);font-size:12px}.summary-handoff p{margin:0;color:var(--sp-accent);font-weight:850}.summary-handoff div{display:flex;flex-wrap:wrap;gap:6px}.summary-handoff span{padding:4px 8px;border:1px solid var(--sp-neutral-line);border-radius:999px;background:#fff;font-weight:750}.state-chip{margin-left:auto;padding:4px 9px;border:1px solid #d6e7e3;border-radius:999px;background:#fff;color:var(--sp-muted);font-size:12px;font-weight:850;white-space:nowrap}.state-chip[data-state="ready"]{border-color:#a9d8cd;background:#e8f8f1;color:var(--sp-accent)}.state-chip[data-state="failed"]{border-color:#f0b7b2;background:var(--sp-danger-soft);color:var(--sp-danger)}.state-chip[data-state="empty"]{border-color:#f0d2a8;background:var(--sp-warn-soft);color:var(--sp-warn)}.flow-panel{margin-top:14px;padding:10px 12px;border:1px solid var(--sp-neutral-line);border-radius:12px;background:var(--sp-panel-alt)}.flow-head{display:flex;align-items:center;justify-content:space-between;gap:12px;margin-bottom:9px}.bridge-card[data-status="completed"] .flow-head{margin-bottom:0}.flow-head h2{margin:0;font-size:14px}.flow-state{display:flex;align-items:center;justify-content:flex-end;gap:8px;min-width:0}.step-summary{margin:0;color:var(--sp-muted);font-size:13px;font-weight:750}.flow-toggle{display:none;min-height:30px;padding:0 10px;border:1px solid #b9dcd5;border-radius:999px;background:#fff;color:var(--sp-accent);font:inherit;font-size:12px;font-weight:850;cursor:pointer}.bridge-card[data-status="completed"] .flow-toggle{display:inline-flex;align-items:center}.steps{display:grid;grid-template-columns:repeat(8,minmax(0,1fr));gap:6px;margin:0;padding:0;list-style:none}.bridge-card[data-status="completed"]:not([data-steps-open="true"]) .steps{display:none}.bridge-card[data-status="completed"][data-steps-open="true"] .steps{display:grid;margin-top:9px}.step{min-height:36px;position:relative;display:flex;align-items:center;gap:6px;padding:7px;border:1px solid var(--sp-neutral-line);border-radius:9px;background:#fff;color:var(--sp-muted)}.step-index{display:inline-grid;flex:0 0 auto;place-items:center;width:20px;height:20px;border-radius:999px;background:#edf3f2;color:var(--sp-muted);font-size:11px;font-weight:800}.step div{font-size:12px;line-height:1.2;word-break:break-word}.step.done{border-color:#a9d8cd;background:#f2fbf8;color:var(--sp-accent)}.step.done .step-index,.step.current .step-index{background:var(--sp-accent);color:#fff}.step.current{border-color:var(--sp-accent);color:var(--sp-ink);box-shadow:0 0 0 2px rgba(15,118,110,.08)}.step.failed{border-color:#f0b7b2;background:var(--sp-danger-soft);color:var(--sp-danger);box-shadow:0 0 0 2px rgba(180,35,24,.08)}.step.failed .step-index{background:var(--sp-danger);color:#fff}
+.screenshot-frame{width:100%;height:clamp(190px,14vw,230px);display:grid;place-items:center;overflow:hidden;border:1px solid var(--sp-line);border-radius:12px;background:#eef8f7;cursor:pointer;padding:0;text-align:inherit;transition:border-color .16s ease,box-shadow .16s ease}.screenshot-frame:disabled{cursor:not-allowed}.screenshot-frame.has-image:hover{border-color:var(--sp-accent);box-shadow:0 0 0 3px rgba(15,118,110,.1)}.screenshot-frame img{display:none;width:100%;height:100%;object-fit:cover;object-position:top center;background:#fff}.screenshot-frame.has-image img{display:block}.screenshot-frame.has-image .screenshot-empty{display:none}.screenshot-empty{max-width:260px;padding:18px;color:var(--sp-muted);text-align:center;font-weight:750;line-height:1.45;white-space:pre-line}.screenshot-meta{min-height:20px;margin:12px 0 0;color:var(--sp-muted);font-size:13px;line-height:1.35}.preview-actions{display:grid;grid-template-columns:repeat(2,minmax(0,1fr));gap:10px;margin-top:12px}.preview-button,.modal-close{min-height:38px;padding:0 12px;border:1px solid #b9dcd5;border-radius:8px;background:#fff;color:var(--sp-accent);font:inherit;font-weight:800;cursor:pointer}.preview-button.primary{min-height:44px;background:var(--sp-accent);border-color:var(--sp-accent);color:#fff;box-shadow:0 10px 22px rgba(15,118,110,.2)}.preview-button.primary:disabled{box-shadow:none}.target-copy-button{min-width:156px}.preview-button:disabled,.modal-close:disabled,.preview-button[aria-disabled="true"]{cursor:not-allowed;opacity:1;background:#f7fbfa;border-color:#d8e8e4;color:#8aa5a0}.target-url:focus-visible,.screenshot-frame:focus-visible,.preview-button:focus-visible,.modal-close:focus-visible{outline:3px solid rgba(15,118,110,.35);outline-offset:2px;border-radius:6px}
+.content-section{margin-top:14px;padding:16px;border:1px solid var(--sp-soft-line);border-radius:12px;background:var(--sp-panel-alt)}.section-head{display:flex;justify-content:space-between;gap:14px;align-items:end;margin-bottom:12px}.section-head h2{margin:0;font-size:16px}.section-head p{margin:3px 0 0;color:var(--sp-muted);font-size:13px}.content-grid{display:grid;grid-template-columns:repeat(auto-fit,minmax(min(100%,300px),1fr));gap:8px}.content-card{min-width:0;min-height:88px;padding:10px;overflow:hidden;border:1px solid var(--sp-neutral-line);border-radius:10px;background:#fff}.content-card *{min-width:0;max-width:100%;overflow-wrap:anywhere;word-break:break-word}.content-card h3{margin:0 0 6px;font-size:14px;line-height:1.3}.content-card ul{display:grid;min-width:0;gap:3px;margin:0;padding-left:18px;color:var(--sp-muted);font-size:13px}.content-card li{min-width:0;line-height:1.38;white-space:normal}
+.bridge-footer{display:flex;flex-wrap:wrap;gap:12px 18px;align-items:flex-start;justify-content:space-between;margin-top:20px;padding-top:18px;border-top:1px solid #e7eeee}.bridge-note{max-width:760px;margin:0;color:var(--sp-muted);line-height:1.55}.pills{display:flex;flex-wrap:wrap;gap:8px;margin-left:auto}.pill{padding:6px 10px;border:1px solid #d6e7e3;border-radius:999px;color:var(--sp-muted);background:var(--sp-panel-alt);font-size:13px}.bridge-card[data-status="completed"] .bridge-badge{border-color:#a9d8cd;background:#e8f8f1;color:var(--sp-accent)}.bridge-card[data-status="failed"] .bridge-badge,.bridge-card[data-status="expired"] .bridge-badge{border-color:#f0b7b2;background:var(--sp-danger-soft);color:var(--sp-danger)}.bridge-card[data-status="cancelled"] .bridge-badge,.bridge-card[data-status="disconnected"] .bridge-badge{border-color:#f0d2a8;background:var(--sp-warn-soft);color:var(--sp-warn)}
+.screenshot-modal{position:fixed;inset:0;z-index:20;display:none;place-items:center;padding:28px;background:rgba(10,18,24,.72);overscroll-behavior:contain}.screenshot-modal[data-open="true"]{display:grid}.modal-card{width:min(1180px,100%);max-height:92vh;display:grid;grid-template-rows:auto auto minmax(0,1fr);overflow:hidden;border:1px solid #25443f;border-radius:14px;background:#081311;box-shadow:0 28px 90px rgba(0,0,0,.42)}.modal-bar{display:flex;align-items:center;justify-content:space-between;gap:12px;padding:12px 14px;border-bottom:1px solid #1e3934;color:#e7f7f3}.modal-title{margin:0;font-size:15px;font-weight:800}.modal-actions{display:flex;flex-wrap:wrap;gap:8px;align-items:center;justify-content:flex-end}.modal-copy-status{display:none;margin:0;padding:0 14px 10px;color:#b7d6cf;font-size:13px;font-weight:600;text-align:right}.modal-copy-status[data-visible="true"]{display:block}.modal-copy-status[data-state="error"]{color:#fca5a5}.modal-close{border-color:#35665f;background:#10211e;color:#e7f7f3}.modal-image{display:block;width:100%;height:100%;max-height:calc(92vh - 82px);object-fit:contain;background:#030807}
+@media (prefers-color-scheme:dark){:root{--sp-bg:#091312;--sp-panel:#101b1a;--sp-panel-alt:#0d1716;--sp-line:#244842;--sp-soft-line:#1f3935;--sp-neutral-line:#223935;--sp-ink:#ecfdf8;--sp-muted:#9fb8b3;--sp-accent-soft:#12302c;--sp-shadow:0 24px 60px rgba(0,0,0,.35)}body{background:linear-gradient(180deg,#07100f 0%,var(--sp-bg) 100%)}.bridge-header,.target-panel{background:linear-gradient(90deg,#0f2522 0%,#101b1a 76%)}.summary-tile,.summary-note,.summary-handoff span,.content-card,.state-chip{background:#101b1a}.progress{background:#18302d}.screenshot-frame{background:#0a1312}.screenshot-frame img{background:#07100f}.preview-button,.flow-toggle{background:#10211e;border-color:#35665f}.preview-button.primary{background:var(--sp-accent);border-color:var(--sp-accent);color:#fff}.preview-button:disabled,.modal-close:disabled,.preview-button[aria-disabled="true"]{background:#0d1716;border-color:#244842;color:#698984}.copy-status[data-state="error"]{background:#2a1211;border-color:#7f1d1d;color:#fca5a5}.bridge-card[data-status="failed"] .bridge-badge,.bridge-card[data-status="expired"] .bridge-badge{background:#2a1211;color:#fca5a5}.bridge-card[data-status="cancelled"] .bridge-badge,.bridge-card[data-status="disconnected"] .bridge-badge{background:#2a1d0b;color:#fbbf24}.state-chip[data-state="failed"]{background:#2a1211;color:#fca5a5}.state-chip[data-state="empty"]{background:#2a1d0b;color:#fbbf24}.content-section,.bridge-footer{border-color:#1f3935}.step{background:#0d1716}.step.done{background:#102822}.step.failed{border-color:#7f1d1d;background:#2a1211;color:#fca5a5}.step.failed .step-index{background:#ef4444;color:#fff}.pill{border-color:#244842}}
+@media (max-width:980px){.result-grid{grid-template-columns:1fr 1fr}.summary-grid{grid-template-columns:repeat(2,minmax(0,1fr))}.summary-note ul{grid-template-columns:1fr}.summary-handoff{display:none}.preview-actions{grid-template-columns:repeat(2,minmax(0,1fr))}.steps{grid-template-columns:repeat(4,minmax(0,1fr))}}
+@media (max-width:760px){.bridge-shell{padding:12px 10px 22px}.bridge-card{border-radius:14px}.bridge-header{position:relative;display:block;padding:12px 92px 12px 12px}.bridge-brand{gap:10px}.bridge-mark{width:36px;height:36px}.bridge-kicker{font-size:10px}.bridge-title{font-size:19px}.bridge-copy{margin-top:3px;font-size:13px;line-height:1.32}.bridge-badge{position:absolute;top:12px;right:12px;padding:6px 9px;font-size:12px}.bridge-body{padding:13px}.target-panel{grid-template-columns:1fr;padding:10px 12px}.target-url{font-size:15px}.target-helper{font-size:12px}.target-actions{justify-content:flex-start}.target-open-link,.profile-download-button,.target-copy-button{width:min(100%,220px);min-width:0}.result-grid{grid-template-columns:1fr}.summary-grid{grid-template-columns:repeat(2,minmax(0,1fr))}.summary-tile{min-height:54px;padding:8px}.summary-note{padding:9px 10px}.summary-note ul{grid-template-columns:1fr;gap:4px}.section-title{align-items:center;gap:8px}.section-title h2{font-size:16px}.state-chip{padding:3px 8px;font-size:11px}.screenshot-frame{height:172px}.preview-actions{gap:12px}.flow-head{display:grid;gap:4px}.flow-state{align-items:flex-start;justify-content:space-between}.step-summary{margin-top:0}.steps{grid-template-columns:repeat(2,minmax(0,1fr))}.bridge-card[data-status="completed"][data-steps-open="true"] .steps{margin-top:8px}.step{min-height:44px;padding:8px}.step-index{width:21px;height:21px}.step div{font-size:12px;line-height:1.25}.screenshot-modal{padding:14px}.modal-bar,.section-head{align-items:flex-start;flex-direction:column}.modal-actions{width:100%;justify-content:flex-end}.modal-copy-status{text-align:left}.bridge-footer{gap:12px;margin-top:20px}.pills{margin-left:0}}
+@media (max-width:420px){.preview-actions{grid-template-columns:1fr}.target-open-link,.profile-download-button,.target-copy-button{width:100%}}
+@media (hover:none){.preview-button,.modal-close{min-height:44px;min-width:44px}}
+@media (prefers-reduced-motion:reduce){.bridge-card[data-status="running"] .progress span::after,.bridge-card[data-status="cancel_requested"] .progress span::after{animation:none}.copy-status,.progress span,.screenshot-frame{transition:none}}
+`
+
+export const bridgePageScript = `
+const config=JSON.parse(document.getElementById('stackprism-agent-bridge-config').textContent);
+const ids=['status','stateLabel','statusBadge','progressBar','bridgeCard','targetUrl','openTargetUrl','targetHelper','screenshotFrame','targetScreenshot','screenshotMeta','screenshotDownload','copyScreenshot','copyAllInfo','downloadProfile','copyStatus','modalCopyStatus','stepSummary','profileContentSection','profileContentGrid','screenshotModal','modalScreenshot','modalClose','modalDownload','modalCopyScreenshot','screenshotTileValue','screenshotEmpty','screenshotStateBadge','toggleSteps'];
+const el=Object.fromEntries(ids.map(id=>[id,document.getElementById(id)]));
+const steps=[...document.querySelectorAll('[data-phase]')];
+let currentScreenshot=null,currentCopyText='',currentProfileBlob=null,currentProfileFetchPromise=null,copyStatusTimer=0,copyButtonTimer=0,stepsOpen=false,stepsUserToggled=false,lastStatus='',lastBody=null;
+const phases=['bridge_connected','request_loaded','target_opening','target_loaded','detecting_tech','profiling_experience','posting_profile','cleanup'];
+const phaseLabels={bridge_connected:'扩展已连接',request_loaded:'读取采集请求',target_opening:'打开目标页面',target_loaded:'目标页面已加载',detecting_tech:'识别技术栈',profiling_experience:'分析视觉与体验',posting_profile:'回传 Profile',cleanup:'清理采集环境'};
+const statusLabels={queued:'等待扩展连接',waiting_extension:'等待扩展连接',running:'正在采集',cancel_requested:'正在取消',cancelled:'已取消',completed:'采集完成',failed:'采集失败',expired:'结果已过期',disconnected:'连接已关闭'};
+const finalStatuses=['completed','failed','cancelled','expired','disconnected'];
+const targetHrefFor=value=>{const text=String(value||'');if(!text)return '';try{const url=new URL(text);if(url.protocol!=='http:'&&url.protocol!=='https:')return '';if(url.pathname.includes('[redacted]'))return '';if(url.search.includes('[redacted]'))url.search='';return url.toString();}catch{return '';}};
+const setTargetLink=(node,href)=>{if(href){node.href=href;node.removeAttribute('aria-disabled');node.removeAttribute('tabindex');}else{node.removeAttribute('href');node.setAttribute('aria-disabled','true');node.setAttribute('tabindex','-1');}};
+const setTargetUrl=value=>{const targetText=value||'等待读取目标网址';const targetHref=targetHrefFor(targetText);el.targetUrl.textContent=targetText;el.targetUrl.title=targetText;setTargetLink(el.targetUrl,targetHref);setTargetLink(el.openTargetUrl,targetHref);};
+const setStatus=value=>{el.status.textContent=value};
+const setCopyStatus=(node,value,type='ok')=>{node.textContent=value;node.dataset.state=type;node.dataset.visible=value?'true':'false';};
+const showCopyStatus=(value,type='ok')=>{if(copyStatusTimer)clearTimeout(copyStatusTimer);setCopyStatus(el.copyStatus,'');setCopyStatus(el.modalCopyStatus,'');setCopyStatus(modalOpen()?el.modalCopyStatus:el.copyStatus,value,type);if(value)copyStatusTimer=setTimeout(()=>{setCopyStatus(el.copyStatus,'');setCopyStatus(el.modalCopyStatus,'');},2600);};
+const flashCopyButton=value=>{if(copyButtonTimer)clearTimeout(copyButtonTimer);el.copyAllInfo.textContent=value;copyButtonTimer=setTimeout(()=>{el.copyAllInfo.textContent='复制全部信息';},1800);};
+const screenshotExtension=()=>currentScreenshot?.mimeType==='image/png'?'png':currentScreenshot?.mimeType==='image/webp'?'webp':'jpg';
+const screenshotFilename=()=>('stackprism-'+config.captureId+'-screenshot.'+screenshotExtension());
+const profileFilename=()=>('stackprism-'+config.captureId+'-profile.json');
+const profileDownloadUrl=()=>('/v1/captures/'+config.captureId+'/profile-download');
+const formatBytes=value=>{const bytes=Number(value);if(!Number.isFinite(bytes)||bytes<=0)return '';if(bytes<1024)return bytes+' B';if(bytes<1048576)return Math.round(bytes/1024)+' KB';return (bytes/1048576).toFixed(1)+' MB';};
+const screenshotMetaText=screenshot=>[screenshot.mimeType||'',formatBytes(screenshot.byteLength),screenshot.scope||''].filter(Boolean).join(' - ')||'截图已包含';
+const screenshotEmptyText=(status,preview)=>status==='completed'?'本次采集未返回截图':status==='failed'?'采集失败，未返回截图':preview?.screenshot?'':'采集完成后显示可用截图';
+const setScreenshotState=(text,state)=>{el.screenshotTileValue.textContent=text;el.screenshotStateBadge.textContent=text;el.screenshotStateBadge.dataset.state=state;};
+let currentScreenshotBlob=null,currentScreenshotObjectUrl='';
+const clearScreenshotObjectUrl=()=>{if(currentScreenshotObjectUrl){URL.revokeObjectURL(currentScreenshotObjectUrl);currentScreenshotObjectUrl='';}};
+const screenshotRequestInit=url=>{try{const target=new URL(url,location.href);return {headers:target.origin===location.origin?{Authorization:'Bearer '+config.bridgeToken}:{},cache:'no-store'};}catch{return {cache:'no-store'};}};
+const fetchScreenshotBlob=async()=>{if(currentScreenshotBlob)return currentScreenshotBlob;if(!currentScreenshot?.downloadUrl)throw new Error('SCREENSHOT_DOWNLOAD_MISSING');const res=await fetch(currentScreenshot.downloadUrl,screenshotRequestInit(currentScreenshot.downloadUrl));if(!res.ok)throw new Error('SCREENSHOT_DOWNLOAD_FAILED');currentScreenshotBlob=await res.blob();return currentScreenshotBlob;};
+const setScreenshotImageUrl=async screenshot=>{try{const blob=await fetchScreenshotBlob();if(currentScreenshot!==screenshot)return;clearScreenshotObjectUrl();currentScreenshotObjectUrl=URL.createObjectURL(blob);el.targetScreenshot.src=currentScreenshotObjectUrl;el.modalScreenshot.src=currentScreenshotObjectUrl;}catch{invalidateScreenshot();}};
+const setScreenshot=screenshot=>{
+const next=screenshot?.downloadUrl?screenshot:null;if(currentScreenshot?.downloadUrl!==next?.downloadUrl){currentScreenshotBlob=null;clearScreenshotObjectUrl();}
+currentScreenshot=next;
+if(currentScreenshot){setScreenshotImageUrl(currentScreenshot);el.targetScreenshot.alt='目标页面截图预览';el.modalScreenshot.alt='目标页面截图放大预览';}else{el.targetScreenshot.removeAttribute('src');el.modalScreenshot.removeAttribute('src');el.targetScreenshot.alt='';el.modalScreenshot.alt='';}
+el.screenshotFrame.classList.toggle('has-image',Boolean(currentScreenshot));
+el.screenshotMeta.textContent=currentScreenshot?screenshotMetaText(currentScreenshot):'截图可用后会显示格式与范围';
+if(currentScreenshot)setScreenshotState('截图可用','ready');
+for(const item of [el.screenshotFrame,el.screenshotDownload,el.copyScreenshot,el.modalDownload,el.modalCopyScreenshot])item.disabled=!currentScreenshot;
+};
+const invalidateScreenshot=()=>{currentScreenshot=null;currentScreenshotBlob=null;clearScreenshotObjectUrl();el.targetScreenshot.removeAttribute('src');el.modalScreenshot.removeAttribute('src');el.targetScreenshot.alt='';el.modalScreenshot.alt='';el.screenshotFrame.classList.remove('has-image');el.screenshotMeta.textContent='截图预览无法加载';el.screenshotEmpty.textContent='截图预览无法加载';setScreenshotState('截图失败','failed');for(const item of [el.screenshotFrame,el.screenshotDownload,el.copyScreenshot,el.modalDownload,el.modalCopyScreenshot])item.disabled=true;showCopyStatus('截图预览无法加载，可重新采集或下载 Profile 查看图片链接。','error');};
+const downloadBlob=(blob,filename)=>{const href=URL.createObjectURL(blob);const link=document.createElement('a');link.href=href;link.download=filename;document.body.append(link);link.click();link.remove();setTimeout(()=>URL.revokeObjectURL(href),0);};
+const downloadScreenshot=async()=>{if(!currentScreenshot)return;try{downloadBlob(await fetchScreenshotBlob(),screenshotFilename());}catch{showCopyStatus('下载截图失败：结果可能已过期或本机 bridge 已关闭。','error');}};
+const fetchProfileBlob=async()=>{const res=await fetch(profileDownloadUrl(),{headers:{Authorization:'Bearer '+config.bridgeToken},cache:'no-store'});if(!res.ok){let code='PROFILE_DOWNLOAD_FAILED';try{code=(await res.json())?.error?.code||code;}catch{}throw new Error(code);}const blob=await res.blob();currentProfileBlob=blob;return blob;};
+const ensureProfileCached=()=>{if(currentProfileBlob)return Promise.resolve(currentProfileBlob);if(currentProfileFetchPromise)return currentProfileFetchPromise;currentProfileFetchPromise=fetchProfileBlob().catch(error=>{currentProfileFetchPromise=null;throw error;});return currentProfileFetchPromise;};
+const downloadProfile=async()=>{if(el.downloadProfile.disabled)return;el.downloadProfile.disabled=true;try{downloadBlob(await ensureProfileCached(),profileFilename());showCopyStatus('已下载 Profile JSON。');}catch{showCopyStatus('下载 Profile 失败：结果可能已过期或本机 bridge 已关闭。','error');}finally{el.downloadProfile.disabled=lastBody?.status!=='completed';}};
+const copyText=async()=>{if(!currentCopyText)return;try{await navigator.clipboard.writeText(currentCopyText);showCopyStatus('已复制全部信息。');flashCopyButton('已复制');}catch{showCopyStatus('复制失败：浏览器未允许写入剪切板。','error');}};
+const clipboardScreenshotBlob=async()=>{const blob=await fetchScreenshotBlob();if(blob.type==='image/png')return blob;const bitmap=await createImageBitmap(blob);try{const canvas=document.createElement('canvas');canvas.width=bitmap.width;canvas.height=bitmap.height;const context=canvas.getContext('2d');if(!context)throw new Error('Canvas unavailable');context.drawImage(bitmap,0,0);return await new Promise((resolve,reject)=>canvas.toBlob(output=>output?resolve(output):reject(new Error('PNG conversion failed')),'image/png'));}finally{bitmap.close?.();}};
+const copyScreenshot=async()=>{if(!currentScreenshot)return;try{const blob=await clipboardScreenshotBlob();await navigator.clipboard.write([new ClipboardItem({'image/png':blob})]);showCopyStatus('已复制截图。');}catch{showCopyStatus('复制截图失败：浏览器未允许写入剪切板，或截图格式无法转换。','error');}};
+const modalOpen=()=>el.screenshotModal.dataset.open==='true';
+const modalControls=()=>[...el.screenshotModal.querySelectorAll('button:not(:disabled),a[href],input:not(:disabled),select:not(:disabled),textarea:not(:disabled),[tabindex]:not([tabindex="-1"])')];
+const openScreenshot=()=>{if(currentScreenshot){el.screenshotModal.dataset.open='true';document.body.style.overflow='hidden';el.modalClose.focus();}};
+const closeScreenshot=()=>{if(!modalOpen())return;el.screenshotModal.dataset.open='false';setCopyStatus(el.modalCopyStatus,'');document.body.style.overflow='';const restore=el.screenshotFrame.disabled?el.bridgeCard:el.screenshotFrame;restore.focus({preventScroll:true});};
+const renderSummary=summary=>{const cards=Array.isArray(summary?.cards)?summary.cards:[];el.profileContentGrid.replaceChildren();el.profileContentSection.hidden=!cards.length;for(const card of cards){const node=document.createElement('article');node.className='content-card';const title=document.createElement('h3');title.textContent=card.title||'Profile';const list=document.createElement('ul');for(const item of Array.isArray(card.items)?card.items:[]){const li=document.createElement('li');li.textContent=item;list.append(li);}node.append(title,list);el.profileContentGrid.append(node);}};
+const setStepsOpen=(value,user=false)=>{stepsOpen=Boolean(value);if(user)stepsUserToggled=true;el.bridgeCard.dataset.stepsOpen=stepsOpen?'true':'false';el.toggleSteps.setAttribute('aria-expanded',stepsOpen?'true':'false');el.toggleSteps.textContent=stepsOpen?'收起步骤':'展开步骤';};
+const updateSteps=(phase,status)=>{const index=status==='completed'?phases.length-1:Math.max(0,phases.indexOf(phase));const safeIndex=index<0?0:index;const failed=status==='failed';steps.forEach(step=>{const stepIndex=phases.indexOf(step.dataset.phase);const current=stepIndex===safeIndex&&!finalStatuses.includes(status);const failedCurrent=failed&&stepIndex===safeIndex;step.classList.toggle('done',stepIndex<safeIndex||status==='completed');step.classList.toggle('current',current);step.classList.toggle('failed',failedCurrent);if(current||failedCurrent)step.setAttribute('aria-current','step');else step.removeAttribute('aria-current');});el.progressBar.style.width=(status==='completed'?100:Math.max(8,Math.round(((safeIndex+1)/phases.length)*100)))+'%';const phaseLabel=phaseLabels[phase]||phase||status;el.stepSummary.textContent=finalStatuses.includes(status)?('结果：'+(statusLabels[status]||status)+' - '+phaseLabel):('当前步骤：'+(safeIndex+1)+'/'+phases.length+' '+phaseLabel);if(status==='completed'){if(lastStatus!==status&&!stepsUserToggled)setStepsOpen(false);else setStepsOpen(stepsOpen);}else{stepsUserToggled=false;setStepsOpen(true);}lastStatus=status;};
+const render=body=>{const status=body?.status||'waiting_extension';const phase=body?.phase||'bridge_connected';const label=statusLabels[status]||status;const preview=body?.preview||{};const targetText=preview.targetUrl||config.targetUrl||'等待读取目标网址';lastBody=body;currentCopyText=typeof preview.copyText==='string'?preview.copyText:'';el.bridgeCard.dataset.status=status;el.bridgeCard.dataset.phase=phase;el.stateLabel.textContent=label;el.statusBadge.textContent=label;setStatus(body?.error?.code||phaseLabels[phase]||status);setTargetUrl(targetText);el.targetHelper.textContent=status==='completed'&&currentCopyText?'已生成 Agent 可读摘要，可复制给本机 Coding Agent 使用。':finalStatuses.includes(status)?'本次采集已结束，可查看可用摘要。':'采集完成后可复制给本机 Coding Agent 使用。';setScreenshot(preview.screenshot);if(!currentScreenshot){el.screenshotEmpty.textContent=screenshotEmptyText(status,preview);setScreenshotState(finalStatuses.includes(status)?'未返回截图':'等待截图',finalStatuses.includes(status)?'empty':'pending');}el.copyAllInfo.disabled=!currentCopyText;el.downloadProfile.disabled=status!=='completed';if(status==='completed')ensureProfileCached().catch(()=>{});if(!currentCopyText)el.copyAllInfo.textContent='复制全部信息';renderSummary(preview.contentSummary);updateSteps(phase,status);};
+el.screenshotFrame.addEventListener('click',openScreenshot);el.screenshotDownload.addEventListener('click',downloadScreenshot);el.copyScreenshot.addEventListener('click',copyScreenshot);el.copyAllInfo.addEventListener('click',copyText);el.downloadProfile.addEventListener('click',downloadProfile);el.modalDownload.addEventListener('click',downloadScreenshot);el.modalCopyScreenshot.addEventListener('click',copyScreenshot);el.modalClose.addEventListener('click',closeScreenshot);el.targetScreenshot.addEventListener('error',invalidateScreenshot);el.modalScreenshot.addEventListener('error',invalidateScreenshot);
+el.toggleSteps.addEventListener('click',()=>setStepsOpen(!stepsOpen,true));
+el.screenshotModal.addEventListener('click',event=>{if(event.target===el.screenshotModal)closeScreenshot();});
+document.addEventListener('keydown',event=>{if(!modalOpen())return;if(event.key==='Escape'){closeScreenshot();return;}if(event.key!=='Tab')return;const controls=modalControls();if(!controls.length)return;const first=controls[0],last=controls[controls.length-1];if(!el.screenshotModal.contains(document.activeElement)){event.preventDefault();(event.shiftKey?last:first).focus();}else if(event.shiftKey&&document.activeElement===first){event.preventDefault();last.focus();}else if(!event.shiftKey&&document.activeElement===last){event.preventDefault();first.focus();}});
+const poll=async()=>{try{const res=await fetch('/v1/captures/'+config.captureId,{headers:{Authorization:'Bearer '+config.bridgeToken},cache:'no-store'});const body=await res.json();if(!res.ok){render({status:'failed',phase:lastBody?.phase||'cleanup',error:{code:body?.error?.code||'Bridge request failed.'}});return;}render(body);if(finalStatuses.includes(body.status))return;}catch{if(lastBody&&finalStatuses.includes(lastBody.status))return;render({status:'disconnected',phase:lastBody?.phase||'bridge_connected',preview:lastBody?.preview,error:{code:'本机 bridge 服务已关闭，当前页面无法继续读取状态。'}});return;}setTimeout(poll,1000);};
+poll();
+`
diff --git a/agent-skill/stackprism-site-experience/scripts/bridge/bridge-page.mjs b/agent-skill/stackprism-site-experience/scripts/bridge/bridge-page.mjs
new file mode 100644
index 00000000..9bf9e6ef
--- /dev/null
+++ b/agent-skill/stackprism-site-experience/scripts/bridge/bridge-page.mjs
@@ -0,0 +1,82 @@
+import { bridgePageScript, bridgePageStyle } from './bridge-page-assets.mjs'
+import { htmlEscapeScriptJson, identifierSpecs } from './protocol.mjs'
+
+export const renderBridgePageHtml = (cspNonce, config) => {
+  if (!identifierSpecs.cspNonce.test(cspNonce)) {
+    throw new Error('INVALID_CSP_NONCE')
+  }
+  const configJson = htmlEscapeScriptJson(config)
+  return `<!doctype html>
+<html>
+<head>
+<meta charset="utf-8">
+<meta name="stackprism-agent-bridge" content="1">
+<meta name="viewport" content="width=device-width,initial-scale=1">
+<link rel="icon" href="data:image/svg+xml,%3Csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 16 16'%3E%3Crect width='16' height='16' rx='3' fill='%230f766e'/%3E%3C/svg%3E">
+<title>StackPrism Agent Bridge</title>
+<style nonce="${cspNonce}">${bridgePageStyle}</style>
+</head>
+<body>
+<main class="bridge-shell">
+<section id="bridgeCard" class="bridge-card" data-status="waiting_extension" aria-labelledby="bridge-title" tabindex="-1">
+<header class="bridge-header">
+<div class="bridge-brand">
+<div class="bridge-mark" aria-hidden="true">SP</div>
+<div>
+<p class="bridge-kicker">本机通道</p>
+<h1 id="bridge-title" class="bridge-title">StackPrism Agent Bridge</h1>
+<p class="bridge-copy">连接本机 Agent 与当前浏览器 profile，展示本次采集结果。</p>
+</div>
+</div>
+<span id="statusBadge" class="bridge-badge">等待扩展连接</span>
+</header>
+<div class="bridge-body">
+<section class="status-panel" aria-live="polite">
+<div>
+<div id="stateLabel" class="state-label">等待扩展连接</div>
+<p id="status" class="status-text">等待 StackPrism 扩展连接。</p>
+</div>
+<div class="progress-row" aria-hidden="true"><div class="progress"><span id="progressBar"></span></div></div>
+</section>
+<section class="target-panel" aria-label="目标与可复制结果">
+<div class="target-copy">
+<p class="preview-label">采集目标</p>
+<a id="targetUrl" class="target-url" title="" target="_blank" rel="noopener noreferrer" aria-disabled="true">等待读取目标网址</a>
+<p id="targetHelper" class="target-helper">采集完成后可复制给本机 Coding Agent 使用。</p>
+</div>
+<div class="target-actions"><a id="openTargetUrl" class="preview-button target-open-link" target="_blank" rel="noopener noreferrer" aria-disabled="true" tabindex="-1">打开目标网页</a><button id="downloadProfile" class="preview-button profile-download-button" type="button" disabled>下载 Profile</button><button id="copyAllInfo" class="preview-button primary target-copy-button" type="button" disabled>复制全部信息</button></div>
+<p id="copyStatus" class="copy-status" role="status" aria-live="polite"></p>
+</section>
+<section class="result-grid" aria-label="采集结果">
+<section class="capture-panel" aria-label="Profile 摘要">
+<div class="section-title"><span class="section-dot" aria-hidden="true"></span><h2>Profile 摘要</h2></div>
+<p class="panel-copy">面向复刻任务整理技术栈、视觉结构、交互路径与资产线索。</p>
+<div class="summary-grid">
+<div class="summary-tile"><p>Agent 用途</p><strong>快速复刻</strong></div>
+<div class="summary-tile"><p>内容范围</p><strong>技术与体验</strong></div>
+<div class="summary-tile"><p>采集模式</p><strong>只读采集</strong></div>
+<div class="summary-tile"><p>截图状态</p><strong id="screenshotTileValue">等待截图</strong></div>
+</div>
+<div class="summary-note"><p>复刻重点</p><ul><li>先看 Agent 可读内容</li><li>用截图校准首屏结构</li><li>必要时再读 raw profile</li></ul></div>
+<div class="summary-handoff" aria-label="摘要包含"><p>摘要包含</p><div><span>技术栈</span><span>首屏结构</span><span>交互路径</span><span>资产线索</span></div></div>
+</section>
+<section class="screenshot-panel" aria-label="截图预览">
+<div class="section-title"><span class="section-dot" aria-hidden="true"></span><h2>截图预览</h2><span id="screenshotStateBadge" class="state-chip" data-state="pending">等待截图</span></div>
+<button id="screenshotFrame" class="screenshot-frame" type="button" disabled><img id="targetScreenshot" alt=""><span id="screenshotEmpty" class="screenshot-empty">采集完成后显示截图
+未返回时仍可复制文本摘要</span></button>
+<p id="screenshotMeta" class="screenshot-meta">截图可用后会显示格式与范围</p>
+<div class="preview-actions"><button id="copyScreenshot" class="preview-button" type="button" disabled>复制截图</button><button id="screenshotDownload" class="preview-button" type="button" disabled>下载截图</button></div>
+</section>
+</section>
+<section id="profileContentSection" class="content-section" hidden><div class="section-head"><div><h2>Agent 可读内容</h2><p>已转换为摘要；完整 Profile 可在本页完成后下载。</p></div></div><div id="profileContentGrid" class="content-grid"></div></section>
+<section class="flow-panel" aria-label="采集流程"><div class="flow-head"><h2>采集流程</h2><div class="flow-state"><p id="stepSummary" class="step-summary" role="status" aria-live="polite">当前步骤：扩展连接</p><button id="toggleSteps" class="flow-toggle" type="button" aria-controls="captureSteps" aria-expanded="false">展开步骤</button></div></div><ol id="captureSteps" class="steps" aria-label="采集步骤" role="list"><li class="step current" data-phase="bridge_connected" aria-current="step"><span class="step-index">1</span><div>扩展连接</div></li><li class="step" data-phase="request_loaded"><span class="step-index">2</span><div>读取请求</div></li><li class="step" data-phase="target_opening"><span class="step-index">3</span><div>打开目标</div></li><li class="step" data-phase="target_loaded"><span class="step-index">4</span><div>页面加载</div></li><li class="step" data-phase="detecting_tech"><span class="step-index">5</span><div>技术识别</div></li><li class="step" data-phase="profiling_experience"><span class="step-index">6</span><div>体验分析</div></li><li class="step" data-phase="posting_profile"><span class="step-index">7</span><div>回传 Profile</div></li><li class="step" data-phase="cleanup"><span class="step-index">8</span><div>清理完成</div></li></ol></section>
+<footer class="bridge-footer"><p class="bridge-note">本页只服务当前一次采集；完整 Profile 仅在本次结果未过期时下载；摘要不含 token、nonce、raw JSON 或截图 data URL。</p><div class="pills"><span class="pill">127.0.0.1</span><span class="pill">当前 profile</span><span class="pill">只读采集</span></div></footer>
+</div>
+</section>
+</main>
+<section id="screenshotModal" class="screenshot-modal" data-open="false" aria-label="截图放大预览" role="dialog" aria-modal="true"><div class="modal-card"><div class="modal-bar"><p class="modal-title">截图预览</p><div class="modal-actions"><button id="modalCopyScreenshot" class="modal-close" type="button" disabled>复制截图</button><button id="modalDownload" class="modal-close" type="button" disabled>下载截图</button><button id="modalClose" class="modal-close" type="button">关闭</button></div></div><p id="modalCopyStatus" class="modal-copy-status" role="status" aria-live="polite"></p><img id="modalScreenshot" class="modal-image" alt=""></div></section>
+<script id="stackprism-agent-bridge-config" type="application/json" nonce="${cspNonce}">${configJson}</script>
+<script nonce="${cspNonce}">${bridgePageScript}</script>
+</body>
+</html>`
+}
diff --git a/agent-skill/stackprism-site-experience/scripts/bridge/capture-store.mjs b/agent-skill/stackprism-site-experience/scripts/bridge/capture-store.mjs
new file mode 100644
index 00000000..6a180605
--- /dev/null
+++ b/agent-skill/stackprism-site-experience/scripts/bridge/capture-store.mjs
@@ -0,0 +1,189 @@
+import { newBridgeToken, newCaptureId, newNonce, newScreenshotDownloadId, newSessionId } from './protocol.mjs'
+import { prepareProfileForStorage } from './profile-response.mjs'
+
+const CAPTURE_TIMEOUT_MS = 95000
+const EXTENSION_CONNECT_TIMEOUT_MS = 30000
+const CANCEL_TIMEOUT_MS = 10000
+const RESULT_TTL_MS = 10 * 60 * 1000
+const MAX_CAPTURE_RECORDS = 100
+
+const captureDeadlineError = capture =>
+  capture.phase === 'target_opening'
+    ? { code: 'TARGET_LOAD_TIMEOUT', message: 'Target tab load timed out.' }
+    : { code: 'CAPTURE_TIMEOUT', message: 'Capture timed out.' }
+
+export class CaptureStore {
+  constructor({ baseUrl, openBrowser, now = () => Date.now(), resultTtlMs = RESULT_TTL_MS, setTimeoutFn = setTimeout, clearTimeoutFn = clearTimeout }) {
+    this.baseUrl = baseUrl
+    this.openBrowser = openBrowser
+    this.now = now
+    this.resultTtlMs = resultTtlMs
+    this.setTimeout = setTimeoutFn
+    this.clearTimeout = clearTimeoutFn
+    this.captures = new Map()
+    this.captureLocks = new Map()
+    this.resultExpiryTimers = new Map()
+  }
+
+  async withCaptureLock(id, task) {
+    const previous = this.captureLocks.get(id) || Promise.resolve()
+    let release
+    const gate = new Promise(resolve => {
+      release = resolve
+    })
+    const next = previous.catch(() => {}).then(() => gate)
+    this.captureLocks.set(id, next)
+    await previous.catch(() => {})
+    try {
+      return await task()
+    } finally {
+      release()
+      if (this.captureLocks.get(id) === next) this.captureLocks.delete(id)
+    }
+  }
+
+  activeCount() {
+    this.pruneExpiredResults()
+    return [...this.captures.values()].filter(capture =>
+      ['queued', 'waiting_extension', 'running', 'cancel_requested'].includes(capture.status)
+    ).length
+  }
+
+  get(id) {
+    const capture = this.captures.get(id)
+    if (!capture) return null
+    this.expireIfNeeded(capture)
+    return capture
+  }
+
+  async create(request) {
+    if (this.activeCount() > 0) {
+      return { ok: false, status: 429, code: 'CAPTURE_BUSY', message: 'Another capture is already active.' }
+    }
+    const capture = {
+      id: newCaptureId(),
+      sessionId: newSessionId(),
+      nonce: newNonce(),
+      bridgeToken: newBridgeToken(),
+      status: 'queued',
+      phase: undefined,
+      sequence: 0,
+      request,
+      profile: null,
+      screenshotAsset: null,
+      error: null,
+      createdAt: this.now(),
+      extensionDeadlineAt: this.now() + EXTENSION_CONNECT_TIMEOUT_MS,
+      deadlineAt: this.now() + CAPTURE_TIMEOUT_MS,
+      cancelDeadlineAt: null,
+      resultExpiresAt: null,
+      bridgeTokenRenderedAt: null,
+      bridgeTokenClaimedAt: null,
+      profileDownloadReadyAt: null,
+      screenshotDownloadId: newScreenshotDownloadId(),
+      screenshotUrl: null
+    }
+    capture.bridgeUrl = `${this.baseUrl}/bridge?session=${capture.sessionId}&capture=${capture.id}&nonce=${capture.nonce}`
+    capture.profileUrl = `${this.baseUrl}/v1/captures/${capture.id}/profile`
+    capture.screenshotUrl = `${this.baseUrl}/v1/captures/${capture.id}/screenshot-download/${capture.screenshotDownloadId}`
+    this.captures.set(capture.id, capture)
+    this.pruneTerminalRecords()
+    const opened = await this.openBrowser(capture.bridgeUrl)
+    if (!opened.ok) {
+      capture.status = 'failed'
+      capture.error = { code: 'BROWSER_OPEN_FAILED', message: 'Failed to open the bridge page.', details: opened.details || {} }
+      return { ok: false, status: 500, code: 'BROWSER_OPEN_FAILED', message: capture.error.message, details: capture.error.details }
+    }
+    return { ok: true, capture }
+  }
+
+  clearResultExpiryTimer(captureId) {
+    const timer = this.resultExpiryTimers.get(captureId)
+    if (!timer) return
+    this.clearTimeout(timer)
+    this.resultExpiryTimers.delete(captureId)
+  }
+
+  scheduleResultExpiry(capture) {
+    this.clearResultExpiryTimer(capture.id)
+    if (!capture.resultExpiresAt) return
+    const delayMs = Math.max(0, capture.resultExpiresAt - this.now())
+    const timer = this.setTimeout(() => {
+      this.resultExpiryTimers.delete(capture.id)
+      this.expireIfNeeded(capture)
+    }, delayMs)
+    timer?.unref?.()
+    this.resultExpiryTimers.set(capture.id, timer)
+  }
+
+  expireIfNeeded(capture) {
+    const now = this.now()
+    if (capture.status === 'completed' && capture.resultExpiresAt && capture.resultExpiresAt <= now) {
+      capture.status = 'expired'
+      capture.profile = null
+      capture.screenshotAsset = null
+      capture.error = { code: 'CAPTURE_RESULT_EXPIRED', message: 'Capture result expired.' }
+      this.clearResultExpiryTimer(capture.id)
+    }
+    if (['queued', 'waiting_extension'].includes(capture.status) && capture.extensionDeadlineAt <= now) {
+      capture.status = 'failed'
+      capture.error = { code: 'EXTENSION_NOT_CONNECTED', message: 'StackPrism extension did not connect before the deadline.' }
+    }
+    if (capture.status === 'running' && capture.deadlineAt <= now) {
+      capture.status = 'failed'
+      capture.error = captureDeadlineError(capture)
+    }
+    if (capture.status === 'cancel_requested' && capture.cancelDeadlineAt && capture.cancelDeadlineAt <= now) {
+      capture.status = 'cancelled'
+      capture.error = {
+        code: 'CAPTURE_TIMEOUT',
+        message: 'Capture cancellation timed out.',
+        details: { reason: 'cancel_timeout' }
+      }
+    }
+  }
+
+  pruneExpiredResults() {
+    for (const capture of this.captures.values()) {
+      this.expireIfNeeded(capture)
+    }
+  }
+
+  pruneTerminalRecords() {
+    const overflow = this.captures.size - MAX_CAPTURE_RECORDS
+    if (overflow <= 0) return
+    const terminal = [...this.captures.values()]
+      .filter(capture => !['queued', 'waiting_extension', 'running', 'cancel_requested'].includes(capture.status))
+      .sort((left, right) => left.createdAt - right.createdAt)
+    for (const capture of terminal.slice(0, overflow)) {
+      this.clearResultExpiryTimer(capture.id)
+      this.captures.delete(capture.id)
+    }
+  }
+
+  markProfile(capture, profile) {
+    capture.resultExpiresAt = this.now() + this.resultTtlMs
+    const prepared = prepareProfileForStorage(profile, capture)
+    capture.status = 'completed'
+    capture.phase = 'cleanup'
+    capture.profile = prepared.profile
+    capture.screenshotAsset = prepared.screenshotAsset
+    this.scheduleResultExpiry(capture)
+  }
+
+  touchResult(capture) {
+    if (capture.status !== 'completed') return
+    capture.resultExpiresAt = this.now() + this.resultTtlMs
+    this.scheduleResultExpiry(capture)
+  }
+
+  requestCancel(capture) {
+    capture.status = 'cancel_requested'
+    capture.cancelDeadlineAt = this.now() + CANCEL_TIMEOUT_MS
+  }
+
+  clear() {
+    for (const captureId of this.resultExpiryTimers.keys()) this.clearResultExpiryTimer(captureId)
+    this.captures.clear()
+  }
+}
diff --git a/agent-skill/stackprism-site-experience/scripts/bridge/http-handlers.mjs b/agent-skill/stackprism-site-experience/scripts/bridge/http-handlers.mjs
new file mode 100644
index 00000000..32a680c9
--- /dev/null
+++ b/agent-skill/stackprism-site-experience/scripts/bridge/http-handlers.mjs
@@ -0,0 +1,195 @@
+import { fail, isKnownBridgeErrorCode, json, newCspNonce, protocolVersion, redactUrl, safeEqual } from './protocol.mjs'
+import { renderBridgePageHtml } from './bridge-page.mjs'
+import { profilePreviewSummary } from './profile-summary.mjs'
+import { screenshotPreviewForCapture } from './profile-response.mjs'
+
+export const finalStates = new Set(['completed', 'failed', 'cancelled', 'expired'])
+
+const pluginWritableStatuses = new Set(['waiting_extension', 'running', 'cancelled', 'failed'])
+const statusPhases = [
+  'bridge_connected',
+  'request_loaded',
+  'target_opening',
+  'target_loaded',
+  'detecting_tech',
+  'profiling_experience',
+  'posting_profile',
+  'cleanup'
+]
+const phaseOrder = new Map(statusPhases.map((phase, index) => [phase, index]))
+const endpointMethods = {
+  '': 'GET, DELETE',
+  request: 'GET',
+  control: 'GET',
+  status: 'POST',
+  profile: 'GET, POST',
+  'profile-download': 'GET',
+  'screenshot-download': 'GET'
+}
+
+const tokenFrom = req => /^Bearer (.+)$/.exec(req.headers.authorization || '')?.[1] || ''
+
+export const allowForCaptureEndpoint = endpoint => endpointMethods[endpoint] || 'GET, POST, DELETE'
+
+export const auth = (req, capture, apiToken, scope) => {
+  const token = tokenFrom(req)
+  if (!token) return { ok: false, status: 401, code: 'UNAUTHORIZED', message: 'Bearer token is required.' }
+  if (['api', 'download'].includes(scope) && safeEqual(token, apiToken)) return { ok: true, tokenType: 'api' }
+  if (['bridge', 'download'].includes(scope) && capture && safeEqual(token, capture.bridgeToken)) return { ok: true, tokenType: 'bridge' }
+  if (scope === 'status' && (safeEqual(token, apiToken) || (capture && safeEqual(token, capture.bridgeToken)))) {
+    return { ok: true, tokenType: safeEqual(token, apiToken) ? 'api' : 'bridge' }
+  }
+  return { ok: false, status: 403, code: 'FORBIDDEN', message: 'Token is not allowed for this endpoint.' }
+}
+
+export const scopeForEndpoint = (method, endpoint) => {
+  if (endpoint === '' && method === 'GET') return 'status'
+  if (endpoint === 'request' || endpoint === 'control' || (method === 'POST' && ['status', 'profile'].includes(endpoint))) return 'bridge'
+  if (method === 'GET' && ['profile-download', 'screenshot-download'].includes(endpoint)) return 'download'
+  return method === 'GET' && endpoint === 'profile' ? 'status' : 'api'
+}
+
+const previewForCapture = capture => {
+  const targetUrl = redactUrl(capture.finalUrl || capture.request?.url)
+  const preview = {}
+  if (targetUrl) preview.targetUrl = targetUrl
+  const screenshot = capture.status === 'completed' ? screenshotPreviewForCapture(capture) : null
+  if (screenshot) preview.screenshot = screenshot
+  const summary = profilePreviewSummary(capture, screenshot)
+  if (summary) Object.assign(preview, summary)
+  return Object.keys(preview).length ? preview : undefined
+}
+
+export const publicStatus = capture => {
+  const status = { id: capture.id, status: capture.status }
+  if (capture.phase) status.phase = capture.phase
+  if (capture.error) status.error = capture.error
+  if (capture.profileDownloadReadyAt) status.profileDownloadReady = true
+  const preview = previewForCapture(capture)
+  if (preview) status.preview = preview
+  return status
+}
+
+export const terminalProfileErrorCode = status => (status === 'completed' ? 'CAPTURE_ALREADY_COMPLETED' : 'STALE_STATUS_UPDATE')
+
+export const commitProfile = (store, capture, profile, { profileSchema }) => {
+  if (finalStates.has(capture.status)) {
+    return { ok: false, status: 409, code: terminalProfileErrorCode(capture.status), details: { status: capture.status } }
+  }
+  if (!capture.finalUrl) return { ok: false, status: 409, code: 'INVALID_REQUEST', message: 'Capture final URL has not been accepted.' }
+  if (profile?.schema !== profileSchema || profile?.captureId !== capture.id) {
+    return { ok: false, status: 400, code: 'INVALID_REQUEST', message: 'Profile schema or capture id is invalid.' }
+  }
+  store.markProfile(capture, profile)
+  return { ok: true, status: 200, body: publicStatus(capture) }
+}
+
+export const writeProfile = (res, result) =>
+  result.ok
+    ? json(res, result.status, result.body)
+    : fail(res, result.status, result.code, result.message || 'Capture is already terminal.', result.details)
+
+export const validateStatusUpdate = (capture, body) => {
+  if (finalStates.has(capture.status)) {
+    return { ok: false, code: 'STALE_STATUS_UPDATE', message: 'Capture is already terminal.' }
+  }
+  if (
+    body?.captureId !== capture.id ||
+    body?.sessionId !== capture.sessionId ||
+    body?.nonce !== capture.nonce ||
+    body?.protocolVersion !== protocolVersion
+  ) {
+    return { ok: false, code: 'INVALID_REQUEST', message: 'Capture status identity is invalid.' }
+  }
+  if (!pluginWritableStatuses.has(body?.status)) {
+    return { ok: false, code: 'INVALID_REQUEST', message: 'Capture status is invalid.' }
+  }
+  if (!phaseOrder.has(body?.phase)) {
+    return { ok: false, code: 'INVALID_REQUEST', message: 'Capture phase is invalid.' }
+  }
+  if (body.status === 'cancelled' && capture.status !== 'cancel_requested') {
+    return { ok: false, code: 'STALE_STATUS_UPDATE', message: 'Capture cancellation was not requested.' }
+  }
+  if (capture.status === 'cancel_requested' && body.status !== 'cancelled') {
+    return { ok: false, code: 'STALE_STATUS_UPDATE', message: 'Capture cancellation is already requested.' }
+  }
+  if (body.status === 'failed' && (!body.error?.code || !body.error?.message)) {
+    return { ok: false, code: 'INVALID_REQUEST', message: 'Failed status requires a structured error.' }
+  }
+  if (body.status === 'failed' && !isKnownBridgeErrorCode(body.error.code)) {
+    return { ok: false, code: 'INVALID_REQUEST', message: 'Failed status error code is invalid.' }
+  }
+  if (body.status === 'cancelled' && body.phase !== 'cleanup') {
+    return { ok: false, code: 'INVALID_REQUEST', message: 'Cancelled status must use cleanup phase.' }
+  }
+  if (!Number.isInteger(body.sequence) || body.sequence <= capture.sequence) {
+    return { ok: false, code: 'STALE_STATUS_UPDATE', message: 'Capture status sequence is stale.' }
+  }
+  const currentPhaseOrder = phaseOrder.has(capture.phase) ? phaseOrder.get(capture.phase) : -1
+  const nextPhaseOrder = phaseOrder.get(body.phase)
+  if (nextPhaseOrder < currentPhaseOrder) {
+    return { ok: false, code: 'STALE_STATUS_UPDATE', message: 'Capture phase cannot move backwards.' }
+  }
+  return { ok: true }
+}
+
+const bridgePageState = capture => {
+  if (capture.status === 'expired') return { kind: 'fail', args: [410, 'CAPTURE_RESULT_EXPIRED', 'Capture result expired.'] }
+  if (finalStates.has(capture.status)) {
+    return {
+      kind: 'fail',
+      args: [409, capture.error?.code || 'INVALID_REQUEST', 'Capture is already terminal.', { status: capture.status }]
+    }
+  }
+  if (capture.bridgeTokenRenderedAt || capture.bridgeTokenClaimedAt) {
+    return {
+      kind: 'fail',
+      args: [409, 'INVALID_REQUEST', 'Bridge token has already been rendered or claimed.']
+    }
+  }
+  return {
+    kind: 'config',
+    config: {
+      captureId: capture.id,
+      sessionId: capture.sessionId,
+      nonce: capture.nonce,
+      bridgeToken: capture.bridgeToken,
+      targetUrl: redactUrl(capture.request?.url),
+      protocolVersion
+    }
+  }
+}
+
+const buildBridgePage = (capture, now = Date.now) => {
+  const state = bridgePageState(capture)
+  if (state.kind === 'fail') return state
+  const cspNonce = newCspNonce()
+  try {
+    const html = renderBridgePageHtml(cspNonce, state.config)
+    capture.bridgeTokenRenderedAt = now()
+    return { kind: 'html', cspNonce, html }
+  } catch {
+    return { kind: 'fail', args: [500, 'BRIDGE_PAGE_RENDER_FAILED', 'Bridge page render failed.'] }
+  }
+}
+
+export const renderBridge = async (res, capture, { store } = {}) => {
+  const page = store?.withCaptureLock
+    ? await store.withCaptureLock(capture.id, async () => {
+        const lockedCapture = store.get(capture.id)
+        return lockedCapture ? buildBridgePage(lockedCapture, store.now) : { kind: 'fail', args: [404, 'NOT_FOUND', 'Capture not found.'] }
+      })
+    : buildBridgePage(capture)
+  if (page.kind === 'fail') return fail(res, ...page.args)
+  res.writeHead(200, {
+    'Content-Type': 'text/html; charset=utf-8',
+    'Cache-Control': 'no-store',
+    'Referrer-Policy': 'no-referrer',
+    'X-Content-Type-Options': 'nosniff',
+    'X-Frame-Options': 'DENY',
+    'Cross-Origin-Opener-Policy': 'same-origin',
+    'Permissions-Policy': 'camera=(), microphone=(), geolocation=(), payment=(), usb=()',
+    'Content-Security-Policy': `default-src 'none'; script-src 'nonce-${page.cspNonce}'; style-src 'nonce-${page.cspNonce}'; img-src data: blob:; connect-src 'self'; frame-ancestors 'none'; base-uri 'none'; form-action 'none'`
+  })
+  res.end(page.html)
+}
diff --git a/agent-skill/stackprism-site-experience/scripts/bridge/http-server.mjs b/agent-skill/stackprism-site-experience/scripts/bridge/http-server.mjs
new file mode 100644
index 00000000..782a9df2
--- /dev/null
+++ b/agent-skill/stackprism-site-experience/scripts/bridge/http-server.mjs
@@ -0,0 +1,276 @@
+import http from 'node:http'
+import { CaptureStore } from './capture-store.mjs'
+import {
+  allowForCaptureEndpoint,
+  auth,
+  commitProfile,
+  finalStates,
+  publicStatus,
+  renderBridge,
+  scopeForEndpoint,
+  terminalProfileErrorCode,
+  validateStatusUpdate,
+  writeProfile
+} from './http-handlers.mjs'
+import { openBrowser, parseOpenConfig } from './open-browser.mjs'
+import { parseBridgeQuery, readJson, rejectBadRequestShell, rejectCrossOriginSensitiveRequest, validateBridgeQuery } from './security.mjs'
+import { validateTargetNetworkAddress } from './target-network-policy.mjs'
+import { normalizeCaptureRequest, validateFinalUrl } from './url-policy.mjs'
+import {
+  errorBody,
+  fail,
+  isValidId,
+  json,
+  newApiToken,
+  profileSchema,
+  protocolVersion,
+  safeEqual,
+  sanitizeBridgeError,
+  service,
+  version
+} from './protocol.mjs'
+import { readProfile, readProfileDownload, readScreenshotDownload } from './profile-response.mjs'
+import {
+  applyServerResourcePolicy,
+  DEFAULT_CREATE_LIMIT_PER_MINUTE,
+  DEFAULT_QUERY_LIMIT_PER_MINUTE,
+  DEFAULT_RESOURCE_POLICY,
+  makeRateLimiter
+} from './resource-policy.mjs'
+
+const isQueryEndpoint = (method, endpoint) => method === 'GET' && (endpoint === '' || endpoint === 'profile')
+const profileHeaders = { 'Referrer-Policy': 'no-referrer' }
+const methodNotAllowed = (res, allow) => fail(res, 405, 'METHOD_NOT_ALLOWED', 'Method is not supported.', {}, { Allow: allow })
+const failParsedRequest = (res, parsed, code = parsed.code) =>
+  fail(res, parsed.status, code, parsed.message, {}, parsed.close ? { Connection: 'close' } : {})
+const socketJsonError = (socket, statusLine, message) => {
+  if (!socket.writable) return
+  const body = JSON.stringify(errorBody('INVALID_REQUEST', message))
+  socket.end(
+    [
+      statusLine,
+      'Content-Type: application/json; charset=utf-8',
+      'Cache-Control: no-store',
+      'X-Content-Type-Options: nosniff',
+      'Connection: close',
+      `Content-Length: ${Buffer.byteLength(body)}`,
+      `\r\n${body}`
+    ].join('\r\n')
+  )
+}
+
+const captureFromPath = (store, pathname) => {
+  const match =
+    /^\/v1\/captures\/([^/]+)(?:\/(request|control|status|profile|profile-download)|\/(screenshot-download)\/([^/]+))?$/.exec(pathname)
+  if (!match || !isValidId('captureId', match[1])) return null
+  const capture = store.get(match[1])
+  return capture ? { capture, endpoint: match[2] || match[3] || '', screenshotDownloadId: match[4] || '' } : { missing: true }
+}
+
+export const createBridgeServer = ({ port = 0, env = process.env, resolveHostname, now, rateLimits, resourcePolicy, resultTtlMs } = {}) => {
+  const openConfig = parseOpenConfig(env)
+  if (!openConfig.ok) throw Object.assign(new Error(openConfig.message), { code: openConfig.code })
+  const apiToken = newApiToken()
+  let baseUrl = ''
+  let store
+  const allowRate = makeRateLimiter(rateLimits)
+  const policy = { ...DEFAULT_RESOURCE_POLICY, ...(resourcePolicy || {}) }
+  const server = http.createServer({ requireHostHeader: false }, async (req, res) => {
+    const rejected = rejectBadRequestShell(req, res, baseUrl)
+    if (rejected) return rejected
+    const url = new URL(req.url || '/', baseUrl)
+
+    if (req.method === 'OPTIONS') return methodNotAllowed(res, 'GET, POST, DELETE')
+    if (req.method === 'GET' && url.pathname === '/health') {
+      return json(res, 200, { ok: true, service, version, protocolVersion, bound: '127.0.0.1', activeCaptures: store.activeCount() })
+    }
+    if (url.pathname === '/health') return methodNotAllowed(res, 'GET')
+    if (req.method === 'GET' && url.pathname === '/bridge') {
+      const rejectedOrigin = rejectCrossOriginSensitiveRequest(req, res, baseUrl)
+      if (rejectedOrigin) return rejectedOrigin
+      if (!validateBridgeQuery(url)) return fail(res, 400, 'INVALID_REQUEST', 'Bridge query is invalid.')
+      const query = parseBridgeQuery(url.search)
+      const capture = query?.capture && store.get(query.capture)
+      if (!capture || capture.sessionId !== query.session || capture.nonce !== query.nonce) {
+        return fail(res, 404, 'NOT_FOUND', 'Capture bridge page was not found.')
+      }
+      return renderBridge(res, capture, { store })
+    }
+    if (url.pathname === '/bridge') return methodNotAllowed(res, 'GET')
+    if (req.method === 'POST' && url.pathname === '/v1/captures') {
+      const rejectedOrigin = rejectCrossOriginSensitiveRequest(req, res, baseUrl)
+      if (rejectedOrigin) return rejectedOrigin
+      const allowed = auth(req, null, apiToken, 'api')
+      if (!allowed.ok) return fail(res, allowed.status, allowed.code, allowed.message)
+      if (!allowRate(apiToken, 'create', rateLimits?.createLimitPerMinute ?? DEFAULT_CREATE_LIMIT_PER_MINUTE, now?.() ?? Date.now())) {
+        return fail(res, 429, 'RATE_LIMITED', 'Agent bridge rate limit exceeded.')
+      }
+      const parsed = await readJson(req, 5 * 1024 * 1024, policy.requestTimeoutMs)
+      if (!parsed.ok) return failParsedRequest(res, parsed)
+      const normalized = await normalizeCaptureRequest(parsed.body, baseUrl, { resolveHostname })
+      if (!normalized.ok) return fail(res, 400, normalized.code, normalized.message, normalized.details)
+      const created = await store.create(normalized.request)
+      if (!created.ok) return fail(res, created.status, created.code, created.message, created.details)
+      return json(res, 200, {
+        id: created.capture.id,
+        status: created.capture.status,
+        bridgeUrl: created.capture.bridgeUrl,
+        profileUrl: created.capture.profileUrl
+      })
+    }
+    if (url.pathname === '/v1/captures') return methodNotAllowed(res, 'POST')
+
+    const routed = captureFromPath(store, url.pathname)
+    if (!routed) return fail(res, 404, 'NOT_FOUND', 'Endpoint was not found.')
+    if (routed.missing) return fail(res, 404, 'NOT_FOUND', 'Capture was not found.')
+    const { capture, endpoint, screenshotDownloadId } = routed
+    const rejectedOrigin = rejectCrossOriginSensitiveRequest(req, res, baseUrl)
+    if (rejectedOrigin) return rejectedOrigin
+    if (req.method === 'GET' && endpoint === 'screenshot-download') {
+      if (!isValidId('screenshotDownloadId', screenshotDownloadId) || !safeEqual(screenshotDownloadId, capture.screenshotDownloadId)) {
+        return fail(res, 403, 'FORBIDDEN', 'Screenshot download URL is not valid for this capture.', {}, profileHeaders)
+      }
+      return readScreenshotDownload(res, capture, profileHeaders, { store })
+    }
+    const allowed = auth(req, capture, apiToken, scopeForEndpoint(req.method, endpoint))
+    if (!allowed.ok) return fail(res, allowed.status, allowed.code, allowed.message)
+    if (
+      allowed.tokenType === 'api' &&
+      isQueryEndpoint(req.method, endpoint) &&
+      !allowRate(apiToken, 'query', rateLimits?.queryLimitPerMinute ?? DEFAULT_QUERY_LIMIT_PER_MINUTE, now?.() ?? Date.now())
+    ) {
+      return fail(res, 429, 'RATE_LIMITED', 'Agent bridge rate limit exceeded.')
+    }
+
+    if (req.method === 'GET' && endpoint === '') return json(res, 200, publicStatus(capture))
+    if (req.method === 'GET' && endpoint === 'request') {
+      capture.bridgeTokenClaimedAt = capture.bridgeTokenClaimedAt || (now?.() ?? Date.now())
+      return json(res, 200, {
+        captureId: capture.id,
+        sessionId: capture.sessionId,
+        nonce: capture.nonce,
+        protocolVersion,
+        request: capture.request
+      })
+    }
+    if (req.method === 'GET' && endpoint === 'control') {
+      return json(res, 200, {
+        id: capture.id,
+        command: ['cancel_requested', 'completed', 'cancelled', 'failed', 'expired'].includes(capture.status) ? 'cancel' : 'continue',
+        status: capture.status
+      })
+    }
+    if (req.method === 'GET' && endpoint === 'profile') {
+      return readProfile(res, capture, allowed.tokenType, profileHeaders, { store })
+    }
+    if (req.method === 'GET' && endpoint === 'profile-download') {
+      return readProfileDownload(res, capture, profileHeaders, { store })
+    }
+    if (req.method === 'POST' && endpoint === 'status') {
+      const parsed = await readJson(req, 5 * 1024 * 1024, policy.requestTimeoutMs)
+      if (!parsed.ok) return failParsedRequest(res, parsed)
+      return store.withCaptureLock(capture.id, async () => {
+        const lockedCapture = store.get(capture.id)
+        if (!lockedCapture) return fail(res, 404, 'NOT_FOUND', 'Capture not found.')
+        const statusUpdate = validateStatusUpdate(lockedCapture, parsed.body)
+        if (!statusUpdate.ok) return fail(res, statusUpdate.code === 'INVALID_REQUEST' ? 400 : 409, statusUpdate.code, statusUpdate.message)
+        if (parsed.body?.status === 'running' && parsed.body?.phase === 'target_loaded' && !parsed.body?.finalUrl) {
+          return fail(res, 400, 'INVALID_REQUEST', 'target_loaded status requires finalUrl.')
+        }
+        if (parsed.body?.finalUrl) {
+          const finalUrl = await validateFinalUrl(parsed.body.finalUrl, baseUrl, lockedCapture.request, { resolveHostname })
+          if (!finalUrl.ok) {
+            lockedCapture.status = 'failed'
+            lockedCapture.phase = parsed.body.phase
+            lockedCapture.error = { code: finalUrl.code, message: finalUrl.message, details: finalUrl.details || {} }
+            return fail(res, 409, finalUrl.code, finalUrl.message, finalUrl.details)
+          }
+          const network = validateTargetNetworkAddress(parsed.body.targetNetworkAddress, lockedCapture.request, {
+            finalUrl: finalUrl.finalUrl,
+            fromCache: parsed.body.targetNetworkFromCache === true
+          })
+          if (!network.ok) {
+            if (network.code === 'INVALID_REQUEST') return fail(res, 400, network.code, network.message, network.details)
+            lockedCapture.status = 'failed'
+            lockedCapture.phase = parsed.body.phase
+            lockedCapture.error = { code: network.code, message: network.message, details: network.details || {} }
+            return fail(res, 409, network.code, network.message, network.details)
+          }
+          lockedCapture.finalUrl = finalUrl.finalUrl
+        }
+        lockedCapture.sequence = parsed.body.sequence
+        lockedCapture.status = parsed.body.status
+        lockedCapture.phase = parsed.body.phase
+        lockedCapture.error = parsed.body.error ? sanitizeBridgeError(parsed.body.error) : lockedCapture.error
+        return json(res, 200, publicStatus(lockedCapture))
+      })
+    }
+    if (req.method === 'POST' && endpoint === 'profile') {
+      if (finalStates.has(capture.status)) {
+        return fail(res, 409, terminalProfileErrorCode(capture.status), 'Capture is already terminal.', { status: capture.status })
+      }
+      if (!capture.finalUrl) return fail(res, 409, 'INVALID_REQUEST', 'Capture final URL has not been accepted.')
+      const parsed = await readJson(req, 8 * 1024 * 1024, policy.requestTimeoutMs)
+      if (!parsed.ok) return failParsedRequest(res, parsed, parsed.status === 413 ? 'PROFILE_TOO_LARGE' : parsed.code)
+      return store.withCaptureLock(capture.id, async () => {
+        const lockedCapture = store.get(capture.id)
+        if (!lockedCapture) return fail(res, 404, 'NOT_FOUND', 'Capture not found.')
+        return writeProfile(res, commitProfile(store, lockedCapture, parsed.body, { profileSchema }))
+      })
+    }
+    if (req.method === 'DELETE' && endpoint === '') {
+      if (finalStates.has(capture.status))
+        return fail(res, 409, 'INVALID_REQUEST', 'Capture is already terminal.', { status: capture.status })
+      if (capture.status === 'cancel_requested')
+        return fail(res, 409, 'STALE_STATUS_UPDATE', 'Capture cancellation is already requested.', { status: capture.status })
+      store.requestCancel(capture)
+      return json(res, 200, publicStatus(capture))
+    }
+    return methodNotAllowed(res, allowForCaptureEndpoint(endpoint))
+  })
+
+  server.on('clientError', (_error, socket) => socketJsonError(socket, 'HTTP/1.1 400 Bad Request', 'Invalid HTTP request.'))
+  server.on('connect', (_req, socket) =>
+    socketJsonError(socket, 'HTTP/1.1 400 Bad Request', 'Only origin-form request targets are allowed.')
+  )
+  const headerTimers = new Map()
+  server.on('connection', socket => {
+    const timer = setTimeout(() => {
+      if (!socket.writable) return
+      socket.end(['HTTP/1.1 408 Request Timeout', 'Connection: close', 'Content-Length: 0', '', ''].join('\r\n'))
+    }, policy.headersTimeoutMs)
+    headerTimers.set(socket, timer)
+    socket.once('close', () => {
+      clearTimeout(timer)
+      headerTimers.delete(socket)
+    })
+  })
+  server.on('request', (req, res) => {
+    const socket = req.socket
+    const timer = headerTimers.get(socket)
+    if (timer) {
+      clearTimeout(timer)
+      headerTimers.delete(socket)
+    }
+    res.once('finish', () => {
+      if (!socket.destroyed) socket.setTimeout(policy.keepAliveTimeoutMs)
+    })
+  })
+  applyServerResourcePolicy(server, policy)
+
+  store = new CaptureStore({ baseUrl: '', openBrowser: url => openBrowser(url, env), now, resultTtlMs })
+
+  const listen = () =>
+    new Promise((resolve, reject) => {
+      server.once('error', reject)
+      server.listen(port, '127.0.0.1', () => {
+        const address = server.address()
+        baseUrl = `http://127.0.0.1:${address.port}`
+        store.baseUrl = baseUrl
+        resolve({ server, store, apiToken, baseUrl, healthUrl: `${baseUrl}/health` })
+      })
+    })
+
+  const close = () => new Promise(resolve => server.close(resolve))
+  return { listen, close, server }
+}
diff --git a/agent-skill/stackprism-site-experience/scripts/bridge/open-browser.mjs b/agent-skill/stackprism-site-experience/scripts/bridge/open-browser.mjs
new file mode 100644
index 00000000..07fba013
--- /dev/null
+++ b/agent-skill/stackprism-site-experience/scripts/bridge/open-browser.mjs
@@ -0,0 +1,153 @@
+import { spawn } from 'node:child_process'
+import { accessSync, constants, statSync } from 'node:fs'
+import { delimiter, join } from 'node:path'
+
+const DEFAULT_OPEN_TIMEOUT_MS = 5000
+const MAX_OPEN_TIMEOUT_MS = 30000
+const MAX_LAUNCH_PROBE_MS = 1000
+const containsNul = value => (typeof value === 'string' ? value.includes('\0') : Array.isArray(value) && value.some(containsNul))
+const hasPathSeparator = value => value.includes('/') || value.includes('\\')
+
+const commandCandidates = (command, env, platform) => {
+  const extensions = String(env.PATHEXT ?? process.env.PATHEXT ?? '.COM;.EXE;.BAT;.CMD')
+    .split(';')
+    .filter(Boolean)
+  const lowerCommand = command.toLowerCase()
+  if (hasPathSeparator(command)) {
+    if (platform !== 'win32' || extensions.some(extension => lowerCommand.endsWith(extension.toLowerCase()))) return [command]
+    return extensions.map(extension => `${command}${extension}`)
+  }
+  const pathEntries = String(env.PATH ?? process.env.PATH ?? '').split(delimiter).filter(Boolean)
+  if (platform !== 'win32') return pathEntries.map(entry => join(entry, command))
+  return pathEntries.flatMap(entry =>
+    extensions.map(extension => {
+      const suffix = extension.toLowerCase()
+      return join(entry, lowerCommand.endsWith(suffix) ? command : `${command}${extension}`)
+    })
+  )
+}
+
+const commandExists = (command, env, platform) => {
+  const mode = platform === 'win32' ? constants.F_OK : constants.X_OK
+  for (const candidate of commandCandidates(command, env, platform)) {
+    try {
+      accessSync(candidate, mode)
+      if (!statSync(candidate).isFile()) continue
+      return true
+    } catch {}
+  }
+  return false
+}
+
+const validateOpenUrl = url => {
+  const value = String(url)
+  if (value.includes('\0') || value.includes('\n') || value.includes('\r')) return { ok: false, details: { reason: 'invalid_url' } }
+  let parsed
+  try {
+    parsed = new URL(value)
+  } catch {
+    return { ok: false, details: { reason: 'invalid_url' } }
+  }
+  if (!['http:', 'https:'].includes(parsed.protocol)) {
+    return { ok: false, details: { reason: 'invalid_scheme', allowed: ['http', 'https'] } }
+  }
+  if (parsed.username || parsed.password) return { ok: false, details: { reason: 'invalid_url' } }
+  return { ok: true }
+}
+
+export const parseOpenTimeoutMs = env => {
+  const value = env.STACKPRISM_BROWSER_OPEN_TIMEOUT_MS
+  if (value == null || value === '') return { ok: true, timeoutMs: DEFAULT_OPEN_TIMEOUT_MS }
+  const parsed = Number(value)
+  if (Number.isInteger(parsed) && parsed >= 100 && parsed <= MAX_OPEN_TIMEOUT_MS) return { ok: true, timeoutMs: parsed }
+  return { ok: false, details: { reason: 'invalid_open_timeout' } }
+}
+
+export const parseOpenConfig = env => {
+  for (const key of ['STACKPRISM_BROWSER_OPEN_COMMAND', 'STACKPRISM_BROWSER_OPEN_ARGS_JSON']) {
+    if (String(env[key] || '').includes('\0')) {
+      return { ok: false, code: 'BRIDGE_INVALID_ENV', message: 'Browser open environment contains NUL.' }
+    }
+  }
+  if (env.STACKPRISM_BROWSER_OPEN_COMMAND && env.STACKPRISM_BROWSER_OPEN_ARGS_JSON) {
+    try {
+      if (containsNul(JSON.parse(env.STACKPRISM_BROWSER_OPEN_ARGS_JSON))) {
+        return { ok: false, code: 'BRIDGE_INVALID_ENV', message: 'Browser open environment contains NUL.' }
+      }
+    } catch {}
+  }
+  return { ok: true }
+}
+
+export const resolveBrowserOpenCommand = (env = process.env, platform = process.platform) => {
+  let command = env.STACKPRISM_BROWSER_OPEN_COMMAND
+  let args = []
+  if (command) {
+    if (env.STACKPRISM_BROWSER_OPEN_ARGS_JSON) {
+      try {
+        args = JSON.parse(env.STACKPRISM_BROWSER_OPEN_ARGS_JSON)
+      } catch {
+        return { ok: false, details: { reason: 'invalid_open_args' } }
+      }
+      if (!Array.isArray(args) || args.some(arg => typeof arg !== 'string')) {
+        return { ok: false, details: { reason: 'invalid_open_args' } }
+      }
+    }
+  } else if (platform === 'darwin') {
+    command = 'open'
+  } else if (platform === 'win32') {
+    command = 'rundll32.exe'
+    args = ['url.dll,FileProtocolHandler']
+  } else {
+    command = 'xdg-open'
+  }
+  return { ok: true, command, args }
+}
+
+const waitForLaunchProbe = (child, timeoutMs) =>
+  new Promise(resolve => {
+    let settled = false
+    const finish = result => {
+      if (settled) return
+      settled = true
+      clearTimeout(timer)
+      child.off('error', onError)
+      child.off('exit', onExit)
+      resolve(result)
+    }
+    const onError = error => {
+      finish({ ok: false, details: { reason: error?.code === 'ENOENT' ? 'command_not_found' : 'spawn_failed' } })
+    }
+    const onExit = code => {
+      finish(code === 0 ? { ok: true } : { ok: false, details: { reason: 'open_failed', exitCode: code } })
+    }
+    const timer = setTimeout(() => finish({ ok: true }), Math.min(timeoutMs, MAX_LAUNCH_PROBE_MS))
+    timer.unref?.()
+    child.once('error', onError)
+    child.once('exit', onExit)
+  })
+
+export const openBrowser = async (url, env = process.env, platform = process.platform) => {
+  const openConfig = parseOpenConfig(env)
+  if (!openConfig.ok) return { ok: false, details: { reason: openConfig.code, message: openConfig.message } }
+  const openUrl = validateOpenUrl(url)
+  if (!openUrl.ok) return openUrl
+
+  if (env.STACKPRISM_BRIDGE_NO_OPEN === '1') return { ok: true, skipped: true }
+
+  const resolved = resolveBrowserOpenCommand(env, platform)
+  if (!resolved.ok) return resolved
+  const timeout = parseOpenTimeoutMs(env)
+  if (!timeout.ok) return { ok: false, details: timeout.details }
+  const { command, args } = resolved
+  if (!commandExists(command, env, platform)) return { ok: false, details: { reason: 'command_not_found' } }
+
+  try {
+    const child = spawn(command, [...args, url], { detached: true, stdio: 'ignore', shell: false })
+    const launched = await waitForLaunchProbe(child, timeout.timeoutMs)
+    child.unref()
+    return launched
+  } catch {
+    return { ok: false, details: { reason: 'spawn_failed' } }
+  }
+}
diff --git a/agent-skill/stackprism-site-experience/scripts/bridge/profile-response.mjs b/agent-skill/stackprism-site-experience/scripts/bridge/profile-response.mjs
new file mode 100644
index 00000000..9631151c
--- /dev/null
+++ b/agent-skill/stackprism-site-experience/scripts/bridge/profile-response.mjs
@@ -0,0 +1,181 @@
+import { fail, json } from './protocol.mjs'
+
+const screenshotDataUrlPattern = /^data:image\/(jpeg|png|webp);base64,([A-Za-z0-9+/=]+)$/i
+const strictBase64Pattern = /^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$/
+const screenshotBase64OmittedNote =
+  'Screenshot image base64 is intentionally omitted from this Profile JSON. To inspect actual visual appearance, download the image from downloadUrl while the local bridge is running and before availableUntil.'
+const screenshotProfileJsonNote =
+  'Profile JSON is standard JSON and cannot contain comments. This note field is the durable instruction: screenshot base64 is omitted; use downloadUrl to inspect actual visual appearance.'
+
+const screenshotExtensionFor = mimeType => (mimeType === 'image/png' ? 'png' : mimeType === 'image/webp' ? 'webp' : 'jpg')
+const decodeStrictBase64 = value => {
+  if (typeof value !== 'string' || value.length % 4 !== 0 || !strictBase64Pattern.test(value)) return null
+  const bytes = Buffer.from(value, 'base64')
+  return bytes.toString('base64') === value ? bytes : null
+}
+const availableUntilFor = capture => {
+  if (!capture.resultExpiresAt) return ''
+  try {
+    return new Date(capture.resultExpiresAt).toISOString()
+  } catch {
+    return ''
+  }
+}
+
+const screenshotAssetFrom = screenshot => {
+  const match = typeof screenshot?.dataUrl === 'string' ? screenshot.dataUrl.match(screenshotDataUrlPattern) : null
+  if (!match) return null
+  const mimeType = `image/${match[1].toLowerCase()}`
+  const bytes = decodeStrictBase64(match[2])
+  if (!bytes?.byteLength) return null
+  const { dataUrl: _dataUrl, ...rest } = screenshot
+  return {
+    bytes,
+    mimeType,
+    extension: screenshotExtensionFor(mimeType),
+    metadata: rest
+  }
+}
+
+const screenshotMetadataFor = (capture, asset) => ({
+  ...asset.metadata,
+  mimeType: asset.mimeType,
+  byteLength: asset.bytes.byteLength,
+  downloadUrl: capture.screenshotUrl,
+  downloadMethod: 'GET',
+  lifecycle: {
+    requiresLocalBridge: true,
+    availableUntil: availableUntilFor(capture),
+    note: 'Download the screenshot before the local bridge process exits or the capture result expires.'
+  },
+  profileJsonNote: screenshotProfileJsonNote,
+  note: screenshotBase64OmittedNote
+})
+
+export const screenshotPayloadForCapture = capture => {
+  const asset = capture.screenshotAsset || screenshotAssetFrom(capture.profile?.visualProfile?.screenshot)
+  if (!asset?.bytes?.byteLength) return null
+  return {
+    ...asset,
+    metadata: screenshotMetadataFor(capture, asset)
+  }
+}
+
+export const screenshotPreviewForCapture = capture => {
+  const payload = screenshotPayloadForCapture(capture)
+  if (!payload) return null
+  return {
+    downloadUrl: capture.screenshotUrl,
+    mimeType: payload.mimeType,
+    byteLength: payload.bytes.byteLength,
+    scope: payload.metadata.scope
+  }
+}
+
+const cloneJson = value => JSON.parse(JSON.stringify(value))
+
+const ensureVisualReference = profile => {
+  if (!profile.agentGuidance || typeof profile.agentGuidance !== 'object') profile.agentGuidance = {}
+  if (!profile.agentGuidance.recreationPlan || typeof profile.agentGuidance.recreationPlan !== 'object') {
+    profile.agentGuidance.recreationPlan = {}
+  }
+  if (
+    !profile.agentGuidance.recreationPlan.visualReference ||
+    typeof profile.agentGuidance.recreationPlan.visualReference !== 'object'
+  ) {
+    profile.agentGuidance.recreationPlan.visualReference = {}
+  }
+  return profile.agentGuidance.recreationPlan.visualReference
+}
+
+const updateVisualReference = (profile, capture, payload) => {
+  const visualReference = payload ? ensureVisualReference(profile) : profile.agentGuidance?.recreationPlan?.visualReference
+  if (!visualReference || typeof visualReference !== 'object') return
+  visualReference.screenshotIncluded = Boolean(payload)
+  visualReference.screenshotBase64Included = false
+  visualReference.screenshotDownloadUrl = payload ? capture.screenshotUrl : ''
+  visualReference.screenshotDownloadHint = payload
+    ? screenshotBase64OmittedNote
+    : 'No screenshot image is available in this capture. Review limitations before treating visual evidence as absent.'
+  visualReference.screenshotProfileJsonNote = screenshotProfileJsonNote
+  if (payload) {
+    visualReference.screenshotMimeType = payload.mimeType
+    visualReference.screenshotByteLength = payload.bytes.byteLength
+    visualReference.screenshotAvailableUntil = availableUntilFor(capture)
+  } else {
+    delete visualReference.screenshotMimeType
+    delete visualReference.screenshotByteLength
+    delete visualReference.screenshotAvailableUntil
+  }
+}
+
+export const prepareProfileForStorage = (profile, capture) => {
+  const storedProfile = cloneJson(profile)
+  const asset = screenshotAssetFrom(storedProfile.visualProfile?.screenshot)
+  const screenshot = storedProfile.visualProfile?.screenshot
+  if (screenshot && typeof screenshot === 'object') {
+    if (asset) storedProfile.visualProfile.screenshot = screenshotMetadataFor(capture, asset)
+    else delete screenshot.dataUrl
+  }
+  updateVisualReference(storedProfile, capture, asset)
+  return { profile: storedProfile, screenshotAsset: asset }
+}
+
+export const profileForAgent = capture => {
+  const profile = cloneJson(capture.profile)
+  const payload = screenshotPayloadForCapture(capture)
+  const screenshot = profile.visualProfile?.screenshot
+  if (screenshot && typeof screenshot === 'object') {
+    if (payload) profile.visualProfile.screenshot = payload.metadata
+    else delete screenshot.dataUrl
+  }
+  updateVisualReference(profile, capture, payload)
+  return profile
+}
+
+export const readProfile = (res, capture, tokenType, headers, { store } = {}) => {
+  if (tokenType === 'bridge') return fail(res, 403, 'BRIDGE_TOKEN_CANNOT_READ_PROFILE', 'Bridge token cannot read the profile endpoint.', {}, headers)
+  if (capture.status === 'expired') return fail(res, 410, 'CAPTURE_RESULT_EXPIRED', 'Capture result expired.', {}, headers)
+  if (capture.status !== 'completed')
+    return fail(res, 409, 'INVALID_REQUEST', 'Capture profile is not ready.', { status: capture.status }, headers)
+  store?.touchResult?.(capture)
+  return json(res, 200, profileForAgent(capture), headers)
+}
+
+export const readProfileDownload = (res, capture, headers, { store } = {}) => {
+  const downloadHeaders = {
+    ...headers,
+    'Content-Disposition': `attachment; filename="stackprism-${capture.id}-profile.json"`
+  }
+  if (capture.status === 'expired') return fail(res, 410, 'CAPTURE_RESULT_EXPIRED', 'Capture result expired.', {}, downloadHeaders)
+  if (capture.status !== 'completed')
+    return fail(res, 409, 'INVALID_REQUEST', 'Capture profile is not ready.', { status: capture.status }, downloadHeaders)
+  capture.profileDownloadReadyAt = capture.profileDownloadReadyAt || Date.now()
+  store?.touchResult?.(capture)
+  return json(res, 200, profileForAgent(capture), downloadHeaders)
+}
+
+export const readScreenshotDownload = (res, capture, headers, { store } = {}) => {
+  const payload = capture.status === 'completed' ? screenshotPayloadForCapture(capture) : null
+  const downloadHeaders = {
+    ...headers,
+    ...(payload
+      ? {
+          'Content-Type': payload.mimeType,
+          'Content-Disposition': `attachment; filename="stackprism-${capture.id}-screenshot.${payload.extension}"`,
+          'Content-Length': payload.bytes.byteLength
+        }
+      : {})
+  }
+  if (capture.status === 'expired') return fail(res, 410, 'CAPTURE_RESULT_EXPIRED', 'Capture result expired.', {}, downloadHeaders)
+  if (capture.status !== 'completed')
+    return fail(res, 409, 'INVALID_REQUEST', 'Capture screenshot is not ready.', { status: capture.status }, downloadHeaders)
+  if (!payload) return fail(res, 404, 'NOT_FOUND', 'Capture screenshot is not available.', {}, downloadHeaders)
+  store?.touchResult?.(capture)
+  res.writeHead(200, {
+    'Cache-Control': 'no-store',
+    'X-Content-Type-Options': 'nosniff',
+    ...downloadHeaders
+  })
+  res.end(payload.bytes)
+}
diff --git a/agent-skill/stackprism-site-experience/scripts/bridge/profile-summary.mjs b/agent-skill/stackprism-site-experience/scripts/bridge/profile-summary.mjs
new file mode 100644
index 00000000..a84eabd3
--- /dev/null
+++ b/agent-skill/stackprism-site-experience/scripts/bridge/profile-summary.mjs
@@ -0,0 +1,186 @@
+import { redactUrl } from './protocol.mjs'
+
+const MAX_TEXT = 120
+const MAX_ITEMS = 6
+const TOKEN_TEXT = /\b(apiToken|bridgeToken|authorization|cookie|nonce|secret|token)\b\s*[:=]\s*(?:Bearer\s+)?[^\s,;]+/gi
+const ID_TEXT = /\b(?:spbt?_|cap_|s_|n_|xfer_|shot_)[A-Za-z0-9_-]{8,}\b/g
+const EMAIL_TEXT = /[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,}/gi
+const PHONE_TEXT = /\b(?:\+?\d[\d -]{8,}\d)\b/g
+const URL_TEXT = /https?:\/\/[^\s"')\]}]+/g
+
+const isRecord = value => Boolean(value) && typeof value === 'object' && !Array.isArray(value)
+const compact = value =>
+  String(value || '')
+    .replace(/[\u0000-\u001f\u007f]/g, ' ')
+    .replace(/\s+/g, ' ')
+    .trim()
+
+const safeText = (value, max = MAX_TEXT) =>
+  compact(value)
+    .replace(URL_TEXT, url => redactUrl(url) || '[redacted-url]')
+    .replace(TOKEN_TEXT, '$1=[redacted]')
+    .replace(ID_TEXT, '[redacted-id]')
+    .replace(EMAIL_TEXT, '[redacted-email]')
+    .replace(PHONE_TEXT, '[redacted-number]')
+    .slice(0, max)
+
+const values = (value, limit = MAX_ITEMS) => {
+  const source = Array.isArray(value) ? value : typeof value === 'string' ? [value] : []
+  return [...new Set(source.map(item => safeText(item)).filter(Boolean))].slice(0, limit)
+}
+
+const objectValues = (items, keys = ['name', 'type', 'category', 'domain', 'label'], limit = MAX_ITEMS) => {
+  if (!Array.isArray(items)) return []
+  return items
+    .map(item => {
+      if (!isRecord(item)) return safeText(item)
+      for (const key of keys) {
+        const text = safeText(item[key])
+        if (text) return text
+      }
+      return ''
+    })
+    .filter(Boolean)
+    .slice(0, limit)
+}
+
+const count = value => (Array.isArray(value) ? value.length : isRecord(value) ? Object.keys(value).length : 0)
+const add = (items, label, value) => {
+  const text = safeText(value)
+  if (text) items.push(`${label}: ${text}`)
+}
+const addList = (items, label, value, limit = MAX_ITEMS) => {
+  const list = values(value, limit)
+  if (list.length) items.push(`${label}: ${list.join(', ')}`)
+}
+const addObjectList = (items, label, value, limit = MAX_ITEMS) => {
+  const list = objectValues(value, undefined, limit)
+  if (list.length) items.push(`${label}: ${list.join(', ')}`)
+}
+const card = (id, title, items) => (items.length ? { id, title, items } : null)
+
+const targetCard = (profile, capture, screenshot) => {
+  const target = isRecord(profile.target) ? profile.target : {}
+  const items = []
+  add(items, '目标 URL', capture.finalUrl || capture.request?.url || target.finalUrl || target.url)
+  add(items, '页面语言', target.language)
+  add(items, '生成时间', profile.generatedAt)
+  items.push(`截图: ${screenshot ? '已包含' : '未包含'}`)
+  return card('target', '目标', items)
+}
+
+const techCard = profile => {
+  const tech = isRecord(profile.techProfile) ? profile.techProfile : {}
+  const technologies = Array.isArray(tech.technologies) ? tech.technologies : []
+  const items = []
+  if (technologies.length) items.push(`技术数量: ${technologies.length}`)
+  addObjectList(items, '主要技术', technologies)
+  add(items, '前端主栈', tech.primaryFrontend)
+  add(items, 'UI 框架', tech.uiFramework)
+  add(items, '构建运行时', tech.buildRuntime)
+  addList(items, '第三方服务', tech.thirdPartyServices)
+  return card('tech', '技术栈', items)
+}
+
+const visualCard = (profile, screenshot) => {
+  const visual = isRecord(profile.visualProfile) ? profile.visualProfile : {}
+  const plan = profile.agentGuidance?.recreationPlan || {}
+  const tokens = isRecord(plan.designTokens) ? plan.designTokens : {}
+  const ref = isRecord(plan.visualReference) ? plan.visualReference : {}
+  const items = []
+  items.push(`截图: ${screenshot ? '可用于视觉对照' : '未包含'}`)
+  addList(items, '颜色', visual.colorTokens || tokens.colors)
+  addList(items, '字体', visual.fonts || tokens.fontFamilies)
+  addList(items, '字号', visual.fontSizes || tokens.fontSizes)
+  add(items, '截图范围', ref.screenshotScope)
+  return card('visual', '视觉', items)
+}
+
+const layoutCard = profile => {
+  const layout = isRecord(profile.layoutProfile) ? profile.layoutProfile : {}
+  const ux = isRecord(profile.uxProfile) ? profile.uxProfile : {}
+  const blueprint = profile.agentGuidance?.recreationPlan?.layoutBlueprint || {}
+  const items = []
+  add(items, '页面目的', ux.pagePurpose)
+  addList(items, '主要路径', ux.primaryUserPath)
+  addList(items, '信息层级', ux.informationHierarchy || blueprint.informationHierarchy)
+  addList(items, '内容分组', ux.contentGrouping || blueprint.contentGrouping)
+  addList(items, 'Landmarks', layout.landmarks || blueprint.landmarks)
+  add(items, '导航深度', ux.navigationDepth)
+  return card('layout', '布局与信息结构', items)
+}
+
+const componentsCard = profile => {
+  const components = isRecord(profile.componentProfile) ? profile.componentProfile : {}
+  const inventory = profile.agentGuidance?.recreationPlan?.componentInventory || {}
+  const counts = isRecord(components.counts) ? components.counts : inventory.counts
+  const items = []
+  if (count(counts)) items.push(`组件类型数: ${count(counts)}`)
+  addList(items, '优先组件', inventory.priorityTypes)
+  addObjectList(items, '组件样本', components.samples)
+  add(items, '几何信息', inventory.geometryIncluded === true ? '已包含' : inventory.geometryIncluded === false ? '未包含' : '')
+  return card('components', '组件', items)
+}
+
+const interactionCard = profile => {
+  const interaction = isRecord(profile.interactionProfile) ? profile.interactionProfile : {}
+  const ux = isRecord(profile.uxProfile) ? profile.uxProfile : {}
+  const checklist = profile.agentGuidance?.recreationPlan?.interactionChecklist || {}
+  const items = []
+  addList(items, 'CTA', ux.ctaStrategy)
+  addList(items, '信任信号', ux.trustSignals)
+  addList(items, '转场', interaction.transitions || checklist.transitions)
+  addList(items, '动画', interaction.animations || checklist.animations)
+  addList(items, '固定元素', interaction.stickyOrFixed || checklist.stickyOrFixed)
+  addList(items, '交互摩擦', ux.frictionPoints)
+  return card('interaction', '交互与 UX', items)
+}
+
+const assetsCard = profile => {
+  const assets = isRecord(profile.assetProfile) ? profile.assetProfile : {}
+  const hints = profile.agentGuidance?.recreationPlan?.assetHints || {}
+  const items = []
+  if (count(assets.scripts) || hints.scriptCount) items.push(`脚本: ${count(assets.scripts) || hints.scriptCount}`)
+  if (count(assets.stylesheets) || hints.stylesheetCount) items.push(`样式表: ${count(assets.stylesheets) || hints.stylesheetCount}`)
+  addList(items, '资源域名', hints.resourceDomains || assets.resourceDomains)
+  addList(items, 'CDN 线索', assets.cdnHints || hints.cdnHints)
+  addList(items, '字体资源', assets.fontUrls || hints.fontUrls)
+  return card('assets', '资产', items)
+}
+
+const guidanceCard = profile => {
+  const guidance = isRecord(profile.agentGuidance) ? profile.agentGuidance : {}
+  const plan = isRecord(guidance.recreationPlan) ? guidance.recreationPlan : {}
+  const items = []
+  add(items, '摘要', guidance.summary)
+  addList(items, '实现顺序', plan.implementationOrder, 4)
+  addList(items, '验证项', plan.verificationChecklist, 4)
+  addList(items, '限制', profile.limitations, 4)
+  return card('guidance', '复刻建议', items)
+}
+
+const copyTextFor = cards => {
+  const lines = ['# StackPrism Site Experience', '', '用于 AI Agent 快速复刻目标网站体验的受限摘要。']
+  for (const item of cards) {
+    lines.push('', `## ${item.title}`)
+    for (const entry of item.items) lines.push(`- ${entry}`)
+  }
+  lines.push('', '备注: 本摘要不包含 raw profile、token、nonce、截图 data URL 或完整敏感文本。')
+  return lines.join('\n')
+}
+
+export const profilePreviewSummary = (capture, screenshot) => {
+  const profile = capture.profile
+  if (capture.status !== 'completed' || !isRecord(profile)) return null
+  const cards = [
+    guidanceCard(profile),
+    visualCard(profile, screenshot),
+    layoutCard(profile),
+    componentsCard(profile),
+    interactionCard(profile),
+    techCard(profile),
+    assetsCard(profile),
+    targetCard(profile, capture, screenshot)
+  ].filter(Boolean)
+  return cards.length ? { contentSummary: { cards }, copyText: copyTextFor(cards) } : null
+}
diff --git a/agent-skill/stackprism-site-experience/scripts/bridge/protocol.mjs b/agent-skill/stackprism-site-experience/scripts/bridge/protocol.mjs
new file mode 100644
index 00000000..a78da9a8
--- /dev/null
+++ b/agent-skill/stackprism-site-experience/scripts/bridge/protocol.mjs
@@ -0,0 +1,196 @@
+import { randomBytes, timingSafeEqual } from 'node:crypto'
+
+export const service = 'stackprism-agent-bridge'
+export const version = '0.1.0'
+export const protocolVersion = 1
+export const profileSchema = 'stackprism.site_experience_profile.v1'
+
+const bridgeErrorCodes = new Set([
+  'NOT_FOUND',
+  'METHOD_NOT_ALLOWED',
+  'UNAUTHORIZED',
+  'FORBIDDEN',
+  'ORIGIN_NOT_ALLOWED',
+  'UNSUPPORTED_MEDIA_TYPE',
+  'UNSUPPORTED_TRANSFER_ENCODING',
+  'INVALID_JSON',
+  'INVALID_REQUEST',
+  'REQUEST_TOO_LARGE',
+  'REQUEST_TIMEOUT',
+  'SERVER_BUSY',
+  'STALE_STATUS_UPDATE',
+  'PORT_IN_USE',
+  'BRIDGE_INVALID_ENV',
+  'BRIDGE_START_FAILED',
+  'BRIDGE_START_TIMEOUT',
+  'BRIDGE_READY_PARSE_FAILED',
+  'BRIDGE_PROTOCOL_UNSUPPORTED',
+  'BRIDGE_PAGE_RENDER_FAILED',
+  'BRIDGE_REQUEST_TIMEOUT',
+  'BRIDGE_REQUEST_MISMATCH',
+  'AGENT_BRIDGE_DISABLED',
+  'CAPTURE_BUSY',
+  'CAPTURE_TIMEOUT',
+  'EXTENSION_NOT_CONNECTED',
+  'BROWSER_OPEN_FAILED',
+  'BRIDGE_TOKEN_CANNOT_READ_PROFILE',
+  'PRIVATE_NETWORK_TARGET_BLOCKED',
+  'TARGET_DNS_LOOKUP_FAILED',
+  'BRIDGE_SELF_TARGET_BLOCKED',
+  'FINAL_URL_BLOCKED',
+  'ACTIVE_TAB_UNAVAILABLE',
+  'ACTIVE_TAB_MISMATCH',
+  'INCOGNITO_NOT_SUPPORTED',
+  'TARGET_LOAD_TIMEOUT',
+  'TARGET_LOAD_FAILED',
+  'TARGET_INJECTION_FAILED',
+  'TARGET_TAB_CLOSED',
+  'BRIDGE_TAB_CLOSED',
+  'TARGET_NAVIGATED_AWAY',
+  'SERVICE_WORKER_RESTARTED',
+  'BRIDGE_TRANSPORT_DISCONNECTED',
+  'PROFILE_TRANSPORT_FAILED',
+  'PROFILE_CHUNK_MISSING',
+  'PROFILE_HASH_MISMATCH',
+  'PROFILE_TOO_LARGE',
+  'RATE_LIMITED',
+  'NONCE_REUSED',
+  'CAPTURE_ALREADY_COMPLETED',
+  'CAPTURE_RESULT_EXPIRED',
+  'NOT_SUPPORTED'
+])
+
+const SENSITIVE_DETAIL_KEY = /authorization|cookie|token|nonce|secret/i
+const ID_PATTERN = /\b(?:spbt?_|cap_|s_|n_|xfer_|shot_)[A-Za-z0-9_-]{8,}\b/g
+const URL_PATTERN = /https?:\/\/[^\s"')\]}]+/g
+const SENSITIVE_PATH_WORD_PATTERN = /^(?:token|secret|session|auth|authorization|signature|password|cookie|passcode)$/i
+const SENSITIVE_PATH_SHORT_TOKEN_PATTERN = /(?:^|[-_.])(?:key|pass)(?:$|[-_.])/i
+const SENSITIVE_PATH_COMPOUND_PATTERN =
+  /^(?:(?:api|access|private|public|secret|session|auth)[-_.]?(?:key|pass|token|secret|signature|code|id)|(?:key|pass)[-_.]?(?:token|secret|signature|code|id)|(?:reset|verify|access|auth|session|csrf|xsrf)[-_.]?(?:token|code|secret|key|signature))$/i
+const SENSITIVE_PATH_CAMEL_PATTERN = /^(?:apiKey|privateKey|publicKey|accessToken|refreshToken|sessionId|secretToken|authToken|csrfToken|xsrfToken)$/i
+const HIGH_ENTROPY_PATH_SEGMENT_PATTERN = /^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)[A-Za-z0-9_-]{24,}$/
+const MAX_ERROR_TEXT_LENGTH = 512
+const MAX_ERROR_DETAIL_DEPTH = 4
+const MAX_ERROR_DETAIL_KEYS = 50
+const MAX_ERROR_DETAIL_ARRAY_ITEMS = 20
+
+export const identifierSpecs = {
+  apiToken: /^spb_[A-Za-z0-9_-]{43}$/,
+  bridgeToken: /^spbt_[A-Za-z0-9_-]{43}$/,
+  captureId: /^cap_[A-Za-z0-9_-]{22}$/,
+  sessionId: /^s_[A-Za-z0-9_-]{22}$/,
+  nonce: /^n_[A-Za-z0-9_-]{22}$/,
+  screenshotDownloadId: /^shot_[A-Za-z0-9_-]{43}$/,
+  profileTransferId: /^xfer_[A-Za-z0-9_-]{22}$/,
+  cspNonce: /^[A-Za-z0-9_-]{22}$/
+}
+
+export const makeId = prefix =>
+  `${prefix}${randomBytes(prefix === '' ? 16 : ['spb_', 'spbt_', 'shot_'].includes(prefix) ? 32 : 16).toString('base64url')}`
+
+export const newApiToken = () => makeId('spb_')
+export const newBridgeToken = () => makeId('spbt_')
+export const newCaptureId = () => makeId('cap_')
+export const newSessionId = () => makeId('s_')
+export const newNonce = () => makeId('n_')
+export const newScreenshotDownloadId = () => makeId('shot_')
+export const newCspNonce = () => makeId('')
+
+export const isValidId = (kind, value) => typeof value === 'string' && Boolean(identifierSpecs[kind]?.test(value))
+
+export const isKnownBridgeErrorCode = value => typeof value === 'string' && bridgeErrorCodes.has(value)
+
+export const safeEqual = (left, right) => {
+  if (typeof left !== 'string' || typeof right !== 'string') return false
+  const a = Buffer.from(left)
+  const b = Buffer.from(right)
+  const comparisonLength = Math.max(a.length, b.length)
+  const paddedA = Buffer.alloc(comparisonLength)
+  const paddedB = Buffer.alloc(comparisonLength)
+  a.copy(paddedA)
+  b.copy(paddedB)
+  return timingSafeEqual(paddedA, paddedB) && a.length === b.length
+}
+
+export const errorBody = (code, message, details = {}) => ({ error: { code, message, details } })
+
+export const json = (res, status, body, extraHeaders = {}) => {
+  res.writeHead(status, {
+    'Content-Type': 'application/json; charset=utf-8',
+    'Cache-Control': 'no-store',
+    'X-Content-Type-Options': 'nosniff',
+    ...extraHeaders
+  })
+  res.end(JSON.stringify(body))
+}
+
+export const fail = (res, status, code, message, details = {}, extraHeaders = {}) =>
+  json(res, status, errorBody(code, message, details), extraHeaders)
+
+export const htmlEscapeScriptJson = value =>
+  JSON.stringify(value)
+    .replaceAll('<', '\\u003c')
+    .replaceAll('>', '\\u003e')
+    .replaceAll('&', '\\u0026')
+    .replaceAll('\u2028', '\\u2028')
+    .replaceAll('\u2029', '\\u2029')
+
+const isSensitivePathSegment = segment =>
+  SENSITIVE_PATH_WORD_PATTERN.test(segment) ||
+  SENSITIVE_PATH_SHORT_TOKEN_PATTERN.test(segment) ||
+  SENSITIVE_PATH_COMPOUND_PATTERN.test(segment) ||
+  SENSITIVE_PATH_CAMEL_PATTERN.test(segment) ||
+  /^[0-9a-f]{16,}$/i.test(segment) ||
+  HIGH_ENTROPY_PATH_SEGMENT_PATTERN.test(segment) ||
+  segment.includes('=')
+
+const redactUrlPathname = pathname =>
+  String(pathname || '')
+    .split('/')
+    .map(segment => (segment && isSensitivePathSegment(segment) ? '[redacted]' : segment))
+    .join('/')
+
+export const redactUrl = value => {
+  try {
+    const url = new URL(String(value || ''))
+    url.hash = ''
+    url.username = ''
+    url.password = ''
+    url.pathname = redactUrlPathname(url.pathname)
+    if (url.search) url.search = '?[redacted]'
+    return url.toString()
+  } catch {
+    return ''
+  }
+}
+
+const redactErrorText = value =>
+  String(value || '')
+    .replace(URL_PATTERN, url => redactUrl(url) || '[redacted-url]')
+    .replace(ID_PATTERN, '[redacted-id]')
+    .slice(0, MAX_ERROR_TEXT_LENGTH)
+
+const sanitizeErrorValue = (key, value, depth) => {
+  if (SENSITIVE_DETAIL_KEY.test(key)) return '[redacted]'
+  if (typeof value === 'string') return redactErrorText(value)
+  if (!value || typeof value !== 'object') return value
+  if (depth >= MAX_ERROR_DETAIL_DEPTH) return '[redacted-object]'
+  if (Array.isArray(value)) {
+    return value.slice(0, MAX_ERROR_DETAIL_ARRAY_ITEMS).map(item => sanitizeErrorValue('', item, depth + 1))
+  }
+
+  return Object.fromEntries(
+    Object.entries(value)
+      .slice(0, MAX_ERROR_DETAIL_KEYS)
+      .map(([childKey, child]) => [redactErrorText(childKey).slice(0, 64) || 'field', sanitizeErrorValue(childKey, child, depth + 1)])
+  )
+}
+
+export const sanitizeBridgeError = error => {
+  const source = error && typeof error === 'object' ? error : {}
+  const rawCode = typeof source.code === 'string' ? source.code : ''
+  const code = isKnownBridgeErrorCode(rawCode) ? rawCode : 'INVALID_REQUEST'
+  const message = redactErrorText(source.message || code || 'Capture status failed.') || 'Capture status failed.'
+  const details = sanitizeErrorValue('details', source.details || {}, 0)
+  return { code, message, details }
+}
diff --git a/agent-skill/stackprism-site-experience/scripts/bridge/resource-policy.mjs b/agent-skill/stackprism-site-experience/scripts/bridge/resource-policy.mjs
new file mode 100644
index 00000000..36902178
--- /dev/null
+++ b/agent-skill/stackprism-site-experience/scripts/bridge/resource-policy.mjs
@@ -0,0 +1,33 @@
+export const DEFAULT_CREATE_LIMIT_PER_MINUTE = 10
+export const DEFAULT_QUERY_LIMIT_PER_MINUTE = 120
+export const DEFAULT_RESOURCE_POLICY = {
+  maxOpenConnections: 20,
+  headersTimeoutMs: 5000,
+  requestTimeoutMs: 35000,
+  keepAliveTimeoutMs: 2000
+}
+
+export const makeRateLimiter = ({
+  createLimitPerMinute = DEFAULT_CREATE_LIMIT_PER_MINUTE,
+  queryLimitPerMinute = DEFAULT_QUERY_LIMIT_PER_MINUTE
+} = {}) => {
+  const buckets = new Map()
+  return (token, bucketName, limit, now = Date.now()) => {
+    const key = `${token}:${bucketName}`
+    const windowStart = now - (now % 60000)
+    const bucket = buckets.get(key)
+    if (!bucket || bucket.windowStart !== windowStart) {
+      buckets.set(key, { windowStart, count: 1 })
+      return true
+    }
+    bucket.count += 1
+    return bucket.count <= limit
+  }
+}
+
+export const applyServerResourcePolicy = (server, policy) => {
+  server.maxConnections = policy.maxOpenConnections
+  server.headersTimeout = policy.headersTimeoutMs
+  server.requestTimeout = policy.requestTimeoutMs
+  server.keepAliveTimeout = policy.keepAliveTimeoutMs
+}
diff --git a/agent-skill/stackprism-site-experience/scripts/bridge/security.mjs b/agent-skill/stackprism-site-experience/scripts/bridge/security.mjs
new file mode 100644
index 00000000..9c3e68ad
--- /dev/null
+++ b/agent-skill/stackprism-site-experience/scripts/bridge/security.mjs
@@ -0,0 +1,170 @@
+import { fail, isValidId } from './protocol.mjs'
+
+const duplicateSensitiveHeaders = new Set(['host', 'authorization', 'content-type', 'content-length'])
+
+const hasDuplicateSensitiveHeaders = rawHeaders => {
+  const seen = new Set()
+  for (let index = 0; index < rawHeaders.length; index += 2) {
+    const name = String(rawHeaders[index] || '').toLowerCase()
+    if (!duplicateSensitiveHeaders.has(name)) continue
+    if (seen.has(name)) return true
+    seen.add(name)
+  }
+  return false
+}
+
+export const rejectBadRequestShell = (req, res, baseUrl) => {
+  if (hasDuplicateSensitiveHeaders(req.rawHeaders || [])) {
+    fail(res, 400, 'INVALID_REQUEST', 'Ambiguous request headers are not allowed.')
+    return true
+  }
+  if (req.headers.host !== new URL(baseUrl).host) {
+    fail(res, 400, 'INVALID_REQUEST', 'Host is not allowed.')
+    return true
+  }
+  const target = String(req.url || '')
+  if (!target.startsWith('/') || target.startsWith('//')) {
+    fail(res, 400, 'INVALID_REQUEST', 'Only origin-form request targets are allowed.')
+    return true
+  }
+  const [rawPath, rawQuery = ''] = target.split('?', 2)
+  if (/%2e|%2f|%5c|\\/i.test(target)) {
+    fail(res, 400, 'INVALID_REQUEST', 'Encoded path separators or dot segments are not allowed.')
+    return true
+  }
+  if (
+    rawPath !== '/' &&
+    rawPath
+      .split('/')
+      .slice(1)
+      .some(segment => segment === '' || segment === '.' || segment === '..')
+  ) {
+    fail(res, 400, 'INVALID_REQUEST', 'Ambiguous path segments are not allowed.')
+    return true
+  }
+  if (rawQuery && rawPath !== '/bridge') {
+    fail(res, 400, 'INVALID_REQUEST', 'Query string is not allowed for this endpoint.')
+    return true
+  }
+  const contentLength = req.headers['content-length']
+  if (contentLength && !/^\d+$/.test(String(contentLength))) {
+    fail(res, 400, 'INVALID_REQUEST', 'Content-Length is invalid.')
+    return true
+  }
+  const contentEncoding = req.headers['content-encoding']
+  if (contentEncoding && String(contentEncoding).toLowerCase() !== 'identity') {
+    fail(res, 415, 'UNSUPPORTED_MEDIA_TYPE', 'Content-Encoding is not supported.')
+    return true
+  }
+  if (req.headers['transfer-encoding'] && req.headers['content-length']) {
+    fail(res, 400, 'INVALID_REQUEST', 'Content-Length and Transfer-Encoding cannot be combined.')
+    return true
+  }
+  if (req.headers['transfer-encoding']) {
+    fail(res, 400, 'UNSUPPORTED_TRANSFER_ENCODING', 'Transfer-Encoding is not supported.')
+    return true
+  }
+  return false
+}
+
+export const rejectCrossOriginSensitiveRequest = (req, res, baseUrl) => {
+  let allowedOrigin = baseUrl
+  try {
+    allowedOrigin = new URL(baseUrl).origin
+  } catch {}
+
+  const { origin } = req.headers
+  if (origin && origin !== allowedOrigin) {
+    fail(res, 403, 'ORIGIN_NOT_ALLOWED', 'Origin is not allowed.')
+    return true
+  }
+
+  const { referer } = req.headers
+  if (referer) {
+    try {
+      if (new URL(referer).origin !== allowedOrigin) {
+        fail(res, 403, 'ORIGIN_NOT_ALLOWED', 'Referer is not allowed.')
+        return true
+      }
+    } catch {
+      fail(res, 403, 'ORIGIN_NOT_ALLOWED', 'Referer is not allowed.')
+      return true
+    }
+  }
+
+  const fetchSite = req.headers['sec-fetch-site']
+  if (fetchSite && !['same-origin', 'none'].includes(fetchSite)) {
+    fail(res, 403, 'ORIGIN_NOT_ALLOWED', 'Sec-Fetch-Site is not allowed.')
+    return true
+  }
+  return false
+}
+
+const bodyTimeout = Symbol('bodyTimeout')
+
+export const readJson = async (req, limit = 5 * 1024 * 1024, timeoutMs = 0) => {
+  if (!/^application\/json(?:;\s*charset=utf-8)?$/i.test(req.headers['content-type'] || '')) {
+    return { ok: false, status: 415, code: 'UNSUPPORTED_MEDIA_TYPE', message: 'Expected application/json.' }
+  }
+  const chunks = []
+  let size = 0
+  const readBody = (async () => {
+    for await (const chunk of req) {
+      size += chunk.byteLength
+      if (size > limit) return { ok: false, status: 413, code: 'REQUEST_TOO_LARGE', message: 'Request body is too large.', close: true }
+      chunks.push(chunk)
+    }
+    return { ok: true }
+  })()
+  readBody.catch(() => {})
+  let bodyResult
+  let timeoutId
+  try {
+    const timeout =
+      timeoutMs > 0
+        ? new Promise(resolve => {
+            timeoutId = setTimeout(() => resolve(bodyTimeout), timeoutMs)
+          })
+        : null
+    bodyResult = timeout ? await Promise.race([readBody, timeout]) : await readBody
+  } catch {
+    return { ok: false, status: 400, code: 'INVALID_JSON', message: 'Request body is not valid JSON.' }
+  } finally {
+    if (timeoutId) clearTimeout(timeoutId)
+  }
+  if (bodyResult === bodyTimeout) {
+    return { ok: false, status: 408, code: 'REQUEST_TIMEOUT', message: 'Request body timed out.', close: true }
+  }
+  if (!bodyResult.ok) return bodyResult
+  try {
+    const text = new TextDecoder('utf-8', { fatal: true }).decode(Buffer.concat(chunks))
+    return { ok: true, body: JSON.parse(text) }
+  } catch {
+    return { ok: false, status: 400, code: 'INVALID_JSON', message: 'Request body is not valid JSON.' }
+  }
+}
+
+const bridgeQueryKinds = {
+  session: 'sessionId',
+  capture: 'captureId',
+  nonce: 'nonce'
+}
+
+export const parseBridgeQuery = rawSearch => {
+  const raw = String(rawSearch || '').replace(/^\?/, '')
+  const parts = raw ? raw.split('&') : []
+  if (parts.length !== 3) return null
+  const values = {}
+  for (const part of parts) {
+    const separatorIndex = part.indexOf('=')
+    if (!part || separatorIndex <= 0 || part.indexOf('=', separatorIndex + 1) !== -1) return null
+    const name = part.slice(0, separatorIndex)
+    const value = part.slice(separatorIndex + 1)
+    const kind = bridgeQueryKinds[name]
+    if (!kind || Object.prototype.hasOwnProperty.call(values, name) || !isValidId(kind, value)) return null
+    values[name] = value
+  }
+  return Object.keys(values).length === 3 ? values : null
+}
+
+export const validateBridgeQuery = url => Boolean(parseBridgeQuery(url.search))
diff --git a/agent-skill/stackprism-site-experience/scripts/bridge/target-network-policy.mjs b/agent-skill/stackprism-site-experience/scripts/bridge/target-network-policy.mjs
new file mode 100644
index 00000000..887b2a06
--- /dev/null
+++ b/agent-skill/stackprism-site-experience/scripts/bridge/target-network-policy.mjs
@@ -0,0 +1,37 @@
+import net from 'node:net'
+import { isIpLiteral, isPrivateIpLiteral, isProxyReservedIpLiteral } from './url-policy.mjs'
+
+const invalidNetworkAddress = () => ({
+  ok: false,
+  code: 'INVALID_REQUEST',
+  message: 'Target network address is invalid.',
+  details: { reason: 'invalid_network_address' }
+})
+
+const normalizeNetworkAddress = value => value.trim().replace(/^\[|\]$/g, '')
+
+export const validateTargetNetworkAddress = (value, request, { finalUrl } = {}) => {
+  if (request.options?.allowPrivateNetworkTarget === true) {
+    return { ok: true }
+  }
+  if (value === undefined || value === null) return { ok: true }
+  if (typeof value !== 'string') return invalidNetworkAddress()
+  const address = normalizeNetworkAddress(value)
+  if (!address) return { ok: true }
+  if (net.isIP(address) === 0) return invalidNetworkAddress()
+  if (!isPrivateIpLiteral(address)) return { ok: true }
+  try {
+    const targetUrl = new URL(finalUrl || request.url)
+    if (!isIpLiteral(targetUrl.hostname) && !isPrivateIpLiteral(targetUrl.hostname) && isProxyReservedIpLiteral(address)) {
+      return { ok: true }
+    }
+  } catch {
+    return invalidNetworkAddress()
+  }
+  return {
+    ok: false,
+    code: 'FINAL_URL_BLOCKED',
+    message: 'Final URL is blocked by target policy.',
+    details: { reason: 'private_network_address' }
+  }
+}
diff --git a/agent-skill/stackprism-site-experience/scripts/bridge/url-policy.mjs b/agent-skill/stackprism-site-experience/scripts/bridge/url-policy.mjs
new file mode 100644
index 00000000..aaa67cf5
--- /dev/null
+++ b/agent-skill/stackprism-site-experience/scripts/bridge/url-policy.mjs
@@ -0,0 +1,298 @@
+import net from 'node:net'
+import dns from 'node:dns/promises'
+
+const includeOrder = ['tech', 'visual', 'layout', 'components', 'interaction', 'ux', 'assets']
+const targetModes = new Set(['reuse_or_new_tab', 'new_tab', 'active_tab'])
+const requestKeys = new Set(['url', 'mode', 'waitMs', 'include', 'viewports', 'options'])
+const optionKeys = new Set(
+  'forceRefresh captureScreenshotMetadata captureScreenshot keepTabOpen allowPrivateNetworkTarget targetMode maxResourceUrls'.split(' ')
+)
+const booleanOptionKeys = ['forceRefresh', 'captureScreenshotMetadata', 'captureScreenshot', 'keepTabOpen', 'allowPrivateNetworkTarget']
+const DNS_LOOKUP_TIMEOUT_MS = 2000
+
+const isPlainRecord = value => Boolean(value) && typeof value === 'object' && !Array.isArray(value)
+const hasOnlyKnownKeys = (value, keys) => Object.keys(value).every(key => keys.has(key))
+const hasValidBooleanOptions = options => booleanOptionKeys.every(key => options[key] === undefined || typeof options[key] === 'boolean')
+
+const createBlockList = ({ subnets = [], addresses = [] }) => {
+  const blockList = new net.BlockList()
+  for (const [address, prefix, type] of subnets) blockList.addSubnet(address, prefix, type)
+  for (const [address, type] of addresses) blockList.addAddress(address, type)
+  return blockList
+}
+
+const privateIpBlockList = createBlockList({
+  subnets: [
+    ['0.0.0.0', 8, 'ipv4'], ['10.0.0.0', 8, 'ipv4'], ['100.64.0.0', 10, 'ipv4'],
+    ['127.0.0.0', 8, 'ipv4'], ['169.254.0.0', 16, 'ipv4'], ['172.16.0.0', 12, 'ipv4'],
+    ['192.0.0.0', 24, 'ipv4'], ['192.0.2.0', 24, 'ipv4'], ['192.88.99.0', 24, 'ipv4'],
+    ['192.168.0.0', 16, 'ipv4'], ['198.18.0.0', 15, 'ipv4'], ['198.51.100.0', 24, 'ipv4'],
+    ['203.0.113.0', 24, 'ipv4'], ['224.0.0.0', 4, 'ipv4'], ['240.0.0.0', 4, 'ipv4'],
+    ['255.255.255.255', 32, 'ipv4'],
+    ['::', 128, 'ipv6'], ['::1', 128, 'ipv6'], ['64:ff9b:1::', 48, 'ipv6'], ['100::', 64, 'ipv6'],
+    ['2001::', 23, 'ipv6'], ['2001:db8::', 32, 'ipv6'], ['2002::', 16, 'ipv6'],
+    ['3fff::', 20, 'ipv6'], ['fc00::', 7, 'ipv6'], ['fe80::', 10, 'ipv6'],
+    ['ff00::', 8, 'ipv6']
+  ]
+})
+
+const proxyReservedIpBlockList = createBlockList({
+  subnets: [['198.18.0.0', 15, 'ipv4']]
+})
+
+const publicIpExceptionBlockList = createBlockList({
+  subnets: [
+    ['2001:3::', 32, 'ipv6'],
+    ['2001:4:112::', 48, 'ipv6'],
+    ['2001:20::', 28, 'ipv6'],
+    ['2001:30::', 28, 'ipv6']
+  ],
+  addresses: [
+    ['192.0.0.9', 'ipv4'],
+    ['192.0.0.10', 'ipv4'],
+    ['2001:1::1', 'ipv6'],
+    ['2001:1::2', 'ipv6']
+  ]
+})
+
+export const isPrivateIpLiteral = hostname => {
+  const host = hostname.replace(/^\[|\]$/g, '')
+  const lowerHost = host.toLowerCase()
+  const embeddedIpv4Host = normalizeEmbeddedIpv4Host(lowerHost)
+  if (embeddedIpv4Host !== lowerHost) return isPrivateIpLiteral(embeddedIpv4Host)
+  if (lowerHost === 'localhost') return true
+  if (net.isIP(host) === 4) return isPrivateIpv4Literal(host)
+  if (net.isIP(host) === 6) return isPrivateIpv6Literal(lowerHost)
+  return false
+}
+
+export const isProxyReservedIpLiteral = hostname => {
+  const host = hostname.replace(/^\[|\]$/g, '')
+  const embeddedIpv4Host = normalizeEmbeddedIpv4Host(host)
+  if (embeddedIpv4Host !== host.toLowerCase()) return isProxyReservedIpLiteral(embeddedIpv4Host)
+  if (net.isIP(host) === 4) return proxyReservedIpBlockList.check(host, 'ipv4')
+  return false
+}
+
+const isPrivateIpv4Literal = value => {
+  return privateIpBlockList.check(value, 'ipv4') && !publicIpExceptionBlockList.check(value, 'ipv4')
+}
+
+const isPrivateIpv6Literal = value => {
+  return privateIpBlockList.check(value, 'ipv6') && !publicIpExceptionBlockList.check(value, 'ipv6')
+}
+
+const mappedIpv4Address = value => {
+  if (net.isIP(value) === 4) return value
+  const match = /^([0-9a-f]{1,4}):([0-9a-f]{1,4})$/i.exec(value)
+  if (!match) return value
+  const high = Number.parseInt(match[1], 16)
+  const low = Number.parseInt(match[2], 16)
+  return [high >> 8, high & 0xff, low >> 8, low & 0xff].join('.')
+}
+
+const normalizeEmbeddedIpv4Host = value => {
+  const host = value.toLowerCase()
+  if (host.startsWith('::ffff:')) return mappedIpv4Address(host.slice('::ffff:'.length))
+  if (host.startsWith('0:0:0:0:0:ffff:')) return mappedIpv4Address(host.slice('0:0:0:0:0:ffff:'.length))
+  if (!host.startsWith('::')) return host
+  const mapped = mappedIpv4Address(host.slice(2))
+  return mapped.includes('.') ? mapped : host
+}
+
+export const isIpLiteral = hostname => net.isIP(hostname.replace(/^\[|\]$/g, '')) !== 0
+const effectivePort = parsed => parsed.port || (parsed.protocol === 'http:' ? '80' : parsed.protocol === 'https:' ? '443' : '')
+
+const normalizeBridgeLoopbackHost = hostname => {
+  const host = hostname.replace(/^\[|\]$/g, '').toLowerCase()
+  return normalizeEmbeddedIpv4Host(host)
+}
+
+const isBridgeLoopbackAlias = (hostname, bridgeHostname) => {
+  const host = normalizeBridgeLoopbackHost(hostname)
+  const bridgeHost = normalizeBridgeLoopbackHost(bridgeHostname)
+  if (host === bridgeHost) return true
+  if (bridgeHost !== '127.0.0.1') return false
+  return host === 'localhost' || host === '::1' || host === '0:0:0:0:0:0:0:1'
+}
+
+const isBridgeSelfTarget = (parsed, bridgeOrigin) => {
+  const bridge = new URL(bridgeOrigin)
+  return (
+    parsed.protocol === bridge.protocol &&
+    effectivePort(parsed) === effectivePort(bridge) &&
+    isBridgeLoopbackAlias(parsed.hostname, bridge.hostname)
+  )
+}
+
+const normalizeDnsAddress = item => {
+  if (typeof item === 'string') return item
+  if (item && typeof item.address === 'string') return item.address
+  return ''
+}
+
+const isBlockedResolvedAddress = item => {
+  const address = normalizeDnsAddress(item)
+  return Boolean(address && isPrivateIpLiteral(address) && !isProxyReservedIpLiteral(address))
+}
+
+const defaultResolveHostname = async hostname => {
+  let timeoutId
+  const lookup = dns.lookup(hostname, { all: true, verbatim: true })
+  const timeout = new Promise((_, reject) => {
+    timeoutId = setTimeout(() => reject(new Error('DNS_LOOKUP_TIMEOUT')), DNS_LOOKUP_TIMEOUT_MS)
+  })
+  try {
+    return await Promise.race([lookup, timeout])
+  } finally {
+    clearTimeout(timeoutId)
+  }
+}
+
+const validateDnsPolicy = async (parsed, allowPrivateNetworkTarget, resolveHostname) => {
+  if (allowPrivateNetworkTarget || isIpLiteral(parsed.hostname)) return { ok: true }
+  let addresses
+  try {
+    addresses = await resolveHostname(parsed.hostname)
+  } catch {
+    return dnsLookupFailed()
+  }
+  if (!Array.isArray(addresses) || !addresses.length) return dnsLookupFailed()
+  if (addresses.some(isBlockedResolvedAddress)) {
+    return {
+      ok: false,
+      code: 'PRIVATE_NETWORK_TARGET_BLOCKED',
+      message: 'Private network targets are disabled.',
+      details: { reason: 'private_network_address' }
+    }
+  }
+  return { ok: true }
+}
+
+const dnsLookupFailed = () => ({
+  ok: false,
+  code: 'TARGET_DNS_LOOKUP_FAILED',
+  message: 'Target hostname could not be resolved.',
+  details: { reason: 'dns_lookup_failed' }
+})
+
+const validateViewports = viewports =>
+  Array.isArray(viewports) &&
+  viewports.length <= 3 &&
+  viewports.every(
+    viewport =>
+      viewport &&
+      typeof viewport === 'object' &&
+      Object.keys(viewport).every(key => ['name', 'width', 'height', 'deviceScaleFactor'].includes(key)) &&
+      (viewport.name === undefined || (typeof viewport.name === 'string' && /^[A-Za-z0-9_-]{1,32}$/.test(viewport.name))) &&
+      Number.isInteger(viewport.width) &&
+      viewport.width >= 320 &&
+      viewport.width <= 3840 &&
+      Number.isInteger(viewport.height) &&
+      viewport.height >= 320 &&
+      viewport.height <= 2160 &&
+      typeof viewport.deviceScaleFactor === 'number' &&
+      Number.isFinite(viewport.deviceScaleFactor) &&
+      viewport.deviceScaleFactor >= 1 &&
+      viewport.deviceScaleFactor <= 4
+  )
+
+export const normalizeCaptureRequest = async (body, bridgeOrigin, { resolveHostname = defaultResolveHostname } = {}) => {
+  const request = body && typeof body === 'object' && !Array.isArray(body) ? body : {}
+  if (!hasOnlyKnownKeys(request, requestKeys)) return { ok: false, code: 'INVALID_REQUEST', message: 'Unknown capture request field.' }
+  if (request.mode !== 'experience') return { ok: false, code: 'INVALID_REQUEST', message: 'Capture mode is invalid.' }
+
+  const url = typeof request.url === 'string' ? request.url.trim() : ''
+  let parsed
+  try {
+    parsed = new URL(url)
+  } catch {
+    return { ok: false, code: 'INVALID_REQUEST', message: 'Capture url is invalid.' }
+  }
+  if (!['http:', 'https:'].includes(parsed.protocol) || parsed.username || parsed.password || url.length > 4096) {
+    return { ok: false, code: 'INVALID_REQUEST', message: 'Capture url is invalid.' }
+  }
+  parsed.hash = ''
+  parsed.hostname = parsed.hostname.toLowerCase()
+  if (isBridgeSelfTarget(parsed, bridgeOrigin))
+    return { ok: false, code: 'BRIDGE_SELF_TARGET_BLOCKED', message: 'Bridge origin cannot be captured.' }
+
+  const options = request.options === undefined ? {} : request.options
+  if (!isPlainRecord(options) || !hasOnlyKnownKeys(options, optionKeys)) {
+    return { ok: false, code: 'INVALID_REQUEST', message: 'Unknown capture option field.' }
+  }
+  if (!hasValidBooleanOptions(options)) return { ok: false, code: 'INVALID_REQUEST', message: 'Capture options are invalid.' }
+  if (isPrivateIpLiteral(parsed.hostname) && options.allowPrivateNetworkTarget !== true) {
+    return {
+      ok: false,
+      code: 'PRIVATE_NETWORK_TARGET_BLOCKED',
+      message: 'Private network targets are disabled.',
+      details: { reason: 'private_network_address' }
+    }
+  }
+  const dnsPolicy = await validateDnsPolicy(parsed, options.allowPrivateNetworkTarget === true, resolveHostname)
+  if (!dnsPolicy.ok) return dnsPolicy
+
+  const include = Array.isArray(request.include) ? [...new Set(includeOrder.filter(item => request.include.includes(item)))] : []
+  if (!include.length || request.include.some?.(item => !includeOrder.includes(item))) {
+    return { ok: false, code: 'INVALID_REQUEST', message: 'Capture include is invalid.' }
+  }
+  const waitMs = request.waitMs === undefined ? 3000 : request.waitMs
+  if (!Number.isInteger(waitMs) || waitMs < 0 || waitMs > 30000)
+    return { ok: false, code: 'INVALID_REQUEST', message: 'Capture waitMs is invalid.' }
+  const viewports = request.viewports === undefined ? [] : request.viewports
+  if (!validateViewports(viewports)) return { ok: false, code: 'INVALID_REQUEST', message: 'Capture viewports are invalid.' }
+  const targetMode = options.targetMode === undefined ? 'reuse_or_new_tab' : options.targetMode
+  if (!targetModes.has(targetMode)) {
+    return { ok: false, code: 'INVALID_REQUEST', message: 'Capture targetMode is invalid.' }
+  }
+  if (
+    options.maxResourceUrls !== undefined &&
+    (!Number.isInteger(options.maxResourceUrls) || options.maxResourceUrls < 0 || options.maxResourceUrls > 1000)
+  ) {
+    return { ok: false, code: 'INVALID_REQUEST', message: 'Capture maxResourceUrls is invalid.' }
+  }
+
+  return {
+    ok: true,
+    request: {
+      url: parsed.toString(),
+      mode: 'experience',
+      waitMs,
+      include,
+      viewports,
+      options: {
+        forceRefresh: options.forceRefresh === true,
+        captureScreenshotMetadata: options.captureScreenshotMetadata === true,
+        captureScreenshot: options.captureScreenshot === true,
+        keepTabOpen: options.keepTabOpen === true,
+        allowPrivateNetworkTarget: options.allowPrivateNetworkTarget === true,
+        targetMode,
+        maxResourceUrls: options.maxResourceUrls ?? 300
+      },
+      protocolVersion: 1
+    }
+  }
+}
+
+export const validateFinalUrl = async (value, bridgeOrigin, request, { resolveHostname = defaultResolveHostname } = {}) => {
+  const finalRequest = {
+    url: value,
+    mode: request.mode,
+    waitMs: request.waitMs,
+    include: request.include,
+    viewports: request.viewports,
+    options: {
+      ...(request.options || {}),
+      allowPrivateNetworkTarget: request.options?.allowPrivateNetworkTarget === true
+    }
+  }
+  const normalized = await normalizeCaptureRequest(finalRequest, bridgeOrigin, { resolveHostname })
+  if (normalized.ok) return { ok: true, finalUrl: normalized.request.url }
+  return {
+    ok: false,
+    code: 'FINAL_URL_BLOCKED',
+    message: 'Final URL is blocked by target policy.',
+    details: normalized.details || { reason: normalized.code === 'TARGET_DNS_LOOKUP_FAILED' ? 'dns_lookup_failed' : 'invalid_final_url' }
+  }
+}
diff --git a/agent-skill/stackprism-site-experience/scripts/capture-runtime.mjs b/agent-skill/stackprism-site-experience/scripts/capture-runtime.mjs
new file mode 100644
index 00000000..c2b81cde
--- /dev/null
+++ b/agent-skill/stackprism-site-experience/scripts/capture-runtime.mjs
@@ -0,0 +1,130 @@
+const DEFAULT_TERMINAL_SETTLE_MS = 3000
+const MAX_TERMINAL_SETTLE_MS = 5000
+const CHILD_STOP_GRACE_MS = 2500
+const DEFAULT_REQUEST_TIMEOUT_MS = 30000
+
+const timeoutSignal = ms => {
+  let timer
+  const promise = new Promise(resolve => {
+    timer = setTimeout(resolve, ms)
+  })
+  return {
+    promise,
+    clear: () => clearTimeout(timer)
+  }
+}
+
+export const sleep = ms => new Promise(resolve => setTimeout(resolve, ms))
+
+export const makeBridgeError = (code, message = code, extra = {}) => Object.assign(new Error(message), { code, ...extra })
+
+export const requestJson = async (url, token, init = {}) => {
+  const { timeoutMs = DEFAULT_REQUEST_TIMEOUT_MS, headers: initHeaders, ...requestInit } = init
+  const controller = new AbortController()
+  const timer = setTimeout(() => controller.abort(), timeoutMs)
+  try {
+    const response = await fetch(url, {
+      ...requestInit,
+      signal: controller.signal,
+      headers: {
+        ...(requestInit.body ? { 'Content-Type': 'application/json' } : {}),
+        Authorization: `Bearer ${token}`,
+        ...(initHeaders || {})
+      }
+    })
+    let body
+    try {
+      body = await response.json()
+    } catch {
+      body = { error: { code: 'INVALID_JSON', message: 'Bridge returned non-JSON response.' } }
+    }
+    if (!response.ok) {
+      const code = typeof body?.error?.code === 'string' && body.error.code ? body.error.code : `HTTP_${response.status}`
+      const error = makeBridgeError(code, body?.error?.message || code)
+      error.response = { status: response.status, body }
+      throw error
+    }
+    return body
+  } catch (error) {
+    if (controller.signal.aborted) {
+      const timeout = makeBridgeError('BRIDGE_REQUEST_TIMEOUT', `Bridge request timed out after ${timeoutMs}ms.`)
+      timeout.response = {
+        status: 504,
+        body: { error: { code: 'BRIDGE_REQUEST_TIMEOUT', message: `Bridge request timed out after ${timeoutMs}ms.` } }
+      }
+      throw timeout
+    }
+    throw error
+  } finally {
+    clearTimeout(timer)
+  }
+}
+
+export const requestBinary = async (url, token = '', init = {}) => {
+  const { timeoutMs = DEFAULT_REQUEST_TIMEOUT_MS, headers: initHeaders, ...requestInit } = init
+  const controller = new AbortController()
+  const timer = setTimeout(() => controller.abort(), timeoutMs)
+  try {
+    const response = await fetch(url, {
+      ...requestInit,
+      signal: controller.signal,
+      headers: {
+        ...(token ? { Authorization: `Bearer ${token}` } : {}),
+        ...(initHeaders || {})
+      }
+    })
+    const bytes = Buffer.from(await response.arrayBuffer())
+    if (!response.ok) {
+      let body = { error: { code: `HTTP_${response.status}`, message: `HTTP_${response.status}` } }
+      try {
+        body = JSON.parse(bytes.toString('utf8'))
+      } catch {}
+      const code = typeof body?.error?.code === 'string' && body.error.code ? body.error.code : `HTTP_${response.status}`
+      const error = makeBridgeError(code, body?.error?.message || code)
+      error.response = { status: response.status, body }
+      throw error
+    }
+    return { bytes, contentType: response.headers.get('content-type') || '' }
+  } catch (error) {
+    if (controller.signal.aborted) {
+      const timeout = makeBridgeError('BRIDGE_REQUEST_TIMEOUT', `Bridge request timed out after ${timeoutMs}ms.`)
+      timeout.response = {
+        status: 504,
+        body: { error: { code: 'BRIDGE_REQUEST_TIMEOUT', message: `Bridge request timed out after ${timeoutMs}ms.` } }
+      }
+      throw timeout
+    }
+    throw error
+  } finally {
+    clearTimeout(timer)
+  }
+}
+
+export const parseTerminalSettleMs = value => {
+  if (value == null || value === '') return DEFAULT_TERMINAL_SETTLE_MS
+  const parsed = Number(value)
+  return Number.isInteger(parsed) && parsed >= 0 && parsed <= MAX_TERMINAL_SETTLE_MS
+    ? parsed
+    : DEFAULT_TERMINAL_SETTLE_MS
+}
+
+export const stopChild = async child => {
+  if (child.exitCode !== null || child.killed) return
+  try {
+    if (child.stdin?.writable && !child.stdin.destroyed) child.stdin.end()
+  } catch {}
+  const firstTimeout = timeoutSignal(CHILD_STOP_GRACE_MS)
+  const exited = await Promise.race([
+    new Promise(resolve => child.once('exit', resolve)),
+    firstTimeout.promise.then(() => {
+      child.kill('SIGTERM')
+      return 'killed'
+    })
+  ])
+  firstTimeout.clear()
+  if (exited === 'killed') {
+    const secondTimeout = timeoutSignal(CHILD_STOP_GRACE_MS)
+    await Promise.race([new Promise(resolve => child.once('exit', resolve)), secondTimeout.promise]).catch(() => {})
+    secondTimeout.clear()
+  }
+}
diff --git a/agent-skill/stackprism-site-experience/scripts/capture-screenshot-artifact.mjs b/agent-skill/stackprism-site-experience/scripts/capture-screenshot-artifact.mjs
new file mode 100644
index 00000000..02ebf154
--- /dev/null
+++ b/agent-skill/stackprism-site-experience/scripts/capture-screenshot-artifact.mjs
@@ -0,0 +1,69 @@
+import { mkdir, writeFile } from 'node:fs/promises'
+import { dirname, extname, resolve } from 'node:path'
+import { pathToFileURL } from 'node:url'
+import { requestBinary } from './capture-runtime.mjs'
+
+const stableScreenshotNote =
+  'Screenshot image base64 is intentionally omitted from this Profile JSON. To inspect actual visual appearance, open or download the image from downloadUrl.'
+
+const screenshotExtensionForMimeType = value => {
+  const mimeType = String(value || '')
+    .split(';', 1)[0]
+    .trim()
+    .toLowerCase()
+  if (mimeType === 'image/png') return 'png'
+  if (mimeType === 'image/webp') return 'webp'
+  return 'jpg'
+}
+
+const defaultScreenshotPathFor = (profilePath, screenshot) => {
+  const outputPath = resolve(profilePath)
+  const outputExtension = extname(outputPath)
+  const stem = outputExtension ? outputPath.slice(0, -outputExtension.length) : outputPath
+  return `${stem}-screenshot.${screenshotExtensionForMimeType(screenshot?.mimeType)}`
+}
+
+const screenshotPathFor = (args, screenshot) => resolve(args.screenshotOut || defaultScreenshotPathFor(args.out, screenshot))
+
+const applyStableScreenshotReference = (profile, artifact) => {
+  const screenshot = profile.visualProfile?.screenshot
+  if (!screenshot || typeof screenshot !== 'object' || !artifact) return profile
+  screenshot.downloadUrl = artifact.downloadUrl
+  screenshot.downloadMethod = 'file'
+  screenshot.localPath = artifact.path
+  screenshot.byteLength = artifact.byteLength
+  screenshot.lifecycle = {
+    ...(screenshot.lifecycle || {}),
+    requiresLocalBridge: false,
+    availableUntil: '',
+    note: 'The capture helper downloaded this screenshot to localPath. The image remains available until the local file is moved or deleted.'
+  }
+  screenshot.note = stableScreenshotNote
+  const visualReference = profile.agentGuidance?.recreationPlan?.visualReference
+  if (visualReference && typeof visualReference === 'object') {
+    visualReference.screenshotDownloadUrl = artifact.downloadUrl
+    visualReference.screenshotLocalPath = artifact.path
+    visualReference.screenshotDownloadHint =
+      'To inspect actual visual appearance, open or download the screenshot image from visualProfile.screenshot.downloadUrl. The Profile JSON intentionally does not include screenshot base64.'
+    visualReference.screenshotAvailableUntil = ''
+    visualReference.screenshotByteLength = artifact.byteLength
+  }
+  return profile
+}
+
+export const writeScreenshotArtifact = async ({ args, profile, token, timeoutMs }) => {
+  const screenshot = profile.visualProfile?.screenshot
+  if (!screenshot?.downloadUrl) return false
+  const result = await requestBinary(screenshot.downloadUrl, token, { timeoutMs })
+  const path = screenshotPathFor(args, screenshot)
+  await mkdir(dirname(path), { recursive: true })
+  await writeFile(path, result.bytes)
+  const artifact = {
+    path,
+    downloadUrl: pathToFileURL(path).href,
+    byteLength: result.bytes.byteLength,
+    contentType: result.contentType || screenshot.mimeType || ''
+  }
+  applyStableScreenshotReference(profile, artifact)
+  return artifact
+}
diff --git a/agent-skill/stackprism-site-experience/scripts/capture-site-args.mjs b/agent-skill/stackprism-site-experience/scripts/capture-site-args.mjs
new file mode 100644
index 00000000..405cf94c
--- /dev/null
+++ b/agent-skill/stackprism-site-experience/scripts/capture-site-args.mjs
@@ -0,0 +1,67 @@
+import { makeBridgeError } from './capture-runtime.mjs'
+
+const DEFAULT_INCLUDE = ['tech', 'visual', 'layout', 'components', 'interaction', 'ux', 'assets']
+const INCLUDE_VALUES = new Set(DEFAULT_INCLUDE)
+const DEFAULT_REQUEST_TIMEOUT_MS = 30000
+
+const usageText = () =>
+  [
+    'Usage: node agent-skill/stackprism-site-experience/scripts/capture-site.mjs --url <url> --out <profile.json> [--screenshot-out <image.jpg>] [--allow-private-network]',
+    '',
+    'Options:',
+    '  --url <url>                 Target http/https URL.',
+    '  --out <path>                Write completed profile JSON to this path.',
+    '  --result-out <path>         Optional capture result summary JSON path.',
+    '  --screenshot-out <path>     Optional decoded screenshot output path; defaults to a sidecar image.',
+    '  --allow-private-network     Allow controlled private-network targets for this attempt.',
+    '  --wait-ms <ms>              Target settle wait, default 3000.',
+    `  --include <list>            Comma-separated sections, default ${DEFAULT_INCLUDE.join(',')}.`,
+    '  --request-timeout-ms <ms>   Per bridge API request timeout, default 30000.',
+    '  --max-resource-urls <n>     Resource URL cap, default 300.',
+    '  --force-refresh             Reload the target after opening it to bypass cache.',
+    '  --no-screenshot             Do not request visible viewport screenshot.'
+  ].join('\n')
+
+export const makeArgumentError = message => makeBridgeError('INVALID_REQUEST', message, { details: { usage: usageText() } })
+
+export const parseArgs = argv => {
+  const args = {
+    waitMs: 3000,
+    requestTimeoutMs: DEFAULT_REQUEST_TIMEOUT_MS,
+    maxResourceUrls: 300,
+    include: DEFAULT_INCLUDE,
+    captureScreenshot: true,
+    forceRefresh: false,
+    allowPrivateNetworkTarget: false
+  }
+  for (let index = 0; index < argv.length; index += 1) {
+    const arg = argv[index]
+    if (arg === '--url') args.url = argv[++index]
+    else if (arg === '--out') args.out = argv[++index]
+    else if (arg === '--result-out') args.resultOut = argv[++index]
+    else if (arg === '--screenshot-out') args.screenshotOut = argv[++index]
+    else if (arg === '--allow-private-network') args.allowPrivateNetworkTarget = true
+    else if (arg === '--force-refresh') args.forceRefresh = true
+    else if (arg === '--no-screenshot') args.captureScreenshot = false
+    else if (arg === '--wait-ms') args.waitMs = Number(argv[++index])
+    else if (arg === '--include') args.include = String(argv[++index] || '').split(',')
+    else if (arg === '--request-timeout-ms') args.requestTimeoutMs = Number(argv[++index])
+    else if (arg === '--max-resource-urls') args.maxResourceUrls = Number(argv[++index])
+    else return { ok: false, message: `Unknown argument: ${arg}` }
+  }
+  if (!args.url || !args.out) return { ok: false, message: '--url and --out are required.' }
+  if (!Number.isInteger(args.waitMs) || args.waitMs < 0 || args.waitMs > 30000) {
+    return { ok: false, message: '--wait-ms must be an integer from 0 to 30000.' }
+  }
+  args.include = [...new Set(args.include.map(value => value.trim()).filter(Boolean))]
+  if (!args.include.length || args.include.some(value => !INCLUDE_VALUES.has(value))) {
+    return { ok: false, message: `--include must contain one or more of: ${DEFAULT_INCLUDE.join(', ')}.` }
+  }
+  if (!Number.isInteger(args.requestTimeoutMs) || args.requestTimeoutMs < 100 || args.requestTimeoutMs > 60000) {
+    return { ok: false, message: '--request-timeout-ms must be an integer from 100 to 60000.' }
+  }
+  if (!Number.isInteger(args.maxResourceUrls) || args.maxResourceUrls < 0 || args.maxResourceUrls > 1000) {
+    return { ok: false, message: '--max-resource-urls must be an integer from 0 to 1000.' }
+  }
+  return { ok: true, args }
+}
diff --git a/agent-skill/stackprism-site-experience/scripts/capture-site.mjs b/agent-skill/stackprism-site-experience/scripts/capture-site.mjs
new file mode 100644
index 00000000..743ff3ab
--- /dev/null
+++ b/agent-skill/stackprism-site-experience/scripts/capture-site.mjs
@@ -0,0 +1,243 @@
+#!/usr/bin/env node
+import { spawn } from 'node:child_process'
+import { mkdir, writeFile } from 'node:fs/promises'
+import { dirname, resolve } from 'node:path'
+import { fileURLToPath } from 'node:url'
+import { makeArgumentError, parseArgs } from './capture-site-args.mjs'
+import { makeBridgeError, parseTerminalSettleMs, requestJson, sleep, stopChild } from './capture-runtime.mjs'
+import { writeScreenshotArtifact } from './capture-screenshot-artifact.mjs'
+import { isKnownBridgeErrorCode, sanitizeBridgeError } from './bridge/protocol.mjs'
+
+const DEFAULT_VIEWPORT = { name: 'desktop', width: 1440, height: 900, deviceScaleFactor: 1 }
+const READY_TIMEOUT_MS = 10000
+const CAPTURE_TIMEOUT_MS = 90000
+const POLL_INTERVAL_MS = 1000
+
+const repoRoot = resolve(dirname(fileURLToPath(import.meta.url)), '../../..')
+const bridgeScript = resolve(
+  process.env.STACKPRISM_CAPTURE_BRIDGE_SCRIPT || resolve(repoRoot, 'agent-skill/stackprism-site-experience/scripts/stackprism-bridge.mjs')
+)
+
+const startupErrorFromStderr = stderr => {
+  const line = String(stderr || '')
+    .split('\n')
+    .map(value => value.trim())
+    .find(value => value.startsWith('{'))
+  if (!line) return null
+  try {
+    const body = JSON.parse(line)
+    const error = body?.error
+    if (!isKnownBridgeErrorCode(error?.code)) return null
+    return makeBridgeError(error.code, error.message || error.code, { details: error.details || {}, stderr })
+  } catch {
+    return null
+  }
+}
+
+const readReady = child =>
+  new Promise((resolve, reject) => {
+    let stdout = ''
+    let stderr = ''
+    const timer = setTimeout(() => reject(makeBridgeError('BRIDGE_START_TIMEOUT', 'BRIDGE_START_TIMEOUT', { stderr })), READY_TIMEOUT_MS)
+    child.stderr.on('data', chunk => {
+      stderr += String(chunk)
+    })
+    child.stdout.on('data', chunk => {
+      stdout += String(chunk)
+      const newline = stdout.indexOf('\n')
+      if (newline < 0) return
+      clearTimeout(timer)
+      try {
+        const ready = JSON.parse(stdout.slice(0, newline))
+        resolve({ ready, stderr: () => stderr })
+      } catch (error) {
+        reject(makeBridgeError('BRIDGE_READY_PARSE_FAILED', 'BRIDGE_READY_PARSE_FAILED', { cause: error, stdout, stderr }))
+      }
+    })
+    child.once('exit', code => {
+      clearTimeout(timer)
+      const startupError = startupErrorFromStderr(stderr)
+      if (startupError) {
+        reject(startupError)
+        return
+      }
+      reject(makeBridgeError('BRIDGE_START_FAILED', 'BRIDGE_EXITED_BEFORE_READY', { exitCode: code, stderr }))
+    })
+  })
+
+const terminalSettleMs = parseTerminalSettleMs(process.env.STACKPRISM_CAPTURE_TERMINAL_SETTLE_MS)
+
+const captureRequest = args => ({
+  url: args.url,
+  mode: 'experience',
+  waitMs: args.waitMs,
+  include: args.include,
+  viewports: [DEFAULT_VIEWPORT],
+  options: {
+    forceRefresh: args.forceRefresh,
+    captureScreenshotMetadata: false,
+    captureScreenshot: args.captureScreenshot,
+    keepTabOpen: false,
+    allowPrivateNetworkTarget: args.allowPrivateNetworkTarget,
+    targetMode: 'new_tab',
+    maxResourceUrls: args.maxResourceUrls
+  }
+})
+
+const runCapture = async args => {
+  const child = spawn(process.execPath, [bridgeScript], {
+    cwd: repoRoot,
+    env: process.env,
+    stdio: ['pipe', 'pipe', 'pipe']
+  })
+  let readyEnvelope
+  try {
+    readyEnvelope = await readReady(child)
+    const { ready } = readyEnvelope
+    if (ready.protocolVersion !== 1 || !ready.baseUrl || !ready.apiToken) {
+      throw makeBridgeError('BRIDGE_PROTOCOL_UNSUPPORTED')
+    }
+    const created = await requestJson(`${ready.baseUrl}/v1/captures`, ready.apiToken, {
+      method: 'POST',
+      body: JSON.stringify(captureRequest(args)),
+      timeoutMs: args.requestTimeoutMs
+    })
+    const deadline = Date.now() + CAPTURE_TIMEOUT_MS
+    let status = created
+    let pollTimedOut = true
+    while (Date.now() < deadline) {
+      status = await requestJson(`${ready.baseUrl}/v1/captures/${created.id}`, ready.apiToken, {
+        timeoutMs: args.requestTimeoutMs
+      })
+      if (['completed', 'failed', 'cancelled', 'expired'].includes(status.status)) {
+        pollTimedOut = false
+        break
+      }
+      await sleep(POLL_INTERVAL_MS)
+    }
+    if (status.status !== 'completed') {
+      const code = pollTimedOut ? 'CAPTURE_TIMEOUT' : status.error?.code || status.status || 'CAPTURE_TIMEOUT'
+      const error = makeBridgeError(code, status.error?.message || code)
+      error.response = { status: 409, body: status }
+      throw error
+    }
+    const downloadedProfile = await requestJson(`${ready.baseUrl}/v1/captures/${created.id}/profile-download`, ready.apiToken, {
+      timeoutMs: args.requestTimeoutMs
+    })
+    const profileDownloadReady = true
+    const screenshotArtifact = await writeScreenshotArtifact({
+      args,
+      profile: downloadedProfile,
+      token: ready.apiToken,
+      timeoutMs: args.requestTimeoutMs
+    })
+    if (terminalSettleMs > 0) await sleep(terminalSettleMs)
+    return {
+      ok: true,
+      ready,
+      created,
+      status,
+      profile: downloadedProfile,
+      profileDownloadReady,
+      screenshotArtifact,
+      stderr: readyEnvelope.stderr()
+    }
+  } finally {
+    await stopChild(child).catch(() => {})
+  }
+}
+
+const writeJson = async (path, value) => {
+  await mkdir(dirname(resolve(path)), { recursive: true })
+  await writeFile(path, `${JSON.stringify(value, null, 2)}\n`)
+}
+
+const safeErrorCode = value => {
+  const code = String(value || '')
+  return isKnownBridgeErrorCode(code) ? code : 'CAPTURE_FAILED'
+}
+
+const normalizeErrorCode = error => {
+  const bodyError = error?.response?.body?.error
+  if (typeof bodyError?.code === 'string' && bodyError.code) return safeErrorCode(bodyError.code)
+  if (typeof bodyError === 'string' && bodyError) return safeErrorCode(bodyError)
+  if (typeof error?.code === 'string' && error.code) return safeErrorCode(error.code)
+  return 'CAPTURE_FAILED'
+}
+
+const sanitizeErrorDetails = error => {
+  if (error?.details && typeof error.details === 'object') {
+    const details = sanitizeBridgeError({ code: 'INVALID_REQUEST', message: 'Capture failed.', details: error.details }).details || {}
+    if (typeof error.details.usage === 'string') details.usage = error.details.usage
+    return details
+  }
+  const body = error?.response?.body
+  if (!body || typeof body !== 'object') return {}
+  return sanitizeBridgeError({ code: 'CAPTURE_FAILED', message: 'Capture failed.', details: body }).details || {}
+}
+
+const sanitizeErrorMessage = (error, code) =>
+  sanitizeBridgeError({ code: 'INVALID_REQUEST', message: error?.message || code || 'Capture failed.' }).message
+
+const main = async () => {
+  const parsed = parseArgs(process.argv.slice(2))
+  if (!parsed.ok) {
+    throw makeArgumentError(parsed.message)
+  }
+  const { args } = parsed
+  const result = await runCapture(args)
+  const screenshot = result.profile.visualProfile?.screenshot
+  const screenshotPresent = Boolean(screenshot?.downloadUrl)
+  const screenshotWritten = Boolean(result.screenshotArtifact)
+  await writeJson(args.out, result.profile)
+  if (args.resultOut) {
+    await writeJson(args.resultOut, {
+      ok: true,
+      targetUrl: args.url,
+      allowPrivateNetworkTarget: args.allowPrivateNetworkTarget,
+      include: args.include,
+      captureScreenshot: args.captureScreenshot,
+      captureId: result.created.id,
+      finalUrl: result.profile.target?.finalUrl || result.profile.target?.url || '',
+      language: result.profile.target?.language || '',
+      screenshotPresent,
+      screenshotWritten,
+      screenshotPath: result.screenshotArtifact?.path || '',
+      screenshotDownloadUrl: screenshot?.downloadUrl || '',
+      techCount: result.profile.techProfile?.technologies?.length || 0,
+      profileDownloadReady: result.profileDownloadReady,
+      limitations: result.profile.limitations || []
+    })
+  }
+  process.stdout.write(
+    `${JSON.stringify({
+      ok: true,
+      captureId: result.created.id,
+      finalUrl: result.profile.target?.finalUrl || result.profile.target?.url || '',
+      language: result.profile.target?.language || '',
+      screenshotPresent,
+      screenshotWritten,
+      screenshotPath: result.screenshotArtifact?.path || '',
+      screenshotDownloadUrl: screenshot?.downloadUrl || '',
+      profileDownloadReady: result.profileDownloadReady,
+      include: args.include,
+      captureScreenshot: args.captureScreenshot,
+      techCount: result.profile.techProfile?.technologies?.length || 0
+    })}\n`
+  )
+}
+
+main().catch(error => {
+  const code = normalizeErrorCode(error)
+  process.stderr.write(
+    `${JSON.stringify({
+      ok: false,
+      error: {
+        code,
+        message: sanitizeErrorMessage(error, code),
+        details: sanitizeErrorDetails(error)
+      }
+    })}\n`
+  )
+  process.exit(1)
+})
diff --git a/agent-skill/stackprism-site-experience/scripts/stackprism-bridge.mjs b/agent-skill/stackprism-site-experience/scripts/stackprism-bridge.mjs
new file mode 100644
index 00000000..e2ad22bf
--- /dev/null
+++ b/agent-skill/stackprism-site-experience/scripts/stackprism-bridge.mjs
@@ -0,0 +1,64 @@
+#!/usr/bin/env node
+import { createBridgeServer } from './bridge/http-server.mjs'
+import { parseOpenConfig } from './bridge/open-browser.mjs'
+import { protocolVersion, service, version } from './bridge/protocol.mjs'
+
+const failStart = (code, message) => {
+  process.stderr.write(`${JSON.stringify({ error: { code, message } })}\n`)
+  process.exit(1)
+}
+
+const parsePort = value => {
+  if (value === undefined) return 0
+  if (!/^[0-9]+$/.test(value)) return null
+  const port = Number(value)
+  return port >= 1 && port <= 65535 ? port : null
+}
+
+const openConfig = parseOpenConfig(process.env)
+const port = parsePort(process.env.STACKPRISM_BRIDGE_PORT)
+if (!openConfig.ok) {
+  failStart(openConfig.code, openConfig.message)
+} else if (port === null) {
+  failStart('BRIDGE_INVALID_ENV', 'STACKPRISM_BRIDGE_PORT must be an integer from 1 to 65535.')
+} else {
+  const bridge = createBridgeServer({ port })
+  try {
+    const ready = await bridge.listen()
+    const shutdown = async () => {
+      ready.store.clear()
+      await bridge.close().catch(() => {
+        process.stderr.write(`${JSON.stringify({ error: { code: 'BRIDGE_CLOSE_FAILED', message: 'Bridge server close failed.' } })}\n`)
+      })
+      process.exit(0)
+    }
+    process.once('SIGINT', shutdown)
+    process.once('SIGTERM', shutdown)
+    process.stdin.once('end', shutdown)
+    process.stdin.resume()
+    process.stdout.write(
+      `${JSON.stringify({
+        event: 'stackprism-bridge-ready',
+        service,
+        version,
+        protocolVersion,
+        baseUrl: ready.baseUrl,
+        healthUrl: ready.healthUrl,
+        apiToken: ready.apiToken
+      })}\n`
+    )
+  } catch (caught) {
+    const code = caught?.code === 'EADDRINUSE' ? 'PORT_IN_USE' : 'BRIDGE_START_FAILED'
+    const message = code === 'PORT_IN_USE' ? 'Configured bridge port is already in use.' : 'Failed to start bridge server.'
+    process.stderr.write(
+      `${JSON.stringify({
+        error: {
+          code,
+          message,
+          details: { reason: caught?.code || caught?.name || 'unknown' }
+        }
+      })}\n`
+    )
+    process.exit(1)
+  }
+}
diff --git a/agent-skill/stackprism-site-experience/scripts/stackprism_bridge.py b/agent-skill/stackprism-site-experience/scripts/stackprism_bridge.py
new file mode 100644
index 00000000..8655980d
--- /dev/null
+++ b/agent-skill/stackprism-site-experience/scripts/stackprism_bridge.py
@@ -0,0 +1,78 @@
+#!/usr/bin/env python3
+import errno
+import json
+import os
+import signal
+import sys
+import threading
+
+from stackprism_bridge_lib.server_factory import create_server
+from stackprism_bridge_lib.open_browser import parse_open_config
+from stackprism_bridge_lib.protocol import PROTOCOL_VERSION, SERVICE, VERSION
+
+
+def fail_start(code, message):
+    sys.stderr.write(json.dumps({"error": {"code": code, "message": message}}) + "\n")
+    return 1
+
+
+def parse_port(value):
+    if value is None:
+        return 0
+    if not value.isdecimal():
+        return None
+    port = int(value)
+    return port if 1 <= port <= 65535 else None
+
+
+def main():
+    open_config_ok, open_config_code, open_config_message = parse_open_config(os.environ)
+    if not open_config_ok:
+        return fail_start(open_config_code, open_config_message)
+    port = parse_port(os.environ.get("STACKPRISM_BRIDGE_PORT"))
+    if port is None:
+        return fail_start("BRIDGE_INVALID_ENV", "STACKPRISM_BRIDGE_PORT must be an integer from 1 to 65535.")
+    try:
+        server, ready = create_server(port)
+    except OSError as exc:
+        if getattr(exc, "errno", None) == errno.EADDRINUSE:
+            return fail_start("PORT_IN_USE", "Configured bridge port is already in use.")
+        return fail_start("BRIDGE_START_FAILED", "Failed to start bridge server.")
+
+    def shutdown(_signum=None, _frame=None):
+        server.shutdown()
+
+    def watch_stdin():
+        try:
+            sys.stdin.read()
+        finally:
+            shutdown()
+
+    signal.signal(signal.SIGINT, shutdown)
+    signal.signal(signal.SIGTERM, shutdown)
+    thread = threading.Thread(target=server.serve_forever, daemon=True)
+    stdin_thread = threading.Thread(target=watch_stdin, daemon=True)
+    thread.start()
+    stdin_thread.start()
+    sys.stdout.write(
+        json.dumps(
+            {
+                "event": "stackprism-bridge-ready",
+                "service": SERVICE,
+                "version": VERSION,
+                "protocolVersion": PROTOCOL_VERSION,
+                "baseUrl": ready["baseUrl"],
+                "healthUrl": ready["healthUrl"],
+                "apiToken": ready["apiToken"],
+            }
+        )
+        + "\n"
+    )
+    sys.stdout.flush()
+    thread.join()
+    server.server_close()
+    return 0
+
+
+if __name__ == "__main__":
+    raise SystemExit(main())
diff --git a/agent-skill/stackprism-site-experience/scripts/stackprism_bridge_lib/body.py b/agent-skill/stackprism-site-experience/scripts/stackprism_bridge_lib/body.py
new file mode 100644
index 00000000..79a6a471
--- /dev/null
+++ b/agent-skill/stackprism-site-experience/scripts/stackprism_bridge_lib/body.py
@@ -0,0 +1,36 @@
+import json
+import re
+
+
+def read_exact(stream, length):
+    chunks = []
+    remaining = length
+    while remaining > 0:
+        chunk = stream.read(remaining)
+        if not chunk:
+            raise EOFError("Request body ended before Content-Length bytes were read.")
+        chunks.append(chunk)
+        remaining -= len(chunk)
+    return b"".join(chunks)
+
+
+def read_json_body(handler, limit, too_large_code):
+    if not re.fullmatch(r"application/json(?:;\s*charset=utf-8)?", handler.headers.get("Content-Type", ""), re.IGNORECASE):
+        close_request_connection(handler)
+        handler.fail(415, "UNSUPPORTED_MEDIA_TYPE", "Expected application/json.")
+        return None
+    try:
+        length = int(handler.headers.get("Content-Length", "0"))
+        if length > limit:
+            close_request_connection(handler)
+            handler.fail(413, too_large_code, "Request body is too large.")
+            return None
+        return json.loads(read_exact(handler.rfile, length).decode("utf-8"))
+    except (EOFError, UnicodeDecodeError, json.JSONDecodeError, ValueError, OSError):
+        close_request_connection(handler)
+        handler.fail(400, "INVALID_JSON", "Request body is not valid JSON.")
+        return None
+
+
+def close_request_connection(handler):
+    handler.close_connection = True
diff --git a/agent-skill/stackprism-site-experience/scripts/stackprism_bridge_lib/bridge_page.py b/agent-skill/stackprism-site-experience/scripts/stackprism_bridge_lib/bridge_page.py
new file mode 100644
index 00000000..364997d1
--- /dev/null
+++ b/agent-skill/stackprism-site-experience/scripts/stackprism_bridge_lib/bridge_page.py
@@ -0,0 +1,141 @@
+from .bridge_page_assets import BRIDGE_PAGE_SCRIPT, BRIDGE_PAGE_STYLE
+from .protocol import ID_PATTERNS, PROTOCOL_VERSION, html_escape_script_json, new_csp_nonce, redact_url
+from .status import FINAL_STATES
+
+
+BRIDGE_PAGE_HTML_TEMPLATE = """<!doctype html>
+<html>
+<head>
+<meta charset="utf-8">
+<meta name="stackprism-agent-bridge" content="1">
+<meta name="viewport" content="width=device-width,initial-scale=1">
+<link rel="icon" href="data:image/svg+xml,%3Csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 16 16'%3E%3Crect width='16' height='16' rx='3' fill='%230f766e'/%3E%3C/svg%3E">
+<title>StackPrism Agent Bridge</title>
+<style nonce="{csp_nonce}">{style}</style>
+</head>
+<body>
+<main class="bridge-shell">
+<section id="bridgeCard" class="bridge-card" data-status="waiting_extension" aria-labelledby="bridge-title" tabindex="-1">
+<header class="bridge-header">
+<div class="bridge-brand">
+<div class="bridge-mark" aria-hidden="true">SP</div>
+<div>
+<p class="bridge-kicker">本机通道</p>
+<h1 id="bridge-title" class="bridge-title">StackPrism Agent Bridge</h1>
+<p class="bridge-copy">连接本机 Agent 与当前浏览器 profile，展示本次采集结果。</p>
+</div>
+</div>
+<span id="statusBadge" class="bridge-badge">等待扩展连接</span>
+</header>
+<div class="bridge-body">
+<section class="status-panel" aria-live="polite">
+<div>
+<div id="stateLabel" class="state-label">等待扩展连接</div>
+<p id="status" class="status-text">等待 StackPrism 扩展连接。</p>
+</div>
+<div class="progress-row" aria-hidden="true"><div class="progress"><span id="progressBar"></span></div></div>
+</section>
+<section class="target-panel" aria-label="目标与可复制结果">
+<div class="target-copy">
+<p class="preview-label">采集目标</p>
+<a id="targetUrl" class="target-url" title="" target="_blank" rel="noopener noreferrer" aria-disabled="true">等待读取目标网址</a>
+<p id="targetHelper" class="target-helper">采集完成后可复制给本机 Coding Agent 使用。</p>
+</div>
+<div class="target-actions"><a id="openTargetUrl" class="preview-button target-open-link" target="_blank" rel="noopener noreferrer" aria-disabled="true" tabindex="-1">打开目标网页</a><button id="downloadProfile" class="preview-button profile-download-button" type="button" disabled>下载 Profile</button><button id="copyAllInfo" class="preview-button primary target-copy-button" type="button" disabled>复制全部信息</button></div>
+<p id="copyStatus" class="copy-status" role="status" aria-live="polite"></p>
+</section>
+<section class="result-grid" aria-label="采集结果">
+<section class="capture-panel" aria-label="Profile 摘要">
+<div class="section-title"><span class="section-dot" aria-hidden="true"></span><h2>Profile 摘要</h2></div>
+<p class="panel-copy">面向复刻任务整理技术栈、视觉结构、交互路径与资产线索。</p>
+<div class="summary-grid">
+<div class="summary-tile"><p>Agent 用途</p><strong>快速复刻</strong></div>
+<div class="summary-tile"><p>内容范围</p><strong>技术与体验</strong></div>
+<div class="summary-tile"><p>采集模式</p><strong>只读采集</strong></div>
+<div class="summary-tile"><p>截图状态</p><strong id="screenshotTileValue">等待截图</strong></div>
+</div>
+<div class="summary-note"><p>复刻重点</p><ul><li>先看 Agent 可读内容</li><li>用截图校准首屏结构</li><li>必要时再读 raw profile</li></ul></div>
+<div class="summary-handoff" aria-label="摘要包含"><p>摘要包含</p><div><span>技术栈</span><span>首屏结构</span><span>交互路径</span><span>资产线索</span></div></div>
+</section>
+<section class="screenshot-panel" aria-label="截图预览">
+<div class="section-title"><span class="section-dot" aria-hidden="true"></span><h2>截图预览</h2><span id="screenshotStateBadge" class="state-chip" data-state="pending">等待截图</span></div>
+<button id="screenshotFrame" class="screenshot-frame" type="button" disabled><img id="targetScreenshot" alt=""><span id="screenshotEmpty" class="screenshot-empty">采集完成后显示截图
+未返回时仍可复制文本摘要</span></button>
+<p id="screenshotMeta" class="screenshot-meta">截图可用后会显示格式与范围</p>
+<div class="preview-actions"><button id="copyScreenshot" class="preview-button" type="button" disabled>复制截图</button><button id="screenshotDownload" class="preview-button" type="button" disabled>下载截图</button></div>
+</section>
+</section>
+<section id="profileContentSection" class="content-section" hidden><div class="section-head"><div><h2>Agent 可读内容</h2><p>已转换为摘要；完整 Profile 可在本页完成后下载。</p></div></div><div id="profileContentGrid" class="content-grid"></div></section>
+<section class="flow-panel" aria-label="采集流程"><div class="flow-head"><h2>采集流程</h2><div class="flow-state"><p id="stepSummary" class="step-summary" role="status" aria-live="polite">当前步骤：扩展连接</p><button id="toggleSteps" class="flow-toggle" type="button" aria-controls="captureSteps" aria-expanded="false">展开步骤</button></div></div><ol id="captureSteps" class="steps" aria-label="采集步骤" role="list"><li class="step current" data-phase="bridge_connected" aria-current="step"><span class="step-index">1</span><div>扩展连接</div></li><li class="step" data-phase="request_loaded"><span class="step-index">2</span><div>读取请求</div></li><li class="step" data-phase="target_opening"><span class="step-index">3</span><div>打开目标</div></li><li class="step" data-phase="target_loaded"><span class="step-index">4</span><div>页面加载</div></li><li class="step" data-phase="detecting_tech"><span class="step-index">5</span><div>技术识别</div></li><li class="step" data-phase="profiling_experience"><span class="step-index">6</span><div>体验分析</div></li><li class="step" data-phase="posting_profile"><span class="step-index">7</span><div>回传 Profile</div></li><li class="step" data-phase="cleanup"><span class="step-index">8</span><div>清理完成</div></li></ol></section>
+<footer class="bridge-footer"><p class="bridge-note">本页只服务当前一次采集；完整 Profile 仅在本次结果未过期时下载；摘要不含 token、nonce、raw JSON 或截图 data URL。</p><div class="pills"><span class="pill">127.0.0.1</span><span class="pill">当前 profile</span><span class="pill">只读采集</span></div></footer>
+</div>
+</section>
+</main>
+<section id="screenshotModal" class="screenshot-modal" data-open="false" aria-label="截图放大预览" role="dialog" aria-modal="true"><div class="modal-card"><div class="modal-bar"><p class="modal-title">截图预览</p><div class="modal-actions"><button id="modalCopyScreenshot" class="modal-close" type="button" disabled>复制截图</button><button id="modalDownload" class="modal-close" type="button" disabled>下载截图</button><button id="modalClose" class="modal-close" type="button">关闭</button></div></div><p id="modalCopyStatus" class="modal-copy-status" role="status" aria-live="polite"></p><img id="modalScreenshot" class="modal-image" alt=""></div></section>
+<script id="stackprism-agent-bridge-config" type="application/json" nonce="{csp_nonce}">{config}</script>
+<script nonce="{csp_nonce}">{script}</script>
+</body>
+</html>"""
+
+
+def render_bridge_page_html(csp_nonce, config):
+    if not ID_PATTERNS["cspNonce"].match(csp_nonce):
+        raise ValueError("INVALID_CSP_NONCE")
+    escaped_config = html_escape_script_json(config)
+    return BRIDGE_PAGE_HTML_TEMPLATE.format(csp_nonce=csp_nonce, style=BRIDGE_PAGE_STYLE, config=escaped_config, script=BRIDGE_PAGE_SCRIPT)
+
+
+def bridge_page_response(capture):
+    if capture["status"] == "expired":
+        return "fail", 410, "CAPTURE_RESULT_EXPIRED", "Capture result expired.", None
+    if capture["status"] in FINAL_STATES:
+        error = capture.get("error") or {}
+        return "fail", 409, error.get("code") or "INVALID_REQUEST", "Capture is already terminal.", {"status": capture["status"]}
+    if capture["bridgeTokenRenderedAt"] or capture["bridgeTokenClaimedAt"]:
+        return "fail", 409, "INVALID_REQUEST", "Bridge token has already been rendered or claimed.", None
+    return "html", {
+        "captureId": capture["id"],
+        "sessionId": capture["sessionId"],
+        "nonce": capture["nonce"],
+        "bridgeToken": capture["bridgeToken"],
+        "targetUrl": redact_url((capture.get("request") or {}).get("url")),
+        "protocolVersion": PROTOCOL_VERSION,
+    }
+
+
+def render_bridge_page(handler, capture):
+    with handler.server.store._lock:
+        response = bridge_page_response(capture)
+    if response[0] == "fail":
+        handler.fail(response[1], response[2], response[3], response[4])
+        return
+    csp_nonce = new_csp_nonce()
+    try:
+        html = render_bridge_page_html(csp_nonce, response[1])
+    except ValueError:
+        handler.fail(500, "BRIDGE_PAGE_RENDER_FAILED", "Bridge page render failed.")
+        return
+    with handler.server.store._lock:
+        response = bridge_page_response(capture)
+        if response[0] == "fail":
+            failed_response = response
+        else:
+            failed_response = None
+            capture["bridgeTokenRenderedAt"] = handler.server.store.now()
+    if failed_response:
+        handler.fail(failed_response[1], failed_response[2], failed_response[3], failed_response[4])
+        return
+    handler.send_response(200)
+    handler.send_header("Content-Type", "text/html; charset=utf-8")
+    handler.send_header("Cache-Control", "no-store")
+    handler.send_header("Referrer-Policy", "no-referrer")
+    handler.send_header("X-Content-Type-Options", "nosniff")
+    handler.send_header("X-Frame-Options", "DENY")
+    handler.send_header("Cross-Origin-Opener-Policy", "same-origin")
+    handler.send_header("Permissions-Policy", "camera=(), microphone=(), geolocation=(), payment=(), usb=()")
+    handler.send_header(
+        "Content-Security-Policy",
+        f"default-src 'none'; script-src 'nonce-{csp_nonce}'; style-src 'nonce-{csp_nonce}'; img-src data: blob:; connect-src 'self'; frame-ancestors 'none'; base-uri 'none'; form-action 'none'",
+    )
+    handler.end_headers()
+    handler.wfile.write(html.encode("utf-8"))
diff --git a/agent-skill/stackprism-site-experience/scripts/stackprism_bridge_lib/bridge_page_assets.py b/agent-skill/stackprism-site-experience/scripts/stackprism_bridge_lib/bridge_page_assets.py
new file mode 100644
index 00000000..0dfc24ac
--- /dev/null
+++ b/agent-skill/stackprism-site-experience/scripts/stackprism_bridge_lib/bridge_page_assets.py
@@ -0,0 +1,3 @@
+BRIDGE_PAGE_STYLE = "\n:root{color-scheme:light dark;--sp-bg:#eef7f5;--sp-panel:#ffffff;--sp-panel-alt:#fbfefd;--sp-line:#c3ddd7;--sp-soft-line:#dce9e6;--sp-neutral-line:#e5e9ee;--sp-ink:#111827;--sp-muted:#637381;--sp-accent:#0f766e;--sp-accent-2:#14b8a6;--sp-accent-soft:#e8f8f3;--sp-warn:#a45a00;--sp-danger:#b42318;--sp-danger-soft:#fff5f5;--sp-warn-soft:#fff8ed;--sp-shadow:0 26px 70px rgba(15,118,110,.13)}\n*{box-sizing:border-box}body{margin:0;min-height:100vh;background:linear-gradient(180deg,#fbfdfd 0%,var(--sp-bg) 100%);color:var(--sp-ink);font:15px/1.5 Inter,ui-sans-serif,system-ui,-apple-system,BlinkMacSystemFont,\"Segoe UI\",sans-serif}.bridge-shell{min-height:100vh;padding:24px 24px 42px}.bridge-card{width:min(1240px,100%);margin:0 auto 24px;overflow:hidden;border:1px solid var(--sp-line);border-radius:16px;background:var(--sp-panel);box-shadow:var(--sp-shadow)}\n.bridge-header{display:flex;align-items:center;justify-content:space-between;gap:24px;padding:24px 30px;border-bottom:1px solid var(--sp-line);background:linear-gradient(90deg,#f3fbf8 0%,#fff 74%)}.bridge-brand{display:flex;min-width:0;align-items:center;gap:16px}.bridge-mark{width:44px;height:44px;border-radius:10px;display:grid;place-items:center;background:var(--sp-accent);color:#fff;font-size:17px;font-weight:800;letter-spacing:0;box-shadow:0 14px 30px rgba(15,118,110,.24)}.bridge-kicker{margin:0 0 3px;color:var(--sp-accent);font-size:12px;font-weight:800;letter-spacing:0;text-transform:uppercase}.bridge-title{margin:0;font-size:24px;line-height:1.15;letter-spacing:0}.bridge-copy{margin:6px 0 0;color:var(--sp-muted);font-size:15px}.bridge-badge{flex:0 0 auto;padding:8px 14px;border:1px solid var(--sp-line);border-radius:999px;background:var(--sp-accent-soft);color:var(--sp-accent);font-weight:800;white-space:nowrap}\n.bridge-body{padding:20px 26px 26px}.status-panel{display:grid;grid-template-columns:minmax(0,1fr);gap:10px;margin-bottom:14px}.bridge-card[data-status=\"completed\"] .status-panel{display:none}.state-label{font-size:20px;font-weight:850;letter-spacing:0}.status-text{margin:3px 0 0;color:var(--sp-muted)}.progress-row{display:grid;grid-template-columns:minmax(0,1fr);align-items:center}.progress{height:8px;overflow:hidden;border-radius:999px;background:#ecf3f2}.progress span{position:relative;display:block;width:8%;height:100%;overflow:hidden;border-radius:inherit;background:linear-gradient(90deg,var(--sp-accent),var(--sp-accent-2));transition:width .25s ease}.bridge-card[data-status=\"failed\"] .progress span,.bridge-card[data-status=\"expired\"] .progress span{background:linear-gradient(90deg,#b42318,#ef4444)}.bridge-card[data-status=\"cancelled\"] .progress span,.bridge-card[data-status=\"disconnected\"] .progress span{background:linear-gradient(90deg,#a45a00,#f59e0b)}.bridge-card[data-status=\"running\"] .progress span::after,.bridge-card[data-status=\"cancel_requested\"] .progress span::after{content:\"\";position:absolute;inset:0;background:linear-gradient(90deg,transparent,rgba(255,255,255,.42),transparent);animation:sp-progress-sweep 1.2s linear infinite}@keyframes sp-progress-sweep{from{transform:translateX(-100%)}to{transform:translateX(100%)}}\n.target-panel{display:grid;grid-template-columns:minmax(0,1fr) auto;gap:10px 18px;align-items:center;margin-bottom:14px;padding:16px 18px;border:1px solid #a9d8cd;border-radius:12px;background:linear-gradient(90deg,#f3fbf8 0%,#fff 70%);box-shadow:0 12px 28px rgba(15,118,110,.08)}.target-copy{min-width:0}.preview-label{margin:0 0 5px;color:var(--sp-muted);font-size:12px;font-weight:800;letter-spacing:0;text-transform:uppercase}.target-url{margin:0;display:-webkit-box;overflow:hidden;overflow-wrap:anywhere;word-break:break-word;-webkit-line-clamp:2;-webkit-box-orient:vertical;color:var(--sp-ink);font-size:17px;font-weight:850;line-height:1.25;text-decoration:none}.target-url[href]{cursor:pointer}.target-url[href]:hover{text-decoration:underline;text-decoration-thickness:2px;text-underline-offset:4px}.target-url[aria-disabled=\"true\"]{cursor:default}.target-helper{margin:5px 0 0;overflow-wrap:anywhere;color:var(--sp-muted);font-size:13px}.target-actions{display:flex;min-width:0;flex-wrap:wrap;gap:10px;justify-content:flex-end}.target-open-link{min-width:132px;display:inline-flex;align-items:center;justify-content:center;text-decoration:none}.profile-download-button{min-width:132px}.copy-status{grid-column:1/-1;min-height:0;margin:0;padding:0;overflow-wrap:anywhere;color:var(--sp-muted);font-size:14px;opacity:0;transform:translateY(-2px);transition:opacity .16s ease,transform .16s ease}.copy-status[data-visible=\"true\"]{min-height:32px;padding:6px 10px;border:1px solid var(--sp-line);border-radius:8px;background:var(--sp-accent-soft);color:var(--sp-accent);opacity:1;transform:translateY(0)}.copy-status[data-state=\"error\"]{border-color:#f0b7b2;background:var(--sp-danger-soft);color:var(--sp-danger)}\n.result-grid{display:grid;grid-template-columns:minmax(0,1.22fr) minmax(320px,.82fr);gap:16px;align-items:start}.capture-panel,.screenshot-panel{padding:16px;border:1px solid var(--sp-soft-line);border-radius:12px;background:var(--sp-panel-alt)}.capture-panel{min-width:0}.section-title{display:flex;align-items:center;gap:10px;margin-bottom:12px}.section-title h2{margin:0;font-size:17px;line-height:1.2}.section-dot{flex:0 0 auto;width:8px;height:22px;border:0;border-radius:999px;background:var(--sp-accent);box-shadow:none}.panel-copy{margin:-4px 0 12px;color:var(--sp-muted);font-size:13px}.summary-grid{display:grid;grid-template-columns:repeat(4,minmax(0,1fr));gap:8px;margin-bottom:10px}.summary-tile{min-height:58px;padding:10px;border:1px solid var(--sp-neutral-line);border-radius:10px;background:#fff}.summary-tile p{margin:0 0 4px;color:var(--sp-muted);font-size:12px;font-weight:800}.summary-tile strong{display:block;overflow-wrap:anywhere;font-size:14px;line-height:1.25}.summary-note{padding:10px 12px;border:1px solid var(--sp-neutral-line);border-radius:10px;background:#fff}.summary-note p{margin:0 0 5px;color:var(--sp-accent);font-size:12px;font-weight:850;letter-spacing:0}.summary-note ul{display:grid;grid-template-columns:repeat(3,minmax(0,1fr));gap:6px;margin:0;padding-left:18px;color:var(--sp-muted);font-size:13px}.summary-note li{line-height:1.35}.summary-handoff{display:flex;align-items:center;gap:12px;margin-top:12px;padding-top:10px;color:var(--sp-muted);font-size:12px}.summary-handoff p{margin:0;color:var(--sp-accent);font-weight:850}.summary-handoff div{display:flex;flex-wrap:wrap;gap:6px}.summary-handoff span{padding:4px 8px;border:1px solid var(--sp-neutral-line);border-radius:999px;background:#fff;font-weight:750}.state-chip{margin-left:auto;padding:4px 9px;border:1px solid #d6e7e3;border-radius:999px;background:#fff;color:var(--sp-muted);font-size:12px;font-weight:850;white-space:nowrap}.state-chip[data-state=\"ready\"]{border-color:#a9d8cd;background:#e8f8f1;color:var(--sp-accent)}.state-chip[data-state=\"failed\"]{border-color:#f0b7b2;background:var(--sp-danger-soft);color:var(--sp-danger)}.state-chip[data-state=\"empty\"]{border-color:#f0d2a8;background:var(--sp-warn-soft);color:var(--sp-warn)}.flow-panel{margin-top:14px;padding:10px 12px;border:1px solid var(--sp-neutral-line);border-radius:12px;background:var(--sp-panel-alt)}.flow-head{display:flex;align-items:center;justify-content:space-between;gap:12px;margin-bottom:9px}.bridge-card[data-status=\"completed\"] .flow-head{margin-bottom:0}.flow-head h2{margin:0;font-size:14px}.flow-state{display:flex;align-items:center;justify-content:flex-end;gap:8px;min-width:0}.step-summary{margin:0;color:var(--sp-muted);font-size:13px;font-weight:750}.flow-toggle{display:none;min-height:30px;padding:0 10px;border:1px solid #b9dcd5;border-radius:999px;background:#fff;color:var(--sp-accent);font:inherit;font-size:12px;font-weight:850;cursor:pointer}.bridge-card[data-status=\"completed\"] .flow-toggle{display:inline-flex;align-items:center}.steps{display:grid;grid-template-columns:repeat(8,minmax(0,1fr));gap:6px;margin:0;padding:0;list-style:none}.bridge-card[data-status=\"completed\"]:not([data-steps-open=\"true\"]) .steps{display:none}.bridge-card[data-status=\"completed\"][data-steps-open=\"true\"] .steps{display:grid;margin-top:9px}.step{min-height:36px;position:relative;display:flex;align-items:center;gap:6px;padding:7px;border:1px solid var(--sp-neutral-line);border-radius:9px;background:#fff;color:var(--sp-muted)}.step-index{display:inline-grid;flex:0 0 auto;place-items:center;width:20px;height:20px;border-radius:999px;background:#edf3f2;color:var(--sp-muted);font-size:11px;font-weight:800}.step div{font-size:12px;line-height:1.2;word-break:break-word}.step.done{border-color:#a9d8cd;background:#f2fbf8;color:var(--sp-accent)}.step.done .step-index,.step.current .step-index{background:var(--sp-accent);color:#fff}.step.current{border-color:var(--sp-accent);color:var(--sp-ink);box-shadow:0 0 0 2px rgba(15,118,110,.08)}.step.failed{border-color:#f0b7b2;background:var(--sp-danger-soft);color:var(--sp-danger);box-shadow:0 0 0 2px rgba(180,35,24,.08)}.step.failed .step-index{background:var(--sp-danger);color:#fff}\n.screenshot-frame{width:100%;height:clamp(190px,14vw,230px);display:grid;place-items:center;overflow:hidden;border:1px solid var(--sp-line);border-radius:12px;background:#eef8f7;cursor:pointer;padding:0;text-align:inherit;transition:border-color .16s ease,box-shadow .16s ease}.screenshot-frame:disabled{cursor:not-allowed}.screenshot-frame.has-image:hover{border-color:var(--sp-accent);box-shadow:0 0 0 3px rgba(15,118,110,.1)}.screenshot-frame img{display:none;width:100%;height:100%;object-fit:cover;object-position:top center;background:#fff}.screenshot-frame.has-image img{display:block}.screenshot-frame.has-image .screenshot-empty{display:none}.screenshot-empty{max-width:260px;padding:18px;color:var(--sp-muted);text-align:center;font-weight:750;line-height:1.45;white-space:pre-line}.screenshot-meta{min-height:20px;margin:12px 0 0;color:var(--sp-muted);font-size:13px;line-height:1.35}.preview-actions{display:grid;grid-template-columns:repeat(2,minmax(0,1fr));gap:10px;margin-top:12px}.preview-button,.modal-close{min-height:38px;padding:0 12px;border:1px solid #b9dcd5;border-radius:8px;background:#fff;color:var(--sp-accent);font:inherit;font-weight:800;cursor:pointer}.preview-button.primary{min-height:44px;background:var(--sp-accent);border-color:var(--sp-accent);color:#fff;box-shadow:0 10px 22px rgba(15,118,110,.2)}.preview-button.primary:disabled{box-shadow:none}.target-copy-button{min-width:156px}.preview-button:disabled,.modal-close:disabled,.preview-button[aria-disabled=\"true\"]{cursor:not-allowed;opacity:1;background:#f7fbfa;border-color:#d8e8e4;color:#8aa5a0}.target-url:focus-visible,.screenshot-frame:focus-visible,.preview-button:focus-visible,.modal-close:focus-visible{outline:3px solid rgba(15,118,110,.35);outline-offset:2px;border-radius:6px}\n.content-section{margin-top:14px;padding:16px;border:1px solid var(--sp-soft-line);border-radius:12px;background:var(--sp-panel-alt)}.section-head{display:flex;justify-content:space-between;gap:14px;align-items:end;margin-bottom:12px}.section-head h2{margin:0;font-size:16px}.section-head p{margin:3px 0 0;color:var(--sp-muted);font-size:13px}.content-grid{display:grid;grid-template-columns:repeat(auto-fit,minmax(min(100%,300px),1fr));gap:8px}.content-card{min-width:0;min-height:88px;padding:10px;overflow:hidden;border:1px solid var(--sp-neutral-line);border-radius:10px;background:#fff}.content-card *{min-width:0;max-width:100%;overflow-wrap:anywhere;word-break:break-word}.content-card h3{margin:0 0 6px;font-size:14px;line-height:1.3}.content-card ul{display:grid;min-width:0;gap:3px;margin:0;padding-left:18px;color:var(--sp-muted);font-size:13px}.content-card li{min-width:0;line-height:1.38;white-space:normal}\n.bridge-footer{display:flex;flex-wrap:wrap;gap:12px 18px;align-items:flex-start;justify-content:space-between;margin-top:20px;padding-top:18px;border-top:1px solid #e7eeee}.bridge-note{max-width:760px;margin:0;color:var(--sp-muted);line-height:1.55}.pills{display:flex;flex-wrap:wrap;gap:8px;margin-left:auto}.pill{padding:6px 10px;border:1px solid #d6e7e3;border-radius:999px;color:var(--sp-muted);background:var(--sp-panel-alt);font-size:13px}.bridge-card[data-status=\"completed\"] .bridge-badge{border-color:#a9d8cd;background:#e8f8f1;color:var(--sp-accent)}.bridge-card[data-status=\"failed\"] .bridge-badge,.bridge-card[data-status=\"expired\"] .bridge-badge{border-color:#f0b7b2;background:var(--sp-danger-soft);color:var(--sp-danger)}.bridge-card[data-status=\"cancelled\"] .bridge-badge,.bridge-card[data-status=\"disconnected\"] .bridge-badge{border-color:#f0d2a8;background:var(--sp-warn-soft);color:var(--sp-warn)}\n.screenshot-modal{position:fixed;inset:0;z-index:20;display:none;place-items:center;padding:28px;background:rgba(10,18,24,.72);overscroll-behavior:contain}.screenshot-modal[data-open=\"true\"]{display:grid}.modal-card{width:min(1180px,100%);max-height:92vh;display:grid;grid-template-rows:auto auto minmax(0,1fr);overflow:hidden;border:1px solid #25443f;border-radius:14px;background:#081311;box-shadow:0 28px 90px rgba(0,0,0,.42)}.modal-bar{display:flex;align-items:center;justify-content:space-between;gap:12px;padding:12px 14px;border-bottom:1px solid #1e3934;color:#e7f7f3}.modal-title{margin:0;font-size:15px;font-weight:800}.modal-actions{display:flex;flex-wrap:wrap;gap:8px;align-items:center;justify-content:flex-end}.modal-copy-status{display:none;margin:0;padding:0 14px 10px;color:#b7d6cf;font-size:13px;font-weight:600;text-align:right}.modal-copy-status[data-visible=\"true\"]{display:block}.modal-copy-status[data-state=\"error\"]{color:#fca5a5}.modal-close{border-color:#35665f;background:#10211e;color:#e7f7f3}.modal-image{display:block;width:100%;height:100%;max-height:calc(92vh - 82px);object-fit:contain;background:#030807}\n@media (prefers-color-scheme:dark){:root{--sp-bg:#091312;--sp-panel:#101b1a;--sp-panel-alt:#0d1716;--sp-line:#244842;--sp-soft-line:#1f3935;--sp-neutral-line:#223935;--sp-ink:#ecfdf8;--sp-muted:#9fb8b3;--sp-accent-soft:#12302c;--sp-shadow:0 24px 60px rgba(0,0,0,.35)}body{background:linear-gradient(180deg,#07100f 0%,var(--sp-bg) 100%)}.bridge-header,.target-panel{background:linear-gradient(90deg,#0f2522 0%,#101b1a 76%)}.summary-tile,.summary-note,.summary-handoff span,.content-card,.state-chip{background:#101b1a}.progress{background:#18302d}.screenshot-frame{background:#0a1312}.screenshot-frame img{background:#07100f}.preview-button,.flow-toggle{background:#10211e;border-color:#35665f}.preview-button.primary{background:var(--sp-accent);border-color:var(--sp-accent);color:#fff}.preview-button:disabled,.modal-close:disabled,.preview-button[aria-disabled=\"true\"]{background:#0d1716;border-color:#244842;color:#698984}.copy-status[data-state=\"error\"]{background:#2a1211;border-color:#7f1d1d;color:#fca5a5}.bridge-card[data-status=\"failed\"] .bridge-badge,.bridge-card[data-status=\"expired\"] .bridge-badge{background:#2a1211;color:#fca5a5}.bridge-card[data-status=\"cancelled\"] .bridge-badge,.bridge-card[data-status=\"disconnected\"] .bridge-badge{background:#2a1d0b;color:#fbbf24}.state-chip[data-state=\"failed\"]{background:#2a1211;color:#fca5a5}.state-chip[data-state=\"empty\"]{background:#2a1d0b;color:#fbbf24}.content-section,.bridge-footer{border-color:#1f3935}.step{background:#0d1716}.step.done{background:#102822}.step.failed{border-color:#7f1d1d;background:#2a1211;color:#fca5a5}.step.failed .step-index{background:#ef4444;color:#fff}.pill{border-color:#244842}}\n@media (max-width:980px){.result-grid{grid-template-columns:1fr 1fr}.summary-grid{grid-template-columns:repeat(2,minmax(0,1fr))}.summary-note ul{grid-template-columns:1fr}.summary-handoff{display:none}.preview-actions{grid-template-columns:repeat(2,minmax(0,1fr))}.steps{grid-template-columns:repeat(4,minmax(0,1fr))}}\n@media (max-width:760px){.bridge-shell{padding:12px 10px 22px}.bridge-card{border-radius:14px}.bridge-header{position:relative;display:block;padding:12px 92px 12px 12px}.bridge-brand{gap:10px}.bridge-mark{width:36px;height:36px}.bridge-kicker{font-size:10px}.bridge-title{font-size:19px}.bridge-copy{margin-top:3px;font-size:13px;line-height:1.32}.bridge-badge{position:absolute;top:12px;right:12px;padding:6px 9px;font-size:12px}.bridge-body{padding:13px}.target-panel{grid-template-columns:1fr;padding:10px 12px}.target-url{font-size:15px}.target-helper{font-size:12px}.target-actions{justify-content:flex-start}.target-open-link,.profile-download-button,.target-copy-button{width:min(100%,220px);min-width:0}.result-grid{grid-template-columns:1fr}.summary-grid{grid-template-columns:repeat(2,minmax(0,1fr))}.summary-tile{min-height:54px;padding:8px}.summary-note{padding:9px 10px}.summary-note ul{grid-template-columns:1fr;gap:4px}.section-title{align-items:center;gap:8px}.section-title h2{font-size:16px}.state-chip{padding:3px 8px;font-size:11px}.screenshot-frame{height:172px}.preview-actions{gap:12px}.flow-head{display:grid;gap:4px}.flow-state{align-items:flex-start;justify-content:space-between}.step-summary{margin-top:0}.steps{grid-template-columns:repeat(2,minmax(0,1fr))}.bridge-card[data-status=\"completed\"][data-steps-open=\"true\"] .steps{margin-top:8px}.step{min-height:44px;padding:8px}.step-index{width:21px;height:21px}.step div{font-size:12px;line-height:1.25}.screenshot-modal{padding:14px}.modal-bar,.section-head{align-items:flex-start;flex-direction:column}.modal-actions{width:100%;justify-content:flex-end}.modal-copy-status{text-align:left}.bridge-footer{gap:12px;margin-top:20px}.pills{margin-left:0}}\n@media (max-width:420px){.preview-actions{grid-template-columns:1fr}.target-open-link,.profile-download-button,.target-copy-button{width:100%}}\n@media (hover:none){.preview-button,.modal-close{min-height:44px;min-width:44px}}\n@media (prefers-reduced-motion:reduce){.bridge-card[data-status=\"running\"] .progress span::after,.bridge-card[data-status=\"cancel_requested\"] .progress span::after{animation:none}.copy-status,.progress span,.screenshot-frame{transition:none}}\n"
+
+BRIDGE_PAGE_SCRIPT = "\nconst config=JSON.parse(document.getElementById('stackprism-agent-bridge-config').textContent);\nconst ids=['status','stateLabel','statusBadge','progressBar','bridgeCard','targetUrl','openTargetUrl','targetHelper','screenshotFrame','targetScreenshot','screenshotMeta','screenshotDownload','copyScreenshot','copyAllInfo','downloadProfile','copyStatus','modalCopyStatus','stepSummary','profileContentSection','profileContentGrid','screenshotModal','modalScreenshot','modalClose','modalDownload','modalCopyScreenshot','screenshotTileValue','screenshotEmpty','screenshotStateBadge','toggleSteps'];\nconst el=Object.fromEntries(ids.map(id=>[id,document.getElementById(id)]));\nconst steps=[...document.querySelectorAll('[data-phase]')];\nlet currentScreenshot=null,currentCopyText='',currentProfileBlob=null,currentProfileFetchPromise=null,copyStatusTimer=0,copyButtonTimer=0,stepsOpen=false,stepsUserToggled=false,lastStatus='',lastBody=null;\nconst phases=['bridge_connected','request_loaded','target_opening','target_loaded','detecting_tech','profiling_experience','posting_profile','cleanup'];\nconst phaseLabels={bridge_connected:'扩展已连接',request_loaded:'读取采集请求',target_opening:'打开目标页面',target_loaded:'目标页面已加载',detecting_tech:'识别技术栈',profiling_experience:'分析视觉与体验',posting_profile:'回传 Profile',cleanup:'清理采集环境'};\nconst statusLabels={queued:'等待扩展连接',waiting_extension:'等待扩展连接',running:'正在采集',cancel_requested:'正在取消',cancelled:'已取消',completed:'采集完成',failed:'采集失败',expired:'结果已过期',disconnected:'连接已关闭'};\nconst finalStatuses=['completed','failed','cancelled','expired','disconnected'];\nconst targetHrefFor=value=>{const text=String(value||'');if(!text)return '';try{const url=new URL(text);if(url.protocol!=='http:'&&url.protocol!=='https:')return '';if(url.pathname.includes('[redacted]'))return '';if(url.search.includes('[redacted]'))url.search='';return url.toString();}catch{return '';}};\nconst setTargetLink=(node,href)=>{if(href){node.href=href;node.removeAttribute('aria-disabled');node.removeAttribute('tabindex');}else{node.removeAttribute('href');node.setAttribute('aria-disabled','true');node.setAttribute('tabindex','-1');}};\nconst setTargetUrl=value=>{const targetText=value||'等待读取目标网址';const targetHref=targetHrefFor(targetText);el.targetUrl.textContent=targetText;el.targetUrl.title=targetText;setTargetLink(el.targetUrl,targetHref);setTargetLink(el.openTargetUrl,targetHref);};\nconst setStatus=value=>{el.status.textContent=value};\nconst setCopyStatus=(node,value,type='ok')=>{node.textContent=value;node.dataset.state=type;node.dataset.visible=value?'true':'false';};\nconst showCopyStatus=(value,type='ok')=>{if(copyStatusTimer)clearTimeout(copyStatusTimer);setCopyStatus(el.copyStatus,'');setCopyStatus(el.modalCopyStatus,'');setCopyStatus(modalOpen()?el.modalCopyStatus:el.copyStatus,value,type);if(value)copyStatusTimer=setTimeout(()=>{setCopyStatus(el.copyStatus,'');setCopyStatus(el.modalCopyStatus,'');},2600);};\nconst flashCopyButton=value=>{if(copyButtonTimer)clearTimeout(copyButtonTimer);el.copyAllInfo.textContent=value;copyButtonTimer=setTimeout(()=>{el.copyAllInfo.textContent='复制全部信息';},1800);};\nconst screenshotExtension=()=>currentScreenshot?.mimeType==='image/png'?'png':currentScreenshot?.mimeType==='image/webp'?'webp':'jpg';\nconst screenshotFilename=()=>('stackprism-'+config.captureId+'-screenshot.'+screenshotExtension());\nconst profileFilename=()=>('stackprism-'+config.captureId+'-profile.json');\nconst profileDownloadUrl=()=>('/v1/captures/'+config.captureId+'/profile-download');\nconst formatBytes=value=>{const bytes=Number(value);if(!Number.isFinite(bytes)||bytes<=0)return '';if(bytes<1024)return bytes+' B';if(bytes<1048576)return Math.round(bytes/1024)+' KB';return (bytes/1048576).toFixed(1)+' MB';};\nconst screenshotMetaText=screenshot=>[screenshot.mimeType||'',formatBytes(screenshot.byteLength),screenshot.scope||''].filter(Boolean).join(' - ')||'截图已包含';\nconst screenshotEmptyText=(status,preview)=>status==='completed'?'本次采集未返回截图':status==='failed'?'采集失败，未返回截图':preview?.screenshot?'':'采集完成后显示可用截图';\nconst setScreenshotState=(text,state)=>{el.screenshotTileValue.textContent=text;el.screenshotStateBadge.textContent=text;el.screenshotStateBadge.dataset.state=state;};\nlet currentScreenshotBlob=null,currentScreenshotObjectUrl='';\nconst clearScreenshotObjectUrl=()=>{if(currentScreenshotObjectUrl){URL.revokeObjectURL(currentScreenshotObjectUrl);currentScreenshotObjectUrl='';}};\nconst screenshotRequestInit=url=>{try{const target=new URL(url,location.href);return {headers:target.origin===location.origin?{Authorization:'Bearer '+config.bridgeToken}:{},cache:'no-store'};}catch{return {cache:'no-store'};}};\nconst fetchScreenshotBlob=async()=>{if(currentScreenshotBlob)return currentScreenshotBlob;if(!currentScreenshot?.downloadUrl)throw new Error('SCREENSHOT_DOWNLOAD_MISSING');const res=await fetch(currentScreenshot.downloadUrl,screenshotRequestInit(currentScreenshot.downloadUrl));if(!res.ok)throw new Error('SCREENSHOT_DOWNLOAD_FAILED');currentScreenshotBlob=await res.blob();return currentScreenshotBlob;};\nconst setScreenshotImageUrl=async screenshot=>{try{const blob=await fetchScreenshotBlob();if(currentScreenshot!==screenshot)return;clearScreenshotObjectUrl();currentScreenshotObjectUrl=URL.createObjectURL(blob);el.targetScreenshot.src=currentScreenshotObjectUrl;el.modalScreenshot.src=currentScreenshotObjectUrl;}catch{invalidateScreenshot();}};\nconst setScreenshot=screenshot=>{\nconst next=screenshot?.downloadUrl?screenshot:null;if(currentScreenshot?.downloadUrl!==next?.downloadUrl){currentScreenshotBlob=null;clearScreenshotObjectUrl();}\ncurrentScreenshot=next;\nif(currentScreenshot){setScreenshotImageUrl(currentScreenshot);el.targetScreenshot.alt='目标页面截图预览';el.modalScreenshot.alt='目标页面截图放大预览';}else{el.targetScreenshot.removeAttribute('src');el.modalScreenshot.removeAttribute('src');el.targetScreenshot.alt='';el.modalScreenshot.alt='';}\nel.screenshotFrame.classList.toggle('has-image',Boolean(currentScreenshot));\nel.screenshotMeta.textContent=currentScreenshot?screenshotMetaText(currentScreenshot):'截图可用后会显示格式与范围';\nif(currentScreenshot)setScreenshotState('截图可用','ready');\nfor(const item of [el.screenshotFrame,el.screenshotDownload,el.copyScreenshot,el.modalDownload,el.modalCopyScreenshot])item.disabled=!currentScreenshot;\n};\nconst invalidateScreenshot=()=>{currentScreenshot=null;currentScreenshotBlob=null;clearScreenshotObjectUrl();el.targetScreenshot.removeAttribute('src');el.modalScreenshot.removeAttribute('src');el.targetScreenshot.alt='';el.modalScreenshot.alt='';el.screenshotFrame.classList.remove('has-image');el.screenshotMeta.textContent='截图预览无法加载';el.screenshotEmpty.textContent='截图预览无法加载';setScreenshotState('截图失败','failed');for(const item of [el.screenshotFrame,el.screenshotDownload,el.copyScreenshot,el.modalDownload,el.modalCopyScreenshot])item.disabled=true;showCopyStatus('截图预览无法加载，可重新采集或下载 Profile 查看图片链接。','error');};\nconst downloadBlob=(blob,filename)=>{const href=URL.createObjectURL(blob);const link=document.createElement('a');link.href=href;link.download=filename;document.body.append(link);link.click();link.remove();setTimeout(()=>URL.revokeObjectURL(href),0);};\nconst downloadScreenshot=async()=>{if(!currentScreenshot)return;try{downloadBlob(await fetchScreenshotBlob(),screenshotFilename());}catch{showCopyStatus('下载截图失败：结果可能已过期或本机 bridge 已关闭。','error');}};\nconst fetchProfileBlob=async()=>{const res=await fetch(profileDownloadUrl(),{headers:{Authorization:'Bearer '+config.bridgeToken},cache:'no-store'});if(!res.ok){let code='PROFILE_DOWNLOAD_FAILED';try{code=(await res.json())?.error?.code||code;}catch{}throw new Error(code);}const blob=await res.blob();currentProfileBlob=blob;return blob;};\nconst ensureProfileCached=()=>{if(currentProfileBlob)return Promise.resolve(currentProfileBlob);if(currentProfileFetchPromise)return currentProfileFetchPromise;currentProfileFetchPromise=fetchProfileBlob().catch(error=>{currentProfileFetchPromise=null;throw error;});return currentProfileFetchPromise;};\nconst downloadProfile=async()=>{if(el.downloadProfile.disabled)return;el.downloadProfile.disabled=true;try{downloadBlob(await ensureProfileCached(),profileFilename());showCopyStatus('已下载 Profile JSON。');}catch{showCopyStatus('下载 Profile 失败：结果可能已过期或本机 bridge 已关闭。','error');}finally{el.downloadProfile.disabled=lastBody?.status!=='completed';}};\nconst copyText=async()=>{if(!currentCopyText)return;try{await navigator.clipboard.writeText(currentCopyText);showCopyStatus('已复制全部信息。');flashCopyButton('已复制');}catch{showCopyStatus('复制失败：浏览器未允许写入剪切板。','error');}};\nconst clipboardScreenshotBlob=async()=>{const blob=await fetchScreenshotBlob();if(blob.type==='image/png')return blob;const bitmap=await createImageBitmap(blob);try{const canvas=document.createElement('canvas');canvas.width=bitmap.width;canvas.height=bitmap.height;const context=canvas.getContext('2d');if(!context)throw new Error('Canvas unavailable');context.drawImage(bitmap,0,0);return await new Promise((resolve,reject)=>canvas.toBlob(output=>output?resolve(output):reject(new Error('PNG conversion failed')),'image/png'));}finally{bitmap.close?.();}};\nconst copyScreenshot=async()=>{if(!currentScreenshot)return;try{const blob=await clipboardScreenshotBlob();await navigator.clipboard.write([new ClipboardItem({'image/png':blob})]);showCopyStatus('已复制截图。');}catch{showCopyStatus('复制截图失败：浏览器未允许写入剪切板，或截图格式无法转换。','error');}};\nconst modalOpen=()=>el.screenshotModal.dataset.open==='true';\nconst modalControls=()=>[...el.screenshotModal.querySelectorAll('button:not(:disabled),a[href],input:not(:disabled),select:not(:disabled),textarea:not(:disabled),[tabindex]:not([tabindex=\"-1\"])')];\nconst openScreenshot=()=>{if(currentScreenshot){el.screenshotModal.dataset.open='true';document.body.style.overflow='hidden';el.modalClose.focus();}};\nconst closeScreenshot=()=>{if(!modalOpen())return;el.screenshotModal.dataset.open='false';setCopyStatus(el.modalCopyStatus,'');document.body.style.overflow='';const restore=el.screenshotFrame.disabled?el.bridgeCard:el.screenshotFrame;restore.focus({preventScroll:true});};\nconst renderSummary=summary=>{const cards=Array.isArray(summary?.cards)?summary.cards:[];el.profileContentGrid.replaceChildren();el.profileContentSection.hidden=!cards.length;for(const card of cards){const node=document.createElement('article');node.className='content-card';const title=document.createElement('h3');title.textContent=card.title||'Profile';const list=document.createElement('ul');for(const item of Array.isArray(card.items)?card.items:[]){const li=document.createElement('li');li.textContent=item;list.append(li);}node.append(title,list);el.profileContentGrid.append(node);}};\nconst setStepsOpen=(value,user=false)=>{stepsOpen=Boolean(value);if(user)stepsUserToggled=true;el.bridgeCard.dataset.stepsOpen=stepsOpen?'true':'false';el.toggleSteps.setAttribute('aria-expanded',stepsOpen?'true':'false');el.toggleSteps.textContent=stepsOpen?'收起步骤':'展开步骤';};\nconst updateSteps=(phase,status)=>{const index=status==='completed'?phases.length-1:Math.max(0,phases.indexOf(phase));const safeIndex=index<0?0:index;const failed=status==='failed';steps.forEach(step=>{const stepIndex=phases.indexOf(step.dataset.phase);const current=stepIndex===safeIndex&&!finalStatuses.includes(status);const failedCurrent=failed&&stepIndex===safeIndex;step.classList.toggle('done',stepIndex<safeIndex||status==='completed');step.classList.toggle('current',current);step.classList.toggle('failed',failedCurrent);if(current||failedCurrent)step.setAttribute('aria-current','step');else step.removeAttribute('aria-current');});el.progressBar.style.width=(status==='completed'?100:Math.max(8,Math.round(((safeIndex+1)/phases.length)*100)))+'%';const phaseLabel=phaseLabels[phase]||phase||status;el.stepSummary.textContent=finalStatuses.includes(status)?('结果：'+(statusLabels[status]||status)+' - '+phaseLabel):('当前步骤：'+(safeIndex+1)+'/'+phases.length+' '+phaseLabel);if(status==='completed'){if(lastStatus!==status&&!stepsUserToggled)setStepsOpen(false);else setStepsOpen(stepsOpen);}else{stepsUserToggled=false;setStepsOpen(true);}lastStatus=status;};\nconst render=body=>{const status=body?.status||'waiting_extension';const phase=body?.phase||'bridge_connected';const label=statusLabels[status]||status;const preview=body?.preview||{};const targetText=preview.targetUrl||config.targetUrl||'等待读取目标网址';lastBody=body;currentCopyText=typeof preview.copyText==='string'?preview.copyText:'';el.bridgeCard.dataset.status=status;el.bridgeCard.dataset.phase=phase;el.stateLabel.textContent=label;el.statusBadge.textContent=label;setStatus(body?.error?.code||phaseLabels[phase]||status);setTargetUrl(targetText);el.targetHelper.textContent=status==='completed'&&currentCopyText?'已生成 Agent 可读摘要，可复制给本机 Coding Agent 使用。':finalStatuses.includes(status)?'本次采集已结束，可查看可用摘要。':'采集完成后可复制给本机 Coding Agent 使用。';setScreenshot(preview.screenshot);if(!currentScreenshot){el.screenshotEmpty.textContent=screenshotEmptyText(status,preview);setScreenshotState(finalStatuses.includes(status)?'未返回截图':'等待截图',finalStatuses.includes(status)?'empty':'pending');}el.copyAllInfo.disabled=!currentCopyText;el.downloadProfile.disabled=status!=='completed';if(status==='completed')ensureProfileCached().catch(()=>{});if(!currentCopyText)el.copyAllInfo.textContent='复制全部信息';renderSummary(preview.contentSummary);updateSteps(phase,status);};\nel.screenshotFrame.addEventListener('click',openScreenshot);el.screenshotDownload.addEventListener('click',downloadScreenshot);el.copyScreenshot.addEventListener('click',copyScreenshot);el.copyAllInfo.addEventListener('click',copyText);el.downloadProfile.addEventListener('click',downloadProfile);el.modalDownload.addEventListener('click',downloadScreenshot);el.modalCopyScreenshot.addEventListener('click',copyScreenshot);el.modalClose.addEventListener('click',closeScreenshot);el.targetScreenshot.addEventListener('error',invalidateScreenshot);el.modalScreenshot.addEventListener('error',invalidateScreenshot);\nel.toggleSteps.addEventListener('click',()=>setStepsOpen(!stepsOpen,true));\nel.screenshotModal.addEventListener('click',event=>{if(event.target===el.screenshotModal)closeScreenshot();});\ndocument.addEventListener('keydown',event=>{if(!modalOpen())return;if(event.key==='Escape'){closeScreenshot();return;}if(event.key!=='Tab')return;const controls=modalControls();if(!controls.length)return;const first=controls[0],last=controls[controls.length-1];if(!el.screenshotModal.contains(document.activeElement)){event.preventDefault();(event.shiftKey?last:first).focus();}else if(event.shiftKey&&document.activeElement===first){event.preventDefault();last.focus();}else if(!event.shiftKey&&document.activeElement===last){event.preventDefault();first.focus();}});\nconst poll=async()=>{try{const res=await fetch('/v1/captures/'+config.captureId,{headers:{Authorization:'Bearer '+config.bridgeToken},cache:'no-store'});const body=await res.json();if(!res.ok){render({status:'failed',phase:lastBody?.phase||'cleanup',error:{code:body?.error?.code||'Bridge request failed.'}});return;}render(body);if(finalStatuses.includes(body.status))return;}catch{if(lastBody&&finalStatuses.includes(lastBody.status))return;render({status:'disconnected',phase:lastBody?.phase||'bridge_connected',preview:lastBody?.preview,error:{code:'本机 bridge 服务已关闭，当前页面无法继续读取状态。'}});return;}setTimeout(poll,1000);};\npoll();\n"
diff --git a/agent-skill/stackprism-site-experience/scripts/stackprism_bridge_lib/capture_store.py b/agent-skill/stackprism-site-experience/scripts/stackprism_bridge_lib/capture_store.py
new file mode 100644
index 00000000..ef8b8ca7
--- /dev/null
+++ b/agent-skill/stackprism-site-experience/scripts/stackprism_bridge_lib/capture_store.py
@@ -0,0 +1,173 @@
+import threading
+import time
+
+from .open_browser import open_browser
+from .protocol import error_body, new_bridge_token, new_capture_id, new_nonce, new_screenshot_download_id, new_session_id
+from .profile_response import prepare_profile_for_storage
+
+
+EXTENSION_CONNECT_TIMEOUT_SECONDS = 30
+CAPTURE_TIMEOUT_SECONDS = 95
+CANCEL_TIMEOUT_SECONDS = 10
+RESULT_TTL_SECONDS = 10 * 60
+MAX_CAPTURE_RECORDS = 100
+
+
+def capture_deadline_error(capture):
+    if capture.get("phase") == "target_opening":
+        return error_body("TARGET_LOAD_TIMEOUT", "Target tab load timed out.")["error"]
+    return error_body("CAPTURE_TIMEOUT", "Capture timed out.")["error"]
+
+
+class CaptureStore:
+    def __init__(self, base_url, now=time.time, open_browser_fn=open_browser, result_ttl_seconds=RESULT_TTL_SECONDS, timer_factory=threading.Timer):
+        self.base_url = base_url
+        self.now = now
+        self.open_browser = open_browser_fn
+        self.result_ttl_seconds = result_ttl_seconds
+        self.timer_factory = timer_factory
+        self.captures = {}
+        self.result_expiry_timers = {}
+        self._lock = threading.RLock()
+
+    def active_count(self):
+        with self._lock:
+            for item in list(self.captures.values()):
+                self.expire_if_needed(item)
+            return len([item for item in self.captures.values() if item["status"] in {"queued", "waiting_extension", "running", "cancel_requested"}])
+
+    def get(self, capture_id):
+        with self._lock:
+            capture = self.captures.get(capture_id)
+            if capture:
+                self.expire_if_needed(capture)
+            return capture
+
+    def create(self, request):
+        with self._lock:
+            if self.active_count():
+                return None, 429, error_body("CAPTURE_BUSY", "Another capture is already active.")
+            now = self.now()
+            capture_id = new_capture_id()
+            session_id = new_session_id()
+            nonce = new_nonce()
+            capture = {
+                "id": capture_id,
+                "sessionId": session_id,
+                "nonce": nonce,
+                "bridgeToken": new_bridge_token(),
+                "status": "queued",
+                "phase": None,
+                "sequence": 0,
+                "request": request,
+                "profile": None,
+                "screenshotAsset": None,
+                "error": None,
+                "createdAt": now,
+                "extensionDeadlineAt": now + EXTENSION_CONNECT_TIMEOUT_SECONDS,
+                "deadlineAt": now + CAPTURE_TIMEOUT_SECONDS,
+                "cancelDeadlineAt": None,
+                "resultExpiresAt": None,
+                "bridgeTokenRenderedAt": None,
+                "bridgeTokenClaimedAt": None,
+                "profileDownloadReadyAt": None,
+                "screenshotDownloadId": new_screenshot_download_id(),
+                "screenshotUrl": None,
+            }
+            capture["bridgeUrl"] = f"{self.base_url}/bridge?session={session_id}&capture={capture_id}&nonce={nonce}"
+            capture["profileUrl"] = f"{self.base_url}/v1/captures/{capture_id}/profile"
+            capture["screenshotUrl"] = f"{self.base_url}/v1/captures/{capture_id}/screenshot-download/{capture['screenshotDownloadId']}"
+            self.captures[capture_id] = capture
+            self.prune_terminal_records()
+        opened, details = self.open_browser(capture["bridgeUrl"])
+        if not opened:
+            with self._lock:
+                capture["status"] = "failed"
+                capture["error"] = error_body("BROWSER_OPEN_FAILED", "Failed to open the bridge page.", details)["error"]
+            return None, 500, error_body("BROWSER_OPEN_FAILED", "Failed to open the bridge page.", details)
+        return capture, 200, None
+
+    def request_cancel(self, capture):
+        with self._lock:
+            capture["status"] = "cancel_requested"
+            capture["cancelDeadlineAt"] = self.now() + CANCEL_TIMEOUT_SECONDS
+
+    def mark_profile(self, capture, profile):
+        with self._lock:
+            capture["resultExpiresAt"] = self.now() + self.result_ttl_seconds
+            stored_profile, screenshot_asset = prepare_profile_for_storage(profile, capture)
+            capture["profile"] = stored_profile
+            capture["screenshotAsset"] = screenshot_asset
+            capture["status"] = "completed"
+            capture["phase"] = "cleanup"
+            self.schedule_result_expiry(capture)
+
+    def touch_result(self, capture):
+        with self._lock:
+            if capture.get("status") != "completed":
+                return
+            capture["resultExpiresAt"] = self.now() + self.result_ttl_seconds
+            self.schedule_result_expiry(capture)
+
+    def clear_result_expiry_timer(self, capture_id):
+        timer = self.result_expiry_timers.pop(capture_id, None)
+        if timer:
+            timer.cancel()
+
+    def schedule_result_expiry(self, capture):
+        self.clear_result_expiry_timer(capture["id"])
+        expires_at = capture.get("resultExpiresAt")
+        if not expires_at:
+            return
+        delay = max(0, expires_at - self.now())
+        timer = self.timer_factory(delay, lambda: self.expire_result_by_id(capture["id"]))
+        timer.daemon = True
+        self.result_expiry_timers[capture["id"]] = timer
+        timer.start()
+
+    def expire_result_by_id(self, capture_id):
+        with self._lock:
+            self.result_expiry_timers.pop(capture_id, None)
+            capture = self.captures.get(capture_id)
+            if capture:
+                self.expire_if_needed(capture)
+
+    def expire_if_needed(self, capture):
+        with self._lock:
+            now = self.now()
+            if capture["status"] == "completed" and capture.get("resultExpiresAt") and capture["resultExpiresAt"] <= now:
+                capture["status"] = "expired"
+                capture["profile"] = None
+                capture["screenshotAsset"] = None
+                capture["error"] = error_body("CAPTURE_RESULT_EXPIRED", "Capture result expired.")["error"]
+                self.clear_result_expiry_timer(capture["id"])
+            extension_deadline = capture.get("extensionDeadlineAt")
+            if capture["status"] in {"queued", "waiting_extension"} and extension_deadline is not None and extension_deadline <= now:
+                capture["status"] = "failed"
+                capture["error"] = error_body("EXTENSION_NOT_CONNECTED", "StackPrism extension did not connect before the deadline.")["error"]
+            capture_deadline = capture.get("deadlineAt")
+            if capture["status"] == "running" and capture_deadline is not None and capture_deadline <= now:
+                capture["status"] = "failed"
+                capture["error"] = capture_deadline_error(capture)
+            if capture["status"] == "cancel_requested" and capture.get("cancelDeadlineAt") and capture["cancelDeadlineAt"] <= now:
+                capture["status"] = "cancelled"
+                capture["error"] = error_body("CAPTURE_TIMEOUT", "Capture cancellation timed out.", {"reason": "cancel_timeout"})["error"]
+
+    def prune_terminal_records(self):
+        with self._lock:
+            overflow = len(self.captures) - MAX_CAPTURE_RECORDS
+            if overflow <= 0:
+                return
+            terminal = sorted(
+                (item for item in self.captures.values() if item["status"] not in {"queued", "waiting_extension", "running", "cancel_requested"}),
+                key=lambda item: item.get("createdAt", 0),
+            )
+            for item in terminal[:overflow]:
+                self.clear_result_expiry_timer(item["id"])
+                self.captures.pop(item["id"], None)
+
+    def clear(self):
+        with self._lock:
+            for capture_id in list(self.result_expiry_timers.keys()):
+                self.clear_result_expiry_timer(capture_id)
+            self.captures.clear()
diff --git a/agent-skill/stackprism-site-experience/scripts/stackprism_bridge_lib/http_handler_base.py b/agent-skill/stackprism-site-experience/scripts/stackprism_bridge_lib/http_handler_base.py
new file mode 100644
index 00000000..754c6462
--- /dev/null
+++ b/agent-skill/stackprism-site-experience/scripts/stackprism_bridge_lib/http_handler_base.py
@@ -0,0 +1,55 @@
+from http.server import BaseHTTPRequestHandler
+import time
+
+from .body import read_json_body
+from .protocol import error_body, json_bytes
+from .security import auth_api, auth_capture, bad_shell_error, cross_origin_error, rate_limited
+
+
+JSON_BODY_LIMIT = 5 * 1024 * 1024
+
+
+class BaseBridgeHandler(BaseHTTPRequestHandler):
+    def log_message(self, _format, *args):
+        return
+
+    def send_json(self, status, body, extra_headers=None):
+        payload = json_bytes(body)
+        self.send_response(status)
+        self.send_header("Content-Type", "application/json; charset=utf-8")
+        self.send_header("Cache-Control", "no-store")
+        self.send_header("X-Content-Type-Options", "nosniff")
+        for key, value in (extra_headers or {}).items():
+            self.send_header(key, value)
+        self.end_headers()
+        self.wfile.write(payload)
+
+    def fail(self, status, code, message, details=None, extra_headers=None):
+        self.send_json(status, error_body(code, message, details), extra_headers)
+
+    def method_not_allowed(self, allow):
+        self.send_json(405, error_body("METHOD_NOT_ALLOWED", "Method is not supported."), {"Allow": allow})
+
+    def reject_bad_shell(self):
+        if error := bad_shell_error(self):
+            self.fail(*error)
+            return True
+        return False
+
+    def reject_cross_origin_sensitive_request(self):
+        if error := cross_origin_error(self):
+            self.fail(*error)
+            return True
+        return False
+
+    def auth_api(self):
+        return auth_api(self)
+
+    def auth_capture(self, capture, scope):
+        return auth_capture(self, capture, scope)
+
+    def rate_limited(self, token, bucket_name):
+        return rate_limited(self, token, bucket_name, int(time.time() // 60))
+
+    def read_json(self, limit=JSON_BODY_LIMIT, too_large_code="REQUEST_TOO_LARGE"):
+        return read_json_body(self, limit, too_large_code)
diff --git a/agent-skill/stackprism-site-experience/scripts/stackprism_bridge_lib/http_server.py b/agent-skill/stackprism-site-experience/scripts/stackprism_bridge_lib/http_server.py
new file mode 100644
index 00000000..1a1770bb
--- /dev/null
+++ b/agent-skill/stackprism-site-experience/scripts/stackprism_bridge_lib/http_server.py
@@ -0,0 +1,292 @@
+from urllib.parse import urlparse
+import re
+
+from .bridge_page import render_bridge_page
+from .http_handler_base import BaseBridgeHandler
+from .protocol import (
+    PROTOCOL_VERSION,
+    SERVICE,
+    VERSION,
+    error_body,
+    sanitize_bridge_error,
+    safe_equal,
+    valid_id,
+)
+from .profile_response import get_profile, get_profile_download, get_screenshot_download
+from .security import bridge_query_value, valid_bridge_query
+from .status import FINAL_STATES, public_status, validate_status_update
+from .url_policy import normalize_capture_request, validate_final_url, validate_target_network_address
+
+
+PROFILE_BODY_LIMIT = 8 * 1024 * 1024
+DEFAULT_REQUEST_TIMEOUT_SECONDS = 35
+
+
+class BridgeHandler(BaseBridgeHandler):
+    server_version = "StackPrismBridge/0.1"
+
+    def setup(self):
+        super().setup()
+        self.connection.settimeout(DEFAULT_REQUEST_TIMEOUT_SECONDS)
+        self.connection_accepted = False
+        with self.server.connection_lock:
+            if self.server.active_connections >= self.server.max_open_connections:
+                self.close_connection = True
+                self.connection.close()
+                return
+            self.server.active_connections += 1
+            self.connection_accepted = True
+
+    def finish(self):
+        try:
+            if self.connection_accepted:
+                super().finish()
+        finally:
+            if self.connection_accepted:
+                with self.server.connection_lock:
+                    self.server.active_connections = max(0, self.server.active_connections - 1)
+
+    def capture_route(self, path):
+        match = re.match(r"^/v1/captures/([^/]+)(?:/(request|control|status|profile|profile-download)|/(screenshot-download)/([^/]+))?$", path)
+        if not match or not valid_id("captureId", match[1]):
+            return None
+        return self.server.store.get(match[1]), match[2] or match[3] or "", match[4] or ""
+
+    def do_GET(self):
+        if self.reject_bad_shell():
+            return
+        parsed = urlparse(self.path)
+        if parsed.path == "/health":
+            self.send_json(200, {"ok": True, "service": SERVICE, "version": VERSION, "protocolVersion": PROTOCOL_VERSION, "bound": "127.0.0.1", "activeCaptures": self.server.store.active_count()})
+            return
+        if parsed.path == "/bridge":
+            if self.reject_cross_origin_sensitive_request():
+                return
+            if not valid_bridge_query(parsed.query):
+                self.fail(400, "INVALID_REQUEST", "Bridge query is invalid.")
+                return
+            capture = self.server.store.get(bridge_query_value(parsed.query, "capture"))
+            if not capture or capture["sessionId"] != bridge_query_value(parsed.query, "session") or capture["nonce"] != bridge_query_value(parsed.query, "nonce"):
+                self.fail(404, "NOT_FOUND", "Capture bridge page was not found.")
+                return
+            render_bridge_page(self, capture)
+            return
+        if parsed.path == "/v1/captures":
+            self.method_not_allowed("POST")
+            return
+        routed = self.capture_route(parsed.path)
+        if not routed:
+            self.fail(404, "NOT_FOUND", "Endpoint was not found.")
+            return
+        self.handle_capture_get(*routed)
+
+    def handle_capture_get(self, capture, endpoint, screenshot_download_id=""):
+        if not capture:
+            self.fail(404, "NOT_FOUND", "Capture was not found.")
+            return
+        if self.reject_cross_origin_sensitive_request():
+            return
+        if endpoint == "":
+            token_type = self.auth_capture(capture, "status")
+            if token_type and not (token_type == "api" and self.rate_limited(self.server.api_token, "query")):
+                self.send_json(200, public_status(capture))
+            elif token_type == "api":
+                self.fail(429, "RATE_LIMITED", "Agent bridge rate limit exceeded.")
+            return
+        if endpoint == "request" and self.auth_capture(capture, "bridge"):
+            with self.server.store._lock:
+                capture["bridgeTokenClaimedAt"] = self.server.store.now()
+                body = {
+                    "captureId": capture["id"],
+                    "sessionId": capture["sessionId"],
+                    "nonce": capture["nonce"],
+                    "protocolVersion": PROTOCOL_VERSION,
+                    "request": capture["request"],
+                }
+            self.send_json(200, body)
+            return
+        if endpoint == "control" and self.auth_capture(capture, "bridge"):
+            command = "cancel" if capture["status"] in {"cancel_requested", "completed", "cancelled", "failed", "expired"} else "continue"
+            self.send_json(200, {"id": capture["id"], "command": command, "status": capture["status"]})
+            return
+        if endpoint == "profile":
+            get_profile(self, capture)
+            return
+        if endpoint == "profile-download":
+            get_profile_download(self, capture)
+            return
+        if endpoint == "screenshot-download":
+            if not (valid_id("screenshotDownloadId", screenshot_download_id) and safe_equal(screenshot_download_id, capture.get("screenshotDownloadId"))):
+                self.fail(403, "FORBIDDEN", "Screenshot download URL is not valid for this capture.", extra_headers={"Referrer-Policy": "no-referrer"})
+                return
+            get_screenshot_download(self, capture, require_auth=False)
+            return
+        self.method_not_allowed("GET, POST" if endpoint == "profile" else "GET")
+
+    def do_OPTIONS(self):
+        if self.reject_bad_shell():
+            return
+        self.method_not_allowed("GET, POST, DELETE")
+
+    def do_CONNECT(self):
+        self.close_connection = True
+        if self.reject_bad_shell():
+            return
+        self.method_not_allowed("GET, POST, DELETE")
+
+    def do_POST(self):
+        if self.reject_bad_shell() or self.reject_cross_origin_sensitive_request():
+            return
+        if self.path in {"/health", "/bridge"}:
+            self.method_not_allowed("GET")
+            return
+        if self.path == "/v1/captures":
+            self.create_capture()
+            return
+        routed = self.capture_route(urlparse(self.path).path)
+        if not routed:
+            self.fail(404, "NOT_FOUND", "Endpoint was not found.")
+            return
+        capture, endpoint, _screenshot_download_id = routed
+        if not capture:
+            self.fail(404, "NOT_FOUND", "Capture was not found.")
+        elif endpoint == "profile":
+            self.post_profile(capture)
+        elif endpoint == "status":
+            self.post_status(capture)
+        else:
+            self.method_not_allowed("GET, DELETE" if endpoint == "" else "GET")
+
+    def create_capture(self):
+        if not self.auth_api():
+            return
+        if self.rate_limited(self.server.api_token, "create"):
+            self.fail(429, "RATE_LIMITED", "Agent bridge rate limit exceeded.")
+            return
+        body = self.read_json()
+        if body is None:
+            return
+        request, code, details, message = normalize_capture_request(body, self.server.store.base_url)
+        if not request:
+            self.fail(400, code, message or "Capture request is invalid.", details)
+            return
+        capture, status, err = self.server.store.create(request)
+        if err:
+            self.send_json(status, err)
+            return
+        self.send_json(200, {"id": capture["id"], "status": capture["status"], "bridgeUrl": capture["bridgeUrl"], "profileUrl": capture["profileUrl"]})
+
+    def post_profile(self, capture):
+        if not self.auth_capture(capture, "bridge"):
+            return
+        with self.server.store._lock:
+            if capture["status"] in FINAL_STATES:
+                code = "CAPTURE_ALREADY_COMPLETED" if capture["status"] == "completed" else "STALE_STATUS_UPDATE"
+                response = ("fail", 409, code, "Capture is already terminal.", {"status": capture["status"]})
+            elif not capture.get("finalUrl"):
+                response = ("fail", 409, "INVALID_REQUEST", "Capture final URL has not been accepted.", None)
+            else:
+                response = None
+        if response and response[0] == "fail":
+            self.fail(response[1], response[2], response[3], response[4])
+        elif response:
+            self.send_json(200, response[1])
+        else:
+            body = self.read_json(PROFILE_BODY_LIMIT, "PROFILE_TOO_LARGE")
+            if body is None:
+                return
+            with self.server.store._lock:
+                if capture["status"] in FINAL_STATES:
+                    code = "CAPTURE_ALREADY_COMPLETED" if capture["status"] == "completed" else "STALE_STATUS_UPDATE"
+                    response = ("fail", 409, code, "Capture is already terminal.", {"status": capture["status"]})
+                elif body.get("schema") != "stackprism.site_experience_profile.v1" or body.get("captureId") != capture["id"]:
+                    response = ("fail", 400, "INVALID_REQUEST", "Profile schema or capture id is invalid.", None)
+                else:
+                    self.server.store.mark_profile(capture, body)
+                    response = ("json", public_status(capture))
+            if response[0] == "fail":
+                self.fail(response[1], response[2], response[3], response[4])
+            else:
+                self.send_json(200, response[1])
+
+    def post_status(self, capture):
+        if not self.auth_capture(capture, "bridge"):
+            return
+        body = self.read_json()
+        if body is None:
+            return
+        final_url_result = None
+        network_result = (None, None)
+        if body.get("finalUrl"):
+            final_url_result = validate_final_url(body["finalUrl"], self.server.store.base_url, capture["request"])
+            from_cache = body.get("targetNetworkFromCache") is True
+            network_result = validate_target_network_address(body.get("targetNetworkAddress"), capture["request"], from_cache, final_url_result[0] if final_url_result else None)
+        with self.server.store._lock:
+            valid, code, message = validate_status_update(capture, body)
+            if not valid:
+                response = ("fail", 400 if code == "INVALID_REQUEST" else 409, code, message, None)
+            elif body.get("status") == "running" and body.get("phase") == "target_loaded" and not body.get("finalUrl") and not capture.get("finalUrl"):
+                response = ("fail", 400, "INVALID_REQUEST", "target_loaded status requires finalUrl.", None)
+            elif body.get("finalUrl"):
+                final_url, code, details = final_url_result
+                network_code, network_details = network_result
+                if code:
+                    capture["status"] = "failed"
+                    capture["phase"] = body["phase"]
+                    capture["error"] = error_body(code, "Final URL is blocked by target policy.", details)["error"]
+                    response = ("fail", 409, code, "Final URL is blocked by target policy.", details)
+                elif network_code == "INVALID_REQUEST":
+                    response = ("fail", 400, network_code, "Final URL is blocked by target policy.", network_details)
+                elif network_code:
+                    message = "Final URL is blocked by target policy."
+                    capture["status"] = "failed"
+                    capture["phase"] = body["phase"]
+                    capture["error"] = error_body(network_code, message, network_details)["error"]
+                    response = ("fail", 409, network_code, message, network_details)
+                else:
+                    capture["finalUrl"] = final_url
+                    capture["sequence"] = body["sequence"]
+                    capture["status"] = body["status"]
+                    capture["phase"] = body["phase"]
+                    capture["error"] = sanitize_bridge_error(body["error"]) if body.get("error") else capture["error"]
+                    response = ("json", public_status(capture))
+            else:
+                capture["sequence"] = body["sequence"]
+                capture["status"] = body["status"]
+                capture["phase"] = body["phase"]
+                capture["error"] = sanitize_bridge_error(body["error"]) if body.get("error") else capture["error"]
+                response = ("json", public_status(capture))
+        if response[0] == "fail":
+            self.fail(response[1], response[2], response[3], response[4])
+        else:
+            self.send_json(200, response[1])
+
+    def do_DELETE(self):
+        if self.reject_bad_shell() or self.reject_cross_origin_sensitive_request():
+            return
+        if self.path == "/v1/captures":
+            self.method_not_allowed("POST")
+            return
+        if self.path in {"/health", "/bridge"}:
+            self.method_not_allowed("GET")
+            return
+        routed = self.capture_route(urlparse(self.path).path)
+        if not routed:
+            self.fail(404, "NOT_FOUND", "Endpoint was not found.")
+            return
+        capture, endpoint, _screenshot_download_id = routed
+        if endpoint != "":
+            self.method_not_allowed("GET")
+            return
+        if not capture:
+            self.fail(404, "NOT_FOUND", "Capture was not found.")
+            return
+        if not self.auth_api():
+            return
+        if capture["status"] in FINAL_STATES:
+            self.fail(409, "INVALID_REQUEST", "Capture is already terminal.", {"status": capture["status"]})
+        elif capture["status"] == "cancel_requested":
+            self.fail(409, "STALE_STATUS_UPDATE", "Capture cancellation is already requested.", {"status": capture["status"]})
+        else:
+            self.server.store.request_cancel(capture)
+            self.send_json(200, public_status(capture))
diff --git a/agent-skill/stackprism-site-experience/scripts/stackprism_bridge_lib/open_browser.py b/agent-skill/stackprism-site-experience/scripts/stackprism_bridge_lib/open_browser.py
new file mode 100644
index 00000000..055ac1f6
--- /dev/null
+++ b/agent-skill/stackprism-site-experience/scripts/stackprism_bridge_lib/open_browser.py
@@ -0,0 +1,131 @@
+import json
+import os
+import platform
+import shutil
+import subprocess
+from urllib.parse import urlparse
+
+
+DEFAULT_OPEN_TIMEOUT_SECONDS = 5
+MAX_OPEN_TIMEOUT_SECONDS = 30
+MAX_LAUNCH_PROBE_SECONDS = 1
+DEFAULT_WINDOWS_PATHEXT = ".COM;.EXE;.BAT;.CMD"
+
+
+def contains_nul(value):
+    return isinstance(value, str) and "\0" in value or isinstance(value, list) and any(contains_nul(item) for item in value)
+
+
+def has_path_separator(value):
+    return "/" in value or "\\" in value
+
+
+def windows_command_candidates(command, env=os.environ):
+    extensions = [item for item in env.get("PATHEXT", DEFAULT_WINDOWS_PATHEXT).split(";") if item]
+    if any(command.lower().endswith(extension.lower()) for extension in extensions):
+        return [command]
+    return [f"{command}{extension}" for extension in extensions]
+
+
+def parse_open_timeout_seconds(env):
+    value = env.get("STACKPRISM_BROWSER_OPEN_TIMEOUT_MS")
+    if value is None or value == "":
+        return True, DEFAULT_OPEN_TIMEOUT_SECONDS, None
+    if not str(value).isdecimal():
+        return False, None, {"reason": "invalid_open_timeout"}
+    timeout_ms = int(value)
+    if timeout_ms < 100 or timeout_ms > MAX_OPEN_TIMEOUT_SECONDS * 1000:
+        return False, None, {"reason": "invalid_open_timeout"}
+    return True, timeout_ms / 1000, None
+
+
+def parse_open_config(env=os.environ):
+    if any("\0" in str(env.get(key, "")) for key in ("STACKPRISM_BROWSER_OPEN_COMMAND", "STACKPRISM_BROWSER_OPEN_ARGS_JSON")):
+        return False, "BRIDGE_INVALID_ENV", "Browser open environment contains NUL."
+    if env.get("STACKPRISM_BROWSER_OPEN_COMMAND") and env.get("STACKPRISM_BROWSER_OPEN_ARGS_JSON"):
+        try:
+            if contains_nul(json.loads(env["STACKPRISM_BROWSER_OPEN_ARGS_JSON"])):
+                return False, "BRIDGE_INVALID_ENV", "Browser open environment contains NUL."
+        except Exception:
+            pass
+    return True, None, None
+
+
+def resolve_browser_open_command(env=os.environ, system=None):
+    command = env.get("STACKPRISM_BROWSER_OPEN_COMMAND")
+    args = []
+    if command:
+        if env.get("STACKPRISM_BROWSER_OPEN_ARGS_JSON"):
+            try:
+                args = json.loads(env["STACKPRISM_BROWSER_OPEN_ARGS_JSON"])
+            except Exception:
+                return False, {"reason": "invalid_open_args"}
+            if not isinstance(args, list) or any(not isinstance(arg, str) for arg in args):
+                return False, {"reason": "invalid_open_args"}
+    elif (system or platform.system()) == "Darwin":
+        command = "open"
+    elif (system or platform.system()) == "Windows":
+        command = "rundll32.exe"
+        args = ["url.dll,FileProtocolHandler"]
+    else:
+        command = "xdg-open"
+    return True, {"command": command, "args": args}
+
+
+def command_exists(command):
+    if has_path_separator(command):
+        if os.name == "nt":
+            return any(os.path.isfile(candidate) for candidate in windows_command_candidates(command))
+        return os.path.isfile(command) and os.access(command, os.X_OK)
+    return shutil.which(command) is not None
+
+
+def detached_popen_kwargs():
+    kwargs = {"stdin": subprocess.DEVNULL, "stdout": subprocess.DEVNULL, "stderr": subprocess.DEVNULL}
+    if os.name == "nt":
+        kwargs["creationflags"] = getattr(subprocess, "DETACHED_PROCESS", 0) | getattr(subprocess, "CREATE_NEW_PROCESS_GROUP", 0)
+    else:
+        kwargs["start_new_session"] = True
+    return kwargs
+
+
+def open_browser(url, env=os.environ):
+    ok, code, message = parse_open_config(env)
+    if not ok:
+        return False, {"reason": code, "message": message}
+    if any(char in url for char in ("\0", "\n", "\r")):
+        return False, {"reason": "invalid_url"}
+    parsed_url = urlparse(url)
+    if parsed_url.scheme.lower() not in ("http", "https"):
+        return False, {"reason": "invalid_scheme", "allowed": ["http", "https"]}
+    if parsed_url.username or parsed_url.password:
+        return False, {"reason": "invalid_url"}
+    if env.get("STACKPRISM_BRIDGE_NO_OPEN") == "1":
+        return True, {"skipped": True}
+
+    resolved_ok, resolved = resolve_browser_open_command(env)
+    if not resolved_ok:
+        return False, resolved
+    timeout_ok, timeout_seconds, timeout_details = parse_open_timeout_seconds(env)
+    if not timeout_ok:
+        return False, timeout_details
+    command = resolved["command"]
+    args = resolved["args"]
+    if not command_exists(command):
+        return False, {"reason": "command_not_found"}
+
+    try:
+        process = subprocess.Popen([command, *args, url], **detached_popen_kwargs())
+        try:
+            code = process.wait(timeout=min(timeout_seconds, MAX_LAUNCH_PROBE_SECONDS))
+        except subprocess.TimeoutExpired:
+            return True, {}
+        if code != 0:
+            return False, {"reason": "open_failed", "exitCode": code}
+    except FileNotFoundError:
+        return False, {"reason": "command_not_found"}
+    except PermissionError:
+        return False, {"reason": "permission_denied"}
+    except Exception:
+        return False, {"reason": "spawn_failed"}
+    return True, {}
diff --git a/agent-skill/stackprism-site-experience/scripts/stackprism_bridge_lib/profile_response.py b/agent-skill/stackprism-site-experience/scripts/stackprism_bridge_lib/profile_response.py
new file mode 100644
index 00000000..04ddd762
--- /dev/null
+++ b/agent-skill/stackprism-site-experience/scripts/stackprism_bridge_lib/profile_response.py
@@ -0,0 +1,215 @@
+import base64
+import copy
+import re
+from datetime import datetime, timezone
+
+
+SCREENSHOT_DATA_URL_PATTERN = re.compile(r"^data:image/(jpeg|png|webp);base64,([A-Za-z0-9+/=]+)$", re.I)
+SCREENSHOT_BASE64_OMITTED_NOTE = (
+    "Screenshot image base64 is intentionally omitted from this Profile JSON. "
+    "To inspect actual visual appearance, download the image from downloadUrl while the local bridge is running and before availableUntil."
+)
+SCREENSHOT_PROFILE_JSON_NOTE = (
+    "Profile JSON is standard JSON and cannot contain comments. "
+    "This note field is the durable instruction: screenshot base64 is omitted; use downloadUrl to inspect actual visual appearance."
+)
+
+
+def as_dict(value):
+    return value if isinstance(value, dict) else {}
+
+
+def profile_visual_screenshot(profile):
+    visual_profile = as_dict(as_dict(profile).get("visualProfile"))
+    return as_dict(visual_profile.get("screenshot"))
+
+
+def screenshot_extension_for(mime_type):
+    if mime_type == "image/png":
+        return "png"
+    if mime_type == "image/webp":
+        return "webp"
+    return "jpg"
+
+
+def available_until_for(capture):
+    expires_at = capture.get("resultExpiresAt")
+    if not expires_at:
+        return ""
+    timestamp = datetime.fromtimestamp(expires_at, timezone.utc)
+    milliseconds = timestamp.microsecond // 1000
+    return f"{timestamp.strftime('%Y-%m-%dT%H:%M:%S')}.{milliseconds:03d}Z"
+
+
+def screenshot_asset_from(screenshot):
+    data_url = screenshot.get("dataUrl")
+    match = SCREENSHOT_DATA_URL_PATTERN.match(data_url) if isinstance(data_url, str) else None
+    if not match:
+        return None
+    mime_type = f"image/{match.group(1).lower()}"
+    try:
+        data = base64.b64decode(match.group(2), validate=True)
+    except Exception:
+        return None
+    if not data:
+        return None
+    metadata = {key: value for key, value in screenshot.items() if key != "dataUrl"}
+    return {"data": data, "mimeType": mime_type, "extension": screenshot_extension_for(mime_type), "metadata": metadata}
+
+
+def screenshot_metadata_for(capture, asset):
+    metadata = dict(asset.get("metadata") or {})
+    metadata.update(
+        {
+            "mimeType": asset["mimeType"],
+            "byteLength": len(asset["data"]),
+            "downloadUrl": capture.get("screenshotUrl"),
+            "downloadMethod": "GET",
+            "lifecycle": {
+                "requiresLocalBridge": True,
+                "availableUntil": available_until_for(capture),
+                "note": "Download the screenshot before the local bridge process exits or the capture result expires.",
+            },
+            "profileJsonNote": SCREENSHOT_PROFILE_JSON_NOTE,
+            "note": SCREENSHOT_BASE64_OMITTED_NOTE,
+        }
+    )
+    return metadata
+
+
+def screenshot_payload_for_capture(capture):
+    asset = capture.get("screenshotAsset") or screenshot_asset_from(profile_visual_screenshot(capture.get("profile")))
+    if not asset or not asset.get("data"):
+        return None
+    return {
+        "data": asset["data"],
+        "mimeType": asset["mimeType"],
+        "extension": asset["extension"],
+        "metadata": screenshot_metadata_for(capture, asset),
+    }
+
+
+def ensure_visual_reference(profile):
+    if not isinstance(profile.get("agentGuidance"), dict):
+        profile["agentGuidance"] = {}
+    if not isinstance(profile["agentGuidance"].get("recreationPlan"), dict):
+        profile["agentGuidance"]["recreationPlan"] = {}
+    if not isinstance(profile["agentGuidance"]["recreationPlan"].get("visualReference"), dict):
+        profile["agentGuidance"]["recreationPlan"]["visualReference"] = {}
+    return profile["agentGuidance"]["recreationPlan"]["visualReference"]
+
+
+def update_visual_reference(profile, capture, payload):
+    visual_reference = ensure_visual_reference(profile) if payload else (((profile or {}).get("agentGuidance") or {}).get("recreationPlan") or {}).get("visualReference")
+    if not isinstance(visual_reference, dict):
+        return
+    visual_reference["screenshotIncluded"] = bool(payload)
+    visual_reference["screenshotBase64Included"] = False
+    visual_reference["screenshotDownloadUrl"] = capture.get("screenshotUrl") if payload else ""
+    visual_reference["screenshotDownloadHint"] = (
+        SCREENSHOT_BASE64_OMITTED_NOTE
+        if payload
+        else "No screenshot image is available in this capture. Review limitations before treating visual evidence as absent."
+    )
+    visual_reference["screenshotProfileJsonNote"] = SCREENSHOT_PROFILE_JSON_NOTE
+    if payload:
+        visual_reference["screenshotMimeType"] = payload["mimeType"]
+        visual_reference["screenshotByteLength"] = len(payload["data"])
+        visual_reference["screenshotAvailableUntil"] = available_until_for(capture)
+    else:
+        visual_reference.pop("screenshotMimeType", None)
+        visual_reference.pop("screenshotByteLength", None)
+        visual_reference.pop("screenshotAvailableUntil", None)
+
+
+def prepare_profile_for_storage(profile, capture):
+    stored_profile = copy.deepcopy(as_dict(profile))
+    visual_profile = as_dict(stored_profile.get("visualProfile"))
+    screenshot = as_dict(visual_profile.get("screenshot"))
+    asset = screenshot_asset_from(screenshot)
+    if isinstance(screenshot, dict):
+        if asset:
+            visual_profile["screenshot"] = screenshot_metadata_for(capture, asset)
+        else:
+            screenshot.pop("dataUrl", None)
+    update_visual_reference(stored_profile, capture, asset)
+    return stored_profile, asset
+
+
+def profile_for_agent(capture):
+    profile = copy.deepcopy(as_dict(capture.get("profile")))
+    payload = screenshot_payload_for_capture(capture)
+    visual_profile = as_dict(profile.get("visualProfile"))
+    screenshot = as_dict(visual_profile.get("screenshot"))
+    if isinstance(screenshot, dict):
+        if payload:
+            visual_profile["screenshot"] = payload["metadata"]
+        else:
+            screenshot.pop("dataUrl", None)
+    update_visual_reference(profile, capture, payload)
+    return profile
+
+
+def get_profile(handler, capture):
+    token_type = handler.auth_capture(capture, "status")
+    if not token_type:
+        return
+    profile_headers = {"Referrer-Policy": "no-referrer"}
+    if token_type == "bridge":
+        handler.fail(403, "BRIDGE_TOKEN_CANNOT_READ_PROFILE", "Bridge token cannot read the profile endpoint.", extra_headers=profile_headers)
+    elif token_type == "api" and handler.rate_limited(handler.server.api_token, "query"):
+        handler.fail(429, "RATE_LIMITED", "Agent bridge rate limit exceeded.", extra_headers=profile_headers)
+    elif capture["status"] == "expired":
+        handler.fail(410, "CAPTURE_RESULT_EXPIRED", "Capture result expired.", extra_headers=profile_headers)
+    elif capture["status"] != "completed":
+        handler.fail(409, "INVALID_REQUEST", "Capture profile is not ready.", extra_headers=profile_headers)
+    else:
+        handler.server.store.touch_result(capture)
+        handler.send_json(200, profile_for_agent(capture), profile_headers)
+
+
+def get_profile_download(handler, capture):
+    if not handler.auth_capture(capture, "download"):
+        return
+    headers = {
+        "Referrer-Policy": "no-referrer",
+        "Content-Disposition": f'attachment; filename="stackprism-{capture["id"]}-profile.json"',
+    }
+    if capture["status"] == "expired":
+        handler.fail(410, "CAPTURE_RESULT_EXPIRED", "Capture result expired.", extra_headers=headers)
+    elif capture["status"] != "completed":
+        handler.fail(409, "INVALID_REQUEST", "Capture profile is not ready.", {"status": capture["status"]}, extra_headers=headers)
+    else:
+        capture["profileDownloadReadyAt"] = capture.get("profileDownloadReadyAt") or handler.server.store.now()
+        handler.server.store.touch_result(capture)
+        handler.send_json(200, profile_for_agent(capture), headers)
+
+
+def get_screenshot_download(handler, capture, require_auth=True):
+    if require_auth and not handler.auth_capture(capture, "download"):
+        return
+    headers = {"Referrer-Policy": "no-referrer"}
+    payload = screenshot_payload_for_capture(capture) if capture.get("status") == "completed" else None
+    if payload:
+        headers.update(
+            {
+                "Content-Type": payload["mimeType"],
+                "Content-Disposition": f'attachment; filename="stackprism-{capture["id"]}-screenshot.{payload["extension"]}"',
+                "Content-Length": str(len(payload["data"])),
+            }
+        )
+    if capture["status"] == "expired":
+        handler.fail(410, "CAPTURE_RESULT_EXPIRED", "Capture result expired.", extra_headers=headers)
+    elif capture["status"] != "completed":
+        handler.fail(409, "INVALID_REQUEST", "Capture screenshot is not ready.", {"status": capture["status"]}, extra_headers=headers)
+    elif not payload:
+        handler.fail(404, "NOT_FOUND", "Capture screenshot is not available.", extra_headers=headers)
+    else:
+        handler.server.store.touch_result(capture)
+        handler.send_response(200)
+        handler.send_header("Cache-Control", "no-store")
+        handler.send_header("X-Content-Type-Options", "nosniff")
+        for key, value in headers.items():
+            handler.send_header(key, value)
+        handler.end_headers()
+        handler.wfile.write(payload["data"])
diff --git a/agent-skill/stackprism-site-experience/scripts/stackprism_bridge_lib/profile_summary.py b/agent-skill/stackprism-site-experience/scripts/stackprism_bridge_lib/profile_summary.py
new file mode 100644
index 00000000..145d2498
--- /dev/null
+++ b/agent-skill/stackprism-site-experience/scripts/stackprism_bridge_lib/profile_summary.py
@@ -0,0 +1,210 @@
+import re
+
+from .protocol import redact_url
+
+MAX_TEXT = 120
+MAX_ITEMS = 6
+TOKEN_TEXT = re.compile(r"\b(apiToken|bridgeToken|authorization|cookie|nonce|secret|token)\b\s*[:=]\s*(?:Bearer\s+)?[^\s,;]+", re.I)
+ID_TEXT = re.compile(r"\b(?:spbt?_|cap_|s_|n_|xfer_|shot_)[A-Za-z0-9_-]{8,}\b")
+EMAIL_TEXT = re.compile(r"[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,}", re.I)
+PHONE_TEXT = re.compile(r"\b(?:\+?\d[\d -]{8,}\d)\b")
+URL_TEXT = re.compile(r"https?://[^\s\"')\]}]+")
+
+
+def is_record(value):
+    return isinstance(value, dict)
+
+
+def safe_text(value, max_len=MAX_TEXT):
+    text = re.sub(r"[\x00-\x1f\x7f]", " ", str(value or ""))
+    text = re.sub(r"\s+", " ", text).strip()
+    text = URL_TEXT.sub(lambda match: redact_url(match.group(0)) or "[redacted-url]", text)
+    text = TOKEN_TEXT.sub(lambda match: f"{match.group(1)}=[redacted]", text)
+    text = ID_TEXT.sub("[redacted-id]", text)
+    text = EMAIL_TEXT.sub("[redacted-email]", text)
+    text = PHONE_TEXT.sub("[redacted-number]", text)
+    return text[:max_len]
+
+
+def values(value, limit=MAX_ITEMS):
+    source = value if isinstance(value, list) else [value] if isinstance(value, str) else []
+    result = []
+    for item in source:
+        text = safe_text(item)
+        if text and text not in result:
+            result.append(text)
+        if len(result) >= limit:
+            break
+    return result
+
+
+def object_values(items, keys=("name", "type", "category", "domain", "label"), limit=MAX_ITEMS):
+    if not isinstance(items, list):
+        return []
+    result = []
+    for item in items:
+        if is_record(item):
+            text = next((safe_text(item.get(key)) for key in keys if safe_text(item.get(key))), "")
+        else:
+            text = safe_text(item)
+        if text:
+            result.append(text)
+        if len(result) >= limit:
+            break
+    return result
+
+
+def count(value):
+    return len(value) if isinstance(value, (list, dict)) else 0
+
+
+def add(items, label, value):
+    text = safe_text(value)
+    if text:
+        items.append(f"{label}: {text}")
+
+
+def add_list(items, label, value, limit=MAX_ITEMS):
+    text_values = values(value, limit)
+    if text_values:
+        items.append(f"{label}: {', '.join(text_values)}")
+
+
+def add_object_list(items, label, value, limit=MAX_ITEMS):
+    text_values = object_values(value, limit=limit)
+    if text_values:
+        items.append(f"{label}: {', '.join(text_values)}")
+
+
+def card(card_id, title, items):
+    return {"id": card_id, "title": title, "items": items} if items else None
+
+
+def nested(record, *keys):
+    value = record
+    for key in keys:
+        value = value.get(key) if is_record(value) else None
+    return value if is_record(value) else {}
+
+
+def target_card(profile, capture, screenshot):
+    target = profile.get("target") if is_record(profile.get("target")) else {}
+    items = []
+    add(items, "目标 URL", capture.get("finalUrl") or (capture.get("request") or {}).get("url") or target.get("finalUrl") or target.get("url"))
+    add(items, "页面语言", target.get("language"))
+    add(items, "生成时间", profile.get("generatedAt"))
+    items.append(f"截图: {'已包含' if screenshot else '未包含'}")
+    return card("target", "目标", items)
+
+
+def tech_card(profile):
+    tech = profile.get("techProfile") if is_record(profile.get("techProfile")) else {}
+    technologies = tech.get("technologies") if isinstance(tech.get("technologies"), list) else []
+    items = []
+    if technologies:
+        items.append(f"技术数量: {len(technologies)}")
+    add_object_list(items, "主要技术", technologies)
+    add(items, "前端主栈", tech.get("primaryFrontend"))
+    add(items, "UI 框架", tech.get("uiFramework"))
+    add(items, "构建运行时", tech.get("buildRuntime"))
+    add_list(items, "第三方服务", tech.get("thirdPartyServices"))
+    return card("tech", "技术栈", items)
+
+
+def visual_card(profile, screenshot):
+    visual = profile.get("visualProfile") if is_record(profile.get("visualProfile")) else {}
+    tokens = nested(profile, "agentGuidance", "recreationPlan", "designTokens")
+    ref = nested(profile, "agentGuidance", "recreationPlan", "visualReference")
+    items = [f"截图: {'可用于视觉对照' if screenshot else '未包含'}"]
+    add_list(items, "颜色", visual.get("colorTokens") or tokens.get("colors"))
+    add_list(items, "字体", visual.get("fonts") or tokens.get("fontFamilies"))
+    add_list(items, "字号", visual.get("fontSizes") or tokens.get("fontSizes"))
+    add(items, "截图范围", ref.get("screenshotScope"))
+    return card("visual", "视觉", items)
+
+
+def layout_card(profile):
+    layout = profile.get("layoutProfile") if is_record(profile.get("layoutProfile")) else {}
+    ux = profile.get("uxProfile") if is_record(profile.get("uxProfile")) else {}
+    blueprint = nested(profile, "agentGuidance", "recreationPlan", "layoutBlueprint")
+    items = []
+    add(items, "页面目的", ux.get("pagePurpose"))
+    add_list(items, "主要路径", ux.get("primaryUserPath"))
+    add_list(items, "信息层级", ux.get("informationHierarchy") or blueprint.get("informationHierarchy"))
+    add_list(items, "内容分组", ux.get("contentGrouping") or blueprint.get("contentGrouping"))
+    add_list(items, "Landmarks", layout.get("landmarks") or blueprint.get("landmarks"))
+    add(items, "导航深度", ux.get("navigationDepth"))
+    return card("layout", "布局与信息结构", items)
+
+
+def components_card(profile):
+    components = profile.get("componentProfile") if is_record(profile.get("componentProfile")) else {}
+    inventory = nested(profile, "agentGuidance", "recreationPlan", "componentInventory")
+    counts = components.get("counts") if is_record(components.get("counts")) else inventory.get("counts")
+    items = []
+    if count(counts):
+        items.append(f"组件类型数: {count(counts)}")
+    add_list(items, "优先组件", inventory.get("priorityTypes"))
+    add_object_list(items, "组件样本", components.get("samples"))
+    add(items, "几何信息", "已包含" if inventory.get("geometryIncluded") is True else "未包含" if inventory.get("geometryIncluded") is False else "")
+    return card("components", "组件", items)
+
+
+def interaction_card(profile):
+    interaction = profile.get("interactionProfile") if is_record(profile.get("interactionProfile")) else {}
+    ux = profile.get("uxProfile") if is_record(profile.get("uxProfile")) else {}
+    checklist = nested(profile, "agentGuidance", "recreationPlan", "interactionChecklist")
+    items = []
+    add_list(items, "CTA", ux.get("ctaStrategy"))
+    add_list(items, "信任信号", ux.get("trustSignals"))
+    add_list(items, "转场", interaction.get("transitions") or checklist.get("transitions"))
+    add_list(items, "动画", interaction.get("animations") or checklist.get("animations"))
+    add_list(items, "固定元素", interaction.get("stickyOrFixed") or checklist.get("stickyOrFixed"))
+    add_list(items, "交互摩擦", ux.get("frictionPoints"))
+    return card("interaction", "交互与 UX", items)
+
+
+def assets_card(profile):
+    assets = profile.get("assetProfile") if is_record(profile.get("assetProfile")) else {}
+    hints = nested(profile, "agentGuidance", "recreationPlan", "assetHints")
+    items = []
+    if count(assets.get("scripts")) or hints.get("scriptCount"):
+        items.append(f"脚本: {count(assets.get('scripts')) or hints.get('scriptCount')}")
+    if count(assets.get("stylesheets")) or hints.get("stylesheetCount"):
+        items.append(f"样式表: {count(assets.get('stylesheets')) or hints.get('stylesheetCount')}")
+    add_list(items, "资源域名", hints.get("resourceDomains") or assets.get("resourceDomains"))
+    add_list(items, "CDN 线索", assets.get("cdnHints") or hints.get("cdnHints"))
+    add_list(items, "字体资源", assets.get("fontUrls") or hints.get("fontUrls"))
+    return card("assets", "资产", items)
+
+
+def guidance_card(profile):
+    guidance = profile.get("agentGuidance") if is_record(profile.get("agentGuidance")) else {}
+    plan = guidance.get("recreationPlan") if is_record(guidance.get("recreationPlan")) else {}
+    items = []
+    add(items, "摘要", guidance.get("summary"))
+    add_list(items, "实现顺序", plan.get("implementationOrder"), 4)
+    add_list(items, "验证项", plan.get("verificationChecklist"), 4)
+    add_list(items, "限制", profile.get("limitations"), 4)
+    return card("guidance", "复刻建议", items)
+
+
+def copy_text_for(cards):
+    lines = ["# StackPrism Site Experience", "", "用于 AI Agent 快速复刻目标网站体验的受限摘要。"]
+    for item in cards:
+        lines.extend(["", f"## {item['title']}"])
+        lines.extend([f"- {entry}" for entry in item["items"]])
+    lines.extend(["", "备注: 本摘要不包含 raw profile、token、nonce、截图 data URL 或完整敏感文本。"])
+    return "\n".join(lines)
+
+
+def profile_preview_summary(capture, screenshot):
+    profile = capture.get("profile")
+    if capture.get("status") != "completed" or not is_record(profile):
+        return None
+    cards = [item for item in [
+        guidance_card(profile), visual_card(profile, screenshot), layout_card(profile),
+        components_card(profile), interaction_card(profile), tech_card(profile), assets_card(profile),
+        target_card(profile, capture, screenshot)
+    ] if item]
+    return {"contentSummary": {"cards": cards}, "copyText": copy_text_for(cards)} if cards else None
diff --git a/agent-skill/stackprism-site-experience/scripts/stackprism_bridge_lib/protocol.py b/agent-skill/stackprism-site-experience/scripts/stackprism_bridge_lib/protocol.py
new file mode 100644
index 00000000..fc74789b
--- /dev/null
+++ b/agent-skill/stackprism-site-experience/scripts/stackprism_bridge_lib/protocol.py
@@ -0,0 +1,230 @@
+import base64
+import hmac
+import json
+import re
+import secrets
+
+SERVICE = "stackprism-agent-bridge"
+VERSION = "0.1.0"
+PROTOCOL_VERSION = 1
+
+BRIDGE_ERROR_CODES = {
+    "NOT_FOUND",
+    "METHOD_NOT_ALLOWED",
+    "UNAUTHORIZED",
+    "FORBIDDEN",
+    "ORIGIN_NOT_ALLOWED",
+    "UNSUPPORTED_MEDIA_TYPE",
+    "UNSUPPORTED_TRANSFER_ENCODING",
+    "INVALID_JSON",
+    "INVALID_REQUEST",
+    "REQUEST_TOO_LARGE",
+    "REQUEST_TIMEOUT",
+    "SERVER_BUSY",
+    "STALE_STATUS_UPDATE",
+    "PORT_IN_USE",
+    "BRIDGE_INVALID_ENV",
+    "BRIDGE_START_FAILED",
+    "BRIDGE_START_TIMEOUT",
+    "BRIDGE_READY_PARSE_FAILED",
+    "BRIDGE_PROTOCOL_UNSUPPORTED",
+    "BRIDGE_PAGE_RENDER_FAILED",
+    "BRIDGE_REQUEST_TIMEOUT",
+    "BRIDGE_REQUEST_MISMATCH",
+    "AGENT_BRIDGE_DISABLED",
+    "CAPTURE_BUSY",
+    "CAPTURE_TIMEOUT",
+    "EXTENSION_NOT_CONNECTED",
+    "BROWSER_OPEN_FAILED",
+    "BRIDGE_TOKEN_CANNOT_READ_PROFILE",
+    "PRIVATE_NETWORK_TARGET_BLOCKED",
+    "TARGET_DNS_LOOKUP_FAILED",
+    "BRIDGE_SELF_TARGET_BLOCKED",
+    "FINAL_URL_BLOCKED",
+    "ACTIVE_TAB_UNAVAILABLE",
+    "ACTIVE_TAB_MISMATCH",
+    "INCOGNITO_NOT_SUPPORTED",
+    "TARGET_LOAD_TIMEOUT",
+    "TARGET_LOAD_FAILED",
+    "TARGET_INJECTION_FAILED",
+    "TARGET_TAB_CLOSED",
+    "BRIDGE_TAB_CLOSED",
+    "TARGET_NAVIGATED_AWAY",
+    "SERVICE_WORKER_RESTARTED",
+    "BRIDGE_TRANSPORT_DISCONNECTED",
+    "PROFILE_TRANSPORT_FAILED",
+    "PROFILE_CHUNK_MISSING",
+    "PROFILE_HASH_MISMATCH",
+    "PROFILE_TOO_LARGE",
+    "RATE_LIMITED",
+    "NONCE_REUSED",
+    "CAPTURE_ALREADY_COMPLETED",
+    "CAPTURE_RESULT_EXPIRED",
+    "NOT_SUPPORTED",
+}
+
+SENSITIVE_DETAIL_KEY = re.compile(r"authorization|cookie|token|nonce|secret", re.I)
+ID_PATTERN = re.compile(r"\b(?:spbt?_|cap_|s_|n_|xfer_|shot_)[A-Za-z0-9_-]{8,}\b")
+URL_PATTERN = re.compile(r"https?://[^\s\"')\]}]+")
+SENSITIVE_PATH_WORD_PATTERN = re.compile(r"^(?:token|secret|session|auth|authorization|signature|password|cookie|passcode)$", re.I)
+SENSITIVE_PATH_SHORT_TOKEN_PATTERN = re.compile(r"(?:^|[-_.])(?:key|pass)(?:$|[-_.])", re.I)
+SENSITIVE_PATH_COMPOUND_PATTERN = re.compile(
+    r"^(?:(?:api|access|private|public|secret|session|auth)[-_.]?(?:key|pass|token|secret|signature|code|id)|(?:key|pass)[-_.]?(?:token|secret|signature|code|id)|(?:reset|verify|access|auth|session|csrf|xsrf)[-_.]?(?:token|code|secret|key|signature))$",
+    re.I,
+)
+SENSITIVE_PATH_CAMEL_PATTERN = re.compile(
+    r"^(?:apiKey|privateKey|publicKey|accessToken|refreshToken|sessionId|secretToken|authToken|csrfToken|xsrfToken)$",
+    re.I,
+)
+HIGH_ENTROPY_PATH_SEGMENT_PATTERN = re.compile(r"^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)[A-Za-z0-9_-]{24,}$")
+MAX_ERROR_TEXT_LENGTH = 512
+MAX_ERROR_DETAIL_DEPTH = 4
+MAX_ERROR_DETAIL_KEYS = 50
+MAX_ERROR_DETAIL_ARRAY_ITEMS = 20
+
+ID_PATTERNS = {
+    "apiToken": re.compile(r"^spb_[A-Za-z0-9_-]{43}$"),
+    "bridgeToken": re.compile(r"^spbt_[A-Za-z0-9_-]{43}$"),
+    "captureId": re.compile(r"^cap_[A-Za-z0-9_-]{22}$"),
+    "sessionId": re.compile(r"^s_[A-Za-z0-9_-]{22}$"),
+    "nonce": re.compile(r"^n_[A-Za-z0-9_-]{22}$"),
+    "screenshotDownloadId": re.compile(r"^shot_[A-Za-z0-9_-]{43}$"),
+    "profileTransferId": re.compile(r"^xfer_[A-Za-z0-9_-]{22}$"),
+    "cspNonce": re.compile(r"^[A-Za-z0-9_-]{22}$"),
+}
+
+
+def random_id(prefix, size):
+    return prefix + base64.urlsafe_b64encode(secrets.token_bytes(size)).decode("ascii").rstrip("=")
+
+
+def new_api_token():
+    return random_id("spb_", 32)
+
+
+def new_bridge_token():
+    return random_id("spbt_", 32)
+
+
+def new_capture_id():
+    return random_id("cap_", 16)
+
+
+def new_session_id():
+    return random_id("s_", 16)
+
+
+def new_nonce():
+    return random_id("n_", 16)
+
+
+def new_screenshot_download_id():
+    return random_id("shot_", 32)
+
+
+def new_csp_nonce():
+    return base64.urlsafe_b64encode(secrets.token_bytes(16)).decode("ascii").rstrip("=")
+
+
+def valid_id(kind, value):
+    pattern = ID_PATTERNS.get(kind)
+    return isinstance(value, str) and pattern is not None and bool(pattern.match(value))
+
+
+def is_known_bridge_error_code(value):
+    return isinstance(value, str) and value in BRIDGE_ERROR_CODES
+
+
+def safe_equal(left, right):
+    if not isinstance(left, str) or not isinstance(right, str):
+        return False
+    left_bytes = left.encode("utf-8")
+    right_bytes = right.encode("utf-8")
+    comparison_length = max(len(left_bytes), len(right_bytes))
+    padded_left = left_bytes.ljust(comparison_length, b"\0")
+    padded_right = right_bytes.ljust(comparison_length, b"\0")
+    return hmac.compare_digest(padded_left, padded_right) and len(left_bytes) == len(right_bytes)
+
+
+def html_escape_script_json(value):
+    return (
+        json.dumps(value, separators=(",", ":"), ensure_ascii=False)
+        .replace("<", "\\u003c")
+        .replace(">", "\\u003e")
+        .replace("&", "\\u0026")
+        .replace("\u2028", "\\u2028")
+        .replace("\u2029", "\\u2029")
+    )
+
+
+def is_sensitive_path_segment(segment):
+    text = str(segment or "")
+    return (
+        bool(SENSITIVE_PATH_WORD_PATTERN.search(text))
+        or bool(SENSITIVE_PATH_SHORT_TOKEN_PATTERN.search(text))
+        or bool(SENSITIVE_PATH_COMPOUND_PATTERN.search(text))
+        or bool(SENSITIVE_PATH_CAMEL_PATTERN.search(text))
+        or bool(re.match(r"^[0-9a-f]{16,}$", text, re.I))
+        or bool(HIGH_ENTROPY_PATH_SEGMENT_PATTERN.match(text))
+        or "=" in text
+    )
+
+
+def redact_pathname(pathname):
+    return "/".join("[redacted]" if segment and is_sensitive_path_segment(segment) else segment for segment in str(pathname or "").split("/"))
+
+
+def redact_url(value):
+    from urllib.parse import urlparse, urlunparse
+
+    parsed = urlparse(str(value or ""))
+    host = parsed.hostname or ""
+    if ":" in host and not host.startswith("["):
+        host = f"[{host}]"
+    netloc = f"{host}:{parsed.port}" if parsed.port else host
+    query = "[redacted]" if parsed.query else ""
+    return urlunparse((parsed.scheme, netloc, redact_pathname(parsed.path), parsed.params, query, ""))
+
+
+def redact_error_text(value):
+    text = str(value or "")
+    text = URL_PATTERN.sub(lambda match: redact_url(match.group(0)) or "[redacted-url]", text)
+    text = ID_PATTERN.sub("[redacted-id]", text)
+    return text[:MAX_ERROR_TEXT_LENGTH]
+
+
+def sanitize_error_value(key, value, depth=0):
+    if SENSITIVE_DETAIL_KEY.search(str(key or "")):
+        return "[redacted]"
+    if isinstance(value, str):
+        return redact_error_text(value)
+    if value is None or isinstance(value, (bool, int, float)):
+        return value
+    if depth >= MAX_ERROR_DETAIL_DEPTH:
+        return "[redacted-object]"
+    if isinstance(value, list):
+        return [sanitize_error_value("", item, depth + 1) for item in value[:MAX_ERROR_DETAIL_ARRAY_ITEMS]]
+    if isinstance(value, dict):
+        sanitized = {}
+        for child_key, child in list(value.items())[:MAX_ERROR_DETAIL_KEYS]:
+            sanitized_key = redact_error_text(child_key)[:64] or "field"
+            sanitized[sanitized_key] = sanitize_error_value(child_key, child, depth + 1)
+        return sanitized
+    return redact_error_text(value)
+
+
+def sanitize_bridge_error(error):
+    source = error if isinstance(error, dict) else {}
+    raw_code = source.get("code") if isinstance(source.get("code"), str) else ""
+    code = raw_code if is_known_bridge_error_code(raw_code) else "INVALID_REQUEST"
+    message = redact_error_text(source.get("message") or code or "Capture status failed.") or "Capture status failed."
+    details = sanitize_error_value("details", source.get("details") or {})
+    return {"code": code, "message": message, "details": details}
+
+
+def error_body(code, message, details=None):
+    return {"error": {"code": code, "message": message, "details": details or {}}}
+
+
+def json_bytes(value):
+    return json.dumps(value, separators=(",", ":"), ensure_ascii=False).encode("utf-8")
diff --git a/agent-skill/stackprism-site-experience/scripts/stackprism_bridge_lib/security.py b/agent-skill/stackprism-site-experience/scripts/stackprism_bridge_lib/security.py
new file mode 100644
index 00000000..2784c5e4
--- /dev/null
+++ b/agent-skill/stackprism-site-experience/scripts/stackprism_bridge_lib/security.py
@@ -0,0 +1,121 @@
+from urllib.parse import urlparse
+
+from .protocol import safe_equal, valid_id
+
+
+SENSITIVE_DUPLICATE_HEADERS = {"Host", "Authorization", "Content-Type", "Content-Length"}
+BRIDGE_QUERY_KINDS = {
+    "session": "sessionId",
+    "capture": "captureId",
+    "nonce": "nonce",
+}
+
+
+def parse_bridge_query(parsed_query):
+    parts = parsed_query.split("&") if parsed_query else []
+    if len(parts) != 3:
+        return None
+    values = {}
+    for part in parts:
+        if not part or part.count("=") != 1:
+            return None
+        name, value = part.split("=", 1)
+        kind = BRIDGE_QUERY_KINDS.get(name)
+        if not kind or name in values or not valid_id(kind, value):
+            return None
+        values[name] = value
+    return values if set(values.keys()) == set(BRIDGE_QUERY_KINDS.keys()) else None
+
+
+def valid_bridge_query(parsed_query):
+    return parse_bridge_query(parsed_query) is not None
+
+
+def bridge_query_value(parsed_query, name):
+    return (parse_bridge_query(parsed_query) or {}).get(name, "")
+
+
+def bad_shell_error(handler):
+    for name in SENSITIVE_DUPLICATE_HEADERS:
+        if len(handler.headers.get_all(name, [])) > 1:
+            return 400, "INVALID_REQUEST", "Ambiguous request headers are not allowed."
+    content_length = handler.headers.get("Content-Length")
+    if content_length is not None and (not content_length.isdecimal()):
+        return 400, "INVALID_REQUEST", "Content-Length is invalid."
+    if handler.headers.get("Host") != urlparse(handler.server.store.base_url).netloc:
+        return 400, "INVALID_REQUEST", "Host is not allowed."
+    path = handler.path
+    if not path.startswith("/") or path.startswith("//"):
+        return 400, "INVALID_REQUEST", "Only origin-form request targets are allowed."
+    raw_path, _, raw_query = path.partition("?")
+    if any(value in path.lower() for value in ("%2e", "%2f", "%5c")) or "\\" in path:
+        return 400, "INVALID_REQUEST", "Encoded path separators or dot segments are not allowed."
+    if raw_path != "/" and any(segment in {"", ".", ".."} for segment in raw_path.split("/")[1:]):
+        return 400, "INVALID_REQUEST", "Ambiguous path segments are not allowed."
+    if raw_query and raw_path != "/bridge":
+        return 400, "INVALID_REQUEST", "Query string is not allowed for this endpoint."
+    content_encoding = handler.headers.get("Content-Encoding")
+    if content_encoding and content_encoding.lower() != "identity":
+        return 415, "UNSUPPORTED_MEDIA_TYPE", "Content-Encoding is not supported."
+    transfer_encoding = handler.headers.get("Transfer-Encoding")
+    if transfer_encoding and handler.headers.get("Content-Length"):
+        return 400, "INVALID_REQUEST", "Content-Length and Transfer-Encoding cannot be combined."
+    if transfer_encoding:
+        return 400, "UNSUPPORTED_TRANSFER_ENCODING", "Transfer-Encoding is not supported."
+    return None
+
+
+def cross_origin_error(handler):
+    base_url = handler.server.store.base_url
+    origin = handler.headers.get("Origin")
+    if origin and origin != base_url:
+        return 403, "ORIGIN_NOT_ALLOWED", "Origin is not allowed."
+    if referer := handler.headers.get("Referer"):
+        parsed = urlparse(referer)
+        if not parsed.scheme or not parsed.netloc or f"{parsed.scheme}://{parsed.netloc}" != base_url:
+            return 403, "ORIGIN_NOT_ALLOWED", "Referer is not allowed."
+    if handler.headers.get("Sec-Fetch-Site") not in {None, "same-origin", "none"}:
+        return 403, "ORIGIN_NOT_ALLOWED", "Sec-Fetch-Site is not allowed."
+    return None
+
+
+def bearer_token(handler):
+    value = handler.headers.get("Authorization", "")
+    return value.removeprefix("Bearer ") if value.startswith("Bearer ") else ""
+
+
+def auth_api(handler):
+    token = bearer_token(handler)
+    if not token:
+        handler.fail(401, "UNAUTHORIZED", "Bearer token is required.")
+        return False
+    if not safe_equal(token, handler.server.api_token):
+        handler.fail(403, "FORBIDDEN", "Token is not allowed for this endpoint.")
+        return False
+    return True
+
+
+def auth_capture(handler, capture, scope):
+    token = bearer_token(handler)
+    if not token:
+        handler.fail(401, "UNAUTHORIZED", "Bearer token is required.")
+        return None
+    if scope in {"api", "status", "download"} and safe_equal(token, handler.server.api_token):
+        return "api"
+    if scope in {"bridge", "status", "download"} and safe_equal(token, capture["bridgeToken"]):
+        return "bridge"
+    handler.fail(403, "FORBIDDEN", "Token is not allowed for this endpoint.")
+    return None
+
+
+def rate_limited(handler, token, bucket_name, now_window):
+    key = f"{token}:{bucket_name}"
+    with handler.server.rate_lock:
+        bucket = handler.server.rate_buckets.get(key)
+        if bucket is None or bucket["window"] != now_window:
+            handler.server.rate_buckets[key] = {"window": now_window, "count": 1}
+            return False
+        if bucket["count"] >= handler.server.rate_limits[bucket_name]:
+            return True
+        bucket["count"] += 1
+        return False
diff --git a/agent-skill/stackprism-site-experience/scripts/stackprism_bridge_lib/server_factory.py b/agent-skill/stackprism-site-experience/scripts/stackprism_bridge_lib/server_factory.py
new file mode 100644
index 00000000..26f45610
--- /dev/null
+++ b/agent-skill/stackprism-site-experience/scripts/stackprism_bridge_lib/server_factory.py
@@ -0,0 +1,50 @@
+import threading
+import time
+import os
+from http.server import ThreadingHTTPServer
+
+from .capture_store import CaptureStore
+from .http_server import BridgeHandler
+from .open_browser import open_browser, parse_open_config
+from .protocol import new_api_token
+
+
+DEFAULT_CREATE_LIMIT_PER_MINUTE = 10
+DEFAULT_QUERY_LIMIT_PER_MINUTE = 120
+DEFAULT_MAX_OPEN_CONNECTIONS = 20
+DEFAULT_REQUEST_TIMEOUT_SECONDS = 35
+
+
+class BridgeServer(ThreadingHTTPServer):
+    allow_reuse_address = False
+    request_queue_size = DEFAULT_MAX_OPEN_CONNECTIONS
+
+
+def create_server(port=0, now=time.time, rate_limits=None, max_open_connections=DEFAULT_MAX_OPEN_CONNECTIONS, env=None, result_ttl_seconds=None):
+    active_env = os.environ if env is None else env
+    open_config_ok, open_config_code, open_config_message = parse_open_config(active_env)
+    if not open_config_ok:
+        error = ValueError(open_config_message)
+        error.code = open_config_code
+        raise error
+    if not isinstance(max_open_connections, int) or max_open_connections <= 0:
+        max_open_connections = DEFAULT_MAX_OPEN_CONNECTIONS
+    api_token = new_api_token()
+    BridgeServer.request_queue_size = max_open_connections
+    server = BridgeServer(("127.0.0.1", port), BridgeHandler)
+    base_url = f"http://127.0.0.1:{server.server_address[1]}"
+    server.max_open_connections = max_open_connections
+    server.active_connections = 0
+    server.connection_lock = threading.Lock()
+    server.api_token = api_token
+    ttl_seconds = result_ttl_seconds if result_ttl_seconds is not None else None
+    store_args = [base_url, now, lambda url: open_browser(url, active_env)]
+    server.store = CaptureStore(*store_args, result_ttl_seconds=ttl_seconds) if ttl_seconds is not None else CaptureStore(*store_args)
+    server.rate_limits = {
+        "create": (rate_limits or {}).get("createLimitPerMinute", DEFAULT_CREATE_LIMIT_PER_MINUTE),
+        "query": (rate_limits or {}).get("queryLimitPerMinute", DEFAULT_QUERY_LIMIT_PER_MINUTE),
+    }
+    server.rate_buckets = {}
+    server.rate_lock = threading.Lock()
+    server.timeout = DEFAULT_REQUEST_TIMEOUT_SECONDS
+    return server, {"baseUrl": base_url, "healthUrl": f"{base_url}/health", "apiToken": api_token}
diff --git a/agent-skill/stackprism-site-experience/scripts/stackprism_bridge_lib/status.py b/agent-skill/stackprism-site-experience/scripts/stackprism_bridge_lib/status.py
new file mode 100644
index 00000000..389ce148
--- /dev/null
+++ b/agent-skill/stackprism-site-experience/scripts/stackprism_bridge_lib/status.py
@@ -0,0 +1,88 @@
+from .profile_response import screenshot_payload_for_capture
+from .profile_summary import profile_preview_summary
+from .protocol import PROTOCOL_VERSION, is_known_bridge_error_code, redact_url
+from .url_policy import is_strict_int
+
+FINAL_STATES = {"completed", "failed", "cancelled", "expired"}
+PLUGIN_WRITABLE_STATUSES = {"waiting_extension", "running", "cancelled", "failed"}
+STATUS_PHASES = [
+    "bridge_connected",
+    "request_loaded",
+    "target_opening",
+    "target_loaded",
+    "detecting_tech",
+    "profiling_experience",
+    "posting_profile",
+    "cleanup",
+]
+PHASE_ORDER = {phase: index for index, phase in enumerate(STATUS_PHASES)}
+def screenshot_preview(capture):
+    payload = screenshot_payload_for_capture(capture)
+    screenshot = (((capture.get("profile") or {}).get("visualProfile") or {}).get("screenshot") or {})
+    if not payload:
+        return None
+    return {
+        "downloadUrl": capture.get("screenshotUrl"),
+        "mimeType": payload["mimeType"],
+        "byteLength": len(payload["data"]),
+        "scope": screenshot.get("scope"),
+    }
+
+
+def public_preview(capture):
+    preview = {}
+    target_url = redact_url(capture.get("finalUrl") or (capture.get("request") or {}).get("url"))
+    if target_url:
+        preview["targetUrl"] = target_url
+    screenshot = screenshot_preview(capture) if capture["status"] == "completed" else None
+    if screenshot:
+        preview["screenshot"] = screenshot
+    summary = profile_preview_summary(capture, screenshot)
+    if summary:
+        preview.update(summary)
+    return preview
+
+
+def public_status(capture):
+    status = {"id": capture["id"], "status": capture["status"]}
+    if capture.get("phase"):
+        status["phase"] = capture["phase"]
+    if capture.get("error"):
+        status["error"] = capture["error"]
+    if capture.get("profileDownloadReadyAt"):
+        status["profileDownloadReady"] = True
+    preview = public_preview(capture)
+    if preview:
+        status["preview"] = preview
+    return status
+
+
+def validate_status_update(capture, body):
+    if capture["status"] in FINAL_STATES:
+        return False, "STALE_STATUS_UPDATE", "Capture is already terminal."
+    if (
+        body.get("captureId") != capture["id"]
+        or body.get("sessionId") != capture["sessionId"]
+        or body.get("nonce") != capture["nonce"]
+        or body.get("protocolVersion") != PROTOCOL_VERSION
+    ):
+        return False, "INVALID_REQUEST", "Capture status identity is invalid."
+    if body.get("status") not in PLUGIN_WRITABLE_STATUSES or body.get("phase") not in PHASE_ORDER:
+        return False, "INVALID_REQUEST", "Capture status or phase is invalid."
+    if body["status"] == "cancelled" and capture["status"] != "cancel_requested":
+        return False, "STALE_STATUS_UPDATE", "Capture cancellation was not requested."
+    if capture["status"] == "cancel_requested" and body["status"] != "cancelled":
+        return False, "STALE_STATUS_UPDATE", "Capture cancellation is already requested."
+    if body["status"] == "failed":
+        error = body.get("error")
+        if not isinstance(error, dict) or not (error.get("code") and error.get("message")):
+            return False, "INVALID_REQUEST", "Failed status requires a structured error."
+        if not is_known_bridge_error_code(error["code"]):
+            return False, "INVALID_REQUEST", "Failed status error code is invalid."
+    if body["status"] == "cancelled" and body["phase"] != "cleanup":
+        return False, "INVALID_REQUEST", "Cancelled status must use cleanup phase."
+    if not is_strict_int(body.get("sequence")) or body["sequence"] <= capture["sequence"]:
+        return False, "STALE_STATUS_UPDATE", "Capture status sequence is stale."
+    if PHASE_ORDER[body["phase"]] < PHASE_ORDER.get(capture.get("phase"), -1):
+        return False, "STALE_STATUS_UPDATE", "Capture phase cannot move backwards."
+    return True, None, None
diff --git a/agent-skill/stackprism-site-experience/scripts/stackprism_bridge_lib/url_policy.py b/agent-skill/stackprism-site-experience/scripts/stackprism_bridge_lib/url_policy.py
new file mode 100644
index 00000000..554338c9
--- /dev/null
+++ b/agent-skill/stackprism-site-experience/scripts/stackprism_bridge_lib/url_policy.py
@@ -0,0 +1,290 @@
+import ipaddress
+import re
+import socket
+from concurrent.futures import ThreadPoolExecutor, TimeoutError
+from urllib.parse import urlparse, urlunparse
+
+from .protocol import PROTOCOL_VERSION
+
+
+REQUEST_KEYS = {"url", "mode", "waitMs", "include", "viewports", "options"}
+OPTION_KEYS = {
+    "forceRefresh", "captureScreenshotMetadata", "captureScreenshot", "keepTabOpen",
+    "allowPrivateNetworkTarget", "targetMode", "maxResourceUrls",
+}
+BOOLEAN_OPTION_KEYS = {"forceRefresh", "captureScreenshotMetadata", "captureScreenshot", "keepTabOpen", "allowPrivateNetworkTarget"}
+INCLUDE_ORDER = ["tech", "visual", "layout", "components", "interaction", "ux", "assets"]
+TARGET_MODES = {"reuse_or_new_tab", "new_tab", "active_tab"}
+DNS_LOOKUP_TIMEOUT_SECONDS = 2.0
+_DNS_EXECUTOR = ThreadPoolExecutor(max_workers=4, thread_name_prefix="stackprism-dns")
+PRIVATE_IP_NETWORKS = tuple(
+    ipaddress.ip_network(network)
+    for network in (
+        "0.0.0.0/8", "10.0.0.0/8", "100.64.0.0/10", "127.0.0.0/8",
+        "169.254.0.0/16", "172.16.0.0/12", "192.0.0.0/24", "192.0.2.0/24",
+        "192.88.99.0/24", "192.168.0.0/16", "198.18.0.0/15", "198.51.100.0/24",
+        "203.0.113.0/24", "224.0.0.0/4", "240.0.0.0/4", "255.255.255.255/32",
+        "::/128", "::1/128", "64:ff9b:1::/48", "100::/64", "2001::/23", "2001:db8::/32",
+        "2002::/16", "3fff::/20", "fc00::/7", "fe80::/10", "ff00::/8",
+    )
+)
+PROXY_RESERVED_IP_NETWORKS = tuple(ipaddress.ip_network(network) for network in ("198.18.0.0/15",))
+PUBLIC_IP_EXCEPTIONS = tuple(
+    ipaddress.ip_network(network)
+    for network in (
+        "192.0.0.9/32",
+        "192.0.0.10/32",
+        "2001:1::1/128",
+        "2001:1::2/128",
+        "2001:3::/32",
+        "2001:4:112::/48",
+        "2001:20::/28",
+        "2001:30::/28",
+    )
+)
+
+
+def is_strict_int(value):
+    return isinstance(value, int) and not isinstance(value, bool)
+
+
+def parse_ip_address(hostname):
+    host = (hostname or "").strip("[]")
+    try:
+        address = ipaddress.ip_address(host)
+    except ValueError:
+        try:
+            address = ipaddress.ip_address(socket.inet_aton(host))
+        except OSError:
+            return None
+    if getattr(address, "ipv4_mapped", None):
+        address = address.ipv4_mapped
+    elif address.version == 6 and address.packed.startswith(b"\x00" * 12) and int(address) > 0xFFFF:
+        address = ipaddress.ip_address(address.packed[-4:])
+    return address
+
+
+def is_private_host(hostname):
+    if (hostname or "").strip("[]").lower() == "localhost":
+        return True
+    address = parse_ip_address(hostname)
+    if address is None:
+        return False
+    return any(address in network for network in PRIVATE_IP_NETWORKS) and not any(address in network for network in PUBLIC_IP_EXCEPTIONS)
+
+
+def is_proxy_reserved_host(hostname):
+    address = parse_ip_address(hostname)
+    if address is None:
+        return False
+    return any(address in network for network in PROXY_RESERVED_IP_NETWORKS)
+
+
+def is_ip_literal(hostname):
+    return parse_ip_address(hostname) is not None
+
+
+def default_resolve_hostname(hostname):
+    future = _DNS_EXECUTOR.submit(socket.getaddrinfo, hostname, None, 0, socket.SOCK_STREAM)
+    try:
+        return [item[4][0] for item in future.result(timeout=DNS_LOOKUP_TIMEOUT_SECONDS)]
+    except TimeoutError as exc:
+        future.cancel()
+        raise TimeoutError("DNS lookup timed out.") from exc
+
+
+def validate_dns_policy(hostname, allow_private_network_target, resolver):
+    if allow_private_network_target or is_ip_literal(hostname):
+        return None, None
+    try:
+        addresses = resolver(hostname)
+    except Exception:
+        return "TARGET_DNS_LOOKUP_FAILED", {"reason": "dns_lookup_failed"}
+    if not isinstance(addresses, list) or not addresses:
+        return "TARGET_DNS_LOOKUP_FAILED", {"reason": "dns_lookup_failed"}
+    if any(is_private_host(str(address)) and not is_proxy_reserved_host(str(address)) for address in addresses):
+        return "PRIVATE_NETWORK_TARGET_BLOCKED", {"reason": "private_network_address"}
+    return None, None
+
+
+def valid_viewports(viewports):
+    if not isinstance(viewports, list) or len(viewports) > 3:
+        return False
+    for viewport in viewports:
+        if not isinstance(viewport, dict) or not set(viewport.keys()).issubset({"name", "width", "height", "deviceScaleFactor"}):
+            return False
+        name = viewport.get("name")
+        if name is not None and (not isinstance(name, str) or not re.fullmatch(r"[A-Za-z0-9_-]{1,32}", name)):
+            return False
+        if not is_strict_int(viewport.get("width")) or not 320 <= viewport["width"] <= 3840:
+            return False
+        if not is_strict_int(viewport.get("height")) or not 320 <= viewport["height"] <= 2160:
+            return False
+        scale = viewport.get("deviceScaleFactor")
+        if isinstance(scale, bool) or not isinstance(scale, (int, float)) or not 1 <= scale <= 4:
+            return False
+    return True
+
+
+def normalize_options(options):
+    if not isinstance(options, dict) or not set(options.keys()).issubset(OPTION_KEYS):
+        return None, "Unknown capture option field."
+    for key in BOOLEAN_OPTION_KEYS:
+        if key in options and not isinstance(options[key], bool):
+            return None, "Capture options are invalid."
+    target_mode = options.get("targetMode", "reuse_or_new_tab")
+    max_resource_urls = options.get("maxResourceUrls", 300)
+    if target_mode not in TARGET_MODES:
+        return None, "Capture targetMode is invalid."
+    if not is_strict_int(max_resource_urls) or not 0 <= max_resource_urls <= 1000:
+        return None, "Capture maxResourceUrls is invalid."
+    normalized = {key: options.get(key) is True for key in BOOLEAN_OPTION_KEYS}
+    return {**normalized, "targetMode": target_mode, "maxResourceUrls": max_resource_urls}, None
+
+
+def invalid_request(message):
+    return None, "INVALID_REQUEST", None, message
+
+
+def parse_capture_url(value):
+    try:
+        parsed = urlparse(str(value).strip())
+        parsed.port
+    except Exception:
+        return None
+    if parsed.scheme not in {"http", "https"} or not parsed.netloc or parsed.username or parsed.password:
+        return None
+    return parsed
+
+
+def normalized_netloc(parsed):
+    host = (parsed.hostname or "").lower()
+    if ":" in host and not host.startswith("["):
+        host = f"[{host}]"
+    default_port = (parsed.scheme == "http" and parsed.port == 80) or (parsed.scheme == "https" and parsed.port == 443)
+    return host if parsed.port is None or default_port else f"{host}:{parsed.port}"
+
+
+def normalized_capture_url(parsed):
+    return urlunparse((parsed.scheme.lower(), normalized_netloc(parsed), parsed.path or "/", "", parsed.query, ""))
+
+
+def effective_port(parsed):
+    if parsed.port is not None:
+        return parsed.port
+    return 80 if parsed.scheme == "http" else 443 if parsed.scheme == "https" else None
+
+
+def is_bridge_loopback_alias(hostname, bridge_hostname):
+    host = (hostname or "").strip("[]").lower()
+    bridge_host = (bridge_hostname or "").strip("[]").lower()
+    if host == bridge_host:
+        return True
+    if bridge_host != "127.0.0.1":
+        return False
+    if host in {"localhost", "::1", "0:0:0:0:0:0:0:1"}:
+        return True
+    address = parse_ip_address(host)
+    return bool(address and str(address) == "127.0.0.1")
+
+
+def is_bridge_origin(parsed, bridge_origin):
+    bridge = urlparse(bridge_origin)
+    return (
+        parsed.scheme.lower() == bridge.scheme.lower()
+        and effective_port(parsed) == effective_port(bridge)
+        and is_bridge_loopback_alias(parsed.hostname, bridge.hostname)
+    )
+
+
+def validate_capture_policy(parsed, bridge_origin, options, resolver):
+    if is_bridge_origin(parsed, bridge_origin):
+        return "BRIDGE_SELF_TARGET_BLOCKED", None, "Bridge origin cannot be captured."
+    if is_private_host(parsed.hostname or "") and options["allowPrivateNetworkTarget"] is not True:
+        return "PRIVATE_NETWORK_TARGET_BLOCKED", {"reason": "private_network_address"}, "Private network targets are disabled."
+    dns_code, dns_details = validate_dns_policy(parsed.hostname or "", options["allowPrivateNetworkTarget"] is True, resolver)
+    if dns_code == "TARGET_DNS_LOOKUP_FAILED":
+        return dns_code, dns_details, "Target hostname could not be resolved."
+    if dns_code:
+        return dns_code, dns_details, "Private network targets are disabled."
+    return None, None, None
+
+
+def normalize_capture_request(body, bridge_origin, resolver=default_resolve_hostname):
+    if not isinstance(body, dict) or not set(body.keys()).issubset(REQUEST_KEYS):
+        return invalid_request("Unknown capture request field.")
+    if body.get("mode") != "experience":
+        return invalid_request("Capture mode is invalid.")
+    url_value = str(body.get("url", "")).strip()
+    if not 1 <= len(url_value) <= 4096:
+        return invalid_request("Capture url is invalid.")
+    parsed = parse_capture_url(url_value)
+    if parsed is None:
+        return invalid_request("Capture url is invalid.")
+    include = body.get("include")
+    wait_ms = body["waitMs"] if "waitMs" in body else 3000
+    viewports = body["viewports"] if "viewports" in body else []
+    options_input = body["options"] if "options" in body else {}
+    options, option_message = normalize_options(options_input)
+    if not isinstance(include, list) or not include or any(item not in INCLUDE_ORDER for item in include):
+        return invalid_request("Capture include is invalid.")
+    if not is_strict_int(wait_ms) or not 0 <= wait_ms <= 30000:
+        return invalid_request("Capture waitMs is invalid.")
+    if not valid_viewports(viewports):
+        return invalid_request("Capture viewports are invalid.")
+    if options is None:
+        return invalid_request(option_message)
+    policy_code, policy_details, policy_message = validate_capture_policy(parsed, bridge_origin, options, resolver)
+    if policy_code:
+        return None, policy_code, policy_details, policy_message
+    return {
+        "url": normalized_capture_url(parsed),
+        "mode": "experience",
+        "waitMs": wait_ms,
+        "include": [item for item in INCLUDE_ORDER if item in include],
+        "viewports": viewports,
+        "options": options,
+        "protocolVersion": PROTOCOL_VERSION,
+    }, None, None, None
+
+
+def validate_final_url(value, bridge_origin, request):
+    final_request = {
+        "url": value,
+        "mode": request["mode"],
+        "waitMs": request.get("waitMs", 3000),
+        "include": request.get("include", []),
+        "viewports": request.get("viewports", []),
+        "options": {**request.get("options", {}), "allowPrivateNetworkTarget": request.get("options", {}).get("allowPrivateNetworkTarget") is True},
+    }
+    normalized, code, details, _message = normalize_capture_request(final_request, bridge_origin)
+    if normalized:
+        return normalized["url"], None, None
+    reason = "dns_lookup_failed" if code == "TARGET_DNS_LOOKUP_FAILED" else "invalid_final_url"
+    return None, "FINAL_URL_BLOCKED", details or {"reason": reason}
+
+
+def validate_target_network_address(value, request, from_cache=False, final_url=None):
+    if request.get("options", {}).get("allowPrivateNetworkTarget") is True:
+        return None, None
+    if value is None:
+        return None, None
+    if not isinstance(value, str):
+        return "INVALID_REQUEST", {"reason": "invalid_network_address"}
+    address = value.strip().strip("[]")
+    if not address:
+        return None, None
+    try:
+        ipaddress.ip_address(address)
+    except ValueError:
+        return "INVALID_REQUEST", {"reason": "invalid_network_address"}
+    try:
+        parsed_final_url = urlparse(final_url or request.get("url", ""))
+    except Exception:
+        parsed_final_url = None
+    final_hostname = parsed_final_url.hostname if parsed_final_url else ""
+    if is_private_host(address) and not (
+        is_proxy_reserved_host(address) and final_hostname and not is_ip_literal(final_hostname) and not is_private_host(final_hostname)
+    ):
+        return "FINAL_URL_BLOCKED", {"reason": "private_network_address"}
+    return None, None
diff --git a/build-scripts/build-injected.mjs b/build-scripts/build-injected.mjs
index 36ce4028..5edc0b0d 100644
--- a/build-scripts/build-injected.mjs
+++ b/build-scripts/build-injected.mjs
@@ -6,9 +6,19 @@ import { fileURLToPath } from 'node:url'
 const __dirname = fileURLToPath(new URL('.', import.meta.url))
 const root = resolve(__dirname, '..')
 
-const entries = ['page-detector', 'page-source-search']
+const allEntries = ['page-detector', 'page-source-search', 'experience-profiler']
+const requestedEntries = String(process.env.INJECTED_ENTRIES || '')
+  .split(',')
+  .map(entry => entry.trim())
+  .filter(Boolean)
+const entries = requestedEntries.length ? requestedEntries : allEntries
+const invalidEntries = entries.filter(entry => !allEntries.includes(entry))
+if (invalidEntries.length) {
+  console.error(`[build-injected] invalid INJECTED_ENTRIES: ${invalidEntries.join(', ')}`)
+  process.exit(1)
+}
 
-const outDir = resolve(root, 'public/injected')
+const outDir = resolve(root, process.env.INJECTED_OUT_DIR || 'public/injected')
 rmSync(outDir, { recursive: true, force: true })
 mkdirSync(outDir, { recursive: true })
 
@@ -17,8 +27,8 @@ for (const entry of entries) {
   const result = spawnSync('pnpm', ['exec', 'vite', 'build', '--config', 'vite.injected.config.ts'], {
     cwd: root,
     stdio: 'inherit',
-    env: { ...process.env, INJECTED_ENTRY: entry },
-    shell: true
+    shell: process.platform === 'win32',
+    env: { ...process.env, INJECTED_ENTRY: entry, INJECTED_OUT_DIR: outDir }
   })
   if (result.status !== 0) {
     process.exit(result.status ?? 1)
diff --git a/build-scripts/package-firefox.mjs b/build-scripts/package-firefox.mjs
index e77c62a7..e2e1ab3f 100644
--- a/build-scripts/package-firefox.mjs
+++ b/build-scripts/package-firefox.mjs
@@ -1,88 +1,243 @@
-import { cpSync, rmSync, readFileSync, writeFileSync, mkdirSync, existsSync, createWriteStream } from 'node:fs'
-import { resolve, dirname } from 'node:path'
-import { fileURLToPath } from 'node:url'
+import { cpSync, rmSync, readFileSync, writeFileSync, mkdirSync, existsSync, createWriteStream, readdirSync, statSync } from 'node:fs'
+import { basename, resolve, dirname, relative } from 'node:path'
+import { fileURLToPath, pathToFileURL } from 'node:url'
 import { createRequire } from 'node:module'
 import archiver from 'archiver'
 
 const require = createRequire(import.meta.url)
 const esbuild = require('esbuild')
+const defaultRoot = resolve(dirname(fileURLToPath(import.meta.url)), '..')
+const agentOnlySourceFiles = [
+  'stackprism-bridge.mjs',
+  'stackprism_bridge.py',
+  'capture-site.mjs',
+  'capture-site-args.mjs',
+  'capture-runtime.mjs',
+  'capture-screenshot-artifact.mjs',
+  'capture-store.mjs',
+  'http-handlers.mjs',
+  'http-server.mjs',
+  'open-browser.mjs',
+  'protocol.mjs',
+  'security.mjs',
+  'url-policy.mjs'
+]
+const agentOnlySourceFileSet = new Set(agentOnlySourceFiles)
+const agentOnlyPathPatterns = [/(?:^|\/)agent-skill(?:\/|$)/, /(?:^|\/)docs\/superpowers(?:\/|$)/, /(?:^|\/)tests(?:\/|$)/]
+const disallowedPackagePatterns = [...agentOnlyPathPatterns, /(?:^|\/)__pycache__(?:\/|$)/, /\.py[co]?$/]
+
+export async function packageFirefox({ root = defaultRoot, logger = console } = {}) {
+  const paths = firefoxPackagePaths(root)
+  copyDist(paths)
+  await bundleBackground(paths, logger)
+  await bundleContentScripts(paths, logger)
+  const manifest = writeFirefoxManifest(paths, logger)
+  assertFirefoxPackageHygiene(paths, manifest)
+  const xpiPath = await writeXpi({ root, firefoxDir: paths.firefoxDir, manifest, logger })
+  return { firefoxDir: paths.firefoxDir, manifestPath: paths.manifestPath, xpiPath }
+}
 
-const root = resolve(dirname(fileURLToPath(import.meta.url)), '..')
-const distDir = resolve(root, 'dist')
-const firefoxDir = resolve(root, 'dist-firefox')
+function pathBasename(value) {
+  return basename(String(value || '').replaceAll('\\', '/'))
+}
 
-if (!existsSync(distDir)) {
-  console.error('[package-firefox] dist/ not found, run `pnpm build` first')
-  process.exit(1)
+function isAgentOnlySourcePath(path) {
+  return agentOnlySourceFileSet.has(pathBasename(path))
 }
 
-rmSync(firefoxDir, { recursive: true, force: true })
-cpSync(distDir, firefoxDir, { recursive: true })
+function firefoxPackagePaths(root) {
+  const firefoxDir = resolve(root, 'dist-firefox')
+  return {
+    distDir: resolve(root, 'dist'),
+    firefoxDir,
+    manifestPath: resolve(firefoxDir, 'manifest.json')
+  }
+}
 
-// --- Bundle background script as IIFE ---
-// CRXJS outputs background as ES modules with code-split shared chunks.
-// Firefox background scripts don't support ES modules, so we rebundle
-// the entry point into a single IIFE via esbuild.
+function copyDist({ distDir, firefoxDir }) {
+  if (!existsSync(distDir)) {
+    throw new Error('[package-firefox] dist/ not found, run `pnpm build` first')
+  }
 
-const loaderPath = resolve(firefoxDir, 'service-worker-loader.js')
-const loaderCode = readFileSync(loaderPath, 'utf8')
-const entryMatch = loaderCode.match(/import\s+'\.\/(assets\/[^']+)'/)
-if (!entryMatch) {
-  console.error('[package-firefox] could not resolve service-worker-loader entry')
-  process.exit(1)
+  rmSync(firefoxDir, { recursive: true, force: true })
+  cpSync(distDir, firefoxDir, { recursive: true })
 }
 
-const entryPath = resolve(firefoxDir, entryMatch[1])
-const backgroundPath = resolve(firefoxDir, 'background.js')
+async function bundleBackground({ firefoxDir }, logger) {
+  // CRXJS outputs background as ES modules with code-split shared chunks.
+  // Firefox background scripts do not support ES modules, so rebundle one IIFE.
+  const loaderPath = resolve(firefoxDir, 'service-worker-loader.js')
+  const loaderCode = readFileSync(loaderPath, 'utf8')
+  const entryMatch = loaderCode.match(/import\s+'\.\/(assets\/[^']+)'/)
+  if (!entryMatch) {
+    throw new Error('[package-firefox] could not resolve service-worker-loader entry')
+  }
+
+  const entryPath = resolve(firefoxDir, entryMatch[1])
+  const backgroundPath = resolve(firefoxDir, 'background.js')
 
-await esbuild.build({
-  entryPoints: [entryPath],
-  bundle: true,
-  format: 'iife',
-  outfile: backgroundPath,
-  target: 'es2022',
-  platform: 'browser',
-  logLevel: 'warning'
-})
+  await esbuild.build({
+    entryPoints: [entryPath],
+    bundle: true,
+    format: 'iife',
+    outfile: backgroundPath,
+    target: 'es2022',
+    platform: 'browser',
+    logLevel: 'warning'
+  })
 
-console.log('[package-firefox] bundled background.js as IIFE')
+  logger.log('[package-firefox] bundled background.js as IIFE')
+}
 
-// --- Transform manifest.json ---
+async function bundleContentScripts({ firefoxDir, manifestPath }, logger) {
+  const manifest = JSON.parse(readFileSync(manifestPath, 'utf8'))
+  const contentScripts = Array.isArray(manifest.content_scripts) ? manifest.content_scripts : []
+  const rewritten = new Map()
 
-const manifestPath = resolve(firefoxDir, 'manifest.json')
-const manifest = JSON.parse(readFileSync(manifestPath, 'utf8'))
+  for (const script of contentScripts) {
+    if (!Array.isArray(script.js)) continue
+    script.js = await Promise.all(script.js.map(file => bundleContentScriptFile({ firefoxDir, file, rewritten })))
+  }
 
-if (manifest.background?.service_worker) {
-  manifest.background = { scripts: ['background.js'] }
+  if (!rewritten.size) return
+  writeFileSync(manifestPath, JSON.stringify(manifest, null, 2))
+  logger.log(`[package-firefox] bundled ${rewritten.size} content script loader(s) as Firefox IIFE files`)
 }
 
-manifest.browser_specific_settings = {
-  gecko: {
-    id: 'stackprism@setube.github.io',
-    strict_min_version: '128.0'
+async function bundleContentScriptFile({ firefoxDir, file, rewritten }) {
+  if (rewritten.has(file)) return rewritten.get(file)
+  const loaderPath = resolve(firefoxDir, file)
+  if (!existsSync(loaderPath)) throw new Error(`[package-firefox] content script file not found: ${file}`)
+
+  const loaderCode = readFileSync(loaderPath, 'utf8')
+  const entry = resolveContentScriptLoaderEntry(loaderCode)
+  if (!entry) return file
+
+  const outputFile = firefoxContentScriptOutputFile(file)
+  mkdirSync(resolve(firefoxDir, dirname(outputFile)), { recursive: true })
+  await esbuild.build({
+    entryPoints: [resolve(firefoxDir, entry)],
+    bundle: true,
+    format: 'iife',
+    outfile: resolve(firefoxDir, outputFile),
+    target: 'es2022',
+    platform: 'browser',
+    logLevel: 'warning'
+  })
+  rewritten.set(file, outputFile)
+  return outputFile
+}
+
+function resolveContentScriptLoaderEntry(loaderCode) {
+  const match = loaderCode.match(/chrome\.runtime\.getURL\(\s*["']([^"']+)["']\s*\)/)
+  return match?.[1]?.replace(/^\/+/, '') || null
+}
+
+function firefoxContentScriptOutputFile(file) {
+  const name = basename(file)
+    .replace(/(?:\.ts)?-loader(?:-[^.]+)?\.js$/i, '')
+    .replace(/[^A-Za-z0-9._-]+/g, '-')
+  return `firefox/${name || 'content-script'}.js`
+}
+
+function writeFirefoxManifest({ manifestPath }, logger) {
+  const manifest = JSON.parse(readFileSync(manifestPath, 'utf8'))
+
+  if (manifest.background?.service_worker) {
+    manifest.background = { scripts: ['background.js'] }
   }
+
+  if (Array.isArray(manifest.web_accessible_resources)) {
+    manifest.web_accessible_resources = manifest.web_accessible_resources.map(resource => {
+      const { use_dynamic_url: _useDynamicUrl, ...rest } = resource
+      return rest
+    })
+  }
+
+  manifest.browser_specific_settings = {
+    gecko: {
+      id: 'stackprism@setube.github.io',
+      strict_min_version: '128.0'
+    }
+  }
+
+  writeFileSync(manifestPath, JSON.stringify(manifest, null, 2))
+  logger.log('[package-firefox] manifest.json transformed')
+  return manifest
 }
 
-writeFileSync(manifestPath, JSON.stringify(manifest, null, 2))
-console.log('[package-firefox] manifest.json transformed')
+function assertFirefoxPackageHygiene({ firefoxDir }, manifest) {
+  const failures = []
+
+  if (Object.prototype.hasOwnProperty.call(manifest, 'externally_connectable')) {
+    failures.push('dist-firefox/manifest.json must not expose externally_connectable')
+  }
+
+  for (const resource of manifest.web_accessible_resources || []) {
+    for (const path of resource.resources || []) {
+      if (
+        agentOnlyPathPatterns.some(pattern => pattern.test(path)) ||
+        isAgentOnlySourcePath(path) ||
+        path.includes('experience-profiler.iife.js')
+      ) {
+        failures.push(`web_accessible_resources exposes agent-only path: ${path}`)
+      }
+    }
+  }
 
-// --- Package .xpi ---
+  for (const file of walkFiles(firefoxDir)) {
+    if (disallowedPackagePatterns.some(pattern => pattern.test(file)) || isAgentOnlySourcePath(file)) {
+      failures.push(`dist-firefox contains agent-only or test artifact: ${file}`)
+    }
+  }
 
-const releaseDir = resolve(root, 'release')
-if (!existsSync(releaseDir)) mkdirSync(releaseDir)
+  if (failures.length) {
+    throw new Error(`[package-firefox] Firefox artifact hygiene failed:\n${failures.map(failure => `- ${failure}`).join('\n')}`)
+  }
+}
 
-const version = manifest.version
-const xpiName = `stackprism-v${version}.xpi`
-const xpiPath = resolve(releaseDir, xpiName)
+function walkFiles(root, dir = root) {
+  const files = []
+  for (const entry of readdirSync(dir)) {
+    const fullPath = resolve(dir, entry)
+    if (statSync(fullPath).isDirectory()) {
+      files.push(...walkFiles(root, fullPath))
+      continue
+    }
+    files.push(relative(root, fullPath).replaceAll('\\', '/'))
+  }
+  return files
+}
 
-await new Promise((ok, reject) => {
-  const output = createWriteStream(xpiPath)
-  const archive = archiver('zip', { zlib: { level: 9 } })
-  output.on('close', ok)
-  archive.on('error', reject)
-  archive.pipe(output)
-  archive.glob('**', { cwd: firefoxDir, dot: true })
-  archive.finalize()
-})
+async function writeXpi({ root, firefoxDir, manifest, logger }) {
+  const releaseDir = resolve(root, 'release')
+  if (!existsSync(releaseDir)) mkdirSync(releaseDir)
+
+  const xpiName = `stackprism-v${manifest.version}.xpi`
+  const xpiPath = resolve(releaseDir, xpiName)
+
+  await new Promise((ok, reject) => {
+    const output = createWriteStream(xpiPath)
+    const archive = archiver('zip', { zlib: { level: 9 } })
+    output.on('close', ok)
+    archive.on('error', error => {
+      output.destroy()
+      reject(error)
+    })
+    archive.pipe(output)
+    archive.glob('**', { cwd: firefoxDir, dot: true })
+    archive.finalize()
+  })
+
+  logger.log(`[package-firefox] created release/${xpiName}`)
+  return xpiPath
+}
 
-console.log(`[package-firefox] created release/${xpiName}`)
+if (process.argv[1] && import.meta.url === pathToFileURL(resolve(process.argv[1])).href) {
+  try {
+    await packageFirefox()
+  } catch (error) {
+    console.error(error instanceof Error ? error.message : error)
+    process.exit(1)
+  }
+}
diff --git a/build-scripts/sync-docs-assets.mjs b/build-scripts/sync-docs-assets.mjs
index 8354001f..02482fdd 100644
--- a/build-scripts/sync-docs-assets.mjs
+++ b/build-scripts/sync-docs-assets.mjs
@@ -10,5 +10,5 @@ for (const [src, dst] of targets) {
   const dstPath = resolve(root, dst)
   mkdirSync(dirname(dstPath), { recursive: true })
   copyFileSync(srcPath, dstPath)
-  console.log(`synced ${src} → ${dst}`)
+  console.log(`synced ${src} -> ${dst}`)
 }
diff --git a/docs/.vitepress/config.ts b/docs/.vitepress/config.ts
index f37c15f0..9298be46 100644
--- a/docs/.vitepress/config.ts
+++ b/docs/.vitepress/config.ts
@@ -49,6 +49,7 @@ export default defineConfig({
           items: [
             { text: '概述', link: '/dev/' },
             { text: '架构概览', link: '/dev/architecture' },
+            { text: 'Agent Bridge', link: '/dev/agent-bridge' },
             { text: '规则文件格式', link: '/dev/rule-format' },
             { text: '检测流程', link: '/dev/detection-flow' },
             { text: '贡献规则', link: '/dev/contribute-rules' },
diff --git a/docs/config/categories.md b/docs/config/categories.md
index 6912ba37..1fb84089 100644
--- a/docs/config/categories.md
+++ b/docs/config/categories.md
@@ -4,31 +4,71 @@
 
 ## 全部分类
 
-| 分类              | 包含示例                                                                  |
-| ----------------- | ------------------------------------------------------------------------- |
-| 前端框架          | React、Vue、Angular、Next.js、Nuxt、Gatsby、Remix、SvelteKit、Astro       |
-| UI / CSS 框架     | Tailwind CSS、Bootstrap、Material UI、Ant Design、Element Plus、Chakra UI |
-| 构建运行时        | Webpack、Vite、Rollup、Parcel、esbuild、SWC、Turbopack、Bun               |
-| CDN / 托管        | Cloudflare、Akamai、Fastly、AWS CloudFront、Vercel、Netlify、jsDelivr     |
-| 后端框架          | Django、Flask、Rails、Laravel、Express、Koa、Spring、ASP.NET              |
-| 网站程序          | WordPress、Drupal、Discuz!、Typecho、ZBlog、phpBB、MediaWiki              |
-| 主题 / 模板       | WordPress 主题、Drupal 主题、CMS 模板路径反推                             |
-| 开发语言 / 运行时 | PHP、Node.js、Python、Ruby、Java、Go、Rust                                |
-| 统计 / 分析       | Google Analytics、百度统计、友盟、Plausible、Umami                        |
-| 第三方登录        | Google 登录、GitHub OAuth、微信登录、Auth0、Clerk                         |
-| 支付系统          | Stripe、PayPal、支付宝、微信支付、银联                                    |
-| 广告营销          | Google Ads、Facebook Pixel、TikTok Pixel                                  |
-| SaaS 服务         | Sentry、Mixpanel、Intercom、Crisp、HubSpot                                |
-| AI / 大模型       | Open WebUI、Dify、Flowise、Gradio、ComfyUI                                |
-| 探针 / 监控       | New Relic、Datadog、Pingdom、Hotjar                                       |
-| RSS / 订阅        | RSS、Atom、JSON Feed                                                      |
-| WordPress 插件    | 4500+ 个具名插件                                                          |
-| Drupal 模块       | 4000+ 个具名模块                                                          |
-| 安全与协议        | HTTPS、CSP、Service Worker                                                |
-| 其他库            | 自定义规则默认归类、未明确分类的兜底                                      |
-| ... 等共 23 类    |
-
-完整列表：`src/utils/category-order.ts` 的 `CATEGORY_ORDER` 数组。
+| 分类 | 包含示例 |
+| --- | --- |
+| 前端框架 | React、Vue、Angular、Next.js、Nuxt、Gatsby、Remix、SvelteKit、Astro |
+| UI / CSS 框架 | Tailwind CSS、Bootstrap、Material UI、Ant Design、Element Plus、Chakra UI |
+| 前端库 | jQuery、Axios、D3、Three.js、Chart.js |
+| 构建与运行时 | Webpack、Vite、Rollup、Parcel、esbuild、SWC、Turbopack、Bun |
+| CDN / 托管 | Cloudflare、Akamai、Fastly、AWS CloudFront、Vercel、Netlify、jsDelivr |
+| Web 服务器 | Nginx、Apache、Caddy、IIS、lighttpd |
+| 后端 / 服务器框架 | Django、Flask、Rails、Laravel、Express、Koa、Spring、ASP.NET |
+| 开发语言 / 运行时 | PHP、Node.js、Python、Ruby、Java、Go、Rust |
+| 数据基础设施 | Kibana、Elasticsearch、Redis、MongoDB、PostgreSQL 管理面板 |
+| 对象存储 / 文件存储 | AWS S3、MinIO、Cloudflare R2、七牛云、阿里云 OSS |
+| DevOps / 研发效能 | Jenkins、GitLab CI/CD、SonarQube、Sentry、LaunchDarkly |
+| 开发者工具 / 代码托管 | GitHub、GitLab、Bitbucket、CodeSandbox、StackBlitz |
+| 低代码 / 自动化 / 内部工具 | Retool、Appsmith、n8n、Zapier、Make |
+| 网站程序 | WordPress、Drupal、Discuz!、Typecho、ZBlog、phpBB、MediaWiki |
+| CMS / 电商平台 | Shopify、Magento、PrestaShop、Liferay Portal |
+| Headless CMS | Contentful、Sanity、Strapi、Storyblok |
+| 主题 / 模板 | WordPress 主题、Drupal 主题、CMS 模板路径反推 |
+| 网站源码线索 | WordPress 插件、Drupal 模块、源码路径和资源命名线索 |
+| 探针 / 监控 | New Relic、Datadog、Pingdom、Hotjar、Grafana |
+| 状态页 / 可用性监控 | Statuspage、Better Stack、UptimeRobot |
+| RSS / 订阅 | RSS、Atom、JSON Feed |
+| SaaS / 第三方服务 | Intercom、Crisp、HubSpot、Zendesk、Airtable |
+| AI / 大模型 | Open WebUI、Dify、Flowise、Gradio、ComfyUI |
+| 第三方登录 / OAuth | Google 登录、GitHub OAuth、微信登录、Auth0、Clerk |
+| 支付系统 | Stripe、PayPal、支付宝、微信支付、银联 |
+| 订阅计费 / 税务发票 | Chargebee、Paddle、Recurly、TaxJar |
+| 电子签名 / 合同 | DocuSign、Dropbox Sign、PandaDoc |
+| KYC / 反欺诈风控 | Stripe Identity、Persona、Sift、Riskified |
+| 会员积分 / 推荐返利 | ReferralCandy、Smile.io、Yotpo Loyalty |
+| 招聘 / ATS | Greenhouse、Lever、Workable |
+| 预约排程 | Calendly、Acuity Scheduling、Cal.com |
+| 活动 / 票务 | Eventbrite、Ticket Tailor、Luma |
+| 物流追踪 / 退货售后 | AfterShip、Shippo、Narvar |
+| 广告 / 营销 | Google Ads、Facebook Pixel、TikTok Pixel |
+| 统计 / 分析 | Google Analytics、百度统计、友盟、Plausible、Umami |
+| 分析与标签 | Google Tag Manager、Segment、Tealium |
+| 站内搜索 / 个性化推荐 | Algolia、Elastic Site Search、Constructor.io |
+| 评论 / 社区嵌入 | Disqus、Giscus、Discourse |
+| 评价 / UGC | Trustpilot、Yotpo Reviews、Bazaarvoice |
+| 产品引导 / 用户反馈 | Pendo、Userpilot、Canny、UserVoice |
+| 表单 / 问卷 | Typeform、Jotform、Formspree |
+| 隐私合规 / Cookie 同意 | OneTrust、Cookiebot、Iubenda |
+| 无障碍辅助 | UserWay、accessiBe、EqualWeb |
+| Web Push / 消息推送 | OneSignal、Firebase Cloud Messaging、PushEngage |
+| 短信 / 通信 API | Twilio、Vonage、MessageBird |
+| 电话 / 呼叫追踪 | CallRail、Aircall、Twilio Voice |
+| 邮箱验证 / 邮件校验 API | ZeroBounce、NeverBounce、Mailboxlayer |
+| 地址验证 / 地理编码 | Google Maps Platform、Mapbox、Loqate |
+| IP 地理位置 / IP 情报 | ipinfo、ipstack、MaxMind、ipdata |
+| 金融数据 / 汇率 API | Open Exchange Rates、Currencylayer、Plaid |
+| 天气 / 气象数据 | OpenWeather、WeatherAPI、Tomorrow.io |
+| 翻译 / 本地化 API | Lokalise、Phrase、Crowdin |
+| OCR / 文档智能 API | Veryfi OCR、Mindee、Google Document AI |
+| 文档生成 / 截图 API | ApiFlash、Urlbox、Bannerbear |
+| 媒体托管 / 图片处理 | Cloudinary、imgix、Mux |
+| 实时音视频 / 视频 SDK | Agora、Twilio Video、Daily |
+| Web3 钱包 / 链上基础设施 | WalletConnect、Alchemy、thirdweb |
+| 代码示例 / 在线 IDE 嵌入 | CodePen、StackBlitz、CodeSandbox |
+| 安全与协议 | HTTPS、CSP、Service Worker |
+| 其他库 | 自定义规则默认归类、未明确分类的兜底 |
+| ... 等共 60 类 | 完整列表见 `src/utils/category-order.ts` |
+
+完整列表：`src/utils/category-order.ts` 的 `CATEGORY_ORDER` 数组。该列表覆盖内置规则已使用的分类，并保留运行时内置检测和自定义规则的兜底分类。
 
 ## 全开 / 全关
 
@@ -37,8 +77,8 @@
 ## 关闭分类的常见用途
 
 - **只看技术栈，不看插件**：关「WordPress 插件」「Drupal 模块」，避免插件名把列表撑得太长
-- **只看后端不看前端**：关掉前端框架 / UI 框架 / 构建运行时
-- **过滤通用 SaaS**：关「广告营销」「统计 / 分析」聚焦核心技术栈
+- **只看后端不看前端**：关掉「前端框架」「UI / CSS 框架」「构建与运行时」
+- **过滤通用 SaaS**：关「广告 / 营销」「SaaS / 第三方服务」「统计 / 分析」聚焦核心技术栈
 
 ## 实现细节
 
diff --git a/docs/config/custom-css.md b/docs/config/custom-css.md
index c9b78a7b..3efd796c 100644
--- a/docs/config/custom-css.md
+++ b/docs/config/custom-css.md
@@ -51,7 +51,7 @@ body {
 - 设置页（options page）
 - 使用说明页（help page）
 
-不会影响普通网页 —— 这段 CSS 只在扩展自己的 UI 范围内生效。
+不会影响普通网页 - 这段 CSS 只在扩展自己的 UI 范围内生效。
 
 ## 调试技巧
 
diff --git a/docs/config/custom-rules.md b/docs/config/custom-rules.md
index e643e95c..c2135aa5 100644
--- a/docs/config/custom-rules.md
+++ b/docs/config/custom-rules.md
@@ -7,7 +7,7 @@
 | 字段                | 必填 | 说明                                                                                                       |
 | ------------------- | ---- | ---------------------------------------------------------------------------------------------------------- |
 | **技术名称**        | 是   | 弹窗里显示的名字，比如 `MyCMS`                                                                             |
-| **分类**            |      | 选一个内置分类（23 个）或自己输入新分类。默认「其他库」。Select 组件支持自由输入，分类列表里没有的也能写。 |
+| **分类**            |      | 选一个内置分类（60 个）或自己输入新分类。默认「其他库」。Select 组件支持自由输入，分类列表里没有的也能写。 |
 | **类型说明**        |      | 给自己看的注释，比如 `企业 CMS`、`第三方支付`。会显示在 evidence 前缀，可以为空。                          |
 | **置信度**          |      | 高 / 中 / 低，默认「中」                                                                                   |
 | **匹配方式**        |      | 关键词 / 正则表达式，默认「正则表达式」                                                                    |
@@ -40,7 +40,7 @@
 显示在页面底部，每条带：
 
 - 标题：规则的技术名称
-- 元信息：分类 · 类型 · 置信度 · 匹配方式 · N 条 patterns
+- 元信息：分类 / 类型 / 置信度 / 匹配方式 / N 条 patterns
 - 操作：「编辑」「删除」两个按钮（删除按钮 hover 变红）
 
 ## 验证规则
diff --git a/docs/config/index.md b/docs/config/index.md
index 1ba40ff2..43fce77e 100644
--- a/docs/config/index.md
+++ b/docs/config/index.md
@@ -2,17 +2,20 @@
 
 设置页可以通过弹窗顶部的「设置」按钮打开，或者在 `chrome://extensions/` 找到 StackPrism 卡片点「详情 → 扩展程序选项」。
 
-设置页分五块：
+设置页分六块：
 
-- [识别开关](./categories.md) — 23 个分类的启停（关掉后该分类的技术不再显示在弹窗里）
-- [禁用指定技术](./disabled-technologies.md) — 用名字精确屏蔽某些技术（无视分类）
-- [自定义弹窗样式](./custom-css.md) — 写一段 CSS 覆盖弹窗 / 设置页样式
-- [自定义规则](./custom-rules.md) — 用表单或 JSON 添加自己的识别规则
-- [规则 JSON 导入导出](./json-export.md) — 在多浏览器 / 多设备同步规则集合
+- [识别开关](./categories.md) - 60 个分类的启停（关掉后该分类的技术不再显示在弹窗里）
+- Agent Bridge - 启用后允许本机 Agent Bridge 读取当前浏览器可观测的技术与体验摘要；可人工确认放开所有网络目标
+- [禁用指定技术](./disabled-technologies.md) - 用名字精确屏蔽某些技术（无视分类）
+- [自定义弹窗样式](./custom-css.md) - 写一段 CSS 覆盖弹窗 / 设置页样式
+- [自定义规则](./custom-rules.md) - 用表单或 JSON 添加自己的识别规则
+- [规则 JSON 导入导出](./json-export.md) - 在多浏览器 / 多设备同步规则集合
 
 ## 配置存储位置
 
-所有配置存在 `chrome.storage.sync`，会随你登录的 Google / Edge 账号跨设备同步。Key 是 `stackPrismSettings`。如果不想同步，可以关闭浏览器自己的同步功能。
+识别开关、禁用列表、自定义样式和自定义规则存在 `chrome.storage.sync`，会随你登录的 Google / Edge 账号跨设备同步。Key 是 `stackPrismSettings`。如果不想同步，可以关闭浏览器自己的同步功能。
+
+Agent Bridge 启用状态和“允许所有网络目标”高风险开关是例外：它们只存在当前浏览器 profile 的 `chrome.storage.local`，不会随 Chrome sync 同步到其他设备、浏览器或 profile。换环境后需要重新显式开启。
 
 `chrome.storage.sync` 的容量上限是 100KB，单个 key 不超 8KB。这意味着：
 
diff --git a/docs/dev/agent-bridge.md b/docs/dev/agent-bridge.md
new file mode 100644
index 00000000..47596cfc
--- /dev/null
+++ b/docs/dev/agent-bridge.md
@@ -0,0 +1,147 @@
+# Agent Bridge
+
+Agent Bridge 让本机 AI Agent 在用户已安装并显式启用 StackPrism 扩展后，通过 `127.0.0.1` 本地 HTTP bridge 获取 `stackprism.site_experience_profile.v1`。
+
+## 数据流
+
+1. Agent 启动 `agent-skill/stackprism-site-experience/scripts/stackprism-bridge.mjs`，读取 stdout 中唯一 ready JSON。
+2. Agent 用 `apiToken` 调用 `POST /v1/captures` 创建采集任务。
+3. bridge 打开 `/bridge?session=...&capture=...&nonce=...`。
+4. `src/content/agent-bridge-client.ts` 只在 `http://127.0.0.1/*` 的 bridge 页面运行，读取 DOM config，向 background 发送 `AGENT_BRIDGE_HELLO`。
+5. background 校验 `chrome.storage.local` 中的 `agentBridgeEnabled` 后，打开或复用目标 tab，运行技术识别和 experience profiler。
+6. background 将 profile 分片发送回 bridge content script，content script 再同源 POST 给本地 bridge。
+7. Agent 轮询 status，并在 completed 后用 `apiToken` 读取 profile。
+
+## 用户门禁
+
+`agentBridgeEnabled` 是本机浏览器 profile 级 opt-in，只从 `chrome.storage.local` 生效。即使旧 `chrome.storage.sync` 中存在同名字段，也不得自动开启 Agent Bridge。
+
+`agentBridgeAllowAllNetworkTargets` 是同样只存在当前浏览器 profile 的高风险开关，默认关闭。用户在设置页保存开启时必须人工确认；开启后，扩展侧会允许 Agent Bridge 继续采集本机、私网、保留地址以及 DNS/proxy 映射到私网的目标。该开关不放开 `http:` / `https:` 之外的协议、不允许采集当前 bridge server 自身，也不改变本地 bridge 进程的创建阶段策略；repo-local helper 仍需显式传入 `--allow-private-network` 或 request option 才会在创建阶段接受私网目标。
+
+发布到 Chrome Web Store 或 Edge Add-ons 前，默认值必须保持 `false`，除非维护者完成隐私披露、用户文档和发布说明更新。
+
+发布前 disclosure 必须覆盖：
+
+- Agent Bridge 默认关闭，只能由用户在扩展设置中显式启用。
+- 启用后，扩展会把浏览器侧可观测的技术栈与体验摘要发送到用户本机 `127.0.0.1` bridge，供本机 Agent 读取。
+- StackPrism 不接收远程上传，不采集 Cookie、Authorization、localStorage/sessionStorage 明文或完整私密页面文本。
+- 第一版信任用户启动的本机 bridge 进程，不声称抵御同机恶意进程或同一浏览器 profile 中其他恶意扩展。
+
+## 信任边界
+
+- 本版本信任用户或 Agent 启动的本机 bridge 进程。
+- `127.0.0.1`、nonce、bridge 页面 meta 和 `bridgeToken` 只能绑定一次 capture，不能证明本机进程一定没有被同机恶意进程伪造。
+- DOM 中的 `bridgeToken` 不是对同浏览器 profile 中其他扩展保密的秘密。
+- 默认不采集 cookie、Authorization、localStorage/sessionStorage 明文、完整敏感 query 或页面全文。
+- Agent Bridge 不是浏览器级 SSRF 防火墙。private-network 校验用于拒绝创建 capture、停止采集和阻止 profile 交付，不保证导航前零网络触达。
+- “允许所有网络目标”只应在用户确认本机 Agent、bridge 进程和当前浏览器 profile 可信时短时开启；开启后 private-network fail-closed 保护不再作为扩展侧二次门禁生效。
+
+## 本地脚本
+
+以下 `agent-skill/...` 路径均以 StackPrism 仓库根目录为当前工作目录。Agent 若从其他目录启动，必须先切到 `<repo-root>`，或把脚本路径解析为绝对路径后再调用。bridge 脚本是 repo-local 工具，不是扩展发布产物，也不是全局命令。
+
+JavaScript bridge：
+
+```bash
+cd <repo-root>
+node agent-skill/stackprism-site-experience/scripts/stackprism-bridge.mjs
+```
+
+Python fallback：
+
+```bash
+cd <repo-root>
+python3 agent-skill/stackprism-site-experience/scripts/stackprism_bridge.py
+```
+
+Python fallback 基于标准库 HTTP server，定位是 Node 不可用时的兼容路径。长时间批量采集、重复压力测试或需要更可靠连接上限控制时优先使用 JavaScript bridge；如果 Python fallback 在本机连接堆积下超时，应停止子进程、重新启动 bridge 并重试，不复用半完成 capture。
+
+JavaScript bridge 与 Python fallback 的 bridge 页面 CSS 和客户端脚本必须保持字节级一致。修改 `agent-skill/stackprism-site-experience/scripts/bridge/bridge-page-assets.mjs` 时，必须同步更新 `agent-skill/stackprism-site-experience/scripts/stackprism_bridge_lib/bridge_page_assets.py`，并保留 `tests/stackprism_bridge_py.test.mjs` 中的资产一致性测试通过。
+
+测试环境可设置 `STACKPRISM_BRIDGE_NO_OPEN=1`，此时不会自动打开浏览器，但仍会返回 `bridgeUrl`。
+
+Agent 只读取 stdout 的第一条 ready JSON line，并应在 10 秒内完成解析。超时按 `BRIDGE_START_TIMEOUT`，非 JSON stdout 按 `BRIDGE_READY_PARSE_FAILED`，`protocolVersion` 不匹配按 `BRIDGE_PROTOCOL_UNSUPPORTED` 处理；这些失败都必须停止 bridge 子进程并等待退出。
+
+大型页面 profile 通过分片传回 bridge 页面。若采集中出现 `BRIDGE_TRANSPORT_DISCONNECTED`、`PROFILE_TRANSPORT_FAILED`、`PROFILE_CHUNK_MISSING` 或 `CAPTURE_TIMEOUT`，Agent 应将本次 capture 视为失败，停止当前 bridge 子进程后重启，并用 helper 的 `--include` 传入更小的范围或用 `--max-resource-urls` 降低资源 URL 上限后重试一次；不得从部分分片拼出“降级成功”的 profile。
+
+如果扩展安装在非默认浏览器或非默认用户 profile，设置 `STACKPRISM_BROWSER_OPEN_COMMAND` 指向平台 opener 或对应 Chrome 内核浏览器可执行文件，并把 opener/profile 参数放入 `STACKPRISM_BROWSER_OPEN_ARGS_JSON` 字符串数组。bridge URL 始终由脚本作为最后一个独立 argv 追加，不要写入环境变量或 shell 命令。
+
+`STACKPRISM_BROWSER_OPEN_COMMAND` 只放可执行文件或平台 opener，不能把命令参数拼进同一个字符串。示例：使用 `STACKPRISM_BROWSER_OPEN_COMMAND=open` 和 `STACKPRISM_BROWSER_OPEN_ARGS_JSON='["-a","Google Chrome"]'`，不要写成 `STACKPRISM_BROWSER_OPEN_COMMAND='open -a Google Chrome'`。profile 参数同样放在 args JSON 中，bridge URL 不需要也不允许由调用方追加。
+
+跨平台 browser open 口径：
+
+- macOS 默认使用 `open`；若系统默认浏览器不是安装 StackPrism 的 Chrome，可设置 `STACKPRISM_BROWSER_OPEN_COMMAND=open` 和 `STACKPRISM_BROWSER_OPEN_ARGS_JSON='["-a","Google Chrome"]'`。若还需要指定 Chrome profile，应把 command 改成 Chrome 可执行文件路径，并把 `--profile-directory=...` 放进 args JSON。
+- Windows 默认使用 command `rundll32.exe`，并由脚本内置 `url.dll,FileProtocolHandler` 参数；若需要指定 Chrome 或 Edge，使用完整 `.exe` 路径作为 `STACKPRISM_BROWSER_OPEN_COMMAND`，profile 参数放进 args JSON。
+- Linux 默认使用 `xdg-open`；若需要指定 Chrome/Chromium，使用 `google-chrome`、`chromium` 或绝对路径作为 `STACKPRISM_BROWSER_OPEN_COMMAND`，profile 参数放进 args JSON。
+
+## 发布产物 Hygiene
+
+`dist/` 只应包含扩展运行所需文件。发布前必须确认：
+
+- `dist/manifest.json` 不包含 `externally_connectable`。
+- `dist/` 不包含 `agent-skill/`、`docs/superpowers/`、`tests/`、Python 源文件、Python 字节码或本地 bridge server 源脚本。
+- `experience-profiler.iife.js` 默认不放入 `web_accessible_resources`。
+
+## Profile Schema 口径
+
+Agent Bridge 输出 schema 为 `stackprism.site_experience_profile.v1`。当前 profile 至少按以下口径消费：
+
+- `target`: 规范化目标、最终 URL、标题、`language`、viewport 摘要和 capture scope。`language` 来自页面 `documentElement.lang` 或 body `lang`，为空时保持空字符串，不推断用户身份或地区。
+- `browserContext`: user agent、扩展版本、采集时间、bridge protocol version、请求的 viewport 和扩展 capabilities。
+- `techProfile`: 现有 StackPrism 技术识别结果和实现参考说明。
+- `visualProfile`: 颜色、字体、间距、形状、阴影、密度、主题和响应式视觉摘要。`options.captureScreenshot = true` 且 `include` 包含 `visual` 时，扩展会用截图 data URL 把当前可见视口交给本机 bridge；bridge 保存 profile 时必须剥离 `dataUrl`，只保留临时内存截图资产和 `screenshot.downloadUrl`、`note`、生命周期字段。`capture-site.mjs` 会在 bridge 仍存活时下载截图，并把 `downloadUrl` 重写为本地 `file://` URL 与 `localPath`。
+- `layoutProfile`: landmarks、hero、grid、sticky、above-fold 和截图 metadata。`captureScreenshotMetadata = false` 时不得输出 bounding box、above-fold 细节或几何截图 metadata。
+- `componentProfile`: button、link、form、card、navigation、overlay 和 data display 模式。
+- `interactionProfile`: 仅记录 passive 可观察的 hover/focus/transition/animation/loading/scroll 线索，不点击、不提交表单、不主动打开隐藏菜单。
+- `uxProfile`: 一阶 UX 字段包含 `pagePurpose`、`primaryUserPath`、`informationHierarchy`、`ctaStrategy`、`trustSignals`、`navigationDepth`、`contentGrouping`、`frictionPoints` 和有限 `textSamples`。这些字段只来自 DOM 结构和短标签摘要，必须先脱敏 token-like 值、email、手机号、长数字和敏感 query。
+- `assetProfile`: script、style、resource domain、image/font hint、manifest、favicon 和资源 URL 脱敏摘要。
+- `evidence`、`limitations`: 记录来源覆盖、截断、未请求 section、不可访问 frame 或 shadow root 等边界。
+- `agentGuidance`: 给下游 Agent 的实现建议。当前包含摘要、优先级、注意事项和 `recreationPlan`。`recreationPlan` 把 profile 转成复刻执行层：`implementationOrder`、`designTokens`、`layoutBlueprint`、`componentInventory`、`interactionChecklist`、`uxChecklist`、`assetHints` 和 `verificationChecklist`。这些字段只引用已脱敏的 profile 内容，不能把缺失字段理解为目标站点不存在对应结构。
+
+下游 Agent 不得把 profile 当作页面完整拷贝。它是浏览器可观察事实和实现参考，不是后端私有实现或用户账号内容。截图像素只在 `captureScreenshot = true` 时显式采集，属于未做逐像素脱敏的可选视觉证据，不应用于登录态或私密页面。下载的 Profile JSON 是纯 JSON，不包含注释或截图 base64；如需查看实际视觉效果，Agent 应按 `visualProfile.screenshot.downloadUrl` 下载或打开图片。直接 bridge URL 只在本机 bridge 进程存活且 completed result TTL 未过期时有效；TTL 过期时 bridge 必须同时清理 profile 和临时内存截图资产。helper 写出的本地 `file://` 图片在文件被移动或删除前有效。用户在 bridge 页面手动下载的截图文件由浏览器下载目录管理，插件不会自动删除该文件。
+
+完成采集后，本地 bridge 页面会展示受限结果工作台：目标网址、截图预览、截图放大预览、下载截图、复制截图、复制 Markdown 摘要和分组 profile 内容卡片。该页面只能用 `bridgeToken` 读取 `GET /v1/captures/{id}` 的 status preview；preview 中的 `copyText` 和 `contentSummary` 由 bridge server 从已完成 profile 生成，并会脱敏 URL query、token-like id、email、手机号和 token 字段。页面不得使用 `bridgeToken` 读取 raw `/profile`，不得把 raw profile、截图 data URL、`apiToken`、`bridgeToken`、nonce 或完整敏感文本放进“一键复制全部信息”。复制截图依赖浏览器 Clipboard API，失败时必须显示错误，不得伪装成功。复制到剪切板或用户下载后的截图由浏览器/操作系统管理，不属于 StackPrism 自动清理范围。
+
+## Browser Smoke 场景
+
+默认 smoke 命令：
+
+```bash
+STACKPRISM_BROWSER_SMOKE_CDP_PORT=9661 node tests/agent-bridge-browser-smoke.mjs
+```
+
+当前默认成功路径使用本地 `tests/fixtures/site-experience-fixture.html`，并在 capture request 中显式设置 `allowPrivateNetworkTarget = true`。默认路径不再依赖 `https://example.com`，因为外部公网目标会受到当前网络、代理、DNS 和站点可用性影响。公网域名经本机代理或 TUN fake-IP 解析/连接到 `198.18.0.0/15` 时，默认策略允许采集；直接私网 IP、`localhost`、RFC1918、link-local、真实内网和其他 special-use 地址仍 fail closed，除非显式设置 `allowPrivateNetworkTarget = true`。
+
+smoke 结果按三类理解：
+
+- 默认 fixture 成功路径：证明扩展加载、opt-in、bridge handshake、target capture、profile transfer、profile endpoint、隐私脱敏和 cleanup 主链路。
+- 显式 public complex target：例如 `STACKPRISM_BROWSER_SMOKE_SCENARIO=public-complex-target STACKPRISM_BROWSER_SMOKE_TARGET_URL=https://www.wikipedia.org/ ...`。如果 resolver 或 Chrome network evidence 返回 `198.18.*`，默认策略会按本机代理/TUN fake-IP 场景允许该公网 hostname；这不等价于允许直接私网或真实内网目标。
+- private-network policy 场景：`private-target-blocked`、DNS/private final URL、bridge self-target 等场景证明 fail-closed 策略，不是浏览器级 SSRF 防火墙，也不保证导航前零网络触达。
+
+## Live Gate 边界
+
+以下 gate 不能仅凭本机单测或 fixture smoke 标记完成：
+
+- Chrome Web Store / Edge Add-ons 真实发布、升级链路和审核后台 disclosure 接受状态。
+- 运行中 capture 的 Chrome service worker 自然 idle eviction 精确触发。本机已有 fail-closed cleanup 证据，但当前 Chrome 行为未稳定触发该 live 分支。
+- incognito bridge 或 target tab 的精确 `INCOGNITO_NOT_SUPPORTED` live metadata 分支。当前单元测试覆盖该分支，CDP/`--incognito` probes 在本机表现为 `EXTENSION_NOT_CONNECTED` fail-closed skip。
+- 多网络、多 DNS、多目标站点的长时资源压力矩阵。
+
+发布 workflow 会在打包前检查 Agent Bridge 是否出现在 `dist/manifest.json` 的 loopback content script 或 loopback web accessible resource 中。若出现，则必须通过 workflow_dispatch 输入 `agent_bridge_disclosure_confirmed=true`，或在 GitHub Release 正文中包含已勾选的 `- [x] Agent Bridge disclosure confirmed`；否则工作流失败。该门禁只能防止未确认披露就上传 release 资产，不能替代 Chrome Web Store / Edge Add-ons 后台的真实审核和发布状态。
+
+## 验证命令
+
+```bash
+pnpm run build:injected
+pnpm run test:unit
+pnpm run lint
+pnpm run typecheck
+pnpm run docs:build
+pnpm run check:links
+node build-scripts/package-firefox.mjs
+node --check agent-skill/stackprism-site-experience/scripts/stackprism-bridge.mjs
+python3 -m py_compile agent-skill/stackprism-site-experience/scripts/stackprism_bridge.py agent-skill/stackprism-site-experience/scripts/stackprism_bridge_lib/*.py
+git diff --check
+```
+
+`pnpm run typecheck` 已包含 `vue-tsc --noEmit` 和 `pnpm run build`，因此会同时刷新 Chrome `dist/` 构建产物。`node build-scripts/package-firefox.mjs` 依赖已有 `dist/`，用于验证 Firefox manifest 转换、background rebundle、content script bundling、agent-only 产物卫生检查和 XPI 产物边界。验证后应清理或忽略 `dist/`、`dist-firefox/`、`release/`、`public/injected/`、`docs/.vitepress/dist/`、`docs/public/icon.svg` 与 Python `__pycache__`，不要把这些本地产物纳入提交。
diff --git a/docs/dev/architecture.md b/docs/dev/architecture.md
index d30255d4..3de2a32c 100644
--- a/docs/dev/architecture.md
+++ b/docs/dev/architecture.md
@@ -104,16 +104,16 @@ Chrome 扩展有四种执行环境，StackPrism 全部用上：
 
 8 种消息全部在 `src/types/messages.ts` 用 discriminated union 定义类型，所有调用走 `src/utils/messaging.ts` 的 `sendMessage<M>()` wrapper。
 
-| 消息                          | 方向          | 用途                                 |
-| ----------------------------- | ------------- | ------------------------------------ |
-| `GET_HEADER_DATA`             | popup → bg    | 拉取响应头记录                       |
-| `GET_POPUP_RESULT`            | popup → bg    | 拉取轻量缓存（弹窗主显示）           |
-| `GET_POPUP_RAW_RESULT`        | popup → bg    | 拉取完整 raw（原始线索 / 纠错反馈）  |
-| `GET_TECH_LINK`               | popup → bg    | 兜底查询某技术的官网链接             |
-| `START_BACKGROUND_DETECTION`  | popup → bg    | 「刷新」按钮触发主动检测             |
-| `GET_WORDPRESS_THEME_DETAILS` | bg internal   | 抓取主题 style.css header            |
-| `DYNAMIC_PAGE_SNAPSHOT`       | content → bg  | content script 持续上报动态快照      |
-| `PAGE_DETECTION_RESULT`       | injected → bg | page-detector 注入完返回结果         |
+| 消息                          | 方向          | 用途                                |
+| ----------------------------- | ------------- | ----------------------------------- |
+| `GET_HEADER_DATA`             | popup → bg    | 拉取响应头记录                      |
+| `GET_POPUP_RESULT`            | popup → bg    | 拉取轻量缓存（弹窗主显示）          |
+| `GET_POPUP_RAW_RESULT`        | popup → bg    | 拉取完整 raw（原始线索 / 纠错反馈） |
+| `GET_TECH_LINK`               | popup → bg    | 兜底查询某技术的官网链接            |
+| `START_BACKGROUND_DETECTION`  | popup → bg    | 「刷新」按钮触发主动检测            |
+| `GET_WORDPRESS_THEME_DETAILS` | bg internal   | 抓取主题 style.css header           |
+| `DYNAMIC_PAGE_SNAPSHOT`       | content → bg  | content script 持续上报动态快照     |
+| `PAGE_DETECTION_RESULT`       | injected → bg | page-detector 注入完返回结果        |
 
 ## 注入脚本的双轨问题
 
diff --git a/docs/dev/detection-flow.md b/docs/dev/detection-flow.md
index 3f135313..a64b5bfc 100644
--- a/docs/dev/detection-flow.md
+++ b/docs/dev/detection-flow.md
@@ -103,6 +103,49 @@ const runActivePageDetection = async tabId => {
 }
 ```
 
+## Agent Bridge 采集流程
+
+Agent Bridge 不复用弹窗按钮作为触发入口。它由本机 bridge 页面上的专用 content script 发起，background 在校验本机 opt-in、bridge 页面身份和 capture request 后，临时接管目标 tab 完成一次 site experience profile 采集。
+
+```text
+Agent 启动本机 bridge 脚本
+  ↓
+POST /v1/captures 创建 capture，得到一次性 bridgeUrl
+  ↓
+浏览器打开 http://127.0.0.1:{port}/bridge?... 页面
+  ↓
+agent-bridge-client.ts 校验 /bridge path、meta、session、capture、nonce、protocolVersion
+  ↓
+AGENT_BRIDGE_HELLO 发给 background
+  ↓
+background 校验 chrome.storage.local 中 agentBridgeEnabled 为 true
+  ↓
+bridge content script 读取 /v1/captures/{id}/request
+  ↓
+START_AGENT_CAPTURE 交给 background/agent-capture.ts
+  ↓
+打开或复用目标 tab，等待主 frame load 完成
+  ↓
+先把 finalUrl 写回 bridge，由 bridge server 执行最终 URL 策略校验
+  ↓
+finalUrl 通过后才运行技术检测和 experience-profiler
+  ↓
+profile 分片发回 bridge content script
+  ↓
+bridge content script 校验 chunk、sha256、session/capture/nonce 后同源 POST profile
+  ↓
+Agent 用 apiToken 读取 /v1/captures/{id}/profile
+```
+
+这个流程的关键边界：
+
+- `agentBridgeEnabled` 只从 `chrome.storage.local` 读取，sync 旧字段不能自动开启。
+- bridge tab、`/bridge` 页面和 `/v1/captures/*` 请求不写入普通 `tab-store`、popup 缓存、badge 或 dynamic snapshot。
+- bridge content script 不持有 `apiToken`；background 不持久化 `bridgeToken`。
+- `target_loaded` 的 final URL 被 bridge 接受前，不注入主动检测脚本或 experience profiler。
+- profile 回传走 bridge content script 同源 POST，不由 background 直接跨 origin fetch localhost。
+- 未完成 capture 的 deadline、tab ownership 和 cleanup 锚点写入 `chrome.storage.session`；service worker 重启后只能 fail closed，不伪造完成。
+
 ## 动态采集节流
 
 content-observer 端：
diff --git a/docs/dev/index.md b/docs/dev/index.md
index f27d88f2..f4b03946 100644
--- a/docs/dev/index.md
+++ b/docs/dev/index.md
@@ -7,6 +7,7 @@
 - [架构概览](./architecture.md) — 项目目录结构、各模块职责、数据流
 - [规则文件格式](./rule-format.md) — `public/rules/` 下 JSON 怎么组织，nested groups + defaults 继承
 - [检测流程](./detection-flow.md) — 从 webRequest / 页面注入到弹窗渲染走过哪些环节
+- [Agent Bridge](./agent-bridge.md) — 本地 loopback bridge、扩展握手、profile 回传和信任边界
 - [贡献规则](./contribute-rules.md) — 怎么往内置规则集合加新技术
 - [构建与发布](./release.md) — 本地构建、打包、签 crx、发布工作流
 
diff --git a/docs/dev/release.md b/docs/dev/release.md
index 14b8cef8..56a0134c 100644
--- a/docs/dev/release.md
+++ b/docs/dev/release.md
@@ -63,17 +63,25 @@ git push origin main
 
 1. 在 GitHub UI 发布一个 release（`release: published` 事件）
 2. 在 Actions 页面手动跑 workflow_dispatch（可选传 release_tag input）
+   - 如果本版本包含 Agent Bridge，必须同时勾选 `agent_bridge_disclosure_confirmed`
 
 工作流做的事：
 
 1. checkout + 安装 pnpm + Node 20
 2. `pnpm install --frozen-lockfile`
-3. `pnpm run build`
-4. 从 `dist/manifest.json` 读 version，校验与 release tag 一致
-5. 把 `dist/` 整个 zip 成 `stackprism-v{ver}.zip` + sha256
-6. **如果配置了 secret `EXTENSION_PRIVATE_KEY`**，再用 `npx crx3` 签名出 `stackprism-v{ver}.crx` + sha256；否则跳过 crx 仅传 zip
-7. `gh release upload --clobber` 把所有产物上传到 release tag
-8. `actions/upload-artifact` 同时备一份 artifact
+3. `pnpm run lint`
+4. `pnpm run build:injected`
+5. `pnpm run test:unit`
+6. `pnpm run typecheck`，该脚本会执行 `vue-tsc --noEmit` 并刷新 `dist/`
+7. `pnpm run docs:build`
+8. `pnpm run build`，发布前再次刷新扩展产物
+9. 校验 `dist/` 发布边界：`manifest.json` 不含 `externally_connectable`，`web_accessible_resources` 不暴露 agent-only 入口或 profiler，`dist/` 不包含 `agent-skill/`、`docs/superpowers/`、`tests/`、Python 源文件/字节码、repo-local JS bridge helper 源文件或本地 bridge server 入口
+10. 如果 `dist/manifest.json` 包含 Agent Bridge 的 `http://127.0.0.1/*` content script 或 web accessible resource，校验商店隐私披露确认：workflow_dispatch 必须勾选 `agent_bridge_disclosure_confirmed`，release 事件的 release note 必须包含 `- [x] Agent Bridge disclosure confirmed`
+11. 从 `dist/manifest.json` 读 version，校验与 release tag 一致
+12. 把 `dist/` 整个 zip 成 `stackprism-v{ver}.zip` + sha256
+13. **如果配置了 secret `EXTENSION_PRIVATE_KEY`**，再用 `npx crx3` 签名出 `stackprism-v{ver}.crx` + sha256；否则跳过 crx 仅传 zip
+14. `gh release upload --clobber` 把所有产物上传到 release tag
+15. `actions/upload-artifact` 同时备一份 artifact
 
 ## 发布说明
 
@@ -86,6 +94,14 @@ git push origin main
 
 发布说明只写用户或维护者关心的变化，不写本地跑了哪些格式化、类型检查、lint 或构建命令。
 
+如果本版本包含 Agent Bridge，release note 必须显式包含下面这行；工作流会在打包前读取 release body，没有勾选就失败：
+
+```markdown
+- [x] Agent Bridge disclosure confirmed
+```
+
+这行只能在维护者已经更新 Chrome Web Store / Edge Add-ons 后台隐私披露、数据用途说明、用户可见说明和 release note 后勾选。它不是代码测试结果，也不能代替商店后台的实际审核状态。
+
 ## CRX 签名密钥
 
 第一次发布前需要生成一个 RSA 私钥，并把它配置到 GitHub repository secrets。
@@ -120,6 +136,8 @@ openssl genrsa -out extension.pem 2048
 - [ ] `pnpm run lint` 通过
 - [ ] `pnpm run build` 通过
 - [ ] 在 chrome 里加载 `dist/` 手动测试关键路径（弹窗打开、识别一个站点、刷新、复制完整技术栈报告、设置页加规则）
+- [ ] 如果本轮涉及 Agent Bridge，运行 bridge smoke test，并确认 `dist/` 不包含 `agent-skill/`、`docs/superpowers/`、`tests/`、Python 源文件/字节码、repo-local JS bridge helper 源文件或本地 bridge server 入口
+- [ ] 如果发布 Agent Bridge，Chrome Web Store / Edge Add-ons 的隐私披露、数据用途说明、用户可见说明和 release note 已同步更新，明确 profile 会发送到用户本机 loopback bridge 供本地 Agent 读取，但不会发送到 StackPrism 远程服务器；随后 workflow_dispatch 勾选 `agent_bridge_disclosure_confirmed`，或在 release note 中加入 `- [x] Agent Bridge disclosure confirmed`
 - [ ] 把 `package.json` 的 version bump
 - [ ] git commit + push
 - [ ] 如果版本符合 release 节点，在 GitHub UI 发布 release（tag 为 `v{version}`，与 package.json 对齐）
@@ -132,3 +150,7 @@ openssl genrsa -out extension.pem 2048
 1. 把 `dist/` 文件夹打成 zip（同工作流的 zip 产物）
 2. [Chrome Web Store Developer Dashboard](https://chrome.google.com/webstore/devconsole) → 上传新版本
 3. 填变更说明，等审核（通常 1-3 工作日）
+
+若本版本包含 Agent Bridge，还必须在 Chrome Web Store 和 Edge Add-ons 后台同步隐私披露与数据用途说明：该能力默认关闭，用户显式启用后会把浏览器侧可观测的技术栈与体验摘要发送到用户本机 `127.0.0.1` bridge，供本机 Agent 读取；StackPrism 不接收远程上传。
+
+工作流只能检查维护者是否做了发布确认，不能自动验证 Chrome Web Store 或 Edge Add-ons 后台是否已经接受披露。商店后台状态仍以人工登录 dashboard 后看到的实际审核和发布状态为准。
diff --git a/docs/guide/basic-usage.md b/docs/guide/basic-usage.md
index 45062316..b8214b5e 100644
--- a/docs/guide/basic-usage.md
+++ b/docs/guide/basic-usage.md
@@ -28,11 +28,11 @@
 ## 分类过滤栏
 
 ```text
-[ 重点 5  全部 22 ]    [ 选择分类 ▾ ]
+[ 重点 5  全部 22 ]    [ 选择分类 ]
 ```
 
 - 左侧是 segment 切换器，「重点」只列高置信度结果，「全部」列全部
-- 右侧是分类下拉，23 个分类（前端框架 / UI 框架 / CDN / 网站程序 / ...），选具体某个分类只显示该分类的结果。每个选项后面带计数（如「网站程序 · 4」）
+- 右侧是分类下拉，60 个分类（前端框架 / UI / CSS 框架 / CDN / 托管 / 网站程序 / ...），选具体某个分类只显示该分类的结果。每个选项后面带计数（如「网站程序: 4」）
 
 ## 技术列表
 
@@ -69,3 +69,15 @@ React                                         [高置信度]
 弹窗整体高度锁定 600px，只有**技术列表区域**自己滚动。顶部工具栏、概览、分类过滤栏始终可见。
 
 列表向下滚超过约 240px 时右下角浮出一个圆形按钮（向上箭头），点击平滑滚回顶部。
+
+## Agent Bridge
+
+Agent Bridge 是面向本机 AI Agent 的可选能力。启用后，本机 Agent 可以通过 `127.0.0.1` bridge 读取当前浏览器可观测的技术栈、视觉、布局、组件、交互和资源摘要，用于生成相似体验的实现方案。
+
+该能力默认关闭，需要在设置页显式开启。启用状态只保存在当前浏览器 profile 的本机 `chrome.storage.local`，不会随 Chrome sync 同步到其他设备或其他 profile；换设备、换浏览器 profile 或重装扩展后需要重新开启。
+
+如果需要采集本机开发站点、内网、保留地址，或当前 DNS/proxy 会把公网域名映射到私网地址，可以在设置页人工确认开启“允许所有网络目标”。该开关仅放开 Agent Bridge 网络目标门禁，不改变 `http:` / `https:` 协议限制，也不允许采集 bridge 页面自身。
+
+Agent Bridge 使用 passive capture，不会点击页面、提交表单、登录账号或执行破坏性操作。`viewports` 只写入 profile 请求上下文，不是 CDP 移动仿真或真实手机截图。它不会要求您点击插件按钮、复制 JSON 或下载文件，但本版本信任您本机启动的 bridge 进程，不防同机恶意进程或同浏览器 profile 中其他恶意扩展。
+
+repo-local skill 脚本路径以仓库根目录为基准，Agent 从其他目录启动时应先切到 `<repo-root>` 或使用绝对脚本路径。如果 StackPrism 安装在非默认浏览器或非默认 profile，本机 Agent 需要设置 `STACKPRISM_BROWSER_OPEN_COMMAND` 指向平台 opener 或对应 Chrome 内核浏览器，并通过 `STACKPRISM_BROWSER_OPEN_ARGS_JSON` JSON 字符串数组传入 opener/profile 参数；不要把参数拼进 command 字符串，bridge URL 永远由脚本作为最后一个参数追加。macOS 可用 `open` 加 `["-a","Google Chrome"]` 指定 Chrome；Windows 应使用目标浏览器 `.exe` 路径；Linux 可用 `xdg-open` 或 `google-chrome`/`chromium` 可执行文件。未启用时会返回 `AGENT_BRIDGE_DISABLED`，打开到未安装扩展的浏览器或 profile 时通常会返回 `EXTENSION_NOT_CONNECTED`，这些都是需要用户处理的配置错误，不应由 Agent 静默重试或降级。
diff --git a/docs/reviews/CR-AGENT-BRIDGE-COMPLETION-AUDIT-2026-05-24.md b/docs/reviews/CR-AGENT-BRIDGE-COMPLETION-AUDIT-2026-05-24.md
new file mode 100644
index 00000000..e7d7a570
--- /dev/null
+++ b/docs/reviews/CR-AGENT-BRIDGE-COMPLETION-AUDIT-2026-05-24.md
@@ -0,0 +1,417 @@
+# CR-AGENT-BRIDGE-COMPLETION-AUDIT-2026-05-24
+
+## Scope
+
+本审计围绕 `docs/superpowers/plans/2026-05-21-stackprism-agent-bridge-plan.md`，检查当前 Agent Bridge 功能代码是否达到计划目标、实现是否完善、严谨、安全。
+
+审计对象包括：
+
+- 本地 JS bridge 和 Python fallback HTTP/API 实现。
+- MV3 扩展端 opt-in、bridge handshake、background capture 编排、profile transfer、目标 tab 生命周期处理。
+- experience profiler、site experience profile builder、隐私脱敏和 limitations 输出。
+- repo-local skill、用户/开发/隐私/发布文档、release workflow 和 `dist/` 发布边界。
+- 单元测试、Chrome for Testing browser smoke、构建、文档构建、格式和外部 CodeRabbit review 结果。
+
+## Verdict
+
+当前实现已经覆盖 Agent Bridge 第一版的主链路，并且主链路在本地自动化与真实 Chrome for Testing smoke 中通过：用户 opt-in、bridge token 一次性渲染、目标采集、profile 分片传输、敏感信息脱敏、取消/关闭/reload/worker stop 等关键路径都有证据。
+
+但不能把整份计划判定为“所有目标均已完成”。计划中 Task 10 的 live E2E 矩阵仍有部分要求只有单元测试或文档风险说明覆盖，缺少真实浏览器/商店发布侧证据。当前结论是：核心功能可用且安全边界基本严谨；完整计划仍有未实证项，不能标记全量完成。商店披露风险已被发布 workflow 升级为打包前人工确认硬门禁，但外部 dashboard 的审核和 rollout 状态仍不能由 worktree 自动证明。
+
+## Proven By Current Evidence
+
+- Opt-in gate：`agentBridgeEnabled` 只从 `chrome.storage.local` 生效；legacy sync `agentBridgeEnabled: true` 在 smoke 中被忽略，未开启时返回 `AGENT_BRIDGE_DISABLED`，不产生 profile，且本地 probe target 的请求数为 0，证明未开启时不会打开或抓取目标 URL。读取 `chrome.storage.local` 失败时现在 fail closed 为 disabled，不会退回 sync 或默认开启。运行中关闭本机 `agentBridgeEnabled` 已由单元测试和独立 Chrome smoke 覆盖：capture fail closed 为 `AGENT_BRIDGE_DISABLED`，profile endpoint 返回 409，插件创建的目标 tab 被清理；单元测试还覆盖该关闭动作不会被普通 badge refresh 延迟。
+- Bridge API：JS/Python 均有 Bearer token、Host 校验、Origin/Referer/Sec-Fetch 校验、no-store/nosniff/no-referrer、一次性 bridge token render、hostile query/fragment 和 terminal error message 不反射、failed status error payload 脱敏、failed status 未知错误码拒绝、status/profile/control scope、documented identifier fixture validation、browser-open invalid args capture-time contract、bridge URL single-argv spawn boundary、completed control 返回 stop 命令、rate limit、terminal DELETE guard、同一 capture 并发 profile POST 序列化和 strict request-shell 拒绝测试；request-shell 覆盖 missing Host、wrong host/port、IPv6 host、absolute-form、`CONNECT` authority-form、encoded slash/backslash、duplicate bridge query、duplicate sensitive headers、unsupported transfer/content encoding 和 invalid content length；missing Host 回归测试先复现 JS 返回 Node 默认空 `400`，修复后 JS/Python 均返回统一 JSON `400 / INVALID_REQUEST`；authority-form 回归测试先复现 JS 空响应和 Python 标准库 `501` HTML，修复后两端都返回统一 JSON `400 / INVALID_REQUEST`，不会进入业务 routing；status/request/control/profile 端点响应头有 no-store/nosniff 契约测试，profile 响应另有 no-referrer 契约测试；`GET /request` 响应 shape 现在由 JS/Python 测试锁定为只含 `captureId`、`sessionId`、`nonce`、`protocolVersion` 和 `request`，content-side request envelope validator 也拒绝未知 key，避免 token、profile body 或 callback URL 进入扩展启动路径；`/bridge` HTML 响应有 no-store/no-referrer/nosniff、DENY frame、COOP、minimal Permissions-Policy、无 `unsafe-inline` CSP 和 script/style nonce 一致性契约测试；JS/Python 单元测试现在还覆盖真实 `bridgeUrl` 在跨站 `Referer` 和 `Sec-Fetch-Site: cross-site` 下返回 `403 / ORIGIN_NOT_ALLOWED`、响应不含 `spbt_`，且同 URL 后续正常顶层打开仍可首次渲染 token，证明跨站探测不会消耗一次性 token。Chrome smoke 追加覆盖攻击页 iframe 嵌入尝试：父 DOM 和可访问 frame 文档均不含 `spbt_`，随后顶层首次 `/bridge` 渲染仍返回 200 且包含一次性 `bridgeToken`，证明 iframe 尝试没有触发 token render/claim。`host-validation` smoke 又在真实 JS bridge 进程上用原始 TCP 请求覆盖 `/health`、`/bridge` 和 Bearer status endpoint：正确 `127.0.0.1:{port}` Host 可用，`localhost:{port}`、错误端口和 `[::1]:{port}` 被拒绝为 `INVALID_REQUEST`，错误 Host 的 `/bridge` 不泄露或消耗 bridge token。`response-headers-cors` smoke 在真实 JS bridge 进程上补充覆盖 capture status GET、request GET、control GET、status POST 和 profile GET 响应头，验证 JSON 端点返回 no-store/nosniff，profile 返回 `Referrer-Policy: no-referrer`，`OPTIONS /v1/captures` 不返回 `Access-Control-Allow-*`，带跨站 Origin、Referer 或 `Sec-Fetch-Site: cross-site` 的敏感请求均返回 `403 / ORIGIN_NOT_ALLOWED`，且 target probe request count 保持 0。
+- Capture concurrency：JS/Python bridge 单元测试和扩展编排单元测试覆盖 `CAPTURE_BUSY`；独立 Chrome smoke 进一步证明真实扩展运行中已有一个 slow-fixture capture 持有目标 tab 时，第二个 capture 返回 `429 / CAPTURE_BUSY`，取消第一个 capture 后 profile endpoint 返回 409 且 owned target tab 不再可见。
+- Target policy：URL schema、credential、fragment、query-preserving match、private/DNS policy、bridge self-target、final URL blocking 均有单元测试；fixture DNS 使用假 resolver，并新增 `198.18.0.12` benchmark-address、IPv4/IPv6 special-use address、以及 Python `ipaddress` public exception fixtures 锁定 JS/Python policy parity。扩展编排测试还覆盖 `TARGET_INJECTION_FAILED` 会携带有界且脱敏的 `details.reason`。Chrome smoke 进一步覆盖未开启 `allowPrivateNetworkTarget` 时本机私网初始 URL 在创建阶段被拒绝为 `PRIVATE_NETWORK_TARGET_BLOCKED / private_network_address` 且不触达目标 server，也覆盖当前 resolver 将 `stackprism-browser-smoke.invalid` 映射到 `198.18.0.12` 时创建阶段 fail-closed，还覆盖本机允许初始 URL 经 302 重定向到 bridge origin 后，被真实扩展按最终 URL 策略拒绝为 `FINAL_URL_BLOCKED / invalid_final_url`。新增 `dns-lookup-failed` smoke 用真实 JS bridge 生产 resolver 证明 oversized-label hostname 返回 `ENOTFOUND` 时创建阶段拒绝为 `TARGET_DNS_LOOKUP_FAILED / dns_lookup_failed`，且 `activeCapturesAfterReject = 0`。新增 final-private-url smoke 使用公网 IP 字面量初始 URL 经本机 HTTP proxy 真实跳转到 `127.0.0.1` final URL，确认 bridge 在 `target_loaded` 后拒绝为 `FINAL_URL_BLOCKED / private_network_address`、profile endpoint 为 409、owned target tab 已清理；final-dns-policy smoke 则使用同样的公网 IP 初始 URL 经 proxy 真实跳转到 `stackprism-browser-smoke.invalid` final URL，确认当前 resolver 分支在 `target_loaded` 后拒绝为 `FINAL_URL_BLOCKED / private_network_address`；final-dns-lookup-failed smoke 使用同样公网 IP 初始 URL 经 proxy 跳转到 oversized-label hostname final URL，确认 bridge 在 `target_loaded` 后拒绝为 `FINAL_URL_BLOCKED / dns_lookup_failed`、profile endpoint 为 409、owned target tab 已清理；target-navigated-away smoke 在 `target_loaded` 后通过扩展 API 将目标 tab 导航到同源不同路径，确认 Agent 端返回 `TARGET_NAVIGATED_AWAY`、profile endpoint 为 409、owned target tab 已清理；target-load-failed smoke 用真实 Chrome 访问会主动断连的本机 fixture，确认 main-frame load failure 返回 `TARGET_LOAD_FAILED`、profile endpoint 为 409、owned target tab 已清理；target-load-timeout smoke 用真实慢响应 fixture 证明目标页加载超过 capture 上限时 Agent 端返回 `TARGET_LOAD_TIMEOUT`，不会退化成浏览器错误页 profile 或泛化 `CAPTURE_TIMEOUT`。真实 Chrome 下也覆盖 `reuse_or_new_tab` 对同 origin/path 但 query 不同的既有 tab 不复用、`active_tab` 对 query 不同的前一 active tab 返回 `ACTIVE_TAB_MISMATCH`。
+- Extension orchestration：background 校验 sender tab/window/url/session/capture/nonce，普通消息隔离 bridge tab；incognito bridge URL 也按 bridge tab 处理，普通 runtime message 会在读取检测缓存前被拒绝；Agent Bridge 页判定现在要求 `127.0.0.1/bridge` 同时具备严格的 `session`、`capture`、`nonce` query 形态，普通本机 `/bridge` 页面不再被排除在常规检测之外；已登记 bridge session 的 `/v1/captures/*` API tab 不能通过普通 runtime、popup/options 或普通后台检测入口读取或触发普通检测缓存；`/v1/captures/*` 的 `webRequest` 和 `webNavigation` 跳过逻辑绑定到 bridge tab 或已登记 bridge session origin，普通本地同路径 API 不会被误跳过；`AGENT_BRIDGE_HELLO` 和 `START_AGENT_CAPTURE` 缺少 required capabilities 时在 background 验证阶段返回 `NOT_SUPPORTED` 和缺失能力名，且不会解析或打开目标 tab；`START_AGENT_CAPTURE` 含 `bridgeToken`、callback URL 或 profile wrapper 时会在 background 校验阶段显式返回 forbidden `INVALID_REQUEST`，不会解析目标 tab 或创建 capture state；本轮新增 RED/GREEN 覆盖 unknown top-level start payload 早期拒绝后仍残留 bridge session 的缺口，修复后目标解析前的 request validation、opt-in disabled、busy、incognito 和 target-resolution failure 均复用同一 bridge-session cleanup path；bridge content client 在 request envelope 绑定信息与页面 config 不一致时同源 POST `failed / BRIDGE_REQUEST_MISMATCH`，且不会向 background 发送 `AGENT_BRIDGE_HELLO` 或 `START_AGENT_CAPTURE`；同一测试还断言 content client 读取 request 时带 Bearer token，status POST 同时带 `Authorization: Bearer {bridgeToken}` 和 `Content-Type: application/json`；content bridge config 的 JSON 解析失败和非整数 `protocolVersion` 均归一为 `INVALID_REQUEST`；content observer 主动注入不再依赖 manifest 第一个 content script，而是按文件名定位普通 observer，Agent capture 路径在 observer 注入失败时显式失败为 `TARGET_INJECTION_FAILED`；profile 走 bridge content script 同源 POST，不直接由 background 跨 origin fetch localhost。
+- Profile transfer：Port handshake、384 KiB chunk、ACK、sha256、缺片、非法 payload、mismatch、断连和大 profile multi-chunk 均有自动化或 browser smoke 证据；本轮新增 RED/GREEN 锁定 BEGIN/COMPLETE hash 绑定，content 侧现在保存 BEGIN 宣告的 `sha256`，并要求 COMPLETE metadata 与实际 bytes 都匹配该原始 hash，不能在完成阶段改写 hash 后提交 profile；本轮还补强 BEGIN metadata gate，非 64 位小写 hex `sha256`、与 `byteLength / 384 KiB` 不匹配的 `chunkCount`、超过 8 MiB profile 上限的声明都会在分配 transfer state 前失败；`include: ["tech"]` 的真实浏览器 smoke 证明未请求的 experience sections 不产生 profiler metadata，不返回 visual/layout/components/interaction/ux/assets 数据，并带对应 `section_not_requested` limitations。
+- Privacy：profile builder 和 profiler 对 URL hash/query、headers、文本摘要、截图元数据、token-like 字段做脱敏；嵌入在文本或 CSS 片段中的 `http(s)` URL 也会脱敏 query value 并移除 fragment；本轮新增 RED/GREEN 覆盖外部 profile 输入的对象键名和 `limitations` 文本，修复后敏感键名会脱敏并处理键名碰撞，externally supplied limitations 也走同一 redaction path；续审又补强 camelCase/compound token-like field names，`apiToken`、`sessionId`、`secretKey`、`bridgeToken` 这类字段名和值现在会在 profile builder 和 injected profiler 两侧同口径脱敏；background log sanitizer 现在覆盖普通错误、污染的 `Error.name`、cleanup warning 详情、Agent Bridge router 内部异常和注入失败 `details.reason`；Agent Bridge router 的异常 catch 路径对 bridge 响应只返回通用 `INVALID_REQUEST / Agent Bridge request failed.`，不会把 raw exception 中的 bridge URL query、nonce 或 token-like id 回传给本机 bridge；本地 JS/Python bridge 在接受扩展侧 failed status 时会清洗 error message/details 中的 URL query、fragment、token、nonce 和 authorization 字段后再进入 `publicStatus`；browser smoke 断言 profile 未包含 cookie、authorization、set-cookie、`token=secret` 或 `#frag` marker。
+- Settings fallback logging：`loadDetectorSettings()` 在 `chrome.storage.local` 不可用时仍保留 sync settings fallback 和 local opt-in fail-closed 行为，但 warning 详情现在通过 `sanitizeLogDetails`，不再把 raw `Error` 直接写入 background console。
+- Lifecycle：browser smoke 覆盖 target tab 关闭、bridge tab 关闭、Agent 取消、运行中关闭本机 Agent Bridge opt-in、通过 `chrome://extensions` 真实关闭浏览器扩展、通过 `chrome://extensions` reload unpacked 扩展、持久化 deadline 过期后的事件入口 reconciliation、service worker CDP target stop、`chrome.runtime.reload()` 中断、service worker 自然 idle eviction 后由 bridge 页面唤醒并完成 capture，以及单独 destructive smoke 覆盖 `chrome.storage.session.clear()` 后 reload；这些路径均未产生 fake profile，并验证 owned target tab 清理或不可见。
+- Cleanup observability：owned target tab 删除失败不再被 `cleanupTarget` 静默吞掉；失败会通过 `reportCleanupFailure('cleanupTarget', errorName)` 记录，且 warning details 会先经过统一日志脱敏，避免污染的错误名泄漏 bridge URL query、nonce 或 token-like id；failure 和 cancel 编排路径继续清理 `agent-capture-state` 与 bridge session。直接清理路径也会记录 `removeAgentCaptureState` / `clearBridgeSession` 失败，避免一个 cleanup 异常隐藏后续清理动作。
+- Release boundary：`dist/manifest.json` 无 `externally_connectable`；manifest source contract 固定扩展权限集合、content script 顺序/匹配范围和单一 `web_accessible_resources` 暴露面；`web_accessible_resources` 未暴露 `agent-skill`、bridge 脚本、repo-local JS bridge helper 源文件或 `experience-profiler.iife.js`；`dist/` 未包含 Python/test/agent-only 产物、local bridge server 入口或 repo-local JS bridge helper 源文件。发布 workflow 还会在检测到 Agent Bridge loopback content script 或 loopback web accessible resource 时要求维护者确认商店隐私披露：workflow_dispatch 必须设置 `agent_bridge_disclosure_confirmed=true`，release 事件必须在 release note 中包含 `- [x] Agent Bridge disclosure confirmed`，否则打包前失败。
+- Documentation：README、用户指南、配置指南、开发文档、隐私文档和 release 文档均写明默认关闭、本机 profile 级 opt-in、loopback trust boundary、同浏览器扩展 trust boundary、private-network 非浏览器级防火墙；`docs/config/index.md` 已把 Agent Bridge 从 sync 配置总述中拆出为 `chrome.storage.local` 例外。
+- Code quality：新增 `tests/agent-bridge-complexity.test.mjs` 固化 repo-local bridge helper 源文件 300 行预算；该测试先在 Python fallback `http_server.py: 326` 处失败，拆分通用 HTTP handler helper 后通过。本轮并发 profile POST 修复后又先复现 `http-server.mjs` 超过预算，随后把路由鉴权、profile read/write 和 commit helper 收敛到 handler 模块，当前 JS/Python bridge helper 均低于 300 行。
+- Storage boundary：新增 `tests/agent-capture-orchestration.test.mjs` 契约测试，覆盖 bridge session、agent capture state 和 active-tab tracker 的 `chrome.storage.session` 写入路径不会调用 `setAccessLevel`，不会把 `TRUSTED_AND_UNTRUSTED_CONTEXTS` 或 token 写入 session storage。
+- Startup env gate：JS `createBridgeServer({ env })` / `openBrowser()` 和 Python fallback `create_server(..., env=...)` / `open_browser()` 现在都会校验 browser-open 环境；`STACKPRISM_BROWSER_OPEN_COMMAND` 或 `STACKPRISM_BROWSER_OPEN_ARGS_JSON` 原始值含 NUL，或 `STACKPRISM_BROWSER_OPEN_ARGS_JSON` 解析后参数字符串含 NUL 时，直接拒绝为 `BRIDGE_INVALID_ENV`，不会绑定 server、生成 ready token 或进入 spawn。CLI 入口会在非法 `STACKPRISM_BRIDGE_PORT` 时先失败为 `BRIDGE_INVALID_ENV`，在配置端口已占用时先失败为 `PORT_IN_USE`，JS/Python 测试均锁定这些路径不会向 stdout 输出 ready JSON 或 API token material。非法 JSON、非数组和非字符串元素形式的 `STACKPRISM_BROWSER_OPEN_ARGS_JSON` 现在由 JS/Python capture API 契约测试锁定为 `BROWSER_OPEN_FAILED / invalid_open_args`，且 helper 级测试证明包含 `?`、`&`、空格、引号和 shell 元字符的 bridge URL 会作为最后一个独立 argv 传给 fake command。
+- Browser/profile routing：Chrome smoke 现在同时覆盖错误 profile 和正确 profile。`wrong-profile-extension-missing` 场景把 bridge 自动打开到未加载 StackPrism 的临时 Chrome profile，capture 最终失败为 `EXTENSION_NOT_CONNECTED`，profile endpoint 为 409，目标 probe 请求数为 0；主 smoke 中的 custom browser-open 场景则通过 `STACKPRISM_BROWSER_OPEN_COMMAND` / `STACKPRISM_BROWSER_OPEN_ARGS_JSON` 打开已加载扩展的 Chrome for Testing profile，并完成本地 fixture capture。
+
+## Findings
+
+### P1 - Plan Completion Remains Unproven For Several Live E2E Items
+
+`docs/superpowers/plans/2026-05-21-stackprism-agent-bridge-plan.md` 的 Task 10 要求覆盖一组真实浏览器和生命周期场景。当前 `docs/reviews/CR-AGENT-BRIDGE-E2E-2026-05-22.md` 已明确记录剩余风险，包括 incognito live behavior 已按计划跳过规则保留单元覆盖和原因说明、Chrome Web Store / Edge Add-ons update rollout、idle-driven service worker eviction、更广 live 资源压力矩阵，以及更广 DNS/private-network live matrix。`chrome.storage.session.clear()` 后 reload、运行中关闭本机 Agent Bridge opt-in、通过 `chrome://extensions` 真实关闭浏览器扩展、通过 `chrome://extensions` reload unpacked 扩展、当前 resolver rewrite 到 `198.18.0.12`，以及 JS/Python 对特殊用途地址段的离线 parity 子场景已在 2026-05-25 补充证据，不再只依赖泛泛单元覆盖；但这不能替代商店/签名包更新 rollout 或完整 DNS/private-network live matrix 验证。
+
+这些项不能用单元测试或“未发现问题”证明完成。发布前若要宣称整份计划完成，需要补 live 场景或在计划中明确降级为当前第一版不覆盖项。
+
+### P2 - External Publishing Gate Cannot Be Proven From Worktree Alone
+
+代码和文档已经加入 Chrome Web Store / Edge Add-ons 发布前隐私披露要求，并且发布 workflow 现在会在 Agent Bridge 进入 `dist/manifest.json` 后要求维护者做打包前披露确认：workflow_dispatch 需要 `agent_bridge_disclosure_confirmed=true`，release 事件需要勾选 `- [x] Agent Bridge disclosure confirmed`。这能阻止未确认披露就上传 release 资产，但商店后台隐私披露、数据用途说明、审核接受和 rollout 仍属于外部状态，当前 worktree 无法证明已经完成。发布 Agent Bridge 版本前仍需要人工核验 dashboard。
+
+### P2 - Some HTTP Resource Exhaustion Requirements Are Only Partially Exercised
+
+JS/Python bridge 已配置连接数、headers/request/keep-alive timeout，并测试了 request shell、oversized body、Python DNS timeout、慢 request body、慢 request headers 和配置级 active connection limit。JS bridge 已有显式 body/header timeout 关闭逻辑；本轮又补强 request body 超限契约，RED 先证明 JS `readJson()` 停止继续消费超限 body 但没有把关闭连接意图传给 HTTP 层，修复后 413 结果携带 `close: true` 并由响应层返回 `Connection: close`。Python fallback 已有 `close_connection = True` 的同口径测试。Chrome smoke 现在也覆盖了真实扩展运行中的首个并发门禁：已有 slow-fixture capture 时第二个 capture 返回 `429 / CAPTURE_BUSY`。新增 `sequential-capture-pressure` smoke 又覆盖同一 bridge/Chrome profile 下 4 轮连续真实 capture，每轮完成后 `/health.activeCaptures = 0` 且 owned target tab 已清理。新增 `connection-pressure` smoke 用真实 CLI bridge 默认配置持有 20 条半开 HTTP 连接，确认第 21 个 `/health` 请求被 `ECONNRESET` 而不是进入业务 routing，释放 1 条连接后 `/health` 恢复 200。新增 `resource-timeouts` smoke 用真实 CLI bridge 默认配置确认慢 header 在约 5 秒返回 `408 Request Timeout` 且不进入 `/health` 业务 body，随后 `/health` 恢复 200；慢 body `POST /v1/captures` 在约 10 秒返回 `408 Request Timeout`、不创建 capture，随后 `/health` 恢复 200 且 `activeCaptures = 0`；keep-alive `/health` 连接收到初始 200 后在默认 idle 窗口后被服务端关闭，随后新 `/health` 请求恢复 200。但计划中的更长时间负载、更广真实浏览器并发压力和完整资源耗尽矩阵仍没有完整 live 证据，因此不能宣称资源耗尽矩阵完全验证。
+
+### P3 - CodeRabbit Valid Low-Risk Findings Were Addressed
+
+本轮 `coderabbit review --prompt-only -t uncommitted` 返回 5 条：
+
+- 已修复：`src/utils/site-experience-guidance.ts` 对外部 profile label 和 limitations 进入 `agentGuidance.summary` 前新增脱敏、控制字符清理和长度限制，并新增回归测试。
+- 已修复：移除 `src/background/tab-store.ts` 中无意义的 `clearAgentCaptureTabSession` wrapper，`src/background/agent-capture-target.ts` 直接调用 `clearTabSession`。
+- 误报：`tests/stackprism-bridge.test.mjs` 当前只有一个 `rawHttp` 定义。
+- 已补强：`src/background/agent-capture-target.ts` 不再吞掉 owned target tab 删除失败；`src/background/agent-capture.ts` 直接清理调用点统一记录 `cleanupTarget`、`removeAgentCaptureState` 和 `clearBridgeSession` 失败后继续后续清理，新增回归测试覆盖 failure、cancel 和 state removal failure 路径。
+
+### P3 - 2026-05-25 CodeRabbit Follow-Up Valid Findings Were Addressed
+
+续跑 `cr review --prompt-only -t uncommitted` 返回 25 条。逐条核验后，已修复仍有效的问题：
+
+- content bridge config 非法 JSON 统一映射为 `INVALID_REQUEST`，避免 `SyntaxError` 泄漏到不一致路径。
+- content 侧收到 successful hello 但缺少必需 capability 时，现在在同源 failed status 中保留 `details.missingCapability`，并在打开 profile transfer port 或发送 `START_AGENT_CAPTURE` 前停止。
+- JS bridge 与 Python fallback 的 status phase monotonicity 不再只限 `running`，`waiting_extension` 等状态也不能倒退 phase。
+- JS bridge 对同一 capture 的 status 更新增加 per-capture lock，避免并发相同 sequence 同时通过 check-then-update。
+- 扩展侧 `START_AGENT_CAPTURE` 增加 start lock，避免并发 start 同时通过 active-capture 检查并打开多个 target。
+- `startAgentCapture` / `cancelAgentCapture` 在 reconciliation 前先检查 `chrome.storage.session` capability，缺失时 fail closed 为 `NOT_SUPPORTED / storageSession`。
+- `getAgentCaptureState()` 验证 session storage 中的状态对象，损坏或类型错位时清理对应 state/index 并返回 `null`。
+- profile transfer port disconnect cleanup、background runner rejection、content observer 注入失败和普通 background detection 失败均有脱敏日志，不再空 catch。
+- Python fallback `max_open_connections` 做正整数归一化；`captureKey()` 对分隔符做显式拒绝；browser smoke harness 在 ready JSON 解析失败时终止 bridge 子进程并清理 CDP page target。
+
+核验后跳过的建议：`content-injector` 和 `message-router` 的两条已被当前 diff 覆盖；JS bridge `CaptureStore({ baseUrl: "" })` 在 `listen()` resolve 前不可被 API 请求触达，且创建 capture 前会设置 `store.baseUrl`；`CaptureStore.create()` 当前是同步 check/set/openBrowser 流程，`openBrowser()` 使用 `spawnSync`，不存在异步 TOCTOU 窗口；Python body `Content-Type` 建议接受额外参数与计划中仅允许缺省或 `utf-8` charset 的约束不一致；cleanup errors 继续记录并尝试后续清理，不上抛覆盖原始 fail-closed 终态。
+
+第二轮 `cr review --prompt-only -t uncommitted` 收敛为 2 条。已修复有效项：`experience-profiler` 的 `boundingBoxes[].selector` 现在保留触发匹配的 selector，而不是退化为 tagName，并新增静态回归测试。跳过项：`tests/stackprism_bridge_py.test.mjs` 只有一个 `rawHttp` 定义；另一个同名 helper 位于 `tests/stackprism-bridge.test.mjs`，属于不同模块作用域。
+
+第三轮 `cr review --prompt-only -t uncommitted` 返回 5 条，均已核验。已修复有效项：Python fallback 非 UTF-8 JSON body 现在归一为 `400 INVALID_JSON`；content bridge config 的非数字 `protocolVersion` 现在 fail fast 为 `INVALID_REQUEST`；smoke harness 的 CDP WebSocket close/error 会 reject pending request，extension reload 触发失败会进入返回结果而不是空 catch；profile transfer port disconnect cleanup 改为由 onDisconnect 调用方记录脱敏上下文。
+
+第四轮 `cr review --prompt-only -t uncommitted` 返回 4 条。已修复有效项：Python fallback claim bridge token 时间戳改用 `CaptureStore.now()` 注入时钟；新建目标 tab 如果返回 incognito 会先清理该 tab 再返回 `INCOGNITO_NOT_SUPPORTED`；bridge session lock 清理从异步 `finally()` 回调改为同步检查删除，避免误删更新的 lock。跳过项：`experience-profiler` selector metadata 建议是 stale/误报，当前代码和测试都已验证保留 matched selector。
+
+### P3 - 2026-05-25 Local Continuation Audit Findings Were Addressed
+
+本轮本地继续审计又补强 4 个边界：
+
+- `loadAgentBridgeEnabled()` 在 `chrome.storage.local.get` 抛错时返回 disabled，避免本地 opt-in 读取失败后进入不确定状态。
+- `content` 侧 bridge config 不再接受字符串形式的 `protocolVersion`，非法 JSON 和非整数版本统一 fail fast 为 `INVALID_REQUEST`。
+- 普通检测路径不再把任意 `http://127.0.0.1:<port>/bridge` 页面视为 Agent Bridge 页面；只有带严格 `session`、`capture`、`nonce` query 的桥页才触发桥页隔离。
+- `site-experience-redaction` 会脱敏任意文本/CSS 片段里的嵌入式 URL query value 并移除 fragment，避免 profile 文本字段绕过 URL 字段脱敏。
+- Agent Bridge router 的 `AGENT_BRIDGE_HELLO`、`START_AGENT_CAPTURE` 和 `AGENT_CAPTURE_CONTROL` 异常兜底不再把 `String(error)` 写入 bridge 响应；内部异常进入统一后台脱敏日志，bridge 侧只收到通用错误。新增回归测试先构造包含 `token=secret`、`nonce=`、`/bridge?` 和 `spb_...` 的 storage 异常，再断言响应和日志均不包含这些敏感片段。
+- JS/Python bridge 底层 server factory 现在也执行 browser-open env 预检，避免绕过 CLI 入口直接创建 server 时先生成 token 或绑定端口。新增测试先证明 factory 接受 raw NUL 或 JSON escaped NUL 的 browser-open env，修复后分别返回 JS `BRIDGE_INVALID_ENV` throw 和 Python `ValueError.code = BRIDGE_INVALID_ENV`。
+- JS `openBrowser()` 直接调用路径现在也先执行同一 parsed browser-open args NUL 预检，避免 helper 被复用时把 `["bad\\u0000arg"]` 送进 `spawnSync` 后降级成 `spawn_failed`；Python `open_browser()` helper 同步保留该断言。
+- Browser smoke harness 现在用 `stopBridge()` 统一停止 JS bridge 子进程：先等待 SIGTERM/SIGKILL 后的进程退出，再轮询 `/health` 确认原端口不再响应。所有 smoke 场景 finally 都改为等待该清理路径，避免 E2E 结束后遗留本地 bridge 服务。
+- Browser smoke stdout 摘要不再输出 `apiTokenPrefix` 或任何 token 前缀；所有场景只保留 `apiTokenPresent` 布尔值，证明 ready JSON 已包含 token 字段但不泄露 token 片段。新增 `tests/agent-bridge-browser-smoke-output.test.mjs` 静态契约，禁止 smoke 输出和 harness helper 重新引入 `apiTokenPrefix`、`bridgeTokenPrefix` 或 `tokenPrefix`。
+
+本轮还尝试 `cr review --prompt-only -t uncommitted`；CLI 进入 limited/free 行为并长时间停在 `summarizing`，没有返回 findings，进程被终止，因此不作为有效外部审计证据。
+
+### P3 - Python Fallback Helper File Length Contract Was Tightened
+
+本轮复杂度扫描发现 `agent-skill/stackprism-site-experience/scripts/stackprism_bridge_lib/http_server.py` 超过计划中的 Python bridge helper 300 行预算。新增 `tests/agent-bridge-complexity.test.mjs` 后先观察到 RED：`http_server.py: 326`。随后将通用 JSON 响应、错误响应、鉴权、限流和 JSON body 读取 helper 提取到 `http_handler_base.py`，保留 `BridgeHandler` 路由职责、`DEFAULT_REQUEST_TIMEOUT_SECONDS` 模块级 patch 面和现有 Python fallback 行为。回归后 `http_server.py` 为 279 行，新增 helper 为 55 行，复杂度契约测试和 Python fallback 行为测试均通过。
+
+## Task 10 Coverage Matrix
+
+Task 10 当前共有 78 个 checklist 项。下面按验收主题归并当前证据强度；该矩阵用于避免把局部通过误写成整份计划完成。
+
+| Theme                                  | Plan Items                                                                                                                                                                                                     | Current Evidence                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   | Status                                        |
+| -------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------- |
+| 基础命令门禁                           | build:injected、test:unit、lint、prettier、typecheck、build、docs:build、JS/Python 语法检查、JS/Python bridge 专项测试                                                                                         | 审计记录已有本地执行结果；本轮新增运行中本机 opt-in 关闭、cleanup observability、复杂度、storage access-level、非 bridge loopback 零副作用、request envelope mismatch 后不启动 capture、content client request/status header contract、START_AGENT_CAPTURE forbidden sensitive fields fail-fast、Python preflight parity、JS/Python SIGTERM listener 关闭契约、污染 Error-name cleanup-log 脱敏契约、注入失败脱敏详情契约、content observer 注入失败和 observer 文件缺失显式终态契约、failed status error payload 脱敏与未知错误码拒绝契约、incognito bridge-tab 普通消息隔离契约、bridge API request isolation 契约、registered bridge API ordinary-message isolation 契约、manifest source contract、release workflow dist hygiene 契约、detector settings warning redaction 契约、extension lifecycle wake recovery 契约、AGENT_BRIDGE_HELLO storageSession 缺失诊断和 START_AGENT_CAPTURE required capabilities 缺失 fail-closed 契约；续审新增 content config JSON 错误、content hello capability missing detail、并发 start、并发 status、损坏 storage state、storageSession 缺失入口、非 running phase 回退和 profiler selector metadata 契约；最终本地续审新增 strict bridge URL 判定、local opt-in 读取失败 fail-closed、整数 `protocolVersion`、嵌入 URL 脱敏、router 异常脱敏、底层 factory env gate、CLI 非法端口和端口占用 ready gate、cross-site `/bridge` token render gate、profile transfer hash-binding、BEGIN metadata gate、request envelope strict shape、start rejection cleanup、compound token-like redaction、keep-alive idle smoke evidence contract、rate-limit smoke evidence contract、JS/Python `/profile` endpoint rate-limit 单元契约，以及 content client 在 `chrome.extension.inIncognitoContext === true` 时先返回 `INCOGNITO_NOT_SUPPORTED` 且不读取 `/request`、不发送 `AGENT_BRIDGE_HELLO` 或 `START_AGENT_CAPTURE` 的单元契约、background response-started API 缺失时 network observer 保持 inactive、JS/Python `targetNetworkAddress` 非 IP 字面量拒绝契约、profile language/UX 字段契约、fixture-backed default smoke 契约、bridge 页面截图弹窗焦点陷阱和 Settings 确认弹窗焦点恢复契约后，最新 `pnpm run test:unit` 为 248 tests passed                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              | Proven locally                                |
+| Bridge API semantics and rate limiting | create/status/profile/control API、auth scope、query/create rate limit、busy ordering、no silent queue                                                                                                         | JS/Python 单元测试覆盖低阈值 create 和 query rate limit；新增 `rate-limit` live smoke 使用真实 CLI JS bridge 默认 production 阈值，确认默认 create limit 10：第 1 次 create 返回 200，第 2 到第 10 次在已有 active capture 下返回 `429 / CAPTURE_BUSY`，第 11 次 create 在 body 解析和队列前返回 `429 / RATE_LIMITED`；默认 query limit 120：同一 capture 的 120 次 authenticated status reads 返回 200，第 121 次返回 `429 / RATE_LIMITED`；新增 `profile-rate-limit` live smoke 使用独立真实 CLI JS bridge 确认默认 query limit 也覆盖 `/profile`：120 次 profile reads 到达 profile endpoint 并返回未完成 capture 的 `409 / INVALID_REQUEST`，第 121 次返回 `429 / RATE_LIMITED`；target request count 0，cleanup DELETE 200，bridge stderr 为空                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                | Proven by tests plus live smoke               |
+| Bridge 启动与环境错误                  | ready JSON、port 占用、非法端口、NUL browser env、非法 browser args                                                                                                                                            | JS/Python 专项测试覆盖 `PORT_IN_USE`、`BRIDGE_INVALID_ENV`、`BROWSER_OPEN_FAILED`，并检查非法端口和端口占用路径不会向 stdout 伪造 ready JSON 或泄漏 API token material                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             | Proven by automated tests                     |
+| 主链路 smoke                           | 加载 `dist/`、启动 JS bridge、创建 capture、轮询 profile、真实 fixture、真实复杂站点、非默认浏览器/profile 路由                                                                                                | Chrome for Testing smoke 覆盖本地 fixture、custom browser-open、profile schema 和错误 profile fail-closed 路径；新增 wrong-profile smoke 覆盖 bridge 自动打开到未安装扩展的临时 Chrome profile 时返回 `EXTENSION_NOT_CONNECTED` 且不触达目标 probe，主 smoke 的 custom-open 路径覆盖指定正确 Chrome profile 后可握手并完成 fixture capture；报告记录浏览器版本与 dist 路径。2026-05-26 新增 `public-complex-target` smoke 捕获 `https://www.wikipedia.org/`，当前 resolver 输出 `198.18.0.19`，场景显式使用 `allowPrivateNetworkTarget = true`，profile HTTP 200、schema/capture id/final URL 匹配、visual/layout/component profile keys 非空、无截图 payload、无 checked privacy leak markers、bridge stderr 为空；默认 smoke 已切换为 fixture-backed local capture；`https://example.com` 只作为历史环境问题记录，当前不再作为默认成功路径                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       | Proven locally with explicit DNS-proxy caveat |
+| 终态、并发和取消语义                   | terminal DELETE、running DELETE、cancel control、completed control、late status、target/bridge tab close、maxConcurrentCaptures                                                                                | JS/Python 测试覆盖终态 DELETE、completed control 返回 `cancel`、stale update、`CAPTURE_BUSY`、extension connect timeout 后 `/bridge` 不渲染 token，以及 completed result TTL 过期后 profile endpoint 和 `/bridge` 均返回 `CAPTURE_RESULT_EXPIRED` 且不渲染 bridge token；Chrome smoke 覆盖 running DELETE、owned target cleanup、target tab close、bridge tab close，以及运行中 slow capture 下第二个 capture 返回 `429 / CAPTURE_BUSY`；新增 sequential pressure smoke 在同一 bridge/Chrome profile 连续完成 4 轮真实 capture，逐轮断言 profile HTTP 200、`/health.activeCaptures = 0`、owned target tab 不再可见；新增 `result-expiry-bridge-page` smoke 在真实 Chrome fixture capture 完成后推进 in-process JS bridge 时钟，验证 profile endpoint 返回 `410 / CAPTURE_RESULT_EXPIRED`，原 `/bridge` URL 返回 410 且不含 bridge token material；单元测试覆盖 owned target cleanup 删除失败和 state/session cleanup 删除失败时可观测且不阻断后续清理                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              | Proven by tests plus smoke                    |
+| HTTP resource pressure                 | maxOpenConnections、headers/body/keep-alive timeout、慢 body/header、超大 body、资源耗尽不进入业务 routing                                                                                                     | JS/Python 单元测试覆盖默认 resource policy、慢 body/header timeout、configured active connection limit、超大 body、request shell 和 SIGTERM/stdin EOF shutdown；本轮新增 JS reader RED/GREEN，确认 request body 超限后停止继续消费并返回 `close: true`，响应层会带 `Connection: close`，Python fallback 已有 `close_connection = true` 契约；新增 `connection-pressure` smoke 使用真实 CLI JS bridge 默认配置持有 20 条半开 HTTP 连接，确认第 21 个 `/health` 请求被 `ECONNRESET` 而不是进入业务 routing，释放 1 条连接后 `/health` 恢复 200，bridge stderr 为空；新增 `resource-timeouts` smoke 使用真实 CLI JS bridge 默认配置确认慢 header 在约 5 秒返回 `408 Request Timeout` 且不进入 `/health` 业务 body，随后 `/health` 恢复 200；慢 body `POST /v1/captures` 在约 10 秒返回 `408 Request Timeout`、不创建 capture，随后 `/health` 恢复 200 且 `activeCaptures = 0`；keep-alive `/health` 连接收到初始 200 后在默认 idle 窗口后被服务端关闭，随后新 `/health` 请求恢复 200，bridge stderr 为空；新增 `request-shell-rejections` smoke 使用真实 JS bridge 拒绝 19 类原始 request-shell / ambiguous header 请求，目标 probe request count 0，拒绝后 `/health` 恢复 200，cleanup DELETE 200，bridge stderr 为空                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                | Targeted live evidence plus tests             |
+| Service worker / extension lifecycle   | service worker target close、runtime reload、storage session clear、deadline reconciliation、extension update/user disable、idle-driven worker eviction、browser-managed update lifecycle                      | Chrome smoke 覆盖 CDP service worker target close、`chrome.runtime.reload()`、本机 opt-in 关闭、通过 `chrome://extensions` 真实关闭浏览器扩展、通过 `chrome://extensions` reload unpacked 扩展、`chrome.storage.session.clear()` + reload、service worker 自然 idle eviction 后由 bridge 页面唤醒并完成 capture，以及持久化 deadline 过期后的事件入口 reconciliation。2026-05-26 复核发现旧 expired-deadline smoke 在 slow target 下可能仍处于 `target_opening`，该阶段契约应为 `TARGET_LOAD_TIMEOUT`；已修正 harness 改为普通 fixture + `waitMs: 30000`，等待持久化 state 达到 `target_loaded` 后再回拨 `deadlineAt`，端口 9648 真实 Chrome rerun 返回 `CAPTURE_TIMEOUT`、profile 409、owned target tab 清理。unit tests 覆盖恢复/reconciliation，并固定 `onInstalled` lifecycle wake 会重新注入 observer、触发未完成 Agent capture fail-closed recovery、清理 owned target；两次运行中 idle best-effort probe 均未让 Chrome 在 active capture 中自然移除 service worker，最新端口 9650 仍显示 worker visible after 75s，随后 capture 以 `TARGET_LOAD_TIMEOUT` fail closed 并清理目标；Chrome Web Store / Edge Add-ons update rollout 和运行中 idle eviction 仍缺少真实浏览器触发证据                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             | Partially proven; live gaps remain            |
+| Target policy and target failures      | final URL blocked、private network、DNS fail closed、redirect/final URL、target load fail/timeout/navigation away/injection fail、active tab/reuse query matching、incognito                                   | JS/Python bridge policy tests和 background orchestration tests 覆盖这些错误码与清理语义；policy tests 使用同一 fixture 锁定 `198.18.0.12`、IPv4/IPv6 special-use address、Python `ipaddress` public exception 和 IPv4-mapped IPv6 行为；扩展编排测试覆盖注入失败返回 `TARGET_INJECTION_FAILED` 且 `details.reason` 不泄漏敏感 query、fragment、nonce 或 token-like id，也覆盖 content observer 注入抛错或 manifest 缺失 observer 文件时不会被普通检测静默吞掉；Chrome smoke 覆盖本地 fixture、private target opt-in、未开启 `allowPrivateNetworkTarget` 时私网初始 URL 创建阶段拒绝且目标 request count 为 0、current resolver rewrite 到 `198.18.0.12` 时创建阶段拒绝、真实 resolver `ENOTFOUND` 时创建阶段拒绝为 `TARGET_DNS_LOOKUP_FAILED / dns_lookup_failed` 且 active captures 归零、`bridge-self-target-blocked` 确认当前 bridge origin 和 `localhost` alias 初始目标均返回 `BRIDGE_SELF_TARGET_BLOCKED` 且 active captures 归零、允许初始 URL 经 302 重定向到 bridge origin 后被拒绝为 `FINAL_URL_BLOCKED / invalid_final_url`、公网 IP 字面量初始 URL 经本机 HTTP proxy 真实重定向到 `127.0.0.1` final URL 后被拒绝为 `FINAL_URL_BLOCKED / private_network_address`、公网 IP 字面量初始 URL 经 proxy 真实重定向到 `stackprism-browser-smoke.invalid` final URL 后按当前 resolver 拒绝为 `FINAL_URL_BLOCKED / private_network_address`、公网 IP 字面量初始 URL 经 proxy 真实重定向到 oversized-label hostname final URL 后按当前 resolver 拒绝为 `FINAL_URL_BLOCKED / dns_lookup_failed`、`target-url-validation` 真实 CLI smoke 覆盖 unsupported protocol、credential URL、loopback private target 和 bridge self-target 均在创建阶段 fail closed，且 `activeCaptures = 0`、target request count 0、bridge stderr 为空、`target_loaded` 后目标 tab 导航离开时拒绝为 `TARGET_NAVIGATED_AWAY`、目标 main-frame load failure 拒绝为 `TARGET_LOAD_FAILED`、目标 load timeout 拒绝为 `TARGET_LOAD_TIMEOUT`，以及真实浏览器中的 `reuse_or_new_tab` / `active_tab` query 边界；新增 `active-tab-unavailable` smoke 在新鲜 Chrome profile 无上一张可检测 active tab 记录时返回 `ACTIVE_TAB_UNAVAILABLE`、profile 409、target request count 0 且未打开目标 URL；targetMode query live smoke 还覆盖 `keepTabOpen=true` 的 `reuse_or_new_tab` query 边界：同 origin/path 但 query 不同的既有 tab 被保留，并保留插件新建目标 tab 到场景清理阶段，smoke 输出包含 `keepTabOpenWasTrue` 与 `keptNewTargetTabId`；incognito probe 已确认临时 profile 可启用 unpacked 扩展无痕权限且同 profile 重启后保持，但 CDP incognito context 未加载扩展 content script；`--incognito` 窗口路径 probe 也未加载扩展 content script。两条 live probe 均以 `EXTENSION_NOT_CONNECTED` fail closed、profile 409、目标 request count 0 作为按计划跳过证据；content-client `chrome.extension.inIncognitoContext === true` 的精确 `INCOGNITO_NOT_SUPPORTED` 分支已由单元测试证明不读取 `/request` 且不发送 capture runtime message，但 exact live metadata path 仍受当前 Chrome for Testing 自动化限制未触发 | Mostly automated plus targeted smoke          |
+| Profile privacy and transfer           | cookie/header/query/hash/token 脱敏、truncation limitations、大 profile 分片、缺片、ack/hash/session/nonce 错误、重复/超大 profile、并发 profile POST 一次性提交、`["tech"]` include、screenshot metadata 开关 | Unit tests 覆盖 transfer 错误矩阵、schema/limitations、metadata 开关和 JS/Python 同一 capture 并发 profile POST 只能一个成功；Chrome smoke 覆盖隐私 marker、大 profile 多片、metadata true/false 无截图像素 payload，以及 `include: ["tech"]` 时 visual/layout/components/interaction/ux/assets 均为空、带 `section_not_requested` limitation 且无 profiler metadata                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               | Proven by tests plus smoke                    |
+| Bridge isolation and storage boundary  | bridge tab 不污染 popup/cache/badge/header/dynamic snapshot、普通 runtime message 隔离、popup/options 不能读取 bridge tab 或伪造 tabId、`chrome.storage.session` access level                                  | Unit tests和 message-router/bridge-session contracts 覆盖普通检测排除、非 bridge loopback 页零副作用退出、sender tab 匹配、AGENT_BRIDGE_HELLO storageSession 缺失时返回 `NOT_SUPPORTED / details.missingCapability`、START_AGENT_CAPTURE required capabilities 缺失时返回 `NOT_SUPPORTED` 且不解析/打开目标 tab、START_AGENT_CAPTURE 携带 `bridgeToken`、callback URL 或 profile wrapper 时返回 forbidden `INVALID_REQUEST` 且不解析/打开目标 tab、incognito bridge URL 仍按 bridge tab 拒绝普通检测缓存读取、registered bridge API tab 不能通过普通 runtime、popup/options 或普通 background detection 读取/触发检测缓存、bridge-tab `/v1/captures/*` 的 `webRequest` header merge 与 `webNavigation` throttle reset 跳过、普通本地 `/v1/captures/*` API 仍保留 header/log evidence、token 不持久化、storage session 不可用 fail closed，以及 Agent Bridge 相关 session storage 写入不调用 `setAccessLevel` 放宽给 untrusted contexts                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             | Proven by automated tests                     |
+| HTTP and bridge page security          | one-time token render、cross-site render、iframe embedding、host/header/request-shell/preflight 拒绝、no-store/nosniff/no-referrer、CSP nonce、XFO/COOP/Permissions-Policy、反射防护、profile 越权             | JS/Python HTTP tests 覆盖 request-shell、headers、CSP、nonce、反射和 scope；request-shell 现在明确覆盖 missing Host、absolute-form 和 `CONNECT` authority-form，JS/Python 均返回 JSON `400 / INVALID_REQUEST` 而不是空响应或标准库 HTML；Python fallback preflight `Allow` 头与 JS 行为对齐；JS/Python 均覆盖真实 `bridgeUrl` 的跨站 `Referer` 和 `Sec-Fetch-Site: cross-site` 请求在 token render 前返回 403 且不消耗一次性 token；Chrome smoke 覆盖 cross-site render、first/second render、terminal render no-token，并新增 `bridge-iframe-blocked` 真实浏览器场景，证明攻击页 iframe 尝试后未在父 DOM 或 frame 文档暴露 bridge token，也未消耗 `/bridge` 首次顶层 token render；新增 `host-validation` smoke 在真实 JS bridge 进程上覆盖 `/health`、`/bridge` 和 Bearer endpoint 的 Host 校验，错误 Host 不进入 token render 或业务鉴权路径；新增 `response-headers-cors` smoke 在真实 JS bridge 进程上覆盖 JSON endpoint 安全头、profile no-referrer、preflight 无 CORS allow header，以及 Origin/Referer/Sec-Fetch 跨站拒绝                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  | Proven by tests plus smoke                    |
+| Trust boundary documentation           | private-network、loopback/local process、same-profile extension trust boundary                                                                                                                                 | E2E 和开发/隐私/用户文档已记录边界，明确不是浏览器级防火墙，也不防同机恶意进程或同 profile 恶意扩展                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                | Documented                                    |
+| Release and cleanup hygiene            | bridge 进程退出、`__pycache__` 清理、`dist/` hygiene、manifest 无 `externally_connectable`、WAR 不暴露 agent-only 路径、diff whitespace/status                                                                 | JS/Python bridge 子进程已有 stdin EOF 和 SIGTERM listener 关闭测试；browser smoke harness 现在在每个场景 finally 中等待 bridge 子进程退出并确认 `/health` 端口关闭，`tech-only` live smoke 已验证该清理路径；manifest source contract 固定允许权限集合、普通 observer 与 bridge content script 的匹配范围/顺序、以及单一 WAR 资源集合；release workflow 现在显式拒绝 `web_accessible_resources` 或 `dist/` 中出现 repo-local JS bridge helper 源文件、本地 bridge server 入口、Python fallback、agent skill、tests、`docs/superpowers` 和 `__pycache__`，并拒绝嵌套在 asset 路径下的 agent-only 目录；新增测试会实际执行 workflow inline hygiene 脚本，覆盖 release gate 顺序、clean dist 通过、`externally_connectable`、污染 dist/WAR、嵌套 agent-only 目录失败；计划中的 commit 未执行                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          | Local hygiene staged; commit pending          |
+| External publishing                    | Chrome Web Store / Edge Add-ons privacy disclosure、release note、商店后台数据用途                                                                                                                             | 只能由外部商店后台状态证明，当前 worktree 无法证明                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 | Not provable from worktree                    |
+
+## Verification Run
+
+本轮重新执行并通过：
+
+- `pnpm run test:unit`：163 tests passed，包含新增的扩展 `onInstalled` lifecycle wake recovery 测试、运行中本机 Agent Bridge opt-in 关闭 fail-closed 测试、关闭动作不被 badge refresh 延迟的入口测试、owned target cleanup 删除失败和 state/session cleanup 删除失败可观测且不隐藏后续清理动作的回归测试、污染 `Error.name` 不泄漏 bridge URL query、nonce 或 token-like id 的 cleanup warning 脱敏测试、注入失败返回脱敏 `details.reason` 的编排测试、content observer 注入失败和 observer 文件缺失显式返回 `TARGET_INJECTION_FAILED` 的编排测试、AGENT_BRIDGE_HELLO 在 storageSession 缺失时返回 `NOT_SUPPORTED / details.missingCapability` 的握手测试、request endpoint 返回错误绑定信息时 bridge content client 同源 POST `BRIDGE_REQUEST_MISMATCH` 且不发送 `AGENT_BRIDGE_HELLO` 或 `START_AGENT_CAPTURE` 的握手测试、START_AGENT_CAPTURE required capabilities 缺失时返回 `NOT_SUPPORTED` 且不解析或打开目标 tab 的编排测试、START_AGENT_CAPTURE 含 `bridgeToken`、callback URL 或 profile wrapper 时返回 forbidden `INVALID_REQUEST` 且不解析或打开目标 tab 的编排测试、failed status error payload 不泄漏 apiToken, bridgeToken, nonce, URL query 或 fragment 且未知错误码不会终态化 capture 的 JS/Python bridge 契约测试、incognito bridge-tab 普通消息隔离测试、bridge API request isolation 测试、registered bridge API tab 普通 runtime/popup/background detection 隔离测试、非 bridge loopback 页零副作用退出契约测试、Python fallback preflight `Allow` 头 parity 断言、JS/Python bridge SIGTERM 后关闭 listener 的子进程测试、Agent Bridge helper 300 行复杂度契约测试、storage session access-level 不放宽给 untrusted contexts 的契约测试、manifest source contract、release workflow dist hygiene 契约测试，以及 detector settings warning redaction 契约测试。续审新增覆盖坏 bridge config JSON、非 running phase 回退、同一 capture 并发 status 序列化、并发 start 串行化、损坏 session storage state 清理、storageSession 缺失入口和 profiler selector metadata。
+- `node --test --test-timeout=60000 tests/agent-bridge-manifest.test.mjs`：2 tests passed，固定允许的扩展权限集合、`host_permissions`、普通 observer 与 Agent Bridge content script 的顺序、匹配范围和 `run_at`，并固定单一 `web_accessible_resources` 资源集合，防止 `externally_connectable`、`localhost` bridge 匹配、agent-only profiler、repo-local bridge helper、Python fallback 或测试路径进入 manifest 暴露面。
+- `node --test --test-timeout=60000 tests/release-workflow.test.mjs`：RED 阶段先失败于 release workflow 只阻止顶层 bridge 入口脚本，没有显式阻止 `capture-store.mjs` 等 repo-local JS bridge helper 源文件进入 `dist/`；抽取 `agentOnlySourceFiles` 并复用于 `web_accessible_resources` 和 `dist/` 扫描后，4 tests passed。2026-05-25 续审把该文件扩展到 7 tests passed，新增覆盖 release gate 顺序必须在打包前执行、`externally_connectable` manifest 被拒绝、以及 `dist/assets/agent-skill/` 这类嵌套 agent-only 目录被拒绝。
+- `node --test --test-timeout=60000 tests/agent-capture-orchestration.test.mjs`：RED 阶段先失败于 `TARGET_INJECTION_FAILED` 没有 `details.reason`；修复后 37 tests passed，并覆盖含敏感 URL query、nonce、fragment 和 token-like id 的 `chrome.scripting.executeScript` 错误不会进入状态 payload。
+- `node --test --test-timeout=60000 tests/agent-capture-orchestration.test.mjs`：RED 阶段先失败于 incognito bridge URL 未被 bridge-tab helper 识别，导致普通 `GET_POPUP_RESULT` 消息没有在读取检测缓存前被 bridge sender guard 拒绝；移除 helper 中的 incognito 排除后 38 tests passed。
+- `node --test --test-timeout=60000 tests/agent-capture-orchestration.test.mjs`：RED 阶段先失败于 bridge-tab `/v1/captures/*` navigation commit 仍进入普通 `webNavigation` detection path；修复后 40 tests passed。当前实现只在 bridge tab 或已登记 bridge session origin 匹配时跳过 `/v1/captures/*`，普通本地同路径 API 仍会保留 header evidence 与普通 navigation log。
+- `node --test --test-timeout=60000 tests/agent-capture-orchestration.test.mjs`：RED 阶段先失败于已登记 bridge API tab 仍可通过普通 `GET_POPUP_RESULT`、popup/options `GET_HEADER_DATA` 或 `START_BACKGROUND_DETECTION` 读取/触发普通检测路径；修复后 43 tests passed。当前 message-router 在普通消息分支里同时使用 session-aware sender guard 和 popup target guard，`START_BACKGROUND_DETECTION` 也只在守卫通过后返回成功。
+- `node --test --test-timeout=60000 tests/background-logging.test.mjs`：RED 阶段先失败于污染的 `Error.name` 仍保留 `token=secret`，并且 `reportCleanupFailure` 的 `console.warn` 详情同样保留 raw bridge URL query 和 token-like id；修复后 2 tests passed，覆盖 `sanitizeLogDetails` 和 cleanup warning 两条日志路径。
+- `node --test --test-timeout=60000 tests/stackprism-bridge.test.mjs`：31 tests passed，包含 hostile query/fragment 和 terminal error message 不反射、bridge URL 只含 `session` / `capture` / `nonce` query 且不含 API/bridge token、failed status error payload 脱敏、failed status 未知错误码拒绝、strict request-shell 拒绝矩阵、status/request/control/profile 响应头契约、`/bridge` HTML header/CSP 契约、stdin EOF 和 SIGTERM listener 关闭、`completed`、`failed`、`cancelled`、`expired` 终态 DELETE 均返回 409 且不改写状态，以及扩展后的 URL policy fixture。新增 failed status 脱敏断言在 RED 阶段先失败于 API token 原样回传，随后 JS bridge 存储前清洗 error code/message/details 后通过；新增未知错误码断言先失败于 `MADE_UP_ERROR` 被接受，随后 JS bridge 在状态变更前拒绝并保持 capture 非终态。
+- `node --test --test-timeout=60000 tests/stackprism_bridge_py.test.mjs`：35 tests passed，包含同一组 bridge page 反射防护、bridge URL 只含 `session` / `capture` / `nonce` query 且不含 API/bridge token、failed status error payload 脱敏、failed status 未知错误码拒绝、strict request-shell 拒绝矩阵、preflight `Allow` 头 parity、响应头契约、`/bridge` HTML header/CSP 契约、首次 `/bridge` 渲染 token 后第二次同 URL 返回 409 且不含 `bridgeToken`、stdin EOF 和 SIGTERM listener 关闭、终态 DELETE 契约，以及同一组扩展后的 URL policy fixture。Python fallback 的 URL policy fixture 现在明确覆盖混合公网/私网 DNS 答案、resolver 异常和空解析结果都 fail closed。新增 failed status 脱敏断言在 RED 阶段先失败于 API token 原样回传，随后 Python fallback 与 JS bridge 同口径清洗后通过；新增未知错误码断言先失败于 `MADE_UP_ERROR` 被接受，随后 Python fallback 在状态变更前拒绝并保持 capture 非终态。
+- `node --test --test-timeout=60000 tests/stackprism-bridge.test.mjs tests/stackprism_bridge_py.test.mjs`：66 tests passed，包含 shared `nonGlobalHostname`、`specialUseHostname`、`specialUseIpv6Hostname` 和 `publicSpecialUseExceptionHostname` fixtures，以及 JS/Python bridge URL query/token 暴露面断言。fixtures 使用假 resolver 返回 `198.18.0.12`、IPv4 documentation/reserved/unspecified ranges、IPv6 documentation/translation/discard/6to4/special ranges 和 Python `ipaddress` public exceptions，锁定 JS/Python 均返回一致的 `PRIVATE_NETWORK_TARGET_BLOCKED / private_network_address` 或放行语义。
+- `node --test --test-timeout=60000 tests/agent-bridge-complexity.test.mjs`：RED 阶段先失败于 Python fallback `http_server.py: 326` 超出 300 行预算；拆分后重新执行通过，1 test passed。
+- `node --test --test-timeout=60000 tests/agent-bridge-complexity.test.mjs tests/stackprism_bridge_py.test.mjs`：36 tests passed，覆盖复杂度契约和 Python fallback HTTP/API 行为回归。
+- `node --test --test-timeout=60000 tests/site-experience-profile.test.mjs`：RED 阶段先失败于 `chrome.storage.local` 不可用时 `loadDetectorSettings()` 直接把 raw `Error` 传给 `console.warn`；修复后 15 tests passed，证明 warning 详情已脱敏且 sync settings fallback 与 local opt-in fail-closed 行为仍保持。
+- `node --test --test-timeout=60000 tests/agent-capture-orchestration.test.mjs`：51 tests passed，新增 forbidden sensitive fields 测试先失败于 `bridgeToken`、callback URL 和 profile wrapper 被泛化为 unknown fields；校验顺序修复后，三者均返回 forbidden `INVALID_REQUEST`，不会解析或打开目标 tab，也不会创建 capture state。该文件还包含 storage session access-level 不放宽、START_AGENT_CAPTURE required capabilities 缺失时返回 `NOT_SUPPORTED` 且不解析或打开目标 tab、token 不持久化、target/bridge tab lifecycle、deadline reconciliation、active-tab query matching、incognito 拒绝、incognito target orphan-tab cleanup、incognito bridge-tab 普通消息隔离、bridge API request isolation、registered bridge API tab 普通 runtime/popup/background detection 隔离、content observer 注入失败和 observer 文件缺失显式终态、运行中本机 opt-in 关闭、extension lifecycle wake recovery、fail-closed cleanup、owned target cleanup 删除失败可观测性、cancel status post 失败可观测性，以及 state removal 失败仍继续 bridge session 清理。
+- `node --test --test-timeout=60000 tests/agent-capture-orchestration.test.mjs`：2026-05-25 start rejection cleanup follow-up 先以 RED 证明 unknown top-level `START_AGENT_CAPTURE` payload 返回 `INVALID_REQUEST` 后仍残留 registered bridge session；修复后 53 tests passed，覆盖目标解析前的早期拒绝会清理 bridge session，且 forbidden sensitive fields 仍不会解析或打开目标 tab，也不会创建 capture state。
+- 追加 start rejection cleanup follow-up 后重新执行 changed-file Prettier check、`pnpm run test:unit`、`pnpm run docs:build`、`git diff --check`、`git diff --cached --check` 和 repo-local `__pycache__` cleanup check：均通过；`pnpm run test:unit` 最新为 180 tests passed。
+- 追加 compound token-like redaction follow-up 后，RED 阶段先失败于 `apiToken=...`、`sessionId=...`、`secretKey=...` 和 `bridgeToken=...` 这类敏感字段名仍可出现在 profile 序列化结果；修复后 profile builder 与 injected profiler 共用更宽的 token-like key 口径。`node --test --test-timeout=60000 tests/site-experience-profile.test.mjs` 为 16 tests passed，`node --test --test-timeout=60000 tests/experience-profile-format.test.mjs tests/site-experience-profile.test.mjs tests/agent-capture-orchestration.test.mjs` 为 73 tests passed，`pnpm run test:unit` 为 180 tests passed。
+- 追加 request body over-limit close follow-up 后，RED 阶段先失败于 JS `readJson()` 超限返回缺少 `close` 标记；修复后 JS reader 在停止继续消费超限 body 时返回 `close: true`，响应层会带 `Connection: close`。`node --test --test-timeout=60000 tests/stackprism-bridge.test.mjs` 为 37 tests passed，`node --test --test-timeout=60000 tests/stackprism_bridge_py.test.mjs` 为 38 tests passed，覆盖 JS/Python body 超限和资源策略口径。
+- `node --test --test-timeout=60000 tests/agent-bridge-handshake.test.mjs`：14 tests passed，新增覆盖 content client 在非 `/bridge` 的 loopback 页面 import 后不读取 DOM config、不 fetch、不注册 window lifecycle listener、不发送 runtime message，并覆盖 request envelope 绑定信息不一致时同源 POST `failed / BRIDGE_REQUEST_MISMATCH` 且不发送 `AGENT_BRIDGE_HELLO` 或 `START_AGENT_CAPTURE`；同一 import-time 测试断言 request GET 带 `Authorization: Bearer {bridgeToken}`，status POST 带 `Authorization: Bearer {bridgeToken}` 和 `Content-Type: application/json`；还覆盖 storageSession 缺失时 hello 返回 `NOT_SUPPORTED / details.missingCapability`。
+- 追加 content hello capability detail follow-up 后，RED 阶段先失败于 successful hello 返回缺失 `profileChunkTransport` 时，content 侧同源 failed status 只有 `NOT_SUPPORTED`，没有 `details.missingCapability`。修复后该路径会在打开 profile transfer port 或发送 `START_AGENT_CAPTURE` 前停止，并上报 `missingCapability = "profileChunkTransport"`。`node --test --test-timeout=60000 tests/agent-bridge-handshake.test.mjs` 为 17 tests passed。
+- `node --test --test-timeout=120000 tests/agent-capture-orchestration.test.mjs tests/agent-bridge-handshake.test.mjs`：62 focused extension orchestration and bridge handshake tests passed。
+- `node --test --test-timeout=120000 tests/agent-bridge-handshake.test.mjs tests/agent-capture-orchestration.test.mjs`：66 focused extension orchestration and bridge handshake tests passed；新增覆盖 Agent Bridge router 内部异常不会通过响应或后台日志泄漏 bridge URL query、nonce 或 token-like id。
+- `node --test --test-timeout=120000 tests/stackprism-bridge.test.mjs tests/stackprism_bridge_py.test.mjs tests/agent-bridge-handshake.test.mjs tests/site-experience-profile.test.mjs tests/agent-capture-orchestration.test.mjs`：143 focused Agent Bridge tests passed。
+- `node --test --test-timeout=60000 tests/site-experience-profile.test.mjs tests/agent-capture-orchestration.test.mjs`：63 tests passed。
+- `node tests/agent-bridge-browser-smoke.mjs`：Chrome for Testing 147.0.7727.15，加载 `/Volumes/Work/code/stackprism-1.3.70/dist`，主链路和 lifecycle smoke 通过；disabled local opt-in 场景的 probe target 请求数为 0。
+- `STACKPRISM_BROWSER_SMOKE_SCENARIO=cleared-storage-session node tests/agent-bridge-browser-smoke.mjs`：Chrome for Testing 147.0.7727.15，加载同一 `dist`，运行中 capture 在 `chrome.storage.session.clear()` 后 `chrome.runtime.reload()`，Agent 看到 `failed / BRIDGE_TRANSPORT_DISCONNECTED`，profile endpoint 返回 409，owned target tab 不再可见，bridge stderr 为空。
+- `STACKPRISM_BROWSER_SMOKE_SCENARIO=local-opt-in-disabled STACKPRISM_BROWSER_SMOKE_CDP_PORT=9476 node tests/agent-bridge-browser-smoke.mjs`：Chrome for Testing 147.0.7727.15，加载同一 `dist`，运行中 capture 在 `chrome.storage.local.stackPrismSettings.agentBridgeEnabled = false` 后失败为 `AGENT_BRIDGE_DISABLED`，profile endpoint 返回 409，owned target tab 不再可见，bridge stderr 为空。该证据只覆盖本机 profile 设置关闭，不覆盖浏览器级扩展禁用或更新。
+- `STACKPRISM_BROWSER_SMOKE_SCENARIO=browser-extension-disabled STACKPRISM_BROWSER_SMOKE_CDP_PORT=9483 node tests/agent-bridge-browser-smoke.mjs`：Chrome for Testing 147.0.7727.15，加载同一 `dist`，运行中 capture 通过 `chrome://extensions/?id=<extension-id>` 将当前 unpacked StackPrism 扩展从 enabled 切换为 disabled；Agent 看到 `failed / BRIDGE_TRANSPORT_DISCONNECTED`，profile endpoint 返回 409，owned target tab 不再可见，bridge stderr 为空。该证据覆盖临时 profile 中的浏览器级用户禁用扩展，不覆盖商店更新或浏览器托管更新生命周期。
+- `STACKPRISM_BROWSER_SMOKE_SCENARIO=expired-deadline-reconciliation STACKPRISM_BROWSER_SMOKE_CDP_PORT=9648 node tests/agent-bridge-browser-smoke.mjs`：Chrome for Testing 147.0.7727.15，加载同一 `dist`。本轮先发现旧 slow-target 夹具在 state 仍可能为 `target_opening` 时修改 deadline，导致实际返回 `TARGET_LOAD_TIMEOUT`，而该行为与实现和单元契约一致；修正后 smoke 使用普通 fixture + `waitMs: 30000`，等待 `chrome.storage.session` 持久化 state 达到 `target_loaded` 且有 target tab id 后再把 `deadlineAt` 改为过去时间，并通过创建普通 `about:blank` tab 触发 background 事件入口。修正后的 Agent 结果为 `failed / CAPTURE_TIMEOUT`，profile endpoint 返回 409，owned target tab 不再可见，bridge stderr 为空。该证据覆盖已加载目标的过期持久化 deadline reconciliation，不覆盖浏览器 idle eviction 本身。
+- `STACKPRISM_BROWSER_SMOKE_SCENARIO=final-url-blocked STACKPRISM_BROWSER_SMOKE_CDP_PORT=9489 node tests/agent-bridge-browser-smoke.mjs`：Chrome for Testing 147.0.7727.15，加载同一 `dist`，本机 `127.0.0.1` fixture 对允许的初始 target 返回一次 302 到当前 bridge origin；真实扩展在 target loaded 后按最终 URL 策略拒绝为 `failed / FINAL_URL_BLOCKED`，reason 为 `invalid_final_url`，profile endpoint 返回 409，fixture 请求数为 1，owned target tab 不再可见，bridge stderr 为空。该证据覆盖 redirect 后最终 URL 指向 bridge origin 的真实浏览器拦截，不覆盖完整 DNS/private-network live matrix。
+- `STACKPRISM_BROWSER_SMOKE_SCENARIO=private-target-blocked STACKPRISM_BROWSER_SMOKE_CDP_PORT=9490 node tests/agent-bridge-browser-smoke.mjs`：Chrome for Testing 147.0.7727.15，加载同一 `dist`，本机 `127.0.0.1` probe fixture 作为初始 capture URL 且未开启 `allowPrivateNetworkTarget` 时，bridge 在创建阶段拒绝为 `400 / PRIVATE_NETWORK_TARGET_BLOCKED`，reason 为 `private_network_address`，fixture 请求数为 0，CDP 中没有该目标页，bridge stderr 为空。该证据覆盖私网字面量初始 URL 的真实 bridge fail-closed 创建路径，不覆盖完整 DNS/private-network live matrix。
+- `STACKPRISM_BROWSER_SMOKE_SCENARIO=dns-non-global-blocked STACKPRISM_BROWSER_SMOKE_CDP_PORT=9491 node tests/agent-bridge-browser-smoke.mjs`：Chrome for Testing 147.0.7727.15，加载同一 `dist`，当前 resolver 将 `stackprism-browser-smoke.invalid` 解析为 `198.18.0.12`；bridge 在创建阶段拒绝为 `400 / PRIVATE_NETWORK_TARGET_BLOCKED`，reason 为 `private_network_address`，CDP 中没有该目标页，bridge stderr 为空。该证据覆盖当前环境中 resolver rewrite 到 benchmark address 的真实 bridge fail-closed 创建路径，不覆盖完整 DNS/private-network live matrix。
+- `STACKPRISM_BROWSER_SMOKE_SCENARIO=dns-lookup-failed STACKPRISM_BROWSER_SMOKE_CDP_PORT=9541 node tests/agent-bridge-browser-smoke.mjs`：真实 JS bridge 使用当前生产 resolver 解析 `aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.com` 返回 `ENOTFOUND`；bridge 在创建阶段拒绝为 `400 / TARGET_DNS_LOOKUP_FAILED`，reason 为 `dns_lookup_failed`，`/health.activeCaptures` 仍为 0，bridge stderr 为空。该证据覆盖真实 resolver 的 DNS lookup failed 终态，不覆盖广泛 NXDOMAIN/SERVFAIL live matrix。
+- `STACKPRISM_BROWSER_SMOKE_SCENARIO=capture-busy STACKPRISM_BROWSER_SMOKE_CDP_PORT=9492 node tests/agent-bridge-browser-smoke.mjs`：Chrome for Testing 147.0.7727.15，加载同一 `dist`，第一个 slow-fixture capture 拥有真实 target tab 时第二个 capture 返回 `429 / CAPTURE_BUSY`；打开 bridge 页后 CDP `Page.getNavigationHistory` 未出现 API/bridge token material 或 `apiToken` / `bridgeToken` / `authorization` query；随后取消第一个 capture，profile endpoint 返回 409，owned target tab 不再可见，bridge stderr 为空。
+- `STACKPRISM_BROWSER_SMOKE_SCENARIO=tech-only STACKPRISM_BROWSER_SMOKE_CDP_PORT=9493 node tests/agent-bridge-browser-smoke.mjs`：Chrome for Testing 147.0.7727.15，加载同一 `dist`，本地 fixture 只请求 `include: ["tech"]` 后 capture `completed`，profile endpoint 返回 `stackprism.site_experience_profile.v1`，visual/layout/components/interaction/ux/assets 均为空，limitations 包含 6 个 `section_not_requested` 项，且没有 screenshot metadata/payload 或 privacy leak marker，bridge stderr 为空。
+- 续审重新执行 `node --test --test-timeout=120000 tests/stackprism-bridge.test.mjs tests/stackprism_bridge_py.test.mjs tests/agent-capture-orchestration.test.mjs tests/agent-bridge-handshake.test.mjs tests/background-logging.test.mjs`：135 tests passed。
+- 续审重新执行 `pnpm run test:unit`：165 tests passed，新增覆盖 Python fallback 非 UTF-8 request body、content bridge config 非数字 `protocolVersion`、cancel status post 失败可观测性和 incognito target orphan-tab cleanup。
+- 续审重新执行 `STACKPRISM_BROWSER_SMOKE_SCENARIO=tech-only STACKPRISM_BROWSER_SMOKE_CDP_PORT=9507 node tests/agent-bridge-browser-smoke.mjs`：Chrome for Testing 147.0.7727.15，加载当前 `dist`，capture `completed`，profile endpoint HTTP 200，schema 为 `stackprism.site_experience_profile.v1`，6 个未请求 section 均为空并带 `section_not_requested` limitation，无 screenshot metadata/payload 和 privacy leak marker。
+- 续审重新执行 `STACKPRISM_BROWSER_SMOKE_SCENARIO=capture-busy STACKPRISM_BROWSER_SMOKE_CDP_PORT=9504 node tests/agent-bridge-browser-smoke.mjs`：第二个 capture 返回 `429 / CAPTURE_BUSY`，取消第一个 capture 后 profile endpoint 返回 409，owned target tab 不再可见，bridge stderr 为空。
+- 续审重新执行 `STACKPRISM_BROWSER_SMOKE_SCENARIO=private-target-blocked STACKPRISM_BROWSER_SMOKE_CDP_PORT=9505 node tests/agent-bridge-browser-smoke.mjs`：创建阶段返回 `400 / PRIVATE_NETWORK_TARGET_BLOCKED`，reason 为 `private_network_address`，fixture request count 为 0，目标页不可见。
+- 续审重新执行 `STACKPRISM_BROWSER_SMOKE_SCENARIO=final-url-blocked STACKPRISM_BROWSER_SMOKE_CDP_PORT=9506 node tests/agent-bridge-browser-smoke.mjs`：终态为 `failed / FINAL_URL_BLOCKED`，reason 为 `invalid_final_url`，profile endpoint 返回 409，owned target tab 不再可见。
+- 续审重新执行 `STACKPRISM_BROWSER_SMOKE_SCENARIO=cleared-storage-session STACKPRISM_BROWSER_SMOKE_CDP_PORT=9508 node tests/agent-bridge-browser-smoke.mjs`：运行中 capture 在 `chrome.storage.session.clear()` 后 fail closed 为 `BRIDGE_TRANSPORT_DISCONNECTED`，profile endpoint 返回 409，owned target tab 不再可见，bridge stderr 为空。
+- 续审重新执行 `STACKPRISM_BROWSER_SMOKE_SCENARIO=local-opt-in-disabled STACKPRISM_BROWSER_SMOKE_CDP_PORT=9509 node tests/agent-bridge-browser-smoke.mjs`：运行中关闭 local opt-in 后 fail closed 为 `AGENT_BRIDGE_DISABLED`，profile endpoint 返回 409，owned target tab 不再可见，bridge stderr 为空。
+- 最终续审重新执行 `STACKPRISM_BROWSER_SMOKE_SCENARIO=tech-only STACKPRISM_BROWSER_SMOKE_CDP_PORT=9510 node tests/agent-bridge-browser-smoke.mjs`：capture `completed`，profile HTTP 200，schema 为 `stackprism.site_experience_profile.v1`，6 个未请求 section 均为空并带 `section_not_requested` limitation，bridge stderr 为空。
+- 最终续审重新执行 `STACKPRISM_BROWSER_SMOKE_SCENARIO=cleared-storage-session STACKPRISM_BROWSER_SMOKE_CDP_PORT=9511 node tests/agent-bridge-browser-smoke.mjs`：运行中 capture 在 `chrome.storage.session.clear()` 后 fail closed 为 `BRIDGE_TRANSPORT_DISCONNECTED`，profile endpoint 返回 409，owned target tab 不再可见，bridge stderr 为空。
+- 最终续审重新执行 `STACKPRISM_BROWSER_SMOKE_SCENARIO=final-url-blocked STACKPRISM_BROWSER_SMOKE_CDP_PORT=9512 node tests/agent-bridge-browser-smoke.mjs`：终态为 `failed / FINAL_URL_BLOCKED`，reason 为 `invalid_final_url`，profile endpoint 返回 409，owned target tab 不再可见。
+- 续审尝试 `node tests/agent-bridge-browser-smoke.mjs` 的默认公网目标：当前环境将 `example.com` 解析到 `198.18.1.69`，bridge 按策略在创建阶段 fail closed，因此默认公网段不能作为通过证据。改用公网直连 IP `http://34.117.59.81` 和 `http://142.250.72.14/robots.txt` 时 capture 可创建，但 Chrome 主 frame 终态为 `TARGET_LOAD_FAILED`；本次不把公网目标不稳定写成 Agent Bridge 主链路失败。
+- `pnpm run lint`：通过。
+- `pnpm run typecheck`：通过，包含 `vue-tsc --noEmit` 和生产构建。
+- `pnpm run docs:build`：通过。
+- 最终本地续审重新执行 `node --test --test-timeout=120000 tests/agent-bridge-handshake.test.mjs tests/agent-capture-orchestration.test.mjs tests/site-experience-profile.test.mjs tests/stackprism-bridge.test.mjs tests/stackprism_bridge_py.test.mjs`：148 tests passed。
+- 最终本地续审重新执行 `pnpm run test:unit`：165 tests passed。
+- 最终本地续审重新执行 `pnpm run lint`：通过。
+- 最终本地续审重新执行 `pnpm run typecheck`：通过，包含 `vue-tsc --noEmit` 和生产构建。
+- 最终本地续审重新执行 `pnpm run docs:build`：通过。
+- `zsh -f -c 'files=...; pnpm exec prettier --check "$files[@]"'`：当前变更中的 JS/TS/Vue/Markdown/JSON/YAML 文件均符合 Prettier；`.py` 文件未纳入 Prettier，因为本仓库没有 Python parser。
+- 最终本地续审重新执行 `git diff --check && git diff --cached --check`：通过。
+- `node --check agent-skill/stackprism-site-experience/scripts/stackprism-bridge.mjs && for f in agent-skill/stackprism-site-experience/scripts/bridge/*.mjs; do node --check "$f"; done`：通过。
+- `python3 -m py_compile agent-skill/stackprism-site-experience/scripts/stackprism_bridge.py agent-skill/stackprism-site-experience/scripts/stackprism_bridge_lib/http_server.py agent-skill/stackprism-site-experience/scripts/stackprism_bridge_lib/http_handler_base.py`：通过。
+- `python3 -m compileall -q agent-skill/stackprism-site-experience/scripts/stackprism_bridge_lib`：通过；生成的 `__pycache__` 已清理。
+- `pnpm exec prettier --check ...`：关键 docs/test/skill/bridge 文件通过；`.py` 文件未纳入 Prettier，因为本仓库没有为 Python 配置 Prettier parser。
+- `git diff --check && git diff --cached --check`：通过。
+- 从 `.github/workflows/release-extension.yml` 提取 inline dist hygiene 脚本并在当前 `dist/` 上执行：exit code 0，无发布边界失败。
+- `dist/` hygiene scan：无 agent-only、test、Python、`__pycache__`、local bridge server 入口或 repo-local JS bridge helper 源文件产物。
+- 追加 router 异常脱敏后重新执行 `node --test --test-timeout=120000 tests/agent-bridge-handshake.test.mjs tests/agent-capture-orchestration.test.mjs`：66 tests passed。
+- 追加 router 异常脱敏后重新执行 `pnpm exec prettier --check src/background/message-router.ts tests/agent-capture-orchestration.test.mjs docs/reviews/CR-AGENT-BRIDGE-COMPLETION-AUDIT-2026-05-24.md docs/reviews/CR-AGENT-BRIDGE-E2E-2026-05-22.md`：通过。
+- 追加 router 异常脱敏后重新执行 `pnpm run test:unit`：166 tests passed。
+- 追加 router 异常脱敏后重新执行 `pnpm run lint`：通过。
+- 追加 router 异常脱敏后重新执行 `pnpm run typecheck`：通过，包含 `vue-tsc --noEmit` 和生产构建。
+- 追加 router 异常脱敏后重新执行 `pnpm run docs:build`：通过。
+- 追加底层 factory env gate 后重新执行 `node --test --test-timeout=60000 tests/stackprism-bridge.test.mjs`：33 tests passed。
+- 追加底层 factory env gate 后重新执行 `node --test --test-timeout=60000 tests/stackprism_bridge_py.test.mjs`：37 tests passed。
+- 追加底层 factory env gate 后重新执行 `node --test --test-timeout=60000 tests/agent-bridge-complexity.test.mjs`：通过；`http-server.mjs` 收敛为 296 行，仍低于 300 行预算。
+- 追加底层 factory env gate 后重新执行 `pnpm exec prettier --check agent-skill/stackprism-site-experience/scripts/bridge/http-server.mjs tests/stackprism-bridge.test.mjs tests/stackprism_bridge_py.test.mjs docs/reviews/CR-AGENT-BRIDGE-COMPLETION-AUDIT-2026-05-24.md docs/reviews/CR-AGENT-BRIDGE-E2E-2026-05-22.md`：通过。
+- 追加底层 factory env gate 后重新执行 `node --check agent-skill/stackprism-site-experience/scripts/bridge/http-server.mjs`：通过。
+- 追加底层 factory env gate 后重新执行 `python3 -m py_compile agent-skill/stackprism-site-experience/scripts/stackprism_bridge_lib/server_factory.py`：通过。
+- 追加底层 factory env gate 后重新执行 `python3 -m compileall -q agent-skill/stackprism-site-experience/scripts/stackprism_bridge_lib`：通过；生成的 `__pycache__` 已清理。
+- 追加底层 factory env gate 后重新执行 `pnpm run test:unit`：168 tests passed。
+- 追加底层 factory env gate 后重新执行 `pnpm run lint`：通过。
+- 追加底层 factory env gate 后重新执行 `pnpm run typecheck`：通过，包含 `vue-tsc --noEmit` 和生产构建。
+- 追加底层 factory env gate 后重新执行 `pnpm run docs:build`：通过。
+- 追加 direct open-browser parsed args NUL gate 后重新执行 `node --test --test-timeout=60000 tests/stackprism-bridge.test.mjs`：34 tests passed。
+- 追加 parsed browser-open args NUL gate 后重新执行 `node --test --test-timeout=60000 tests/stackprism_bridge_py.test.mjs`：37 tests passed。
+- 追加 direct open-browser parsed args NUL gate 后重新执行 `node --test --test-timeout=60000 tests/stackprism-bridge.test.mjs tests/stackprism_bridge_py.test.mjs tests/agent-bridge-complexity.test.mjs`：72 tests passed。
+- 追加 direct open-browser parsed args NUL gate 后重新执行 `pnpm exec prettier --check agent-skill/stackprism-site-experience/scripts/bridge/open-browser.mjs agent-skill/stackprism-site-experience/scripts/bridge/http-server.mjs tests/stackprism-bridge.test.mjs tests/stackprism_bridge_py.test.mjs docs/reviews/CR-AGENT-BRIDGE-COMPLETION-AUDIT-2026-05-24.md docs/reviews/CR-AGENT-BRIDGE-E2E-2026-05-22.md`：通过。
+- 追加 direct open-browser parsed args NUL gate 后重新执行 `node --check agent-skill/stackprism-site-experience/scripts/bridge/open-browser.mjs` 和 `node --check agent-skill/stackprism-site-experience/scripts/bridge/http-server.mjs`：通过。
+- 追加 direct open-browser parsed args NUL gate 后重新执行 `python3 -m py_compile agent-skill/stackprism-site-experience/scripts/stackprism_bridge_lib/open_browser.py agent-skill/stackprism-site-experience/scripts/stackprism_bridge_lib/server_factory.py`：通过。
+- 追加 direct open-browser parsed args NUL gate 后重新执行 `python3 -m compileall -q agent-skill/stackprism-site-experience/scripts/stackprism_bridge_lib`：通过；生成的 `__pycache__` 已清理。
+- 追加 direct open-browser parsed args NUL gate 后重新执行 `pnpm run test:unit`：169 tests passed。
+- 追加 direct open-browser parsed args NUL gate 后重新执行 `pnpm run lint`：通过。
+- 追加 direct open-browser parsed args NUL gate 后重新执行 `pnpm run typecheck`：通过，包含 `vue-tsc --noEmit` 和生产构建。
+- 追加 direct open-browser parsed args NUL gate 后重新执行 `pnpm run docs:build`：通过。
+- 追加 browser-open invalid args/argv follow-up 后重新执行 `node --test --test-timeout=60000 tests/stackprism-bridge.test.mjs tests/stackprism_bridge_py.test.mjs`：88 tests passed。
+- 追加 browser-open invalid args/argv follow-up 后重新执行 `pnpm exec prettier --check tests/stackprism-bridge.test.mjs tests/stackprism_bridge_py.test.mjs`：通过。
+- 追加 browser smoke token-prefix redaction follow-up 后重新执行 `node --test --test-timeout=60000 tests/agent-bridge-browser-smoke-output.test.mjs`：1 test passed。
+- 追加 browser smoke token-prefix redaction follow-up 后重新执行 `node --check tests/agent-bridge-browser-smoke.mjs && node --check tests/helpers/agent-bridge-browser-smoke-harness.mjs`：通过。
+- 追加 browser smoke token-prefix redaction follow-up 后重新执行 `pnpm exec prettier --check tests/agent-bridge-browser-smoke.mjs tests/helpers/agent-bridge-browser-smoke-harness.mjs tests/agent-bridge-browser-smoke-output.test.mjs`：通过。
+- 追加 smoke bridge cleanup gate 后重新执行 `node --check tests/helpers/agent-bridge-browser-smoke-harness.mjs && node --check tests/agent-bridge-browser-smoke.mjs`：通过。
+- 追加 smoke bridge cleanup gate 后重新执行 `pnpm exec prettier --check tests/helpers/agent-bridge-browser-smoke-harness.mjs tests/agent-bridge-browser-smoke.mjs`：通过。
+- 追加 smoke bridge cleanup gate 后重新执行 `STACKPRISM_BROWSER_SMOKE_SCENARIO=tech-only STACKPRISM_BROWSER_SMOKE_CDP_PORT=9520 node tests/agent-bridge-browser-smoke.mjs`：Chrome for Testing 147.0.7727.15，capture `completed`，profile HTTP 200，schema 为 `stackprism.site_experience_profile.v1`，6 个未请求 section 均为空并带 `section_not_requested` limitation，bridge stderr 为空；该场景 finally 已通过 `stopBridge()` 等待 bridge 子进程退出并确认 `/health` 不再可达。
+- 追加 smoke bridge cleanup gate 后重新执行 `pnpm run test:unit`：169 tests passed。
+- 追加 smoke bridge cleanup gate 后重新执行 `pnpm run docs:build`：通过。
+- 追加 smoke bridge cleanup gate 后重新执行 `git diff --check && git diff --cached --check`：通过；`__pycache__` 已清理。
+- 追加 targetMode query live smoke 后重新执行 `node --check tests/helpers/agent-bridge-browser-smoke-harness.mjs && node --check tests/agent-bridge-browser-smoke.mjs`：通过。
+- 追加 targetMode query live smoke 后重新执行 `pnpm exec prettier --check tests/helpers/agent-bridge-browser-smoke-harness.mjs tests/agent-bridge-browser-smoke.mjs`：通过。
+- 追加 targetMode query live smoke 后重新执行 `STACKPRISM_BROWSER_SMOKE_SCENARIO=target-mode-query-boundaries STACKPRISM_BROWSER_SMOKE_CDP_PORT=9521 node tests/agent-bridge-browser-smoke.mjs`：Chrome for Testing 147.0.7727.15，加载当前 `dist`；`reuse_or_new_tab` 对同 origin/path 但 query 不同的既有 tab 未复用并完成 capture，`active_tab` 对 query 不同的前一 active tab 返回 `failed / ACTIVE_TAB_MISMATCH`，且没有打开 mismatch 目标 URL；bridge stderr 为空。
+- 追加 targetMode keep-tab-open 输出证据后重新执行 `STACKPRISM_BROWSER_SMOKE_SCENARIO=target-mode-query-boundaries STACKPRISM_BROWSER_SMOKE_CDP_PORT=9558 node tests/agent-bridge-browser-smoke.mjs`：Chrome for Testing 147.0.7727.15，加载当前 `dist`；`reuse_or_new_tab` 对同 origin/path 但 query 不同的既有 tab 未复用并完成 capture，输出 `keepTabOpenWasTrue = true` 和 `keptNewTargetTabId`，证明 `keepTabOpen=true` 时保留插件新建目标 tab 直到场景清理；`active_tab` 对 query 不同的前一 active tab 返回 `failed / ACTIVE_TAB_MISMATCH`，且没有打开 mismatch 目标 URL；bridge stderr 为空。
+- 追加 sequential capture pressure smoke 后重新执行 `STACKPRISM_BROWSER_SMOKE_SCENARIO=sequential-capture-pressure STACKPRISM_BROWSER_SMOKE_CDP_PORT=9522 node tests/agent-bridge-browser-smoke.mjs`：Chrome for Testing 147.0.7727.15，加载当前 `dist`；同一 JS bridge 和同一 Chrome profile 连续 4 轮 capture 均 `completed / cleanup`，profile HTTP 均为 200，每轮后 `/health.activeCaptures = 0`，owned target tab 均不可见，bridge stderr 为空。
+- 追加 sequential capture pressure smoke 后重新执行 `node --check tests/helpers/agent-bridge-browser-smoke-harness.mjs && node --check tests/agent-bridge-browser-smoke.mjs`：通过。
+- 追加 sequential capture pressure smoke 后重新执行 `pnpm exec prettier --check tests/helpers/agent-bridge-browser-smoke-harness.mjs tests/agent-bridge-browser-smoke.mjs docs/reviews/CR-AGENT-BRIDGE-COMPLETION-AUDIT-2026-05-24.md docs/reviews/CR-AGENT-BRIDGE-E2E-2026-05-22.md`：通过。
+- 追加 sequential capture pressure smoke 后重新执行 `pnpm run test:unit`：169 tests passed。
+- 追加 sequential capture pressure smoke 后重新执行 `pnpm run docs:build`：通过。
+- 追加 sequential capture pressure smoke 后重新执行 `git diff --check && git diff --cached --check`：通过；`__pycache__` 已清理。
+- 追加 final private URL smoke 后重新执行 `node --check tests/helpers/agent-bridge-browser-smoke-harness.mjs && node --check tests/agent-bridge-browser-smoke.mjs`：通过。
+- 追加 final private URL smoke 后重新执行 `pnpm exec prettier --check tests/helpers/agent-bridge-browser-smoke-harness.mjs tests/agent-bridge-browser-smoke.mjs`：通过。
+- 追加 final private URL smoke 后重新执行 `STACKPRISM_BROWSER_SMOKE_SCENARIO=final-private-url-blocked STACKPRISM_BROWSER_SMOKE_CDP_PORT=9523 node tests/agent-bridge-browser-smoke.mjs`：Chrome for Testing 147.0.7727.15，加载当前 `dist`；公网 IP 字面量初始 URL 通过本机 HTTP proxy 到达 redirect fixture，再真实跳转到 `127.0.0.1` final target；bridge 在 `target_loaded` 后返回 `failed / FINAL_URL_BLOCKED`，reason 为 `private_network_address`，profile endpoint 返回 409，owned target tab 不可见，proxy request count 为 2，private final request count 为 2，bridge stderr 为空。
+- 追加 final private URL smoke 后重新执行 `pnpm run test:unit`：169 tests passed。
+- 追加 final private URL smoke 后重新执行 `pnpm run docs:build`：通过。
+- 追加 final DNS policy smoke 后重新执行 `node --check tests/helpers/agent-bridge-browser-smoke-harness.mjs && node --check tests/agent-bridge-browser-smoke.mjs`：通过。
+- 追加 final DNS policy smoke 后重新执行 `pnpm exec prettier --check tests/helpers/agent-bridge-browser-smoke-harness.mjs tests/agent-bridge-browser-smoke.mjs`：通过。
+- 追加 final DNS policy smoke 后重新执行 `STACKPRISM_BROWSER_SMOKE_SCENARIO=final-dns-policy-blocked STACKPRISM_BROWSER_SMOKE_CDP_PORT=9524 node tests/agent-bridge-browser-smoke.mjs`：Chrome for Testing 147.0.7727.15，加载当前 `dist`；公网 IP 字面量初始 URL 通过本机 HTTP proxy 到达 redirect fixture，再真实跳转到 `stackprism-browser-smoke.invalid` final target；当前 resolver 将该 hostname 判定为 private/non-global，bridge 在 `target_loaded` 后返回 `failed / FINAL_URL_BLOCKED`，reason 为 `private_network_address`，profile endpoint 返回 409，owned target tab 不可见，proxy request count 为 6，final request count 为 3，bridge stderr 为空。
+- 追加 final DNS lookup failed smoke 后重新执行 `node --check tests/agent-bridge-browser-smoke.mjs`：通过。
+- 追加 final DNS lookup failed smoke 后重新执行 `STACKPRISM_BROWSER_SMOKE_SCENARIO=final-dns-lookup-failed STACKPRISM_BROWSER_SMOKE_CDP_PORT=9542 node tests/agent-bridge-browser-smoke.mjs`：Chrome for Testing 147.0.7727.15，加载当前 `dist`；公网 IP 字面量初始 URL 通过本机 HTTP proxy 到达 redirect fixture，再真实跳转到 oversized-label hostname final target；bridge 在 `target_loaded` 后返回 `failed / FINAL_URL_BLOCKED`，reason 为 `dns_lookup_failed`，profile endpoint 返回 409，owned target tab 不可见，proxy request count 为 3，final request count 为 1，bridge stderr 为空。
+- 追加 final DNS lookup failed smoke 记录后重新执行 `pnpm exec prettier --check tests/agent-bridge-browser-smoke.mjs docs/reviews/CR-AGENT-BRIDGE-COMPLETION-AUDIT-2026-05-24.md docs/reviews/CR-AGENT-BRIDGE-E2E-2026-05-22.md`、`pnpm run docs:build`、`git diff --check` 和 `git diff --cached --check`：均通过。
+- 追加 target navigated away smoke 后重新执行 `node --check tests/helpers/agent-bridge-browser-smoke-harness.mjs && node --check tests/agent-bridge-browser-smoke.mjs`：通过。
+- 追加 target navigated away smoke 后重新执行 `pnpm exec prettier --check tests/helpers/agent-bridge-browser-smoke-harness.mjs tests/agent-bridge-browser-smoke.mjs docs/reviews/CR-AGENT-BRIDGE-COMPLETION-AUDIT-2026-05-24.md docs/reviews/CR-AGENT-BRIDGE-E2E-2026-05-22.md`：通过。
+- 追加 target navigated away smoke 后重新执行 `STACKPRISM_BROWSER_SMOKE_SCENARIO=target-navigated-away STACKPRISM_BROWSER_SMOKE_CDP_PORT=9525 node tests/agent-bridge-browser-smoke.mjs`：Chrome for Testing 147.0.7727.15，加载当前 `dist`；capture 进入 `target_loaded` 后通过扩展 API 将 owned target tab 请求导航到同源不同路径，Agent 端返回 `failed / TARGET_NAVIGATED_AWAY` 且 `details.finalUrlChanged = true`，profile endpoint 返回 409，owned target tab 不可见，bridge stderr 为空。
+- 追加 target navigated away smoke 后重新执行 `pnpm run test:unit`：169 tests passed。
+- 追加 target navigated away smoke 后重新执行 `pnpm run docs:build`：通过。
+- 追加 target navigated away smoke 后重新执行 `git diff --check && git diff --cached --check`：通过；`__pycache__` 已清理。
+- 追加 target load failed smoke 后重新执行 `node --check tests/helpers/agent-bridge-browser-smoke-harness.mjs && node --check tests/agent-bridge-browser-smoke.mjs`：通过。
+- 追加 target load failed smoke 后重新执行 `STACKPRISM_BROWSER_SMOKE_SCENARIO=target-load-failed STACKPRISM_BROWSER_SMOKE_CDP_PORT=9526 node tests/agent-bridge-browser-smoke.mjs`：Chrome for Testing 147.0.7727.15，加载当前 `dist`；本机 load-failure fixture 被 Chrome 请求 1 次后主动断开连接，Agent 端返回 `failed / TARGET_LOAD_FAILED`，profile endpoint 返回 409，owned target tab 已关闭，bridge stderr 为空。
+- 追加 target load timeout smoke 时先复现缺陷：`STACKPRISM_BROWSER_SMOKE_SCENARIO=target-load-timeout STACKPRISM_BROWSER_SMOKE_CDP_PORT=9530 node tests/agent-bridge-browser-smoke.mjs` 和后续 9531、9532、9533 端口复跑均显示慢目标页最终被本机 bridge 泛化为 `failed / CAPTURE_TIMEOUT`，未满足计划要求的 `TARGET_LOAD_TIMEOUT`。
+- 修复后 JS/Python bridge capture store 会在当前 phase 为 `target_opening` 时把全局 deadline 映射为 `TARGET_LOAD_TIMEOUT`；扩展侧 target load wait 也预留 5 秒 bridge 回写余量，避免与全局 deadline 同点竞争。
+- 追加 target load timeout 修复后重新执行 `node --test --test-timeout=120000 tests/agent-capture-orchestration.test.mjs tests/stackprism-bridge.test.mjs tests/stackprism_bridge_py.test.mjs`：124 tests passed，覆盖扩展 reconciliation、JS bridge 和 Python fallback 对 extension connect timeout、target load timeout、普通 running timeout 的区分。
+- 追加 target load timeout 修复后重新执行 `STACKPRISM_BROWSER_SMOKE_SCENARIO=target-load-timeout STACKPRISM_BROWSER_SMOKE_CDP_PORT=9534 node tests/agent-bridge-browser-smoke.mjs`：Chrome for Testing 147.0.7727.15，加载当前 `dist`；慢响应 fixture 触发目标加载超时，Agent 端返回 `failed / TARGET_LOAD_TIMEOUT`，profile endpoint 返回 409，owned target tab 已关闭，bridge stderr 为空。
+- 追加 target load timeout 修复后重新执行 `pnpm exec prettier --check ...`：当前触及的 TS/JS/MJS/Markdown 文件均符合 Prettier；Python fallback 文件通过 `python3 -m py_compile`。
+- 追加 target load timeout 修复后重新执行 `pnpm run test:unit`：170 tests passed。
+- 追加 target load timeout 修复后重新执行 `pnpm run lint`：通过。
+- 追加 target load timeout 修复后重新执行 `pnpm run typecheck`：通过，包含 `vue-tsc --noEmit` 和生产构建。
+- 追加 target load timeout 修复后重新执行 `pnpm run docs:build`：通过。
+- 追加 bridge iframe embedding smoke 后重新执行 `node --check tests/helpers/agent-bridge-browser-smoke-harness.mjs && node --check tests/agent-bridge-browser-smoke.mjs`：通过。
+- 追加 bridge iframe embedding smoke 后重新执行 `pnpm exec prettier --check tests/helpers/agent-bridge-browser-smoke-harness.mjs tests/agent-bridge-browser-smoke.mjs`：通过。
+- 追加 bridge iframe embedding smoke 后重新执行 `STACKPRISM_BROWSER_SMOKE_SCENARIO=bridge-iframe-blocked STACKPRISM_BROWSER_SMOKE_CDP_PORT=9536 node tests/agent-bridge-browser-smoke.mjs`：Chrome for Testing 147.0.7727.15，加载当前 `dist`；本机攻击页通过 iframe 尝试加载真实 `bridgeUrl` 后，父 DOM 和可访问 frame 文档均不含 `spbt_`，随后顶层首次 `/bridge` 渲染仍返回 200 且包含一次性 `bridgeToken`，证明 iframe 尝试未触发 token render/claim；清理 DELETE 返回 200，bridge stderr 为空。
+- 按 Task 10 原命令口径分别执行 `pnpm exec prettier --file-info agent-skill/stackprism-site-experience/scripts/stackprism-bridge.mjs`、`pnpm exec prettier --file-info agent-skill/stackprism-site-experience/scripts/bridge/http-server.mjs` 和 `pnpm exec prettier --file-info docs/reviews/CR-AGENT-BRIDGE-E2E-2026-05-22.md`：三次均返回 `"ignored": false`，parser 分别为 `babel`、`babel`、`markdown`。
+- 按 Task 10 原命令口径重新执行 `pnpm run build:injected`：通过，生成 `public/injected/page-detector.iife.js`、`public/injected/page-source-search.iife.js` 和 `public/injected/experience-profiler.iife.js`。
+- 按 Task 10 原命令口径重新执行 `pnpm run build`：通过，包含 `build:injected` 和 Vite production build，当前 `dist/manifest.json` 与扩展产物重新生成成功。
+- 追加 wrong-profile smoke 后重新执行 `node --check tests/helpers/agent-bridge-browser-smoke-harness.mjs && node --check tests/agent-bridge-browser-smoke.mjs`：通过。
+- 追加 wrong-profile smoke 后重新执行 `pnpm exec prettier --check tests/helpers/agent-bridge-browser-smoke-harness.mjs tests/agent-bridge-browser-smoke.mjs`：通过。
+- 追加 wrong-profile smoke 后重新执行 `STACKPRISM_BROWSER_SMOKE_SCENARIO=wrong-profile-extension-missing STACKPRISM_BROWSER_SMOKE_CDP_PORT=9537 node tests/agent-bridge-browser-smoke.mjs`：Chrome for Testing 147.0.7727.15，bridge 自动打开到未加载 StackPrism 的临时 Chrome profile；Agent 端最终返回 `failed / EXTENSION_NOT_CONNECTED`，profile endpoint 返回 409，目标 probe request count 为 0，bridge stderr 为空。
+- 追加 host validation smoke 后重新执行 `node --check tests/helpers/agent-bridge-browser-smoke-harness.mjs && node --check tests/agent-bridge-browser-smoke.mjs`：通过。
+- 追加 host validation smoke 后重新执行 `pnpm exec prettier --check tests/helpers/agent-bridge-browser-smoke-harness.mjs tests/agent-bridge-browser-smoke.mjs`：通过。
+- 追加 host validation smoke 后重新执行 `STACKPRISM_BROWSER_SMOKE_SCENARIO=host-validation STACKPRISM_BROWSER_SMOKE_CDP_PORT=9538 node tests/agent-bridge-browser-smoke.mjs`：真实 JS bridge 上原始 TCP 请求确认 `/health` 正确 Host 返回 200，`localhost:{port}`、错误端口和 `[::1]:{port}` Host 均返回 400；`/bridge` 错误 Host 返回 400 且不包含 `spbt_`，随后正确 Host 首次 `/bridge` 返回 200 且包含 bridge token；Bearer status endpoint 错误 Host 返回 400，正确 Host 返回 200，目标 probe request count 为 0，bridge stderr 为空。
+- 追加 response headers/CORS live smoke 后重新执行 `node --check tests/agent-bridge-browser-smoke.mjs`：通过。
+- 追加 response headers/CORS live smoke 后重新执行 `pnpm exec prettier --check tests/agent-bridge-browser-smoke.mjs`：通过。
+- 追加 response headers/CORS live smoke 后重新执行 `STACKPRISM_BROWSER_SMOKE_SCENARIO=response-headers-cors STACKPRISM_BROWSER_SMOKE_CDP_PORT=9539 node tests/agent-bridge-browser-smoke.mjs`：真实 JS bridge 上确认 capture status GET、request GET、control GET、status POST 均返回 200 且带 no-store/nosniff；profile GET 在未完成时返回 409 且带 no-store/nosniff/no-referrer；`OPTIONS /v1/captures` 返回 405 且无 `Access-Control-Allow-*`；跨站 Origin 创建、跨站 Referer status 查询和 `Sec-Fetch-Site: cross-site` status 查询均返回 403；目标 probe request count 为 0，cleanup DELETE 返回 200，bridge stderr 为空。
+- 追加 response headers/CORS live smoke 记录后重新执行 `pnpm exec prettier --check tests/helpers/agent-bridge-browser-smoke-harness.mjs tests/agent-bridge-browser-smoke.mjs docs/reviews/CR-AGENT-BRIDGE-COMPLETION-AUDIT-2026-05-24.md docs/reviews/CR-AGENT-BRIDGE-E2E-2026-05-22.md`：通过。
+- 追加 response headers/CORS live smoke 记录后重新执行 `pnpm run docs:build`：通过。
+- 追加 response headers/CORS live smoke 记录后重新执行 `git diff --check` 和 `git diff --cached --check`：均通过。
+- 追加 connection pressure smoke 后重新执行 `node --check tests/agent-bridge-browser-smoke.mjs`：通过。
+- 追加 connection pressure smoke 后重新执行 `STACKPRISM_BROWSER_SMOKE_SCENARIO=connection-pressure STACKPRISM_BROWSER_SMOKE_CDP_PORT=9540 node tests/agent-bridge-browser-smoke.mjs`：真实 CLI JS bridge 使用默认 `maxOpenConnections = 20`；20 条半开 `/health` 连接占满后，第 21 个 `/health` 请求返回 `ECONNRESET` 且 body 长度为 0；释放 1 条连接后 `/health` 恢复 `HTTP/1.1 200 OK`；bridge stderr 为空。
+- 追加 connection pressure smoke 记录后重新执行 `pnpm exec prettier --check tests/agent-bridge-browser-smoke.mjs docs/reviews/CR-AGENT-BRIDGE-COMPLETION-AUDIT-2026-05-24.md docs/reviews/CR-AGENT-BRIDGE-E2E-2026-05-22.md`、`pnpm run docs:build`、`git diff --check` 和 `git diff --cached --check`：均通过。
+- 追加 DNS lookup failed smoke 后重新执行 `node --check tests/agent-bridge-browser-smoke.mjs`：通过。
+- 追加 DNS lookup failed smoke 后重新执行 `pnpm exec prettier --check tests/agent-bridge-browser-smoke.mjs`：通过。
+- 追加 DNS lookup failed smoke 后重新执行 `STACKPRISM_BROWSER_SMOKE_SCENARIO=dns-lookup-failed STACKPRISM_BROWSER_SMOKE_CDP_PORT=9541 node tests/agent-bridge-browser-smoke.mjs`：真实 JS bridge 使用当前生产 resolver 解析 64 字符 label hostname 返回 `ENOTFOUND`；capture 创建返回 `400 / TARGET_DNS_LOOKUP_FAILED / dns_lookup_failed`，`/health.activeCaptures` 为 0，bridge stderr 为空。
+- 追加 DNS lookup failed smoke 记录后重新执行 `pnpm exec prettier --check tests/agent-bridge-browser-smoke.mjs docs/reviews/CR-AGENT-BRIDGE-COMPLETION-AUDIT-2026-05-24.md docs/reviews/CR-AGENT-BRIDGE-E2E-2026-05-22.md`、`pnpm run docs:build`、`git diff --check` 和 `git diff --cached --check`：均通过。
+- 追加 service worker idle wake smoke 后重新执行 `node --check tests/agent-bridge-browser-smoke.mjs` 和 `node --check tests/helpers/agent-bridge-browser-smoke-harness.mjs`：通过。
+- 追加 service worker idle wake smoke 后重新执行 `STACKPRISM_BROWSER_SMOKE_SCENARIO=service-worker-idle-wake STACKPRISM_BROWSER_SMOKE_CDP_PORT=9544 node tests/agent-bridge-browser-smoke.mjs`：Chrome for Testing 147.0.7727.15，加载当前 `dist`；设置 local opt-in 后初始 service worker target 自然 idle 31 秒后从 CDP 消失，bridge 页面唤醒新的 service worker target，fixture capture `completed`，profile HTTP 200，schema 为 `stackprism.site_experience_profile.v1`，bridge stderr 为空。
+- 追加 service worker idle wake smoke 记录后重新执行 `pnpm exec prettier --check tests/agent-bridge-browser-smoke.mjs tests/helpers/agent-bridge-browser-smoke-harness.mjs docs/reviews/CR-AGENT-BRIDGE-COMPLETION-AUDIT-2026-05-24.md docs/reviews/CR-AGENT-BRIDGE-E2E-2026-05-22.md`、`pnpm run docs:build`、`git diff --check` 和 `git diff --cached --check`：均通过。
+- 运行中 idle 探针执行一段一次性 Node harness 脚本：Chrome for Testing 147.0.7727.15，端口 9545，slow target 90 秒；bridge page 注册 profile-transfer port 并打开目标 tab 后关闭 harness 的 service-worker CDP session，继续等待 75 秒。当前 Chrome 未自然移除 service worker target；capture 最终按 `TARGET_LOAD_TIMEOUT` fail closed，owned target tab 不可见，bridge stderr 为空。该证据说明当前实现/浏览器行为下未能 live 触发运行中 idle eviction，不能把该项标记完成。
+- 追加 browser-managed unpacked reload smoke 后重新执行 `node --check tests/agent-bridge-browser-smoke.mjs` 和 `node --check tests/helpers/agent-bridge-browser-smoke-harness.mjs`：通过。
+- 追加 browser-managed unpacked reload smoke 后重新执行 `STACKPRISM_BROWSER_SMOKE_SCENARIO=browser-extension-reloaded STACKPRISM_BROWSER_SMOKE_CDP_PORT=9547 node tests/agent-bridge-browser-smoke.mjs`：Chrome for Testing 147.0.7727.15，加载当前 `dist`；运行中 slow-fixture capture 通过 `chrome://extensions` 的 unpacked 扩展卡片 `#dev-reload-button` 触发 reload，Agent 看到 `failed / BRIDGE_TRANSPORT_DISCONNECTED`，profile endpoint 返回 409，owned target tab 不可见，bridge stderr 为空。该证据覆盖临时 unpacked 扩展的浏览器管理页 reload，不覆盖 Chrome Web Store / Edge Add-ons rollout。
+- 追加 incognito bridge probe 后重新执行 `node --check tests/agent-bridge-browser-smoke.mjs` 和 `node --check tests/helpers/agent-bridge-browser-smoke-harness.mjs`：通过。
+- 追加 incognito bridge probe 后重新执行 `STACKPRISM_BROWSER_SMOKE_SCENARIO=incognito-bridge-probe STACKPRISM_BROWSER_SMOKE_CDP_PORT=9549 node tests/agent-bridge-browser-smoke.mjs`：Chrome for Testing 147.0.7727.15，加载当前 `dist`；通过 `chrome://extensions` 打开临时 profile 的 `allow-incognito` toggle 并确认启用，写入 local opt-in 后重启同一 profile，再用 CDP incognito browser context 打开 bridge URL。当前 CDP 无痕 context 未连接扩展 content script，Agent 看到 `failed / EXTENSION_NOT_CONNECTED` 而不是扩展侧 `INCOGNITO_NOT_SUPPORTED`；profile endpoint 返回 409，目标 probe request count 为 0，bridge stderr 为空。该证据只能证明当前自动化环境的 fail-closed skip，不证明精确 incognito metadata rejection live path。
+- 追加 resource timeouts smoke 后重新执行 `node --check tests/agent-bridge-browser-smoke.mjs`：通过。
+- 追加 resource timeouts smoke 后重新执行 `pnpm exec prettier --check tests/agent-bridge-browser-smoke.mjs`：通过。
+- 追加 resource timeouts smoke 后重新执行 `STACKPRISM_BROWSER_SMOKE_SCENARIO=resource-timeouts STACKPRISM_BROWSER_SMOKE_CDP_PORT=9561 node tests/agent-bridge-browser-smoke.mjs`：真实 CLI JS bridge 默认 resource policy 下，慢 header `/health` 在约 5 秒返回 `HTTP/1.1 408 Request Timeout` 且不返回业务 body，随后完整 `/health` 返回 200；慢 body `POST /v1/captures` 在约 10 秒返回 `HTTP/1.1 408 Request Timeout`，不创建 capture，随后 `/health` 返回 200 且 `activeCaptures = 0`；keep-alive `/health` 连接先返回 200，再因 idle timeout 被服务端关闭，随后新 `/health` 返回 200，bridge stderr 为空。
+- 追加 rate-limit smoke 后重新执行 `node --check tests/agent-bridge-browser-smoke.mjs`：通过。
+- 追加 rate-limit smoke 后重新执行 `STACKPRISM_BROWSER_SMOKE_SCENARIO=rate-limit STACKPRISM_BROWSER_SMOKE_CDP_PORT=9562 node tests/agent-bridge-browser-smoke.mjs`：真实 CLI JS bridge 默认 production 阈值下，第 1 次 create 返回 200，第 2 到第 10 次 create 返回 `429 / CAPTURE_BUSY`，第 11 次 create 返回 `429 / RATE_LIMITED`；同一 capture 的 120 次 authenticated status reads 返回 200，第 121 次返回 `429 / RATE_LIMITED`；target request count 为 0，cleanup DELETE 200，bridge stderr 为空。
+- 追加 profile-rate-limit smoke 后重新执行 `node --check tests/agent-bridge-browser-smoke.mjs`：通过。
+- 追加 profile-rate-limit smoke 后重新执行 `STACKPRISM_BROWSER_SMOKE_SCENARIO=profile-rate-limit STACKPRISM_BROWSER_SMOKE_CDP_PORT=9564 node tests/agent-bridge-browser-smoke.mjs`：真实 CLI JS bridge 默认 production query 阈值下，120 次 authenticated `/profile` reads 到达 profile endpoint 并返回未完成 capture 的 `409 / INVALID_REQUEST`，第 121 次 profile read 返回 `429 / RATE_LIMITED`；target request count 为 0，cleanup DELETE 200，bridge stderr 为空。
+- 追加 target-url-validation smoke 后重新执行 `node --check tests/agent-bridge-browser-smoke.mjs`：通过。
+- 追加 target-url-validation smoke 后重新执行 `STACKPRISM_BROWSER_SMOKE_SCENARIO=target-url-validation STACKPRISM_BROWSER_SMOKE_CDP_PORT=9563 node tests/agent-bridge-browser-smoke.mjs`：真实 CLI JS bridge 创建阶段拒绝 unsupported protocol 和 credential URL 为 `400 / INVALID_REQUEST`，拒绝 loopback private target 为 `400 / PRIVATE_NETWORK_TARGET_BLOCKED`，拒绝 bridge self-target 为 `400 / BRIDGE_SELF_TARGET_BLOCKED`；`/health.activeCaptures = 0`，target request count 为 0，bridge stderr 为空。
+- 追加 release workflow gate 后重新执行 `node --test --test-timeout=60000 tests/release-workflow.test.mjs`：7 tests passed，覆盖 release gate 顺序、clean fake `dist`、`externally_connectable` 拒绝、`dist/assets/capture-store.mjs` 拒绝、嵌套 `dist/assets/agent-skill/` 拒绝、以及 `web_accessible_resources` 暴露 `assets/http-server.mjs` 拒绝。
+- 追加 release workflow gate 后重新执行 `node --test --test-timeout=60000 tests/release-workflow.test.mjs tests/agent-bridge-manifest.test.mjs`：9 tests passed。
+- 追加 release workflow gate 后重新执行 `pnpm run test:unit`：173 tests passed。
+- 追加 release workflow gate 后从 `.github/workflows/release-extension.yml` 提取更新后的 inline hygiene 脚本并在当前 `dist/` 执行：exit code 0；随后 `find dist` 扫描嵌套 `agent-skill`、`docs/superpowers`、`tests`、Python artifacts、`__pycache__`、local bridge server 入口和 repo-local JS bridge helper 源文件无输出；`dist/manifest.json` 确认 `hasExternallyConnectable: false`。
+- 追加 JS CLI invalid port ready gate 后重新执行 `node --check tests/stackprism-bridge.test.mjs`：通过。
+- 追加 JS CLI invalid port ready gate 后重新执行 `node --test --test-timeout=60000 tests/stackprism-bridge.test.mjs`：35 tests passed，新增覆盖 `STACKPRISM_BRIDGE_PORT=''` 时只在 stderr 返回 `BRIDGE_INVALID_ENV`，stdout 为空且不包含 API token material。
+- 追加 JS CLI invalid port ready gate 后重新执行 `pnpm run test:unit`：174 tests passed。
+- 追加 JS CLI occupied port ready gate 后重新执行 `node --check tests/stackprism-bridge.test.mjs`：通过。
+- 追加 JS CLI occupied port ready gate 后重新执行 `node --test --test-timeout=60000 tests/stackprism-bridge.test.mjs`：36 tests passed，新增覆盖 `STACKPRISM_BRIDGE_PORT=<已占用端口>` 时只在 stderr 返回 `PORT_IN_USE`，stdout 为空且不包含 API token material。
+- 追加 JS CLI occupied port ready gate 后重新执行 `pnpm run test:unit`：175 tests passed。
+- 强化 Python fallback CLI ready gate 后重新执行 `node --test --test-timeout=60000 tests/stackprism_bridge_py.test.mjs`：37 tests passed，非法端口和端口占用路径均断言 stdout 为空，stderr 不包含 API token material。
+- 强化 Python fallback CLI ready gate 后重新执行 `pnpm run test:unit`：175 tests passed。
+- 追加 cross-site `/bridge` token render gate 后重新执行 `node --test --test-timeout=60000 tests/stackprism-bridge.test.mjs`：37 tests passed，真实 `bridgeUrl` 带攻击者 `Referer` 或 `Sec-Fetch-Site: cross-site` 时返回 403、body 不含 `spbt_`，且后续正常打开同 URL 仍能首次渲染 token。
+- 追加 cross-site `/bridge` token render gate 后重新执行 `node --test --test-timeout=60000 tests/stackprism_bridge_py.test.mjs`：38 tests passed，同步覆盖 Python fallback 的同一语义。
+- 追加 authority-form request target gate 时先观察到 RED：JS bridge 对 `CONNECT 127.0.0.1:{port} HTTP/1.1` 返回空响应，Python fallback 返回标准库默认 `501` HTML。修复后 JS `server.on("connect")` 和 Python `do_CONNECT` 均返回统一 JSON `400 / INVALID_REQUEST`，不进入业务 routing。
+- 追加 authority-form request target gate 后重新执行 `node --test --test-timeout=60000 tests/stackprism-bridge.test.mjs`：37 tests passed。
+- 追加 authority-form request target gate 后重新执行 `node --test --test-timeout=60000 tests/stackprism_bridge_py.test.mjs`：38 tests passed。
+- 追加 authority-form request target gate 后重新执行 `node --test --test-timeout=60000 tests/agent-bridge-complexity.test.mjs`：先复现 `http-server.mjs` 超出 300 行预算，压缩重复 raw socket JSON 响应 helper 后通过，`http-server.mjs` 为 299 行。
+- 追加 authority-form request target gate 后重新执行 `pnpm run test:unit`：177 tests passed。
+- 追加 authority-form request target gate 后重新执行 `pnpm run docs:build`、changed-file Prettier check、`git diff --check && git diff --cached --check`，均通过；生成的 `__pycache__` 已清理。
+- 追加 missing Host request-shell gate 时先观察到 RED：JS bridge 对 HTTP/1.1 缺失 `Host` 的 `/health` 请求返回 Node 默认空 `400`，缺少统一 error envelope。修复后缺失 Host 会进入 JS bridge shell validator 并返回 JSON `400 / INVALID_REQUEST`。
+- 追加 missing Host request-shell gate 后重新执行 `node --test --test-timeout=60000 tests/stackprism-bridge.test.mjs`：37 tests passed。
+- 追加 missing Host request-shell gate 后重新执行 `node --test --test-timeout=60000 tests/stackprism_bridge_py.test.mjs`：38 tests passed，确认 Python fallback 已保持同一错误语义。
+- 追加 profile redaction follow-up 时先观察到 RED：`tests/site-experience-profile.test.mjs` 新增敏感对象键名和外部 `limitations` 输入后失败，说明 profile values 已脱敏但 key/limitation 文本仍可能泄漏 `token=secret` / `authorization=Bearer secret` 这类片段。修复后对象键名会走 redaction 并加碰撞后缀，外部 limitations 也走 `redactText`。
+- 追加 profile redaction follow-up 后重新执行 `node --test --test-timeout=60000 tests/site-experience-profile.test.mjs`：16 tests passed。
+- 追加 profile redaction follow-up 后重新执行 `node --test --test-timeout=60000 tests/experience-profile-format.test.mjs tests/site-experience-profile.test.mjs`：20 tests passed。
+- 追加 profile redaction follow-up 后重新执行 `pnpm run test:unit`：178 tests passed。
+- 追加 profile transfer hash-binding follow-up 时先观察到 RED：content-side transfer handler 接受 BEGIN 宣告的错误 `sha256`，只用 COMPLETE 提供的 hash 校验实际 payload，导致 COMPLETE 阶段可以改写 BEGIN metadata 后成功提交 profile。修复后 transfer state 保存 BEGIN `sha256`，COMPLETE metadata 和实际 bytes 都必须匹配该原始 hash。
+- 追加 profile transfer hash-binding follow-up 后重新执行 `node --test --test-timeout=60000 tests/agent-bridge-handshake.test.mjs`：15 tests passed。
+- 追加 profile transfer hash-binding follow-up 后重新执行 `node --test --test-timeout=60000 tests/agent-capture-orchestration.test.mjs`：53 tests passed。
+- 追加 profile transfer BEGIN metadata gate follow-up 时先观察到 RED：content-side transfer handler 对非法 `sha256` 的 BEGIN 返回 success，并会进入 transfer state。修复后 BEGIN 阶段要求 `sha256` 是 64 位小写 hex、`chunkCount` 与 `byteLength / 384 KiB` 一致且声明大小不超过 8 MiB，非法 metadata 在缓冲 chunk 前失败为 `PROFILE_TRANSPORT_FAILED`。
+- 追加 profile transfer BEGIN metadata gate follow-up 后重新执行 `node --test --test-timeout=60000 tests/agent-bridge-handshake.test.mjs`：16 tests passed。
+- 追加 profile transfer BEGIN metadata gate follow-up 后重新执行 `node --test --test-timeout=60000 tests/agent-capture-orchestration.test.mjs`：53 tests passed。
+- 追加 request envelope strict-shape follow-up 时先观察到 RED：content-side `validateCaptureRequestEnvelope` 会接受包含额外 `bridgeToken` / `profileUrl` 的 request envelope，虽然当前 bridge server 不会正常返回这些字段，但这不符合计划中 `/request` 不得包含 token、profile body 或 callback URL 的合同。修复后 envelope validator 只接受 `captureId`、`sessionId`、`nonce`、`protocolVersion` 和 `request` 五个顶层字段，JS/Python bridge 测试也锁定 `/request` 响应只返回这五个字段。
+- 追加 request envelope strict-shape follow-up 后重新执行 `node --test --test-timeout=60000 tests/agent-bridge-handshake.test.mjs`：16 tests passed。
+- 追加 request envelope strict-shape follow-up 后重新执行 `node --test --test-timeout=60000 tests/stackprism-bridge.test.mjs tests/stackprism_bridge_py.test.mjs`：75 tests passed。
+- 追加并发 profile POST follow-up 时先观察到 RED：JS bridge 同一 capture 的两个并发 /profile POST 都返回 200，违反一次性 profile 提交语义。修复后 JS bridge 在读取 body 后进入 per-capture lock 并重新检查终态，只有一个 POST 成功，另一个返回 `409 / CAPTURE_ALREADY_COMPLETED`；Python fallback 已有锁内重检，本轮补了同口径并发回归测试。
+- 追加 completed control follow-up 时先观察到 RED：JS bridge 和 Python fallback 在 `/profile` 成功提交进入 `completed` 后，`GET /control` 仍返回 `command = "continue"`。修复后两端 completed control 均返回 `command = "cancel"` 和当前 `status = "completed"`，避免终态 capture 继续暴露运行态命令语义；`node --test --test-timeout=60000 tests/stackprism-bridge.test.mjs tests/stackprism_bridge_py.test.mjs` 通过 77 tests。
+- 追加 Python identifier fixture follow-up 后，Python fallback 测试现在复用 `tests/fixtures/bridge-protocol-identifiers.json`，对每个 documented valid/invalid `apiToken`、`bridgeToken`、`captureId`、`sessionId`、`nonce`、`profileTransferId` 和 CSP nonce 样例执行 `valid_id()` 契约校验，补齐计划要求的固定 ASCII regex/长度矩阵证据；`node --test --test-timeout=60000 tests/stackprism_bridge_py.test.mjs` 通过 40 tests。
+- 追加 browser-open invalid args/argv follow-up 后，JS/Python capture API 测试覆盖 `STACKPRISM_BROWSER_OPEN_ARGS_JSON` 的非法 JSON、非数组和非字符串元素均返回 `500 / BROWSER_OPEN_FAILED`，且 `details.reason = invalid_open_args`；直接 helper 测试使用 fake command/record file 证明带 `?`、`&`、空格、引号和 shell 元字符的 bridge URL 作为单个 argv 追加，不经过 shell 字符串拼接。
+- 追加 browser smoke token-prefix redaction follow-up 时先观察到 smoke 输出摘要中多处 token-prefix 摘要字段，会把 API token 的固定前缀写入 stdout/报告证据。修复后摘要字段改为 `apiTokenPresent: Boolean(...)`，并删除 prefix helper；新增静态契约测试防止 smoke 输出和 E2E 报告重新记录 token 前缀值。
+- 追加 public complex-site smoke follow-up 后执行 `STACKPRISM_BROWSER_SMOKE_SCENARIO=public-complex-target STACKPRISM_BROWSER_SMOKE_TARGET_URL=https://www.wikipedia.org/ STACKPRISM_BROWSER_SMOKE_CDP_PORT=9491 node tests/agent-bridge-browser-smoke.mjs`：Chrome for Testing 147.0.7727.15，加载当前 `dist`；当前 resolver 输出 `www.wikipedia.org -> 198.18.0.19`，所以该场景显式使用 `allowPrivateNetworkTarget = true`。capture 完成到 `completed / cleanup`，profile HTTP 200，schema 为 `stackprism.site_experience_profile.v1`，final URL 为 `https://www.wikipedia.org/`，visual/layout/component profile keys 非空，profile 15382 bytes，无截图 metadata、无截图 image/pixel payload、无 checked privacy leak markers，bridge stderr 为空。该证据只关闭当前 DNS-proxy 环境下的一条公网复杂站点内容捕获缺口，不替代默认 no-private-network policy 或更广 DNS/private-network live matrix。
+- 追加 incognito window bridge probe follow-up 后执行 `STACKPRISM_BROWSER_SMOKE_SCENARIO=incognito-window-bridge-probe STACKPRISM_BROWSER_SMOKE_CDP_PORT=9554 node tests/agent-bridge-browser-smoke.mjs`：Chrome for Testing 147.0.7727.15，加载当前 `dist`；测试先通过 `chrome://extensions` 启用临时 profile 的 allow-incognito，再用同一 profile 加 `--incognito` 重启并打开 bridge URL。结果仍为 `failed / EXTENSION_NOT_CONNECTED`，profile endpoint 409，target probe request count 0，bridge stderr 为空。该结果与 CDP incognito context probe 一致，说明当前自动化环境仍无法把扩展 content script 带入 incognito bridge 页；它是更强的 fail-closed 跳过证据，不是精确 `INCOGNITO_NOT_SUPPORTED` live metadata 分支通过证据。
+- 追加 result expiry bridge page follow-up 后，先把 JS/Python 单元测试中“extension connect timeout 后 `/bridge` 不渲染 token”和“completed result TTL 过期后 profile endpoint 与 `/bridge` 均返回 `CAPTURE_RESULT_EXPIRED` 且不渲染 token”拆成独立断言；`node --test --test-timeout=60000 tests/stackprism-bridge.test.mjs` 为 44 tests passed，`node --test --test-timeout=60000 tests/stackprism_bridge_py.test.mjs` 为 46 tests passed。随后执行 `STACKPRISM_BROWSER_SMOKE_SCENARIO=result-expiry-bridge-page STACKPRISM_BROWSER_SMOKE_CDP_PORT=9555 node tests/agent-bridge-browser-smoke.mjs`：Chrome for Testing 147.0.7727.15，加载当前 `dist`；真实 fixture capture 完成并返回 profile HTTP 200 后，测试推进 in-process JS bridge clock 超过 `resultExpiresAt`，profile endpoint 返回 `410 / CAPTURE_RESULT_EXPIRED`，原 `/bridge` URL 返回 410、包含 `CAPTURE_RESULT_EXPIRED` 且不含 bridge token material。
+- 追加 bridge self-target smoke follow-up 后执行 `STACKPRISM_BROWSER_SMOKE_SCENARIO=bridge-self-target-blocked STACKPRISM_BROWSER_SMOKE_CDP_PORT=9556 node tests/agent-bridge-browser-smoke.mjs`：真实 JS bridge 进程启动成功；以当前 bridge origin 作为 capture 初始 URL 返回 `400 / BRIDGE_SELF_TARGET_BLOCKED`，将 host 替换为 `localhost` 的 loopback alias 同样返回 `400 / BRIDGE_SELF_TARGET_BLOCKED`，`/health.activeCaptures` 保持 0，bridge stderr 为空。
+- 追加 active-tab unavailable smoke follow-up 后执行 `STACKPRISM_BROWSER_SMOKE_SCENARIO=active-tab-unavailable STACKPRISM_BROWSER_SMOKE_CDP_PORT=9557 node tests/agent-bridge-browser-smoke.mjs`：Chrome for Testing 147.0.7727.15，加载当前 `dist`；新鲜 profile 中没有上一张可检测 active tab 记录时，bridge 页面仍握手到 ready，但 capture 失败为 `ACTIVE_TAB_UNAVAILABLE`，profile endpoint 返回 409，target probe request count 为 0，且没有打开目标 URL tab。
+- 追加 active-tab unavailable smoke/report follow-up 后重新执行 `pnpm run lint`：通过。
+- 追加 active-tab unavailable smoke/report follow-up 后重新执行 `pnpm run typecheck`：通过，包含 `vue-tsc --noEmit` 和生产构建，重新生成 injected IIFE 与 `dist/manifest.json`。
+- 追加 active-tab unavailable smoke/report follow-up 后重新执行 `node --test --test-timeout=60000 tests/agent-bridge-browser-smoke-output.test.mjs`：9 tests passed。
+- 追加 active-tab unavailable smoke/report follow-up 后重新执行 `pnpm run test:unit`：207 tests passed。
+- 追加 request-shell-rejections smoke follow-up 后执行 `STACKPRISM_BROWSER_SMOKE_SCENARIO=request-shell-rejections STACKPRISM_BROWSER_SMOKE_CDP_PORT=9560 node tests/agent-bridge-browser-smoke.mjs`：真实 JS bridge 拒绝 19 类原始 request-shell / ambiguous header 请求，包含 missing Host、duplicate Host、absolute-form、authority-form、encoded slash path、encoded backslash path、dot segment path、empty segment path、unexpected `/health` query、duplicate `/bridge` query、duplicate Authorization、duplicate Content-Type、Content-Length plus Transfer-Encoding、duplicate Content-Length、invalid Content-Length、chunked body、unsupported Transfer-Encoding、unsupported Content-Encoding 和 unsupported charset；duplicate bridge query 响应不泄漏 bridge-token material，target request count 0，拒绝后 `/health` 恢复 200，cleanup DELETE 200，bridge stderr 为空。
+- 追加 keep-alive idle smoke/report follow-up 后重新执行 `node --test --test-timeout=60000 tests/agent-bridge-browser-smoke-output.test.mjs`：12 tests passed。
+- 追加 keep-alive idle smoke/report follow-up 后重新执行 `pnpm run test:unit`：208 tests passed。
+- 追加 rate-limit smoke/report follow-up 后重新执行 `node --test --test-timeout=60000 tests/agent-bridge-browser-smoke-output.test.mjs`：13 tests passed。
+- 追加 rate-limit smoke/report follow-up 后重新执行 `pnpm run lint`：通过。
+- 追加 rate-limit smoke/report follow-up 后重新执行 `pnpm run typecheck`：通过，包含 `vue-tsc --noEmit` 和生产构建，重新生成 injected IIFE 与 `dist/manifest.json`。
+- 追加 target-url-validation smoke/report follow-up 后重新执行 `node --test --test-timeout=60000 tests/agent-bridge-browser-smoke-output.test.mjs`：14 tests passed。
+- 追加 target-url-validation smoke/report follow-up 后重新执行 `pnpm run test:unit`：210 tests passed。
+- 追加 JS/Python profile endpoint rate-limit 单元覆盖后重新执行 `node --test tests/stackprism-bridge.test.mjs tests/stackprism_bridge_py.test.mjs`：92 tests passed。
+- 追加 JS/Python profile endpoint rate-limit 单元覆盖后重新执行 `pnpm run test:unit`：212 tests passed。
+- 追加 content client incognito context fail-closed follow-up 后先执行 RED：`node --test --test-timeout=60000 tests/agent-bridge-handshake.test.mjs` 失败于新增用例，实际错误码为 `PROFILE_TRANSPORT_FAILED`，证明当前 client 仍先请求 `/request`。修复后同一命令通过 18 tests，新增断言 `chrome.extension.inIncognitoContext === true` 时只向 bridge POST `failed / INCOGNITO_NOT_SUPPORTED`，不读取 `/request`，不注册 runtime status listener，不发送 `AGENT_BRIDGE_HELLO` 或 `START_AGENT_CAPTURE`。
+- 追加 content client incognito context fail-closed follow-up 后重新执行 `pnpm run test:unit`：213 tests passed。
+- 追加 content client incognito context fail-closed follow-up 后重新执行 `pnpm run lint`：通过。
+- 追加 content client incognito context fail-closed follow-up 后重新执行 `pnpm run typecheck`：通过，包含 `vue-tsc --noEmit` 和生产构建，重新生成 injected IIFE 与 `dist/manifest.json`。
+- 追加 content client incognito context fail-closed follow-up 后重新执行 `STACKPRISM_BROWSER_SMOKE_SCENARIO=incognito-window-bridge-probe STACKPRISM_BROWSER_SMOKE_CDP_PORT=9612 node tests/agent-bridge-browser-smoke.mjs`：Chrome for Testing 147.0.7727.15，加载当前 `dist`；临时 profile 的 allow-incognito 已启用，但 `--incognito` 窗口仍未连接扩展 content script，结果为 `failed / EXTENSION_NOT_CONNECTED`，profile endpoint 409，target probe request count 0，bridge stderr 为空。该结果继续作为自动化环境 fail-closed skip 证据；精确 content client 无痕分支由单元测试覆盖。
+- 追加 JS/Python profile endpoint rate-limit 单元覆盖后重新执行 `git diff --check -- tests/stackprism-bridge.test.mjs tests/stackprism_bridge_py.test.mjs`：通过。
+- 追加 repo hygiene follow-up 后执行 `find agent-skill docs src tests build-scripts public \( -name __pycache__ -o -name '*.pyc' -o -name '*.pyo' -o -name .DS_Store \) -print`：无输出，确认当前仓库工作路径下没有 Python 字节码缓存、`__pycache__` 或 macOS 缓存残留。
+- 追加 docs asset follow-up 后执行 `cmp -s public/icons/icon.svg docs/public/icon.svg`：退出码 0；`git check-ignore -v docs/public/icon.svg` 显示该文件由 `.gitignore` 第 8 行忽略。`docs/public/icon.svg` 是 `pnpm run docs:assets` 从 `public/icons/icon.svg` 同步生成的 VitePress 静态资源，不是未清理缓存。
+- 追加 `sync-docs-assets` ASCII follow-up 后将 `build-scripts/sync-docs-assets.mjs` 的同步日志从 Unicode 箭头改为 ASCII `->`，并重新执行 `node --check build-scripts/sync-docs-assets.mjs`、`pnpm run docs:assets`、`pnpm exec prettier --check build-scripts/sync-docs-assets.mjs` 和 `git diff --check -- build-scripts/sync-docs-assets.mjs`：均通过；`docs:assets` 输出 `synced public/icons/icon.svg -> docs/public/icon.svg`。
+- 执行本计划实现时重新运行 `pnpm run test:unit`：首次失败于 `tests/agent-bridge-browser-smoke-output.test.mjs` 中仍断言旧的 `48 个 unstaged 文件`，而当前 `git diff --name-only | wc -l` 为 49；修正该静态契约后，`node --test --test-timeout=60000 tests/agent-bridge-browser-smoke-output.test.mjs` 为 14 tests passed，随后完整 `pnpm run test:unit` 为 212 tests passed。
+- 执行本计划实现时重新运行 `pnpm run lint`：通过；重新运行 `pnpm run typecheck`：通过，包含 `vue-tsc --noEmit` 和 `pnpm build`，生产构建重新生成 injected IIFE 与 `dist/manifest.json`；重新运行 `pnpm run docs:build`：通过，`docs:assets` 输出 `synced public/icons/icon.svg -> docs/public/icon.svg`。
+- 执行本计划实现时重新运行 JS/Python bridge 专项语法检查：`node --check agent-skill/stackprism-site-experience/scripts/stackprism-bridge.mjs && for f in agent-skill/stackprism-site-experience/scripts/bridge/*.mjs; do node --check "$f"; done` 通过；`python3 -m py_compile agent-skill/stackprism-site-experience/scripts/stackprism_bridge.py agent-skill/stackprism-site-experience/scripts/stackprism_bridge_lib/*.py && python3 -m compileall -q agent-skill/stackprism-site-experience/scripts/stackprism_bridge_lib` 通过，随后已清理生成的 Python 缓存。
+- 执行本计划实现时重新运行聚焦 Agent Bridge 测试：`node --test --test-timeout=60000 tests/stackprism-bridge.test.mjs tests/stackprism_bridge_py.test.mjs tests/agent-capture-orchestration.test.mjs tests/agent-bridge-handshake.test.mjs tests/site-experience-profile.test.mjs tests/experience-profile-format.test.mjs`：182 tests passed。
+- 执行本计划实现时重新运行 release/manifest hygiene 测试：`node --test --test-timeout=60000 tests/release-workflow.test.mjs tests/agent-bridge-manifest.test.mjs`：9 tests passed。`dist/manifest.json` 检查确认 `hasExternallyConnectable: false`；`web_accessible_resources` 仅包含普通规则/observer 资源和 `http://127.0.0.1/*` loopback bridge chunks；`find dist ...` 扫描无 agent-only、test、Python、`__pycache__`、local bridge server 入口或 repo-local JS bridge helper 源文件产物。
+- 执行本计划实现时重新运行 repo/file hygiene：清理 `agent-skill docs src tests build-scripts public` 下 Python compile 缓存后，`find agent-skill docs src tests build-scripts public \( -name __pycache__ -o -name '*.pyc' -o -name '*.pyo' -o -name .DS_Store \) -print` 无输出；`cmp -s public/icons/icon.svg docs/public/icon.svg` 退出码 0；`git check-ignore -v docs/public/icon.svg` 仍显示 `.gitignore:8` 忽略该 docs 静态同步产物。
+- 执行本计划实现时曾尝试旧默认 `STACKPRISM_BROWSER_SMOKE_CDP_PORT=9601 node tests/agent-bridge-browser-smoke.mjs`：失败于 `Example capture creation failed.`。该旧默认场景使用 `https://example.com`，当前环境此前已记录该目标可能被解析到 `198.18.*` 并在创建阶段 fail closed；后续默认 smoke 已切换为 fixture-backed local capture，该旧失败只作为历史环境问题记录。
+- 执行本计划实现时重新运行关键 Chrome smoke：`STACKPRISM_BROWSER_SMOKE_SCENARIO=tech-only STACKPRISM_BROWSER_SMOKE_CDP_PORT=9602 node tests/agent-bridge-browser-smoke.mjs` 通过，Chrome for Testing 147.0.7727.15 加载当前 `dist`，profile endpoint HTTP 200，schema 为 `stackprism.site_experience_profile.v1`，6 个未请求 section 均为空并带 `section_not_requested` limitation，bridge stderr 为空。
+- 执行本计划实现时重新运行 target policy/lifecycle Chrome smoke：`private-target-blocked` on CDP 9603 返回 `400 / PRIVATE_NETWORK_TARGET_BLOCKED` 且 target request count 为 0；`final-url-blocked` on CDP 9604 返回 `failed / FINAL_URL_BLOCKED`、profile 409、owned target tab 不可见；`cleared-storage-session` on CDP 9605 返回 `failed / BRIDGE_TRANSPORT_DISCONNECTED`、profile 409、owned target tab 不可见。
+- 执行本计划实现时重新运行 opt-in/resource Chrome smoke：`local-opt-in-disabled` on CDP 9606 返回 `failed / AGENT_BRIDGE_DISABLED`、profile 409、owned target tab 不可见；`rate-limit` on CDP 9607 证明默认 create limit 第 11 次返回 `429 / RATE_LIMITED`，同一 capture 120 次 status read 后第 121 次返回 `429 / RATE_LIMITED`，target request count 为 0，cleanup DELETE 200；`resource-timeouts` on CDP 9608 证明慢 header 约 5 秒返回 `408 Request Timeout`、慢 body 约 10 秒返回 `408 Request Timeout`、keep-alive idle 被关闭，后续 `/health` 均恢复 200，`activeCapturesAfterSlowBody = 0`。
+- 执行本轮剩余本地验证矩阵时重新运行基础门禁：`pnpm run typecheck` 通过，覆盖 `vue-tsc --noEmit` 和 `pnpm build` 并刷新 `dist/manifest.json`；`pnpm run lint` 通过；`pnpm run docs:build` 通过，`docs:assets` 输出 `synced public/icons/icon.svg -> docs/public/icon.svg`；`pnpm run test:unit` 通过，213 tests passed；`node --test --test-timeout=60000 tests/release-workflow.test.mjs tests/agent-bridge-manifest.test.mjs tests/agent-bridge-browser-smoke-output.test.mjs` 通过，23 tests passed；`node --check tests/agent-bridge-browser-smoke.mjs && node --check tests/helpers/agent-bridge-browser-smoke-harness.mjs` 通过。
+- 执行本轮剩余 Chrome smoke 矩阵时在端口 9620 到 9646 顺序运行 27 个场景。首轮 26 个符合预期：browser disable/reload 为 `BRIDGE_TRANSPORT_DISCONNECTED`，service-worker idle wake `completed`，incognito 两条 probe 均 `EXTENSION_NOT_CONNECTED` 且 target request count 0，private/DNS/final URL 策略、target URL validation、target navigation/load failure/load timeout、host validation、response headers/CORS、request-shell rejections、connection pressure、resource timeouts、rate-limit/profile-rate-limit、sequential capture pressure 和 result-expiry bridge page 均按既定断言通过。唯一失败是 `expired-deadline-reconciliation` 旧夹具期望 `CAPTURE_TIMEOUT`，但实际在 `target_opening` 返回 `TARGET_LOAD_TIMEOUT`；按实现契约修正为等待 `target_loaded` 后，端口 9648 单独 rerun 通过并返回 `CAPTURE_TIMEOUT`。
+- 执行运行中 service worker idle best-effort 探针时，第一次一次性 Node 脚本观测到 75 秒后 service worker 仍可见、最终 `TARGET_LOAD_TIMEOUT` 且 target 清理，但 cleanup 脚本自身报错退出 1，不作为成功验证。修正 cleanup 后在端口 9650 重跑，命令退出 0：Chrome for Testing 147.0.7727.15，`workerStillVisibleAfter75s = true`，final status `failed / TARGET_LOAD_TIMEOUT`，target 不可见，bridge stderr 为空。该结果说明当前本机 Chrome 仍未自然触发运行中 idle eviction；可记录 fail-closed 清理证据，但不能把 running idle eviction live 标记为完成。
+- 2026-05-26 收尾时执行上游同步：`git fetch upstream` 成功更新到 `f0cc39a`，`git rebase upstream/main` 成功；`git fetch origin` 失败于 `LibreSSL SSL_connect: SSL_ERROR_SYSCALL`，因此 push 前需要重新拉取 origin。rebase 前用 `git stash push -u` 暂存本地改动，rebase 后 `git stash apply stash@{0}` 无冲突恢复。
+- 2026-05-26 rebase 后补充两个回归契约：background 在 `chrome.webRequest.onResponseStarted` 不存在时 network observer 保持 inactive；JS bridge 与 Python fallback 对浏览器上报的 `targetNetworkAddress` 要求 IP 字面量，`example.com` 这类非 IP 字符串按 `INVALID_REQUEST / invalid_network_address` fail closed。随后 `pnpm run test:unit` 通过，219 tests passed；`pnpm run lint` 通过；`pnpm run typecheck` 通过，覆盖 `vue-tsc --noEmit` 与 `pnpm build`；changed-file Prettier check、JS/Python 语法检查、`pnpm run docs:build`、`git diff --check` 和 `git diff --cached --check` 均通过。
+- 2026-05-26 本轮接手后补齐 profile language/UX 字段契约、默认 browser smoke fixture-backed 成功路径契约、计划当前状态覆盖层、Task 10 状态矩阵、`docs/dev/agent-bridge.md` profile schema / Browser Smoke / Live Gate 口径和 repo-local skill schema reference。随后 `node --test --test-timeout=60000 tests/site-experience-profile.test.mjs tests/experience-profile-format.test.mjs` 通过，21 tests passed；`node --test --test-timeout=60000 tests/agent-bridge-browser-smoke-output.test.mjs` 通过，16 tests passed；`node --check tests/agent-bridge-browser-smoke.mjs` 通过。最终主线门禁结果见下方收尾验证记录。真实默认 Chrome smoke `STACKPRISM_BROWSER_SMOKE_CDP_PORT=9661 node tests/agent-bridge-browser-smoke.mjs` 退出 0 时，Chrome for Testing 147.0.7727.15 加载当前 `dist`，默认 fixture target `completed / cleanup`，profile schema 为 `stackprism.site_experience_profile.v1`，extensionVersion 为 `1.3.73`，screenshot payload absent，privacy leak marker absent，bridge stderr 为空。
+- 2026-05-26 状态矩阵收口后执行主线验证：`pnpm run test:unit` 通过，222 tests passed；`pnpm run lint` 通过；`pnpm run typecheck` 通过，覆盖 `vue-tsc --noEmit` 与 `pnpm build` 并刷新 `dist/manifest.json`；`pnpm run docs:build` 通过；changed-file Prettier check 和 `git diff --check` 通过；release `dist` 卫生扫描未发现 repo-local skill、本地 bridge helper、Python fallback、测试目录或 Python 缓存；默认 Chrome smoke `STACKPRISM_BROWSER_SMOKE_CDP_PORT=9661 node tests/agent-bridge-browser-smoke.mjs` 退出 0，Chrome for Testing 147.0.7727.15 加载当前 `dist`，默认 target 是 local fixture `http://127.0.0.1:<fixture-port>/fixture?token=secret#frag`，capture `completed / cleanup`，profile HTTP 200，schema 为 `stackprism.site_experience_profile.v1`，extensionVersion 为 `1.3.73`，profile size 4697 bytes，screenshot metadata/payload absent，privacy leak marker absent，bridge stderr 为空。
+- 2026-05-26 收尾清理扫描确认未发现 `.DS_Store`、日志、tmp 或构建产物残留；Python 语法检查生成的 repo-local `__pycache__` 属于临时缓存，已在最终验证后清理并复查无输出。
+- 2026-05-27 围绕“AI Agent 快速复刻网站体验”的目标补强 profile 消费层：`agentGuidance.recreationPlan` 现在输出 `implementationOrder`、`designTokens`、`layoutBlueprint`、`componentInventory`、`interactionChecklist`、`uxChecklist`、`assetHints` 和 `verificationChecklist`，并只引用已脱敏 profile 内容。`src/utils/site-experience-profile.ts` 拆出 `src/utils/site-experience-profile-sections.ts` 后从 300 行降到 118 行，新 helper 211 行，`src/utils/site-experience-guidance.ts` 当前 163 行，均低于仓库 300 行文件预算。repo-local skill、schema reference、`docs/dev/agent-bridge.md` 和计划文档已同步说明 Agent 应先读取 `agentGuidance.recreationPlan`。实现过程中默认 browser smoke 两次先暴露命名问题：`rectMetadataIncluded` 和 `layoutBlueprint.aboveFold` 会让未请求截图 metadata 的哨兵误判为 metadata present；修复后改为 `geometryIncluded` 和 `firstViewportSummary`，且 `geometryIncluded` 当前同时识别 `rect`、`boundingBox` 和 `bounds`，保持真实 `layoutProfile.aboveFold` 仍只在 `captureScreenshotMetadata = true` 时出现。
+- 2026-05-27 本轮复刻计划补强后执行验证：`node --test --test-timeout=120000 tests/site-experience-profile.test.mjs` 通过，17 tests passed；`node --test --test-timeout=120000 tests/stackprism-bridge.test.mjs tests/stackprism_bridge_py.test.mjs` 通过，98 tests passed；`pnpm run test:unit` 通过，225 tests passed；`pnpm run lint` 通过；`pnpm run typecheck` 通过，覆盖 `vue-tsc --noEmit` 与 `pnpm build` 并刷新 `dist/manifest.json`；`pnpm run docs:build` 通过；`git diff --check` 通过；`find dist -maxdepth 3 ...` 发布产物快速扫描无输出，未发现 agent-only、test、Python、`__pycache__`、local bridge server 入口或 repo-local JS bridge helper 源文件产物。默认 Chrome smoke `STACKPRISM_BROWSER_SMOKE_CDP_PORT=9661 node tests/agent-bridge-browser-smoke.mjs` 最终退出 0，Chrome for Testing 147.0.7727.15 加载当前 `dist`，默认 local fixture capture `completed / cleanup`，profile HTTP 200，schema 为 `stackprism.site_experience_profile.v1`，extensionVersion 为 `1.3.73`，profile size 7577 bytes，未请求截图 metadata 时 `screenshotMetadataPresent = false`，请求 metadata 时 `screenshotMetadataPresent = true`，screenshot payload absent，privacy leak marker absent，large profile 估算 2 chunks，bridge stderr 为空。
+- 2026-05-27 bridge 页面体验与可选截图 follow-up：JS bridge 和 Python fallback 的 `/bridge` 页面从纯文本状态改为带阶段进度、边界说明和终态反馈的本机状态面板，仍保留 no-store/no-referrer/CSP nonce 和一次性 `bridgeToken` JSON config 边界。profile 增加显式 `options.captureScreenshot` 能力，默认仍不输出截图；仅当 `captureScreenshot = true` 且 `include` 包含 `visual` 时，扩展尝试用 `chrome.tabs.captureVisibleTab` 输出 `visualProfile.screenshot.dataUrl`，供支持图像输入的 Agent 可选使用。截图捕获失败或过大只记录 limitation，不伪造成成功；Skill、开发文档和计划文档已同步说明该字段未做逐像素脱敏，不应用于登录态或私密页面。
+- 2026-05-27 bridge 页面与截图 follow-up 后重新验证：`node --test --test-timeout=120000 tests/agent-capture-orchestration.test.mjs tests/site-experience-profile.test.mjs tests/stackprism-bridge.test.mjs tests/stackprism_bridge_py.test.mjs` 通过，173 tests passed；`node --test --test-timeout=120000 tests/agent-bridge-browser-smoke-output.test.mjs` 通过，16 tests passed；`node --check tests/agent-bridge-browser-smoke.mjs` 通过；`pnpm run lint` 通过；`pnpm run typecheck` 通过，覆盖 `vue-tsc --noEmit` 与 `pnpm build` 并刷新 `dist/manifest.json`；`pnpm run test:unit` 通过，228 tests passed；`pnpm run docs:build` 通过；`git diff --check` 通过。新增 browser smoke 场景 `STACKPRISM_BROWSER_SMOKE_SCENARIO=visual-screenshot` 用于显式验证真实 Chrome 截图请求路径：若 `captureVisibleTab` 返回 JPEG data URL，则校验 `visualProfile.screenshot`；若 Chrome 返回 image readback failure，则必须记录 `screenshot_capture_failed` limitation 且不得伪造截图。2026-05-28 复验时 Chrome for Testing 147.0.7727.15 在该场景下返回真实 JPEG payload：`visualProfile.screenshot.dataUrl` present，`mimeType = image/jpeg`，`byteLength = 99111`，`agentGuidance.recreationPlan.visualReference.screenshotIncluded = true`；默认 browser smoke 仍断言未请求时没有 screenshot payload。
+- 2026-05-28 completed profile TTL cleanup follow-up：复核发现 JS bridge 和 Python fallback 的 completed profile 过期原本依赖后续请求触发 lazy prune；若 bridge 进程完成截图 profile 后持续空闲，内存中的 screenshot data URL 可能超过结果 TTL 才在下一次请求时清理。JS `CaptureStore` 与 Python fallback 现已增加 per-capture result expiry timer，完成 profile 后主动按 TTL 清理，并在 prune/clear 路径取消 timer；截图仍只保存在 bridge 进程内存中，不写入磁盘。验证：`node --test --test-timeout=120000 tests/stackprism-bridge.test.mjs tests/stackprism_bridge_py.test.mjs` 通过，101 tests passed；`node --check agent-skill/stackprism-site-experience/scripts/bridge/capture-store.mjs && python3 -m py_compile agent-skill/stackprism-site-experience/scripts/stackprism_bridge_lib/capture_store.py` 通过；`pnpm run test:unit` 通过，230 tests passed；`git diff --check` 通过。
+- 2026-05-28 bridge screenshot preview follow-up：复核发现 `/bridge` 页面下载文件名固定 `.jpg`，且 status preview 会信任 profile 中的 screenshot `mimeType` 字段；虽然当前扩展只生成 JPEG，这与 bridge preview 接受 `jpeg/png/webp` data URL 的边界不完全一致。JS bridge 和 Python fallback 现按 data URL 前缀归一化 preview `mimeType`，下载文件名也按 `image/jpeg`、`image/png`、`image/webp` 选择 `jpg`、`png`、`webp` 后缀。验证：`node --test --test-timeout=120000 tests/stackprism-bridge.test.mjs tests/stackprism_bridge_py.test.mjs` 通过，103 tests passed；`node --check agent-skill/stackprism-site-experience/scripts/bridge/http-handlers.mjs && node --check agent-skill/stackprism-site-experience/scripts/bridge/bridge-page.mjs && python3 -m py_compile agent-skill/stackprism-site-experience/scripts/stackprism_bridge_lib/status.py agent-skill/stackprism-site-experience/scripts/stackprism_bridge_lib/bridge_page.py` 通过；`pnpm run test:unit` 通过，232 tests passed；`pnpm run docs:build` 通过；`git diff --check` 通过。
+- 2026-05-28 optional screenshot cancellation follow-up：复核发现 `captureVisibleTab` 可在重试和 tab 激活期间等待数秒；若用户在该 await 期间取消 capture，runner 可能用旧的 running state 继续写回 `posting_profile`。扩展端现在在截图 await 后、构建 profile 和写 transfer deadline 前重新读取 capture state；若状态已取消、失败或被清理，直接停止，不再发送 profile transfer。验证：`node --test --test-timeout=120000 tests/agent-capture-orchestration.test.mjs` 通过，57 tests passed；`pnpm run test:unit` 通过，233 tests passed。
+
+## Current Status
+
+可以认为 Agent Bridge 已具备面向 AI Agent 快速复刻网站体验的本机可交付实现：本机 JS/Python bridge、扩展 handshake、capture orchestration、profile transfer、隐私脱敏、用户 opt-in、`agentGuidance.recreationPlan` 复刻执行计划、repo-local skill、文档和发布边界均已落地，并经自动化和 Chrome smoke 验证。
+
+不能认为 `2026-05-21-stackprism-agent-bridge-plan.md` 全量完成。需要补齐或正式降级的主要缺口是 Task 10 中仍未 live 证明的 Chrome Web Store / Edge Add-ons update rollout、运行中 idle-driven service worker eviction、精确 incognito `INCOGNITO_NOT_SUPPORTED` live 浏览器元数据路径、更广长时间/资源耗尽矩阵、更广 DNS/private-network live matrix 和外部商店审核接受状态；当前新增的 `198.18.0.12` resolver rewrite smoke、DNS lookup failed smoke、特殊用途地址离线 parity fixtures、bridge self-target smoke、active-tab unavailable smoke、final private URL smoke、final DNS policy smoke、final DNS lookup failed smoke、target navigated away smoke、target load failed/timeout smoke、bridge iframe embedding smoke、response headers/CORS live smoke、connection pressure smoke、resource timeouts smoke、service worker idle wake smoke、browser-managed unpacked reload smoke、incognito bridge probe、incognito window bridge probe、sequential capture pressure smoke、result expiry bridge page smoke、修正后的 expired deadline reconciliation smoke 和显式 private-network override 的 `www.wikipedia.org` public complex-site smoke 只是收窄 DNS/private-network policy、bridge-origin 初始目标拒绝、active-tab 缺失 fail-closed、目标页漂移/失败、已加载目标 deadline reconciliation、bridge 页面嵌入防护、HTTP 安全响应头/CORS 拒绝、HTTP 连接压力/超时、service worker idle 后唤醒、浏览器管理页 reload、无痕自动化跳过边界、连续 capture 清理、completed result TTL 过期后的 profile/bridge token suppression，以及当前 DNS-proxy 环境下公网复杂页内容捕获风险点。运行中 idle 探针两次未能触发自然 worker eviction，最新端口 9650 仍显示 worker 75 秒后可见且最终 `TARGET_LOAD_TIMEOUT` fail closed；两条 incognito probe 仍未能触发扩展侧无痕元数据拒绝 live 分支，content client 已有 `chrome.extension.inIncognitoContext` 单元契约，但 live 缺口仍保留。商店披露确认已纳入 release workflow 硬门禁，但不是外部商店审核通过的证明。
+
+历史交接基线状态：工作区干净，本分支当时已推送到 `origin/codex/agent-bridge-implementation`，HEAD `4191cad` 与远端一致。此行只记录接手前基线，不表示当前 HEAD 或远端同步状态；本轮后续优化改动必须通过当次 `git status --short --branch`、`git diff --name-only`、测试和构建结果复核，不把历史 staged/unstaged 计数或历史 HEAD 当作当前事实。
diff --git a/docs/reviews/CR-AGENT-BRIDGE-E2E-2026-05-22.md b/docs/reviews/CR-AGENT-BRIDGE-E2E-2026-05-22.md
new file mode 100644
index 00000000..0c13d628
--- /dev/null
+++ b/docs/reviews/CR-AGENT-BRIDGE-E2E-2026-05-22.md
@@ -0,0 +1,260 @@
+# CR-AGENT-BRIDGE-E2E-2026-05-22
+
+## Scope
+
+This report records the current Agent Bridge verification state for the work driven by `docs/superpowers/plans/2026-05-21-stackprism-agent-bridge-plan.md`.
+
+Current implemented slice:
+
+- Extension-side protocol types, local opt-in, bridge content script handshake, profile transfer, profile builder, experience profiler, background capture orchestration, active-tab tracking, and fail-closed cleanup paths.
+- JavaScript loopback bridge: ready JSON, `/health`, `POST /v1/captures`, one-time `/bridge` token render, cross-site `/bridge` render rejection before token claim, terminal/expired bridge page no-token responses, hostile bridge-page query/fragment and terminal error-message non-reflection, failed status error payload redaction, failed status unknown error-code rejection, request/profile/status/control endpoints, bearer profile reads, completed control stop command, status sequence/phase monotonicity, cancellation terminalization, cross-origin/preflight rejection, DNS/private-target policy, localhost alias self-target blocking, final URL blocking, repeated/oversized profile rejection, concurrent profile POST serialization, API rate limiting, resource timeout configuration, browser-open failure reporting, bridge page config identity checks, and strict request-shell rejection including absolute-form and `CONNECT` authority-form targets.
+- Python fallback bridge: matching basic HTTP/API behavior, documented identifier fixture validation, failed status error payload redaction, failed status unknown error-code rejection, DNS/private/self-target policy including localhost alias blocking, final URL blocking, repeated/oversized profile rejection, concurrent profile POST serialization, completed control stop command, stale status rejection, cancellation terminalization, bounded DNS timeout, bridge page CSP/script-safe config, one-time `/bridge` token render, cross-site `/bridge` render rejection before token claim, terminal/expired bridge page no-token responses, hostile bridge-page query/fragment plus terminal error-message non-reflection, bridge page config identity checks, open-browser validation including invalid args and single-argv bridge URL handling, and strict request-shell rejection including absolute-form and `CONNECT` authority-form targets.
+- Repo-local skill package, developer/user privacy documentation, release hygiene checks, and detection-flow documentation for the Agent Bridge capture path.
+
+This report is no longer a middle-state ledger. The current worktree has automated unit coverage plus Chrome for Testing browser smoke for the primary extension to bridge page to background capture to profile endpoint path. The current live-browser pass evidence covers the local complex fixture at `tests/fixtures/site-experience-fixture.html`, a separate public complex-site capture for `https://www.wikipedia.org/` in this DNS-proxy environment with explicit private-network override, default smoke success path is fixture-backed via the local complex fixture, local-only opt-in enforcement when legacy sync data says enabled, custom browser-open command handoff, large-profile multi-chunk transfer, target tab closure, bridge tab closure, Agent-initiated cancellation of a running capture, forced service worker target termination, service worker idle eviction before capture start followed by bridge-page wake and successful capture, extension reload interruption cleanup, browser-managed unpacked extension reload through `chrome://extensions`, a separate destructive `chrome.storage.session.clear()` plus reload fail-closed scenario, a separate running-capture local opt-in disable fail-closed scenario, a separate incognito bridge probe that fails closed without fetching the target or returning a fake profile in this CDP environment, a separate initial private target block smoke, a separate DNS resolver benchmark-address block smoke, a separate running-capture `CAPTURE_BUSY` concurrency smoke, a default active-connection pressure smoke, and a default slow header/body timeout smoke. The 2026-05-25 evidence still supersedes earlier `https://example.com` default-target wording because this environment resolved it to `198.18.1.69` and fail-closed at creation; the 2026-05-26 public complex-site pass is tracked as a separate scenario, not as proof that the default no-private-network policy accepts resolver-rewritten public hostnames.
+
+## Current Verification
+
+| Command                                                                                                                                                                                                   | Exit | Result                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        |
+| --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---: | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| `pnpm run test:unit`                                                                                                                                                                                      |    0 | Fresh rerun on 2026-06-01 after Agent Bridge release disclosure gate hardening; 248 tests passed, 0 failed. Coverage includes optional screenshot cancellation during pending captureVisibleTab without profile transfer resurrection, bridge handshake, content client zero-side-effect exit on non-bridge loopback pages, content client incognito extension-context rejection with `INCOGNITO_NOT_SUPPORTED` before loading `/request` or sending `AGENT_BRIDGE_HELLO` / `START_AGENT_CAPTURE`, content client request envelope mismatch handling with `BRIDGE_REQUEST_MISMATCH` before any `AGENT_BRIDGE_HELLO` or `START_AGENT_CAPTURE` runtime message, content client request GET with Bearer auth and status POST with Bearer auth plus JSON content type, START_AGENT_CAPTURE rejection for `bridgeToken`、callback URL and profile wrapper before target resolution or capture-state creation, opt-in, strict capture request validation, no-token storage, profile chunk transfer, active-tab mode, new-tab mode, target load wait, cancellation cleanup, target tab close, target navigation-away, target main-frame load failure, sanitized target injection failure details, service worker restart fail-closed notification, extension lifecycle wake fail-closed recovery, bridge tab closure cleanup, cleared storage-session recovery no-op behavior, start-time local opt-in recheck before target resolution, running local opt-in disable cleanup before badge refresh can delay it, owned target cleanup failure observability without capture-state leakage, state removal failure logging without bridge-session leakage, incognito bridge URLs rejected before ordinary detection-cache reads, registered bridge API tabs rejected before ordinary runtime/popup/background detection access, bridge API webRequest/webNavigation skips bound to bridge tab or registered bridge session origin, ordinary local `/v1/captures/*` requests still preserving header/log evidence, ordinary local `/bridge` routes remaining detectable, report formatting, detector settings local fallback with sanitized warning details, manifest permissions/content-script/WAR contract, release workflow blocking agent-only JS bridge helper source files from `dist` artifacts and requiring Agent Bridge disclosure confirmation before packaging, JS bridge policy, Python fallback policy, JS/Python failed status error payload redaction and unknown-code rejection, JS/Python SIGTERM listener closure, Agent Bridge helper 300-line budget, Agent Bridge session storage access level not widened to untrusted contexts, hello storageSession missing diagnostics, required capabilities missing fail-closed before target resolution, raw request target dot/empty/query rejection plus wrong host/port, IPv6 host, encoded slash/backslash, duplicate bridge query, duplicate sensitive headers, unsupported transfer/content encoding and invalid content length rejection, status/request/control/profile JSON no-store/nosniff headers, profile no-referrer headers, Python preflight `Allow` header parity with JS, `/bridge` no-store/no-referrer/nosniff/COOP/Permissions-Policy headers, CSP without `unsafe-inline`, matching script/style nonce, frame-ancestors/base-uri/form-action restrictions, profiler option injection, request body failure behavior, JS/Python slow body/header timeout behavior, configured active connection limit rejection, terminal DELETE rejection for `completed`/`failed`/`cancelled`/`expired`, hostile query/fragment and terminal error-message non-reflection on bridge pages, Python DNS timeout bounds, terminal/expired bridge page token suppression, terminal profile POST semantics, active completed-profile result TTL cleanup without a later request in JS/Python bridge stores, screenshot preview MIME normalization and download-extension selection in JS/Python bridge pages, JS/Python unit coverage proving authenticated `/profile` GET uses the same query rate-limit bucket as status reads, `executeScriptResult` truncation evidence, background error log redaction including polluted `Error.name` cleanup warnings, positive/negative `captureScreenshotMetadata` behavior, bridge/target tab incognito metadata rejection, embedded text/CSS URL query/hash redaction, profile language and first-order UX field preservation, `agentGuidance.recreationPlan` redaction and recreation-plan contracts, cross-platform browser opener command resolution, bridge page screenshot modal focus-trap and Settings confirmation focus-return contracts, and browser-smoke report evidence contracts for keep-alive idle timeout, default rate-limit smoke, profile query rate-limit smoke, target URL validation smoke, response-started API unavailable network observer guard, and JS/Python rejection of non-IP browser-observed targetNetworkAddress values. |
+| `STACKPRISM_BROWSER_SMOKE_SCENARIO=public-complex-target STACKPRISM_BROWSER_SMOKE_TARGET_URL=https://www.wikipedia.org/ STACKPRISM_BROWSER_SMOKE_CDP_PORT=9491 node tests/agent-bridge-browser-smoke.mjs` |    0 | Added and ran on 2026-05-26. Chrome for Testing 147.0.7727.15 loaded `/Volumes/Work/code/stackprism-1.3.70/dist`, used the JS loopback bridge, and captured `https://www.wikipedia.org/` to `completed / cleanup`. The current resolver returned `www.wikipedia.org -> 198.18.0.19`, so the scenario explicitly used `allowPrivateNetworkTarget = true`; this is a public complex-site content capture in this DNS-proxy environment, not proof that the default no-private-network policy accepts resolver-rewritten public hostnames. `/v1/captures/{id}/profile` returned HTTP 200 with `schema = "stackprism.site_experience_profile.v1"`, matching capture id, final URL `https://www.wikipedia.org/`, non-empty visual/layout/component profile keys, 15382 profile bytes, no screenshot metadata or image/pixel payload, no checked privacy leak markers, and empty bridge stderr.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     |
+| `node tests/agent-bridge-browser-smoke.mjs`                                                                                                                                                               |    0 | Earlier default smoke rerun on 2026-05-25 after the state/session cleanup observability follow-up and latest `pnpm run typecheck` rebuilt `dist`: Chrome for Testing 147.0.7727.15 loaded `/Volumes/Work/code/stackprism-1.3.70/dist` and passed for the fixture-backed and lifecycle paths. Legacy sync `agentBridgeEnabled: true` was ignored when local opt-in was false and failed as `AGENT_BRIDGE_DISABLED`; a local disabled-probe target server observed `targetRequestCount = 0`, proving the target URL was not opened or fetched before local opt-in. Current passing capture evidence is fixture-backed: captures completed for `tests/fixtures/site-experience-fixture.html`, a local large-profile assets-only fixture, and a second bridge opened through `STACKPRISM_BROWSER_OPEN_COMMAND`/`STACKPRISM_BROWSER_OPEN_ARGS_JSON`; the earlier `https://example.com` public-target wording is superseded by later evidence and is not counted as current passing evidence; profiles returned HTTP 200 with `stackprism.site_experience_profile.v1`, matching capture ids, non-empty browser context, non-empty visual/layout/component keys where requested, and no privacy leak markers. With `captureScreenshotMetadata = false`, layout output stayed to non-bounding metadata. With `captureScreenshotMetadata = true`, the fixture profile contained `aboveFold` and `boundingBoxes` metadata but no screenshot/image/pixel payload. The large fixture produced a 393436-byte profile, estimated as 2 transfer chunks under the 384 KiB raw chunk limit. Target tab closure returned `TARGET_TAB_CLOSED`; bridge tab closure returned `BRIDGE_TAB_CLOSED`; deleting a running capture returned 200, reached `cancelled`, and closed the owned target tab; closing the service worker CDP target during a running capture returned `failed / BRIDGE_TRANSPORT_DISCONNECTED` and removed the owned target page from CDP targets; `chrome.runtime.reload()` during a running capture returned `failed / BRIDGE_TRANSPORT_DISCONNECTED` and the owned target page was not visible in CDP targets; cross-site `/bridge` render returned 403, first token render returned 200, second token render returned 409, terminal-first render after Agent cancellation returned 409 without token, and deleting a completed capture returned 409.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        |
+| `STACKPRISM_BROWSER_SMOKE_SCENARIO=cleared-storage-session node tests/agent-bridge-browser-smoke.mjs`                                                                                                     |    0 | Added and ran on 2026-05-25 as a separate destructive lifecycle smoke so it does not destabilize the default smoke's later service-worker cases. Chrome for Testing 147.0.7727.15 loaded `/Volumes/Work/code/stackprism-1.3.70/dist`; during a running slow-fixture capture, the worker cleared `chrome.storage.session` and called `chrome.runtime.reload()`. The Agent-observed status became `failed / BRIDGE_TRANSPORT_DISCONNECTED`, `/v1/captures/{id}/profile` returned 409 instead of a fake profile, the owned target tab was no longer visible, and bridge stderr tail was empty.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   |
+| `STACKPRISM_BROWSER_SMOKE_SCENARIO=local-opt-in-disabled STACKPRISM_BROWSER_SMOKE_CDP_PORT=9476 node tests/agent-bridge-browser-smoke.mjs`                                                                |    0 | Added and reran on 2026-05-25 as a separate local opt-in lifecycle smoke after a fresh `pnpm run typecheck` rebuilt `dist`. Chrome for Testing 147.0.7727.15 loaded `/Volumes/Work/code/stackprism-1.3.70/dist`; during a running slow-fixture capture, the worker changed `chrome.storage.local.stackPrismSettings.agentBridgeEnabled` to `false`. The Agent-observed status became `failed / AGENT_BRIDGE_DISABLED`, `/v1/captures/{id}/profile` returned 409 instead of a fake profile, the owned target tab was no longer visible, and bridge stderr tail was empty. This proves the local profile setting shutdown path, not browser-managed extension disable/update.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   |
+| `STACKPRISM_BROWSER_SMOKE_SCENARIO=browser-extension-disabled STACKPRISM_BROWSER_SMOKE_CDP_PORT=9483 node tests/agent-bridge-browser-smoke.mjs`                                                           |    0 | Added and ran on 2026-05-25 as a separate browser-level disable lifecycle smoke. Chrome for Testing 147.0.7727.15 loaded `/Volumes/Work/code/stackprism-1.3.70/dist`; during a running slow-fixture capture, the smoke opened `chrome://extensions/?id=<extension-id>` in the temporary profile and toggled the unpacked StackPrism extension from enabled to disabled through the browser-managed extensions UI. The Agent-observed status became `failed / BRIDGE_TRANSPORT_DISCONNECTED`, `/v1/captures/{id}/profile` returned 409 instead of a fake profile, the owned target tab was no longer visible, the bridge stderr tail was empty, and the smoke records only the extension id plus token presence boolean. This proves browser-level user disable fail-closed behavior for the temporary unpacked-extension profile, not Chrome Web Store update rollout behavior.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               |
+| `STACKPRISM_BROWSER_SMOKE_SCENARIO=expired-deadline-reconciliation STACKPRISM_BROWSER_SMOKE_CDP_PORT=9648 node tests/agent-bridge-browser-smoke.mjs`                                                      |    0 | Reworked and reran on 2026-05-26 after finding the earlier slow-target fixture still reconciled while the persisted phase could be `target_opening`, where the product contract is `TARGET_LOAD_TIMEOUT`. The smoke now uses a normal fixture plus `waitMs: 30000`, waits until stored capture state has `phase = "target_loaded"` and a target tab id, edits `agent-capture:{id}.deadlineAt` in `chrome.storage.session` to a past timestamp, then creates a normal `about:blank` tab to trigger a background event entrypoint. Chrome for Testing 147.0.7727.15 loaded `/Volumes/Work/code/stackprism-1.3.70/dist`; the Agent-observed status became `failed / CAPTURE_TIMEOUT`, `/v1/captures/{id}/profile` returned 409 instead of a fake profile, the owned target tab was no longer visible, and bridge stderr tail was empty. This proves expired persisted deadline reconciliation for an already loaded running target, not the target-load timeout branch.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          |
+| `STACKPRISM_BROWSER_SMOKE_SCENARIO=final-url-blocked STACKPRISM_BROWSER_SMOKE_CDP_PORT=9489 node tests/agent-bridge-browser-smoke.mjs`                                                                    |    0 | Added and ran on 2026-05-25 as a separate final URL policy smoke. Chrome for Testing 147.0.7727.15 loaded `/Volumes/Work/code/stackprism-1.3.70/dist`; a local `127.0.0.1` redirect fixture returned one 302 from the allowed initial target URL to the running bridge origin. After the target loaded, the extension rejected the redirected final URL as `failed / FINAL_URL_BLOCKED` with `invalid_final_url`, `/v1/captures/{id}/profile` returned 409 instead of a fake profile, the fixture observed `requestCount = 1`, the target tab was no longer visible, and bridge stderr was empty. This proves the real-browser redirect/final URL policy for a redirect into the bridge origin, not a broad live DNS/private-network matrix.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  |
+| `STACKPRISM_BROWSER_SMOKE_SCENARIO=private-target-blocked STACKPRISM_BROWSER_SMOKE_CDP_PORT=9490 node tests/agent-bridge-browser-smoke.mjs`                                                               |    0 | Added and ran on 2026-05-25 as a separate initial target policy smoke. Chrome for Testing 147.0.7727.15 loaded `/Volumes/Work/code/stackprism-1.3.70/dist`; a local `127.0.0.1` probe fixture was submitted as the initial capture URL without `allowPrivateNetworkTarget`. The bridge rejected capture creation as `400 / PRIVATE_NETWORK_TARGET_BLOCKED` with `private_network_address`, the fixture observed `requestCount = 0`, no target page for the blocked URL was visible in CDP targets, and bridge stderr was empty. This proves the real bridge creation path refuses a private literal initial URL before browser navigation, not a broad live DNS/private-network matrix.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       |
+| `pnpm run lint`                                                                                                                                                                                           |    0 | Fresh rerun on 2026-05-26 after the rate-limit smoke/report follow-up; ESLint passed for `src`.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               |
+| `pnpm run typecheck`                                                                                                                                                                                      |    0 | Fresh rerun on 2026-05-26 after the rate-limit smoke/report follow-up; `vue-tsc --noEmit` and production build passed. The build regenerated injected scripts and produced `/Volumes/Work/code/stackprism-1.3.70/dist/manifest.json`.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         |
+| `pnpm run docs:build`                                                                                                                                                                                     |    0 | VitePress build passed on 2026-05-25 after the latest Agent Bridge review-report update.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      |
+| `git diff --check && git diff --cached --check`                                                                                                                                                           |    0 | No whitespace or conflict-marker errors in the tracked or staged diff on 2026-05-26 after the upstream rebase and report/test updates.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        |
+
+Additional focused checks recorded for this slice:
+
+- `STACKPRISM_BROWSER_SMOKE_SCENARIO=capture-busy STACKPRISM_BROWSER_SMOKE_CDP_PORT=9492 node tests/agent-bridge-browser-smoke.mjs`: Chrome for Testing 147.0.7727.15 loaded `/Volumes/Work/code/stackprism-1.3.70/dist`; while the first slow-fixture capture had a real extension target tab, a second capture request returned `429 / CAPTURE_BUSY`; the bridge page opener checked CDP `Page.getNavigationHistory` and found no API/bridge token material or `apiToken` / `bridgeToken` / `authorization` query in browser navigation history; then the first capture was cancelled, profile read returned 409, the owned target tab was no longer visible, and bridge stderr tail was empty.
+- `STACKPRISM_BROWSER_SMOKE_SCENARIO=tech-only STACKPRISM_BROWSER_SMOKE_CDP_PORT=9493 node tests/agent-bridge-browser-smoke.mjs`: Chrome for Testing 147.0.7727.15 loaded `/Volumes/Work/code/stackprism-1.3.70/dist`; a local fixture capture with `include: ["tech"]` completed and returned `stackprism.site_experience_profile.v1`; visual/layout/components/interaction/ux/assets profile sections were empty, limitations contained all 6 `section_not_requested` entries, screenshot metadata/payload were absent, no privacy leak marker was found, and bridge stderr tail was empty.
+- `STACKPRISM_BROWSER_SMOKE_SCENARIO=result-expiry-bridge-page STACKPRISM_BROWSER_SMOKE_CDP_PORT=9555 node tests/agent-bridge-browser-smoke.mjs`: Chrome for Testing 147.0.7727.15 loaded `/Volumes/Work/code/stackprism-1.3.70/dist`; a local fixture capture completed through the real extension and returned profile HTTP 200. The smoke then advanced an in-process JS bridge clock beyond that capture's `resultExpiresAt` and verified `GET /v1/captures/{id}/profile` returned `410 / CAPTURE_RESULT_EXPIRED`; opening the original `/bridge` URL also returned 410, contained `CAPTURE_RESULT_EXPIRED`, and did not contain bridge token material.
+- `STACKPRISM_BROWSER_SMOKE_SCENARIO=bridge-self-target-blocked STACKPRISM_BROWSER_SMOKE_CDP_PORT=9556 node tests/agent-bridge-browser-smoke.mjs`: the real JS bridge rejected a capture whose initial target URL used the current bridge origin as `400 / BRIDGE_SELF_TARGET_BLOCKED`; the same request using the `localhost` loopback alias was also rejected as `400 / BRIDGE_SELF_TARGET_BLOCKED`, `/health.activeCaptures` remained 0 after both rejects, and bridge stderr was empty. This is a focused bridge-origin self-target creation guard; final URL self-target remains covered by `final-url-blocked`.
+- `STACKPRISM_BROWSER_SMOKE_SCENARIO=active-tab-unavailable STACKPRISM_BROWSER_SMOKE_CDP_PORT=9557 node tests/agent-bridge-browser-smoke.mjs`: Chrome for Testing 147.0.7727.15 loaded `/Volumes/Work/code/stackprism-1.3.70/dist`; in a fresh profile with no prior detectable active tab record, a capture using `targetMode = "active_tab"` failed as `ACTIVE_TAB_UNAVAILABLE`, profile read returned 409, the target probe received 0 requests, no target URL tab was opened, the bridge DOM still reached ready state, and bridge stderr was empty.
+- `STACKPRISM_BROWSER_SMOKE_SCENARIO=request-shell-rejections STACKPRISM_BROWSER_SMOKE_CDP_PORT=9560 node tests/agent-bridge-browser-smoke.mjs`: the real JS bridge rejected 19 类原始 request-shell / ambiguous header cases: missing Host, duplicate Host, absolute-form, authority-form, encoded slash path, encoded backslash path, dot segment path, empty segment path, unexpected `/health` query, duplicate `/bridge` query, duplicate Authorization, duplicate Content-Type, Content-Length plus Transfer-Encoding, duplicate Content-Length, invalid Content-Length, chunked body, unsupported Transfer-Encoding, unsupported Content-Encoding, and unsupported charset. The duplicate bridge query response did not leak bridge-token material, target request count 0, `healthAfterRejections` returned `HTTP/1.1 200 OK`, cleanup DELETE returned 200, and bridge stderr was empty.
+- `STACKPRISM_BROWSER_SMOKE_SCENARIO=service-worker-idle-wake STACKPRISM_BROWSER_SMOKE_CDP_PORT=9544 node tests/agent-bridge-browser-smoke.mjs`: Chrome for Testing 147.0.7727.15 loaded `/Volumes/Work/code/stackprism-1.3.70/dist`; after local opt-in was set, the initial service worker target naturally disappeared from CDP after 31 seconds idle, the bridge page woke a new service worker target, the fixture capture completed with profile HTTP 200 and schema `stackprism.site_experience_profile.v1`, and bridge stderr was empty.
+- `STACKPRISM_BROWSER_SMOKE_SCENARIO=expired-deadline-reconciliation STACKPRISM_BROWSER_SMOKE_CDP_PORT=9648 node tests/agent-bridge-browser-smoke.mjs`: 2026-05-26 rerun passed after correcting the smoke harness to wait for persisted state `phase = "target_loaded"` before moving `deadlineAt` into the past. The prior slow-target harness expectation was wrong for `target_opening`, where the extension and unit contract correctly return `TARGET_LOAD_TIMEOUT`. The corrected run returned `failed / CAPTURE_TIMEOUT`, profile endpoint 409, target tab not visible, and empty bridge stderr.
+- 2026-05-26 local remaining-matrix run executed the explicit smoke scenarios on ports 9620 through 9646 against Chrome for Testing 147.0.7727.15 and current `dist`. Passed expectations included browser disable and browser-managed reload as `BRIDGE_TRANSPORT_DISCONNECTED`, service-worker idle wake as `completed`, incognito probes as fail-closed `EXTENSION_NOT_CONNECTED` with target request count 0, private/DNS/final URL policy failures, bridge self-target creation rejection, target URL validation, target navigation/load failure/load timeout, host validation, response headers/CORS, request-shell rejections, connection pressure, resource timeouts, default create/status/profile rate limits, sequential capture pressure, and result-expiry bridge page. The only initial failure was the old `expired-deadline-reconciliation` smoke harness expectation, which was fixed and passed separately on port 9648.
+- `node --test --test-timeout=60000 tests/agent-capture-orchestration.test.mjs`: RED first failed because `TARGET_INJECTION_FAILED` status had no `details.reason`; after adding sanitized failure details, 37 extension orchestration tests passed, including an injected `chrome.scripting.executeScript` error containing a sensitive URL query, nonce, fragment, and token-like id.
+- `node --test --test-timeout=60000 tests/agent-capture-orchestration.test.mjs`: RED first failed because incognito bridge page URLs were not classified as bridge tabs for ordinary runtime-message isolation; after removing the incognito exclusion from the bridge-tab predicate, 38 extension orchestration tests passed, and `GET_POPUP_RESULT` from an incognito bridge sender is rejected before reading ordinary detection caches.
+- `node --test --test-timeout=60000 tests/agent-capture-orchestration.test.mjs`: RED first failed because bridge-tab `/v1/captures/*` navigation commits still entered the ordinary `webNavigation` detection path after URL-only request skipping was tightened. The fix binds `/v1/captures/*` isolation to the bridge tab or the registered bridge-session origin, keeps ordinary local `/v1/captures/*` APIs observable, and now passes 40 Agent Capture orchestration tests.
+- `node --test --test-timeout=60000 tests/agent-capture-orchestration.test.mjs`: RED first failed because registered bridge API tabs could still use ordinary `GET_POPUP_RESULT`, popup/options `GET_HEADER_DATA`, or `START_BACKGROUND_DETECTION` to access or trigger ordinary detection paths after session registration. The fix adds session-aware message-router sender/target guards and returns `START_BACKGROUND_DETECTION` success only after those guards pass; now passes 43 Agent Capture orchestration tests.
+- `node --test --test-timeout=60000 tests/agent-capture-orchestration.test.mjs --test-name-pattern="observer content script|content observer injection|injection failure"`: 45 Agent Capture orchestration tests passed after making content observer active injection locate the observer by filename instead of assuming `content_scripts[0]`, after making the Agent capture path fail explicitly as `TARGET_INJECTION_FAILED` when observer injection fails, and after making a missing observer content script fail closed instead of continuing. Ordinary background detection keeps its non-blocking injection behavior.
+- `node --test --test-timeout=60000 tests/agent-capture-orchestration.test.mjs`: RED first failed because a `START_AGENT_CAPTURE` payload with `profileChunkTransport: false` continued into target/profile-transfer orchestration and returned `BRIDGE_TRANSPORT_DISCONNECTED`. The fix rejects missing required capabilities in background validation as `NOT_SUPPORTED` with `details.missingCapability`, before target tab resolution; a later forbidden-field regression test first failed because `bridgeToken`、callback URL and profile wrapper were reported as generic unknown fields, then passed after the forbidden-field validation was moved before unknown-field validation. The file now passes 48 Agent Capture orchestration tests, including the extension lifecycle wake recovery contract.
+- `node --test --test-timeout=60000 tests/agent-capture-orchestration.test.mjs --test-name-pattern="extension lifecycle wake"`: 48 Agent Capture orchestration tests passed after wiring `chrome.runtime.onInstalled` / `onStartup` through the same recovery helper used at service-worker module load. The new contract confirms an `onInstalled` update event still injects the content observer into detectable tabs, fails an active Agent capture as `SERVICE_WORKER_RESTARTED`, removes the owned target tab, and clears capture state.
+- `node --test --test-timeout=60000 tests/agent-bridge-handshake.test.mjs --test-name-pattern="storage session"`: RED first failed because `AGENT_BRIDGE_HELLO` returned `NOT_SUPPORTED` without `details.missingCapability` when `chrome.storage.session` was unavailable. The fix uses the same missing-capability detail path as start-capture validation and now passes 14 bridge handshake/content transport tests.
+- `node --test --test-timeout=60000 tests/agent-bridge-manifest.test.mjs`: 2 manifest contract tests passed after pinning the exact extension permissions, host permissions, observer content script scope/order, loopback-only bridge content script scope, and single `web_accessible_resources` block. The test rejects accidental `externally_connectable`, `localhost` bridge matches, agent-only profiler, repo-local bridge helper, Python fallback, and test path exposure.
+- `node --test --test-timeout=60000 tests/background-logging.test.mjs`: RED first failed because a polluted `Error.name` in both `sanitizeLogDetails` and `reportCleanupFailure` preserved raw bridge URL query and token-like ids. After routing `Error.name` and cleanup warnings through the log sanitizer, 2 tests passed and asserted no raw `token=secret`, `nonce=`, `spb_`, or token-bearing diagnostic detail remained in serialized log output.
+- `node --test --test-timeout=60000 tests/background-logging.test.mjs tests/stackprism-bridge.test.mjs tests/stackprism_bridge_py.test.mjs tests/site-experience-profile.test.mjs`: 69 focused tests passed after the terminal/expired bridge page no-token fix, `executeScriptResult` profile evidence propagation, background error log redaction extraction, and `captureScreenshotMetadata=true` positive metadata retention check.
+- `node --test --test-timeout=60000 tests/stackprism-bridge.test.mjs`: 31 JS bridge tests passed after adding explicit slow body/header timeout, configured active connection limit coverage, stdin EOF shutdown, SIGTERM listener shutdown, terminal DELETE guards for `completed`, `failed`, `cancelled`, and `expired` captures, bridge URL query/token exposure assertions, bridge-page hostile query/fragment plus terminal error-message non-reflection, strict request-shell cases for wrong host/port, IPv6 host, encoded slash/backslash, duplicate bridge query fields, duplicate sensitive headers, unsupported transfer/content encoding, invalid content length, status/request/control/profile response-header assertions, `/bridge` page no-store/no-referrer/nosniff/COOP/Permissions-Policy/CSP nonce assertions, and expanded private-address policy fixtures.
+- `node --test --test-timeout=60000 tests/stackprism_bridge_py.test.mjs`: 35 Python fallback tests passed, including stdin EOF shutdown, SIGTERM listener shutdown, socket-timeout coverage for slow body/header requests, configured active connection limit rejection, terminal DELETE guards for `completed`, `failed`, `cancelled`, and `expired` captures, bridge URL query/token exposure assertions, bridge-page hostile query/fragment plus terminal error-message non-reflection, the same strict request-shell matrix as the JS bridge, matching preflight `Allow` header behavior, matching status/request/control/profile response-header assertions, matching `/bridge` page header/CSP nonce assertions, and the same expanded private-address policy fixtures.
+- `node --test --test-timeout=60000 tests/stackprism-bridge.test.mjs tests/stackprism_bridge_py.test.mjs`: 66 JS/Python bridge tests passed after adding shared `nonGlobalHostname`, `specialUseHostname`, `specialUseIpv6Hostname`, `publicSpecialUseExceptionHostname`, and bridge URL query/token exposure assertions. The fixtures use fake resolver results for `198.18.0.12`, IPv4 documentation/reserved/unspecified ranges, IPv6 documentation/translation/discard/6to4/special ranges, and Python `ipaddress` public exceptions. A RED run first showed JS accepted `100::1` while Python rejected it; JS now uses a table-driven `net.BlockList` policy aligned with the Python fallback behavior for these fixtures.
+- `node --test --test-timeout=60000 tests/stackprism-bridge.test.mjs tests/stackprism_bridge_py.test.mjs`: 66 JS/Python bridge tests are present after aligning terminal profile POST semantics, adding resource-timeout/active-connection coverage, locking stdin EOF and SIGTERM shutdown, locking terminal DELETE behavior, removing hostile terminal-message reflection from bridge pages, extending raw HTTP request-shell parity, locking endpoint response headers, and locking `/bridge` page header/CSP contracts; completed captures return terminal `409 / CAPTURE_ALREADY_COMPLETED` before reading an oversized repeated profile body in both bridge implementations, all four terminal states reject DELETE with `409` without state rewrite, terminal bridge pages return fixed terminal text while preserving error code/status, ambiguous raw request shells are rejected before business routing, JSON status/request/control/profile responses carry no-store/nosniff, profile responses also carry no-referrer, and `/bridge` pages carry no-store/no-referrer/nosniff/COOP/Permissions-Policy plus nonce-only script/style CSP without `unsafe-inline`.
+- `STACKPRISM_BROWSER_SMOKE_SCENARIO=dns-non-global-blocked STACKPRISM_BROWSER_SMOKE_CDP_PORT=9491 node tests/agent-bridge-browser-smoke.mjs`: Chrome for Testing 147.0.7727.15 loaded `/Volumes/Work/code/stackprism-1.3.70/dist`; the current resolver mapped `stackprism-browser-smoke.invalid` to `198.18.0.12`; capture creation was rejected as `400 / PRIVATE_NETWORK_TARGET_BLOCKED` with `private_network_address`, no target page for that URL was visible in CDP targets, and bridge stderr was empty. This proves the current production resolver path fail-closes for this benchmark-address rewrite, not a broad DNS/private-network live matrix.
+- `STACKPRISM_BROWSER_SMOKE_SCENARIO=dns-lookup-failed STACKPRISM_BROWSER_SMOKE_CDP_PORT=9541 node tests/agent-bridge-browser-smoke.mjs`: the real JS bridge production resolver returned `ENOTFOUND` for `aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.com`; capture creation was rejected as `400 / TARGET_DNS_LOOKUP_FAILED` with `dns_lookup_failed`, `/health.activeCaptures` remained 0, and bridge stderr was empty. This proves the live DNS lookup failed branch for the current resolver path, not a broad NXDOMAIN/SERVFAIL matrix.
+- `node --test --test-timeout=60000 tests/agent-bridge-handshake.test.mjs`: 14 bridge handshake/content transport tests passed after removing raw content-side error logging, replacing profile transfer fallback ack messages with fixed non-sensitive summaries, adding the non-bridge loopback zero-side-effect contract, and requiring hello `NOT_SUPPORTED` responses to include `details.missingCapability = "storageSession"` when `chrome.storage.session` is unavailable.
+- `node --test --test-timeout=120000 tests/agent-capture-orchestration.test.mjs tests/agent-bridge-handshake.test.mjs`: 62 focused extension orchestration and bridge handshake tests are present after the incognito bridge-tab metadata, cleared-storage-session recovery, start-time opt-in recheck, running local opt-in disable fail-closed handling, extension lifecycle wake recovery, owned target cleanup failure observability, state/session cleanup failure observability, non-bridge loopback zero-side-effect, request envelope mismatch isolation, storage access-level contract, incognito bridge-tab ordinary message isolation, bridge API request isolation, and registered bridge API ordinary runtime/popup/background detection isolation follow-ups. Browser smoke is intentionally run as `node tests/agent-bridge-browser-smoke.mjs` rather than in parallel with these tests because the large-profile live capture uses the real 60-second capture deadline.
+- `node --test --test-timeout=120000 tests/stackprism-bridge.test.mjs tests/stackprism_bridge_py.test.mjs tests/agent-bridge-handshake.test.mjs tests/site-experience-profile.test.mjs tests/agent-capture-orchestration.test.mjs`: 143 focused Agent Bridge tests are present after the final request-body, DNS timeout, localhost self-target, bridge config identity, truncation limitations, file-split, incognito metadata, storage-session recovery, opt-in recheck, running local opt-in disable handling, extension lifecycle wake recovery, owned target cleanup failure observability, state/session cleanup failure observability, non-bridge loopback zero-side-effect, request envelope mismatch isolation, storage access-level contract, incognito bridge-tab ordinary message isolation, bridge API request isolation, registered bridge API ordinary message isolation, JS/Python SIGTERM shutdown, terminal DELETE guard, hostile bridge-page non-reflection, Python preflight `Allow` parity, and request-shell parity follow-ups.
+- `node --test --test-timeout=60000 tests/release-workflow.test.mjs`: RED first failed because the release workflow dist hygiene script only blocked the Agent Bridge entry scripts and did not explicitly block repo-local JS bridge helper source filenames such as `capture-store.mjs`; after extracting an `agentOnlySourceFiles` list shared by `web_accessible_resources` and `dist/` scans, 4 executable release workflow contract tests passed. The 2026-05-25 continuation expanded this to 7 tests: workflow gate order before packaging, clean fake `dist` pass, `externally_connectable` rejection, polluted `dist/assets/capture-store.mjs` rejection, nested `dist/assets/agent-skill/` rejection, and `web_accessible_resources` exposure of `assets/http-server.mjs` rejection.
+- `node --test --test-timeout=60000 tests/site-experience-profile.test.mjs`: RED first failed because `loadDetectorSettings()` logged a raw `Error` object when `chrome.storage.local` was unavailable. The warning now routes the error through `sanitizeLogDetails`, preserves sync settings and local opt-in fail-closed behavior, and 15 site/profile contract tests passed.
+- Current focused test composition: 13 `tests/*.test.mjs` files and 212 Node tests. The current suite includes browser-smoke report evidence contracts, JS/Python bridge contracts, bridge handshake tests, Agent Capture orchestration tests, and supporting manifest/release/profile/logging/complexity/report-format contracts.
+- `python3 -m py_compile agent-skill/stackprism-site-experience/scripts/stackprism_bridge.py && python3 -m compileall -q agent-skill/stackprism-site-experience/scripts/stackprism_bridge_lib`: Python entry and helper modules compile after the Python bridge page terminal-token fix.
+- `pnpm exec prettier --check docs/reviews/CR-AGENT-BRIDGE-E2E-2026-05-22.md tests/agent-bridge-browser-smoke.mjs tests/site-experience-profile.test.mjs src/background/logging.ts tests/background-logging.test.mjs`: all matched files use Prettier style after the latest report and test updates.
+- `node --test --test-timeout=60000 tests/stackprism-bridge.test.mjs tests/site-experience-profile.test.mjs tests/agent-capture-orchestration.test.mjs tests/agent-bridge-handshake.test.mjs`: 69 focused tests passed after the stdin lifecycle, request strictness, bridge status page, and unrequested-section fixes.
+- `sourcery review agent-skill/stackprism-site-experience/scripts/stackprism_bridge.py agent-skill/stackprism-site-experience/scripts/stackprism_bridge_lib tests/stackprism_bridge_py.test.mjs --no-summary`: no Python fallback findings after the 2026-05-24 cleanup.
+- `cr review --prompt-only -t uncommitted`: 2026-05-25 limited/free CLI run completed with 25 findings. Valid findings were fixed for malformed config JSON, phase monotonicity outside `running`, JS status-update serialization, extension start serialization, storageSession preflight ordering, corrupted stored state cleanup, explicit failure logging, Python max connection normalization, and smoke harness cleanup. Findings skipped after verification were either already covered by current diff, not reachable before bridge listen, contradicted the plan's strict content-type contract, or would mask the original fail-closed terminal state by propagating cleanup errors. A later 2026-05-25 attempt entered limited/free CLI behavior and stalled at `summarizing`; it produced no findings and was terminated, so it is not counted as review evidence.
+- `node -e` manifest inspection after the fresh `pnpm run typecheck` build confirmed `dist/manifest.json` has no `externally_connectable`, does not expose `injected/experience-profiler.iife.js`, and limits CRXJS-generated Agent Bridge content chunks to the `http://127.0.0.1/*` web-accessible-resource match.
+- Extracted the inline dist hygiene script from `.github/workflows/release-extension.yml` and ran it against the current `dist/`; exit code 0 with no release boundary failures.
+- Release workflow dist hygiene executable contract: extracted inline workflow script passes a clean fake `dist`, rejects `externally_connectable`, rejects repo-local JS bridge helper source files in both `dist/` and `web_accessible_resources`, and rejects nested agent-only directories such as `dist/assets/agent-skill/`.
+- `find dist \( -path 'dist/agent-skill*' -o -path 'dist/docs/superpowers*' -o -path 'dist/tests*' -o -name '*.py' -o -name '*.pyc' -o -name '__pycache__' -o -name 'stackprism-bridge.mjs' -o -name 'stackprism_bridge.py' -o -name 'capture-store.mjs' -o -name 'http-handlers.mjs' -o -name 'http-server.mjs' -o -name 'open-browser.mjs' -o -name 'protocol.mjs' -o -name 'security.mjs' -o -name 'url-policy.mjs' \) -print`: no forbidden release-package paths, Python artifacts, or repo-local bridge helper source files found under `dist/`.
+
+## Browser Smoke
+
+Latest successful smoke:
+
+- Browser: Chrome for Testing 147.0.7727.15 from the local Playwright cache.
+- Extension load directory: `/Volumes/Work/code/stackprism-1.3.70/dist`.
+- Extension version: `1.3.73`.
+- Latest default rerun: `STACKPRISM_BROWSER_SMOKE_CDP_PORT=9661 node tests/agent-bridge-browser-smoke.mjs` exited 0 on 2026-05-26 after switching the default target to the local fixture.
+- Bridge script: `agent-skill/stackprism-site-experience/scripts/stackprism-bridge.mjs` with `STACKPRISM_BRIDGE_NO_OPEN=1`; ready JSON was observed only as sanitized fields (`baseUrl`, `protocolVersion = 1`, `apiTokenPresent = true`).
+- Opt-in gate: with `chrome.storage.sync.stackPrismSettings.agentBridgeEnabled = true` but local `agentBridgeEnabled = false`, bridge handshake still failed as `AGENT_BRIDGE_DISABLED`, produced no profile, and a local probe target received `0` requests; after explicitly writing local opt-in, capture completed. A separate running-capture smoke then changed local `agentBridgeEnabled` back to `false`; the capture failed as `AGENT_BRIDGE_DISABLED`, the profile endpoint returned 409, and the owned target tab was no longer visible.
+- Capture targets counted as current passing evidence: a local HTTP server serving `tests/fixtures/site-experience-fixture.html`, a local large-profile fixture, a custom-open bridge capture using the same fixture with `allowPrivateNetworkTarget = true`, and a separate `public-complex-target` smoke for `https://www.wikipedia.org/`.
+- Default smoke success path: fixture-backed local HTTP fixture capture with `allowPrivateNetworkTarget = true`, `completed / cleanup`, HTTP 200 profile reads, profile size 4697 bytes for the default fixture path, and no dependence on resolver behavior for `https://example.com`.
+- Result: the enabled profile captures reached `completed / cleanup`; `/v1/captures/{id}/profile` returned HTTP 200 and `schema = "stackprism.site_experience_profile.v1"`.
+- Public target status: counted only through the explicit `public-complex-target` scenario. In this environment `www.wikipedia.org` resolved to `198.18.0.19`, so the smoke used `allowPrivateNetworkTarget = true` and records `privateNetworkOverrideUsed = true`; the former default `https://example.com` path remains unsuitable because it resolves to `198.18.1.69` and correctly fail-closes when private-network targets are not explicitly allowed.
+- Public complex-site assertions: final URL was `https://www.wikipedia.org/`, capture id matched, user agent was present, visual/layout/component profile keys were non-empty, profile size was 15382 bytes, screenshot metadata and screenshot image/pixel payload were absent, checked privacy leak markers were absent, and bridge stderr was empty.
+- Complex fixture assertions: final URL redacted the sensitive query value, capture id matched, user agent was present, and visual/layout/component sections were non-empty.
+- Screenshot metadata assertions: the false branch returned no bounding metadata; the true branch returned `aboveFold` and `boundingBoxes` metadata and still returned no screenshot image, base64, or pixel payload.
+- Large-profile assertion: the local large assets-only fixture produced a 393436-byte profile and crossed the 384 KiB raw transfer chunk boundary, so the live Chrome path now exercises multi-chunk profile transfer instead of relying only on unit tests.
+- Custom browser-open assertion: a second bridge ran without `STACKPRISM_BRIDGE_NO_OPEN`; `STACKPRISM_BROWSER_OPEN_COMMAND` pointed to the current Node executable, `STACKPRISM_BROWSER_OPEN_ARGS_JSON` passed a module helper as argv, and the helper opened the nonce-scoped bridge URL in the already loaded Chrome for Testing profile through CDP. The capture completed and returned the expected profile, proving the custom browser command success path without shell string interpolation.
+- Privacy assertion: neither profile contained the checked leak markers for cookie, authorization, set-cookie, `token=secret`, or `#frag`.
+- Bridge page guard: cross-site `/bridge` render with attacker `Referer` returned 403 without `bridgeToken`; first normal render returned 200 with token; second render of the same URL returned 409 without token; a never-rendered capture cancelled by the Agent reached `cancelled`, and its first `/bridge` render returned 409 without token.
+- Terminal DELETE guard: deleting terminal `completed`, `failed`, `cancelled`, and `expired` captures returns 409 and preserves the terminal status in both JS bridge and Python fallback tests; the live Chrome smoke also confirms deleting a completed capture returns 409.
+- Lifecycle guards: closing the target tab during a slow local fixture capture returned `failed / TARGET_TAB_CLOSED`; closing the bridge tab during a slow local fixture capture returned `failed / BRIDGE_TAB_CLOSED`; deleting a running slow-fixture capture returned 200, reached `cancelled`, and `chrome.tabs.get(targetTabId)` confirmed the owned target tab no longer existed; changing local `agentBridgeEnabled` to `false` during a running slow-fixture capture returned `failed / AGENT_BRIDGE_DISABLED`, returned 409 from the profile endpoint, and removed the owned target tab from visible CDP targets; closing the service worker CDP target during a running capture returned `failed / BRIDGE_TRANSPORT_DISCONNECTED` and CDP no longer listed the owned target page; calling `chrome.runtime.reload()` during a running capture returned `failed / BRIDGE_TRANSPORT_DISCONNECTED` and CDP no longer listed the owned target page.
+- Bridge DOM marker: `document.documentElement.dataset.stackprismAgentBridgeClient = "ready"`.
+- Bridge stderr tail was empty after redaction.
+- 2026-05-23 rerun caught and fixed one content-side regression: terminal `failed` status updates from the bridge page must be serialized with `phase = "cleanup"`. Before the fix, disabled local opt-in posted `failed / bridge_connected`, the bridge server rejected it, and the capture later expired as `EXTENSION_NOT_CONNECTED`. The rerun after rebuilding `dist` returned `failed / AGENT_BRIDGE_DISABLED`.
+- 2026-05-23 final optimization pass fixed the JS bridge stdin EOF shutdown path, added bridge page status polling for JS and Python bridge pages, tightened extension-side request validation, and aligned unrequested `tech`/`assets` profile sections with the plan. The post-build smoke rerun still completed the disabled gate, public target, local fixture target, bridge token guard, and target/bridge tab closure scenarios.
+- 2026-05-24 final audit follow-up fixed JS bridge cancellation authorization so `DELETE /v1/captures/{id}` requires `apiToken`, and aligned JS final URL blocked failures with Python fallback by exposing terminal phase `cleanup` instead of retaining `target_loaded`.
+- 2026-05-24 verification refresh fixed localhost alias bridge self-target blocking for JS and Python, hardened bridge page config identity checks against URL query fields, and propagated profiler truncation evidence into profile limitations. The browser smoke rerun still completed the disabled gate, public target, local fixture target, bridge token guard, and target/bridge tab closure scenarios.
+- 2026-05-24 completion audit follow-up hardened JS and Python request target parsing for dot segments, empty path segments, and query strings on non-bridge endpoints. It also changed the profiler path so `captureScreenshotMetadata = false` is passed before injection and bounding boxes, above-fold data, and component rects are not collected at the source.
+- 2026-05-24 CodeRabbit follow-up made failure cleanup resilient so profile-transfer cleanup or target cleanup cannot prevent `agent-capture-state` removal, replaced a hardcoded status protocol version with `bridgeProtocolVersion`, and wrapped `__SP_RULES__` cleanup in the same deadline guard used by agent detection.
+- 2026-05-24 cancellation smoke follow-up added a live browser assertion for Agent-initiated `DELETE` on a running capture. The bridge server returned 200, the bridge content script picked up cancel control polling, background cleaned up the owned target tab, and the Agent observed `cancelled`.
+- 2026-05-24 completion audit hardening blocked the last known DOM-readable token window for expired or already-terminal captures in both JS and Python bridge pages, preserved `evidence.truncation.executeScriptResult` for Agent consumers, and moved background error logging through a tested redaction helper that strips bridge URLs, ids, token-like fields, and Error message/stack content.
+- 2026-05-24 screenshot metadata follow-up added a positive profile-builder assertion and a live Chrome smoke assertion that `captureScreenshotMetadata = true` keeps above-fold, bounding box, and component rect metadata while still avoiding screenshot image or pixel fields.
+- 2026-05-24 terminal-render smoke follow-up added a live Chrome assertion for a never-rendered capture that becomes terminal before bridge page load. The first `/bridge` request after terminalization returned 409 without `bridgeToken`; expired terminal rendering remains covered by JS/Python automated bridge tests.
+- 2026-05-24 large-profile smoke follow-up added a local large resource fixture and proved the real Chrome capture/profile path can return a profile larger than one 384 KiB transfer chunk while preserving redacted target URLs and no screenshot payload.
+- 2026-05-24 custom-open smoke follow-up added a live `STACKPRISM_BROWSER_OPEN_COMMAND` success path using an argv-array Node helper to open the bridge URL in the same Chrome for Testing profile, then completed a fixture capture through the automatically opened bridge page.
+- 2026-05-24 service-worker-stop smoke follow-up added a live CDP service worker target termination during a running capture. The Agent-observed bridge status failed closed as `BRIDGE_TRANSPORT_DISCONNECTED`, and the owned slow target page was cleaned up instead of producing a fake profile.
+- 2026-05-24 extension-reload smoke follow-up added a live `chrome.runtime.reload()` interruption during a running capture. The Agent-observed bridge status failed closed as `BRIDGE_TRANSPORT_DISCONNECTED`, and the owned slow target page was cleaned up instead of producing a fake profile.
+- 2026-05-24 disabled-opt-in smoke follow-up changed the disabled target to a local probe server and asserted `targetRequestCount = 0`, proving the fail-closed opt-in path did not open or fetch the target URL before local opt-in.
+- 2026-05-24 JS/Python bridge parity follow-up fixed Python fallback profile POST ordering so already-terminal captures reject repeated profile submissions as terminal `409` before reading large request bodies, matching JS bridge semantics and avoiding an oversized body from masking the terminal state.
+- 2026-05-24 content log redaction follow-up replaced raw `console.error(..., error)` output in the bridge content script with an error-code-only summary and replaced profile transfer fallback ack messages derived from `String(error)` with fixed non-sensitive text.
+- 2026-05-24 bridge page reflection follow-up added JS/Python tests for malicious query/fragment input and terminal internal error messages. Both bridge pages now avoid reflecting hostile fragments, script-like payloads, bridge tokens, or raw internal error messages; terminal responses preserve error code/status and use fixed terminal text.
+- 2026-05-24 request-shell parity follow-up expanded the JS and Python raw HTTP tests for wrong host ports, IPv6 host headers, encoded slash/backslash request targets, duplicate `/bridge` query fields, duplicate `Content-Length`, duplicate sensitive headers, unsupported transfer/content encoding, and invalid content length. These requests now reject before business routing in both bridge implementations.
+- 2026-05-24 response-header contract follow-up added JS/Python assertions that capture status, request, control, profile POST, bridge-token profile rejection, and API profile reads return JSON with `Cache-Control: no-store` and `X-Content-Type-Options: nosniff`; profile responses additionally return `Referrer-Policy: no-referrer`.
+- 2026-05-24 bridge page header contract follow-up added JS/Python assertions that `/bridge` HTML responses include `Cache-Control: no-store`, `Referrer-Policy: no-referrer`, `X-Content-Type-Options: nosniff`, `X-Frame-Options: DENY`, `Cross-Origin-Opener-Policy: same-origin`, minimal `Permissions-Policy`, CSP `default-src 'none'`, `frame-ancestors 'none'`, `base-uri 'none'`, `form-action 'none'`, no `unsafe-inline`, and matching script/style nonces.
+- 2026-05-25 cleared storage-session smoke follow-up added a separate browser smoke scenario for `chrome.storage.session.clear()` followed by `chrome.runtime.reload()` during a running capture. The Agent-observed status failed closed as `BRIDGE_TRANSPORT_DISCONNECTED`, the profile endpoint returned 409 instead of a fake profile, and the owned slow target page was not visible afterward.
+- 2026-05-25 local opt-in disable smoke follow-up added a separate browser smoke scenario for changing `chrome.storage.local.stackPrismSettings.agentBridgeEnabled` to `false` during a running capture. The Agent-observed status failed closed as `AGENT_BRIDGE_DISABLED`, the profile endpoint returned 409 instead of a fake profile, and the owned slow target page was not visible afterward. This does not prove browser-managed extension disable/update behavior.
+- 2026-05-25 cleanup observability follow-up made owned target tab removal failures visible through `reportCleanupFailure('cleanupTarget', errorName)` while preserving fail-closed `agent-capture-state` and bridge-session cleanup for failure and cancel paths.
+- 2026-05-25 state/session cleanup observability follow-up made direct cancellation cleanup record `removeAgentCaptureState` failures and still continue to `clearBridgeSession`, preventing one cleanup failure from hiding the next cleanup action.
+- 2026-05-25 non-bridge loopback contract follow-up added an import-time content client test proving that ordinary `127.0.0.1` pages that are not `/bridge` return before reading bridge DOM config, calling bridge HTTP, registering window lifecycle listeners, or sending runtime messages.
+- 2026-05-25 Python preflight parity follow-up added an assertion that fallback `OPTIONS /v1/captures` returns the same `Allow: GET, POST, DELETE` method contract as the JS bridge while still omitting `Access-Control-Allow-*` headers.
+- 2026-05-25 bridge signal shutdown follow-up added JS and Python bridge subprocess tests that send SIGTERM after `/health` succeeds, wait for exit code 0, and verify the previous health endpoint is no longer reachable.
+- 2026-05-25 capture busy smoke follow-up added a separate browser smoke scenario where a slow real capture owns a target tab, a second capture is rejected as `429 / CAPTURE_BUSY`, and cancelling the first capture leaves no fake profile or visible owned target tab.
+- 2026-05-25 cleanup log redaction follow-up made polluted `Error.name` values go through the same background log sanitizer and made `reportCleanupFailure` sanitize its warning details before `console.warn`, preventing bridge URL query, nonce, and token-like ids from leaking through cleanup diagnostics.
+- 2026-05-25 target injection failure detail follow-up made `TARGET_INJECTION_FAILED` preserve a bounded, sanitized `details.reason`; the regression test first failed on missing details, then passed with no raw sensitive query, nonce, fragment, or token-like id in the status payload.
+- 2026-05-25 incognito bridge-tab isolation follow-up removed the incognito exclusion from the bridge-tab predicate so incognito bridge URLs are still excluded from ordinary tab events and ordinary runtime messages cannot read detection caches.
+- 2026-05-25 bridge API request isolation follow-up changed `/v1/captures/*` detection skipping from a URL-only loopback match to bridge tab or registered bridge-session-origin matching. This prevents ordinary local apps with `/v1/captures/*` APIs from losing header evidence while still keeping bridge-tab `webRequest` and `webNavigation` events out of ordinary tab caches and throttle resets.
+- 2026-05-25 registered bridge API ordinary-message isolation follow-up made message-router reject registered bridge API tabs before ordinary runtime cache reads, popup/options target reads, or ordinary background detection starts.
+- 2026-05-25 release workflow hygiene follow-up made the release job reject repo-local JS bridge helper source filenames from `web_accessible_resources` and `dist/` artifacts, not only the top-level bridge entry scripts.
+- 2026-05-25 detector settings warning redaction follow-up made `chrome.storage.local` read-failure warnings use `sanitizeLogDetails` instead of logging the raw caught error, preventing polluted error names or messages from exposing bridge URL query, nonce, or token-like ids while keeping sync settings fallback behavior.
+- 2026-05-25 bridge failed-status redaction follow-up made JS bridge and Python fallback sanitize extension-posted failed status `error` payloads before storing or returning `publicStatus`. The regression tests first failed on raw API token exposure, then passed with apiToken, bridgeToken, nonce, URL query, and fragment removed from error message/details while preserving the structured error code.
+- 2026-05-25 bridge failed-status error-code follow-up made JS bridge and Python fallback reject extension-posted failed status errors whose `error.code` is outside the first-version Agent Bridge error-code contract. The regression tests first failed because `MADE_UP_ERROR` terminalized the capture, then passed with `400 INVALID_REQUEST` and the capture left non-terminal so a valid failed status can still be submitted.
+- 2026-05-25 required-capabilities follow-up made background-side `START_AGENT_CAPTURE` validation reject missing first-version capabilities as `NOT_SUPPORTED` before resolving or opening a target tab. The regression test first failed on `BRIDGE_TRANSPORT_DISCONNECTED`, then passed with `details.missingCapability = "profileChunkTransport"` and no capture state.
+- 2026-05-25 forbidden start-payload follow-up made background-side `START_AGENT_CAPTURE` validation explicitly reject `bridgeToken`, callback URL, and profile wrapper fields as forbidden `INVALID_REQUEST` before target tab resolution or capture-state creation. The regression test first failed because these fields were consumed by the generic unknown-field guard.
+- 2026-05-25 Python bridge render-once parity follow-up added a Python fallback assertion that the first `/bridge` response renders a valid `bridgeToken`, while the second request for the same URL returns `409 / INVALID_REQUEST` and does not include an `spbt_...` token in the JSON body.
+- 2026-05-25 Python DNS policy parity follow-up extended the Python fallback URL policy fixture test to cover mixed public/private DNS answers, resolver exceptions, and empty resolver results as fail-closed outcomes, matching the JS bridge fixture coverage.
+- 2026-05-25 hello missing-capability diagnostics follow-up made `AGENT_BRIDGE_HELLO` return `details.missingCapability = "storageSession"` when the extension lacks `chrome.storage.session`, matching the first-version capability contract instead of returning only `NOT_SUPPORTED`.
+- 2026-05-25 request envelope mismatch follow-up added an import-time content client test proving a mismatched request endpoint response posts `failed / BRIDGE_REQUEST_MISMATCH` and sends no `AGENT_BRIDGE_HELLO` or `START_AGENT_CAPTURE` runtime message to background. The same test now records the actual content-side bridge HTTP calls and asserts request GET uses `Authorization: Bearer {bridgeToken}` while status POST uses both Bearer auth and `Content-Type: application/json`.
+- 2026-05-25 content observer injection follow-up made active observer injection find the ordinary observer by filename instead of relying on manifest ordering, and made Agent capture report observer injection failure or missing observer file as `TARGET_INJECTION_FAILED` rather than continuing after a swallowed injection error.
+- 2026-05-25 manifest contract follow-up pinned the exact permissions, content script scopes/order, and web-accessible-resource surface in `tests/agent-bridge-manifest.test.mjs`, so unrelated permission growth or agent-only resource exposure fails in local unit tests before release packaging.
+- 2026-05-25 bridge navigation-history follow-up made JS/Python bridge tests assert bridge URLs only contain `session`、`capture` 和 `nonce` query keys, and made the browser smoke bridge-page opener fail if CDP navigation history contains API/bridge token material or `apiToken` / `bridgeToken` / `authorization` query fields.
+- 2026-05-25 tech-only smoke follow-up added a live Chrome for Testing scenario for `include: ["tech"]`, proving the extension path does not emit profiler metadata or unrequested visual/layout/components/interaction/ux/assets data when those sections are not requested.
+- 2026-05-25 continuation CodeRabbit follow-up fixed malformed bridge config JSON normalization, JS/Python non-running phase regression checks, JS bridge per-capture status-update serialization, extension start serialization, storageSession preflight ordering, corrupted agent-capture session state validation/removal, profile-transfer disconnect logging, background runner rejection logging, Python max-open-connections normalization, capture-key separator rejection, and smoke harness bridge/CDP cleanup.
+- 2026-05-25 continuation CodeRabbit rerun returned 2 findings. The valid profiler finding was fixed so `boundingBoxes[].selector` preserves the matched selector instead of replacing it with tagName; the Python `rawHttp` duplicate finding was a false positive because the other helper is in a separate JS test module.
+- 2026-05-25 continuation CodeRabbit follow-up returned 5 more findings and all valid items were fixed: Python fallback non-UTF-8 request body now returns `INVALID_JSON`; content bridge config rejects non-numeric `protocolVersion`; CDP WebSocket pending requests reject on close/error; extension reload smoke records reload trigger failures; profile-transfer disconnect cleanup is surfaced through the caller. A later rerun returned 4 minor findings; valid fixes switched Python bridge-token claim time to the injected store clock, cleaned up incognito target tabs created by `chrome.tabs.create`, and made bridge-session lock cleanup synchronous. The remaining profiler selector finding was stale because current code and tests already preserve matched selectors.
+- 2026-05-25 continuation verification reran `pnpm run test:unit` with 165 tests passed, `pnpm run lint`, `pnpm run typecheck`, `pnpm run docs:build`, JS/Python syntax checks, and `git diff --check && git diff --cached --check`. Focused Agent Bridge tests passed 135 cases.
+- 2026-05-25 continuation browser smoke reran `tech-only`, `capture-busy`, `private-target-blocked`, `final-url-blocked`, `cleared-storage-session`, and `local-opt-in-disabled` against Chrome for Testing 147.0.7727.15 and current `/Volumes/Work/code/stackprism-1.3.70/dist`; all six scenarios passed with bridge stderr empty. Default `https://example.com` remains unsuitable in this environment because resolver output is `198.18.1.69`; direct public IP attempts created captures but Chrome reported `TARGET_LOAD_FAILED`, so those attempts are not counted as public complex-site pass evidence.
+- 2026-05-26 public complex-site smoke added and ran `STACKPRISM_BROWSER_SMOKE_SCENARIO=public-complex-target STACKPRISM_BROWSER_SMOKE_TARGET_URL=https://www.wikipedia.org/ STACKPRISM_BROWSER_SMOKE_CDP_PORT=9491 node tests/agent-bridge-browser-smoke.mjs`; Chrome for Testing 147.0.7727.15 loaded the current `dist`, resolver output was `www.wikipedia.org -> 198.18.0.19`, the scenario explicitly used `allowPrivateNetworkTarget = true`, capture completed with HTTP 200 profile schema `stackprism.site_experience_profile.v1`, final URL `https://www.wikipedia.org/`, non-empty visual/layout/component keys, no screenshot metadata or screenshot payload, no checked privacy leak markers, and empty bridge stderr. This closes the narrow public complex-site content-capture evidence gap for the current DNS-proxy environment, but it does not broaden the DNS/private-network policy matrix.
+- 2026-05-25 final continuation smoke reran `tech-only`, `cleared-storage-session`, and `final-url-blocked` on ports 9510, 9511, and 9512 after the CDP WebSocket cleanup and incognito-target cleanup fixes. All three passed against Chrome for Testing 147.0.7727.15 and current `/Volumes/Work/code/stackprism-1.3.70/dist`; bridge stderr remained empty.
+- 2026-05-25 final local continuation audit fixed four additional boundaries: `chrome.storage.local` opt-in read failures now fail closed as disabled; content bridge config rejects non-integer `protocolVersion`; ordinary local `/bridge` pages remain detectable unless strict Agent Bridge query identifiers are present; embedded `http(s)` URLs inside profile text/CSS strings are query-redacted and hash-stripped.
+- 2026-05-25 final local verification after formatting reran focused Agent Bridge tests (`tests/agent-bridge-handshake.test.mjs`, `tests/agent-capture-orchestration.test.mjs`, `tests/site-experience-profile.test.mjs`, `tests/stackprism-bridge.test.mjs`, `tests/stackprism_bridge_py.test.mjs`) with 148 tests passed, then reran `pnpm run test:unit` with 165 tests passed, `pnpm run lint`, `pnpm run typecheck`, `pnpm run docs:build`, changed-file Prettier check, and `git diff --check && git diff --cached --check`; all passed.
+- 2026-05-25 router exception redaction follow-up made Agent Bridge background router catch paths return only a generic `INVALID_REQUEST / Agent Bridge request failed.` response for unexpected `AGENT_BRIDGE_HELLO`、`START_AGENT_CAPTURE` 和 `AGENT_CAPTURE_CONTROL` exceptions, while logging through the background sanitizer. The regression test injects a storage exception containing `token=secret`, `nonce=`, `/bridge?`, and an `spb_...` token-like id, then verifies neither the bridge response nor `console.error` output contains those sensitive fragments. `node --test --test-timeout=120000 tests/agent-bridge-handshake.test.mjs tests/agent-capture-orchestration.test.mjs` passed with 66 tests.
+- 2026-05-25 router exception verification reran changed-file Prettier check, `pnpm run test:unit` with 166 tests passed, `pnpm run lint`, `pnpm run typecheck` including production build, and `pnpm run docs:build`; all passed.
+- 2026-05-25 startup env gate follow-up made JS `createBridgeServer({ env })` and Python fallback `create_server(..., env=...)` reject NUL-bearing `STACKPRISM_BROWSER_OPEN_COMMAND` / `STACKPRISM_BROWSER_OPEN_ARGS_JSON` before server bind or token creation, matching the CLI startup contract. The Python factory now passes the same validated env through to `open_browser`. Focused reruns passed: `tests/stackprism-bridge.test.mjs` 33 tests and `tests/stackprism_bridge_py.test.mjs` 37 tests.
+- 2026-05-25 startup env gate verification reran the complexity contract after compressing `http-server.mjs` back to 296 lines, changed-file Prettier check, JS syntax check, Python `py_compile`, Python `compileall` with `__pycache__` cleanup, `pnpm run test:unit` with 168 tests passed, `pnpm run lint`, `pnpm run typecheck` including production build, and `pnpm run docs:build`; all passed.
+- 2026-05-25 parsed browser-open args NUL follow-up extended the startup env gate to JSON-parsed `STACKPRISM_BROWSER_OPEN_ARGS_JSON` values. A string such as `["bad\\u0000arg"]` is now rejected as `BRIDGE_INVALID_ENV` before JS/Python server factories can bind a port or create a ready token; invalid JSON and non-array shapes still follow the existing `BROWSER_OPEN_FAILED / invalid_open_args` capture-time path. Focused reruns passed: `tests/stackprism-bridge.test.mjs` 33 tests and `tests/stackprism_bridge_py.test.mjs` 37 tests.
+- 2026-05-25 direct open-browser helper parsed args NUL follow-up made JS `openBrowser()` call the same env parser before `spawnSync`, so direct helper reuse returns `BRIDGE_INVALID_ENV` instead of degrading to `spawn_failed`; Python `open_browser()` helper keeps the same parsed-NUL assertion. Focused reruns passed: `tests/stackprism-bridge.test.mjs` 34 tests and `tests/stackprism_bridge_py.test.mjs` 37 tests.
+- 2026-05-25 direct open-browser helper verification reran focused JS/Python bridge plus complexity tests with 72 tests passed, changed-file Prettier check, JS syntax check, Python `py_compile`, Python `compileall` with `__pycache__` cleanup, `pnpm run test:unit` with 169 tests passed, `pnpm run lint`, `pnpm run typecheck` including production build, and `pnpm run docs:build`; all passed.
+- 2026-05-25 smoke cleanup follow-up changed the browser smoke harness to stop each JS bridge with `stopBridge()`, wait for the child process to exit, and confirm the prior `/health` endpoint is no longer reachable before cleanup returns. A rerun of `STACKPRISM_BROWSER_SMOKE_SCENARIO=tech-only STACKPRISM_BROWSER_SMOKE_CDP_PORT=9520 node tests/agent-bridge-browser-smoke.mjs` passed against Chrome for Testing 147.0.7727.15 and current `dist`; because all scenario finally blocks now await `stopBridge()`, the pass also proves no JS bridge listener remained on that scenario's port.
+- 2026-05-25 targetMode query live smoke follow-up added `STACKPRISM_BROWSER_SMOKE_SCENARIO=target-mode-query-boundaries`. The rerun on port 9521 passed against Chrome for Testing 147.0.7727.15 and current `dist`: with an existing tab at the same origin/path but a different query, `reuse_or_new_tab` opened a separate target tab and completed; because that capture used `keepTabOpen=true`, the smoke now records `keepTabOpenWasTrue = true` and `keptNewTargetTabId` before scenario cleanup. With a previous active tab at the same origin/path but different query, `active_tab` failed as `ACTIVE_TAB_MISMATCH` and did not open the requested target URL.
+- 2026-05-25 sequential capture pressure smoke follow-up added `STACKPRISM_BROWSER_SMOKE_SCENARIO=sequential-capture-pressure`. The rerun on port 9522 passed against Chrome for Testing 147.0.7727.15 and current `dist`: one JS bridge and one Chrome profile completed four consecutive fixture captures, each ending in `completed / cleanup`; every profile read returned HTTP 200, `/health.activeCaptures` returned 0 after each round, no owned target tab remained visible, and bridge stderr was empty.
+- 2026-05-25 final private URL smoke follow-up added `STACKPRISM_BROWSER_SMOKE_SCENARIO=final-private-url-blocked`. The rerun on port 9523 passed against Chrome for Testing 147.0.7727.15 and current `dist`: a public-IP literal initial target was served through a local HTTP proxy and redirected to a `127.0.0.1` final URL; the bridge rejected the `target_loaded` update as `FINAL_URL_BLOCKED / private_network_address`, the profile endpoint returned 409, the owned target tab was not visible afterward, both proxy and private final targets were reached, and bridge stderr was empty.
+- 2026-05-25 final DNS policy smoke follow-up added `STACKPRISM_BROWSER_SMOKE_SCENARIO=final-dns-policy-blocked`. The rerun on port 9524 passed against Chrome for Testing 147.0.7727.15 and current `dist`: a public-IP literal initial target was served through a local HTTP proxy and redirected to `stackprism-browser-smoke.invalid`; the current resolver classified that final hostname as private/non-global, so the bridge rejected the `target_loaded` update as `FINAL_URL_BLOCKED / private_network_address`, the profile endpoint returned 409, the owned target tab was not visible afterward, both proxy and final target requests were observed, and bridge stderr was empty.
+- 2026-05-25 final DNS lookup failed smoke follow-up added `STACKPRISM_BROWSER_SMOKE_SCENARIO=final-dns-lookup-failed`. The rerun on port 9542 passed against Chrome for Testing 147.0.7727.15 and current `dist`: a public-IP literal initial target was served through a local HTTP proxy and redirected to an oversized-label hostname; the bridge rejected the `target_loaded` update as `FINAL_URL_BLOCKED / dns_lookup_failed`, the profile endpoint returned 409, the owned target tab was not visible afterward, both proxy and final target requests were observed, and bridge stderr was empty.
+- 2026-05-25 DNS lookup failed smoke follow-up added `STACKPRISM_BROWSER_SMOKE_SCENARIO=dns-lookup-failed`. The rerun on port 9541 passed against the real JS bridge process: the current production resolver returned `ENOTFOUND` for a 64-character label hostname, capture creation returned `400 / TARGET_DNS_LOOKUP_FAILED / dns_lookup_failed`, `/health.activeCaptures` stayed 0 after rejection, and bridge stderr was empty.
+- 2026-05-25 target navigated away smoke follow-up added `STACKPRISM_BROWSER_SMOKE_SCENARIO=target-navigated-away`. The rerun on port 9525 passed against Chrome for Testing 147.0.7727.15 and current `dist`: after capture reached `target_loaded`, the harness requested an owned target tab navigation to the same origin but a different path; the Agent-observed status failed as `TARGET_NAVIGATED_AWAY` with `details.finalUrlChanged = true`, the profile endpoint returned 409, the owned target tab was not visible afterward, and bridge stderr was empty.
+- 2026-05-25 target load failed smoke follow-up added `STACKPRISM_BROWSER_SMOKE_SCENARIO=target-load-failed`. The rerun on port 9526 passed against Chrome for Testing 147.0.7727.15 and current `dist`: a local fixture accepted the target navigation and then closed the socket, Chrome emitted a main-frame load failure, the Agent-observed status failed as `TARGET_LOAD_FAILED`, the profile endpoint returned 409 instead of a browser error-page profile, the owned target tab was closed, and bridge stderr was empty.
+- 2026-05-25 target load timeout smoke follow-up added `STACKPRISM_BROWSER_SMOKE_SCENARIO=target-load-timeout`. Initial reruns on ports 9530, 9531, 9532, and 9533 exposed a real gap: slow target loading was observed by the Agent as generic `CAPTURE_TIMEOUT` because the bridge server deadline won when the MV3 worker did not produce a target-specific timeout first. The fix maps JS/Python bridge timeouts in `target_opening` phase to `TARGET_LOAD_TIMEOUT` and gives extension-side target load waiting a 5 second bridge reporting margin. The rerun on port 9534 passed against Chrome for Testing 147.0.7727.15 and current `dist`: a slow local fixture exceeded the target load window, the Agent-observed status failed as `TARGET_LOAD_TIMEOUT`, the profile endpoint returned 409, the owned target tab was closed, and bridge stderr was empty.
+- 2026-05-25 bridge iframe smoke follow-up added `STACKPRISM_BROWSER_SMOKE_SCENARIO=bridge-iframe-blocked`. The rerun on port 9536 passed against Chrome for Testing 147.0.7727.15 and current `dist`: a local attacker page attempted to embed a real `bridgeUrl` in an iframe, the attacker parent DOM and accessible frame document did not contain `spbt_`, the subsequent top-level first `/bridge` render still returned 200 with the one-time `bridgeToken`, cleanup DELETE returned 200, and bridge stderr was empty.
+- 2026-05-25 Task 10 command-mouth verification reran the three required one-file `prettier --file-info` commands. `agent-skill/stackprism-site-experience/scripts/stackprism-bridge.mjs`, `agent-skill/stackprism-site-experience/scripts/bridge/http-server.mjs`, and `docs/reviews/CR-AGENT-BRIDGE-E2E-2026-05-22.md` all returned `"ignored": false`.
+- 2026-05-25 Task 10 build verification reran `pnpm run build:injected` and standalone `pnpm run build`. Both exited 0; `build:injected` regenerated all three injected IIFE files, and the Vite production build regenerated the current `dist/` extension output.
+- 2026-05-25 wrong-profile smoke follow-up added `STACKPRISM_BROWSER_SMOKE_SCENARIO=wrong-profile-extension-missing`. The rerun on port 9537 passed against Chrome for Testing 147.0.7727.15 and current `dist`: the bridge auto-open helper opened the nonce-scoped bridge URL in a temporary Chrome profile without StackPrism loaded, the capture failed as `EXTENSION_NOT_CONNECTED`, the profile endpoint returned 409, the target probe server observed `targetRequestCount = 0`, and bridge stderr was empty. Together with the earlier custom-open success path, this proves the non-default browser/profile routing guidance has both fail and success live evidence.
+- 2026-05-25 host validation smoke follow-up added `STACKPRISM_BROWSER_SMOKE_SCENARIO=host-validation`. The rerun on port 9538 passed against the real JS bridge process using raw TCP requests: `/health` with the exact `127.0.0.1:{port}` Host returned 200, while `localhost:{port}`, wrong port, and `[::1]:{port}` returned 400 `INVALID_REQUEST`; `/bridge` with wrong Host returned 400 without `spbt_`, the subsequent correct-host first `/bridge` render returned 200 with `spbt_`, the Bearer status endpoint rejected wrong Host before business auth and accepted correct Host, the target probe count stayed 0, and bridge stderr was empty.
+- 2026-05-25 response headers/CORS live smoke follow-up added `STACKPRISM_BROWSER_SMOKE_SCENARIO=response-headers-cors`. The rerun on port 9539 passed against the real JS bridge process: capture status GET, request GET, control GET, and status POST returned 200 with `Cache-Control: no-store` and `X-Content-Type-Options: nosniff`; profile GET returned 409 with the same JSON security headers plus `Referrer-Policy: no-referrer`; `OPTIONS /v1/captures` returned 405 without `Access-Control-Allow-*`; cross-site Origin capture creation, cross-site Referer status query, and `Sec-Fetch-Site: cross-site` status query returned 403 `ORIGIN_NOT_ALLOWED`; the target probe count stayed 0, cleanup DELETE returned 200, and bridge stderr was empty.
+- 2026-05-25 connection pressure smoke follow-up added `STACKPRISM_BROWSER_SMOKE_SCENARIO=connection-pressure`. The rerun on port 9540 passed against the real CLI JS bridge with default `maxOpenConnections = 20`: twenty half-open `/health` connections filled the active connection limit, the next `/health` request was reset with `ECONNRESET` and no body instead of reaching business routing, releasing one held connection allowed `/health` to recover with `HTTP/1.1 200 OK`, and bridge stderr was empty.
+- 2026-05-25 service worker idle wake smoke follow-up added `STACKPRISM_BROWSER_SMOKE_SCENARIO=service-worker-idle-wake`. The rerun on port 9544 passed against Chrome for Testing 147.0.7727.15 and current `dist`: after setting local opt-in, the initial service worker target naturally disappeared from CDP after 31 seconds of idle, the bridge page woke a new service worker target, the fixture capture completed with profile HTTP 200 and `stackprism.site_experience_profile.v1`, and bridge stderr was empty.
+- 2026-05-25 running-capture idle probe used a one-off slow-target capture on port 9545. After the bridge page registered the profile-transfer port and the target tab was opened, the harness closed its service-worker CDP session and waited 75 seconds. Chrome for Testing 147.0.7727.15 did not naturally remove the service worker target during that active capture window; the capture instead failed cleanly as `TARGET_LOAD_TIMEOUT`, the owned target page was no longer visible, and bridge stderr was empty. This is negative evidence for the live trigger, not proof that running-capture idle eviction is covered.
+- 2026-05-26 running-capture idle probe repeated the same best-effort shape on port 9650 after fixing cleanup in the one-off script. After 75 seconds, Chrome for Testing 147.0.7727.15 still showed the service worker target as visible during the active capture window; the capture failed closed as `TARGET_LOAD_TIMEOUT`, the owned target was no longer visible, and bridge stderr was empty. This confirms the current local Chrome run still does not naturally trigger running-capture idle eviction, while the fail-closed cleanup path remains observable.
+- 2026-05-25 browser-managed unpacked reload smoke follow-up added `STACKPRISM_BROWSER_SMOKE_SCENARIO=browser-extension-reloaded`. The rerun on port 9547 passed against Chrome for Testing 147.0.7727.15 and current `dist`: during a running slow-fixture capture, the smoke clicked the unpacked extension card's `#dev-reload-button` in `chrome://extensions`, the Agent-observed bridge status failed as `BRIDGE_TRANSPORT_DISCONNECTED`, the profile endpoint returned 409 instead of a fake profile, the owned target page was no longer visible, and bridge stderr was empty. This proves browser-managed reload for the unpacked extension in the temporary profile, not Chrome Web Store or Edge Add-ons rollout behavior.
+- 2026-05-25 incognito bridge probe follow-up added `STACKPRISM_BROWSER_SMOKE_SCENARIO=incognito-bridge-probe`. The rerun on port 9549 passed against Chrome for Testing 147.0.7727.15 and current `dist`: the smoke enabled the temporary profile's `allow-incognito` extension toggle through `chrome://extensions`, confirmed the setting was enabled and restart-required, wrote local Agent Bridge opt-in before restart, then reopened the same profile and created a CDP incognito browser context for the bridge URL. In this environment the CDP incognito context did not connect the extension content script, so the Agent-observed status failed as `EXTENSION_NOT_CONNECTED` rather than reaching the extension-side `INCOGNITO_NOT_SUPPORTED` branch; the profile endpoint returned 409, the target probe request count stayed 0, and bridge stderr was empty. This is valid fail-closed skip evidence for the plan's incognito live-test rule, not proof that the exact live incognito metadata rejection path ran.
+- 2026-05-26 incognito window bridge probe follow-up added `STACKPRISM_BROWSER_SMOKE_SCENARIO=incognito-window-bridge-probe`. The rerun on port 9554 passed against Chrome for Testing 147.0.7727.15 and current `dist`: the smoke enabled the same temporary profile's `allow-incognito` extension toggle through `chrome://extensions`, restarted Chrome with `--incognito`, opened the bridge URL in that window, and again failed closed as `EXTENSION_NOT_CONNECTED` before the target probe was fetched. The profile endpoint returned 409, target request count stayed 0, and bridge stderr was empty. This second browser path strengthens the environment skip evidence, but still does not prove the exact extension-side `INCOGNITO_NOT_SUPPORTED` live metadata branch.
+- 2026-05-26 content incognito context follow-up added a RED/GREEN content-client contract for `chrome.extension.inIncognitoContext === true`: before the fix the bridge client attempted `/request` and reported `PROFILE_TRANSPORT_FAILED`; after the fix `node --test --test-timeout=60000 tests/agent-bridge-handshake.test.mjs` passed with 18 tests and verifies the client posts `failed / INCOGNITO_NOT_SUPPORTED` before loading `/request`, registering runtime status listeners, sending `AGENT_BRIDGE_HELLO`, or sending `START_AGENT_CAPTURE`.
+- 2026-05-26 content incognito context follow-up reran `STACKPRISM_BROWSER_SMOKE_SCENARIO=incognito-window-bridge-probe STACKPRISM_BROWSER_SMOKE_CDP_PORT=9612 node tests/agent-bridge-browser-smoke.mjs` after a fresh `pnpm run typecheck` build. Chrome for Testing 147.0.7727.15 loaded current `dist`; the environment still did not connect the extension content script in the `--incognito` bridge window, so the live result remained `failed / EXTENSION_NOT_CONNECTED`, profile endpoint 409, target request count 0, and bridge stderr empty. This preserves the live skip evidence while the exact content-client incognito branch is now covered by unit test.
+- 2026-05-25 resource timeouts smoke follow-up added `STACKPRISM_BROWSER_SMOKE_SCENARIO=resource-timeouts`. The latest rerun on port 9561 passed against the real JS bridge process with default resource policy: a partial slow header request to `/health` returned `HTTP/1.1 408 Request Timeout` after about 5 seconds and did not include the `/health` business body; a subsequent complete `/health` request returned `HTTP/1.1 200 OK`; a partial slow body `POST /v1/captures` returned `HTTP/1.1 408 Request Timeout` after about 10 seconds and did not create a `cap_` capture; a subsequent `/health` returned 200 with `"activeCaptures":0`; a keep-alive `/health` connection received an initial 200 response and was closed by the server after the default idle window; a subsequent `/health` request returned 200; bridge stderr was empty.
+- 2026-05-26 rate-limit smoke follow-up added `STACKPRISM_BROWSER_SMOKE_SCENARIO=rate-limit`. The rerun on port 9562 passed against the real CLI JS bridge process with default production thresholds: the first capture creation returned 200, create attempts 2 through 10 failed as `429 / CAPTURE_BUSY`, the 11th create request returned `429 / RATE_LIMITED`, 120 authenticated status reads returned 200, the 121st status read returned `429 / RATE_LIMITED`, target request count was 0, cleanup DELETE returned 200, and bridge stderr was empty.
+- 2026-05-26 profile rate-limit smoke follow-up added `STACKPRISM_BROWSER_SMOKE_SCENARIO=profile-rate-limit`. The rerun on port 9564 passed against the real CLI JS bridge process with default production query threshold: 120 authenticated `/profile` reads reached the profile endpoint and returned `409 / INVALID_REQUEST` because the capture was not completed, the 121st profile read returned `429 / RATE_LIMITED`, target request count was 0, cleanup DELETE returned 200, and bridge stderr was empty.
+- 2026-05-26 target URL validation smoke follow-up added `STACKPRISM_BROWSER_SMOKE_SCENARIO=target-url-validation`. The rerun on port 9563 passed against the real CLI JS bridge process: unsupported protocol and credential URL capture creation returned `400 / INVALID_REQUEST`, loopback private target returned `400 / PRIVATE_NETWORK_TARGET_BLOCKED`, bridge self-target returned `400 / BRIDGE_SELF_TARGET_BLOCKED`, `/health.activeCaptures = 0`, target request count was 0, and bridge stderr was empty. This is creation-stage target policy evidence, not a full DNS/private-network live matrix.
+- 2026-05-25 release workflow gate follow-up tightened `.github/workflows/release-extension.yml` so agent-only path patterns are rejected at any `dist/` depth, not only top-level package paths. The focused rerun `node --test --test-timeout=60000 tests/release-workflow.test.mjs tests/agent-bridge-manifest.test.mjs` passed with 9 tests, covering manifest exposure contracts plus release workflow gate order, `externally_connectable` rejection, nested `dist/assets/agent-skill/` rejection, repo-local JS bridge helper rejection, and web-accessible agent-only resource rejection.
+- 2026-05-25 release workflow gate follow-up then reran `pnpm run test:unit`: 173 tests passed, 0 failed.
+- 2026-05-25 release workflow gate follow-up extracted the updated inline hygiene script from `.github/workflows/release-extension.yml` and ran it against the current `dist/`: exit code 0. A separate `find dist` scan for nested `agent-skill`, `docs/superpowers`, `tests`, Python artifacts, `__pycache__`, local bridge server entrypoints, and repo-local JS bridge helper source files produced no output. `dist/manifest.json` reported `hasExternallyConnectable: false`.
+- 2026-05-25 JS CLI invalid port ready gate follow-up added a regression test for `STACKPRISM_BRIDGE_PORT=''`. The rerun `node --test --test-timeout=60000 tests/stackprism-bridge.test.mjs` passed with 35 tests; the new case verifies the CLI exits non-zero with `BRIDGE_INVALID_ENV`, writes no stdout ready JSON, and does not emit an API token material. The follow-up reran `pnpm run test:unit`: 174 tests passed, 0 failed.
+- 2026-05-25 JS CLI occupied port ready gate follow-up added a regression test for `STACKPRISM_BRIDGE_PORT=<已占用端口>`. The rerun `node --test --test-timeout=60000 tests/stackprism-bridge.test.mjs` passed with 36 tests; the new case verifies the CLI exits non-zero with `PORT_IN_USE`, writes no stdout ready JSON, and does not emit an API token material. The follow-up reran `pnpm run test:unit`: 175 tests passed, 0 failed.
+- 2026-05-25 Python fallback CLI ready gate follow-up strengthened the existing invalid-port and occupied-port assertions. The rerun `node --test --test-timeout=60000 tests/stackprism_bridge_py.test.mjs` passed with 37 tests; the port-gate case now verifies both `BRIDGE_INVALID_ENV` and `PORT_IN_USE` write no stdout ready JSON and do not emit an API token material. The follow-up reran `pnpm run test:unit`: 175 tests passed, 0 failed.
+- 2026-05-25 cross-site bridge render gate follow-up added JS/Python regression tests for real `bridgeUrl` requests with attacker `Referer` and `Sec-Fetch-Site: cross-site`. The reruns passed with 37 JS bridge tests and 38 Python fallback tests; both implementations return `403 / ORIGIN_NOT_ALLOWED` without `spbt_` in the body, and the same `bridgeUrl` can still be opened once afterward to render the bridge token, proving cross-site probes do not consume the one-time token.
+- 2026-05-25 authority-form request target follow-up first observed RED behavior: JS bridge returned an empty response for `CONNECT 127.0.0.1:{port} HTTP/1.1`, and Python fallback returned the standard-library `501` HTML response. After adding explicit JS `connect` handling and Python `do_CONNECT`, the reruns passed with 37 JS bridge tests and 38 Python fallback tests; both implementations now return JSON `400 / INVALID_REQUEST` before business routing for authority-form request targets.
+- 2026-05-25 authority-form verification reran the Agent Bridge helper complexity contract after compressing `http-server.mjs` back under the 300-line budget, reran `node --test --test-timeout=60000 tests/stackprism-bridge.test.mjs`, and reran `pnpm run test:unit`; the final unit run passed 177 tests, 0 failed. `pnpm run docs:build`, changed-file Prettier check, `git diff --check && git diff --cached --check`, and the repo-local `__pycache__` cleanup check also passed.
+- 2026-05-25 missing Host gate follow-up added explicit JS/Python raw HTTP/1.1 requests without a `Host` header. The JS RED run returned Node's default empty `400` response without the bridge error envelope; after setting the JS server to let missing-Host requests enter the bridge shell validator, the focused rerun passed with 37 JS bridge tests. Python fallback already returned JSON `400 / INVALID_REQUEST`, and its focused rerun passed with 38 tests.
+- 2026-05-25 profile redaction follow-up added a RED regression test for sensitive object keys and externally supplied `limitations` inside profile input. The failing case showed that values were redacted but keys such as `token=secret` and limitation strings could still survive serialization. The fix now redacts object keys with collision-safe suffixes and runs external limitations through the same text redaction path. The focused rerun `node --test --test-timeout=60000 tests/site-experience-profile.test.mjs` passed with 16 tests, the adjacent profile/profiler rerun passed with 20 tests, and `pnpm run test:unit` passed with 178 tests.
+- 2026-05-25 token-like redaction follow-up extended the same RED case to camelCase and compound sensitive field names such as `apiToken=...`, `sessionId=...`, `secretKey=...`, and `bridgeToken=...`. The fix updates both profile-builder redaction and injected profiler text redaction to treat any field name containing token/session/auth/key/signature/password/cookie style substrings as sensitive. The focused rerun `node --test --test-timeout=60000 tests/site-experience-profile.test.mjs` passed with 16 tests, the adjacent profiler/orchestration rerun passed with 73 tests, and `pnpm run test:unit` passed with 180 tests.
+- 2026-05-25 request body over-limit close follow-up added a RED regression check for the JS bridge body reader. The failing case showed `readJson()` stopped consuming after the body exceeded the configured limit but did not return a close marker for the HTTP layer. The fix now returns `close: true` for the 413 over-limit result, so the existing response helper emits `Connection: close`. The focused rerun `node --test --test-timeout=60000 tests/stackprism-bridge.test.mjs` passed with 37 tests, and the Python fallback parity rerun `node --test --test-timeout=60000 tests/stackprism_bridge_py.test.mjs` passed with 38 tests.
+- 2026-05-25 profile transfer hash-binding follow-up added a RED regression test for BEGIN/COMPLETE metadata mismatch: content-side transfer handling accepted a COMPLETE message with the real payload hash even when BEGIN announced a different `sha256`. The fix stores BEGIN `sha256` in transfer state and requires COMPLETE metadata plus computed bytes to match that original hash. The focused rerun `node --test --test-timeout=60000 tests/agent-bridge-handshake.test.mjs` passed with 15 tests, and `tests/agent-capture-orchestration.test.mjs` passed with 53 tests.
+- 2026-05-25 profile transfer BEGIN metadata follow-up added a RED regression test for invalid transfer metadata being accepted before buffering chunks: non-hex `sha256`, chunk count that does not match `byteLength / 384 KiB`, and payload size above the 8 MiB profile limit. The fix rejects invalid BEGIN metadata before allocating transfer state. The focused rerun `node --test --test-timeout=60000 tests/agent-bridge-handshake.test.mjs` passed with 16 tests, and `tests/agent-capture-orchestration.test.mjs` passed with 53 tests.
+- 2026-05-25 request envelope strict-shape follow-up added a RED regression test for content-side `GET /request` envelope validation: the bridge content client accepted extra `bridgeToken` / `profileUrl` fields even though the API contract says the request response must not contain tokens, profile body, or callback URL. The fix makes `validateCaptureRequestEnvelope` reject unknown envelope keys, and JS/Python bridge tests now lock `/request` response keys to exactly `captureId`, `sessionId`, `nonce`, `protocolVersion`, and `request`. The focused reruns passed: `node --test --test-timeout=60000 tests/agent-bridge-handshake.test.mjs` with 16 tests, and `tests/stackprism-bridge.test.mjs tests/stackprism_bridge_py.test.mjs` with 75 tests.
+- 2026-05-25 start rejection cleanup follow-up added a RED regression test for early `START_AGENT_CAPTURE` validation failures leaving a registered bridge session after rejecting unknown top-level fields. The fix clears the bridge session on early start rejection before target resolution, and reuses the same cleanup path for request validation, opt-in disabled, busy, incognito, and target-resolution failures. The focused rerun `node --test --test-timeout=60000 tests/agent-capture-orchestration.test.mjs` passed with 53 tests.
+- 2026-05-25 content hello capability detail follow-up added a RED regression test for a defensive content-side path where `AGENT_BRIDGE_HELLO` returns success but omits a required capability. The failing case posted `NOT_SUPPORTED` without `details.missingCapability`. The fix now reports the missing capability name before opening the profile transfer port or sending `START_AGENT_CAPTURE`. The focused rerun `node --test --test-timeout=60000 tests/agent-bridge-handshake.test.mjs` passed with 17 tests.
+- 2026-05-25 concurrent profile POST follow-up added a RED regression test for JS bridge once-only profile submission. The failing case posted the same capture profile concurrently and received two successful 200 responses. The fix rechecks terminal state inside the per-capture lock after body parsing, so one request completes and the loser returns `409 / CAPTURE_ALREADY_COMPLETED`. Python fallback already used the same lock-after-parse pattern; this turn added a parity regression test.
+- 2026-05-25 completed control follow-up added a RED regression test for terminal control semantics. The failing case showed JS bridge and Python fallback still returned `command = "continue"` after a successful profile POST had moved the capture to `completed`; both now return `command = "cancel"` with `status = "completed"`. The focused rerun `node --test --test-timeout=60000 tests/stackprism-bridge.test.mjs tests/stackprism_bridge_py.test.mjs` passed with 77 tests.
+- 2026-05-26 Python identifier fixture follow-up added the missing `tests/fixtures/bridge-protocol-identifiers.json` contract coverage to `tests/stackprism_bridge_py.test.mjs`. The Python fallback now verifies every documented valid and invalid `apiToken`、`bridgeToken`、`captureId`、`sessionId`、`nonce`、`profileTransferId` and CSP nonce fixture against `valid_id()`, matching the JS bridge fixture-driven contract. The focused rerun `node --test --test-timeout=60000 tests/stackprism_bridge_py.test.mjs` passed with 40 tests.
+- 2026-05-26 browser-open invalid args/argv follow-up added JS/Python capture API coverage for invalid `STACKPRISM_BROWSER_OPEN_ARGS_JSON`: invalid JSON, non-array values, and non-string elements now all return `500 / BROWSER_OPEN_FAILED` with `details.reason = invalid_open_args`, preserving the plan distinction from startup NUL failures. The same follow-up added direct helper tests with a fake command to prove a bridge URL containing `?`, `&`, spaces, quotes, and shell metacharacters is appended as one final argv instead of being shell-split or interpolated. The focused rerun `node --test --test-timeout=60000 tests/stackprism-bridge.test.mjs tests/stackprism_bridge_py.test.mjs` passed with 88 tests, and changed-file Prettier check passed.
+- 2026-05-26 browser smoke token-prefix redaction follow-up removed `apiTokenPrefix` from smoke stdout summaries and replaced it with `apiTokenPresent: true/false`, so smoke logs and copied report evidence no longer include the fixed token prefix. A new static contract test `tests/agent-bridge-browser-smoke-output.test.mjs` rejects future `apiTokenPrefix`、`bridgeTokenPrefix` or `tokenPrefix` output helpers. Focused checks passed: `node --test --test-timeout=60000 tests/agent-bridge-browser-smoke-output.test.mjs`, `node --check tests/agent-bridge-browser-smoke.mjs`, `node --check tests/helpers/agent-bridge-browser-smoke-harness.mjs`, and changed-file Prettier check.
+- 2026-05-25 start rejection cleanup verification reran changed-file Prettier check, `pnpm run test:unit` with 180 tests passed, `pnpm run docs:build`, `git diff --check`, `git diff --cached --check`, and the repo-local `__pycache__` cleanup check; all passed.
+
+Environment note:
+
+- Local Google Chrome rejected command-line unpacked extension loading with `--load-extension is not allowed in Google Chrome, ignoring.` and `--disable-extensions-except is not allowed in Google Chrome, ignoring.` This was an environment limitation, not a StackPrism runtime failure. Chrome for Testing was used for repeatable automation.
+
+## Dist Hygiene
+
+Observed after the latest production build:
+
+- `dist/manifest.json` has no `externally_connectable`.
+- `dist/` scan found no `agent-skill/`, `docs/superpowers/`, `tests/`, Python source, Python bytecode, `__pycache__`, local bridge server entrypoints, or repo-local JS bridge helper source files.
+- `web_accessible_resources` does not expose `injected/experience-profiler.iife.js`.
+- Manifest source contract now pins the exact allowed permissions, ordinary observer and loopback bridge content script boundaries, and the single allowed web-accessible-resource block.
+- CRXJS-generated Agent Bridge content script chunks appear only under the `http://127.0.0.1/*` loopback match. The release boundary remains fail-closed for `injected/experience-profiler.iife.js`, repo-local skill files, local bridge server entry points, repo-local JS bridge helper source files, Python artifacts, tests, docs/superpowers, and `externally_connectable`.
+
+## Review State
+
+Local automated checks listed above passed.
+
+External review status:
+
+- Claude final read-only rerun reported `NO BLOCKERS` after the 2026-05-23 Python fallback refactor, and a later scoped rerun reported no blockers for content-side terminal status phase normalization. Earlier valid findings were fixed: Python chunked body handling, smoke browser discovery, `visibilitychange` false `BRIDGE_TAB_CLOSED`, terminal control-poll cleanup, full error-code recognition, smoke timeout clarity, Python fallback missing-capture DELETE `404`, `safe_equal` truncation, origin-level bridge self-target parity, and ThreadingHTTPServer lock scope.
+- Gemini final read-only rerun reported `NO BLOCKERS` after the 2026-05-23 Python fallback lock-scope refactor, and a later scoped rerun reported `NO BLOCKERS` for content-side terminal status phase normalization. Earlier valid findings were fixed: `profileTransferDeadlineAt` recovery reconciliation, Python final URL self-target parity, Python lock critical-section scope, public terminal phase consistency, final URL requirement handling, and omitted-phase terminal status serialization.
+- Sourcery scoped rerun on the changed Python fallback files initially reported non-blocking quality issues in `body.py` and `url_policy.py`; both were fixed, and the final rerun reported no findings.
+- CodeRabbit limited/free CLI review produced valid findings that were fixed: bridge control polling cleanup, request envelope validation, detection timeout boundary, duplicate detection flow, omitted CSS rule counting, Python `open_browser()` validation and spawn details, smoke browser discovery, redundant profile JSON parse, detector settings local fallback, capture-state removal concurrency, JS HTML escaping simplification, Agent capture main-header fallback/bundle license scheduling, Python fallback missing-capture DELETE `404`, Python rate/status/profile locking, background/content silent error logging, deadline validation, message-router cancel promise propagation, content `waitMs` validation, Python public status parity, profile chunk length error-code parity, fail-closed cleanup state removal, shared status protocol constants, and deadline-bounded `__SP_RULES__` cleanup. The last completed limited/free CLI review left no unaddressed blocking findings after review; a later attempt did not complete findings output and is not counted as evidence.
+
+Release and privacy wording review:
+
+- `README.md`, `docs/guide/basic-usage.md`, `docs/config/index.md`, `docs/dev/agent-bridge.md`, `docs/dev/release.md`, and `PRIVACY.md` now consistently state that Agent Bridge is opt-in, local-profile scoped, disabled by default, limited to `127.0.0.1` loopback transfer, not a remote upload to StackPrism, and not intended to collect Cookie, Authorization, localStorage/sessionStorage plaintext, or complete sensitive text.
+- `.github/workflows/release-extension.yml` now runs lint, unit tests, typecheck/build, docs build, and a `dist/` boundary check before uploading release assets. The boundary check fails if `dist/manifest.json` exposes `externally_connectable`, if bridge-only paths are exposed as web accessible resources, or if agent skill, tests, Python source, bytecode, repo-local JS bridge helper source files, or other agent-only artifacts enter `dist/`, including nested agent-only directories under bundled asset paths. The workflow also fails before packaging when Agent Bridge appears in loopback content scripts or loopback web accessible resources unless maintainers confirm store disclosure with `agent_bridge_disclosure_confirmed=true` for workflow_dispatch or a checked `- [x] Agent Bridge disclosure confirmed` release-note line.
+
+## Remaining Risks
+
+- Real browser destructive lifecycle cases are still not fully exercised live for Chrome Web Store / Edge Add-ons update rollout and running-capture idle-driven service worker eviction. Unit tests cover the extension-side fail-closed handlers for these paths, including Port disconnect, active-tab stale/update paths, service worker restart fail-closed notification, extension lifecycle wake recovery from `onInstalled`, cleared storage-session recovery no-op behavior, start-time opt-in recheck before target resolution when settings were disabled after bridge registration, running local opt-in disable cleanup before badge refresh can delay it, owned target cleanup failure observability without leaving capture state, and state/session cleanup failure observability without hiding later cleanup actions. Chrome for Testing smoke now covers target tab closure, target main-frame load failure, target load timeout, target navigated away after `target_loaded`, bridge tab closure, Agent-initiated cancellation cleanup of an owned target tab, running local opt-in disable fail-closed cleanup, browser-level user disable through `chrome://extensions`, browser-managed unpacked extension reload through `chrome://extensions`, persisted deadline reconciliation through a subsequent tab event after `target_loaded`, forced service worker target termination via CDP, service worker natural idle before capture start followed by bridge-page wake and successful capture, extension reload interruption via `chrome.runtime.reload()`, and a separate destructive `chrome.storage.session.clear()` plus reload fail-closed scenario. Two best-effort running-capture idle probes did not trigger natural worker eviction within 75 seconds while the bridge profile-transfer port was registered; the latest port 9650 probe still saw the worker visible and then failed closed as `TARGET_LOAD_TIMEOUT` with target cleanup. This remains a live coverage gap rather than an achieved requirement.
+- JS bridge and Python fallback cover the current local HTTP policy matrix, including slow body/header timeout behavior, oversized body fail-fast with connection close, configured active connection limit rejection, and low-threshold API rate limiting. Chrome smoke now covers the first live concurrency guard for running capture plus `CAPTURE_BUSY`; JS bridge smoke covers default active connection pressure with 20 held sockets plus recovery after release, default slow header/body timeout behavior with post-timeout `/health` recovery and `activeCaptures = 0`, default keep-alive idle close with subsequent `/health` recovery, and default API rate limits for create/status reads. The suite still does not exhaustively test long-duration load, broader real-browser concurrency pressure, or every resource exhaustion case from the original plan.
+- Real browser DNS/private-network behavior is covered through fixture-backed JS/Python policy tests, local fixture smoke, a live initial private literal target block smoke, a live resolver rewrite to `198.18.0.12` block smoke, a live DNS lookup failed smoke, a live redirect-to-bridge-origin final URL block smoke, a live public-IP-to-private-final redirect smoke, a live public-IP-to-DNS-policy-final redirect smoke, a live public-IP-to-DNS-lookup-failed final redirect smoke, a real CLI target URL validation smoke for unsupported protocol/credential/loopback/self-target creation rejection, and one explicit public complex-site smoke for `https://www.wikipedia.org/` using `allowPrivateNetworkTarget = true` because this resolver maps it to `198.18.0.19`. This is not a broad live network matrix.
+- Incognito live metadata rejection is still not fully run in Chrome for Testing smoke. The `incognito-bridge-probe` scenario confirmed the temporary profile's unpacked extension can be enabled for incognito and survives same-profile restart, but the CDP-created incognito context did not load the extension content script and therefore failed as `EXTENSION_NOT_CONNECTED` before the background could observe `sender.tab.incognito`. The `incognito-window-bridge-probe` scenario then reopened the same profile with `--incognito` and reached the same fail-closed `EXTENSION_NOT_CONNECTED` outcome. Both probes returned profile 409, target request count 0, and empty bridge stderr. Per the plan's skip rule, unit coverage is retained for tab metadata handling, bridge isolation, and content-client incognito context handling: target tab incognito and bridge tab incognito both return `INCOGNITO_NOT_SUPPORTED` without proceeding across normal/incognito windows, incognito bridge URLs are still rejected before ordinary detection-cache reads, and `chrome.extension.inIncognitoContext === true` in the bridge content client now posts `INCOGNITO_NOT_SUPPORTED` before loading `/request` or sending runtime capture messages.
+- Terminal bridge page token suppression is covered by Chrome smoke for a cancelled never-rendered capture. Completed-result expiry is also covered by `result-expiry-bridge-page` live Chrome smoke: after a real fixture capture completed, the in-process JS bridge clock was advanced beyond `resultExpiresAt`, the profile endpoint returned `410 / CAPTURE_RESULT_EXPIRED`, and the original `/bridge` URL returned 410 without bridge token material.
+- The plan's broad E2E matrix still has items covered only by unit tests or not covered live in this checkout: exact live incognito `INCOGNITO_NOT_SUPPORTED` browser metadata rejection, Chrome Web Store / Edge Add-ons update rollout, running-capture idle-driven service worker eviction, and broader long-duration/resource/DNS-private-network matrices. Current evidence is sufficient for the implemented slice report, not for marking every plan checkbox complete.
+- Repo-side privacy, release, README, and user-guide wording now document the local trust boundary and same-browser-extension trust boundary. The release workflow now blocks Agent Bridge packaging until a maintainer confirms the Chrome Web Store / Edge Add-ons privacy disclosure and release-note update. The remaining release risk is still outside this worktree: dashboard disclosure acceptance, review outcome, and rollout state must be checked in the store dashboards.
+- The current checkout was rebased onto `upstream/main` at `f0cc39a` on 2026-05-26 after `git fetch upstream` succeeded; `git fetch origin` failed with `LibreSSL SSL_connect: SSL_ERROR_SYSCALL` and should be retried before any push. The worktree still has a split staged/unstaged state: `git diff --cached --name-only` lists 52 staged files, `git diff --name-only` lists 39 unstaged files, and `git ls-files --others --exclude-standard` lists 4 untracked Agent Bridge files. The plan's commit step has not been performed; commit readiness still requires final staged/unstaged diff review and deciding whether to stage the continuation fixes with the existing Agent Bridge implementation.
diff --git a/docs/reviews/CR-AGENT-BRIDGE-FIREFOX-E2E-2026-06-09.md b/docs/reviews/CR-AGENT-BRIDGE-FIREFOX-E2E-2026-06-09.md
new file mode 100644
index 00000000..75c65090
--- /dev/null
+++ b/docs/reviews/CR-AGENT-BRIDGE-FIREFOX-E2E-2026-06-09.md
@@ -0,0 +1,88 @@
+# CR-AGENT-BRIDGE-FIREFOX-E2E-2026-06-09
+
+## Scope
+
+This report records the Firefox Agent Bridge compatibility fix and the live Firefox E2E verification performed on 2026-06-09.
+
+The verified change set covers Firefox fallback paths for:
+
+- Agent Bridge client injection.
+- Content observer injection.
+- Page detector injection in the MAIN world.
+- Experience profiler injection.
+
+## Verdict
+
+Firefox Agent Bridge E2E passed against Firefox 151.0.3.
+
+The live run covered extension settings, Firefox data collection permission UI, Agent Bridge opt-in, allow-all-network-targets opt-in for the controlled local target, real extension popup opening, bridge capture orchestration, profile generation, and technology detection.
+
+Firefox `chrome.scripting.executeScript({ files })` is not reliable for the affected extension assets in this environment. The implementation keeps file injection as the primary path and uses explicit inline `func` fallbacks when file injection fails. The experience profiler fallback marks the profile with `firefox_inline_experience_profile` in `limitations`.
+
+## Live Firefox Evidence
+
+| Item                | Result                                                          |
+| ------------------- | --------------------------------------------------------------- |
+| Firefox version     | `Mozilla Firefox 151.0.3`                                       |
+| E2E command         | `python3 /tmp/stackprism_firefox_full_e2e.py`                   |
+| Capture status      | `completed`                                                     |
+| Capture phase       | `cleanup`                                                       |
+| Result file         | `/tmp/stackprism-firefox-e2e/bridge-result.json`                |
+| Profile file        | `/tmp/stackprism-firefox-e2e/bridge-profile.json`               |
+| Profile schema      | `stackprism.site_experience_profile.v1`                         |
+| Profile size        | `10255` bytes                                                   |
+| Settings screenshot | `/tmp/stackprism-firefox-e2e/settings-agent-bridge-enabled.png` |
+| Popup screenshot    | `/tmp/stackprism-firefox-e2e/action-popup.png`                  |
+
+Detected technologies in the generated profile:
+
+- React
+- Vue
+- Python http.server
+- Express
+- Node.js
+- PHP
+- JavaScript
+- Discourse
+- WordPress
+
+Profile limitations included:
+
+- `passive_interaction_only`
+- `firefox_inline_experience_profile`
+- `viewport_emulation_unsupported`
+- `screenshot_metadata_not_requested`
+- `screenshot_image_not_requested`
+- `interaction_section_not_requested`
+- `ux_section_not_requested`
+- `assets_section_not_requested`
+
+## Verification Commands
+
+| Command                                                                                                                                                | Exit | Result                                                            |
+| ------------------------------------------------------------------------------------------------------------------------------------------------------ | ---: | ----------------------------------------------------------------- |
+| `node --test --test-timeout=60000 tests/agent-capture-orchestration.test.mjs`                                                                          |    0 | 98 tests passed                                                   |
+| `node --test --test-timeout=60000 tests/agent-bridge-handshake.test.mjs tests/agent-bridge-manifest.test.mjs tests/experience-profile-format.test.mjs` |    0 | 32 tests passed                                                   |
+| `node --test --test-timeout=60000 tests/agent-capture-orchestration.test.mjs tests/experience-profile-format.test.mjs`                                 |    0 | 107 tests passed                                                  |
+| `pnpm run test:unit`                                                                                                                                   |    0 | 332 tests passed                                                  |
+| `pnpm run lint`                                                                                                                                        |    0 | Passed                                                            |
+| `pnpm run typecheck`                                                                                                                                   |    0 | Passed; includes `vue-tsc --noEmit` and `pnpm build`              |
+| `pnpm run docs:build`                                                                                                                                  |    0 | Passed                                                            |
+| `python3 -m py_compile agent-skill/stackprism-site-experience/scripts/stackprism_bridge_lib/*.py`                                                      |    0 | Passed                                                            |
+| `pnpm run build:firefox`                                                                                                                               |    0 | Passed; generated `release/stackprism-v1.3.74.xpi` before cleanup |
+| `git diff --check`                                                                                                                                     |    0 | Passed                                                            |
+| `git diff --cached --check`                                                                                                                            |    0 | Passed                                                            |
+
+Build artifacts generated by the verification were removed after validation:
+
+- `dist`
+- `dist-firefox`
+- `public/injected`
+- `docs/.vitepress/dist`
+- `release/stackprism-v1.3.74.xpi`
+
+Existing release artifacts were left untouched.
+
+## Residual Risk
+
+This run proves the local Firefox E2E path for an unpacked/test extension environment. It does not prove Firefox Add-ons store review, signed package rollout, or behavior in unrelated user profiles.
diff --git a/docs/superpowers/plans/2026-05-21-stackprism-agent-bridge-plan.md b/docs/superpowers/plans/2026-05-21-stackprism-agent-bridge-plan.md
new file mode 100644
index 00000000..fea398ee
--- /dev/null
+++ b/docs/superpowers/plans/2026-05-21-stackprism-agent-bridge-plan.md
@@ -0,0 +1,1397 @@
+# StackPrism Agent Bridge Implementation Plan
+
+> **For agentic workers:** REQUIRED SUB-SKILL: Use superpowers:subagent-driven-development (recommended) or superpowers:executing-plans for new implementation work. This document now contains archived historical tasks plus the current status matrix; open work is tracked by explicit current-status rows, not unchecked historical checklist syntax.
+
+**Goal:** 构建一个不依赖 MCP、不需要用户手动复制/下载的 StackPrism Agent Bridge：用户安装浏览器插件后，AI Agent 通过 Skill 内 JS/PY 脚本启动本地 HTTP bridge，自动驱动插件采集目标网站的技术、视觉、UI/UX、交互与资源信息，并读取包含 `agentGuidance.recreationPlan` 的 `stackprism.site_experience_profile.v1`，用于快速复刻相似网站体验。
+
+**Architecture:** 插件仍是浏览器事实采集器，Skill 只是 Agent 的使用说明和脚本载体。本地 bridge 脚本绑定 `127.0.0.1`，提供 HTTP API 和本地 bridge 页面；插件在该页面注入 content script 完成握手，再由 background 打开/复用目标 tab、运行检测和体验采集脚本，最后通过 bridge content script 同源 POST profile 与状态。Agent 只访问本地 HTTP API，不直接调用扩展内部接口。
+
+**Tech Stack:** Chrome/Edge Manifest V3, Vite 5, Vue 3, TypeScript, pnpm, Node.js `.mjs` bridge script, Python `http.server` fallback bridge script, Chrome content scripts, `chrome.runtime.sendMessage`, `chrome.tabs`, `chrome.scripting`, `chrome.storage.session`.
+
+---
+
+## 当前实现状态
+
+- 可用第一版已落地：扩展端 opt-in、bridge tab/session 隔离、capture orchestration、profile transfer、JS bridge、Python fallback、repo-local skill、release hygiene 和主要自动化契约均已实现。
+- 不能按原计划标记为全量完成：原计划仍有外部发布和 live browser gate，不能仅凭本机单元测试或 fixture smoke 关闭全部 gate。
+- 本机已收敛：本轮补齐 profile 语言字段、UX 一阶分类白名单、`agentGuidance.recreationPlan` 复刻执行计划、默认 browser smoke fixture-backed 成功路径、Task 10 状态矩阵，以及开发文档和审计文档的 gate 口径。
+- 外部或未触发 gate：Chrome Web Store / Edge Add-ons 更新链路和商店后台实际接受状态、运行中 idle-driven service worker eviction、精确 incognito `INCOGNITO_NOT_SUPPORTED` live 浏览器元数据路径、更广 DNS/private-network 和长时资源压力矩阵仍需保留为未完成边界；商店披露已被发布 workflow 升级为打包前人工确认硬门禁，但不能由 worktree 自动证明后台审核状态。
+- 下方 Task 1 到 Task 9 保留为历史实施计划，已从 checkbox 改为 `Historical item:`，不再作为当前完成状态来源；当前状态以本节、Task 10 状态矩阵和 `docs/reviews/CR-AGENT-BRIDGE-*.md` 为准。
+
+## 总目标
+
+让 AI Agent 在用户已安装 StackPrism 插件的普通 Chrome 内核浏览器中，无需用户复制、下载或点击插件按钮，即可通过本地 HTTP 接口获得目标网站的 Site Experience Profile。Profile 必须把浏览器可观测事实转成 Agent 可直接执行的复刻计划，用于快速实现相似视觉效果、UI/UX 体验、交互行为和必要的技术选型参考。
+
+## 明确不做
+
+- 不做 MCP server。
+- 不做独立 CLI 程序、npm global bin、系统服务或守护进程。
+- 不做 Native Messaging companion 第一版。
+- 不要求用户手动点击插件、复制剪贴板或下载 JSON。
+- 不承诺复刻后端私有实现，只输出浏览器侧可观测事实与可推断建议。
+- 不采集 cookie、Authorization、完整敏感响应头、localStorage/sessionStorage 明文值。
+- 不把 loopback bridge 宣称为本机恶意进程隔离机制。第一版信任用户启动的本地 bridge 进程；若同机恶意进程能在 `127.0.0.1` 上伪造兼容 bridge 页面和 API，扩展侧无法仅凭页面 meta 与协议字段证明其真实来源。安全文档和 E2E 报告必须明确该本机信任边界，不能把 `bridgeToken` 描述为抵御本机恶意进程的秘密。
+- 不把 bridge 页面 DOM 中的 `bridgeToken` 宣称为抵御同浏览器恶意扩展的秘密。第一版不防已安装的其他扩展读取 `http://127.0.0.1/*` 页面 DOM、观察 bridge URL 或干扰同一浏览器 profile；若要覆盖该威胁模型，必须另起任务评估用户显式授权、Native Messaging、扩展间隔离策略或专用浏览器 profile。
+
+## 用户与 Agent 使用流程
+
+1. 用户安装 StackPrism 插件。
+2. Agent 根据 Skill 运行本地脚本：
+   - JS: `node agent-skill/stackprism-site-experience/scripts/stackprism-bridge.mjs`
+   - Python fallback: `python3 agent-skill/stackprism-site-experience/scripts/stackprism_bridge.py`
+3. 脚本向 stdout 输出一行机器可解析 JSON line；普通日志写 stderr，避免 Agent 解析失败。Agent 后续调用本地 API 时必须带 `Authorization: Bearer {apiToken}`。
+
+   ```json
+   {
+     "event": "stackprism-bridge-ready",
+     "service": "stackprism-agent-bridge",
+     "version": "0.1.0",
+     "protocolVersion": 1,
+     "baseUrl": "http://127.0.0.1:17370",
+     "healthUrl": "http://127.0.0.1:17370/health",
+     "apiToken": "spb_xxx"
+   }
+   ```
+
+   - ready JSON 只能在 HTTP server 已成功绑定、endpoint handler 已就绪且 `apiToken` 已生成后输出；启动失败不得输出 ready JSON。
+   - stdout 在 ready 前出现非 JSON、缺字段或多余日志时，Agent 必须按 `BRIDGE_READY_PARSE_FAILED` 失败处理并停止子进程。
+   - ready JSON 的 `protocolVersion` 必须等于 Agent 支持的版本；不匹配时 Agent 必须按 `BRIDGE_PROTOCOL_UNSUPPORTED` 失败处理并停止子进程。
+   - Agent 读取 ready JSON 的默认超时为 10 秒；超时按 `BRIDGE_START_TIMEOUT` 失败处理，必须 kill 子进程并等待退出。
+   - 启动前必须校验环境变量：`STACKPRISM_BRIDGE_PORT` 未设置时使用随机端口；一旦设置则必须是 `1..65535` 的十进制整数。非法端口或包含 NUL 字符的 browser open 配置必须以非零退出码结束，在 stderr 输出脱敏结构化错误 `BRIDGE_INVALID_ENV`，且不得输出 ready JSON 或生成 token。`STACKPRISM_BROWSER_OPEN_ARGS_JSON` 的非法 JSON/非数组/非字符串元素保留为 capture 创建后的 `BROWSER_OPEN_FAILED`，避免与启动失败混淆。
+   - 指定 `STACKPRISM_BRIDGE_PORT` 且端口被占用时，bridge 必须以非零退出码结束，在 stderr 输出脱敏结构化错误 `PORT_IN_USE`，并且不得把 `apiToken`、`bridgeToken` 或完整 URL query 写入 stderr。
+
+4. Agent 请求 `POST /v1/captures`，传入目标 URL、等待时间、视口配置和采集范围。
+5. bridge 脚本自动打开浏览器访问本地 bridge 页面：`http://127.0.0.1:{port}/bridge?session={sessionId}&capture={captureId}&nonce={nonce}`；自动打开失败时返回 `BROWSER_OPEN_FAILED`，由 Agent 处理，不要求用户手动复制 URL。
+   - 测试环境设置 `STACKPRISM_BRIDGE_NO_OPEN=1` 时不尝试打开浏览器，也不返回 `BROWSER_OPEN_FAILED`；capture 保持 `queued`，测试可直接请求 `bridgeUrl`。
+6. StackPrism bridge content script 在 bridge 页面上握手，使用 `bridgeToken` 拉取 `GET /v1/captures/{id}/request`，再把经过校验的 capture request 传给 background 接管采集。
+7. 插件打开/复用目标 tab，运行现有检测链路和新增体验采集链路。
+8. background 把 profile 通过分片传输交给 bridge content script，由 bridge content script 在 bridge 页面同源上下文重组、校验并 POST 到 `POST /v1/captures/{id}/profile`；第一版不依赖 background 直接跨 origin `fetch` localhost，也不得把最大 8 MB profile 作为单条扩展消息发送。
+9. Agent 读取 `GET /v1/captures/{id}/profile`，按 Skill 指南生成 UI/UX 实现方案。
+10. Agent 优先读取 `agentGuidance.recreationPlan`，把 `implementationOrder`、`designTokens`、`layoutBlueprint`、`componentInventory`、`interactionChecklist`、`uxChecklist`、`assetHints` 和 `verificationChecklist` 映射到目标项目实现与验证步骤。
+
+## 用户可见门禁
+
+- Agent Bridge 必须有用户可见的持久设置 `agentBridgeEnabled`，写入 `chrome.storage.local` 作为本机 profile 级 opt-in，并进入运行时 `DetectorSettings` 归一化流程；设置页必须明确该开关会允许本地 Agent Bridge 读取当前浏览器可观测的页面技术与体验摘要并交给用户本机 loopback bridge。
+- Agent Bridge 允许一个独立的高风险设置 `agentBridgeAllowAllNetworkTargets`，同样只写入 `chrome.storage.local`，默认 `false`，且只有在 `agentBridgeEnabled = true` 时生效。设置页保存开启时必须要求用户人工确认；开启后扩展侧可以放行本机、私网、保留地址和 DNS/proxy 映射到私网的目标，但不得放开非 `http:` / `https:` 协议、bridge self-target、token/session 校验或本地 bridge server 的创建阶段默认 URL policy。
+- 对 Chrome Web Store / Edge Add-ons 发布包，`agentBridgeEnabled` 默认必须为 `false`，除非发布前完成商店隐私披露、用户文档和发布说明更新，并由维护者显式记录改为默认开启的理由。开发/E2E 可以通过测试设置显式开启，但不得把测试设置写成生产默认。历史上如果 sync 里曾出现同名字段，也必须被视为旧数据并忽略，不得自动开启。
+- bridge content script 在读取 DOM config 后、向 background 发起 `START_AGENT_CAPTURE` 前，必须先通过 `AGENT_BRIDGE_HELLO` 让 background 校验 `agentBridgeEnabled`。未开启时 capture 失败为 `AGENT_BRIDGE_DISABLED`，不得打开目标 tab、不得运行检测、不得读取或回传 profile。
+- 该门禁不是每次 capture 的交互确认；它是一次性用户可见 opt-in。启用后仍保持“不要求用户点击插件按钮、复制或下载 JSON”的 Agent 使用体验。
+
+## 本地 HTTP API
+
+除 `GET /health` 与 `GET /bridge` 外，所有 API 必须带 Bearer token。token 分两类：
+
+```http
+Authorization: Bearer {token}
+```
+
+- `apiToken`：脚本启动时输出给 Agent，只能由 Agent 用来创建、查询、取消 capture 和读取最终 profile。
+- `bridgeToken`：每次 capture 生成一次，只嵌入对应 bridge 页面，只能用于插件读取 capture request、回写 profile 和更新本次 bridge 页面状态。
+- `bridgeToken` 可以读取同一 capture 的状态和 control，用于 bridge 页面渲染和插件取消轮询；不能创建新的 capture，不能读取 profile，不能读取其他 capture，不能列出历史任务。
+- `apiToken` 的有效期绑定到当前 bridge 子进程。bridge server 退出、stdin EOF、SIGINT、SIGTERM 或测试清理后，必须关闭监听、清空内存 capture store 并丢弃 `apiToken`；第一版不支持跨进程恢复、token refresh 或持久 token。若 Agent 需要继续采集，必须重新启动 bridge 并读取新的 ready JSON。
+
+Response contract:
+
+- 所有 JSON endpoint 必须返回 `Content-Type: application/json; charset=utf-8`。
+- 所有包含 capture 状态、request、control、profile 或 token 相关错误的 endpoint 必须返回 `Cache-Control: no-store` 和 `X-Content-Type-Options: nosniff`；profile endpoint 还必须返回 `Referrer-Policy: no-referrer`，避免本地浏览器或中间层缓存敏感采集结果。
+- 成功响应使用各 endpoint 已定义的业务 body，不再额外包一层 `ok`，避免 Agent 读取 profile 时多一层不稳定结构。
+- 失败响应必须统一为：
+  ```json
+  {
+    "error": {
+      "code": "INVALID_REQUEST",
+      "message": "Human readable error.",
+      "details": {}
+    }
+  }
+  ```
+- `details` 只能放可审计、已脱敏的字段名、限制值和当前状态，不得包含 token、完整请求头、完整 URL query 或 profile 片段。
+- JS bridge 和 Python fallback 必须使用同一套 HTTP status code、`error.code` 和 `message` 语义；`tests/stackprism_bridge_py.test.mjs` 必须抽样校验错误响应与 JS bridge 一致。
+- 未知路径返回 `404 NOT_FOUND`；不支持的方法返回 `405 METHOD_NOT_ALLOWED` 并带 `Allow` 头；缺少或格式错误的 Bearer token 返回 `401 UNAUTHORIZED`；token scope 不匹配返回 `403 FORBIDDEN`。
+- 带 body 的 JSON endpoint 必须要求 `Content-Type: application/json`，可接受的唯一 charset 是缺省或 `utf-8`；缺失、非 JSON content type 或非 UTF-8 charset 返回 `415 UNSUPPORTED_MEDIA_TYPE`；JSON body 必须按 UTF-8 解码，非法 UTF-8 或 JSON 解析失败返回 `400 INVALID_JSON`。
+- 第一版不支持浏览器跨站调用 bridge API。`OPTIONS` preflight 必须返回 `405 METHOD_NOT_ALLOWED` 或等效拒绝，且不得返回 `Access-Control-Allow-Origin`、`Access-Control-Allow-Headers` 或 `Access-Control-Allow-Credentials`；所有 API 响应默认不设置 CORS 允许头。恶意网页即使能发起 no-cors/simple request，也不能设置 Bearer token，且非 JSON content type 会被拒绝。
+- 对会修改 capture 或读取敏感状态的 endpoint，若请求带 `Origin`，必须与当前 bridge origin 精确一致；若带 `Referer`，只允许同 origin；若带 `Sec-Fetch-Site` 且值不是 `same-origin` 或 `none`，必须返回 `403 ORIGIN_NOT_ALLOWED`。Agent/curl 等非浏览器客户端通常不带这些头，不能因此被拒绝。日志不得记录完整 `Referer` query。
+- HTTP request target 只接受 origin-form path，例如 `/v1/captures/{id}`；拒绝 absolute-form、authority-form 或无法按当前 bridge origin 解析的 request target，避免代理式请求和路径解析差异。路由参数和 `/bridge` query 中的 `capture`、`session`、`nonce` 必须按固定 ASCII regex 和长度校验，拒绝 percent-encoded slash/backslash、空 segment、`..`、未知 query 字段和重复 query 字段。
+- bridge server 的 stderr 日志必须脱敏，不能打印 `Authorization` header、`apiToken`、`bridgeToken`、完整 query string 或 profile body。
+
+Protocol identifier contract:
+
+- 所有协议标识符必须只使用 ASCII，不接受 Unicode、空白、percent-encoded 形式、URL-safe 字符集之外的字符或大小写宽松匹配。路由参数和 query 值在业务校验前不得做“解码后再尝试接受”的兼容处理。
+- `apiToken`: `^spb_[A-Za-z0-9_-]{43}$`，总长度 47；由 32 bytes 安全随机数 base64url no-padding 编码得到。
+- `bridgeToken`: `^spbt_[A-Za-z0-9_-]{43}$`，总长度 48；由 32 bytes 安全随机数 base64url no-padding 编码得到。
+- `captureId`: `^cap_[A-Za-z0-9_-]{22}$`，总长度 26；由 16 bytes 安全随机数 base64url no-padding 编码得到。capture id 不是秘密，但仍不得由时间戳、递增计数器或 `Math.random()` / `random.random()` 派生。
+- `sessionId`: `^s_[A-Za-z0-9_-]{22}$`，总长度 24；由 16 bytes 安全随机数 base64url no-padding 编码得到。
+- `nonce`: `^n_[A-Za-z0-9_-]{22}$`，总长度 24；由 16 bytes 安全随机数 base64url no-padding 编码得到，仅用于本次 capture bridge URL 和 profile 一次性提交状态。
+- `profileTransferId`: `^xfer_[A-Za-z0-9_-]{22}$`，总长度 27；由 16 bytes 安全随机数 base64url no-padding 编码得到。
+- `cspNonce`: `^[A-Za-z0-9_-]{22}$`，总长度 22；由 16 bytes 安全随机数 base64url no-padding 编码得到，并且只用于本次 `/bridge` HTML 响应的 CSP header 与 HTML nonce attribute。
+- 文档中的 `spb_xxx`、`spbt_xxx`、`cap_20260521_abcdef`、`s_xxx` 和 `n_xxx` 是脱敏占位，不是可被测试接受的合法协议样例。实现和测试必须使用 `tests/fixtures/bridge-protocol-identifiers.json` 中的合法/非法样例校验 JS bridge、Python fallback 和插件侧解析语义一致。
+
+Capture request validation:
+
+- `url` 必须是字符串，trim 后长度 `1..4096`；必须能按 WHATWG URL 解析，协议只允许 `http:` 或 `https:`，不得包含 username/password credential，fragment 在归一化时丢弃。
+- `mode` 第一版只接受 `"experience"`。
+- `waitMs` 必须是整数，范围 `0..30000`；缺省值 `3000`。
+- `include` 必须是非空数组，元素只能来自 `tech`、`visual`、`layout`、`components`、`interaction`、`ux`、`assets`；重复项按固定顺序归一化。未包含的 profile section 必须返回空对象并在 `limitations` 记录 `section_not_requested`，不得运行对应重型采集后再静默丢弃。
+- `viewports` 第一版最多接受 3 项；每项 `name` 可选，必须是 ASCII 字母、数字、`-`、`_`，长度 `1..32`；`width` 范围 `320..3840`，`height` 范围 `320..2160`，`deviceScaleFactor` 范围 `1..4`。由于第一版不新增 `chrome.windows` 权限，这些值只写入 profile 请求上下文和 limitations，不得宣称真实移动仿真。
+- `options.forceRefresh`、`options.captureScreenshotMetadata`、`options.keepTabOpen`、`options.allowPrivateNetworkTarget` 必须是 boolean；缺省分别为 `false`、`false`、`false`、`false`。
+- `options.captureScreenshot` 是可选 boolean，缺省为 `false`。只有显式为 `true` 且 `include` 包含 `visual` 时，插件才尝试用 `chrome.tabs.captureVisibleTab` 采集当前可见视口 JPEG data URL；失败时必须返回 limitation，不得伪造截图。bridge 接收 profile 后必须把截图 `dataUrl` 剥离为临时内存截图资产，不得把 base64 保存在可下载 Profile JSON 中；用户手动下载的截图文件由浏览器下载目录管理，不属于插件自动清理范围。
+- `options.targetMode` 只能是 `"reuse_or_new_tab"`、`"new_tab"` 或 `"active_tab"`；缺省为 `"reuse_or_new_tab"`。
+- `options.maxResourceUrls` 范围 `0..1000`，缺省 `300`。
+- 未定义的顶层字段或 `options` 字段必须返回 `400 INVALID_REQUEST`，不得忽略；未来协议扩展必须通过 `protocolVersion` 或显式 capability 协商。
+- 违反请求 schema 或范围限制时返回 `400 INVALID_REQUEST`，不得创建 capture，不得打开浏览器。
+
+### `GET /health`
+
+返回 bridge 脚本状态。
+
+```json
+{
+  "ok": true,
+  "service": "stackprism-agent-bridge",
+  "version": "0.1.0",
+  "protocolVersion": 1,
+  "bound": "127.0.0.1",
+  "activeCaptures": 0
+}
+```
+
+### `POST /v1/captures`
+
+创建一次采集任务。
+
+```json
+{
+  "url": "https://target.example",
+  "mode": "experience",
+  "waitMs": 3000,
+  "viewports": [
+    { "name": "desktop", "width": 1440, "height": 900, "deviceScaleFactor": 1 },
+    { "name": "mobile", "width": 390, "height": 844, "deviceScaleFactor": 2 }
+  ],
+  "include": ["tech", "visual", "layout", "components", "interaction", "ux", "assets"],
+  "options": {
+    "forceRefresh": true,
+    "captureScreenshotMetadata": true,
+    "captureScreenshot": false,
+    "maxResourceUrls": 300,
+    "targetMode": "reuse_or_new_tab",
+    "keepTabOpen": false,
+    "allowPrivateNetworkTarget": false
+  }
+}
+```
+
+返回：
+
+```json
+{
+  "id": "cap_20260521_abcdef",
+  "status": "queued",
+  "bridgeUrl": "http://127.0.0.1:17370/bridge?session=s_xxx&capture=cap_20260521_abcdef&nonce=n_xxx",
+  "profileUrl": "http://127.0.0.1:17370/v1/captures/cap_20260521_abcdef/profile"
+}
+```
+
+Concurrency policy:
+
+- 第一版默认 `maxConcurrentCaptures = 1`。
+- 有进行中的 capture 时，新的 `POST /v1/captures` 返回 `429`，错误码 `CAPTURE_BUSY`，避免多个浏览器 tab/window 并行采集互相覆盖状态。
+- `queued` 仅表示任务已创建且等待 bridge 页面握手；第一版不实现 FIFO 队列。
+- `queued` 或 `waiting_extension` 超过 30 秒仍未收到 bridge content script 握手时，bridge server 必须把 capture 标记为 `failed`，错误码 `EXTENSION_NOT_CONNECTED`；这覆盖默认浏览器未安装插件的场景。
+- `EXTENSION_NOT_CONNECTED` 也覆盖浏览器打开到了错误 Chrome/Edge 用户 profile 的场景。bridge server 不得尝试枚举或判断用户本机浏览器 profile；Skill 文档和 E2E 报告必须提示：如果 StackPrism 安装在非默认浏览器或非默认用户 profile，Agent 必须用 `STACKPRISM_BROWSER_OPEN_COMMAND` 和 `STACKPRISM_BROWSER_OPEN_ARGS_JSON` 精确指定对应浏览器可执行文件和 profile 参数，否则只能从该错误、stderr 脱敏摘要和浏览器可见窗口判断。
+- 非终态 capture 的全局运行上限为 60 秒；超过后 bridge server 必须标记为 `failed`，错误码 `CAPTURE_TIMEOUT`，并让 control endpoint 返回 `cancel`，避免 Agent 永久轮询。
+- `cancel_requested` 超过 10 秒仍未收到插件确认时，bridge server 必须转为 `cancelled`，记录 `details.reason = "cancel_timeout"`，并让插件后续 late status 不得覆盖该终态。
+- `completed` profile 默认只在内存保留 10 分钟；超过 TTL 后 bridge server 必须把 capture 状态转为 `expired`，清除 profile body 和临时 screenshot asset，并让 `GET /v1/captures/{id}/profile` 返回 `410` 和错误码 `CAPTURE_RESULT_EXPIRED`，避免长期保留采集数据。bridge 进程退出也必须释放全部内存结果。
+
+Target policy:
+
+- `targetMode = "reuse_or_new_tab"`：只能复用归一化后与目标 URL 完全一致的现有 tab（忽略 fragment，保留 query 参与比较），否则新建后台 tab；不得因为 origin+path 相同但 query 不同就复用，避免采集到同一路径下不同筛选、会话、预览或业务状态的页面。
+- `targetMode = "new_tab"`：始终新建 tab，必须使用 `chrome.tabs.create({ active: false })`，不得抢焦点。
+- `targetMode = "active_tab"`：第一版只允许复用 bridge 页面打开前由插件记录的同窗口上一张非 bridge active tab；该 tab 的 URL 必须与目标 URL 归一化后一致（忽略 fragment，保留 query 参与比较），否则返回 `ACTIVE_TAB_MISMATCH`。如果插件无法确定 bridge 打开前的 active tab，返回 `ACTIVE_TAB_UNAVAILABLE`。不得为了满足 active_tab 模式主动切换焦点或把 bridge 页面当前 tab 当目标页。
+- `keepTabOpen = false` 时，插件必须关闭自己创建的目标 tab；不得关闭用户原本打开的 tab。
+- Agent Bridge 第一版只支持普通浏览器 profile，不支持 incognito/split-incognito 上下文。bridge tab 或目标 tab 的 `incognito` 为 true 时必须失败为 `INCOGNITO_NOT_SUPPORTED`，不得尝试跨普通窗口与隐身窗口传递 capture 状态。
+- `allowPrivateNetworkTarget = false` 时拒绝目标 URL 指向 loopback、link-local、private IPv4/IPv6 网段，降低本地接口被误用风险；用户确需分析本地开发站点时必须显式开启。
+- `agentBridgeAllowAllNetworkTargets = true` 是用户在扩展设置页确认过的 profile 级高风险覆盖，只作用于扩展侧 target-loaded 网络证据门禁；repo-local JS bridge 与 Python fallback 在创建 capture 时仍以 request option / CLI 参数显式控制 private-network policy。
+- private network 判断不能只看 URL 字面量；bridge server 必须对 hostname 做 DNS 解析，拒绝解析到 loopback、link-local、private IPv4/IPv6 网段的目标，覆盖 `dev.local`、自定义 hosts 和 bridge resolver 可见的私网解析结果。
+- Private-network 防护边界必须写清楚：bridge server 的 DNS 预检和 `target_loaded` final URL 校验只能阻止创建 capture、继续采集和交付 profile，不能保证浏览器在导航过程中绝不会向私网地址发出一次请求；DNS rebinding、浏览器解析器差异或服务端重定向可能在 final URL 校验前已经产生网络触达。第一版不得把该能力宣传为浏览器级 SSRF 防火墙；若验收要求是“零私网触达”，必须另起任务评估 CDP/proxy/Native Messaging 或扩展网络拦截方案。
+- URL policy 必须拆成可测试纯函数，接收标准化 URL、当前 bridge origin、`allowPrivateNetworkTarget` 和可注入 resolver 返回值；单元测试只能使用 fixture 驱动的假 resolver，不得依赖本机 hosts、VPN、DNS 缓存或外网解析结果。
+- DNS resolver 必须 fail closed：解析超时、NXDOMAIN、SERVFAIL、空结果或混合结果中任一地址落入 loopback/link-local/private 网段时，初始 URL 的 `POST /v1/captures` 返回 `400 TARGET_DNS_LOOKUP_FAILED` 或 `400 PRIVATE_NETWORK_TARGET_BLOCKED`；final URL 统一失败为 `409 FINAL_URL_BLOCKED`，并在脱敏 `details.reason` 中标记 `dns_lookup_failed` 或 `private_network_address`。
+- 生产 DNS 解析必须有独立超时，例如 2 秒；超时不得阻塞 capture 创建、status 回写或 Agent 轮询。
+- 即使 `allowPrivateNetworkTarget = true`，也必须拒绝目标 URL 指向当前 bridge server origin，错误码 `BRIDGE_SELF_TARGET_BLOCKED`，避免把 `/bridge` 页面和 `bridgeToken` 当作目标站点采集。
+- 目标 URL 必须是 `http:` 或 `https:`，不得包含 username/password credential，默认丢弃 fragment，并归一化后写入 profile。
+- URL 归一化规则必须在 JS bridge、Python fallback 和插件侧保持一致：protocol/hostname 小写、默认端口折叠、fragment 丢弃、pathname 保留尾斜杠语义、query 在内存匹配和 final URL 关系校验中保留，但在日志、profile 展示和报告中按资源 URL 脱敏规则处理。
+- `targetMode = "reuse_or_new_tab"` 和 `active_tab` 的匹配规则必须使用归一化后的完整 URL（不含 hash，包含 query）。若目标 URL path 为空，按 `/` 处理。实现和测试必须覆盖默认端口、大小写 host、fragment 丢弃、query 完全相同可复用、query 不同必须新建 tab 或返回 `ACTIVE_TAB_MISMATCH` 的情况。若未来要支持 path-only 复用，必须新增显式 option、用户文档和测试，第一版不得静默引入。
+- 如果目标站点重定向到不支持协议、credential URL、字面量私网地址，或 bridge server 对最终 URL hostname 的 DNS 校验失败，capture 必须失败为 `FINAL_URL_BLOCKED`，不得返回 profile。第一版无法阻止服务端重定向发生，但必须在运行主动检测和 experience profiler 前先上报 final URL 给 bridge 做策略确认；bridge 拒绝时不得继续采集。
+- 即使目标 URL 是 `http:` 或 `https:`，`chrome.scripting.executeScript` 仍可能因浏览器限制页、Chrome Web Store、企业策略、host permission 缺失、tab detached 或扩展上下文失效而失败。agent capture 必须把注入失败显式映射为 `TARGET_INJECTION_FAILED`，记录脱敏 `details.reason`，停止采集并清理自己创建的目标 tab；不得把注入失败吞成空 profile、`TARGET_LOAD_TIMEOUT` 或普通检测缺失。
+- profile 中所有资源 URL 默认丢弃 hash，并对 query string 做 allowlist 或整体脱敏；不得输出包含 `token`、`key`、`signature`、`session`、`auth` 等敏感参数的完整 URL。
+
+Rate limit policy:
+
+- bridge server 对 `apiToken` 维度执行基础限流，例如 `POST /v1/captures` 每分钟最多 10 次，状态/profile 查询每分钟最多 120 次。
+- 插件回写 profile 每个 capture 只允许一次成功提交；重复 nonce 或重复完成提交返回 `NONCE_REUSED` 或 `CAPTURE_ALREADY_COMPLETED`。
+- 限流错误返回 `429` 和结构化错误码 `RATE_LIMITED`，不得静默排队。
+
+HTTP resource policy:
+
+- bridge server 必须限制单进程打开连接数，例如 `maxOpenConnections = 20`；超出时直接关闭新连接或返回 `503 SERVER_BUSY`。
+- 所有带 body 的 endpoint 必须在读取时逐块累计字节数，超过该 endpoint 的限制后立即关闭该请求连接，不得等完整 body 读完。普通 JSON body 超限返回 `413 REQUEST_TOO_LARGE`；profile body 使用独立上限并返回 `PROFILE_TOO_LARGE`。
+- 请求头读取、body 读取和 keep-alive 必须有超时：建议 headers timeout 5 秒、body read timeout 10 秒、keep-alive timeout 2 秒；超时返回 `408 REQUEST_TIMEOUT` 或关闭连接并记录脱敏日志。
+- 必须拒绝歧义或可被 request smuggling 利用的请求头组合：重复 `Host`、`Authorization`、`Content-Type` 或 `Content-Length`，非法 `Content-Length`，同时出现 `Content-Length` 与 `Transfer-Encoding`，不以 `chunked` 结尾的 `Transfer-Encoding`，以及任何非 `identity` 的 `Content-Encoding`。错误统一返回结构化 `400 INVALID_REQUEST` 或 `415 UNSUPPORTED_MEDIA_TYPE`，JS/Python 语义必须一致。
+- `Transfer-Encoding: chunked` 必须被明确支持并按累计字节数限流；如果 Python fallback 无法用标准库可靠支持 chunked body，必须返回 `400 UNSUPPORTED_TRANSFER_ENCODING`，JS bridge 也用同样语义保持一致。
+- bridge server 必须在 SIGINT、SIGTERM、测试进程退出和 stdin EOF 时关闭 HTTP server、清理 timer、清理 active capture 状态并退出，避免 Agent 运行后遗留本地服务。
+- Skill 脚本示例必须用 `try/finally` 或等效流程停止 bridge 子进程；不能只启动 server 后让 Agent 自行遗留后台进程。
+
+### `GET /v1/captures/{id}`
+
+返回状态。Agent 使用 `apiToken` 读取任意当前内存中的 capture；bridge 页面和插件只能用对应 capture 的 `bridgeToken` 读取同一 capture 的状态。状态枚举：
+
+- `queued`
+- `waiting_extension`
+- `running`
+- `cancel_requested`
+- `cancelled`
+- `completed`
+- `failed`
+- `expired`
+
+失败响应必须包含明确错误：
+
+```json
+{
+  "id": "cap_20260521_abcdef",
+  "status": "failed",
+  "error": {
+    "code": "EXTENSION_NOT_CONNECTED",
+    "message": "StackPrism extension did not connect to the bridge page within 30 seconds."
+  }
+}
+```
+
+### `GET /v1/captures/{id}/profile`
+
+采集完成后返回 `stackprism.site_experience_profile.v1`，只能使用 `apiToken` 读取。未完成时返回 `409` 和当前状态；使用 `bridgeToken` 访问必须返回 `403` 和错误码 `BRIDGE_TOKEN_CANNOT_READ_PROFILE`。
+
+### `GET /v1/captures/{id}/request`
+
+仅插件读取。返回本次 capture 的原始请求和当前 nonce。response body 必须包含 `captureId`、`sessionId`、`nonce`、`protocolVersion` 和 `request`，不得包含 `apiToken`、`bridgeToken`、profile body 或 callback URL。bridge 必须校验 Bearer `bridgeToken`；插件侧必须校验返回的 `captureId`、`sessionId`、`nonce` 和 `protocolVersion` 与 bridge 页面 config 完全一致，不一致时同源 POST `failed` 和 `BRIDGE_REQUEST_MISMATCH`，不得向 background 发送 `START_AGENT_CAPTURE`。
+
+### `GET /v1/captures/{id}/control`
+
+仅插件读取。bridge content script 在 capture 运行中定期轮询，用于发现 Agent 取消或任务过期。
+
+```json
+{
+  "id": "cap_20260521_abcdef",
+  "command": "continue",
+  "status": "running"
+}
+```
+
+当 Agent 调用 `DELETE /v1/captures/{id}` 后，返回 `command = "cancel"`；background 必须停止采集并清理自己创建的目标 tab。
+当 capture 已进入 `cancel_requested`、`failed` 或 `expired`，control endpoint 也必须返回 `command = "cancel"`，确保插件及时停止并清理目标 tab；`completed` 后插件不应继续轮询 control，若收到请求只能返回当前终态，不得重新发起采集。
+
+### `DELETE /v1/captures/{id}`
+
+取消任务。只有 `queued`、`waiting_extension`、`running` 可以转为 `cancel_requested`，不能立即删除内存状态，因为 bridge content script 仍需要通过 `GET /v1/captures/{id}/control` 读取 `cancel` 命令。插件确认取消或超时后再转为 `cancelled` 并清理自己创建的目标 tab。`completed`、`failed`、`cancelled`、`expired` 等终态调用 `DELETE` 必须返回 `409` 和当前终态，不能重新进入 `cancel_requested`，避免误删审计结果或改写失败原因。
+
+### `POST /v1/captures/{id}/status`
+
+仅插件回调用。bridge content script 把 background 的阶段状态和结构化错误同源 POST 回 bridge，供 Agent 通过 `GET /v1/captures/{id}` 观察。
+
+```json
+{
+  "id": "cap_20260521_abcdef",
+  "status": "running",
+  "phase": "target_loaded",
+  "sequence": 3
+}
+```
+
+允许的插件写入状态：`waiting_extension`、`running`、`cancelled`、`failed`。`completed` 只能由 profile 回写成功后产生。
+
+Status phase contract:
+
+- `phase` 只能是：`bridge_connected`、`request_loaded`、`target_opening`、`target_loaded`、`detecting_tech`、`profiling_experience`、`posting_profile`、`cleanup`。
+- `sequence` 是 bridge content script 为同一 capture 的每次 status POST 生成的递增整数，从 1 开始。bridge server 只接受大于当前 `sequence` 的非终态 status。
+- `running` phase 必须按上方列表顺序单调前进；重复、倒序 sequence 或倒退 phase 返回 `409 STALE_STATUS_UPDATE`，不得覆盖较新的 phase。
+- 终态 `cancelled`、`completed`、`failed`、`expired` 一旦写入后不可被插件 status 覆盖；再次写入终态必须返回当前终态和结构化错误，不得把 late message 当成功。
+- `failed` status body 必须包含 `error.code` 和 `error.message`；`details` 遵循统一脱敏规则。
+
+当插件写入 `status = "running"` 且 `phase = "target_loaded"` 时，body 必须包含目标 tab 的 `finalUrl`。bridge server 必须对该 final URL 执行协议、credential、当前 bridge origin、自捕获和 DNS/private-network 校验；校验失败时该 status 请求返回 `409` 和 `FINAL_URL_BLOCKED` 或 `BRIDGE_SELF_TARGET_BLOCKED`，background 必须停止采集、清理自己创建的目标 tab，并不得注入主动检测或 experience profiler。
+
+### `POST /v1/captures/{id}/profile`
+
+仅插件回调用。必须校验：
+
+- 请求来自 loopback。
+- `Authorization: Bearer {bridgeToken}` 匹配当前 capture。
+- body 是原始 `SiteExperienceProfile` JSON，必须包含 `schema = "stackprism.site_experience_profile.v1"`，且 body 内 `captureId` 与 path 一致；不得额外包 `{ "profile": ... }`，避免 `GET /profile` 与 `POST /profile` 使用两种形状。
+- bridge server 使用 capture 内部关联的 nonce 状态做一次性提交校验；nonce 不写入 profile body，避免最终 profile 暴露 bridge URL 中的 nonce。
+- nonce 未过期且未重复用于最终 profile 提交；多次 status 更新和 control 轮询不得消耗 nonce。
+
+## Bridge 页面契约
+
+`GET /bridge` 返回一个极小 HTML 页面，职责只有四项：
+
+- 暴露 session/capture/nonce 给 StackPrism bridge content script。
+- 展示连接状态，便于用户看到“等待插件 / 采集中 / 已完成 / 失败”，但不要求用户操作。
+- 阻止被普通 StackPrism 检测管道当作目标站点处理。
+- 通过同源 API 轮询 capture 状态并渲染状态；不得把状态存在 query string 或 localStorage/sessionStorage。
+
+Token handling:
+
+- `apiToken` 不放在 URL 或 bridge 页面，避免进入浏览器历史、页面源码、日志和 referrer。
+- bridge 页面由本地脚本直接渲染，在 HTML 内嵌只供 bridge content script 读取的一次性 `bridgeToken`；它不是 Agent 使用的 `apiToken`。
+- bridge 页面自身的内联脚本若需要渲染状态，只允许使用 `bridgeToken` 读取同一 capture 的 `GET /v1/captures/{id}`；不得读取 profile。
+- capture 完成后，bridge 页面可以把同一 status preview 渲染为结果工作台：目标网址、截图预览、截图放大预览、下载截图、复制截图、复制由 profile 生成的 Markdown 摘要，以及下方分组 profile 内容卡片。该工作台只能使用服务端生成的 `preview.contentSummary` 和 `preview.copyText`，不得在页面端读取或重组 raw profile。
+- `preview.copyText` 必须是受限 Agent 摘要，不得包含 raw profile、截图 data URL、`apiToken`、`bridgeToken`、nonce、Authorization、完整敏感文本或未脱敏 URL query。生成时至少要脱敏 URL query、token-like id、email、手机号和 token/secret 字段。
+- 复制截图依赖浏览器 Clipboard API。失败时页面必须明确显示错误，不得静默降级为“已复制”，也不得把截图 data URL 复制成文本伪装成功。用户下载或复制后的截图由浏览器/操作系统管理，不属于 bridge profile TTL 自动清理范围。
+- `bridgeToken` 以 DOM 可读 JSON script 形式存在是为了适配 content script isolated world，不得被描述为对其他已安装扩展保密。安全说明必须明确：同浏览器 profile 中拥有 loopback 页面访问能力的恶意扩展、DevTools 用户或浏览器自动化工具属于本地受信边界之外，第一版只防普通网页跨站访问、错误 Host、错误 token、重复 token render 和 profile 越权读取。
+- `/bridge` 响应必须使用 `Content-Type: text/html; charset=utf-8`。
+- `/bridge` 渲染 `bridgeToken` 前必须先执行 Host、request target、query schema 和来源导航校验。若请求带跨站 `Referer` 或 `Sec-Fetch-Site: cross-site`，必须返回 `403 ORIGIN_NOT_ALLOWED` 且不渲染 token；由系统浏览器打开、地址栏打开或同源刷新产生的无来源头、`Sec-Fetch-Site: none` 或 `same-origin` 请求可以继续校验 session/capture/nonce。
+- `/bridge` 必须先校验 query 中的 `session`、`capture`、`nonce` 与内存 capture 匹配，且 capture 仍未过期；校验失败时返回 404/410，不渲染 `bridgeToken`。
+- `/bridge` 只能在 bridge token 尚未被 claim 前渲染 `bridgeToken`；一旦插件用该 `bridgeToken` 成功读取 request 或写入 `waiting_extension`，bridge server 必须把 token 标记为 claimed。之后浏览器历史里的同一 `/bridge?...nonce=...` 再次打开时只能渲染无 token 状态页或返回 409，不能再次泄露 `bridgeToken`。
+- `/bridge` 的成功 HTML 首次渲染也必须记录 `bridgeTokenRenderedAt`；同一 `session/capture/nonce` 的第二次 `/bridge` 请求即使尚未被 content script claim，也只能返回无 token 状态页或 409，不能再次渲染 `bridgeToken`。第一版不支持刷新恢复，宁可显式失败，也不能允许复制/刷新 bridge URL 获得第二份 token。
+- 第一版不支持 bridge 页面刷新后自动恢复同一 capture；刷新导致 content script 断连时按 `BRIDGE_TRANSPORT_DISCONNECTED` 或 `EXTENSION_NOT_CONNECTED` 暴露失败，不做静默重连。
+- `bridgeToken` 必须放在 DOM 可读的 JSON script 中，不能只写入页面 JS 变量，因为 content script isolated world 不能可靠读取页面 JS 全局变量。
+- 所有 `<script>` 元素都必须带本次响应的 `nonce`，包括 `type="application/json"` 的 bridge config script，避免 CSP 执行策略与 content script 读取路径在不同浏览器中漂移。
+- bridge HTML 必须只使用服务端生成的安全 token/ID 组装 config，并通过 `JSON.stringify` 后按 `</script`、`<`、`>`、`&`、U+2028、U+2029 等序列做 HTML/script-safe 转义；状态文本渲染只能用 `textContent` 或等效安全 API，不能把 query、错误 message 或 URL 片段写入 `innerHTML`。测试必须覆盖恶意 query 值不会打断 JSON script、不会新增 `<script>`，也不会反射到页面可执行 HTML。
+- bridge 页面响应头必须包含 `Cache-Control: no-store`、`Referrer-Policy: no-referrer`、`X-Content-Type-Options: nosniff`、`X-Frame-Options: DENY`、`Cross-Origin-Opener-Policy: same-origin`、`Permissions-Policy: camera=(), microphone=(), geolocation=(), payment=(), usb=()`。
+- bridge 页面必须为每次成功 HTML 渲染生成独立 CSP nonce。可执行内联脚本必须带 `nonce`，CSP 使用 `script-src 'nonce-{cspNonce}'`；若需要内联 `<style>`，也必须带 nonce 并使用 `style-src 'nonce-{cspNonce}'`，否则 `style-src 'none'`。不得使用 `script-src 'unsafe-inline'` 或 `style-src 'unsafe-inline'`。
+- bridge 页面必须设置最小 CSP header：`default-src 'none'; script-src 'nonce-{cspNonce}'; style-src 'nonce-{cspNonce}'; connect-src 'self'; frame-ancestors 'none'; base-uri 'none'; form-action 'none'`。只有在明确实现并测试跨 origin bridge 页面需求后，才能扩大 `connect-src`；不得用 `http://127.0.0.1:*` 或 `http://localhost:*` 允许本机任意端口。
+- bridge 页面不得加载外部脚本、图片、字体或样式。
+- bridge 页面不得被 iframe/embed/object 嵌入；测试必须确认 `frame-ancestors 'none'` 和 `X-Frame-Options: DENY` 同时存在，避免本地页面通过 framing 干扰用户判断或触发重复渲染。
+
+Bridge 页面必须包含：
+
+```html
+<meta name="stackprism-agent-bridge" content="1" />
+<script id="stackprism-agent-bridge-config" type="application/json" nonce="{cspNonce}">
+  { "captureId": "cap_20260521_abcdef", "sessionId": "s_xxx", "nonce": "n_xxx", "bridgeToken": "spbt_xxx", "protocolVersion": 1 }
+</script>
+```
+
+插件侧必须在 `src/utils/page-support.ts` 或等效位置把含该 path/origin/session 的 bridge 页面排除出普通 `content-observer` 检测、badge 更新和 popup 缓存，避免本地 bridge 自身污染技术栈结果。
+
+Background listener isolation:
+
+- `src/background/index.ts` 的 `chrome.tabs.onUpdated`、`chrome.webNavigation.onCommitted` 和 `chrome.webRequest.onHeadersReceived` 也必须识别 bridge tab/request，并立即 return 或清理 bridge tab session；不能只依赖 content script return。
+- bridge 页面主请求、`/v1/captures/*` status/control/profile 请求、bridge tab 内的同源 fetch 都不得写入 `tab-store`、`popup-cache`、badge、dynamic snapshot 或 header records。
+- `src/background/message-router.ts` 的普通 runtime message 入口也必须识别 bridge tab：来自 bridge tab 的 `PAGE_DETECTION_RESULT`、`DYNAMIC_PAGE_SNAPSHOT`、`START_BACKGROUND_DETECTION`、`GET_POPUP_RESULT`、`GET_POPUP_RAW_RESULT` 和 `GET_HEADER_DATA` 不能写入或读取普通站点缓存；对带 `tabId` 的普通消息必须区分 sender 类型：content script sender 必须满足 `sender.tab.id === tabId`，popup/options 等扩展页面 sender 没有 `sender.tab` 时只能读取当前用户选择的普通 tab 且不能读取 bridge tab，避免 bridge tab 或任意 content script 用 message body 里的 `tabId` 污染其他标签页。
+- background、content script 和 bridge server 的日志都必须脱敏；不得打印 `apiToken`、`bridgeToken`、nonce、完整 bridge URL query、Authorization header、profile body、或目标 URL 中的敏感 query。现有 `console.log(... url ...)` 类路径触碰 bridge URL 时必须改为记录 origin/path 或 redacted URL。
+- 判断 bridge request 不能依赖 token；必须使用持久化的 `bridgeTabId`、`bridgeOrigin`、`/bridge` path、`stackprism-agent-bridge` meta 对应的 session/capture 关系，或等效的 bridge-tab registry。
+- `webRequest` 中如果 `details.tabId` 对应 bridge tab，必须跳过 `buildHeaderRecord` 和 `saveTabDataAndBadge`，避免把本地 bridge server 的响应头记录成目标站点技术证据。
+
+Bridge content script guard:
+
+- manifest 的 content script match 会覆盖所有 loopback path，因此 `src/content/agent-bridge-client.ts` 必须在读取 token 或访问 DOM 详情前先校验 path 为 `/bridge`、存在 `<meta name="stackprism-agent-bridge" content="1">`，且 query 参数包含 `session`、`capture`、`nonce`。
+- 对非 bridge 的 localhost/127.0.0.1 页面必须立即 return，不发送消息、不读取页面文本、不发起网络请求。
+
+Capability and protocol contract:
+
+- bridge 页面 config 中的 `protocolVersion` 必须等于插件编译时的 `bridgeProtocolVersion`。不匹配时，bridge content script 必须同源 POST `failed` 和 `BRIDGE_PROTOCOL_UNSUPPORTED`，不得向 background 发送 `START_AGENT_CAPTURE`。
+- background 对 `AGENT_BRIDGE_HELLO` 的响应必须包含 `extensionVersion`、`protocolVersion` 和稳定 capabilities 对象：`agentBridge`、`siteExperienceProfileV1`、`profileChunkTransport`、`bridgeContentPost`、`storageSession`、`experienceProfiler`、`rawProfile`、`viewportMetadata`、`visualScreenshot`。
+- 第一版必需 capability 是 `agentBridge`、`siteExperienceProfileV1`、`profileChunkTransport`、`bridgeContentPost`、`storageSession` 和 `experienceProfiler`。任一缺失或为 false 时，capture 必须失败为 `NOT_SUPPORTED`，并在脱敏 `details.missingCapability` 中记录字段名。
+- `chrome.storage.session` 不可用时不得退回普通内存状态；必须显式失败为 `NOT_SUPPORTED`，避免 service worker 重启后丢失 capture 所有权。
+- `chrome.storage.session` 的 access level 必须保持默认 trusted-only，或显式设置为 `TRUSTED_CONTEXTS`；不得调用 `chrome.storage.session.setAccessLevel({ accessLevel: "TRUSTED_AND_UNTRUSTED_CONTEXTS" })`。content script 不得直接读取 `agent-capture-state`、active-tab tracker 或普通 tab cache，只能通过已校验的 runtime message/Port 与 background 交互。
+- 最终 profile 的 `browserContext.extensionCapabilities` 必须直接来自握手时的 capabilities 快照，不能在 profile builder 中重新猜测。
+
+Loopback host checks:
+
+- bridge server 必须对所有 endpoint 校验 `Host` 头，包括 `/health` 和 `/bridge`。第一版只绑定 `127.0.0.1`，默认只生成 `http://127.0.0.1:{port}` bridge URL。允许的 Host 为 `127.0.0.1:{port}`；若实现明确支持 `localhost`，必须确认实际连接仍落在 loopback，并在测试中覆盖。不得声称支持 `[::1]`，除非同时实现 IPv6 loopback 绑定和 content script match。
+- 插件发回 profile 时必须使用原始 bridge origin，不能跟随 profile body 里的 callback URL。
+- bridge server 默认不返回宽松 CORS 头；第一版 profile 回传首选 bridge content script 的同源 `fetch`。如果后续保留 background 直连 fallback，必须只允许当前扩展 origin，不能使用 `Access-Control-Allow-Origin: *`。
+- bridge server 必须拒绝 `OPTIONS` preflight 且不返回 `Access-Control-Allow-*`，避免本地网页跨站驱动 Agent Bridge API。
+- 本机 loopback 不是强身份边界：`127.0.0.1:{port}`、`/bridge` path、meta 标记、`session/capture/nonce` 和 `bridgeToken` 只能把本次 capture 绑定到同一 bridge 页面和同一 bridge server 状态，不能证明该 server 一定由 StackPrism Skill 启动。第一版依赖“本机用户启动的 bridge 进程可信”作为部署前提；若未来要防本机恶意进程，必须另起任务设计扩展侧显式授权、Native Messaging、操作系统级 broker 或等效机制。
+
+## Profile 回传传输路径
+
+为避开 MV3 background 到 loopback 的 CORS、preflight 和浏览器差异，第一版固定使用以下传输路径：
+
+1. `src/content/agent-bridge-client.ts` 在 bridge 页面保存 `bridgeToken`、`bridgeOrigin`、`captureId` 和 `nonce`。
+2. bridge content script 用同源 `POST /v1/captures/{id}/status` 写入 `waiting_extension`，再把 capture request 发给 background。
+3. background 运行期间通过 `chrome.tabs.sendMessage` 或 `runtime.Port` 把阶段状态、结构化错误和最终 profile 分片发回对应 bridge 页面 content script。
+4. bridge content script 使用同源 `POST /v1/captures/{id}/status` 更新阶段状态，使用同源 `fetch('/v1/captures/{id}/profile')` POST profile，并带 `Authorization: Bearer {bridgeToken}`。
+5. bridge content script 轮询 `GET /v1/captures/{id}/control`；收到 `cancel` 后通知 background 停止采集并清理目标 tab。
+6. content script 把 status/profile POST 结果回报 background，background 再更新内部 capture 状态。
+
+background 必须在 `AGENT_BRIDGE_HELLO` 时记录 `sender.tab.id`、`sender.tab.windowId`、bridge origin、captureId、session 和 nonce；后续所有 agent bridge 消息必须同时匹配该 bridge tab id 与 bridge URL。background 不应直接读取或持久化 `bridgeToken`。如果 service worker 重启导致 bridge content script 断连，capture 必须失败为 `BRIDGE_TRANSPORT_DISCONNECTED`，不得伪造完成。
+
+Profile chunk transport contract:
+
+- background 不得用单条 `chrome.tabs.sendMessage` 或 `runtime.Port.postMessage` 发送完整 profile。最终 profile 必须先序列化为 UTF-8 JSON bytes，再按固定上限分片。
+- 单片 raw payload 上限为 `384 * 1024` bytes；base64 编码和消息 envelope 后的单条扩展消息目标上限为 512 KiB，避免在 MV3 扩展消息序列化链路上失败。
+- 每次 profile 传输必须包含 `profileTransferId`、`captureId`、`sessionId`、`nonce`、`chunkIndex`、`chunkCount`、`byteLength`、`chunkByteLength`、`sha256` 和 `payloadBase64`。`sha256` 计算对象是完整 UTF-8 JSON bytes，不是 base64 字符串。
+- 消息顺序为 `AGENT_PROFILE_TRANSFER_BEGIN`、一个或多个 `AGENT_PROFILE_TRANSFER_CHUNK`、`AGENT_PROFILE_TRANSFER_COMPLETE`；bridge content script 必须逐片 ack，background 只有收到上一片 ack 后才发送下一片。
+- bridge content script 必须先校验 transfer message 的 `captureId`、`sessionId` 和 `nonce` 与本页 bridge config 完全一致，再按 `profileTransferId` 建立内存缓冲。校验失败必须拒绝该 transfer 并写入 `PROFILE_TRANSPORT_FAILED`。
+- bridge content script 必须校验 `payloadBase64` 可解码为 bytes、chunk 数量、chunkIndex 连续性、累计 byteLength 和完整 sha256；校验通过后把 UTF-8 bytes 解析为原始 `SiteExperienceProfile` JSON，再 POST profile endpoint。缺片或超时写入 `PROFILE_CHUNK_MISSING`，hash 不匹配写入 `PROFILE_HASH_MISMATCH`，ack 超时、reassembly 失败、base64/UTF-8/JSON decode 失败或 POST 前传输异常写入 `PROFILE_TRANSPORT_FAILED`。
+- profile transfer 超时时间建议 10 秒；终态后必须清理内存缓冲。profile chunks、完整 profile JSON、`bridgeToken` 和 `apiToken` 都不得写入 `chrome.storage.session`。
+- content script POST profile 成功或失败后必须把结果 ack 给 background；background 不得在只完成扩展内部分片传输时把 capture 视为 completed。
+
+Port disconnect reporting:
+
+- bridge content script 使用 `runtime.Port` 时必须监听 `port.onDisconnect`。
+- 如果断开时 capture 仍未进入 `completed`、`failed` 或 `cancelled`，bridge content script 必须用自身持有的 `bridgeToken` 同源 `POST /v1/captures/{id}/status`，写入 `failed` 和 `BRIDGE_TRANSPORT_DISCONNECTED`；POST 失败时在 bridge 页面显示失败状态，不能静默等待。
+- service worker 启动恢复未完成 capture 时，background 必须根据持久化的 `bridgeTabId` 用 `chrome.tabs.sendMessage` 通知 bridge content script 上报 `SERVICE_WORKER_RESTARTED` 或 `BRIDGE_TRANSPORT_DISCONNECTED`；如果 bridge tab 已不存在，必须清理自己创建的 target tab，Agent 侧最终通过 bridge server 的 timeout/expired 状态观察失败。
+- 浏览器完全退出、扩展 reload/update、用户禁用扩展或 `chrome.storage.session` 被清空后，第一版不尝试恢复未完成 capture；恢复入口只能 fail closed：清理 `createdByCapture` 目标 tab、清理残留 session state，并让 Agent 侧通过 bridge timeout/expired 或下一次状态查询看到结构化失败。文档不得把 `chrome.storage.session` 描述成跨浏览器重启持久化机制。
+- MV3 service worker 可能在 capture 中途挂起或重启，不能把 background 内存 `setTimeout` 当作唯一超时、取消或清理门禁。background 必须把 `startedAt`、`deadlineAt`、`cancelDeadlineAt`、`profileTransferDeadlineAt` 或等效绝对时间写入 `chrome.storage.session`，在每次事件、Port 重连、message、tab 更新和 service worker 模块初始化时比较当前时间并 fail closed。bridge server 的 capture timeout/control 是 Agent 可观察的权威超时源；扩展侧 timer 只作为活跃 worker 期间的快速清理。第一版不新增 `chrome.alarms` 权限；若实现选择用 alarms，必须同步更新 manifest、权限测试、隐私文档和验收报告。
+
+Persisted extension state:
+
+`src/background/agent-capture-state.ts` 写入 `chrome.storage.session` 的最小字段必须包括：
+
+```json
+{
+  "captureId": "cap_20260521_abcdef",
+  "sessionId": "s_xxx",
+  "nonce": "n_xxx",
+  "bridgeOrigin": "http://127.0.0.1:17370",
+  "bridgeUrl": "http://127.0.0.1:17370/bridge?session=s_xxx&capture=cap_20260521_abcdef&nonce=n_xxx",
+  "bridgeTabId": 101,
+  "bridgeWindowId": 7,
+  "targetTabId": 102,
+  "targetWindowId": 7,
+  "targetUrl": "https://target.example/",
+  "finalUrl": "https://target.example/",
+  "targetMode": "reuse_or_new_tab",
+  "createdByCapture": true,
+  "keepTabOpen": false,
+  "phase": "target_loaded",
+  "status": "running",
+  "startedAt": "2026-05-22T12:00:00.000Z",
+  "updatedAt": "2026-05-22T12:00:03.000Z",
+  "error": null
+}
+```
+
+这些字段用于 service worker 重启后判断该通知哪个 bridge tab、该清理哪个 target tab、哪些 tab 是插件自己创建的，以及最终应向 Agent 暴露哪个结构化失败状态；不得把 `bridgeToken` 或 `apiToken` 写入 `chrome.storage.session`。
+`agent-capture-state`、active-tab tracker 和普通 tab cache 的 key 必须使用不同前缀，并通过集中 helper 列出/清理；capture 终态、bridge tab 关闭、扩展启动恢复失败和 E2E 清理阶段都必须删除对应 capture state，避免后续 capture 误读旧 tab ownership。
+
+## Profile Schema
+
+顶层结构：
+
+```json
+{
+  "schema": "stackprism.site_experience_profile.v1",
+  "captureId": "cap_20260521_abcdef",
+  "generatedAt": "2026-05-22T12:00:00.000Z",
+  "target": {},
+  "browserContext": {},
+  "techProfile": {},
+  "visualProfile": {},
+  "layoutProfile": {},
+  "componentProfile": {},
+  "interactionProfile": {},
+  "uxProfile": {},
+  "assetProfile": {},
+  "evidence": {},
+  "limitations": [],
+  "agentGuidance": {}
+}
+```
+
+### `target`
+
+- `url`
+- `finalUrl`
+- `loadError`: only when the browser reports a main-frame load failure; contains sanitized extension error code/category, not the full failing URL query.
+- `origin`
+- `title`
+- `language`: from page language attributes when available; empty string when unknown, not inferred from account or locale data.
+- `viewportProfiles`
+- `captureScope`: `current_page`, `target_url`, or `same_origin_flow`
+
+### `browserContext`
+
+- `userAgent`
+- `extensionVersion`
+- `capturedAt`
+- `waitMs`
+- `viewports`
+- `pageSupported`
+- `loginState`: only `unknown`, `likely_authenticated`, `likely_public`; do not expose account data.
+- `viewportMode`: `current_viewport`, `window_size_approximation`, or `unsupported`.
+- `bridgeProtocolVersion`
+- `extensionCapabilities`: copied from `AGENT_BRIDGE_HELLO` response, including `agentBridge`, `siteExperienceProfileV1`, `profileChunkTransport`, `bridgeContentPost`, `storageSession`, `experienceProfiler`, `rawProfile`, `viewportMetadata`, `visualScreenshot`.
+
+Viewport rule:
+
+- 普通 Chrome 扩展不能像 CDP 那样真实模拟移动设备、DPR、触控和 user agent。
+- 第一版 `viewports` 只表示“希望采集的窗口尺寸或当前视口摘要”，不是移动设备仿真。
+- 如果无法安全调整窗口尺寸，插件必须返回 `viewportMode = "current_viewport"` 并在 `limitations` 说明未做移动视口采集。
+- 默认不输出截图图像；`captureScreenshotMetadata` 仅表示采集视口尺寸、关键元素 bounding box 和 above-fold 摘要。`captureScreenshotMetadata = false` 时不得采集或输出 bounding box / above-fold 细节，只保留基础 viewport 上下文和 limitation。`captureScreenshot = true` 是单独显式能力，扩展端只在传给本机 bridge 的内部 profile 中携带当前可见视口 JPEG data URL；bridge 保存后必须把它转为临时截图下载资产，下载给 Agent 的 Profile JSON 只包含 `downloadUrl` 和生命周期说明。
+- 如果需要调整窗口尺寸，必须记录原窗口尺寸并在采集后恢复；没有 `chrome.windows` 权限时不能假装已调整。
+- 第一版不新增 `chrome.windows` 权限；除非后续任务明确更新 manifest 和隐私文档，否则统一返回 `viewportMode = "current_viewport"`，不尝试调整窗口尺寸。
+
+### `techProfile`
+
+基于现有 StackPrism 检测结果：
+
+- `technologies`: category, name, version, confidence, sources, evidence, url
+- `primaryFrontend`
+- `uiFramework`
+- `buildRuntime`
+- `cmsOrSiteProgram`
+- `serverHints`
+- `thirdPartyServices`
+- `confidenceSummary`
+- `implementationNotes`: 说明技术是“复刻参考”，不是必须照搬。
+
+### `visualProfile`
+
+新增体验采集脚本输出：
+
+- `colorTokens`: dominant backgrounds, text colors, accent colors, border colors, CSS variables
+- `typography`: font families, body size, heading scale, line heights, font weights
+- `spacing`: common gaps, section padding, card padding
+- `shape`: border radius scale, button radius, card radius, input radius
+- `elevation`: box shadows, backdrop filters, border styles
+- `density`: compact, balanced, spacious
+- `themeMode`: light, dark, mixed, system-dependent
+
+### `layoutProfile`
+
+- `landmarks`: header, nav, main, footer, aside
+- `hero`: presence, height, content alignment, media usage
+- `gridSystems`: card grid, column count, max content width
+- `responsiveBehavior`: desktop/mobile differences
+- `stickyElements`: sticky header, fixed CTA, floating controls
+- `aboveFold`: main visual hierarchy and first viewport summary
+
+### `componentProfile`
+
+采集常见 UI 单元：
+
+- buttons: count, variants, size, radius, hover/focus evidence
+- links: inline/nav/button-like
+- forms: inputs, selects, search bars, validation hints
+- cards: count, media placement, action areas
+- navigation: top nav, side nav, breadcrumbs, tabs
+- overlays: modal, drawer, popover, tooltip candidates
+- dataDisplay: table, list, stats, badges
+
+### `interactionProfile`
+
+- `hoverPatterns`
+- `focusPatterns`
+- `transitions`: duration, easing, properties
+- `animations`: names, durations, iteration count
+- `scrollBehavior`
+- `loadingIndicators`
+- `interactiveControls`
+
+Interaction rule:
+
+- 第一版默认 passive capture，不点击、不提交表单、不触发可能改变业务状态的控件。
+- hover/focus 只能来自可读 CSS selector、transition token、ARIA/state 属性和当前 DOM 状态；不得伪造“已验证 hover 效果”。
+- modal/drawer/dropdown 只记录当前可见或 DOM 中可观察的结构；不主动打开隐藏菜单。
+
+### `uxProfile`
+
+基于 DOM 结构和可见文本摘要，不做隐私内容搬运：
+
+- `pagePurpose`: inferred category, such as marketing, SaaS dashboard, docs, ecommerce, form flow
+- `primaryUserPath`
+- `informationHierarchy`
+- `ctaStrategy`
+- `trustSignals`
+- `navigationDepth`
+- `contentGrouping`
+- `frictionPoints`: only observable UX risks, not speculative private intent
+- `textSamples`: bounded short labels or summaries only; no full visible text or private account content
+
+Text privacy rule:
+
+- 默认不输出完整可见文本。
+- CTA、导航、表单标签最多输出短标签摘要，并先脱敏 email、手机号、长数字 ID、货币金额、疑似姓名字段。
+- 对登录态页面，优先输出 role/category/count/length，而不是具体内容。
+
+Frame and shadow DOM rule:
+
+- 同源 iframe 可以采集摘要，但必须标记 frame URL。
+- 跨源 iframe、closed shadow root 和不可访问 CSSStyleSheet 只能记录存在性与边界框，不得声明内部 UI 已完整采集。
+
+### `assetProfile`
+
+- `scripts`
+- `stylesheets`
+- `resourceDomains`
+- `imageDomains`
+- `fontUrls`
+- `manifest`
+- `themeAssetUrls`
+- `favicon`
+- `cdnHints`
+- `redactionPolicy`: 说明资源 URL 已丢弃 hash、敏感 query 参数已脱敏。
+
+### `evidence`
+
+证据要可追溯但脱敏：
+
+- `highConfidence`
+- `mediumConfidence`
+- `lowConfidence`
+- `rawCounts`
+- `sourceCoverage`: headers, page, dynamic, bundle, visual, interaction
+- `truncation`: per-field truncation flags and omitted counts, such as `resourceUrls`, `textSamples`, `componentSamples`, `cssRules`.
+
+### `limitations`
+
+必须明确：
+
+- 后端隐藏响应头时不可推断真实服务端技术。
+- 低置信兜底脚本名不应作为硬依赖。
+- 未交互到的流程不会出现在 profile 中。
+- 跨域样式表可能无法读取完整 CSS rules，只能读取 computed style。
+- 登录态页面只输出结构和体验摘要，不输出敏感用户数据。
+
+### `agentGuidance`
+
+直接给 Agent 的执行建议：
+
+- 优先复刻视觉层级、交互反馈、布局密度和信息结构。
+- 技术栈用于选择等效实现，不要求与原站完全相同。
+- 高置信证据可作为实现约束；低置信证据只能作为候选。
+- 如果目标项目已有技术栈，优先用目标项目技术栈实现相同体验。
+- 完成后用桌面/移动截图、DOM 几何、交互 smoke test 验证。
+- 如果采集结果因上限被截断，必须在 `evidence.truncation` 和 `limitations` 同时说明，Agent 不得把缺失字段理解为目标站点不存在该结构。
+
+`agentGuidance.recreationPlan` 是给复刻任务的结构化执行层，必须只引用已脱敏 profile 内容：
+
+- `objective`: 明确目标是基于浏览器可观测证据复刻相似网站体验，不是复制后端私有实现或用户私密内容。
+- `implementationOrder`: 从技术栈映射、design token、布局蓝图、组件优先级、交互状态到验证的执行顺序。
+- `designTokens`: 从 `visualProfile` 提取颜色、字体、字号、行高、间距、圆角和阴影候选。
+- `layoutBlueprint`: 从 `layoutProfile` 与 `uxProfile` 提取 landmarks、first-viewport summary、内容分组、信息层级、`viewportMode` 和响应式边界说明；不得在 `captureScreenshotMetadata = false` 时额外输出 `aboveFold`、`boundingBoxes`、`boundingBox`、`bounds` 或 `rect` 这类截图/几何元数据字段名。
+- `componentInventory`: 从 `componentProfile.counts` 和 samples 生成组件数量、优先类型、样本数量和是否包含 rect metadata。
+- `interactionChecklist`: 从 passive interaction 证据提取 transition、animation、sticky/fixed、focus/hover hints，并标注第一版不主动点击。
+- `uxChecklist`: 汇总 `pagePurpose`、`primaryUserPath`、`ctaStrategy`、`trustSignals` 和 `frictionPoints`。
+- `assetHints`: 汇总资源域、CDN hint、script/style 数量、image/font hint 和资源 URL 数量；不得复制 signed URL 或敏感 query。
+- `verificationChecklist`: 要求下游实现后做截图构图、DOM 几何、响应式适配、hover/focus/sticky/loading/scroll smoke 和 limitations 复核。
+
+## 文件结构规划
+
+### Skill 包
+
+- Create: `agent-skill/stackprism-site-experience/SKILL.md`
+  - Agent 触发条件、运行 bridge 脚本、读取 profile、转成实现计划的工作流。
+- Create: `agent-skill/stackprism-site-experience/README.md`
+  - 说明 repo-local Skill 不会自动进入 Codex 全局 skill registry；提供复制/软链接到 `$CODEX_HOME/skills` 或直接按路径运行脚本的方式。
+- Create: `agent-skill/stackprism-site-experience/agents/openai.yaml`
+  - 可选 metadata 与发布辅助文件；必须声明不会让 Codex 自动发现 repo-local Skill。
+- Create: `agent-skill/stackprism-site-experience/scripts/stackprism-bridge.mjs`
+  - 无全局安装、无 npm bin；作为薄 CLI 入口启动 loopback HTTP server，不承载完整业务实现。
+- Create: `agent-skill/stackprism-site-experience/scripts/bridge/*.mjs`
+- JS bridge helper 模块，至少拆分 protocol/error response、capture store/timers、URL policy/DNS、HTTP routing/body limits、browser open/redaction；每个文件遵守 300 行上限，函数遵守 50 行上限。
+- Create: `agent-skill/stackprism-site-experience/scripts/stackprism_bridge.py`
+  - Python fallback 薄 CLI 入口，使用标准库 `http.server`，提供与 JS bridge 一致的 HTTP API；若某能力确实无法等价实现，必须返回结构化 `NOT_SUPPORTED` 并在 Skill 中标记 Python 为受限 fallback。
+- Create: `agent-skill/stackprism-site-experience/scripts/stackprism_bridge_lib/*.py`
+- Python fallback helper 模块，按与 JS bridge 对齐的职责拆分 protocol/error response、capture store/timers、URL policy/DNS、HTTP routing/body limits、browser open/redaction；每个文件遵守 300 行上限，函数遵守 50 行上限。
+- Modify: `.gitignore`
+  - 当前根规则 `scripts/` 会吞掉 `agent-skill/.../scripts/`；必须在 Task 6 创建首个 Skill 脚本前加入 `!agent-skill/`、`!agent-skill/**/`、`!agent-skill/**/scripts/` 和 `!agent-skill/**/scripts/**` 例外。还必须忽略 `__pycache__/` 和 `*.py[cod]`，并确保这些忽略规则在脚本 unignore 之后仍生效，避免 `py_compile` / `compileall` 留下未跟踪字节码。
+- Create: `tests/fixtures/bridge-url-policy-cases.json`
+  - JS/Python bridge 共用的 URL、DNS 解析结果、私网网段、credential、fragment、URL 归一化、tab 匹配和 final URL 校验用例；测试必须把这些 DNS 结果注入 URL policy helper，避免两套脚本语义漂移或依赖真实 DNS。
+- Create: `agent-skill/stackprism-site-experience/references/site-experience-profile-schema.md`
+  - profile schema 字段说明与消费规则。
+- Create: `agent-skill/stackprism-site-experience/references/agent-consumption-guide.md`
+  - Agent 如何从 profile 生成 UI/UX 实现策略。
+- Modify: `.prettierignore`
+  - 明确不忽略 `agent-skill/**/scripts/**`，避免后续新增宽泛 `scripts/` 规则时让 Skill 脚本脱离格式化和审查。
+
+### 插件类型与协议
+
+- Create: `src/types/agent-bridge.ts`
+  - Capture request/status/profile/error 类型。
+- Modify: `package.json`
+  - 给 `test:unit` 增加 Node test runner 超时，例如 `node --test --test-timeout=60000 tests/*.test.mjs`，避免 bridge 子进程或 HTTP 测试卡死阻塞 CI。
+- Create: `src/utils/site-experience-profile.ts`
+  - profile builder、脱敏、字段归一化、schema version 常量。
+- Modify: `src/background/headers.ts`
+  - 扩展现有响应头脱敏边界，除了 `set-cookie` 外也防御 `cookie`、`authorization`、`proxy-authorization` 和 token-like header 值进入 `allHeaders`、profile 或 evidence。
+- Modify: `src/types/settings.ts`
+  - 增加 `agentBridgeEnabled: boolean`，默认 `false`，并把该字段纳入 `DetectorSettings`。
+- Modify: `src/utils/constants.ts`
+  - 增加 `AGENT_BRIDGE_ENABLED_STORAGE_KEY`，用于 local-only bridge opt-in。
+- Modify: `src/background/detector-settings.ts`
+  - 从 `chrome.storage.local` 读取并合并 `agentBridgeEnabled`，忽略 sync payload 中的同名旧字段；local opt-in 作为唯一生效来源。
+- Modify: `src/utils/normalize-settings.ts`
+  - 归一化同步过来的 detector settings，缺省为 `false`；不得因为旧设置对象缺字段而默认开启 Agent Bridge，也不得因为旧 sync payload 中携带同名字段而自动开启。
+- Modify: `src/ui/settings/Settings.vue`
+  - 增加 Agent Bridge 启用开关和本机信任边界说明；保存后写入 `chrome.storage.local`，并在重置时清除 local opt-in。
+- Create: `tests/helpers/load-ts-module.mjs`
+  - 测试侧统一转译 TypeScript，并处理 `@/` alias 到 `src/`。若被测 TS 有运行时 import，helper 必须编译到系统临时目录或仓库已忽略的 `tmp/compiled-tests/` 后再用 file URL import，不能用 data URL 直接加载带相对 import 的输出。
+- Create: `tests/fixtures/bridge-protocol-identifiers.json`
+  - JS bridge、Python fallback 和插件侧共用的协议标识符 fixture，覆盖 `apiToken`、`bridgeToken`、`captureId`、`sessionId`、`nonce`、`profileTransferId` 和 `cspNonce` 的合法/非法样例、regex、长度和前缀。
+- Test: `tests/site-experience-profile.test.mjs`
+  - 校验 schema、脱敏、低置信标记、字段稳定性。
+
+### 插件 bridge 接入
+
+- Create: `src/content/agent-bridge-client.ts`
+  - 仅在 loopback bridge 页面运行；解析 token/session，向 background 发握手消息，并承担 bridge 页面同源 POST profile 的 transport。
+- Modify: `src/manifest.config.ts`
+  - 增加仅匹配 `http://127.0.0.1/*` 的 bridge content script；只有在 bridge server 同步支持并测试 `localhost` Host 后才加入 `http://localhost/*`。
+- Modify: `src/background/content-injector.ts`
+  - 不能继续假设 `chrome.runtime.getManifest().content_scripts?.[0]` 一定是 `content-observer.ts`；必须按文件名查找或显式常量指定 observer 文件。
+- Modify: `src/utils/page-support.ts`
+  - 排除 StackPrism bridge 页面，避免普通检测和 badge 被本地 bridge 污染。
+- Modify: `src/content/content-observer.ts`
+  - 在脚本入口识别 bridge 页面并立即 return，避免动态快照发送到 background。
+- Modify: `src/types/messages.ts`
+  - 增加 `AGENT_BRIDGE_HELLO`、`START_AGENT_CAPTURE`、`AGENT_CAPTURE_STATUS`、`AGENT_CAPTURE_CONTROL`、`AGENT_PROFILE_TRANSFER_BEGIN`、`AGENT_PROFILE_TRANSFER_CHUNK`、`AGENT_PROFILE_TRANSFER_COMPLETE`、`AGENT_PROFILE_TRANSFER_ACK`。
+  - `START_AGENT_CAPTURE` payload 只包含 `captureId`、`sessionId`、`nonce`、`bridgeOrigin`、`request` 和 `capabilities`，不得包含 `bridgeToken`；`AGENT_PROFILE_TRANSFER_*` payload 只包含 transfer metadata 和 `payloadBase64`，不得包含 `bridgeToken` 或 profile wrapper。
+- Modify: `src/background/message-router.ts`
+  - 接收 bridge hello、capture start、status/control/profile transport 消息。
+
+### 插件采集编排
+
+- Create: `src/background/agent-capture.ts`
+  - 管理 capture lifecycle、目标 tab 打开/复用、超时、回调 bridge。
+- Create: `src/background/agent-capture-state.ts`
+  - 将 capture 状态写入 `chrome.storage.session`，避免 MV3 service worker 重启后只剩内存状态。
+- Create: `src/background/active-tab-tracker.ts`
+  - 用 `chrome.tabs.onActivated` 和 `chrome.tabs.onUpdated` 记录每个 window 最近的非 bridge active tab，供 `targetMode = "active_tab"` 使用；不得新增 `chrome.windows` 权限。
+- Modify: `src/background/index.ts`
+  - 注册 active tab tracker、agent capture lifecycle、tab close/navigation cleanup、bridge tab/request 隔离和 service worker 重启恢复逻辑。
+- Modify: `src/background/detection.ts`
+  - 暴露可复用的“确保目标 tab 已检测完成”内部函数，避免复制检测逻辑；agent path 必须返回结构化结果或抛出错误，不能沿用现有吞异常 wrapper。
+- Modify: `src/background/tab-store.ts`
+  - 增加按 captureId 读取目标 tab 数据的辅助函数。
+- Create: `src/background/agent-bridge-tabs.ts`
+  - 维护 bridge tab registry，提供 `isAgentBridgeTab(tabId)`、`isAgentBridgeUrl(url)` 和 `isAgentBridgeRequest(details)`，供 `index.ts`、`page-support.ts`、`content-injector.ts` 和 agent capture cleanup 共用。
+- Modify: `src/background/dynamic-snapshot.ts`
+  - 暴露清理 pending dynamic snapshot 与 timer 的函数，支持 agent capture 的 `forceRefresh`。
+- Modify: `src/background/bundle-license.ts`
+  - 复用或暴露现有 `clearBundleLicenseTimer`，支持 agent capture 的 `forceRefresh` 和 cleanup。
+- Modify: `src/background/popup-cache.ts`
+  - 复用 `buildPopupRawResult` 与现有合并逻辑。
+- Test: `tests/agent-capture-orchestration.test.mjs`
+  - 使用 fake chrome APIs 覆盖 background capture 编排、active tab 选择、清理策略、service worker restart 和 token 不持久化边界。
+
+### 体验采集脚本
+
+- Create: `src/injected/experience-profiler.ts`
+  - 注入目标页 MAIN world 或 isolated context，采集 computed style、布局、组件和交互线索；模块 default export 必须是可被 Vite IIFE 包装后作为 `chrome.scripting.executeScript({ files })` result 返回的 JSON-serializable value 或 Promise。
+- Modify: `build-scripts/build-injected.mjs`
+  - 构建 `public/injected/experience-profiler.iife.js`，并沿用现有追加 `__StackPrismInjected_<entry>;` 的机制，让 executeScript 能拿到 IIFE 返回值。
+- Modify: `vite.injected.config.ts`
+  - 将 `experience-profiler` 加入 `ENTRIES`，否则 `build-injected.mjs` 即使新增 entry 数组也无法构建。
+- Modify: `src/manifest.config.ts`
+  - 不默认把 `injected/experience-profiler.iife.js` 加入 `web_accessible_resources`；`chrome.scripting.executeScript({ files })` 只需要扩展包内路径。只有实现证明需要网页或 content script 通过 `chrome.runtime.getURL()` / `fetch()` 读取该文件时，才允许加入最小 match 的独立 `web_accessible_resources` 条目，并在 `docs/dev/agent-bridge.md` 记录原因和风险。
+- Test: `tests/experience-profile-format.test.mjs`
+  - 对纯函数部分做静态输入输出测试。
+- Test: `tests/agent-bridge-manifest.test.mjs`
+  - 验证 manifest 权限、bridge content script match、content script 顺序、agent-only profiler 默认不进入 `web_accessible_resources`、以及未新增 `chrome.windows` 权限。
+- Create: `tests/fixtures/site-experience-fixture.html`
+  - 固定视觉/UI/UX fixture，包含颜色、字体、layout、按钮、表单、卡片、transition、跨源 iframe 占位和脱敏文本样本。
+
+### 文档
+
+- Modify: `docs/dev/architecture.md`
+  - 增加 Agent Bridge 架构与数据流。
+- Modify: `docs/dev/detection-flow.md`
+  - 增加 agent capture 流程。
+- Modify: `docs/dev/release.md`
+  - 增加手动验证项：bridge 脚本、插件握手、profile 输出。
+- Modify: `.github/workflows/release-extension.yml`
+  - 在打包 zip/crx 前运行 Agent Bridge 相关质量门禁，并检查 `dist/` 不包含 repo-local Skill、本地 bridge server 脚本、测试 fixture、`docs/superpowers/` 或 Python 字节码缓存。
+- Create: `docs/dev/agent-bridge.md`
+  - 面向开发者的协议与安全说明。
+- Modify: `docs/dev/index.md`
+  - 增加 Agent Bridge 开发文档入口，避免只进 sidebar 但开发索引不可发现。
+- Modify: `docs/.vitepress/config.ts`
+  - 把 `docs/dev/agent-bridge.md` 加入开发手册 sidebar，避免新增文档不可发现。
+- Modify: `PRIVACY.md`
+  - 明确 Agent Bridge 会采集浏览器侧可观测的技术和体验摘要，但不采集 cookie、Authorization、localStorage/sessionStorage 明文和完整敏感文本。
+- Modify: `README.md`
+  - 增加 Agent Bridge 能力入口和安装后使用边界。
+- Modify: `docs/guide/basic-usage.md`
+  - 增加面向普通用户的 Agent Bridge 使用说明和隐私边界。
+- Create: `docs/reviews/CR-AGENT-BRIDGE-E2E-2026-05-22.md`
+  - 收口阶段记录所有验证命令、退出码、浏览器 smoke 结果、跳过项和剩余风险，满足 AGENTS 的主线回归验证沉淀要求。
+
+## 执行门禁
+
+- 当前仓库未发现 `tasks.md`、`issues.csv` 或等效任务跟踪文件；本计划位于 `docs/superpowers/plans/`，只能作为实现计划，不能冒充唯一任务源。
+- 真正开始实现前，执行者必须先与用户确认本计划可作为当前锁定任务，或按用户指定创建/更新正式任务跟踪文件并把状态置为“进行中”。
+- 每个 Task commit 前必须运行 `git diff --check`、`git diff --cached --check`、`git status --short`、`git diff --name-only` 和 `git diff --cached --name-only`。`git diff --check` 与 `git diff --cached --check` 都必须无输出。新文件在未 stage 前不会被 `git diff --check` 覆盖；因此必须先用 `git add -N <new files>` 或在 staging 后用 `git diff --cached --check` 检查新增文件的 whitespace/conflict-marker 问题。
+- `git diff --name-only` 不显示未跟踪新文件，所以还必须用 `git status --short` 确认已跟踪改动、未跟踪文件和待提交文件都只包含该 Task 的 Files 列表和必要验证报告。如出现范围外文件，必须先拆分或回退该 Task 自己引入的无关改动。
+- 每个 Task 完成时必须在提交说明或 Task notes 中记录执行依据、验证命令和结果；不得并行推进多个 Task。
+- 本仓库现有 `src/content/content-observer.ts`、`src/background/dynamic-snapshot.ts`、`src/background/bundle-license.ts` 和 `src/background/popup-cache.ts` 已超过 300 行。任何 Task 触碰这些超限文件时，只允许做最小接线或先把相关职责抽到新文件，不能继续把新业务逻辑堆进去；新增 bridge 脚本和 helper 模块也必须按 300 行文件上限、50 行函数上限拆分。
+
+## 开发任务
+
+### Task 1: 锁定协议与类型
+
+**Files:**
+
+- Modify: `package.json`
+- Create: `src/types/agent-bridge.ts`
+- Modify: `src/types/settings.ts`
+- Modify: `src/utils/normalize-settings.ts`
+- Create: `tests/helpers/load-ts-module.mjs`
+- Create: `tests/fixtures/bridge-protocol-identifiers.json`
+- Create: `tests/site-experience-profile.test.mjs`
+
+- Historical item: 修改 `package.json` 的 `test:unit` 为 `node --test --test-timeout=60000 tests/*.test.mjs` 或等效超时命令，满足后端/脚本测试 60 秒超时基线，防止 bridge 子进程测试卡死。
+- Historical item: 定义 `AgentCaptureRequest`、`AgentCaptureStatus`、`SiteExperienceProfile`、`AgentBridgeError`。
+- Historical item: 定义 `AgentBridgeCapabilities`，字段固定为 `agentBridge`、`siteExperienceProfileV1`、`profileChunkTransport`、`bridgeContentPost`、`storageSession`、`experienceProfiler`、`rawProfile`、`viewportMetadata`、`visualScreenshot`。
+- Historical item: 定义 agent bridge message union：`AgentBridgeHelloMessage`、`StartAgentCaptureMessage`、`AgentCaptureStatusMessage`、`AgentCaptureControlMessage`、`AgentProfileTransferBeginMessage`、`AgentProfileTransferChunkMessage`、`AgentProfileTransferCompleteMessage`、`AgentProfileTransferAckMessage`。
+- Historical item: 在 `DetectorSettings` 中增加 `agentBridgeEnabled` 运行时字段，`DEFAULT_SETTINGS` 和 `normalizeSettings` 的缺省值必须为 `false`；测试覆盖旧 sync 设置对象、非法类型和显式 `true` 三种输入，并确认 sync payload 中如果误带 `agentBridgeEnabled: true` 也不会自动开启，因为真实生效来源是 local opt-in。
+- Historical item: 写测试确认 `StartAgentCaptureMessage` 不允许 `bridgeToken` 字段，profile transfer messages 不允许 profile wrapper 字段。
+- Historical item: `tests/helpers/load-ts-module.mjs` 提供 `loadTsModule(path)`，用 `typescript.transpileModule` 编译 TS，并把 `@/foo` alias 改写为测试可 import 的 `src/foo` 相对路径；对有运行时 import 的模块编译到系统临时目录或仓库已忽略的 `tmp/compiled-tests/` 再用 file URL import，避免 data URL 相对 import 失败且不产生未跟踪测试产物。
+- Historical item: 定义 `bridgeProtocolVersion = 1`，并写入 request/status/profile 类型。
+- Historical item: 定义协议标识符常量和 validator：`apiToken`、`bridgeToken`、`captureId`、`sessionId`、`nonce`、`profileTransferId`、`cspNonce` 的 regex、长度、前缀必须与 Protocol identifier contract 一致，并导出给 bridge 脚本、插件 handshake 和测试复用。
+- Historical item: 新增 `tests/fixtures/bridge-protocol-identifiers.json`，覆盖每类标识符至少 2 个合法样例和非法样例：错误前缀、长度不足/过长、`+`、`/`、`=`、空白、Unicode、percent-encoded slash、点段、大小写错误、query 分隔符、空值。测试必须证明文档中的脱敏占位 `spb_xxx`、`spbt_xxx`、`cap_20260521_abcdef`、`s_xxx`、`n_xxx` 不会被 validator 接受。
+- Historical item: 写测试确认 schema 常量为 `stackprism.site_experience_profile.v1`。
+- Historical item: 写测试确认 `AgentBridgeCapabilities` 包含所有第一版必需 capability，且 `SiteExperienceProfile.browserContext.extensionCapabilities` 使用同一类型。
+- Historical item: 写测试确认 request 类型包含 `allowPrivateNetworkTarget`，默认值由 bridge 脚本处理；Task 1 不测试 DNS/private-network 行为，避免在 bridge 实现前写不可运行的测试。
+- Historical item: 写测试确认 error code 枚举至少包含：`NOT_FOUND`、`METHOD_NOT_ALLOWED`、`UNAUTHORIZED`、`FORBIDDEN`、`ORIGIN_NOT_ALLOWED`、`UNSUPPORTED_MEDIA_TYPE`、`UNSUPPORTED_TRANSFER_ENCODING`、`INVALID_JSON`、`INVALID_REQUEST`、`REQUEST_TOO_LARGE`、`REQUEST_TIMEOUT`、`SERVER_BUSY`、`STALE_STATUS_UPDATE`、`PORT_IN_USE`、`BRIDGE_INVALID_ENV`、`BRIDGE_START_TIMEOUT`、`BRIDGE_READY_PARSE_FAILED`、`BRIDGE_PROTOCOL_UNSUPPORTED`、`BRIDGE_REQUEST_MISMATCH`、`AGENT_BRIDGE_DISABLED`、`CAPTURE_BUSY`、`CAPTURE_TIMEOUT`、`EXTENSION_NOT_CONNECTED`、`BROWSER_OPEN_FAILED`、`BRIDGE_TOKEN_CANNOT_READ_PROFILE`、`PRIVATE_NETWORK_TARGET_BLOCKED`、`TARGET_DNS_LOOKUP_FAILED`、`BRIDGE_SELF_TARGET_BLOCKED`、`FINAL_URL_BLOCKED`、`ACTIVE_TAB_UNAVAILABLE`、`ACTIVE_TAB_MISMATCH`、`INCOGNITO_NOT_SUPPORTED`、`TARGET_LOAD_TIMEOUT`、`TARGET_LOAD_FAILED`、`TARGET_INJECTION_FAILED`、`TARGET_TAB_CLOSED`、`BRIDGE_TAB_CLOSED`、`TARGET_NAVIGATED_AWAY`、`SERVICE_WORKER_RESTARTED`、`BRIDGE_TRANSPORT_DISCONNECTED`、`PROFILE_TRANSPORT_FAILED`、`PROFILE_CHUNK_MISSING`、`PROFILE_HASH_MISMATCH`、`PROFILE_TOO_LARGE`、`RATE_LIMITED`、`NONCE_REUSED`、`CAPTURE_ALREADY_COMPLETED`、`CAPTURE_RESULT_EXPIRED`、`NOT_SUPPORTED`。重复 header、歧义 `Content-Length`/`Transfer-Encoding`、非法 request target 和非法 path/query 都复用 `INVALID_REQUEST`，不得新增一套不一致错误码。
+- Historical item: 验证：`pnpm run test:unit` 通过。
+- Historical item: 验证：`pnpm run typecheck` 通过，确认新增协议类型、测试 helper 和 schema 常量可编译并可打包。
+- Historical item: Commit: `feat: define agent bridge profile contract`
+
+### Task 2: 实现 profile builder
+
+**Files:**
+
+- Create: `src/utils/site-experience-profile.ts`
+- Modify: `src/background/headers.ts`
+- Modify: `tests/site-experience-profile.test.mjs`
+
+- Historical item: 从现有 popup/raw 数据构造 `techProfile` 和 `assetProfile`。
+- Historical item: 增加 `limitations` 与 `agentGuidance` 默认规则。
+- Historical item: 对 cookie、authorization、set-cookie、token-like 字段做脱敏。
+- Historical item: 扩展 `src/background/headers.ts` 的响应头脱敏：`set-cookie` 保留 cookie name 摘要，`cookie`、`authorization`、`proxy-authorization`、`x-api-key`、token-like header 值统一脱敏；测试覆盖 `headers`、`allHeaders`、profile evidence 不泄露原值。
+- Historical item: 对资源 URL 的 hash 和敏感 query 参数做脱敏；profile 不输出完整签名 URL、带 token 的图片/字体/脚本 URL。
+- Historical item: 对 UX 文本摘要执行 email、手机号、长数字 ID、金额和疑似姓名脱敏。
+- Historical item: 对 viewport 输出增加 `viewportMode`，无法多视口采集时显式写入 limitation。
+- Historical item: 对 `captureScreenshotMetadata` 输出增加明确分支：`true` 时只允许输出视口尺寸、关键元素 bounding box 和 above-fold 摘要；`false` 时不输出 bounding box / above-fold 细节。截图图像由 `captureScreenshot` 单独控制，默认不输出。
+- Historical item: 对 passive interaction、cross-origin iframe、closed shadow root 和不可访问 stylesheet 写入 limitations。
+- Historical item: 对截断结果写入 `evidence.truncation` 和对应 limitation，至少包含资源 URL、文本摘要、组件样本和 CSS rule 样本的 omitted count。
+- Historical item: profile builder 必须从 agent capture context 接收 `AgentBridgeCapabilities`，并原样写入 `browserContext.extensionCapabilities`；不得在 builder 内重新推断 capability。
+- Historical item: 验证空检测、低置信检测、完整 raw 检测三种输入。
+- Historical item: 验证：`pnpm run test:unit` 通过。
+- Historical item: 验证：`pnpm run typecheck` 通过，确认 profile builder 的 TypeScript 类型和扩展打包链路没有被破坏。
+- Historical item: Commit: `feat: build site experience profile payload`
+
+### Task 3: 实现体验采集脚本
+
+**Files:**
+
+- Create: `src/injected/experience-profiler.ts`
+- Create: `tests/experience-profile-format.test.mjs`
+- Create: `tests/agent-bridge-manifest.test.mjs`
+- Create: `tests/fixtures/site-experience-fixture.html`
+- Modify: `build-scripts/build-injected.mjs`
+- Modify: `vite.injected.config.ts`
+- Modify: `src/manifest.config.ts`
+
+- Historical item: 采集 computed style token：颜色、字体、字号、行高、间距、圆角、阴影。
+- Historical item: 采集 layout landmarks：header/nav/main/footer/aside/hero/above-fold。
+- Historical item: 采集 component inventory：button/input/card/nav/tab/modal/table/list/badge。
+- Historical item: 采集 interaction tokens：transition、animation、sticky/fixed、focus/hover 可观察线索。
+- Historical item: 标记同源 iframe、跨源 iframe、open shadow root、closed shadow root 的可采集边界。
+- Historical item: 输出稳定、限长、脱敏的 JSON，不包含可见文本全文。
+- Historical item: `src/injected/experience-profiler.ts` 必须 `export default` 一个 JSON-serializable result 或 Promise；构建后的 `public/injected/experience-profiler.iife.js` 末尾必须追加 `__StackPrismInjected_experience_profiler__;`，确保 `chrome.scripting.executeScript({ files })` 的 `injection[0].result` 非空。
+- Historical item: 设置明确采集上限，例如最大 DOM 节点数、最大组件样本数、最大文本样本数、最大 CSS rule 数和最大资源 URL 数；超过上限时只返回截断摘要和 omitted count，不让 profile 超过 bridge 的 8 MB 上限。
+- Historical item: 设置 `experience-profiler` 注入脚本返回值上限，例如返回给 `chrome.scripting.executeScript` 的 JSON 字符串不超过 2 MB；超过上限时在注入脚本内部先截断样本、写入 `evidence.truncation.executeScriptResult` 和对应 limitation，不允许等到 background 收到超大 executeScript result 或扩展消息传输时才失败。
+- Historical item: 在 `vite.injected.config.ts` 的 `ENTRIES` 加入 `experience-profiler`，并在 `build-scripts/build-injected.mjs` 的 `entries` 数组加入同名项。
+- Historical item: `src/manifest.config.ts` 的 `web_accessible_resources` 使用最小暴露面；默认不暴露 `injected/experience-profiler.iife.js`。如果实现确实需要暴露，必须把它拆成独立条目、使用最小 `matches`，并在 `docs/dev/agent-bridge.md` 说明为什么不能只用 `chrome.scripting.executeScript({ files })`。
+- Historical item: `tests/agent-bridge-manifest.test.mjs` 验证 bridge content script 只匹配 `http://127.0.0.1/*`，普通 observer 仍是第一个 content script，未新增 `chrome.windows` 或其他无关权限，未配置 `externally_connectable`，且 `experience-profiler.iife.js` 默认不在 `web_accessible_resources` 中；若实现选择暴露，则测试必须验证独立条目和最小 match。
+- Historical item: `tests/experience-profile-format.test.mjs` 验证构建后的 profiler IIFE 文本包含 `__StackPrismInjected_experience_profiler__;`，并验证 profiler 默认导出形状可被结构化克隆为 executeScript result。
+- Historical item: 新增 `tests/fixtures/site-experience-fixture.html`，用固定 DOM/CSS 覆盖颜色、字体、布局、组件、transition 和敏感文本脱敏样本。
+- Historical item: 运行 `pnpm exec prettier --check build-scripts/build-injected.mjs vite.injected.config.ts tests/experience-profile-format.test.mjs tests/agent-bridge-manifest.test.mjs tests/fixtures/site-experience-fixture.html`，因为 `pnpm run lint` 只覆盖 `src`，不会检查 build script、Vite injected config 和测试 fixture。
+- Historical item: 验证：`pnpm run build:injected` 产出 `public/injected/experience-profiler.iife.js`。
+- Historical item: 验证：`pnpm run test:unit` 通过；该步骤必须在 `pnpm run build:injected` 之后执行，因为 `tests/experience-profile-format.test.mjs` 会读取 ignored 构建产物 `public/injected/experience-profiler.iife.js`。
+- Historical item: 验证：`pnpm run typecheck` 通过，确认 injected entry、manifest config 和扩展构建链路一致。
+- Historical item: Commit: `feat: collect visual and ux experience signals`
+
+### Task 4: 实现 bridge content script 握手
+
+**Files:**
+
+- Create: `src/content/agent-bridge-client.ts`
+- Modify: `src/manifest.config.ts`
+- Modify: `src/background/content-injector.ts`
+- Modify: `src/utils/page-support.ts`
+- Modify: `src/content/content-observer.ts`
+- Modify: `src/types/messages.ts`
+- Modify: `src/background/message-router.ts`
+
+- Historical item: content script 只在 loopback bridge 页面激活。
+- Historical item: 在 `src/manifest.config.ts` 中保持普通 `content-observer.ts` 为第一个 content script，或同步修改 `content-injector.ts` 通过文件名查找 observer；验证主动注入不会误注入 `agent-bridge-client.ts`。
+- Historical item: 对非 `/bridge` path 或缺少 `stackprism-agent-bridge` meta 的 loopback 页面立即 return，不读取 DOM 详情、不发消息、不发请求。
+- Historical item: 解析 `session`、`capture`、`nonce` 和 HTML 内嵌 `bridgeToken`，校验 URL path 为 `/bridge`。
+- Historical item: 从 `#stackprism-agent-bridge-config[type="application/json"]` 解析 `bridgeToken`，不得依赖页面 JS 全局变量。
+- Historical item: 解析 `capture` 和 `nonce`，从 bridge 拉取 `GET /v1/captures/{id}/request`。
+- Historical item: 校验 `GET /v1/captures/{id}/request` 返回的 `captureId`、`sessionId`、`nonce` 和 `protocolVersion` 与当前 bridge 页面 config 完全一致；不一致时同源 POST `failed` 和 `BRIDGE_REQUEST_MISMATCH`，不得向 background 发送 `START_AGENT_CAPTURE`。
+- Historical item: 握手后同源 POST `waiting_extension` / `running` / `failed` 状态到 `POST /v1/captures/{id}/status`。
+- Historical item: bridge content script 为每个 status POST 维护单调递增 `sequence`，并只发送定义过的 phase；background 发来的 late phase 不得倒退覆盖 bridge server 中较新的 phase。
+- Historical item: 运行期间轮询 `GET /v1/captures/{id}/control`；收到 `cancel` 后通知 background 取消。
+- Historical item: bridge content script 校验 bridge 页面 config 的 `protocolVersion`；不等于插件 `bridgeProtocolVersion` 时同源 POST `failed` / `BRIDGE_PROTOCOL_UNSUPPORTED`，不得向 background 发送 `START_AGENT_CAPTURE`。
+- Historical item: background 必须在 `AGENT_BRIDGE_HELLO` 时绑定 `sender.tab.id`、`sender.tab.windowId`、bridge origin、session、capture 和 nonce；后续 `AGENT_CAPTURE_*` 消息必须同时匹配 sender tab id 与 bridge URL，不能只信任 message body 或只校验 URL。
+- Historical item: 向 background 发送 `AGENT_BRIDGE_HELLO`。
+- Historical item: background 必须拒绝来自非 loopback `/bridge` URL、缺少 tab/window id、或 message body 中 session/capture/nonce 与 `sender.url` query 不一致的 `AGENT_BRIDGE_HELLO`，返回结构化 `INVALID_REQUEST`；若同一 tab 已登记 bridge session，则还必须拒绝与既有登记不一致的重复 hello。单元测试覆盖伪造 sender URL、伪造 tab id 和重复 hello mismatch。
+- Historical item: background 返回插件版本、`protocolVersion`、`AgentBridgeCapabilities` 和握手状态；缺少第一版必需 capability 时返回 `NOT_SUPPORTED`，并让 bridge content script 同源 POST failed status。
+- Historical item: background 必须在 `AGENT_BRIDGE_HELLO` 时只从 `chrome.storage.local` 读取 `AGENT_BRIDGE_ENABLED_STORAGE_KEY` / `agentBridgeEnabled`；未开启时返回 `AGENT_BRIDGE_DISABLED`，bridge content script 同源 POST failed status，且 background 不登记 capture、不打开目标 tab、不发送 `START_AGENT_CAPTURE`。单元测试必须证明 `chrome.storage.sync` 里的旧 `agentBridgeEnabled: true` 不会让握手通过。
+- Historical item: capability 校验通过后，bridge content script 发送 `START_AGENT_CAPTURE`，payload 只包含 `captureId`、`sessionId`、`nonce`、`bridgeOrigin`、规范化 capture request 和 capabilities；不得把 `bridgeToken` 传给 background。
+- Historical item: bridge content script 保持与 background 的 `runtime.Port` 或等效消息通道，用于接收 profile payload 并执行同源 POST。
+- Historical item: 如果使用 `runtime.Port`，必须在 `src/background/message-router.ts` 或 agent capture 模块注册 `chrome.runtime.onConnect`，校验 `port.name`、`sender.tab.id`、`sender.tab.windowId`、`sender.url`、session、capture 和 nonce；未知 port name、非 bridge sender、重复 port、跨 capture port 或 sender 与登记 bridge tab 不一致时必须断开并返回结构化失败，不能退回普通 onMessage 路径。
+- Historical item: bridge content script 实现 `AGENT_PROFILE_TRANSFER_BEGIN`、`AGENT_PROFILE_TRANSFER_CHUNK`、`AGENT_PROFILE_TRANSFER_COMPLETE` 和 `AGENT_PROFILE_TRANSFER_ACK`：逐片 ack、校验 transfer message 的 `captureId`、`sessionId`、`nonce` 与本页 bridge config 一致，按 `profileTransferId` 重组，校验 `payloadBase64`、`byteLength`、UTF-8/JSON decode 和 `sha256`，再同源 POST 原始 `SiteExperienceProfile` JSON。
+- Historical item: bridge content script 同源 POST status/profile 时必须设置 `Content-Type: application/json` 和 `Authorization: Bearer {bridgeToken}`；缺任一 header 都应在单元测试中触发 bridge server 的 `UNSUPPORTED_MEDIA_TYPE` 或 `UNAUTHORIZED`。
+- Historical item: 分片传输失败必须同源 POST 结构化失败状态：缺片或超时为 `PROFILE_CHUNK_MISSING`，hash 不匹配为 `PROFILE_HASH_MISMATCH`，其他传输失败为 `PROFILE_TRANSPORT_FAILED`；不能让 Agent 只等到 capture timeout。
+- Historical item: profile POST 成功或失败都必须回传给 background；断连时 background 标记 `BRIDGE_TRANSPORT_DISCONNECTED`。
+- Historical item: `runtime.Port` 的 `onDisconnect` 发生在 capture 未结束时，bridge content script 必须用同源 `POST /v1/captures/{id}/status` 上报 `BRIDGE_TRANSPORT_DISCONNECTED`；background 重启恢复后也必须通过 `bridgeTabId` 通知 bridge content script 上报 `SERVICE_WORKER_RESTARTED` 或 `BRIDGE_TRANSPORT_DISCONNECTED`。
+- Historical item: bridge 页面没有 token 时返回显式错误，不静默成功。
+- Historical item: bridge 页面不触发普通 `content-observer` 和 badge 更新。
+- Historical item: 验证：`pnpm run build:injected` 通过；Task 3 已新增读取 `public/injected/*.iife.js` 的单元测试，后续全量 `test:unit` 在干净 checkout 中必须先生成 ignored injected 产物。
+- Historical item: 验证：`pnpm run test:unit` 通过。
+- Historical item: 验证：`pnpm run typecheck` 通过，确认 content script、manifest 和 message union 可编译并可打包。
+- Historical item: Task 4 阶段不得要求真实 bridge server 浏览器握手 smoke；JS bridge server 在 Task 6 才实现，真实握手与 DevTools 观察统一放到 Task 10。
+- Historical item: Commit: `feat: add local bridge handshake`
+
+### Task 5: 实现 background capture 编排
+
+**Files:**
+
+- Create: `src/background/agent-capture.ts`
+- Create: `src/background/agent-capture-state.ts`
+- Create: `src/background/agent-bridge-tabs.ts`
+- Create: `src/background/active-tab-tracker.ts`
+- Create: `tests/agent-capture-orchestration.test.mjs`
+- Modify: `src/background/index.ts`
+- Modify: `src/background/message-router.ts`
+- Modify: `src/background/detection.ts`
+- Modify: `src/background/tab-store.ts`
+- Modify: `src/background/dynamic-snapshot.ts`
+- Modify: `src/background/bundle-license.ts`
+- Modify: `src/background/popup-cache.ts`
+
+- Historical item: `START_AGENT_CAPTURE` 校验 URL、session/capture/nonce 绑定、include、viewports；background 不接收、不读取、不持久化 `bridgeToken`。
+- Historical item: `START_AGENT_CAPTURE` 二次校验 `agentBridgeEnabled`，避免设置页关闭后已有 bridge tab 继续发起采集；关闭后返回 `AGENT_BRIDGE_DISABLED`，并清理 bridge session。
+- Historical item: `START_AGENT_CAPTURE` payload 必须来自已登记 bridge tab 的 content script；background 必须拒绝含 `bridgeToken`、callback URL 或 profile wrapper 的 payload，返回 `INVALID_REQUEST`。
+- Historical item: `START_AGENT_CAPTURE` 校验 `options.forceRefresh`、`options.captureScreenshotMetadata`、`options.captureScreenshot`、`options.targetMode`、`options.keepTabOpen`、`options.allowPrivateNetworkTarget` 和 `options.maxResourceUrls`；未知字段必须返回 `INVALID_REQUEST`，不能静默忽略。
+- Historical item: capture 开始前检查 `chrome.storage.session` 可用；不可用时返回 `NOT_SUPPORTED` 和 `details.missingCapability = "storageSession"`，不得退回普通内存状态。
+- Historical item: 不得把 `chrome.storage.session` access level 放宽给 content script；若实现显式设置 access level，必须设置为 `TRUSTED_CONTEXTS`。单元测试必须断言没有调用 `setAccessLevel({ accessLevel: "TRUSTED_AND_UNTRUSTED_CONTEXTS" })`，并断言 content script 只能通过 runtime message/Port 访问 agent capture 状态。
+- Historical item: `src/background/active-tab-tracker.ts` 记录每个 window 最近的非 bridge active tab；bridge tab 激活时不能覆盖该记录；记录写入 `chrome.storage.session`，service worker 重启后仍可读取。
+- Historical item: `src/background/agent-bridge-tabs.ts` 提供 bridge tab/request registry；bridge tab、bridge 页面请求和 bridge API fetch 不得进入普通 `webRequest` header merge、`webNavigation` throttle reset、tab-store、popup-cache、badge 或 dynamic snapshot 流程。
+- Historical item: agent capture 的 deadline 必须使用持久化绝对时间，而不是只依赖 background 内存 timer。`agent-capture-state` 必须记录全局 capture deadline、cancel deadline 和 profile transfer deadline；所有事件入口和 service worker 模块初始化都必须调用同一个 deadline reconciliation helper，把过期 capture 标记为结构化失败或取消并清理自己创建的目标 tab。
+- Historical item: `src/background/message-router.ts` 对所有会读写 tab 数据的普通消息增加 sender/tab 校验和 bridge tab guard；bridge tab 发来的普通检测、动态快照、popup/raw/header 查询或后台检测消息必须拒绝或返回 unsupported，不能读写目标站点缓存，也不能用 message body 中的 `tabId` 操作其他 tab。
+- Historical item: 普通 runtime message 的 sender 校验必须保留 popup/options 正常能力：`sender.tab` 存在时按 content script 处理并要求 `sender.tab.id === tabId`；`sender.tab` 缺失但 `sender.url` 是本扩展 popup/options 页面时，只允许读取当前用户选择的普通 tab，且必须拒绝 bridge tab、incognito tab 和无权限 tab。单元测试覆盖 popup 正常读取、content script 伪造其他 tabId 被拒绝、bridge tab 查询被拒绝。
+- Historical item: background、content script 和 agent capture 模块的 console/debug 日志统一走 redaction helper；禁止打印完整 bridge URL query、nonce、token、Authorization header、profile body 和目标 URL 敏感 query。现有 `console.log(... url ...)` 触碰 bridge URL 或 target final URL 时必须改为 redacted URL。
+- Historical item: `targetMode = "active_tab"` 从 active-tab-tracker 读取 bridge tab 同窗口的上一张非 bridge active tab；缺失时返回 `ACTIVE_TAB_UNAVAILABLE`，URL 不匹配时返回 `ACTIVE_TAB_MISMATCH`。
+- Historical item: bridge tab 或目标 tab 的 `incognito` 为 true 时返回 `INCOGNITO_NOT_SUPPORTED`，并清理当前 capture；第一版不得跨普通窗口和隐身窗口传递状态。
+- Historical item: `reuse_or_new_tab` 和 `active_tab` 的 URL 匹配使用统一 helper：protocol/hostname 小写、默认端口折叠、fragment 丢弃、path 空值归一到 `/`，比较完整 URL（不含 hash，包含 query）。同 path 但 query 不同不得复用已有 tab；`active_tab` 场景必须返回 `ACTIVE_TAB_MISMATCH`。
+- Historical item: 监听 `chrome.webNavigation.onErrorOccurred` 的目标 tab main frame；加载失败时上报 `TARGET_LOAD_FAILED`，停止采集并清理自己创建的目标 tab，不得把浏览器错误页当目标站点 profile。
+- Historical item: 等待目标 tab `status === "complete"` 后，先通过 bridge content script 写入 `running/target_loaded` 和 `finalUrl`；bridge 接受 final URL 后才运行主动检测和 experience profiler。bridge 返回 `FINAL_URL_BLOCKED` 或 `BRIDGE_SELF_TARGET_BLOCKED` 时必须停止采集并清理自己创建的目标 tab。
+- Historical item: final URL 通过后再运行主动检测；agent capture 必须使用 `force: true` 或专用内部函数绕过 `DETECTION_THROTTLE_MS`，并在检测后等待 `waitMs` 收集动态资源；超时返回 `TARGET_LOAD_TIMEOUT`。
+- Historical item: 捕获 `chrome.scripting.executeScript` promise rejection 和 `chrome.runtime.lastError`；注入 content observer、page detector 或 experience profiler 任一步失败时返回 `TARGET_INJECTION_FAILED`，`details` 只记录脱敏原因类别，不包含完整 URL、token 或浏览器原始错误全文。
+- Historical item: 执行 `maxConcurrentCaptures = 1`，忙时返回 `CAPTURE_BUSY`。
+- Historical item: 打开或复用目标 tab；新建目标 tab 必须 `active: false`，记录 `createdByCapture`，触发现有技术检测。
+- Historical item: 在 `src/background/tab-store.ts` 中增加明确的 agent capture 清理入口，采集前清理目标 tab 的 tab data 与 popup cache。
+- Historical item: 在 `src/background/dynamic-snapshot.ts` 中导出 `clearDynamicSnapshotState(tabId)` 或等效函数，清理 `pendingDynamicSnapshots` 与 `dynamicSnapshotTimers`。
+- Historical item: 在 `src/background/bundle-license.ts` 复用现有 `clearBundleLicenseTimer(tabId)`；如当前函数未导出，则导出并由 agent capture cleanup 调用。
+- Historical item: 实现 `forceRefresh`：采集前统一调用 tab-store、popup cache、dynamic snapshot、bundle timer、detection throttle 的清理入口，避免复用旧页面缓存污染 profile。
+- Historical item: 从 `detection.ts` 拆出 agent capture 专用的检测函数；该函数必须返回检测完成信号和错误，不得使用现有 catch 后静默 return 的 `runActivePageDetection` 作为唯一结果来源。
+- Historical item: 注入 `experience-profiler.iife.js` 采集视觉/UI/UX 数据。
+- Historical item: 按 `include` 决定是否运行技术检测、experience profiler 和资源采样；未请求 section 返回空对象并在 `limitations` 写入 `section_not_requested`。
+- Historical item: 第一版不新增 `chrome.windows` 权限，不调整窗口尺寸；所有多视口请求都写入 `viewportMode = "current_viewport"` 和 limitation。
+- Historical item: 合并 popup/raw 数据与体验数据，调用 profile builder。
+- Historical item: 从 `popup-cache.ts` 导出 agent capture 需要的 raw/display 构建辅助函数，避免绕过现有去重、过滤和链接补全逻辑。
+- Historical item: 将 profile payload 通过 profile chunk transport 发给 bridge content script，由其重组、校验 sha256 后同源 POST 回 bridge callback endpoint；background 直连 localhost 只允许作为后续显式 CORS fallback，不在第一版默认路径。
+- Historical item: background 发送 profile 分片时必须把原始 `SiteExperienceProfile` 序列化为 UTF-8 JSON bytes，计算 sha256，再把每片 bytes 编码为 `payloadBase64`；单片 raw payload 不超过 `384 * 1024` bytes，并等待每片 ack；ack 超时、content script 返回失败或 transfer complete 未确认时，必须上报 `PROFILE_TRANSPORT_FAILED`，不得把 capture 标记为 completed。
+- Historical item: capture 完成、失败、取消或过期时，关闭插件自己创建且 `keepTabOpen = false` 的目标 tab。
+- Historical item: 监听目标 tab 或 bridge tab 关闭/导航；分别返回 `TARGET_TAB_CLOSED`、`BRIDGE_TAB_CLOSED` 或 `TARGET_NAVIGATED_AWAY`，并清理 capture 状态。
+- Historical item: capture 状态写入 `chrome.storage.session`，最小字段包含 `captureId`、`sessionId`、`nonce`、`bridgeOrigin`、`bridgeUrl`、`bridgeTabId`、`bridgeWindowId`、`targetTabId`、`targetWindowId`、`targetUrl`、`finalUrl`、`targetMode`、`createdByCapture`、`keepTabOpen`、`phase`、`status`、`startedAt`、`updatedAt`、`error`；不得持久化 `bridgeToken` 或 `apiToken`。
+- Historical item: `agent-capture-state`、active-tab tracker 和普通 tab cache 使用不同 storage key 前缀；提供集中 helper 列出和清理 agent capture state。capture 终态、bridge tab 关闭、扩展启动恢复失败和 E2E 清理阶段都必须删除对应 capture state，避免后续 capture 误读旧 tab ownership。
+- Historical item: service worker 重启后读取 `agent-capture-state`：未完成 capture 标记为 `SERVICE_WORKER_RESTARTED`，通过 `bridgeTabId` 通知 bridge content script 同源 POST 失败状态，并按 `createdByCapture`/`keepTabOpen` 清理目标 tab。
+- Historical item: 浏览器完全退出、扩展 reload/update、用户禁用扩展或 `chrome.storage.session` 被清空后，不尝试恢复未完成 capture；恢复入口必须 fail closed，清理残留 state 和自己创建的 target tab，让 Agent 侧通过 bridge timeout/expired 或状态查询看到结构化失败。
+- Historical item: 错误路径必须回传结构化错误，不能吞异常。
+- Historical item: `tests/agent-capture-orchestration.test.mjs` 使用 fake chrome APIs 覆盖 target URL 不支持、检测超时、注入失败、目标 tab 导航走偏、bridge 不可达、active_tab 缺失/不匹配、incognito 拒绝、service worker restart cleanup、browser/extension reload fail-closed cleanup、deadline reconciliation、`keepTabOpen = false` 只关闭插件创建的目标 tab、`chrome.storage.session` 中不持久化 `bridgeToken`/`apiToken`，以及 `chrome.storage.session` access level 不暴露给 untrusted content scripts。
+- Historical item: `tests/agent-capture-orchestration.test.mjs` 必须覆盖 bridge tab/request/message 隔离：`tabs.onUpdated`、`webNavigation.onCommitted`、`webRequest.onHeadersReceived` 和 `runtime.onMessage` 收到 bridge tab 或 `/v1/captures/*` 请求时，不写入 tab-store、popup-cache、badge、dynamic snapshot 或 header records；bridge tab 伪造 `PAGE_DETECTION_RESULT`、`DYNAMIC_PAGE_SNAPSHOT` 或带其他 tabId 的 popup/header 查询必须被拒绝；popup/options 正常读取普通 tab 仍通过。
+- Historical item: `tests/agent-capture-orchestration.test.mjs` 必须覆盖扩展侧日志脱敏：bridge URL query、nonce、token、Authorization header、profile body 和目标 URL 敏感 query 不出现在 console/debug 输出中。
+- Historical item: 如果实现使用 `runtime.Port`，测试必须覆盖未知 port name、非 bridge sender、重复 port、跨 capture port、错误 `sender.url` 和错误 tab id 都会断开且不会启动 capture 或写入 profile。
+- Historical item: 验证：`pnpm run build:injected` 通过；Task 3 已新增读取 `public/injected/*.iife.js` 的单元测试，后续全量 `test:unit` 在干净 checkout 中必须先生成 ignored injected 产物。
+- Historical item: 验证：`pnpm run test:unit` 通过。
+- Historical item: 验证：`pnpm run typecheck` 通过。
+- Historical item: Commit: `feat: orchestrate agent site capture`
+
+### Task 6: 实现 JS bridge 脚本
+
+**Files:**
+
+- Create: `agent-skill/stackprism-site-experience/scripts/stackprism-bridge.mjs`
+- Create: `agent-skill/stackprism-site-experience/scripts/bridge/*.mjs`
+- Create: `tests/stackprism-bridge.test.mjs`
+- Create: `tests/fixtures/bridge-url-policy-cases.json`
+- Reuse: `tests/fixtures/bridge-protocol-identifiers.json`
+- Modify: `.gitignore`
+
+- Historical item: 使用 Node 标准库 `node:http`，不引入运行时依赖。
+- Historical item: `stackprism-bridge.mjs` 只保留 CLI guard、启动参数读取和 server lifecycle；HTTP routing、capture store、URL policy、DNS、body limit、browser open、redaction 和 error response 拆入 `scripts/bridge/*.mjs` helper，至少包含 `http-server.mjs`、`capture-store.mjs`、`url-policy.mjs`、`security.mjs` 和 `open-browser.mjs`，避免单文件超 300 行。
+- Historical item: 绑定 `127.0.0.1`，端口默认随机，支持环境变量 `STACKPRISM_BRIDGE_PORT`。
+- Historical item: 启动前校验环境变量：`STACKPRISM_BRIDGE_PORT` 未设置时才使用随机端口；设置后必须是 `1..65535` 的十进制整数；browser open 相关环境变量不得包含 NUL 字符。非法端口或 NUL 字符返回 `BRIDGE_INVALID_ENV`，非零退出，stdout 不输出 ready JSON，stderr 不泄露 token 或 bridge URL query；`STACKPRISM_BROWSER_OPEN_ARGS_JSON` 的非法 JSON/非数组/非字符串元素仍由打开浏览器步骤返回 `BROWSER_OPEN_FAILED`。
+- Historical item: 指定 `STACKPRISM_BRIDGE_PORT` 且端口被占用时，进程必须非零退出，stderr 输出脱敏 `PORT_IN_USE`，stdout 不输出 ready JSON。
+- Historical item: 启动成功后 stdout 只输出一行 JSON line，包含 `event`、`baseUrl`、`healthUrl`、`apiToken`、`protocolVersion`、`version`；其他日志写 stderr。ready JSON 必须在 server 已绑定且 endpoint 可接受请求后输出。
+- Historical item: 自动打开 bridge 页面：macOS 使用 `open`，Windows 使用 `rundll32.exe url.dll,FileProtocolHandler` 或等效非 shell API，Linux 使用 `xdg-open`；支持 `STACKPRISM_BROWSER_OPEN_COMMAND` 覆盖目标浏览器。不得默认使用 `cmd /c start`，除非测试证明 `?`、`&`、空格和引号不会被 shell 解释。
+- Historical item: 自动打开浏览器时不得把 bridge URL 拼进 shell 字符串；JS 使用 `spawn`/`execFile` 的参数数组，Python 使用 `subprocess` 参数数组或 `webbrowser` 安全 API。`STACKPRISM_BROWSER_OPEN_COMMAND` 第一版只表示可执行文件路径；如需额外参数，使用 JSON 数组环境变量 `STACKPRISM_BROWSER_OPEN_ARGS_JSON`，并把 bridge URL 作为最后一个独立参数。
+- Historical item: `STACKPRISM_BROWSER_OPEN_ARGS_JSON` 必须严格解析为字符串数组；非法 JSON、非数组或非字符串元素都返回 `BROWSER_OPEN_FAILED`，并在脱敏 `details.reason` 中标记 `invalid_open_args`。浏览器打开测试必须覆盖包含 `?`、`&`、空格和引号的 bridge URL 始终作为单个 argv 传入假命令，不能被 shell 拆分或解释。
+- Historical item: 支持测试环境变量 `STACKPRISM_BRIDGE_NO_OPEN=1` 禁止自动打开浏览器，避免单元测试弹出浏览器或依赖用户桌面环境；该模式下创建 capture 不得返回 `BROWSER_OPEN_FAILED`，而是返回 `queued` 和 `bridgeUrl`。
+- Historical item: `.gitignore` 加入 `agent-skill/**/scripts/**` 例外，并加入或确认 `__pycache__/`、`*.py[cod]` 仍被忽略；确认以下命令退出码为 1 且无输出：`git check-ignore -v --no-index agent-skill/stackprism-site-experience/scripts/stackprism-bridge.mjs agent-skill/stackprism-site-experience/scripts/bridge/http-server.mjs agent-skill/stackprism-site-experience/scripts/stackprism_bridge.py agent-skill/stackprism-site-experience/scripts/stackprism_bridge_lib/http_server.py`。该步骤必须在创建 JS/Python bridge 脚本前完成，否则 Task 6/7 的脚本会被根规则 `scripts/` 忽略并漏提交；使用 `--no-index`，避免已跟踪文件让 ignore 规则检查产生假阴性。
+- Historical item: 确认 `git check-ignore -v --no-index agent-skill/stackprism-site-experience/scripts/stackprism_bridge_lib/__pycache__/http_server.pyc` 有命中，避免 Python 编译验证留下未跟踪字节码。
+- Historical item: 实现统一 JSON 错误响应；所有失败返回 `{ "error": { "code", "message", "details" } }`，且 `details` 不含 token、完整 header、完整 URL query 或 profile 片段。
+- Historical item: 实现未知路径、错误方法、缺失 Bearer、token scope 不匹配、非 JSON content type、非 UTF-8 charset、非法 UTF-8 body 和 JSON parse failure 的固定错误响应：`NOT_FOUND`、`METHOD_NOT_ALLOWED`、`UNAUTHORIZED`、`FORBIDDEN`、`UNSUPPORTED_MEDIA_TYPE`、`INVALID_JSON`。
+- Historical item: 实现 `OPTIONS` preflight 拒绝：返回 `405 METHOD_NOT_ALLOWED` 或等效结构化错误，带正确 `Allow` 头，但不返回任何 `Access-Control-Allow-*` 头；测试覆盖跨站网页无法通过 preflight 获得授权。
+- Historical item: 实现 request target 和 path/query 规范化：只接受 origin-form path；拒绝 absolute-form、authority-form、percent-encoded slash/backslash、空 path segment、`..`、重复 query 字段和未知 query 字段；`captureId`、`sessionId`、`nonce` 只接受 Protocol identifier contract 定义的固定 ASCII regex 和长度。
+- Historical item: 拒绝重复或歧义请求头：重复 `Host`、`Authorization`、`Content-Type`、`Content-Length`，非法 `Content-Length`，`Content-Length` 与 `Transfer-Encoding` 同时出现，不以 `chunked` 结尾的 `Transfer-Encoding`，以及非 `identity` 的 `Content-Encoding`。
+- Historical item: 对状态、request、control、profile 和错误响应设置 `Cache-Control: no-store` 与 `X-Content-Type-Options: nosniff`；profile endpoint 额外设置 `Referrer-Policy: no-referrer`。
+- Historical item: 校验 capture request：`url`、`mode`、`waitMs`、`include`、`viewports`、`options.forceRefresh`、`options.captureScreenshotMetadata`、`options.captureScreenshot`、`options.targetMode`、`options.keepTabOpen`、`options.allowPrivateNetworkTarget`、`options.maxResourceUrls` 和未知字段；超出协议范围时返回 `400 INVALID_REQUEST`，不得创建 capture 或打开浏览器。
+- Historical item: 使用安全随机源生成 `apiToken`、`bridgeToken`、`sessionId`、capture `nonce`、`profileTransferId` 和 bridge 页面 CSP nonce；不得使用 `Math.random()`、时间戳或递增计数器生成安全边界值。
+- Historical item: token 校验必须走共享 helper：先做格式和长度检查，再使用固定时间比较或等效安全比较；失败路径只返回统一 `UNAUTHORIZED`/`FORBIDDEN`，不得在错误或日志中区分“前缀正确但后缀错误”等可被枚举的信息。
+- Historical item: `/bridge` URL 不包含 API token；HTML 内嵌一次性 `bridgeToken`，并设置 no-store、no-referrer、nosniff、`X-Frame-Options: DENY`、`Cross-Origin-Opener-Policy: same-origin`、`Permissions-Policy` 和不含 `unsafe-inline`、包含 `script-src 'nonce-{cspNonce}'`、`style-src 'nonce-{cspNonce}'`、`connect-src 'self'`、`frame-ancestors 'none'` 的 CSP。
+- Historical item: bridge config JSON script 也必须带本次响应的 `nonce`，测试覆盖 `<script id="stackprism-agent-bridge-config" type="application/json" nonce="...">` 存在，且所有 script/style nonce 与 CSP header 中的 nonce 一致。
+- Historical item: `/bridge` 响应使用 `Content-Type: text/html; charset=utf-8`，并在渲染 token 前执行 Host、request target、query schema 和来源导航校验；跨站 `Referer` 或 `Sec-Fetch-Site: cross-site` 必须返回 `ORIGIN_NOT_ALLOWED` 且不渲染 token。
+- Historical item: `/bridge` 渲染前校验 `session`、`capture`、`nonce`，校验失败不输出 `bridgeToken`。
+- Historical item: `/bridge` 首次成功渲染 token 时记录 `bridgeTokenRenderedAt`；同一 `/bridge?...nonce=...` 再次打开不得重新渲染 `bridgeToken`，即使 content script 尚未 claim，也只能返回无 token 状态页或 409。
+- Historical item: `bridgeToken` 首次成功读取 request 或写入 `waiting_extension` 后标记为 claimed；claimed 后同一 `/bridge?...nonce=...` 再次打开也不得重新渲染 `bridgeToken`。
+- Historical item: bridge HTML config 必须使用 script-safe JSON 转义，不反射 query 或错误文本到可执行 HTML；页面状态更新只能用 `textContent` 或等效安全 API，不能用 `innerHTML` 写入服务端返回的 message/details。
+- Historical item: `POST /v1/captures` 创建 capture 后立即尝试自动打开该 capture 的 bridge 页面；打开失败时返回 `BROWSER_OPEN_FAILED` 并把 capture 标记为 `failed`。
+- Historical item: 实现 `/health`、`/bridge`、`POST /v1/captures`、`GET /v1/captures/{id}`、`GET /v1/captures/{id}/request`、`GET /v1/captures/{id}/control`、`GET /v1/captures/{id}/profile`、`POST /v1/captures/{id}/status`、`POST /v1/captures/{id}/profile`、`DELETE /v1/captures/{id}`。
+- Historical item: 除 `/health` 和 `/bridge` 外，所有 endpoint 都校验 Bearer token；Agent endpoint 只接受 `apiToken`，插件 endpoint 只接受对应 capture 的 `bridgeToken`。
+- Historical item: `GET /v1/captures/{id}` 同时支持 `apiToken` 和同 capture 的 `bridgeToken`；`GET /v1/captures/{id}/profile` 只支持 `apiToken`，`bridgeToken` 必须返回 `BRIDGE_TOKEN_CANNOT_READ_PROFILE`。
+- Historical item: `GET /v1/captures/{id}/request` 只支持同 capture 的 `bridgeToken`，返回 `captureId`、`sessionId`、`nonce`、`protocolVersion` 和规范化 `request`，不得返回 `apiToken`、`bridgeToken`、profile body 或 callback URL；测试覆盖跨 capture token、response shape 和敏感字段缺失。
+- Historical item: 校验 Host 头，只接受当前 loopback host:port。
+- Historical item: 对非 profile JSON 请求 body 大小设限，例如 5 MB；超限返回 `413 REQUEST_TOO_LARGE`。
+- Historical item: 对 `POST /v1/captures/{id}/profile` 使用独立 8 MB 上限；超限返回 `PROFILE_TOO_LARGE`，并要求插件先做 truncation。共享 body reader 必须按 endpoint 传入 limit，避免先被 5 MB 通用限制截断而拿不到 profile 专用错误码。
+- Historical item: 实现 HTTP resource policy：限制打开连接数、设置 headers/body/keep-alive timeout、逐块累计 body 字节并在超限时停止读取、按协议处理或拒绝 chunked body、SIGINT/SIGTERM/stdin EOF 时关闭 server 和 timer。
+- Historical item: 实现基础 rate limit：capture 创建每分钟最多 10 次，状态/profile 查询每分钟最多 120 次，超限返回 `RATE_LIMITED`。
+- Historical item: 将 URL 归一化、bridge origin 自捕获判断、credential/protocol 校验和 private-network 判断拆成可导出的纯 helper；helper 接收 resolver 参数，生产 resolver 使用 `node:dns`，单元测试使用 `tests/fixtures/bridge-url-policy-cases.json` 注入的假 resolver。
+- Historical item: 生产 DNS resolver 设置 2 秒超时，并把解析超时、NXDOMAIN、SERVFAIL、空结果和任一私网答案按 Target policy 的 fail-closed 语义映射为结构化错误。
+- Historical item: 使用生产 resolver 解析目标 hostname，并把解析到 private/loopback/link-local 地址的目标按 `PRIVATE_NETWORK_TARGET_BLOCKED` 拒绝，除非显式开启 `allowPrivateNetworkTarget`。
+- Historical item: 即使 `allowPrivateNetworkTarget = true`，目标 URL 指向当前 bridge server origin 时也返回 `BRIDGE_SELF_TARGET_BLOCKED`。
+- Historical item: 对插件上报的 final URL 执行同一套 URL 和 DNS 校验；失败时把 capture 标记为 `FINAL_URL_BLOCKED`。
+- Historical item: `POST /v1/captures/{id}/status` 收到 `phase = "target_loaded"` 时必须校验 `finalUrl`；失败时直接返回 `409`，让插件在主动检测和 profiler 前中止。
+- Historical item: 实现 status phase 和 sequence 规则：只接受定义过的 phase，只接受递增 sequence，终态不可被 late status 覆盖，倒序或重复 status 返回 `409 STALE_STATUS_UPDATE`。
+- Historical item: `tests/stackprism-bridge.test.mjs` 必须读取 `tests/fixtures/bridge-protocol-identifiers.json`，确认 JS bridge 的 token/id 生成器只生成合法值，路由/query/Bearer validator 拒绝所有非法样例，且错误响应不暴露 token 正确前缀、错误位置或相似度。
+- Historical item: 新增 `tests/fixtures/bridge-url-policy-cases.json`，覆盖 `127.0.0.1`、`localhost`、`192.168.0.1`、`10.0.0.1`、`172.16.0.1`、`169.254.0.1`、`::1`、`fc00::/7`、`fe80::/10`、公网页面、credential URL、fragment 丢弃、hostname 解析到私网地址、默认端口折叠、host 大小写归一、query 完全相同时可匹配、query 不同时不可复用 tab、以及目标指向 bridge server origin 的场景。
+- Historical item: capture 默认 60 秒过期。
+- Historical item: capture store/timer 模块必须支持测试注入 clock/timer 或测试专用短时配置；生产默认仍使用 30 秒握手超时、60 秒全局超时、10 秒取消超时和 10 分钟 completed TTL。单元测试不得真实等待 30 秒、60 秒或 10 分钟。
+- Historical item: `queued` 或 `waiting_extension` 30 秒无握手时标记 `EXTENSION_NOT_CONNECTED`；completed profile 保留 10 分钟后转为 `expired`、清除 profile body，并让 profile endpoint 返回 `CAPTURE_RESULT_EXPIRED`。
+- Historical item: running capture 超过 60 秒时标记 `CAPTURE_TIMEOUT`，control endpoint 返回 `cancel`，late status/profile 不得覆盖该失败终态。
+- Historical item: `DELETE /v1/captures/{id}` 只允许 `queued`、`waiting_extension`、`running` 转为 `cancel_requested`，control endpoint 返回 `cancel`，插件确认后进入 `cancelled`；不能在 DELETE 时立刻删除 capture。`cancel_requested` 超过 10 秒无确认时转为 `cancelled` 并拒绝 late status 覆盖；对 `completed`、`failed`、`cancelled`、`expired` 调用 DELETE 必须返回 `409` 和当前终态。
+- Historical item: 默认不返回 `Access-Control-Allow-Origin: *`；profile 回传测试覆盖 bridge content script 同源 POST 路径。
+- Historical item: 对敏感 endpoint 校验 `Origin`、`Referer` 和 `Sec-Fetch-Site`：无这些浏览器头的 Agent/curl 请求允许继续走 Bearer 校验；同 origin bridge 页面请求允许；跨站 `Origin`、跨站 `Referer` 或 `Sec-Fetch-Site: cross-site` 返回 `403 ORIGIN_NOT_ALLOWED` 且不返回 CORS 允许头。
+- Historical item: 测试恶意网页式 preflight 和 no-cors/simple request：`OPTIONS` 不能拿到 CORS 允许头；无 Bearer 或非 JSON content type 的请求被拒绝；带跨站 `Origin`/Fetch Metadata 的请求被 `ORIGIN_NOT_ALLOWED` 拒绝；bridge API 不因浏览器跨站请求创建 capture。
+- Historical item: 测试 API 状态流、统一错误响应、所有 JSON endpoint 的 `Content-Type: application/json; charset=utf-8`、`/bridge` 的 `Content-Type: text/html; charset=utf-8`、不支持 method 的 `Allow` 头、request validation、未知字段拒绝、method/auth/content-type/Host/Origin 错误、非法 request target、非法 path/query、重复或歧义 header、非 UTF-8 charset、非法 UTF-8 JSON body、`OPTIONS` preflight 拒绝且无 `Access-Control-Allow-*` 头、token-bearing response 的 no-store/nosniff/referrer-policy、请求超时/超大 body/连接数限制/chunked body 策略、status phase/sequence 拒绝、token 校验、安全随机 helper 不使用 `Math.random()`、bridge CSP 不含 `unsafe-inline` 且含 nonce、JSON config script 带 nonce、bridgeToken 同 capture 状态读取、bridgeToken 不能读 profile、bridgeToken 首次 render 后 `/bridge` 不再泄露 token、bridgeToken claimed 后 `/bridge` 不再泄露 token、bridge HTML script-safe 转义、`target_loaded` final URL 拒绝、status 回写、control 取消、cancel 超时、terminal DELETE 返回 409、running capture 全局超时、profile 回写、profile wrapper/schema/captureId mismatch 拒绝、重复 profile 回写返回 `NONCE_REUSED` 或 `CAPTURE_ALREADY_COMPLETED`、超大 profile body 返回 `PROFILE_TOO_LARGE`、过期清理、浏览器打开失败错误、非法环境变量 `BRIDGE_INVALID_ENV`、指定端口占用 `PORT_IN_USE`、stdout ready JSON 结构、stderr 日志不含 Authorization/token/query/profile body、DNS lookup failure、以及 DNS private target 拒绝；URL policy 测试必须读取 `tests/fixtures/bridge-url-policy-cases.json` 并注入假 resolver。
+- Historical item: 浏览器打开失败测试必须覆盖 `STACKPRISM_BROWSER_OPEN_ARGS_JSON` 非法值返回 `BROWSER_OPEN_FAILED`，以及包含 shell 元字符的 bridge URL 仍作为单个 argv 传给假命令。
+- Historical item: 所有 JS bridge 子进程测试默认设置 `STACKPRISM_BRIDGE_NO_OPEN=1`，并用 `t.after()`、`try/finally` 或等效逻辑关闭子进程、HTTP server 和 timer；只有专门测试浏览器打开失败时才允许禁用 no-open，并且必须使用不会真实打开浏览器的假命令。
+- Historical item: Host 校验测试必须覆盖 `/health`、`/bridge` 和至少一个 Bearer endpoint：`Host: 127.0.0.1:{port}` 允许，缺失 Host、错误端口、`localhost:{port}`、`[::1]:{port}` 和任意外部 host 均拒绝，除非实现显式扩展 localhost/IPv6 并同步 manifest/CSP/文档。
+- Historical item: bridge 脚本应支持被测试导入而不自动启动 server；CLI 入口必须用 `import.meta.url` 与 `process.argv[1]` guard。
+- Historical item: 运行 `pnpm exec prettier --check agent-skill/stackprism-site-experience/scripts/stackprism-bridge.mjs agent-skill/stackprism-site-experience/scripts/bridge/*.mjs tests/stackprism-bridge.test.mjs tests/fixtures/bridge-url-policy-cases.json tests/fixtures/bridge-protocol-identifiers.json`，确认 JS bridge 脚本、helper 和测试 fixture 未被格式化工具漏掉。
+- Historical item: 验证：`node --check agent-skill/stackprism-site-experience/scripts/stackprism-bridge.mjs` 通过。
+- Historical item: 验证：`for f in agent-skill/stackprism-site-experience/scripts/bridge/*.mjs; do node --check "$f"; done` 通过，避免 `node --check` 只检查第一个展开文件。
+- Historical item: 验证：`node --test --test-timeout=60000 tests/stackprism-bridge.test.mjs` 通过。
+- Historical item: Commit: `feat: add node bridge script for agents`
+
+### Task 7: 实现 Python fallback 脚本
+
+**Files:**
+
+- Create: `agent-skill/stackprism-site-experience/scripts/stackprism_bridge.py`
+- Create: `agent-skill/stackprism-site-experience/scripts/stackprism_bridge_lib/*.py`
+- Create: `tests/stackprism_bridge_py.test.mjs`
+- Reuse: `tests/fixtures/bridge-url-policy-cases.json`
+- Reuse: `tests/fixtures/bridge-protocol-identifiers.json`
+
+- Historical item: 使用 Python 标准库 `http.server`。
+- Historical item: `stackprism_bridge.py` 只保留 CLI guard、启动参数读取和 server lifecycle；HTTP routing、capture store、URL policy、DNS、body limit、browser open、redaction 和 error response 拆入 `scripts/stackprism_bridge_lib/*.py` helper，至少包含 `http_server.py`、`capture_store.py`、`url_policy.py`、`security.py` 和 `open_browser.py`，避免单文件超 300 行。
+- Historical item: 提供与 JS bridge 一致的 `/health`、`/bridge`、`POST /v1/captures`、`GET /v1/captures/{id}`、`GET /v1/captures/{id}/request`、`GET /v1/captures/{id}/control`、`GET /v1/captures/{id}/profile`、`POST /v1/captures/{id}/status`、`POST /v1/captures/{id}/profile`、`DELETE /v1/captures/{id}`。
+- Historical item: 保持与 JS bridge 相同的成功 response body 和错误 envelope，不为成功响应额外包 `ok`。
+- Historical item: 与 JS bridge 使用相同的统一 JSON 错误响应和 capture request validation；错误码、HTTP status 和脱敏 `details` 语义必须一致。
+- Historical item: 与 JS bridge 使用相同的 method/auth/content-type 错误响应和 status phase/sequence 规则。
+- Historical item: 与 JS bridge 使用相同的 `OPTIONS` preflight 拒绝、无 CORS 允许头、`Origin`/`Referer`/`Sec-Fetch-Site` 校验、no-store/nosniff/referrer-policy 响应头策略。
+- Historical item: 与 JS bridge 使用相同的 request target、path/query schema、重复 header、歧义 `Content-Length`/`Transfer-Encoding` 和 `Content-Encoding` 拒绝语义；如果 Python 标准库已在 handler 前吞掉某些非法请求，测试必须记录可观测响应并确认不会进入业务 routing。
+- Historical item: 与 JS bridge 使用相同的 Host 头校验语义；`tests/stackprism_bridge_py.test.mjs` 必须抽样覆盖 `/health`、`/bridge` 和 Bearer endpoint 的 Host 允许/拒绝行为。
+- Historical item: 模块必须可被测试 import 而不自动启动 server；CLI 入口使用 `if __name__ == "__main__"` guard。
+- Historical item: 指定 `STACKPRISM_BRIDGE_PORT` 且端口被占用时，进程必须非零退出，stderr 输出脱敏 `PORT_IN_USE`，stdout 不输出 ready JSON。
+- Historical item: 与 JS bridge 一样在启动前校验环境变量：`STACKPRISM_BRIDGE_PORT` 未设置时才使用随机端口；设置后必须是 `1..65535` 的十进制整数；browser open 相关环境变量不得包含 NUL 字符。非法端口或 NUL 字符返回 `BRIDGE_INVALID_ENV`，非零退出，stdout 不输出 ready JSON，stderr 不泄露 token 或 bridge URL query；`STACKPRISM_BROWSER_OPEN_ARGS_JSON` 的非法 JSON/非数组/非字符串元素仍由打开浏览器步骤返回 `BROWSER_OPEN_FAILED`。
+- Historical item: 启动成功后 stdout 只输出一行 JSON line，字段与 JS bridge 一致；其他日志写 stderr。ready JSON 必须在 server 已绑定且 endpoint 可接受请求后输出。
+- Historical item: 除 `/health` 和 `/bridge` 外，所有 endpoint 都校验 Bearer token；Agent endpoint 只接受 `apiToken`，插件 endpoint 只接受对应 capture 的 `bridgeToken`，与 JS bridge 一致。
+- Historical item: `GET /v1/captures/{id}` 同时支持 `apiToken` 和同 capture 的 `bridgeToken`；`GET /v1/captures/{id}/profile` 只支持 `apiToken`，与 JS bridge 一致。
+- Historical item: 使用 Python 标准库 `webbrowser.open` 自动打开 bridge 页面，并支持环境变量覆盖浏览器命令；失败时返回 `BROWSER_OPEN_FAILED`。
+- Historical item: Python fallback 与 JS bridge 一样，浏览器打开命令不得通过 shell 字符串拼接 bridge URL；覆盖命令只接受可执行文件路径，额外参数来自 `STACKPRISM_BROWSER_OPEN_ARGS_JSON` JSON 数组。
+- Historical item: Python fallback 与 JS bridge 一样严格校验 `STACKPRISM_BROWSER_OPEN_ARGS_JSON` 为字符串数组；非法值返回 `BROWSER_OPEN_FAILED` 和脱敏 `details.reason = "invalid_open_args"`，测试使用假命令确认 bridge URL 作为单个 argv 传入。
+- Historical item: 支持测试环境变量 `STACKPRISM_BRIDGE_NO_OPEN=1` 禁止自动打开浏览器，避免单元测试弹出浏览器或依赖用户桌面环境；该模式下创建 capture 不得返回 `BROWSER_OPEN_FAILED`，而是返回 `queued` 和 `bridgeUrl`。
+- Historical item: 使用安全随机源生成 `apiToken`、`bridgeToken`、`sessionId`、capture `nonce`、`profileTransferId` 和 bridge 页面 CSP nonce；不得使用时间戳、计数器或 `random.random()` 生成安全边界值；token 校验使用共享 helper 和固定时间比较或等效安全比较。
+- Historical item: `/bridge` URL 不包含 API token；HTML 内嵌一次性 `bridgeToken`，并设置 no-store、no-referrer、nosniff、`X-Frame-Options: DENY`、`Cross-Origin-Opener-Policy: same-origin`、`Permissions-Policy` 和不含 `unsafe-inline`、包含 `script-src 'nonce-{cspNonce}'`、`style-src 'nonce-{cspNonce}'`、`connect-src 'self'`、`frame-ancestors 'none'` 的 CSP。
+- Historical item: bridge config JSON script 也必须带本次响应的 `nonce`，测试覆盖 `<script id="stackprism-agent-bridge-config" type="application/json" nonce="...">` 存在，且所有 script/style nonce 与 CSP header 中的 nonce 一致。
+- Historical item: `/bridge` 响应使用 `Content-Type: text/html; charset=utf-8`，并在渲染 token 前执行 Host、request target、query schema 和来源导航校验；跨站 `Referer` 或 `Sec-Fetch-Site: cross-site` 必须返回 `ORIGIN_NOT_ALLOWED` 且不渲染 token。
+- Historical item: `/bridge` 渲染前校验 `session`、`capture`、`nonce`，校验失败不输出 `bridgeToken`。
+- Historical item: 与 JS bridge 一致，`bridgeToken` 首次 render 后和 claimed 后，同一 `/bridge?...nonce=...` 不得再次渲染 token。
+- Historical item: 与 JS bridge 一致，bridge HTML 必须做 script-safe JSON 转义，并测试恶意 query 不会打断 JSON script 或反射为可执行 HTML。
+- Historical item: 实现与 JS bridge 一致的基础 rate limit、body 大小限制和 HTTP resource policy；若标准库无法可靠支持 chunked body，必须按协议返回 `UNSUPPORTED_TRANSFER_ENCODING`，不能阻塞读取。
+- Historical item: 将 URL policy 拆成可被测试调用的纯函数，接收 resolver 参数；生产 resolver 使用 `socket.getaddrinfo`，测试 resolver 使用 `tests/fixtures/bridge-url-policy-cases.json` 的固定结果，避免依赖真实 DNS。
+- Historical item: 生产 DNS resolver 设置 2 秒超时，并与 JS bridge 一样 fail closed。
+- Historical item: 使用生产 resolver 解析目标 hostname，并与 JS bridge 使用同一 private network 判断语义。
+- Historical item: 即使 `allowPrivateNetworkTarget = true`，目标 URL 指向当前 bridge server origin 时也返回 `BRIDGE_SELF_TARGET_BLOCKED`。
+- Historical item: 对插件上报的 final URL 执行同一套 URL 和 DNS 校验；失败时把 capture 标记为 `FINAL_URL_BLOCKED`。
+- Historical item: `POST /v1/captures/{id}/status` 收到 `phase = "target_loaded"` 时必须校验 `finalUrl`；失败时直接返回 `409`，与 JS bridge 一致。
+- Historical item: `tests/stackprism_bridge_py.test.mjs` 必须复用 `tests/fixtures/bridge-url-policy-cases.json` 并注入假 resolver，确认 Python fallback 与 JS bridge 在 URL policy 上一致。
+- Historical item: `tests/stackprism_bridge_py.test.mjs` 必须复用 `tests/fixtures/bridge-protocol-identifiers.json`，确认 Python fallback 的 token/id 生成、path/query validator 和 Bearer validator 与 JS bridge 接受/拒绝结果一致。
+- Historical item: 实现与 JS bridge 一致的 status 回写、control 取消和 profile 回写 endpoint；`POST /profile` 接收原始 `SiteExperienceProfile` JSON，不接收额外 wrapper，也不要求 nonce 出现在 profile body。
+- Historical item: 实现与 JS bridge 一致的握手超时和 completed profile TTL；TTL 到期后状态转为 `expired` 并清除 profile body。
+- Historical item: Python capture store/timer 也必须支持测试注入 clock/timer 或测试专用短时配置；专项测试不得真实等待 30 秒、60 秒或 10 分钟。
+- Historical item: 实现与 JS bridge 一致的 `CAPTURE_TIMEOUT`、`cancel_requested` -> `cancelled` 状态流、10 秒 cancel 超时、terminal DELETE 返回 409；不能在 DELETE 时立刻删除 capture，也不能用 DELETE 改写已失败、已取消、已过期或已完成 capture 的终态。
+- Historical item: `tests/stackprism_bridge_py.test.mjs` 抽样覆盖 JSON response content-type、`Allow` 头、stderr 脱敏、profile wrapper/schema/captureId mismatch、重复 profile 回写和超大 profile body，确认错误码与 JS bridge 一致。
+- Historical item: `tests/stackprism_bridge_py.test.mjs` 抽样覆盖 request endpoint response shape：只返回 `captureId`、`sessionId`、`nonce`、`protocolVersion` 和规范化 `request`，不返回 `apiToken`、`bridgeToken`、profile body 或 callback URL。
+- Historical item: 所有 Python fallback 子进程测试默认设置 `STACKPRISM_BRIDGE_NO_OPEN=1`，并用 `t.after()`、`try/finally` 或等效逻辑关闭子进程、HTTP server 和 timer；浏览器打开失败测试必须使用不会真实打开浏览器的假命令。
+- Historical item: 运行 `pnpm exec prettier --check tests/stackprism_bridge_py.test.mjs`，确认 Python fallback 的 JS 测试未被格式化工具漏掉。Python fallback 只用 `py_compile` 和专项测试校验，不交给 Prettier。
+- Historical item: 验证：`python3 -m py_compile agent-skill/stackprism-site-experience/scripts/stackprism_bridge.py` 通过。
+- Historical item: 验证：`python3 -m compileall -q agent-skill/stackprism-site-experience/scripts/stackprism_bridge_lib` 通过，避免 shell 通配符在无匹配时传给 `py_compile`。
+- Historical item: 验证：`node --test --test-timeout=60000 tests/stackprism_bridge_py.test.mjs` 启动 Python 子进程并确认 `/health` 返回一致字段。
+- Historical item: Commit: `feat: add python bridge fallback script`
+
+### Task 8: 编写 Skill
+
+**Files:**
+
+- Create: `agent-skill/stackprism-site-experience/SKILL.md`
+- Create: `agent-skill/stackprism-site-experience/README.md`
+- Create: `agent-skill/stackprism-site-experience/agents/openai.yaml`
+- Create: `agent-skill/stackprism-site-experience/references/site-experience-profile-schema.md`
+- Create: `agent-skill/stackprism-site-experience/references/agent-consumption-guide.md`
+- Modify: `.prettierignore`
+
+- Historical item: `SKILL.md` 说明触发场景：复刻网站视觉、参考 UI/UX、采集技术与体验 profile。
+- Historical item: `README.md` 说明 repo-local skill 的安装/发现边界：默认不自动进入 Codex 全局 Skills 列表，用户或发布流程需要复制/软链接到 `$CODEX_HOME/skills`；Agent 也可以直接按 repo path 运行脚本。
+- Historical item: 明确首选 JS 脚本，Python 为 fallback。
+- Historical item: 说明默认打开系统浏览器；如果插件安装在非默认浏览器，Agent 必须设置 `STACKPRISM_BROWSER_OPEN_COMMAND` 指向对应 Chrome 内核浏览器和用户 profile。
+- Historical item: Skill 使用示例必须展示 bridge 子进程生命周期：启动后最多等待 10 秒读取 ready JSON，遇到超时、非 JSON、缺字段或 `protocolVersion` 不匹配时分别按 `BRIDGE_START_TIMEOUT`、`BRIDGE_READY_PARSE_FAILED`、`BRIDGE_PROTOCOL_UNSUPPORTED` 失败处理；完成 capture 或失败后在 `finally` 中发送 SIGTERM/关闭子进程，并等待退出；不得鼓励 Agent 留下常驻本地 bridge。
+- Historical item: Skill 示例和 README 日志片段必须对 ready JSON 中的 `apiToken` 做脱敏；不得把原始 ready JSON 直接打印到报告、stdout 示例或错误日志。
+- Historical item: 浏览器选择文档必须同时说明 `STACKPRISM_BROWSER_OPEN_COMMAND` 只接受可执行文件路径，额外用户 profile 参数必须通过 `STACKPRISM_BROWSER_OPEN_ARGS_JSON` JSON 数组传入，bridge URL 永远由脚本作为最后一个独立参数追加。
+- Historical item: 文档必须说明 `STACKPRISM_BROWSER_OPEN_ARGS_JSON` 只能是 JSON 字符串数组；示例中不得把 bridge URL 写入该数组，URL 永远由脚本追加，避免用户把 token-bearing URL 放进 shell 命令或日志。
+- Historical item: 说明第一版为 passive capture，不会点击、提交、登录或执行破坏性操作。
+- Historical item: 说明 `viewports` 不是 CDP 移动仿真，Agent 不能把它当作真实手机截图。
+- Historical item: 明确 Agent 读取 profile 后优先复刻体验，不盲目照搬技术。
+- Historical item: `agents/openai.yaml` 仅作为可选 metadata 与发布辅助文件；不得在文档中声称 repo 内 `agents/openai.yaml` 会让 Codex 自动发现 Skill。Codex 自动发现仍以复制/软链接到 `$CODEX_HOME/skills` 后的 `SKILL.md` 为准。
+- Historical item: schema reference 与 TypeScript schema 字段一致。
+- Historical item: consumption guide 给出从 profile 到实现任务的步骤。
+- Historical item: 复查 Task 6 已加入的 `.gitignore` 例外仍生效，确认以下命令退出码为 1 且无输出：`git check-ignore -v --no-index agent-skill/stackprism-site-experience/scripts/stackprism-bridge.mjs agent-skill/stackprism-site-experience/scripts/bridge/http-server.mjs agent-skill/stackprism-site-experience/scripts/stackprism_bridge.py agent-skill/stackprism-site-experience/scripts/stackprism_bridge_lib/http_server.py`。使用 `--no-index`，避免已跟踪文件让 ignore 规则检查产生假阴性。
+- Historical item: `.prettierignore` 保持 Skill 脚本不被忽略；分别运行 `pnpm exec prettier --file-info agent-skill/stackprism-site-experience/scripts/stackprism-bridge.mjs` 和 `pnpm exec prettier --file-info agent-skill/stackprism-site-experience/scripts/bridge/http-server.mjs`，确认返回 JSON 中 `"ignored": false`，因为 `prettier --check` 对被 ignore 的显式路径可能不足以证明格式化覆盖真实生效。
+- Historical item: 运行 `pnpm exec prettier --check agent-skill/stackprism-site-experience/SKILL.md agent-skill/stackprism-site-experience/README.md agent-skill/stackprism-site-experience/agents/openai.yaml agent-skill/stackprism-site-experience/scripts/stackprism-bridge.mjs agent-skill/stackprism-site-experience/scripts/bridge/*.mjs agent-skill/stackprism-site-experience/references/site-experience-profile-schema.md agent-skill/stackprism-site-experience/references/agent-consumption-guide.md`，确认 repo-local Skill 文档、YAML 和 JS bridge 脚本未被格式化工具漏掉。Python fallback 只用 `py_compile` 和专项测试校验，不交给 Prettier。
+- Historical item: Commit: `docs: add stackprism site experience skill`
+
+### Task 9: 文档与开发手册
+
+**Files:**
+
+- Create: `docs/dev/agent-bridge.md`
+- Modify: `docs/dev/index.md`
+- Modify: `docs/dev/architecture.md`
+- Modify: `docs/dev/detection-flow.md`
+- Modify: `docs/dev/release.md`
+- Modify: `docs/.vitepress/config.ts`
+- Modify: `.github/workflows/release-extension.yml`
+- Modify: `PRIVACY.md`
+- Modify: `README.md`
+- Modify: `docs/guide/basic-usage.md`
+
+- Historical item: 记录 Agent Bridge 数据流、API、profile schema、安全约束。
+- Historical item: `PRIVACY.md` 写清楚新增采集边界、不会采集的敏感数据类型、loopback bridge 和 token 生命周期。
+- Historical item: `docs/dev/agent-bridge.md`、`PRIVACY.md`、`README.md` 与 `docs/guide/basic-usage.md` 明确本机信任边界：Agent Bridge 只防跨站网页和误用路径，不防同机恶意进程伪造兼容 loopback bridge；需要该级别隔离时应转向 Native Messaging 或等效本机 broker。
+- Historical item: `README.md` 与 `docs/guide/basic-usage.md` 说明 Agent Bridge 需要已安装扩展、默认 passive capture、失败路径和浏览器选择方式。
+- Historical item: `README.md`、`docs/guide/basic-usage.md` 和 Skill 使用说明必须说明首次使用前需要在设置页启用 Agent Bridge；若未启用，Skill 示例必须把 `AGENT_BRIDGE_DISABLED` 显示为用户可操作错误，而不是重试或降级。
+- Historical item: 用户文档和设置页文案必须说明 Agent Bridge 启用状态是当前浏览器 profile 的本机设置，不随 Chrome sync 同步到其他设备；换设备、换浏览器 profile 或重装扩展后需要重新显式启用。
+- Historical item: `docs/dev/agent-bridge.md`、`PRIVACY.md`、`README.md` 与 `docs/guide/basic-usage.md` 必须明确同浏览器其他扩展不在第一版防护范围内；建议用户在干净浏览器 profile 或只安装可信扩展的 profile 中使用 Agent Bridge。
+- Historical item: `docs/dev/release.md` 增加 Chrome Web Store / Edge Add-ons 发布前人工检查项：如果发布 Agent Bridge，需要同步商店隐私披露、数据用途说明和用户可见说明，明确数据会被发送到用户本机 loopback bridge 供本地 Agent 读取，但不会发送到 StackPrism 远程服务器。
+- Historical item: `docs/dev/release.md` 明确 `agent-skill/` 是 repo-local Agent 工具，不属于浏览器扩展运行时；Chrome Web Store / Edge Add-ons 上传包只能来自 `dist/`，不得把 `agent-skill/`、本地 HTTP bridge 脚本、测试 fixture、`docs/superpowers/` 或 Python 字节码缓存打入 zip/crx。
+- Historical item: `.github/workflows/release-extension.yml` 在打包 zip/crx 前运行 `pnpm run lint`、`pnpm run build:injected`、`pnpm run test:unit` 和 `pnpm run typecheck`；若 `typecheck` 仍包含最终 `pnpm build`，不得再用旧 `dist/` 打包。
+- Historical item: `.github/workflows/release-extension.yml` 在 zip 前增加 dist hygiene 检查：确认 `dist/manifest.json` 不含 `externally_connectable`，`web_accessible_resources` 不暴露 `agent-skill/`、`stackprism-bridge.mjs`、`stackprism_bridge.py` 或 `experience-profiler.iife.js`（除非已有独立文档理由和最小 match），并确认 `dist/` 内不存在 `agent-skill/`、`docs/superpowers/`、`tests/`、`*.py`、`__pycache__/` 或本地 bridge server helper 源文件。
+- Historical item: `docs/.vitepress/config.ts` 的开发手册 sidebar 加入 `/dev/agent-bridge`。
+- Historical item: release checklist 增加 bridge smoke test。
+- Historical item: detection-flow 增加 agent capture 管道。
+- Historical item: 运行 `pnpm exec prettier --check docs/dev/agent-bridge.md docs/dev/index.md docs/dev/architecture.md docs/dev/detection-flow.md docs/dev/release.md docs/.vitepress/config.ts README.md PRIVACY.md docs/guide/basic-usage.md`，确认 Task 9 修改的 Markdown/VitePress 配置未被格式化工具漏掉。
+- Historical item: 验证：`pnpm run docs:build` 通过。
+- Historical item: Commit: `docs: document agent bridge workflow`
+
+### Task 10: 端到端验证与收口
+
+**Files:**
+
+- Existing: `docs/reviews/CR-AGENT-BRIDGE-E2E-2026-05-22.md`
+- Existing: `docs/reviews/CR-AGENT-BRIDGE-COMPLETION-AUDIT-2026-05-24.md`
+- No new review file unless a later validation run needs a new dated audit.
+
+Current status source:
+
+- The original long unchecked E2E list has been replaced by this status matrix because the feature is no longer at pre-implementation planning state.
+- Detailed evidence for the original Task 10 items is grouped in `docs/reviews/CR-AGENT-BRIDGE-COMPLETION-AUDIT-2026-05-24.md#task-10-coverage-matrix`.
+- This plan is not the release sign-off for Chrome Web Store or Edge Add-ons. Store state must be proven from the external store dashboards and disclosure forms.
+
+| Area                                          | Current status                                                   | Evidence and remaining gate                                                                                                                                                                                                                                                                                                                                                     |
+| --------------------------------------------- | ---------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| E2E report file                               | Complete locally                                                 | `docs/reviews/CR-AGENT-BRIDGE-E2E-2026-05-22.md` exists and records browser, dist path, command, exit code, summary, skip reason and residual risk.                                                                                                                                                                                                                             |
+| Basic command gates                           | Complete locally, rerun before final commit                      | `pnpm run test:unit`, `pnpm run lint`, `pnpm run typecheck`, `pnpm run docs:build`, JS/Python syntax checks and focused bridge tests have passing records in the audit; rerun the main gate set after any further edit.                                                                                                                                                         |
+| Default browser smoke                         | Complete locally                                                 | Default `node tests/agent-bridge-browser-smoke.mjs` now uses the local `tests/fixtures/site-experience-fixture.html` path, with explicit `allowPrivateNetworkTarget = true`, and no longer depends on `https://example.com` resolver behavior.                                                                                                                                  |
+| Public complex-site smoke                     | Partial local evidence                                           | `public-complex-target` captured `https://www.wikipedia.org/` with non-empty visual/layout/component data, but this environment resolved the hostname to `198.18.0.19`, so the smoke explicitly used `allowPrivateNetworkTarget = true`; it is not proof that default no-private-network policy accepts resolver-rewritten public hostnames.                                    |
+| Bridge API and rate limits                    | Complete locally                                                 | JS and Python tests plus live smoke cover auth scope, create/status/profile/control endpoints, query/create rate limits, busy ordering, terminal DELETE and no silent queue.                                                                                                                                                                                                    |
+| Target URL, DNS and private-network policy    | Complete for current fixtures; broader matrix remains external   | Unit fixtures and smoke cover unsupported protocols, credentialed URL rejection, bridge self-target, private target block, DNS lookup failure, final URL block and browser-observed `targetNetworkAddress` IP-literal validation. Multi-network DNS/private-address matrices remain a live environment gate.                                                                    |
+| Profile schema, privacy and UX fields         | Complete locally                                                 | Current profile includes `target.language`, first-order UX fields, optional `visualProfile.screenshot` only when `captureScreenshot = true`, and `agentGuidance.recreationPlan` with implementation order, design tokens, layout blueprint, component inventory, interaction/UX/asset checklists and verification checklist; tests cover redaction, default no screenshot payload, explicit screenshot payload and recreation-plan output. |
+| Profile transfer and large profile            | Complete locally                                                 | Tests and smoke cover 384 KiB raw chunking, ack/reassembly, sha256 match, missing chunk, ack timeout, hash mismatch, wrong binding, invalid payload and >8 MB rejection.                                                                                                                                                                                                        |
+| Capture lifecycle and cleanup                 | Complete locally except running idle eviction exact live trigger | Tests and smoke cover cancellation, tab closure, target navigation/load failure/load timeout, extension reload, storage-session clear, deadline reconciliation, target cleanup, bridge process shutdown and no fake profile. Running-capture natural service worker idle eviction has only fail-closed cleanup evidence in the current Chrome behavior and remains a live gate. |
+| Incognito                                     | Unit complete; live metadata branch not proven                   | Content client and tab metadata tests cover `INCOGNITO_NOT_SUPPORTED`. Current CDP and `--incognito` live probes fail closed as `EXTENSION_NOT_CONNECTED` without target fetch or fake profile, so exact live metadata rejection remains a browser configuration gate.                                                                                                          |
+| Bridge page security and local trust boundary | Complete locally with stated boundary                            | Tests cover one-time token render, hostile query/fragment non-reflection, no-store/no-referrer/nosniff/CSP/nonce/frame restrictions, request-target/Host/Origin/Sec-Fetch checks and token redaction. The first version still trusts the local bridge process and does not defend against same-machine malicious processes or other same-profile extensions.                    |
+| Release artifact hygiene                      | Complete locally, rerun after build                              | Release workflow tests and `dist/` scans block `agent-skill/`, `docs/superpowers/`, tests, Python fallback files, local bridge server source and helper `.mjs` files from release artifacts; `dist/manifest.json` must not expose `externally_connectable` or agent-only WAR paths.                                                                                             |
+| Store release and disclosure                  | Workflow-gated external gate                                     | Release workflow now fails before packaging Agent Bridge artifacts unless maintainers confirm disclosure via `agent_bridge_disclosure_confirmed=true` or a checked `- [x] Agent Bridge disclosure confirmed` release-note line. Chrome Web Store and Edge Add-ons update rollout plus privacy/data-use disclosure acceptance still must be proven from external dashboards.        |
+| Final git hygiene                             | Pending until branch closeout                                    | Before commit or push, run `git diff --check`, inspect `git status --short`, and confirm changed files are limited to Agent Bridge implementation, tests, docs and audit records.                                                                                                                                                                                               |
+
+Current local verification commands:
+
+```bash
+pnpm run test:unit
+pnpm run lint
+pnpm run typecheck
+pnpm run docs:build
+STACKPRISM_BROWSER_SMOKE_CDP_PORT=9661 node tests/agent-bridge-browser-smoke.mjs
+git diff --check
+```
+
+Optional focused checks before a release candidate:
+
+```bash
+node --check agent-skill/stackprism-site-experience/scripts/stackprism-bridge.mjs
+for f in agent-skill/stackprism-site-experience/scripts/bridge/*.mjs; do node --check "$f"; done
+python3 -m py_compile agent-skill/stackprism-site-experience/scripts/stackprism_bridge.py
+python3 -m compileall -q agent-skill/stackprism-site-experience/scripts/stackprism_bridge_lib
+node --test --test-timeout=60000 tests/stackprism-bridge.test.mjs
+node --test --test-timeout=60000 tests/stackprism_bridge_py.test.mjs
+node --test --test-timeout=60000 tests/release-workflow.test.mjs tests/agent-bridge-manifest.test.mjs
+```
+
+Manual bridge capture example:
+
+```bash
+curl --max-time 60 -sS -X POST "${STACKPRISM_BRIDGE_BASE_URL}/v1/captures" \
+  -H 'content-type: application/json' \
+  -H "authorization: Bearer ${STACKPRISM_BRIDGE_API_TOKEN}" \
+  -d '{"url":"http://127.0.0.1:<fixture-port>/site-experience-fixture.html","mode":"experience","waitMs":1000,"include":["tech","visual","layout","components","interaction","ux","assets"],"options":{"allowPrivateNetworkTarget":true,"captureScreenshotMetadata":false,"captureScreenshot":false}}'
+```
+
+Use a real public URL only as an explicit external-target scenario. In the current local environment, `example.com` and some public hostnames can resolve to `198.18.*`; when that happens, the default private-network policy must fail closed unless `allowPrivateNetworkTarget` is explicitly set for an approved local or DNS-proxy test.
+
+External gates retained after local completion:
+
+- Chrome Web Store update rollout.
+- Edge Add-ons update rollout.
+- Store privacy disclosure acceptance for Agent Bridge data use; the GitHub release workflow enforces a maintainer confirmation before packaging but cannot prove external dashboard acceptance.
+- Running-capture natural service worker idle eviction exact live trigger.
+- Incognito bridge or target tab exact `INCOGNITO_NOT_SUPPORTED` live metadata path.
+- Broader long-duration resource exhaustion matrix across multiple machines and networks.
+- Broader DNS/private-network matrix outside the current DNS-proxy environment.
+
+## 安全门禁
+
+- bridge server 只能绑定 `127.0.0.1`，不能绑定 `0.0.0.0`。
+- token、session、nonce、profile transfer id 和 CSP nonce 使用 `crypto.randomUUID()`、`crypto.getRandomValues()`、`crypto.randomBytes()` 或等效安全随机源；不得使用时间戳、计数器、`Math.random()` 或 `random.random()` 生成安全边界值。
+- token 校验必须使用共享 helper 和固定时间比较或等效安全比较；日志和错误响应不得暴露 token 长度、正确前缀、错误位置或相似度。
+- 启动环境变量必须先校验再绑定端口或生成 token；非法 `STACKPRISM_BRIDGE_PORT` 或包含 NUL 字符的 browser open 配置必须失败为 `BRIDGE_INVALID_ENV`，不得静默使用默认值继续启动。`STACKPRISM_BROWSER_OPEN_ARGS_JSON` 的非法 JSON/非数组/非字符串元素属于浏览器打开配置错误，按 `BROWSER_OPEN_FAILED` 处理。
+- `apiToken` 不得出现在 URL、bridge 页面、浏览器历史、运行时 debug 日志和 profile 中；脚本启动时给 Agent 的机器可读输出除外。
+- 扩展与 bridge 的所有日志必须脱敏，不得记录 nonce、完整 bridge URL query、token、Authorization header、profile body 或目标 URL 敏感 query。
+- Skill、README 和 E2E 报告不得原样记录包含 `apiToken` 的 ready JSON；只能记录脱敏摘要。
+- `bridgeToken` 只允许出现在对应 bridge 页面内嵌数据和插件请求头中，不得进入 profile。
+- `bridgeToken` 被首次渲染或 claim 后不得再次通过历史 `/bridge` URL 渲染。
+- bridge 页面必须 no-store、no-referrer、nosniff、`X-Frame-Options: DENY`、`Cross-Origin-Opener-Policy: same-origin`、最小 `Permissions-Policy`，并禁止外部资源。
+- bridge 页面 CSP 必须使用 per-response nonce，禁止 `unsafe-inline`，并保留 `connect-src 'self'` 和 `frame-ancestors 'none'`；不得允许本机任意端口。
+- bridge server 必须拒绝跨站 `Origin`、跨站 `Referer` 或 `Sec-Fetch-Site: cross-site` 的敏感 endpoint 请求，作为 CORS 拒绝之外的防线。
+- `/bridge` 渲染 token 前也必须拒绝跨站 `Referer` 或 `Sec-Fetch-Site: cross-site`，防止外部网页顶层导航到泄露的 bridge URL 时触发 token render。
+- bridge server 必须拒绝非法 request target、非法 path/query schema、重复认证/长度/content-type/host 头、歧义 body framing 和非 identity content encoding，避免 Node/Python HTTP parser 差异进入业务层。
+- 浏览器自动打开命令不得通过 shell 字符串拼接 bridge URL，避免本地命令注入或 URL 参数被 shell 解释。
+- bridge server 必须校验 Host 头，避免非预期 host 访问。
+- bridge server 必须有基础 rate limit，防止本地误调用刷爆浏览器 tab 或状态查询。
+- bridge server 必须限制连接数、请求读取时间、body 大小和 keep-alive 时间；不得被本地慢请求长期占住。
+- bridge server 必须能在 SIGINT/SIGTERM/stdin EOF 后关闭监听、timer 和 active capture 状态；Skill 必须负责停止子进程。
+- MV3 background 不得只依赖内存 timer 做 capture 超时、取消超时或 profile transfer 超时；必须持久化绝对 deadline 并在 service worker 模块初始化和所有相关事件入口做 reconciliation。第一版不新增 `chrome.alarms` 权限；若新增必须同步更新 manifest、测试和隐私文档。
+- 本机 loopback trust boundary 必须写入开发文档、隐私文档和 E2E 报告：第一版不防同机恶意进程伪造兼容 bridge server，不得把 `bridgeToken`、meta 标记或随机端口宣传成本机进程身份认证。
+- 同浏览器扩展 trust boundary 必须写入开发文档、隐私文档、用户文档和 E2E 报告：第一版不防已安装恶意扩展读取 bridge 页面 DOM、观察 bridge URL 或干扰同一 profile；不得把 DOM 内嵌 `bridgeToken` 宣传成对其他扩展保密。
+- bridge server 必须通过 DNS 解析阻止 hostname 指向私网地址，除非 `allowPrivateNetworkTarget = true`。
+- private-network 防护不能被描述为浏览器级网络防火墙；第一版只能保证不创建或不继续不合规 capture、不给 Agent 交付不合规 profile，不能承诺浏览器导航前零私网触达。
+- DNS/private-network 离线契约测试必须使用可注入 resolver 和固定 fixture；不得依赖本机 hosts、VPN、DNS 缓存或真实外网解析结果。
+- DNS 解析失败、解析超时、空结果和任一私网答案必须 fail closed；不得因为 resolver 异常而放行目标。
+- bridge server 必须对初始 URL 和最终 URL 都执行私网/DNS 校验；最终 URL 不合规时不得交付 profile。
+- bridge server 必须拒绝目标 URL 或 final URL 指向当前 bridge server origin，即使 `allowPrivateNetworkTarget = true`。
+- 插件必须在 `target_loaded` final URL 被 bridge 接受后才注入主动检测和 experience profiler。
+- tab 复用必须保留 query 参与匹配；不得把同 origin/path 但 query 不同的页面当作同一目标复用或声明为 active tab 匹配成功。
+- agent-only `experience-profiler.iife.js` 默认不得列入 `web_accessible_resources`；若后续必须暴露，必须有独立文档理由、最小 match 和测试覆盖。
+- profile 回写 endpoint 必须校验 Bearer token。
+- 插件 status/profile 回写与 control 轮询必须校验 Bearer `bridgeToken`。
+- `bridgeToken` 只能读取同一 capture 的状态/control/request，不能创建 capture、不能读取 profile、不能跨 capture 访问。
+- `/v1/captures` 创建任务也必须校验 Bearer token，避免任意本地网页创建采集任务。
+- capture nonce 一次性使用。
+- 第一版只接受 `http://127.0.0.1` bridge 页面；若加入 `localhost`，必须同步更新 bridge Host 校验、CSP、manifest match 和测试。
+- background 必须校验 `sender.tab.id`、`sender.tab.windowId`、`sender.url` 与 bridge session/capture/nonce 一致。
+- `chrome.storage.session` 必须保持 trusted-only；不得把 agent capture state、active-tab tracker 或普通 tab cache 暴露给 untrusted content scripts。
+- `chrome.storage.session` 只用于 service worker 重启恢复，不得被描述或测试成浏览器完全重启、扩展 reload/update 或用户禁用扩展后的持久恢复机制；这些场景必须 fail closed 并清理自己创建的 target tab。
+- background 到 bridge 的 profile 回传必须走 bridge content script 同源 POST；若新增 CORS fallback，只能显式允许当前扩展 origin，禁止 wildcard。
+- background 到 bridge content script 的 profile 回传必须分片传输并逐片 ack；不得把完整 profile 作为单条扩展消息发送。
+- bridge content script 必须校验 profile transfer 的 `profileTransferId`、`captureId`、`sessionId`、`nonce`、chunk 连续性、累计 byteLength、base64/UTF-8/JSON decode 和 sha256，缺片、hash mismatch 或身份字段不一致必须结构化失败。
+- 第一版不支持 incognito capture；bridge tab 或目标 tab 的 `incognito` 为 true 时必须失败为 `INCOGNITO_NOT_SUPPORTED`。
+- 插件新建目标 tab 必须 `active: false`，不得抢焦点；只允许关闭 `createdByCapture` 的 tab。
+- `targetMode = "active_tab"` 必须依赖 active-tab-tracker 记录的 bridge 打开前 active tab，不得读取 bridge 页当前 active tab 充当目标。
+- 插件不暴露 externally_connectable。
+- 不读取和回传 localStorage/sessionStorage 明文。
+- 资源 URL、文本摘要和 evidence 中的 query 参数、hash、token-like 片段必须脱敏。
+- UX 文本摘要必须脱敏，不输出完整可见文本。
+- 第一版不得主动点击、提交或触发业务状态变化。
+- 响应头输出沿用现有 set-cookie 脱敏逻辑，并新增 Authorization/Cookie 防线。
+- profile 必须包含 limitations，避免 Agent 把低置信或不可见信息当作事实。
+
+## 验收标准
+
+- Agent 可通过 Skill 内 JS 脚本启动本地 bridge，并通过 HTTP API 创建 capture。
+- bridge 脚本 stdout 首行是一条可解析 JSON line，包含 `baseUrl`、`apiToken`、`protocolVersion` 和 `healthUrl`。
+- Agent 示例对 ready JSON 有 10 秒超时、parse failure、protocol mismatch 和子进程清理逻辑；端口占用时返回 `PORT_IN_USE` 且不泄露 token。
+- Skill 和 E2E 报告中的 ready JSON 示例已脱敏，不包含原始 `apiToken`。
+- 用户不需要手动点击插件、复制或下载。
+- 插件能自动采集目标 URL 的现有技术栈信息。
+- 插件能新增采集视觉、布局、组件、交互、UX 和资产摘要。
+- Agent 能读取 `stackprism.site_experience_profile.v1`。
+- profile 对“实现同样视觉效果、UI/UX 体验”有直接指导字段，并通过 `agentGuidance.recreationPlan` 输出实现顺序、设计 token、布局蓝图、组件清单、交互/UX/资产清单和验证清单。
+- `experience-profiler` 同时登记在 `build-scripts/build-injected.mjs` 和 `vite.injected.config.ts`，构建产物存在，且默认不作为 web-accessible resource 暴露给网页。
+- 所有失败路径返回结构化错误。
+- Agent 可观察到插件阶段状态、取消结果、bridge tab 关闭和目标 tab 关闭错误，而不是只等待超时。
+- service worker 重启可以 fail closed 并清理目标 tab；浏览器/扩展完整重启或 storage session 丢失不会被宣称可恢复。
+- MV3 service worker 中途挂起或恢复后，capture deadline reconciliation 可复现，不依赖已丢失的内存 timer。
+- running capture 全局超时、cancel 超时、DNS lookup failure、目标导航走偏和注入失败都有明确结构化错误或终态。
+- target main-frame load failure 返回 `TARGET_LOAD_FAILED`，不会把浏览器错误页当目标页面采集。
+- `include` 子集请求不会运行未请求采集，未请求 section 以空对象和 `section_not_requested` limitation 表达。
+- `captureScreenshotMetadata` 的 true/false 行为可验证：metadata 只控制几何和 above-fold 摘要。截图图像只能通过显式 `captureScreenshot = true` 输出，默认请求不得包含截图图像或像素数据。
+- 单元测试、lint、build、docs build 通过。
+- 浏览器端 smoke test 证明插件、bridge、Agent API 三段联通。
+- bridge 页面不会污染普通检测缓存或 badge。
+- 默认浏览器未安装插件时能明确失败；指定正确浏览器后能成功。
+- 多视口能力边界清晰：第一版不宣称真实移动设备/CDP 仿真。
+- bridge URL、浏览器历史和 profile 不包含 API token。
+- `/bridge` 在 session/capture/nonce 无效时不会渲染 bridgeToken；同一 session/capture/nonce 的重复打开不会第二次渲染 bridgeToken；bridgeToken 只出现在 JSON config DOM 中。
+- `/bridge` 跨站导航不会触发 bridgeToken 渲染；非法 path/query 和歧义 HTTP header 不会进入业务 routing。
+- 文档和 E2E 报告明确说明 loopback bridge 不防同机恶意进程伪造，`bridgeToken` 只约束同一 capture 的 API scope，不是本机进程身份凭证。
+- bridge 页面 CSP 不含 `unsafe-inline`，所有可执行 inline script 和 inline style 均由每次响应 nonce 放行。
+- bridge config JSON script 也带 CSP nonce；非法启动环境不会输出 ready JSON 或 token。
+- `PRIVACY.md`、`README.md` 和用户文档同步说明 Agent Bridge 的隐私边界。
+- Agent Bridge 有用户可见 `agentBridgeEnabled` 设置；发布包默认关闭，未启用时返回 `AGENT_BRIDGE_DISABLED`，不会打开目标 tab 或采集 profile。
+- `agentBridgeEnabled` 是当前浏览器 profile 的 local-only opt-in，不随 `chrome.storage.sync` 跨设备同步；旧 sync 字段或缺字段都不能自动开启 Agent Bridge。
+- `docs/.vitepress/config.ts` 已把 Agent Bridge 文档加入开发手册导航。
+- `agent-skill/**/scripts/**` 不被 `.gitignore` 或 `.prettierignore` 吞掉。
+- 固定 fixture smoke test 稳定返回视觉、布局、组件和脱敏字段。
+- 大 profile smoke test 证明 profile chunk transport 成功，并且缺片、ack 超时、hash mismatch 都返回结构化错误。
+- profile transfer 身份字段和编码校验已覆盖：错误 `sessionId`/`nonce`、非法 base64、非法 UTF-8 或非 profile JSON 都不能被 POST 为完成结果。
+- passive capture 边界清晰：未主动打开的弹窗、下拉和交互流程不会被宣称已完整采集。
+- JS/Python bridge 的 URL policy 离线测试通过同一 fixture 和假 resolver，避免 DNS/private-network 契约随本机网络环境漂移。
+- DNS fail-closed 语义覆盖解析失败、解析超时、空结果和混合公网/私网答案。
+- 发布 zip/crx 的 `dist/` 产物不包含 repo-local `agent-skill/`、本地 bridge server 源脚本、测试 fixture、`docs/superpowers/`、Python 字节码或仅供 Agent 使用的 helper；CI 在打包前有自动扫描门禁。
+
+## 执行顺序
+
+关键路径：协议类型 -> profile builder -> 体验采集 -> bridge handshake -> background 编排 -> JS bridge -> Python fallback -> Skill 文档 -> E2E 验证。
+
+Task 7 是本计划验收范围的一部分。只有在用户显式缩小第一版范围时，才能把 Python fallback 拆成后续原子任务；拆分时必须同步更新验收标准、Skill 文档和正式任务跟踪文件，明确 JS bridge 为第一版唯一可交付脚本，且保留 JS/Python 协议兼容要求作为后续任务门禁。
diff --git a/package.json b/package.json
index 02e68c71..099b414c 100644
--- a/package.json
+++ b/package.json
@@ -10,7 +10,7 @@
     "build:injected": "node build-scripts/build-injected.mjs",
     "build": "pnpm run build:injected && vite build",
     "build:firefox": "pnpm run build && node build-scripts/package-firefox.mjs",
-    "test:unit": "node --test tests/*.test.mjs",
+    "test:unit": "node --test --test-timeout=60000 tests/*.test.mjs",
     "check:links": "node build-scripts/check-tech-links.mjs",
     "extract:icons": "node build-scripts/extract-wappalyzer-icons.mjs",
     "dev": "pnpm run build:injected && vite",
diff --git a/public/tech-links.json b/public/tech-links.json
index d147ff47..250cac91 100644
--- a/public/tech-links.json
+++ b/public/tech-links.json
@@ -21514,6 +21514,21 @@
     "viewer.js": "https://github.com/fengyuanchen/viewerjs",
     "web3.storage": "https://web3.storage",
     "web3.storage IPFS Gateway": "https://web3.storage",
+    "Cloudreve": "https://cloudreve.org",
+    "Elasticsearch Kibana": "https://www.elastic.co/kibana",
+    "GoAhead WebServer": "https://www.embedthis.com/goahead/",
+    "IBM HTTP Server": "https://www.ibm.com/docs/en/ibm-http-server",
+    "JSP": "https://jakarta.ee/specifications/pages/",
+    "Liferay Portal": "https://www.liferay.com",
+    "OpenList": "https://github.com/OpenListTeam/OpenList",
+    "Payara Server": "https://www.payara.fish",
+    "Perl Mojolicious": "https://www.mojolicious.org",
+    "Python http.server": "https://docs.python.org/3/library/http.server.html",
+    "RESTHeart": "https://restheart.org/docs/",
+    "Servlet": "https://jakarta.ee/specifications/servlet/",
+    "Sinopia": "https://github.com/rlidwka/sinopia",
+    "WEBrick": "https://ruby-doc.org/stdlib/libdoc/webrick/rdoc/WEBrick.html",
+    "lighttpd": "https://www.lighttpd.net",
     "易支付 / EPay 聚合支付": "https://github.com/zybexw/epay",
     "第四方支付 / 聚合支付": "https://baike.baidu.com/item/%E7%AC%AC%E5%9B%9B%E6%96%B9%E6%94%AF%E4%BB%98"
   }
diff --git a/src/background/active-tab-tracker.ts b/src/background/active-tab-tracker.ts
new file mode 100644
index 00000000..303ac93b
--- /dev/null
+++ b/src/background/active-tab-tracker.ts
@@ -0,0 +1,62 @@
+import { isDetectablePageUrl } from '@/utils/page-support'
+import { isAgentBridgeTab } from './agent-bridge-tabs'
+
+const ACTIVE_TAB_PREFIX = 'agent-active-tab:'
+
+export interface ActiveTabRecord {
+  tabId: number
+  windowId: number
+  url: string
+  updatedAt: number
+}
+
+const keyForWindow = (windowId: number): string => `${ACTIVE_TAB_PREFIX}${windowId}`
+const clearRecordedActiveTab = async (windowId: number): Promise<void> => {
+  await chrome.storage.session.remove(keyForWindow(windowId))
+}
+
+const reportTrackerFailure = (): void => {
+  console.warn('StackPrism active tab tracker failed.')
+}
+
+export const recordActiveTab = async (tab: chrome.tabs.Tab): Promise<void> => {
+  if (typeof tab.id !== 'number' || typeof tab.windowId !== 'number') return
+  if (tab.incognito || !isDetectablePageUrl(tab.url)) {
+    if (isAgentBridgeTab(tab) || !tab.url) return
+    await clearRecordedActiveTab(tab.windowId)
+    return
+  }
+  await chrome.storage.session.set({
+    [keyForWindow(tab.windowId)]: {
+      tabId: tab.id,
+      windowId: tab.windowId,
+      url: tab.url || '',
+      updatedAt: Date.now()
+    } satisfies ActiveTabRecord
+  })
+}
+
+export const getPreviousActiveTab = async (windowId: number): Promise<ActiveTabRecord | null> => {
+  const stored = await chrome.storage.session.get(keyForWindow(windowId))
+  return stored[keyForWindow(windowId)] || null
+}
+
+export const registerActiveTabTracker = (): void => {
+  chrome.tabs.onActivated.addListener(async activeInfo => {
+    try {
+      await recordActiveTab(await chrome.tabs.get(activeInfo.tabId))
+    } catch {
+      reportTrackerFailure()
+    }
+  })
+  chrome.tabs.onUpdated.addListener(async (tabId, changeInfo, tab) => {
+    if (changeInfo.status !== 'complete' && !changeInfo.url) return
+    if (typeof tab.windowId !== 'number') return
+    try {
+      const previous = await getPreviousActiveTab(tab.windowId)
+      if (previous?.tabId === tabId || tab.active) await recordActiveTab(tab)
+    } catch {
+      reportTrackerFailure()
+    }
+  })
+}
diff --git a/src/background/agent-bridge-session.ts b/src/background/agent-bridge-session.ts
new file mode 100644
index 00000000..c7cfbab5
--- /dev/null
+++ b/src/background/agent-bridge-session.ts
@@ -0,0 +1,266 @@
+import {
+  AGENT_BRIDGE_CAPABILITIES,
+  REQUIRED_AGENT_BRIDGE_CAPABILITIES,
+  START_AGENT_CAPTURE_MESSAGE_FIELDS,
+  bridgeProtocolVersion,
+  validateProtocolIdentifier,
+  type AgentBridgeCapabilities,
+  type AgentBridgeError,
+  type AgentBridgeErrorCode,
+  type AgentBridgeHelloMessage,
+  type AgentCaptureControlMessage,
+  type StartAgentCaptureMessage
+} from '@/types/agent-bridge'
+import { assertStorageSessionAvailable } from './agent-capture-state'
+
+export const AGENT_BRIDGE_ENABLED_STORAGE_KEY = 'agentBridgeEnabled'
+export const SETTINGS_STORAGE_KEY = 'stackPrismSettings'
+const BRIDGE_SESSION_STORAGE_PREFIX = 'agent-bridge-session:'
+
+export interface BridgeSession {
+  tabId: number
+  windowId: number
+  bridgeOrigin: string
+  sessionId: string
+  captureId: string
+  nonce: string
+}
+
+const sessionsByTab = new Map<number, BridgeSession>()
+const sessionLocksByTab = new Map<number, Promise<void>>()
+const BRIDGE_QUERY_KINDS = {
+  session: 'sessionId',
+  capture: 'captureId',
+  nonce: 'nonce'
+} as const
+
+export const agentBridgeCapabilities: AgentBridgeCapabilities = Object.fromEntries(
+  AGENT_BRIDGE_CAPABILITIES.map(capability => [capability, true])
+) as AgentBridgeCapabilities
+
+export const getAgentBridgeCapabilities = (): AgentBridgeCapabilities => ({
+  ...agentBridgeCapabilities,
+  storageSession: assertStorageSessionAvailable().ok
+})
+
+export const makeAgentBridgeError = (
+  code: AgentBridgeErrorCode,
+  message: string,
+  details: Record<string, unknown> = {}
+): AgentBridgeError => ({ code, message, details })
+
+const findMissingRequiredCapability = (capabilities: Partial<AgentBridgeCapabilities> | null | undefined): string | null =>
+  REQUIRED_AGENT_BRIDGE_CAPABILITIES.find(capability => capabilities?.[capability] !== true) || null
+
+export const isRequiredCapabilitySetSupported = (capabilities: Partial<AgentBridgeCapabilities> | null | undefined): boolean =>
+  !findMissingRequiredCapability(capabilities)
+
+const parseRawBridgeQuery = (url: URL): { session: string; capture: string; nonce: string } | null => {
+  const raw = url.search.replace(/^\?/, '')
+  const parts = raw ? raw.split('&') : []
+  if (parts.length !== 3) return null
+  const values: Record<string, string> = {}
+  for (const part of parts) {
+    const separatorIndex = part.indexOf('=')
+    if (!part || separatorIndex <= 0 || part.indexOf('=', separatorIndex + 1) !== -1) return null
+    const name = part.slice(0, separatorIndex)
+    const value = part.slice(separatorIndex + 1)
+    const kind = BRIDGE_QUERY_KINDS[name as keyof typeof BRIDGE_QUERY_KINDS]
+    if (!kind || values[name] !== undefined || !validateProtocolIdentifier(kind, value)) return null
+    values[name] = value
+  }
+  return values.session && values.capture && values.nonce ? { session: values.session, capture: values.capture, nonce: values.nonce } : null
+}
+
+const parseBridgeSenderUrl = (value: unknown) => {
+  try {
+    const url = new URL(String(value || ''))
+    if (url.protocol !== 'http:' || url.hostname !== '127.0.0.1' || url.pathname !== '/bridge') return null
+    const query = parseRawBridgeQuery(url)
+    return query ? { url, query } : null
+  } catch {
+    return null
+  }
+}
+
+export const extractBridgeSenderSession = (
+  message: Pick<AgentBridgeHelloMessage, 'captureId' | 'sessionId' | 'nonce'>,
+  sender: chrome.runtime.MessageSender
+): { ok: true; session: BridgeSession } | { ok: false; error: AgentBridgeError } => {
+  const tabId = sender.tab?.id
+  const windowId = sender.tab?.windowId
+  if (!Number.isInteger(tabId) || !Number.isInteger(windowId)) {
+    return { ok: false, error: makeAgentBridgeError('INVALID_REQUEST', 'Agent bridge sender tab is missing.') }
+  }
+
+  const parsedUrl = parseBridgeSenderUrl(sender.url)
+  if (!parsedUrl) {
+    return { ok: false, error: makeAgentBridgeError('INVALID_REQUEST', 'Agent bridge sender URL is not a loopback bridge page.') }
+  }
+
+  const { url, query } = parsedUrl
+  const sessionId = query.session
+  const captureId = query.capture
+  const nonce = query.nonce
+  if (
+    !validateProtocolIdentifier('sessionId', sessionId) ||
+    !validateProtocolIdentifier('captureId', captureId) ||
+    !validateProtocolIdentifier('nonce', nonce) ||
+    sessionId !== message.sessionId ||
+    captureId !== message.captureId ||
+    nonce !== message.nonce
+  ) {
+    return { ok: false, error: makeAgentBridgeError('INVALID_REQUEST', 'Agent bridge sender URL does not match the message.') }
+  }
+
+  return { ok: true, session: { tabId: tabId!, windowId: windowId!, bridgeOrigin: url.origin, sessionId, captureId, nonce } }
+}
+
+const bridgeSessionStorageKey = (tabId: number): string => `${BRIDGE_SESSION_STORAGE_PREFIX}${tabId}`
+
+const sameBridgeSession = (a: BridgeSession, b: BridgeSession): boolean =>
+  a.tabId === b.tabId &&
+  a.windowId === b.windowId &&
+  a.bridgeOrigin === b.bridgeOrigin &&
+  a.sessionId === b.sessionId &&
+  a.captureId === b.captureId &&
+  a.nonce === b.nonce
+
+export const getBridgeSession = async (tabId: number): Promise<BridgeSession | null> => {
+  const cached = sessionsByTab.get(tabId)
+  if (cached) return cached
+  const stored = await chrome.storage.session.get(bridgeSessionStorageKey(tabId))
+  const session = stored[bridgeSessionStorageKey(tabId)] as BridgeSession | undefined
+  if (!session || session.tabId !== tabId) return null
+  sessionsByTab.set(tabId, session)
+  return session
+}
+
+const withBridgeSessionLock = async <T>(tabId: number, work: () => Promise<T>): Promise<T> => {
+  const previous = sessionLocksByTab.get(tabId) || Promise.resolve()
+  let release!: () => void
+  const current = new Promise<void>(resolve => {
+    release = resolve
+  })
+  const chained = previous.then(
+    () => current,
+    () => current
+  )
+  sessionLocksByTab.set(tabId, chained)
+  await previous.catch(() => {})
+  try {
+    return await work()
+  } finally {
+    release()
+    if (sessionLocksByTab.get(tabId) === chained) sessionLocksByTab.delete(tabId)
+  }
+}
+
+export const clearBridgeSession = async (tabId: number): Promise<void> => {
+  await withBridgeSessionLock(tabId, async () => {
+    sessionsByTab.delete(tabId)
+    await chrome.storage.session.remove(bridgeSessionStorageKey(tabId))
+  })
+}
+
+export const registerBridgeSession = async (session: BridgeSession): Promise<{ ok: true } | { ok: false; error: AgentBridgeError }> => {
+  return withBridgeSessionLock(session.tabId, async () => {
+    const existing = await getBridgeSession(session.tabId)
+    if (existing && !sameBridgeSession(existing, session)) {
+      return { ok: false, error: makeAgentBridgeError('INVALID_REQUEST', 'Agent bridge tab already has a different session.') }
+    }
+    sessionsByTab.set(session.tabId, session)
+    await chrome.storage.session.set({ [bridgeSessionStorageKey(session.tabId)]: session })
+    const stored = (await chrome.storage.session.get(bridgeSessionStorageKey(session.tabId)))[bridgeSessionStorageKey(session.tabId)]
+    if (!stored || !sameBridgeSession(stored as BridgeSession, session)) {
+      sessionsByTab.delete(session.tabId)
+      await chrome.storage.session.remove(bridgeSessionStorageKey(session.tabId))
+      return { ok: false, error: makeAgentBridgeError('INVALID_REQUEST', 'Agent bridge session could not be persisted.') }
+    }
+    return { ok: true }
+  })
+}
+
+export const loadAgentBridgeEnabled = async (): Promise<boolean> => {
+  try {
+    const local = await chrome.storage.local.get(SETTINGS_STORAGE_KEY)
+    const settings = local?.[SETTINGS_STORAGE_KEY] || {}
+    return settings?.[AGENT_BRIDGE_ENABLED_STORAGE_KEY] === true
+  } catch {
+    return false
+  }
+}
+
+export const handleAgentBridgeHello = async (message: AgentBridgeHelloMessage, sender: chrome.runtime.MessageSender) => {
+  if (message.protocolVersion !== bridgeProtocolVersion) {
+    return { ok: false, error: makeAgentBridgeError('BRIDGE_PROTOCOL_UNSUPPORTED', 'Agent bridge protocol version is unsupported.') }
+  }
+
+  const parsed = extractBridgeSenderSession(message, sender)
+  if (!parsed.ok) return { ok: false, error: parsed.error }
+
+  if (!(await loadAgentBridgeEnabled())) {
+    return { ok: false, error: makeAgentBridgeError('AGENT_BRIDGE_DISABLED', 'Agent Bridge is disabled in this browser profile.') }
+  }
+
+  const capabilities = getAgentBridgeCapabilities()
+  const missingCapability = findMissingRequiredCapability(capabilities)
+  if (missingCapability) {
+    return {
+      ok: false,
+      error: makeAgentBridgeError('NOT_SUPPORTED', 'Agent bridge required capabilities are unavailable.', { missingCapability })
+    }
+  }
+
+  const registered = await registerBridgeSession(parsed.session)
+  if (!registered.ok) return { ok: false, error: registered.error }
+
+  return {
+    ok: true,
+    data: {
+      extensionVersion: chrome.runtime.getManifest().version,
+      protocolVersion: bridgeProtocolVersion,
+      capabilities
+    }
+  }
+}
+
+export const validateRegisteredBridgeMessage = async (
+  message: Pick<AgentBridgeHelloMessage, 'captureId' | 'sessionId' | 'nonce'>,
+  sender: chrome.runtime.MessageSender
+): Promise<{ ok: true; session: BridgeSession } | { ok: false; error: AgentBridgeError }> => {
+  const parsed = extractBridgeSenderSession(message, sender)
+  if (!parsed.ok) return parsed
+  const registered = await getBridgeSession(parsed.session.tabId)
+  if (!registered || !sameBridgeSession(registered, parsed.session)) {
+    return { ok: false, error: makeAgentBridgeError('INVALID_REQUEST', 'Agent bridge session is not registered.') }
+  }
+  return { ok: true, session: registered }
+}
+
+export const validateStartAgentCaptureMessage = async (
+  message: StartAgentCaptureMessage & Record<string, unknown>,
+  sender: chrome.runtime.MessageSender
+): Promise<{ ok: true; session: BridgeSession } | { ok: false; error: AgentBridgeError }> => {
+  const validated = await validateRegisteredBridgeMessage(message, sender)
+  if (!validated.ok) return validated
+  if ('bridgeToken' in message || 'callbackUrl' in message || 'profile' in message) {
+    return { ok: false, error: makeAgentBridgeError('INVALID_REQUEST', 'Agent capture payload contains forbidden fields.') }
+  }
+  if (!Object.keys(message).every(key => (START_AGENT_CAPTURE_MESSAGE_FIELDS as readonly string[]).includes(key))) {
+    return { ok: false, error: makeAgentBridgeError('INVALID_REQUEST', 'Agent capture payload contains unknown fields.') }
+  }
+  const missingCapability = findMissingRequiredCapability(message.capabilities)
+  if (missingCapability) {
+    return {
+      ok: false,
+      error: makeAgentBridgeError('NOT_SUPPORTED', 'Agent bridge required capabilities are unavailable.', { missingCapability })
+    }
+  }
+  return validated
+}
+
+export const validateAgentCaptureControlMessage = validateRegisteredBridgeMessage as (
+  message: AgentCaptureControlMessage,
+  sender: chrome.runtime.MessageSender
+) => Promise<{ ok: true; session: BridgeSession } | { ok: false; error: AgentBridgeError }>
diff --git a/src/background/agent-bridge-tabs.ts b/src/background/agent-bridge-tabs.ts
new file mode 100644
index 00000000..f772437c
--- /dev/null
+++ b/src/background/agent-bridge-tabs.ts
@@ -0,0 +1,39 @@
+import { isAgentBridgePageUrl } from '@/utils/page-support'
+import { getBridgeSession } from './agent-bridge-session'
+
+export const isAgentBridgeTab = (tab: Pick<chrome.tabs.Tab, 'url' | 'pendingUrl'> | null | undefined): boolean =>
+  Boolean(tab && (isAgentBridgePageUrl(tab.url) || isAgentBridgePageUrl(tab.pendingUrl)))
+
+const parseLoopbackBridgeRequestUrl = (value: unknown): URL | null => {
+  try {
+    const url = new URL(String(value || ''))
+    if (url.protocol !== 'http:' || url.hostname !== '127.0.0.1') return null
+    return url
+  } catch {
+    return null
+  }
+}
+
+export const isAgentBridgeRequestUrl = (value: unknown, tab?: Pick<chrome.tabs.Tab, 'url' | 'pendingUrl'> | null): boolean => {
+  const url = parseLoopbackBridgeRequestUrl(value)
+  if (!url) return false
+  if (isAgentBridgePageUrl(value)) return true
+  return url.pathname.startsWith('/v1/captures/') && isAgentBridgeTab(tab)
+}
+
+export const isAgentBridgeRequestForTab = async (
+  value: unknown,
+  tabId: number,
+  tab?: Pick<chrome.tabs.Tab, 'url' | 'pendingUrl'> | null
+): Promise<boolean> => {
+  const url = parseLoopbackBridgeRequestUrl(value)
+  if (!url) return false
+  if (isAgentBridgePageUrl(value)) return true
+  if (!url.pathname.startsWith('/v1/captures/')) return false
+  if (isAgentBridgeTab(tab)) return true
+  const session = await getBridgeSession(tabId).catch(() => null)
+  return Boolean(session && session.bridgeOrigin === url.origin)
+}
+
+export const shouldIgnoreBridgeTabEvent = (tab: Pick<chrome.tabs.Tab, 'url' | 'pendingUrl'> | null | undefined): boolean =>
+  isAgentBridgeTab(tab)
diff --git a/src/background/agent-capture-common.ts b/src/background/agent-capture-common.ts
new file mode 100644
index 00000000..47f1cf41
--- /dev/null
+++ b/src/background/agent-capture-common.ts
@@ -0,0 +1,52 @@
+import type { AgentBridgeError, AgentProfileTransferAckMessage } from '@/types/agent-bridge'
+import { AGENT_BRIDGE_ERROR_CODES } from '@/types/agent-bridge'
+import type { AgentCaptureState } from './agent-capture-state'
+
+export const CAPTURE_DEADLINE_MS = 60000
+export const PROFILE_TRANSFER_DEADLINE_MS = 30000
+export const PROFILE_TRANSFER_PORT_READY_TIMEOUT_MS = 2000
+export const PROFILE_CHUNK_BYTES = 384 * 1024
+
+const knownErrorCodes = new Set<string>(AGENT_BRIDGE_ERROR_CODES)
+
+export const nonTerminalStatuses = new Set<AgentCaptureState['status']>(['queued', 'waiting_extension', 'running', 'cancel_requested'])
+export const runningStatuses = new Set<AgentCaptureState['status']>(['running'])
+
+export type AgentCaptureResponse = { ok: true; data: null } | { ok: false; error: AgentBridgeError }
+
+export type PendingProfileAck = {
+  resolve: (ack: AgentProfileTransferAckMessage) => void
+  reject: (error: Error) => void
+  timeout: ReturnType<typeof setTimeout>
+}
+
+export const makeAgentCaptureError = (
+  code: AgentBridgeError['code'],
+  message: string,
+  details: Record<string, unknown> = {}
+): AgentBridgeError => ({
+  code,
+  message,
+  details
+})
+
+export const captureKey = (captureId: string, sessionId: string, nonce: string): string => {
+  if (captureId.includes(':') || sessionId.includes(':') || nonce.includes(':')) throw new Error('INVALID_REQUEST')
+  return `${captureId}:${sessionId}:${nonce}`
+}
+
+export const profileAckKey = (message: {
+  captureId: string
+  sessionId: string
+  nonce: string
+  profileTransferId: string
+  chunkIndex?: number
+}): string => {
+  if (message.profileTransferId.includes(':')) throw new Error('INVALID_REQUEST')
+  return `${captureKey(message.captureId, message.sessionId, message.nonce)}:${message.profileTransferId}:${message.chunkIndex ?? 'meta'}`
+}
+
+export const mapCaughtErrorCode = (caught: unknown, fallback: AgentBridgeError['code']): AgentBridgeError['code'] => {
+  const message = caught instanceof Error ? caught.message : String(caught || '')
+  return knownErrorCodes.has(message) ? (message as AgentBridgeError['code']) : fallback
+}
diff --git a/src/background/agent-capture-failure.ts b/src/background/agent-capture-failure.ts
new file mode 100644
index 00000000..061704dd
--- /dev/null
+++ b/src/background/agent-capture-failure.ts
@@ -0,0 +1,60 @@
+import { removeAgentCaptureState, saveAgentCaptureState, type AgentCaptureState } from './agent-capture-state'
+import { clearProfileTransferPort } from './agent-capture-transfer'
+import { cleanupTarget, restoreOrdinaryDetectionForRetainedTarget } from './agent-capture-target'
+import { makeAgentCaptureError, nonTerminalStatuses } from './agent-capture-common'
+import { clearBridgeSession } from './agent-bridge-session'
+import { sanitizeLogDetails } from './logging'
+import type { AgentBridgeError } from '@/types/agent-bridge'
+
+export const reportCleanupFailure = (operation: string, caught: unknown): void => {
+  console.warn(
+    'StackPrism agent capture cleanup failed.',
+    sanitizeLogDetails({
+      operation,
+      errorName: caught instanceof Error ? caught.name : typeof caught
+    })
+  )
+}
+
+export type BridgeStatusPoster = (
+  state: AgentCaptureState,
+  status: AgentCaptureState['status'],
+  phase: AgentCaptureState['phase'],
+  extra?: Record<string, unknown>
+) => Promise<void>
+
+export const failAgentCaptureWithPoster = async (
+  state: AgentCaptureState,
+  code: AgentBridgeError['code'],
+  postCaptureStatusToBridge: BridgeStatusPoster,
+  message: string = code,
+  details: Record<string, unknown> = {},
+  notifyBridge = true
+): Promise<void> => {
+  if (!nonTerminalStatuses.has(state.status)) return
+  const failure = makeAgentCaptureError(code, message, details)
+  const failurePhase = state.phase
+  state.status = 'failed'
+  state.error = failure
+  state.updatedAt = Date.now()
+  try {
+    await saveAgentCaptureState(state).catch(caught => reportCleanupFailure('saveAgentCaptureState', caught))
+    try {
+      clearProfileTransferPort(state)
+    } catch (caught) {
+      reportCleanupFailure('clearProfileTransferPort', caught)
+    }
+    if (notifyBridge) {
+      await postCaptureStatusToBridge(state, 'failed', failurePhase, { error: failure }).catch(caught =>
+        reportCleanupFailure('postCaptureStatusToBridge', caught)
+      )
+    }
+    await cleanupTarget(state).catch(caught => reportCleanupFailure('cleanupTarget', caught))
+  } finally {
+    await removeAgentCaptureState(state.captureId).catch(caught => reportCleanupFailure('removeAgentCaptureState', caught))
+    await clearBridgeSession(state.bridgeTabId).catch(caught => reportCleanupFailure('clearBridgeSession', caught))
+    await restoreOrdinaryDetectionForRetainedTarget(state).catch(caught =>
+      reportCleanupFailure('restoreOrdinaryDetectionForRetainedTarget', caught)
+    )
+  }
+}
diff --git a/src/background/agent-capture-lifecycle.ts b/src/background/agent-capture-lifecycle.ts
new file mode 100644
index 00000000..87ae0a62
--- /dev/null
+++ b/src/background/agent-capture-lifecycle.ts
@@ -0,0 +1,59 @@
+import { clearBridgeSession } from './agent-bridge-session'
+import { getAgentCaptureState, removeAgentCaptureState, type AgentCaptureState } from './agent-capture-state'
+import { nonTerminalStatuses, runningStatuses } from './agent-capture-common'
+import { failAgentCaptureWithPoster, reportCleanupFailure } from './agent-capture-failure'
+import { postCaptureStatusToBridge } from './agent-capture-status'
+import { cleanupTarget, restoreOrdinaryDetectionForRetainedTarget } from './agent-capture-target'
+import { sanitizeLogDetails } from './logging'
+import type { AgentBridgeError } from '@/types/agent-bridge'
+
+const MAX_FAILURE_REASON_CHARS = 240
+
+export type CaptureFailureError = Error & { details?: Record<string, unknown> }
+
+export const sanitizeFailureReason = (caught: unknown): string => {
+  const rawReason = caught instanceof Error ? caught.message || caught.name : String(caught || '')
+  const sanitized = sanitizeLogDetails({ reason: rawReason }).reason
+  return String(sanitized || 'unknown').slice(0, MAX_FAILURE_REASON_CHARS)
+}
+
+export const makeCaptureFailureError = (code: AgentBridgeError['code'], caught?: unknown): CaptureFailureError => {
+  const error = new Error(code) as CaptureFailureError
+  if (caught !== undefined) error.details = { reason: sanitizeFailureReason(caught) }
+  return error
+}
+
+export const getCaptureFailureDetails = (caught: unknown): Record<string, unknown> => {
+  if (!(caught instanceof Error) || !('details' in caught)) return {}
+  const details = caught.details
+  return details && typeof details === 'object' && !Array.isArray(details) ? (details as Record<string, unknown>) : {}
+}
+
+export const shouldContinueCapture = async (state: AgentCaptureState): Promise<boolean> => {
+  const latest = await getAgentCaptureState(state.captureId)
+  return Boolean(latest && runningStatuses.has(latest.status))
+}
+
+export const cleanupTargetAndReport = async (state: AgentCaptureState): Promise<void> => {
+  await cleanupTarget(state).catch(caught => reportCleanupFailure('cleanupTarget', caught))
+}
+
+export const cleanupStoredCaptureAndSession = async (state: AgentCaptureState): Promise<void> => {
+  await removeAgentCaptureState(state.captureId).catch(caught => reportCleanupFailure('removeAgentCaptureState', caught))
+  await clearBridgeSession(state.bridgeTabId).catch(caught => reportCleanupFailure('clearBridgeSession', caught))
+  await restoreOrdinaryDetectionForRetainedTarget(state).catch(caught =>
+    reportCleanupFailure('restoreOrdinaryDetectionForRetainedTarget', caught)
+  )
+}
+
+export const failAgentCapture = async (
+  state: AgentCaptureState,
+  code: AgentBridgeError['code'],
+  message: string = code,
+  details: Record<string, unknown> = {},
+  notifyBridge = true
+): Promise<void> => {
+  const latest = await getAgentCaptureState(state.captureId)
+  if (!latest || !nonTerminalStatuses.has(latest.status)) return
+  await failAgentCaptureWithPoster(latest, code, postCaptureStatusToBridge, message, details, notifyBridge)
+}
diff --git a/src/background/agent-capture-network.ts b/src/background/agent-capture-network.ts
new file mode 100644
index 00000000..8e194845
--- /dev/null
+++ b/src/background/agent-capture-network.ts
@@ -0,0 +1,183 @@
+import { makeAgentCaptureError, nonTerminalStatuses } from './agent-capture-common'
+import {
+  getAgentCaptureState,
+  listAgentCaptureIds,
+  saveAgentCaptureState,
+  type AgentCaptureNetworkEvidence,
+  type AgentCaptureState
+} from './agent-capture-state'
+import { normalizeComparableUrl } from './agent-capture-request'
+import type { AgentBridgeError, AgentCaptureRequest } from '@/types/agent-bridge'
+import { isPrivateNetworkAddress, isProxyReservedNetworkAddress } from '@/utils/network-address-policy'
+
+const TARGET_NETWORK_WAIT_MS = 1000
+const TARGET_NETWORK_POLL_MS = 25
+const NETWORK_EVIDENCE_CAPTURE_RACE_GRACE_MS = 5000
+let networkObserverTarget: unknown = null
+const tabNetworkEvidence = new Map<number, AgentCaptureNetworkEvidence>()
+
+export interface AgentCaptureNetworkPolicy {
+  allowAllNetworkTargets?: boolean
+}
+
+const isMainFrameResponse = (details: chrome.webRequest.WebResponseCacheDetails): boolean =>
+  details.tabId >= 0 && details.type === 'main_frame' && Boolean(normalizeComparableUrl(details.url))
+
+const findCaptureStatesForTab = async (tabId: number): Promise<AgentCaptureState[]> => {
+  const states = await Promise.all((await listAgentCaptureIds()).map(getAgentCaptureState))
+  return states.filter((state): state is AgentCaptureState =>
+    Boolean(state && state.targetTabId === tabId && nonTerminalStatuses.has(state.status))
+  )
+}
+
+const toNetworkEvidence = (details: chrome.webRequest.WebResponseCacheDetails): AgentCaptureNetworkEvidence => ({
+  url: normalizeComparableUrl(details.url),
+  ip: typeof details.ip === 'string' && details.ip.trim() ? details.ip.trim() : undefined,
+  fromCache: details.fromCache === true,
+  observedAt: Date.now()
+})
+
+const isFreshNetworkEvidence = (state: AgentCaptureState, evidence: AgentCaptureNetworkEvidence | undefined): boolean =>
+  Boolean(
+    evidence &&
+      Number.isFinite(evidence.observedAt) &&
+      evidence.observedAt >= (state.targetNetworkObservedAfter ?? state.startedAt)
+  )
+
+const saveFreshNetworkEvidence = async (state: AgentCaptureState, evidence: AgentCaptureNetworkEvidence): Promise<void> => {
+  const latest = await getAgentCaptureState(state.captureId)
+  if (!latest || latest.targetTabId !== state.targetTabId || !nonTerminalStatuses.has(latest.status)) return
+  if (!isFreshNetworkEvidence(latest, evidence)) return
+  const current = (await getAgentCaptureState(state.captureId)) || latest
+  if (current.targetTabId !== state.targetTabId || !nonTerminalStatuses.has(current.status)) return
+  if (!isFreshNetworkEvidence(current, evidence)) return
+  current.targetNetwork = evidence
+  current.updatedAt = Date.now()
+  await saveAgentCaptureState(current)
+}
+
+export const recordAgentCaptureNetworkResponse = async (details: chrome.webRequest.WebResponseCacheDetails): Promise<void> => {
+  if (!isMainFrameResponse(details)) return
+  const evidence = toNetworkEvidence(details)
+  tabNetworkEvidence.set(details.tabId, evidence)
+  for (const state of await findCaptureStatesForTab(details.tabId)) {
+    await saveFreshNetworkEvidence(state, evidence)
+  }
+}
+
+export const clearAgentCaptureNetworkEvidence = (tabId: number): void => {
+  tabNetworkEvidence.delete(tabId)
+}
+
+export const clearStaleAgentCaptureNetworkEvidence = async (tabId: number): Promise<void> => {
+  const evidence = tabNetworkEvidence.get(tabId)
+  if (!evidence) return
+  const activeStates = await findCaptureStatesForTab(tabId)
+  if (activeStates.some(state => isFreshNetworkEvidence(state, evidence))) return
+  if (Date.now() - evidence.observedAt < NETWORK_EVIDENCE_CAPTURE_RACE_GRACE_MS) return
+  tabNetworkEvidence.delete(tabId)
+}
+
+export const registerAgentCaptureNetworkObserver = (onError: (tabId: number, error: unknown) => void): void => {
+  const responseStarted = chrome.webRequest?.onResponseStarted
+  if (networkObserverTarget === responseStarted) return
+  if (!responseStarted?.addListener) {
+    networkObserverTarget = null
+    return
+  }
+  networkObserverTarget = responseStarted
+  responseStarted.addListener(
+    details => {
+      recordAgentCaptureNetworkResponse(details).catch(error => onError(details.tabId, error))
+    },
+    { urls: ['http://*/*', 'https://*/*'] }
+  )
+}
+
+const networkBlockedError = (details: Record<string, unknown>): AgentBridgeError =>
+  makeAgentCaptureError('PRIVATE_NETWORK_TARGET_BLOCKED', 'Private network targets are disabled.', details)
+
+const finalUrlBlockedError = (details: Record<string, unknown>): AgentBridgeError =>
+  makeAgentCaptureError('FINAL_URL_BLOCKED', 'Final URL blocked.', details)
+
+const isCurrentNetworkEvidence = (state: AgentCaptureState): boolean => {
+  const finalUrl = normalizeComparableUrl(state.finalUrl)
+  return Boolean(finalUrl && isFreshNetworkEvidence(state, state.targetNetwork) && normalizeComparableUrl(state.targetNetwork?.url) === finalUrl)
+}
+
+const isIpLiteral = (value: string): boolean => {
+  const host = value.replace(/^\[|\]$/g, '')
+  return /^(?:\d{1,3}\.){3}\d{1,3}$/.test(host) || host.includes(':')
+}
+
+const canUseProxyReservedAddress = (state: AgentCaptureState, ip: string): boolean => {
+  if (!isProxyReservedNetworkAddress(ip)) return false
+  try {
+    const finalUrl = new URL(state.finalUrl || '')
+    return !isIpLiteral(finalUrl.hostname) && !isPrivateNetworkAddress(finalUrl.hostname)
+  } catch {
+    return false
+  }
+}
+
+const isLocalhostTarget = (hostname: string): boolean => hostname.toLowerCase().replace(/\.$/, '') === 'localhost'
+
+const isPrivateFinalUrl = (state: AgentCaptureState): boolean => {
+  try {
+    const finalUrl = new URL(state.finalUrl || '')
+    return isLocalhostTarget(finalUrl.hostname) || isPrivateNetworkAddress(finalUrl.hostname)
+  } catch {
+    return false
+  }
+}
+
+const wait = (ms: number): Promise<void> => new Promise(resolve => setTimeout(resolve, ms))
+
+const mergeWaitContext = (latest: AgentCaptureState, base: AgentCaptureState): AgentCaptureState => {
+  if (!latest.finalUrl && base.finalUrl) latest.finalUrl = base.finalUrl
+  if (typeof latest.targetNetworkObservedAfter !== 'number' && typeof base.targetNetworkObservedAfter === 'number') {
+    latest.targetNetworkObservedAfter = base.targetNetworkObservedAfter
+  }
+  return latest
+}
+
+export const waitForAgentCaptureNetworkEvidence = async (state: AgentCaptureState): Promise<AgentCaptureState> => {
+  if (!isNetworkObserverActive()) return state
+  const deadline = Date.now() + TARGET_NETWORK_WAIT_MS
+  while (Date.now() < deadline) {
+    const stored = await getAgentCaptureState(state.captureId)
+    const latest = stored ? mergeWaitContext(stored, state) : null
+    if (!latest) return state
+    if (isCurrentNetworkEvidence(latest)) return latest
+    const observed = typeof latest.targetTabId === 'number' ? tabNetworkEvidence.get(latest.targetTabId) : undefined
+    if (isFreshNetworkEvidence(latest, observed) && normalizeComparableUrl(observed?.url) === normalizeComparableUrl(latest.finalUrl)) {
+      latest.targetNetwork = observed
+      await saveAgentCaptureState(latest)
+      return latest
+    }
+    await wait(TARGET_NETWORK_POLL_MS)
+  }
+  const latest = await getAgentCaptureState(state.captureId)
+  return latest ? mergeWaitContext(latest, state) : state
+}
+
+export const validateAgentCaptureNetwork = (
+  state: AgentCaptureState,
+  request: AgentCaptureRequest,
+  policy: AgentCaptureNetworkPolicy = {}
+): AgentBridgeError | null => {
+  if (request.options.allowPrivateNetworkTarget && policy.allowAllNetworkTargets) return null
+  if (isPrivateFinalUrl(state)) {
+    return finalUrlBlockedError({ reason: 'private_network_address', finalUrl: state.finalUrl })
+  }
+  if (!isNetworkObserverActive()) return null
+  const targetNetwork = isCurrentNetworkEvidence(state) ? state.targetNetwork : undefined
+  if (!targetNetwork?.ip) return null
+  if (isPrivateNetworkAddress(targetNetwork.ip) && !canUseProxyReservedAddress(state, targetNetwork.ip)) {
+    return networkBlockedError({ reason: 'private_network_address', address: targetNetwork.ip })
+  }
+  return null
+}
+
+const isNetworkObserverActive = (): boolean =>
+  Boolean(networkObserverTarget) && networkObserverTarget === chrome.webRequest?.onResponseStarted
diff --git a/src/background/agent-capture-request.ts b/src/background/agent-capture-request.ts
new file mode 100644
index 00000000..d4d97029
--- /dev/null
+++ b/src/background/agent-capture-request.ts
@@ -0,0 +1,115 @@
+import type {
+  AgentBridgeError,
+  AgentCaptureInclude,
+  AgentCaptureOptions,
+  AgentCaptureRequest,
+  AgentCaptureTargetMode,
+  AgentCaptureViewport
+} from '@/types/agent-bridge'
+import { bridgeProtocolVersion } from '@/types/agent-bridge'
+
+const includeOrder: AgentCaptureInclude[] = ['tech', 'visual', 'layout', 'components', 'interaction', 'ux', 'assets']
+const allowedIncludes = new Set<AgentCaptureInclude>(includeOrder)
+const allowedTargetModes = new Set<AgentCaptureTargetMode>(['reuse_or_new_tab', 'new_tab', 'active_tab'])
+const requestKeys = ['url', 'mode', 'waitMs', 'include', 'viewports', 'options', 'protocolVersion']
+const viewportKeys = ['name', 'width', 'height', 'deviceScaleFactor']
+const optionKeys = [
+  'forceRefresh',
+  'captureScreenshotMetadata',
+  'captureScreenshot',
+  'keepTabOpen',
+  'allowPrivateNetworkTarget',
+  'targetMode',
+  'maxResourceUrls'
+]
+const booleanOptionKeys = ['forceRefresh', 'captureScreenshotMetadata', 'keepTabOpen', 'allowPrivateNetworkTarget']
+
+const error = (code: AgentBridgeError['code'], message: string, details: Record<string, unknown> = {}): AgentBridgeError => ({
+  code,
+  message,
+  details
+})
+
+const hasOnlyKeys = (value: Record<string, unknown>, keys: string[]): boolean => Object.keys(value).every(key => keys.includes(key))
+const isViewportName = (value: unknown): boolean =>
+  value === undefined || (typeof value === 'string' && /^[A-Za-z0-9_-]{1,32}$/.test(value))
+
+export const normalizeComparableUrl = (value: unknown): string => {
+  try {
+    const url = new URL(String(value || '').trim())
+    if (!/^https?:$/.test(url.protocol)) return ''
+    if (url.username || url.password) return ''
+    url.protocol = url.protocol.toLowerCase()
+    url.hostname = url.hostname.toLowerCase()
+    url.hash = ''
+    if (!url.pathname) url.pathname = '/'
+    return url.toString()
+  } catch {
+    return ''
+  }
+}
+
+const validateViewports = (viewports: unknown): viewports is AgentCaptureViewport[] =>
+  Array.isArray(viewports) &&
+  viewports.length <= 3 &&
+  viewports.every(
+    viewport =>
+      viewport &&
+      typeof viewport === 'object' &&
+      hasOnlyKeys(viewport as Record<string, unknown>, viewportKeys) &&
+      isViewportName((viewport as Record<string, unknown>).name) &&
+      Number.isInteger((viewport as AgentCaptureViewport).width) &&
+      Number.isInteger((viewport as AgentCaptureViewport).height) &&
+      Number((viewport as AgentCaptureViewport).width) >= 320 &&
+      Number((viewport as AgentCaptureViewport).width) <= 3840 &&
+      Number((viewport as AgentCaptureViewport).height) >= 320 &&
+      Number((viewport as AgentCaptureViewport).height) <= 2160 &&
+      typeof (viewport as AgentCaptureViewport).deviceScaleFactor === 'number' &&
+      Number.isFinite((viewport as AgentCaptureViewport).deviceScaleFactor) &&
+      (viewport as AgentCaptureViewport).deviceScaleFactor >= 1 &&
+      (viewport as AgentCaptureViewport).deviceScaleFactor <= 4
+  )
+
+const validateOptions = (options: AgentCaptureOptions & Record<string, unknown>): boolean =>
+  Boolean(options) &&
+  hasOnlyKeys(options, optionKeys) &&
+  booleanOptionKeys.every(key => typeof options[key] === 'boolean') &&
+  (options.captureScreenshot === undefined || typeof options.captureScreenshot === 'boolean') &&
+  allowedTargetModes.has(options.targetMode) &&
+  Number.isInteger(options.maxResourceUrls) &&
+  options.maxResourceUrls >= 0 &&
+  options.maxResourceUrls <= 1000
+
+export const validateAgentCaptureRequest = (
+  request: AgentCaptureRequest
+): { ok: true; request: AgentCaptureRequest } | { ok: false; error: AgentBridgeError } => {
+  if (!request || typeof request !== 'object' || !hasOnlyKeys(request as unknown as Record<string, unknown>, requestKeys)) {
+    return { ok: false, error: error('INVALID_REQUEST', 'Capture request contains unknown fields.') }
+  }
+  if (request.protocolVersion !== bridgeProtocolVersion) {
+    return { ok: false, error: error('BRIDGE_PROTOCOL_UNSUPPORTED', 'Capture request protocol version is unsupported.') }
+  }
+  if (request.mode !== 'experience') return { ok: false, error: error('INVALID_REQUEST', 'Unsupported capture mode.') }
+
+  const url = normalizeComparableUrl(request.url)
+  if (!url || url.length > 4096) return { ok: false, error: error('INVALID_REQUEST', 'Target URL is invalid.') }
+  if (!Array.isArray(request.include) || !request.include.length || request.include.some(item => !allowedIncludes.has(item))) {
+    return { ok: false, error: error('INVALID_REQUEST', 'Capture include sections are invalid.') }
+  }
+  if (!Number.isInteger(request.waitMs) || request.waitMs < 0 || request.waitMs > 30000) {
+    return { ok: false, error: error('INVALID_REQUEST', 'Capture waitMs is invalid.') }
+  }
+  if (!validateViewports(request.viewports)) return { ok: false, error: error('INVALID_REQUEST', 'Capture viewports are invalid.') }
+  if (!validateOptions(request.options as AgentCaptureOptions & Record<string, unknown>)) {
+    return { ok: false, error: error('INVALID_REQUEST', 'Capture options are invalid.') }
+  }
+  return {
+    ok: true,
+    request: {
+      ...request,
+      url,
+      include: includeOrder.filter(item => request.include.includes(item)),
+      options: { ...request.options, captureScreenshot: request.options.captureScreenshot === true }
+    }
+  }
+}
diff --git a/src/background/agent-capture-runner.ts b/src/background/agent-capture-runner.ts
new file mode 100644
index 00000000..e992ac1d
--- /dev/null
+++ b/src/background/agent-capture-runner.ts
@@ -0,0 +1,212 @@
+import type { AgentBridgeCapabilities, AgentCaptureRequest } from '@/types/agent-bridge'
+import { buildSiteExperienceProfile } from '@/utils/site-experience-profile'
+import { isDetectablePageUrl } from '@/utils/page-support'
+import { normalizeComparableUrl } from './agent-capture-request'
+import { PROFILE_TRANSFER_DEADLINE_MS, mapCaughtErrorCode } from './agent-capture-common'
+import type { AgentCaptureState } from './agent-capture-state'
+import { getAgentCaptureState, saveAgentCaptureState } from './agent-capture-state'
+import {
+  captureVisibleViewportScreenshot,
+  cleanForCapture,
+  executeExperienceProfiler,
+  getAgentCaptureUserAgent,
+  getExtensionVersion,
+  reloadTargetTabBypassingCache,
+  waitForTargetTabLoaded
+} from './agent-capture-target'
+import { validateAgentCaptureNetwork, waitForAgentCaptureNetworkEvidence } from './agent-capture-network'
+import { clearProfileTransferPort, sendProfileToBridge } from './agent-capture-transfer'
+import { postCaptureStatusToBridge } from './agent-capture-status'
+import {
+  cleanupStoredCaptureAndSession,
+  cleanupTargetAndReport,
+  failAgentCapture,
+  getCaptureFailureDetails,
+  makeCaptureFailureError,
+  shouldContinueCapture
+} from './agent-capture-lifecycle'
+import { runAgentPageDetection } from './detection'
+import { loadDetectorSettings } from './detector-settings'
+import { buildPopupRawResult } from './popup-cache'
+import { getTabData, getTabSnapshot } from './tab-store'
+
+const MAX_WAIT_MS = 30000
+
+const waitForRequestDelay = async (waitMs: number): Promise<void> => {
+  if (waitMs > 0) await new Promise(resolve => setTimeout(resolve, Math.min(waitMs, MAX_WAIT_MS)))
+}
+
+const loadTargetTab = async (state: AgentCaptureState, request: AgentCaptureRequest): Promise<chrome.tabs.Tab> => {
+  if (!state.targetTabId) throw new Error('TARGET_TAB_CLOSED')
+  if (!request.options.forceRefresh) return waitForTargetTabLoaded(state.targetTabId, state.deadlineAt)
+  if (state.createdByCapture) await waitForTargetTabLoaded(state.targetTabId, state.deadlineAt)
+  state.targetNetwork = undefined
+  state.targetNetworkObservedAfter = Date.now()
+  state.updatedAt = state.targetNetworkObservedAfter
+  await saveAgentCaptureState(state)
+  return reloadTargetTabBypassingCache(state.targetTabId, state.deadlineAt)
+}
+
+const markTargetLoaded = async (state: AgentCaptureState, loadedTab: chrome.tabs.Tab): Promise<{ state: AgentCaptureState; finalUrl: string }> => {
+  const finalUrl = normalizeComparableUrl(loadedTab.url || '')
+  if (!finalUrl || !isDetectablePageUrl(finalUrl)) throw new Error('FINAL_URL_BLOCKED')
+  state.finalUrl = finalUrl
+  state.phase = 'target_loaded'
+  state.updatedAt = Date.now()
+  await saveAgentCaptureState(state)
+  return { state: (await getAgentCaptureState(state.captureId)) || state, finalUrl }
+}
+
+type NetworkPolicyResult =
+  | { ok: true; state: AgentCaptureState; settings: Awaited<ReturnType<typeof loadDetectorSettings>> }
+  | { ok: false }
+
+const verifyNetworkPolicy = async (state: AgentCaptureState, request: AgentCaptureRequest): Promise<NetworkPolicyResult> => {
+  const latestState = await waitForAgentCaptureNetworkEvidence(state)
+  if (latestState.finalUrl !== state.finalUrl || latestState.phase !== state.phase) {
+    latestState.finalUrl = state.finalUrl || latestState.finalUrl
+    latestState.phase = state.phase
+    latestState.updatedAt = Date.now()
+    await saveAgentCaptureState(latestState)
+  }
+  const settings = await loadDetectorSettings()
+  const networkError = validateAgentCaptureNetwork(latestState, request, {
+    allowAllNetworkTargets: settings.agentBridgeAllowAllNetworkTargets === true
+  })
+  if (!networkError) return { ok: true, state: latestState, settings }
+  await failAgentCapture(latestState, networkError.code, networkError.message, networkError.details || {})
+  return { ok: false }
+}
+
+const notifyTargetLoaded = async (state: AgentCaptureState, finalUrl: string): Promise<void> => {
+  await postCaptureStatusToBridge(state, 'running', 'target_loaded', {
+    finalUrl,
+    targetNetworkAddress: state.targetNetwork?.ip,
+    targetNetworkFromCache: state.targetNetwork?.fromCache
+  })
+}
+
+const markAndNotifyPhase = async (state: AgentCaptureState, phase: AgentCaptureState['phase']): Promise<void> => {
+  state.phase = phase
+  state.updatedAt = Date.now()
+  await saveAgentCaptureState(state)
+  await postCaptureStatusToBridge(state, 'running', phase)
+}
+
+const collectTechProfileInput = async (targetTabId: number, settings: Awaited<ReturnType<typeof loadDetectorSettings>>) => {
+  const [data, tab] = await Promise.all([getTabData(targetTabId), getTabSnapshot(targetTabId)])
+  return buildPopupRawResult(data, settings, tab)
+}
+
+const collectExperienceProfileInput = async (targetTabId: number, request: AgentCaptureRequest): Promise<unknown> =>
+  executeExperienceProfiler(targetTabId, {
+    captureScreenshotMetadata: request.options.captureScreenshotMetadata
+  })
+
+const collectProfileInputs = async (
+  state: AgentCaptureState,
+  request: AgentCaptureRequest,
+  targetTabId: number,
+  settings: Awaited<ReturnType<typeof loadDetectorSettings>>
+) => {
+  const shouldRunTech = request.include.includes('tech')
+  const shouldRunExperience = request.include.some(section => section !== 'tech')
+  if (request.options.forceRefresh) await cleanForCapture(targetTabId)
+  if (!(await shouldContinueCapture(state))) return null
+  if (shouldRunTech) {
+    await markAndNotifyPhase(state, 'detecting_tech')
+    try {
+      await runAgentPageDetection(targetTabId, state.deadlineAt)
+    } catch (caught) {
+      throw makeCaptureFailureError(mapCaughtErrorCode(caught, 'TARGET_INJECTION_FAILED'), caught)
+    }
+  }
+  await waitForRequestDelay(request.waitMs)
+  if (!(await shouldContinueCapture(state))) return null
+  let experience = null
+  if (shouldRunExperience) {
+    await markAndNotifyPhase(state, 'profiling_experience')
+    try {
+      experience = await collectExperienceProfileInput(targetTabId, request)
+    } catch (caught) {
+      throw makeCaptureFailureError('TARGET_INJECTION_FAILED', caught)
+    }
+  }
+  const raw = shouldRunTech ? await collectTechProfileInput(targetTabId, settings) : null
+  return { raw, experience }
+}
+
+const captureOptionalScreenshot = async (state: AgentCaptureState, request: AgentCaptureRequest) => {
+  if (!request.options.captureScreenshot || !request.include.includes('visual')) return { screenshot: null, limitations: [] }
+  return captureVisibleViewportScreenshot(state.targetTabId!, state.targetWindowId || state.bridgeWindowId, state.bridgeTabId)
+}
+
+const buildProfile = async (
+  state: AgentCaptureState,
+  request: AgentCaptureRequest,
+  capabilities: AgentBridgeCapabilities,
+  finalUrl: string,
+  inputs: { raw: Awaited<ReturnType<typeof collectTechProfileInput>> | null; experience: unknown }
+) => {
+  const screenshotResult = await captureOptionalScreenshot(state, request)
+  if (!(await shouldContinueCapture(state))) return null
+  return buildSiteExperienceProfile({
+    captureId: state.captureId,
+    request,
+    raw: inputs.raw,
+    experience: inputs.experience,
+    capabilities,
+    screenshot: screenshotResult.screenshot,
+    limitations: screenshotResult.limitations,
+    finalUrl,
+    userAgent: getAgentCaptureUserAgent(),
+    extensionVersion: getExtensionVersion(),
+    capturedAt: new Date().toISOString(),
+    pageSupported: true
+  })
+}
+
+const postProfile = async (state: AgentCaptureState, profile: ReturnType<typeof buildSiteExperienceProfile>): Promise<void> => {
+  state.phase = 'posting_profile'
+  state.profileTransferDeadlineAt = Date.now() + PROFILE_TRANSFER_DEADLINE_MS
+  await saveAgentCaptureState(state)
+  if (!(await shouldContinueCapture(state))) return
+  await sendProfileToBridge(state, profile)
+  state.status = 'completed'
+  state.phase = 'cleanup'
+  state.updatedAt = Date.now()
+  await saveAgentCaptureState(state)
+  clearProfileTransferPort(state)
+}
+
+export const runCapture = async (
+  state: AgentCaptureState,
+  request: AgentCaptureRequest,
+  capabilities: AgentBridgeCapabilities
+): Promise<void> => {
+  try {
+    const loadedTab = await loadTargetTab(state, request)
+    if (!(await shouldContinueCapture(state))) return
+    const targetTabId = loadedTab.id ?? state.targetTabId
+    if (!targetTabId) throw new Error('TARGET_TAB_CLOSED')
+    const loadedTarget = await markTargetLoaded(state, loadedTab)
+    state = loadedTarget.state
+    const finalUrl = loadedTarget.finalUrl
+    const networkPolicy = await verifyNetworkPolicy(state, request)
+    if (!networkPolicy.ok) return
+    state = networkPolicy.state
+    await notifyTargetLoaded(state, finalUrl)
+
+    const inputs = await collectProfileInputs(state, request, targetTabId, networkPolicy.settings)
+    if (!inputs) return
+    const profile = await buildProfile(state, request, capabilities, finalUrl, inputs)
+    if (!profile) return
+    await postProfile(state, profile)
+  } catch (caught) {
+    const code = mapCaughtErrorCode(caught, 'PROFILE_TRANSPORT_FAILED')
+    await failAgentCapture(state, code, code, getCaptureFailureDetails(caught))
+    return
+  }
+  await cleanupTargetAndReport(state)
+  await cleanupStoredCaptureAndSession(state)
+}
diff --git a/src/background/agent-capture-state.ts b/src/background/agent-capture-state.ts
new file mode 100644
index 00000000..e4a8a6db
--- /dev/null
+++ b/src/background/agent-capture-state.ts
@@ -0,0 +1,228 @@
+import type { AgentBridgeError, AgentCapturePhase, AgentCaptureStatus } from '@/types/agent-bridge'
+import { logBackgroundError } from './logging'
+
+export const AGENT_CAPTURE_STATE_PREFIX = 'agent-capture:'
+export const AGENT_CAPTURE_INDEX_KEY = 'agent-capture:index'
+
+let stateIndexMutation: Promise<void> = Promise.resolve()
+
+const captureStatuses = new Set<AgentCaptureStatus>([
+  'queued',
+  'waiting_extension',
+  'running',
+  'cancel_requested',
+  'cancelled',
+  'completed',
+  'failed',
+  'expired'
+])
+const capturePhases = new Set<AgentCapturePhase>([
+  'bridge_connected',
+  'request_loaded',
+  'target_opening',
+  'target_loaded',
+  'detecting_tech',
+  'profiling_experience',
+  'posting_profile',
+  'cleanup'
+])
+
+export interface AgentCaptureState {
+  captureId: string
+  sessionId: string
+  nonce: string
+  bridgeOrigin: string
+  bridgeUrl: string
+  bridgeTabId: number
+  bridgeWindowId: number
+  targetTabId?: number
+  targetWindowId?: number
+  targetUrl: string
+  finalUrl?: string
+  targetMode: string
+  createdByCapture: boolean
+  keepTabOpen: boolean
+  phase: string
+  status: AgentCaptureStatus
+  startedAt: number
+  targetNetworkObservedAfter?: number
+  updatedAt: number
+  deadlineAt: number
+  cancelDeadlineAt?: number
+  profileTransferDeadlineAt?: number
+  error?: AgentBridgeError
+  targetNetwork?: AgentCaptureNetworkEvidence
+}
+
+export interface AgentCaptureNetworkEvidence {
+  url: string
+  ip?: string
+  fromCache: boolean
+  observedAt: number
+}
+
+export const agentCaptureStateKey = (captureId: string): string => `${AGENT_CAPTURE_STATE_PREFIX}${captureId}`
+
+const isRecord = (value: unknown): value is Record<string, unknown> => Boolean(value) && typeof value === 'object' && !Array.isArray(value)
+
+const isFiniteNumber = (value: unknown): value is number => typeof value === 'number' && Number.isFinite(value)
+
+const isOptionalFiniteNumber = (value: unknown): value is number | undefined => value === undefined || isFiniteNumber(value)
+
+const isStoredNetworkEvidence = (value: unknown): value is AgentCaptureNetworkEvidence => {
+  if (value === undefined) return true
+  if (!isRecord(value)) return false
+  return (
+    typeof value.url === 'string' &&
+    (value.ip === undefined || typeof value.ip === 'string') &&
+    typeof value.fromCache === 'boolean' &&
+    isFiniteNumber(value.observedAt)
+  )
+}
+
+const isStoredAgentCaptureState = (value: unknown, captureId: string): value is AgentCaptureState => {
+  if (!isRecord(value)) return false
+  return (
+    value.captureId === captureId &&
+    typeof value.sessionId === 'string' &&
+    typeof value.nonce === 'string' &&
+    typeof value.bridgeOrigin === 'string' &&
+    typeof value.bridgeUrl === 'string' &&
+    isFiniteNumber(value.bridgeTabId) &&
+    isFiniteNumber(value.bridgeWindowId) &&
+    isOptionalFiniteNumber(value.targetTabId) &&
+    isOptionalFiniteNumber(value.targetWindowId) &&
+    typeof value.targetUrl === 'string' &&
+    typeof value.targetMode === 'string' &&
+    typeof value.createdByCapture === 'boolean' &&
+    typeof value.keepTabOpen === 'boolean' &&
+    typeof value.phase === 'string' &&
+    capturePhases.has(value.phase as AgentCapturePhase) &&
+    typeof value.status === 'string' &&
+    captureStatuses.has(value.status as AgentCaptureStatus) &&
+    isFiniteNumber(value.startedAt) &&
+    isOptionalFiniteNumber(value.targetNetworkObservedAfter) &&
+    isFiniteNumber(value.updatedAt) &&
+    isFiniteNumber(value.deadlineAt) &&
+    isOptionalFiniteNumber(value.cancelDeadlineAt) &&
+    isOptionalFiniteNumber(value.profileTransferDeadlineAt) &&
+    isStoredNetworkEvidence(value.targetNetwork)
+  )
+}
+
+const withStateIndexMutation = async (task: () => Promise<void>): Promise<void> => {
+  const run = stateIndexMutation.then(task, task)
+  const next = run.catch(() => {})
+  stateIndexMutation = next
+  next.finally(() => {
+    if (stateIndexMutation === next) stateIndexMutation = Promise.resolve()
+  })
+  return run
+}
+
+export const listAgentCaptureIds = async (): Promise<string[]> => {
+  const stored = await chrome.storage.session.get(AGENT_CAPTURE_INDEX_KEY)
+  return Array.isArray(stored[AGENT_CAPTURE_INDEX_KEY]) ? stored[AGENT_CAPTURE_INDEX_KEY] : []
+}
+
+export const getAgentCaptureState = async (captureId: string): Promise<AgentCaptureState | null> => {
+  const key = agentCaptureStateKey(captureId)
+  const stored = await chrome.storage.session.get(key)
+  const value = stored[key]
+  if (!value) return null
+  if (isStoredAgentCaptureState(value, captureId)) return value
+  await removeAgentCaptureState(captureId)
+  return null
+}
+
+export const saveAgentCaptureState = async (state: AgentCaptureState): Promise<void> => {
+  await withStateIndexMutation(async () => {
+    const ids = new Set(await listAgentCaptureIds())
+    ids.add(state.captureId)
+    const {
+      bridgeToken: _bridgeToken,
+      apiToken: _apiToken,
+      ...safeState
+    } = state as AgentCaptureState & {
+      bridgeToken?: string
+      apiToken?: string
+    }
+    await chrome.storage.session.set({
+      [AGENT_CAPTURE_INDEX_KEY]: [...ids],
+      [agentCaptureStateKey(state.captureId)]: safeState
+    })
+  })
+}
+
+const restoreAgentCaptureIndexAfterRemoveFailure = async (ids: string[], captureId: string): Promise<void> => {
+  try {
+    await chrome.storage.session.set({ [AGENT_CAPTURE_INDEX_KEY]: [...new Set([...ids, captureId])] })
+  } catch (error) {
+    logBackgroundError('Agent capture state index rollback failed', { captureId, error })
+  }
+}
+
+export const removeAgentCaptureState = async (captureId: string): Promise<void> => {
+  await withStateIndexMutation(async () => {
+    const ids = (await listAgentCaptureIds()).filter(id => id !== captureId)
+    const key = agentCaptureStateKey(captureId)
+    await chrome.storage.session.set({ [AGENT_CAPTURE_INDEX_KEY]: ids })
+    try {
+      await chrome.storage.session.remove(key)
+    } catch (error) {
+      await restoreAgentCaptureIndexAfterRemoveFailure(ids, captureId)
+      throw error
+    }
+  })
+}
+
+export const clearAllAgentCaptureState = async (): Promise<void> => {
+  await withStateIndexMutation(async () => {
+    const ids = await listAgentCaptureIds()
+    await chrome.storage.session.remove([AGENT_CAPTURE_INDEX_KEY, ...ids.map(agentCaptureStateKey)])
+  })
+}
+
+export const assertStorageSessionAvailable = (): { ok: true } | { ok: false; error: AgentBridgeError } => {
+  if (!chrome.storage?.session?.get || !chrome.storage.session.set || !chrome.storage.session.remove) {
+    return {
+      ok: false,
+      error: { code: 'NOT_SUPPORTED', message: 'chrome.storage.session is required.', details: { missingCapability: 'storageSession' } }
+    }
+  }
+  return { ok: true }
+}
+
+const makeCaptureDeadlineError = (state: AgentCaptureState): AgentBridgeError =>
+  state.phase === 'target_opening'
+    ? { code: 'TARGET_LOAD_TIMEOUT', message: 'Agent target tab load timed out.' }
+    : { code: 'CAPTURE_TIMEOUT', message: 'Agent capture timed out.' }
+
+export const reconcileAgentCaptureDeadlines = async (now = Date.now()): Promise<AgentCaptureState[]> => {
+  const expired: AgentCaptureState[] = []
+  for (const captureId of await listAgentCaptureIds()) {
+    const state = await getAgentCaptureState(captureId)
+    if (!state) continue
+    if (!['queued', 'waiting_extension', 'running', 'cancel_requested'].includes(state.status)) continue
+    const cancelTimedOut = Boolean(state.cancelDeadlineAt && state.cancelDeadlineAt <= now)
+    const profileTransferTimedOut = Boolean(state.profileTransferDeadlineAt && state.profileTransferDeadlineAt <= now)
+    if (state.deadlineAt <= now || cancelTimedOut || profileTransferTimedOut) {
+      const deadlineError = makeCaptureDeadlineError(state)
+      state.status = cancelTimedOut ? 'cancelled' : 'failed'
+      state.phase = 'cleanup'
+      state.updatedAt = now
+      state.error = cancelTimedOut
+        ? { code: 'CAPTURE_TIMEOUT', message: 'Capture cancellation timed out.', details: { reason: 'cancel_timeout' } }
+        : profileTransferTimedOut
+          ? {
+              code: 'PROFILE_TRANSPORT_FAILED',
+              message: 'Profile transfer timed out.',
+              details: { reason: 'profile_transfer_timeout' }
+            }
+          : deadlineError
+      await saveAgentCaptureState(state)
+      expired.push(state)
+    }
+  }
+  return expired
+}
diff --git a/src/background/agent-capture-status.ts b/src/background/agent-capture-status.ts
new file mode 100644
index 00000000..0ca03bee
--- /dev/null
+++ b/src/background/agent-capture-status.ts
@@ -0,0 +1,46 @@
+import type { AgentCaptureState } from './agent-capture-state'
+import { AGENT_BRIDGE_ERROR_CODES, bridgeProtocolVersion } from '@/types/agent-bridge'
+import { sanitizeLogDetails } from './logging'
+
+type BridgeStatusPostError = Error & { details?: Record<string, unknown> }
+
+const knownErrorCodes = new Set<string>(AGENT_BRIDGE_ERROR_CODES)
+
+const isRecord = (value: unknown): value is Record<string, unknown> => Boolean(value) && typeof value === 'object' && !Array.isArray(value)
+
+const makeBridgeStatusPostError = (response: any): BridgeStatusPostError => {
+  const bridgeError = isRecord(response?.error) ? response.error : {}
+  const code =
+    typeof bridgeError.code === 'string' && knownErrorCodes.has(bridgeError.code) ? bridgeError.code : 'BRIDGE_TRANSPORT_DISCONNECTED'
+  const error = new Error(code) as BridgeStatusPostError
+  const rawDetails = isRecord(bridgeError.details) ? bridgeError.details : {}
+  const details = sanitizeLogDetails({
+    ...rawDetails,
+    ...(typeof bridgeError.message === 'string' ? { message: bridgeError.message } : {})
+  })
+  if (Object.keys(details).length) error.details = details
+  return error
+}
+
+export const postCaptureStatusToBridge = async (
+  state: AgentCaptureState,
+  status: AgentCaptureState['status'],
+  phase: AgentCaptureState['phase'],
+  extra: Record<string, unknown> = {}
+): Promise<void> => {
+  const response = await chrome.tabs.sendMessage(state.bridgeTabId, {
+    type: 'AGENT_CAPTURE_STATUS',
+    payload: {
+      captureId: state.captureId,
+      sessionId: state.sessionId,
+      nonce: state.nonce,
+      protocolVersion: bridgeProtocolVersion,
+      status,
+      phase,
+      ...extra
+    }
+  })
+  if (response?.ok === false) {
+    throw makeBridgeStatusPostError(response)
+  }
+}
diff --git a/src/background/agent-capture-target-guard.ts b/src/background/agent-capture-target-guard.ts
new file mode 100644
index 00000000..55f14d15
--- /dev/null
+++ b/src/background/agent-capture-target-guard.ts
@@ -0,0 +1,27 @@
+const CAPTURE_TARGET_GUARD_MS = 5000
+const guardedTargetTabs = new Map<number, number>()
+
+const isValidTabId = (tabId: unknown): tabId is number => Number.isInteger(tabId) && Number(tabId) >= 0
+
+const pruneExpiredGuards = (now = Date.now()): void => {
+  for (const [tabId, expiresAt] of guardedTargetTabs) {
+    if (expiresAt <= now) guardedTargetTabs.delete(tabId)
+  }
+}
+
+export const markAgentCaptureTargetTab = (tabId: unknown): void => {
+  if (!isValidTabId(tabId)) return
+  pruneExpiredGuards()
+  guardedTargetTabs.set(tabId, Date.now() + CAPTURE_TARGET_GUARD_MS)
+}
+
+export const clearAgentCaptureTargetTabGuard = (tabId: unknown): void => {
+  if (!isValidTabId(tabId)) return
+  guardedTargetTabs.delete(tabId)
+}
+
+export const isRecentlyAgentCaptureTargetTab = (tabId: unknown): boolean => {
+  if (!isValidTabId(tabId)) return false
+  pruneExpiredGuards()
+  return guardedTargetTabs.has(tabId)
+}
diff --git a/src/background/agent-capture-target.ts b/src/background/agent-capture-target.ts
new file mode 100644
index 00000000..910db81e
--- /dev/null
+++ b/src/background/agent-capture-target.ts
@@ -0,0 +1,464 @@
+import { getPreviousActiveTab } from './active-tab-tracker'
+import { normalizeComparableUrl } from './agent-capture-request'
+import { clearBundleLicenseTimer } from './bundle-license'
+import { clearDetectionThrottle, scheduleActivePageDetection } from './detection'
+import { clearDynamicSnapshotState } from './dynamic-snapshot'
+import { clearBadge, clearTabSession } from './tab-store'
+import type { AgentCaptureRequest } from '@/types/agent-bridge'
+import type { AgentBridgeError, AgentCaptureScreenshot } from '@/types/agent-bridge'
+import { makeAgentCaptureError } from './agent-capture-common'
+import { logBackgroundError } from './logging'
+import { isScriptFileLoadError } from './script-injection-errors'
+import { isDetectablePageUrl } from '@/utils/page-support'
+
+const TARGET_LOAD_TIMEOUT_REPORTING_GRACE_MS = 5000
+const MAX_TARGET_LOAD_WAIT_MS = 60000
+const RELOAD_COMPLETE_WITHOUT_LOADING_GRACE_MS = 500
+const ORDINARY_DETECTION_RESTORE_DELAY_MS = 600
+const SCREENSHOT_QUALITY = 72
+const MAX_SCREENSHOT_BYTES = 2 * 1024 * 1024
+const SCREENSHOT_CAPTURE_RETRY_DELAYS_MS = [250, 750, 1500, 2500]
+const TAB_ACTIVATION_RETRY_DELAYS_MS = [0, 150, 500, 1000]
+
+export const cleanForCapture = async (tabId: number): Promise<void> => {
+  clearBundleLicenseTimer(tabId)
+  clearDynamicSnapshotState(tabId)
+  await clearTabSession(tabId)
+  clearBadge(tabId)
+}
+
+export const cleanupTarget = async (state: { targetTabId?: number; createdByCapture?: boolean; keepTabOpen?: boolean }): Promise<void> => {
+  if (typeof state.targetTabId !== 'number') return
+  if (state.createdByCapture) {
+    await cleanForCapture(state.targetTabId)
+  }
+  if (state.createdByCapture && !state.keepTabOpen) {
+    await chrome.tabs.remove(state.targetTabId)
+  }
+}
+
+export const restoreOrdinaryDetectionForRetainedTarget = async (state: {
+  targetTabId?: number
+  createdByCapture?: boolean
+  keepTabOpen?: boolean
+  phase?: string
+}): Promise<void> => {
+  const tabId = state.targetTabId
+  if (typeof tabId !== 'number' || !Number.isInteger(tabId)) return
+  if (state.createdByCapture === true) {
+    if (state.keepTabOpen !== true) return
+  } else if (state.phase === 'target_opening') {
+    return
+  }
+  const tab = await chrome.tabs.get(tabId).catch(() => null)
+  if (!tab || !isDetectablePageUrl(tab.url)) return
+  clearDetectionThrottle(tabId)
+  scheduleActivePageDetection(tabId, ORDINARY_DETECTION_RESTORE_DELAY_MS)
+}
+
+const findReusableTab = async (targetUrl: string): Promise<chrome.tabs.Tab | null> => {
+  const tabs = await chrome.tabs.query({})
+  return tabs.find(tab => !tab.incognito && normalizeComparableUrl(tab.url) === targetUrl) || null
+}
+
+type TargetResolution = { ok: true; tab: chrome.tabs.Tab; createdByCapture: boolean } | { ok: false; error: AgentBridgeError }
+
+export const resolveTargetTab = async (request: AgentCaptureRequest, bridgeWindowId: number): Promise<TargetResolution> => {
+  if (request.options.targetMode === 'active_tab') {
+    return resolveActiveTargetTab(request, bridgeWindowId)
+  }
+  if (request.options.targetMode === 'reuse_or_new_tab') {
+    const reusable = await findReusableTab(request.url)
+    if (reusable) return { ok: true, tab: reusable, createdByCapture: false }
+  }
+  const tab = await chrome.tabs.create({ url: request.url, active: false, windowId: bridgeWindowId })
+  if (tab.incognito) {
+    if (typeof tab.id === 'number') {
+      await chrome.tabs.remove(tab.id).catch(error => logBackgroundError('incognito target tab cleanup failed', { tabId: tab.id, error }))
+    }
+    return { ok: false, error: makeAgentCaptureError('INCOGNITO_NOT_SUPPORTED', 'Incognito tabs are not supported.') }
+  }
+  return { ok: true, tab, createdByCapture: true }
+}
+
+const resolveActiveTargetTab = async (request: AgentCaptureRequest, bridgeWindowId: number): Promise<TargetResolution> => {
+  const active = await getPreviousActiveTab(bridgeWindowId)
+  if (!active) {
+    return { ok: false, error: makeAgentCaptureError('ACTIVE_TAB_UNAVAILABLE', 'Previous active tab is unavailable.') }
+  }
+  try {
+    const tab = await chrome.tabs.get(active.tabId)
+    if (tab.incognito) {
+      return { ok: false, error: makeAgentCaptureError('INCOGNITO_NOT_SUPPORTED', 'Incognito tabs are not supported.') }
+    }
+    if (normalizeComparableUrl(tab.url) !== request.url) {
+      return { ok: false, error: makeAgentCaptureError('ACTIVE_TAB_MISMATCH', 'Previous active tab URL does not match target URL.') }
+    }
+    return { ok: true, tab, createdByCapture: false }
+  } catch {
+    return { ok: false, error: makeAgentCaptureError('ACTIVE_TAB_UNAVAILABLE', 'Previous active tab was closed.') }
+  }
+}
+
+export const waitForTargetTabLoaded = async (tabId: number, deadlineAt: number): Promise<chrome.tabs.Tab> => {
+  const current = await chrome.tabs.get(tabId)
+  if (current.status === 'complete') return current
+  const timeoutMs = Math.max(0, Math.min(deadlineAt - Date.now() - TARGET_LOAD_TIMEOUT_REPORTING_GRACE_MS, MAX_TARGET_LOAD_WAIT_MS))
+  return new Promise((resolve, reject) => {
+    let settled = false
+    let timeout: ReturnType<typeof setTimeout> | null = null
+    const cleanup = () => {
+      if (timeout) clearTimeout(timeout)
+      chrome.tabs.onUpdated?.removeListener?.(listener)
+      chrome.tabs.onRemoved?.removeListener?.(removedListener)
+    }
+    const finish = (callback: () => void) => {
+      if (settled) return
+      settled = true
+      cleanup()
+      callback()
+    }
+    const listener = (updatedTabId: number, changeInfo: chrome.tabs.TabChangeInfo, tab: chrome.tabs.Tab) => {
+      if (updatedTabId !== tabId) return
+      if (changeInfo.status === 'complete' || tab.status === 'complete') {
+        finish(() => resolve(tab))
+      }
+    }
+    const removedListener = (removedTabId: number) => {
+      if (removedTabId === tabId) finish(() => reject(new Error('TARGET_TAB_CLOSED')))
+    }
+    chrome.tabs.onUpdated?.addListener?.(listener)
+    chrome.tabs.onRemoved?.addListener?.(removedListener)
+    timeout = setTimeout(() => finish(() => reject(new Error('TARGET_LOAD_TIMEOUT'))), timeoutMs)
+    chrome.tabs
+      .get(tabId)
+      .then(tab => {
+        if (tab.status === 'complete') finish(() => resolve(tab))
+      })
+      .catch(error => finish(() => reject(error)))
+  })
+}
+
+export const reloadTargetTabBypassingCache = async (tabId: number, deadlineAt: number): Promise<chrome.tabs.Tab> => {
+  if (!chrome.tabs.reload) return waitForTargetTabLoaded(tabId, deadlineAt)
+  const initialTab = await chrome.tabs.get(tabId)
+  const initialUrl = normalizeComparableUrl(initialTab.url)
+  const timeoutMs = Math.max(0, Math.min(deadlineAt - Date.now() - TARGET_LOAD_TIMEOUT_REPORTING_GRACE_MS, MAX_TARGET_LOAD_WAIT_MS))
+  return new Promise((resolve, reject) => {
+    let settled = false
+    let reloadStarted = false
+    let reloadCommandSettled = false
+    let timeout: ReturnType<typeof setTimeout> | null = null
+    let completeWithoutLoadingTimer: ReturnType<typeof setTimeout> | null = null
+    const clearCompleteWithoutLoadingTimer = () => {
+      if (!completeWithoutLoadingTimer) return
+      clearTimeout(completeWithoutLoadingTimer)
+      completeWithoutLoadingTimer = null
+    }
+    const cleanup = () => {
+      if (timeout) clearTimeout(timeout)
+      clearCompleteWithoutLoadingTimer()
+      chrome.tabs.onUpdated?.removeListener?.(listener)
+      chrome.tabs.onRemoved?.removeListener?.(removedListener)
+    }
+    const finish = (callback: () => void) => {
+      if (settled) return
+      settled = true
+      cleanup()
+      callback()
+    }
+    const listener = (updatedTabId: number, changeInfo: chrome.tabs.TabChangeInfo, tab: chrome.tabs.Tab) => {
+      if (updatedTabId !== tabId) return
+      if (changeInfo.status === 'loading') {
+        clearCompleteWithoutLoadingTimer()
+        reloadStarted = true
+        return
+      }
+      if (changeInfo.status !== 'complete') return
+      if (!reloadCommandSettled && !reloadStarted) return
+      if (reloadStarted) {
+        finish(() => resolve(tab))
+        return
+      }
+      const completedUrl = normalizeComparableUrl(tab.url)
+      if (completedUrl && initialUrl && completedUrl !== initialUrl) {
+        finish(() => resolve(tab))
+        return
+      }
+      if (completeWithoutLoadingTimer) return
+      completeWithoutLoadingTimer = setTimeout(
+        () => finish(() => resolve(tab)),
+        RELOAD_COMPLETE_WITHOUT_LOADING_GRACE_MS
+      )
+    }
+    const removedListener = (removedTabId: number) => {
+      if (removedTabId === tabId) finish(() => reject(new Error('TARGET_TAB_CLOSED')))
+    }
+    chrome.tabs.onUpdated?.addListener?.(listener)
+    chrome.tabs.onRemoved?.addListener?.(removedListener)
+    timeout = setTimeout(() => finish(() => reject(new Error('TARGET_LOAD_TIMEOUT'))), timeoutMs)
+    chrome.tabs
+      .reload(tabId, { bypassCache: true })
+      .then(() => {
+        reloadCommandSettled = true
+      })
+      .catch(error => finish(() => reject(error)))
+  })
+}
+
+const getFrameInjectionError = (results: chrome.scripting.InjectionResult[] | undefined): unknown =>
+  (results as Array<{ error?: unknown }> | undefined)?.find(result => result.error !== undefined)?.error
+
+const collectInlineExperienceProfile = (profilerOptions: { captureScreenshotMetadata?: boolean } = {}) => {
+  const includeGeometry = profilerOptions.captureScreenshotMetadata === true
+  const cleanText = (value: unknown, limit = 140): string =>
+    String(value ?? '')
+      .replace(/[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,}/gi, '[redacted]')
+      .replace(/\b(?:\+?\d[\d\s-]{8,}\d|\d{11,})\b/g, '[redacted]')
+      .replace(/(?:[￥$€£]\s*\d+(?:\.\d+)?)/g, '[redacted]')
+      .replace(
+        /\b([A-Za-z0-9_-]*(?:token|secret|session|auth|authorization|key|signature|password|pass|cookie)[A-Za-z0-9_-]*)\s*[:=]\s*(?:Bearer\s+)?[^,\s;&]+/gi,
+        '$1=[redacted]'
+      )
+      .replace(/\s+/g, ' ')
+      .trim()
+      .slice(0, limit)
+  const sensitivePathWordPattern = /^(?:token|secret|session|auth|authorization|signature|password|cookie|passcode)$/i
+  const sensitivePathShortTokenPattern = /(?:^|[-_.])(?:key|pass)(?:$|[-_.])/i
+  const sensitivePathCompoundPattern =
+    /^(?:(?:api|access|private|public|secret|session|auth|token)[-_.]?(?:key|pass|token|secret|signature|code|id)|(?:key|pass|token)[-_.]?(?:token|secret|signature|code|id)|(?:reset|verify|access|auth|session|csrf|xsrf)[-_.]?(?:token|code|secret|key|signature))$/i
+  const sensitivePathCamelPattern =
+    /^(?:apiKey|privateKey|publicKey|accessToken|refreshToken|sessionId|secretToken|authToken|csrfToken|xsrfToken)$/i
+  const highEntropyPathSegmentPattern = /^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)[A-Za-z0-9_-]{24,}$/
+  const pathSegmentStem = (segment: string): string => segment.replace(/\.[A-Za-z0-9]{1,8}$/i, '')
+  const isSensitivePathSegment = (segment: string): boolean => {
+    const stem = pathSegmentStem(segment)
+    return (
+      sensitivePathWordPattern.test(segment) ||
+      sensitivePathWordPattern.test(stem) ||
+      sensitivePathShortTokenPattern.test(segment) ||
+      sensitivePathShortTokenPattern.test(stem) ||
+      sensitivePathCompoundPattern.test(segment) ||
+      sensitivePathCompoundPattern.test(stem) ||
+      sensitivePathCamelPattern.test(segment) ||
+      sensitivePathCamelPattern.test(stem) ||
+      /^[0-9a-f]{16,}$/i.test(stem) ||
+      highEntropyPathSegmentPattern.test(stem) ||
+      segment.includes('=')
+    )
+  }
+  const redactPathname = (pathname: string): string =>
+    pathname
+      .split('/')
+      .map(segment => (segment && isSensitivePathSegment(segment) ? '[redacted]' : segment))
+      .join('/')
+  const safeRect = (element: Element) => {
+    try {
+      const rect = element.getBoundingClientRect()
+      return { x: Math.round(rect.x), y: Math.round(rect.y), width: Math.round(rect.width), height: Math.round(rect.height) }
+    } catch {
+      return null
+    }
+  }
+  const safeUrl = (value: unknown): string => {
+    try {
+      const url = new URL(String(value || ''), location.href)
+      if (!/^https?:$/i.test(url.protocol)) return ''
+      url.username = ''
+      url.password = ''
+      url.hash = ''
+      url.pathname = redactPathname(url.pathname)
+      for (const name of [...url.searchParams.keys()]) url.searchParams.set(name, '[redacted]')
+      return url.toString()
+    } catch {
+      return ''
+    }
+  }
+  const nodes = [...document.querySelectorAll('body *')].slice(0, 240)
+  const textSamples: string[] = []
+  const assets: string[] = []
+  const samples = nodes
+    .filter(element => ['BUTTON', 'A', 'INPUT', 'SELECT', 'TEXTAREA', 'FORM', 'NAV', 'HEADER', 'MAIN', 'FOOTER', 'SECTION'].includes(element.tagName))
+    .slice(0, 40)
+    .map(element => {
+      const text = cleanText(element.textContent || element.getAttribute('aria-label') || element.getAttribute('title') || '', 100)
+      if (text && textSamples.length < 40 && !textSamples.includes(text)) textSamples.push(text)
+      return {
+        tag: element.tagName.toLowerCase(),
+        text,
+        role: cleanText(element.getAttribute('role') || '', 40),
+        ...(includeGeometry ? { rect: safeRect(element) } : {})
+      }
+    })
+  for (const element of [...document.querySelectorAll('img[src], script[src], link[href]')].slice(0, 120)) {
+    const value = (element as HTMLImageElement).currentSrc || (element as HTMLImageElement).src || (element as HTMLLinkElement).href
+    const clean = safeUrl(value)
+    if (clean && !assets.includes(clean)) assets.push(clean)
+  }
+  if (!textSamples.length) {
+    const bodyText = cleanText(document.body?.textContent || '', 600)
+    if (bodyText) textSamples.push(bodyText)
+  }
+  return {
+    visual: {
+      viewport: { width: window.innerWidth, height: window.innerHeight },
+      colorScheme: matchMedia('(prefers-color-scheme: dark)').matches ? 'dark' : 'light'
+    },
+    layout: { landmarks: samples.filter(sample => ['nav', 'header', 'main', 'footer', 'section'].includes(sample.tag)) },
+    components: { samples, counts: { sampled: samples.length } },
+    interaction: { passive: true, links: document.querySelectorAll('a[href]').length, buttons: document.querySelectorAll('button').length },
+    ux: { textSamples, pagePurpose: [], primaryUserPath: [], informationHierarchy: [] },
+    document: { language: cleanText(document.documentElement.lang || document.body?.getAttribute('lang') || '', 40) },
+    assets: { urls: assets },
+    evidence: { truncation: { domNodes: Math.max(0, document.querySelectorAll('body *').length - nodes.length), resourceUrls: 0 } },
+    limitations: ['passive_interaction_only', 'firefox_inline_experience_profile']
+  }
+}
+
+export const executeExperienceProfiler = async (
+  tabId: number,
+  options: { captureScreenshotMetadata: boolean } = { captureScreenshotMetadata: false }
+): Promise<any> => {
+  await chrome.scripting.executeScript({
+    target: { tabId },
+    world: 'MAIN',
+    func: profilerOptions => {
+      ;(globalThis as any).__STACKPRISM_EXPERIENCE_OPTIONS__ = profilerOptions
+    },
+    args: [{ captureScreenshotMetadata: options.captureScreenshotMetadata === true }]
+  })
+  try {
+    try {
+      const injection = await chrome.scripting.executeScript({
+        target: { tabId },
+        world: 'MAIN',
+        files: ['injected/experience-profiler.iife.js']
+      })
+      const frameError = getFrameInjectionError(injection)
+      if (frameError) throw new Error(String(frameError))
+      return injection?.[0]?.result || null
+    } catch (error) {
+      if (!isScriptFileLoadError(error)) throw error
+      const fallback = await chrome.scripting.executeScript({
+        target: { tabId },
+        world: 'MAIN',
+        func: collectInlineExperienceProfile,
+        args: [{ captureScreenshotMetadata: options.captureScreenshotMetadata === true }]
+      })
+      const frameError = getFrameInjectionError(fallback)
+      if (frameError) throw new Error(String(frameError))
+      return fallback?.[0]?.result || null
+    }
+  } finally {
+    await chrome.scripting
+      .executeScript({
+        target: { tabId },
+        world: 'MAIN',
+        func: () => {
+          delete (globalThis as any).__STACKPRISM_EXPERIENCE_OPTIONS__
+        }
+      })
+      .catch(() => {})
+  }
+}
+
+type ScreenshotCaptureResult = { screenshot: AgentCaptureScreenshot | null; limitations: string[] }
+
+const JPEG_DATA_URL_PREFIX = 'data:image/jpeg;base64,'
+
+const base64DecodedByteLength = (value: string): number | null => {
+  if (!value || value.length % 4 === 1 || !/^[A-Za-z0-9+/]*={0,2}$/.test(value)) return null
+  const padding = value.endsWith('==') ? 2 : value.endsWith('=') ? 1 : 0
+  return Math.floor((value.length * 3) / 4) - padding
+}
+
+const jpegDataUrlByteLength = (value: string): number | null => {
+  if (!value.startsWith(JPEG_DATA_URL_PREFIX)) return null
+  return base64DecodedByteLength(value.slice(JPEG_DATA_URL_PREFIX.length))
+}
+
+const waitForDelay = (delayMs: number): Promise<void> => new Promise(resolve => setTimeout(resolve, delayMs))
+
+const waitForTabActive = async (tabId: number): Promise<boolean> => {
+  for (const delayMs of TAB_ACTIVATION_RETRY_DELAYS_MS) {
+    if (delayMs > 0) await waitForDelay(delayMs)
+    const tab = await chrome.tabs.get(tabId).catch(() => null)
+    if (tab?.active === true) return true
+  }
+  return false
+}
+
+const focusCaptureWindow = async (windowId: number): Promise<void> => {
+  await chrome.windows?.update?.(windowId, { focused: true }).catch(() => {})
+}
+
+const captureVisibleTabDataUrl = async (windowId: number): Promise<string> => {
+  let lastError: unknown = null
+  for (const delayMs of SCREENSHOT_CAPTURE_RETRY_DELAYS_MS) {
+    if (delayMs > 0) await waitForDelay(delayMs)
+    try {
+      return await chrome.tabs.captureVisibleTab(windowId, { format: 'jpeg', quality: SCREENSHOT_QUALITY })
+    } catch (caught) {
+      lastError = caught
+    }
+  }
+  throw lastError
+}
+
+export const captureVisibleViewportScreenshot = async (
+  tabId: number,
+  windowId: number,
+  restoreTabId?: number
+): Promise<ScreenshotCaptureResult> => {
+  if (!chrome.tabs.captureVisibleTab) return { screenshot: null, limitations: ['screenshot_capture_unavailable'] }
+  const activeTabs = await chrome.tabs.query({ active: true, windowId }).catch(() => [])
+  const previousActiveTabId = activeTabs.find(tab => tab.active)?.id ?? activeTabs[0]?.id
+  const tabToRestore = restoreTabId ?? previousActiveTabId
+  try {
+    await focusCaptureWindow(windowId)
+    if (previousActiveTabId !== tabId) await chrome.tabs.update(tabId, { active: true })
+    if (!(await waitForTabActive(tabId))) throw new Error('SCREENSHOT_TARGET_NOT_ACTIVE')
+    const dataUrl = await captureVisibleTabDataUrl(windowId)
+    if (typeof dataUrl !== 'string') {
+      return { screenshot: null, limitations: ['screenshot_capture_invalid'] }
+    }
+    const byteLength = jpegDataUrlByteLength(dataUrl)
+    if (byteLength === null) {
+      return { screenshot: null, limitations: ['screenshot_capture_invalid'] }
+    }
+    if (byteLength > MAX_SCREENSHOT_BYTES) {
+      return { screenshot: null, limitations: ['screenshot_image_too_large'] }
+    }
+    return {
+      screenshot: {
+        dataUrl,
+        mimeType: 'image/jpeg',
+        byteLength,
+        source: 'chrome.tabs.captureVisibleTab',
+        scope: 'visible_viewport',
+        capturedAt: new Date().toISOString()
+      },
+      limitations: []
+    }
+  } catch (caught) {
+    logBackgroundError('Agent screenshot capture failed', { tabId, error: caught })
+    return { screenshot: null, limitations: ['screenshot_capture_failed'] }
+  } finally {
+    if (typeof tabToRestore === 'number' && tabToRestore !== tabId) {
+      await chrome.tabs.update(tabToRestore, { active: true }).catch(caught =>
+        logBackgroundError('Agent screenshot tab restore failed', { tabId: tabToRestore, error: caught })
+      )
+    }
+  }
+}
+
+export const getAgentCaptureUserAgent = (): string =>
+  typeof navigator !== 'undefined' && typeof navigator.userAgent === 'string' ? navigator.userAgent : ''
+
+export const getExtensionVersion = (): string => {
+  try {
+    return chrome.runtime.getManifest().version || ''
+  } catch {
+    return ''
+  }
+}
diff --git a/src/background/agent-capture-transfer.ts b/src/background/agent-capture-transfer.ts
new file mode 100644
index 00000000..33b5518e
--- /dev/null
+++ b/src/background/agent-capture-transfer.ts
@@ -0,0 +1,267 @@
+import { validateRegisteredBridgeMessage } from './agent-bridge-session'
+import { getAgentCaptureState, type AgentCaptureState } from './agent-capture-state'
+import {
+  captureKey,
+  mapCaughtErrorCode,
+  PendingProfileAck,
+  profileAckKey,
+  PROFILE_CHUNK_BYTES,
+  PROFILE_TRANSFER_DEADLINE_MS,
+  PROFILE_TRANSFER_PORT_READY_TIMEOUT_MS
+} from './agent-capture-common'
+import type { AgentBridgeRuntimeMessage, AgentProfileTransferAckMessage, SiteExperienceProfile } from '@/types/agent-bridge'
+import { AGENT_PROFILE_TRANSFER_PORT, bridgeProtocolVersion } from '@/types/agent-bridge'
+import { logBackgroundError } from './logging'
+
+type ProfileTransferPortRecord = {
+  port: chrome.runtime.Port
+  captureId: string
+  sessionId: string
+  nonce: string
+  bridgeTabId: number
+}
+
+const profileTransferPorts = new Map<string, ProfileTransferPortRecord>()
+const pendingProfileAcks = new Map<string, PendingProfileAck>()
+const pendingProfileTransferPortWaiters = new Map<string, Set<(connected: boolean) => void>>()
+
+export type AgentCaptureFailureHandler = (
+  state: AgentCaptureState,
+  code: ReturnType<typeof mapCaughtErrorCode>,
+  message?: string,
+  details?: Record<string, unknown>,
+  notifyBridge?: boolean
+) => Promise<void>
+
+let failCapture: AgentCaptureFailureHandler | null = null
+
+export const setAgentCaptureFailureHandler = (handler: AgentCaptureFailureHandler): void => {
+  failCapture = handler
+}
+
+export const clearProfileTransferPort = (state: Pick<AgentCaptureState, 'captureId' | 'sessionId' | 'nonce'>): void => {
+  const keyPrefix = captureKey(state.captureId, state.sessionId, state.nonce)
+  profileTransferPorts.delete(keyPrefix)
+  const waiters = pendingProfileTransferPortWaiters.get(keyPrefix)
+  if (waiters) {
+    pendingProfileTransferPortWaiters.delete(keyPrefix)
+    for (const resolve of waiters) resolve(false)
+  }
+  for (const [key, pending] of pendingProfileAcks) {
+    if (!key.startsWith(`${keyPrefix}:`)) continue
+    pendingProfileAcks.delete(key)
+    clearTimeout(pending.timeout)
+    pending.reject(new Error('BRIDGE_TRANSPORT_DISCONNECTED'))
+  }
+}
+
+export const waitForProfileTransferPort = async (state: Pick<AgentCaptureState, 'captureId' | 'sessionId' | 'nonce'>): Promise<boolean> => {
+  const key = captureKey(state.captureId, state.sessionId, state.nonce)
+  if (profileTransferPorts.has(key)) return true
+  return new Promise(resolve => {
+    const waiter = (connected: boolean) => {
+      clearTimeout(timeout)
+      resolve(connected)
+    }
+    const timeout = setTimeout(() => {
+      const waiters = pendingProfileTransferPortWaiters.get(key)
+      waiters?.delete(waiter)
+      if (!waiters?.size) pendingProfileTransferPortWaiters.delete(key)
+      resolve(profileTransferPorts.has(key))
+    }, PROFILE_TRANSFER_PORT_READY_TIMEOUT_MS)
+    const waiters = pendingProfileTransferPortWaiters.get(key) || new Set<(connected: boolean) => void>()
+    waiters.add(waiter)
+    pendingProfileTransferPortWaiters.set(key, waiters)
+  })
+}
+
+export const registerAgentProfileTransferPort = (port: chrome.runtime.Port): void => {
+  if (port.name !== AGENT_PROFILE_TRANSFER_PORT || !port.sender) {
+    port.disconnect()
+    return
+  }
+  let registeredKey = ''
+  port.onMessage.addListener((message: AgentBridgeRuntimeMessage) => {
+    if (message?.type === 'AGENT_PROFILE_TRANSFER_PORT_HELLO') {
+      registerPortHello(port, message, key => {
+        registeredKey = key
+      })
+        .catch(() => port.disconnect())
+      return
+    }
+    if (message?.type !== 'AGENT_PROFILE_TRANSFER_ACK' || !registeredKey) return
+    resolvePendingAck(registeredKey, message)
+  })
+  port.onDisconnect.addListener(() => {
+    const captureId = profileTransferPorts.get(registeredKey)?.captureId
+    handlePortDisconnect(registeredKey, port).catch(error =>
+      logBackgroundError('Profile transfer port disconnect cleanup failed', { registeredKey, captureId, error })
+    )
+  })
+}
+
+const registerPortHello = async (
+  port: chrome.runtime.Port,
+  message: AgentBridgeRuntimeMessage,
+  registerKey: (key: string) => void
+): Promise<void> => {
+  if (message.type !== 'AGENT_PROFILE_TRANSFER_PORT_HELLO' || message.protocolVersion !== bridgeProtocolVersion) {
+    port.disconnect()
+    return
+  }
+  const validated = await validateRegisteredBridgeMessage(message, port.sender!)
+  if (!validated.ok) {
+    port.disconnect()
+    return
+  }
+  const key = captureKey(message.captureId, message.sessionId, message.nonce)
+  const existing = profileTransferPorts.get(key)
+  if (existing && existing.port !== port) {
+    port.disconnect()
+    return
+  }
+  registerKey(key)
+  profileTransferPorts.set(key, {
+    port,
+    captureId: message.captureId,
+    sessionId: message.sessionId,
+    nonce: message.nonce,
+    bridgeTabId: validated.session.tabId
+  })
+  notifyProfileTransferWaiters(key)
+}
+
+const notifyProfileTransferWaiters = (key: string): void => {
+  const waiters = pendingProfileTransferPortWaiters.get(key)
+  if (!waiters) return
+  pendingProfileTransferPortWaiters.delete(key)
+  for (const resolve of waiters) resolve(true)
+}
+
+const resolvePendingAck = (registeredKey: string, message: AgentProfileTransferAckMessage): void => {
+  if (captureKey(message.captureId, message.sessionId, message.nonce) !== registeredKey) return
+  let key = ''
+  try {
+    key = profileAckKey(message)
+  } catch {
+    return
+  }
+  const pending = pendingProfileAcks.get(key)
+  if (!pending) return
+  pendingProfileAcks.delete(key)
+  clearTimeout(pending.timeout)
+  pending.resolve(message)
+}
+
+const handlePortDisconnect = async (registeredKey: string, port: chrome.runtime.Port): Promise<void> => {
+  if (!registeredKey) return
+  const record = profileTransferPorts.get(registeredKey)
+  if (record?.port === port) profileTransferPorts.delete(registeredKey)
+  rejectPendingAcks(registeredKey)
+  const state = await getAgentCaptureState(record?.captureId || '')
+  if (!state || !failCapture) return
+  await failCapture(state, 'BRIDGE_TRANSPORT_DISCONNECTED', 'Agent bridge profile transfer port disconnected.')
+}
+
+const rejectPendingAcks = (registeredKey: string): void => {
+  for (const [key, pending] of pendingProfileAcks) {
+    if (!key.startsWith(`${registeredKey}:`)) continue
+    pendingProfileAcks.delete(key)
+    clearTimeout(pending.timeout)
+    pending.reject(new Error('BRIDGE_TRANSPORT_DISCONNECTED'))
+  }
+}
+
+const postProfileTransferMessage = async (
+  record: ProfileTransferPortRecord,
+  message: AgentBridgeRuntimeMessage & {
+    captureId: string
+    sessionId: string
+    nonce: string
+    profileTransferId: string
+    chunkIndex?: number
+  }
+): Promise<void> => {
+  const key = profileAckKey(message)
+  const ack = await new Promise<AgentProfileTransferAckMessage>((resolve, reject) => {
+    const timeout = setTimeout(() => {
+      pendingProfileAcks.delete(key)
+      reject(new Error('PROFILE_TRANSPORT_FAILED'))
+    }, PROFILE_TRANSFER_DEADLINE_MS)
+    pendingProfileAcks.set(key, { resolve, reject, timeout })
+    try {
+      record.port.postMessage(message)
+    } catch (caught) {
+      pendingProfileAcks.delete(key)
+      clearTimeout(timeout)
+      reject(caught instanceof Error ? caught : new Error('BRIDGE_TRANSPORT_DISCONNECTED'))
+    }
+  })
+  if (!ack.ok) throw new Error(ack.error?.code || 'PROFILE_TRANSPORT_FAILED')
+}
+
+const sha256Hex = async (bytes: Uint8Array): Promise<string> => {
+  const digest = await crypto.subtle.digest('SHA-256', bytes)
+  return [...new Uint8Array(digest)].map(byte => byte.toString(16).padStart(2, '0')).join('')
+}
+
+const bytesToBase64 = (bytes: Uint8Array): string => btoa(bytesToBinaryString(bytes))
+
+const bytesToBinaryString = (bytes: Uint8Array): string => {
+  const chunkSize = 0x8000
+  const parts: string[] = []
+  for (let offset = 0; offset < bytes.byteLength; offset += chunkSize) {
+    parts.push(String.fromCharCode(...bytes.slice(offset, offset + chunkSize)))
+  }
+  return parts.join('')
+}
+
+const randomBase64Url = (byteLength: number): string =>
+  bytesToBase64(crypto.getRandomValues(new Uint8Array(byteLength)))
+    .replaceAll('+', '-')
+    .replaceAll('/', '_')
+    .replace(/=+$/, '')
+
+const createProfileTransferId = (): string => `xfer_${randomBase64Url(16)}`
+
+export const sendProfileToBridge = async (state: AgentCaptureState, profile: SiteExperienceProfile): Promise<void> => {
+  const record = profileTransferPorts.get(captureKey(state.captureId, state.sessionId, state.nonce))
+  if (!record || record.bridgeTabId !== state.bridgeTabId) throw new Error('BRIDGE_TRANSPORT_DISCONNECTED')
+  const bytes = new TextEncoder().encode(JSON.stringify(profile))
+  const transferId = createProfileTransferId()
+  const chunkCount = Math.max(1, Math.ceil(bytes.byteLength / PROFILE_CHUNK_BYTES))
+  const sha256 = await sha256Hex(bytes)
+  await postProfileTransferMessage(record, {
+    type: 'AGENT_PROFILE_TRANSFER_BEGIN',
+    captureId: state.captureId,
+    sessionId: state.sessionId,
+    nonce: state.nonce,
+    profileTransferId: transferId,
+    chunkCount,
+    byteLength: bytes.byteLength,
+    sha256
+  })
+  for (let index = 0; index < chunkCount; index += 1) {
+    const chunk = bytes.slice(index * PROFILE_CHUNK_BYTES, (index + 1) * PROFILE_CHUNK_BYTES)
+    await postProfileTransferMessage(record, {
+      type: 'AGENT_PROFILE_TRANSFER_CHUNK',
+      captureId: state.captureId,
+      sessionId: state.sessionId,
+      nonce: state.nonce,
+      profileTransferId: transferId,
+      chunkIndex: index,
+      chunkCount,
+      chunkByteLength: chunk.byteLength,
+      payloadBase64: bytesToBase64(chunk)
+    })
+  }
+  await postProfileTransferMessage(record, {
+    type: 'AGENT_PROFILE_TRANSFER_COMPLETE',
+    captureId: state.captureId,
+    sessionId: state.sessionId,
+    nonce: state.nonce,
+    profileTransferId: transferId,
+    byteLength: bytes.byteLength,
+    sha256
+  })
+}
diff --git a/src/background/agent-capture.ts b/src/background/agent-capture.ts
new file mode 100644
index 00000000..c16fe6f4
--- /dev/null
+++ b/src/background/agent-capture.ts
@@ -0,0 +1,339 @@
+import {
+  clearBridgeSession,
+  getAgentBridgeCapabilities,
+  loadAgentBridgeEnabled,
+  validateRegisteredBridgeMessage,
+  validateStartAgentCaptureMessage
+} from './agent-bridge-session'
+import {
+  assertStorageSessionAvailable,
+  getAgentCaptureState,
+  listAgentCaptureIds,
+  reconcileAgentCaptureDeadlines,
+  saveAgentCaptureState,
+  type AgentCaptureState
+} from './agent-capture-state'
+import { normalizeComparableUrl, validateAgentCaptureRequest } from './agent-capture-request'
+import { CAPTURE_DEADLINE_MS, makeAgentCaptureError, mapCaughtErrorCode, nonTerminalStatuses } from './agent-capture-common'
+import type { AgentCaptureResponse } from './agent-capture-common'
+import { resolveTargetTab } from './agent-capture-target'
+import { markAgentCaptureTargetTab } from './agent-capture-target-guard'
+import {
+  clearProfileTransferPort,
+  registerAgentProfileTransferPort,
+  setAgentCaptureFailureHandler,
+  waitForProfileTransferPort
+} from './agent-capture-transfer'
+import { loadDetectorSettings } from './detector-settings'
+import { reportCleanupFailure } from './agent-capture-failure'
+import { postCaptureStatusToBridge } from './agent-capture-status'
+import {
+  cleanupStoredCaptureAndSession,
+  cleanupTargetAndReport,
+  failAgentCapture,
+  getCaptureFailureDetails,
+  sanitizeFailureReason
+} from './agent-capture-lifecycle'
+import { runCapture } from './agent-capture-runner'
+import { isAgentBridgePageUrl } from '@/utils/page-support'
+import { hasAgentBridgeDataConsent } from '@/utils/firefox-data-consent'
+import { isPrivateNetworkAddress } from '@/utils/network-address-policy'
+import type { AgentBridgeError, AgentBridgeRuntimeMessage, AgentCaptureRequest, StartAgentCaptureMessage } from '@/types/agent-bridge'
+import { logBackgroundError } from './logging'
+
+export { registerAgentProfileTransferPort }
+
+let startCaptureMutation: Promise<void> = Promise.resolve()
+let startupRecoveryGate: Promise<void> | null = null
+
+type PreparedAgentCapture = { ok: true; state: AgentCaptureState; request: AgentCaptureRequest } | { ok: false; error: AgentBridgeError }
+
+const NAVIGATION_ERROR_REASON_PATTERN = /^net::[A-Z0-9_]+$/
+const NAVIGATION_ABORTED_ERROR = 'net::ERR_ABORTED'
+
+const navigationErrorDetails = (error?: string): Record<string, unknown> => {
+  const reason = String(error || '').trim()
+  if (!reason) return {}
+  return { reason: NAVIGATION_ERROR_REASON_PATTERN.test(reason) ? reason : 'navigation_error' }
+}
+
+const isSupersededNavigationError = (error?: string): boolean => String(error || '').trim() === NAVIGATION_ABORTED_ERROR
+
+const isLocalhostTarget = (hostname: string): boolean => hostname.toLowerCase().replace(/\.$/, '') === 'localhost'
+
+const isPrivateNetworkTargetAllowed = (request: AgentCaptureRequest, allowAllNetworkTargets: boolean): boolean =>
+  request.options.allowPrivateNetworkTarget === true && allowAllNetworkTargets === true
+
+const validateTargetUrlBeforeResolution = (
+  request: AgentCaptureRequest,
+  bridgeOrigin: string,
+  allowAllNetworkTargets: boolean
+): AgentBridgeError | null => {
+  const target = new URL(request.url)
+  const bridge = new URL(bridgeOrigin)
+  if (target.origin === bridge.origin) {
+    return makeAgentCaptureError('BRIDGE_SELF_TARGET_BLOCKED', 'Agent capture target cannot be the local bridge.')
+  }
+  if (request.options.allowPrivateNetworkTarget === true && allowAllNetworkTargets !== true) {
+    return makeAgentCaptureError('PRIVATE_NETWORK_TARGET_BLOCKED', 'Private network targets are disabled.', {
+      reason: 'private_target_opt_in_disabled'
+    })
+  }
+  if (!isPrivateNetworkTargetAllowed(request, allowAllNetworkTargets) && (isLocalhostTarget(target.hostname) || isPrivateNetworkAddress(target.hostname))) {
+    return makeAgentCaptureError('PRIVATE_NETWORK_TARGET_BLOCKED', 'Private network targets are disabled.', {
+      reason: 'private_target_url'
+    })
+  }
+  return null
+}
+
+const savePreparedCaptureState = async (state: AgentCaptureState): Promise<AgentBridgeError | null> => {
+  try {
+    await saveAgentCaptureState(state)
+    markAgentCaptureTargetTab(state.targetTabId)
+    return null
+  } catch (error) {
+    await cleanupTargetAndReport(state)
+    await cleanupStoredCaptureAndSession(state)
+    return makeAgentCaptureError(mapCaughtErrorCode(error, 'NOT_SUPPORTED'), 'Agent capture state could not be persisted.', {
+      reason: sanitizeFailureReason(error)
+    })
+  }
+}
+
+const withStartCaptureLock = async <T>(work: () => Promise<T>): Promise<T> => {
+  const previous = startCaptureMutation
+  let release!: () => void
+  const gate = new Promise<void>(resolve => {
+    release = resolve
+  })
+  const next = previous.catch(() => {}).then(() => gate)
+  startCaptureMutation = next
+  await previous.catch(() => {})
+  try {
+    return await work()
+  } finally {
+    release()
+    if (startCaptureMutation === next) startCaptureMutation = Promise.resolve()
+  }
+}
+
+export const setAgentCaptureStartupRecoveryGate = (recovery: Promise<void>): void => {
+  const gate = recovery.catch(() => {})
+  startupRecoveryGate = gate
+  gate.finally(() => {
+    if (startupRecoveryGate === gate) startupRecoveryGate = null
+  })
+}
+
+const waitForStartupRecoveryGate = async (): Promise<void> => {
+  const gate = startupRecoveryGate
+  if (gate) await gate
+}
+
+setAgentCaptureFailureHandler(async (state, code, message, details, notifyBridge) => {
+  await failAgentCapture(state, code, message, details, notifyBridge)
+})
+
+const loadActiveAgentCaptureStates = async (): Promise<AgentCaptureState[]> => {
+  const states = await Promise.all((await listAgentCaptureIds()).map(getAgentCaptureState))
+  return states.filter((state): state is AgentCaptureState => Boolean(state && nonTerminalStatuses.has(state.status)))
+}
+
+export const isActiveAgentCaptureTargetTab = async (tabId: number): Promise<boolean> => {
+  if (!Number.isInteger(tabId)) return false
+  return (await loadActiveAgentCaptureStates()).some(state => state.targetTabId === tabId)
+}
+
+const reconcileAndCleanupAgentCaptures = async (): Promise<AgentCaptureState[]> => {
+  const expired = await reconcileAgentCaptureDeadlines()
+  for (const state of expired) {
+    clearProfileTransferPort(state)
+    await postCaptureStatusToBridge(state, state.status, 'cleanup', { error: state.error }).catch(caught =>
+      reportCleanupFailure('postCaptureStatusToBridge', caught)
+    )
+    await cleanupTargetAndReport(state)
+    await cleanupStoredCaptureAndSession(state)
+  }
+  return expired
+}
+
+export const handleAgentCaptureTabRemoved = async (tabId: number): Promise<void> => {
+  await reconcileAndCleanupAgentCaptures()
+  for (const state of await loadActiveAgentCaptureStates()) {
+    if (state.bridgeTabId === tabId) {
+      await failAgentCapture(state, 'BRIDGE_TAB_CLOSED', 'Agent bridge tab was closed.', {}, false)
+    } else if (state.targetTabId === tabId) {
+      await failAgentCapture(state, 'TARGET_TAB_CLOSED', 'Agent target tab was closed.')
+    }
+  }
+}
+
+export const handleAgentCaptureTabNavigation = async (tabId: number, nextUrl: unknown): Promise<void> => {
+  await reconcileAndCleanupAgentCaptures()
+  const normalizedNextUrl = normalizeComparableUrl(nextUrl)
+  for (const state of await loadActiveAgentCaptureStates()) {
+    if (state.bridgeTabId === tabId && !isAgentBridgePageUrl(nextUrl)) {
+      await failAgentCapture(state, 'BRIDGE_TAB_CLOSED', 'Agent bridge tab navigated away.', {}, false)
+      continue
+    }
+    if (!state.finalUrl || state.targetTabId !== tabId || !normalizedNextUrl) continue
+    if (normalizeComparableUrl(state.finalUrl) !== normalizedNextUrl) {
+      await failAgentCapture(state, 'TARGET_NAVIGATED_AWAY', 'Agent target tab navigated away.', { finalUrlChanged: true })
+    }
+  }
+}
+
+export const handleAgentCaptureNavigationError = async (tabId: number, frameId: number, error?: string): Promise<void> => {
+  await reconcileAndCleanupAgentCaptures()
+  if (frameId !== 0) return
+  if (isSupersededNavigationError(error)) return
+  const details = navigationErrorDetails(error)
+  for (const state of await loadActiveAgentCaptureStates()) {
+    if (state.targetTabId === tabId) {
+      await failAgentCapture(state, 'TARGET_LOAD_FAILED', 'Agent target tab main frame failed to load.', details)
+    }
+  }
+}
+
+export const recoverInterruptedAgentCaptures = async (): Promise<void> => {
+  const expired = await reconcileAndCleanupAgentCaptures()
+  const expiredIds = new Set(expired.map(state => state.captureId))
+  for (const state of await loadActiveAgentCaptureStates()) {
+    if (expiredIds.has(state.captureId)) continue
+    await failAgentCapture(state, 'SERVICE_WORKER_RESTARTED', 'Agent capture was interrupted by service worker restart.')
+  }
+}
+
+const failActiveAgentCapturesForBridgeDisabled = async (message: string): Promise<void> => {
+  await reconcileAndCleanupAgentCaptures()
+  for (const state of await loadActiveAgentCaptureStates()) {
+    await failAgentCapture(state, 'AGENT_BRIDGE_DISABLED', message)
+  }
+}
+
+export const handleAgentBridgeOptInDisabled = async (): Promise<void> =>
+  failActiveAgentCapturesForBridgeDisabled('Agent Bridge was disabled in this browser profile.')
+
+export const handleAgentBridgeDataConsentRemoved = async (): Promise<void> =>
+  failActiveAgentCapturesForBridgeDisabled('Agent Bridge data transfer permission was removed in this browser profile.')
+
+export const startAgentCapture = async (
+  message: StartAgentCaptureMessage & Record<string, unknown>,
+  sender: chrome.runtime.MessageSender
+): Promise<AgentCaptureResponse> => {
+  await waitForStartupRecoveryGate()
+  const storage = assertStorageSessionAvailable()
+  if (!storage.ok) return { ok: false, error: storage.error }
+  await reconcileAndCleanupAgentCaptures()
+  const session = await validateStartAgentCaptureMessage(message, sender)
+  if (!session.ok) {
+    if (Number.isInteger(sender.tab?.id)) {
+      await clearBridgeSession(sender.tab!.id!).catch(caught => reportCleanupFailure('clearBridgeSession', caught))
+    }
+    return { ok: false, error: session.error }
+  }
+  const rejectBeforeTargetResolution = async (
+    error: AgentBridgeError,
+    options: { clearSession?: boolean } = {}
+  ): Promise<AgentCaptureResponse> => {
+    if (options.clearSession !== false) {
+      await clearBridgeSession(session.session.tabId).catch(caught => reportCleanupFailure('clearBridgeSession', caught))
+    }
+    return { ok: false, error }
+  }
+  if (!(await loadAgentBridgeEnabled())) {
+    return rejectBeforeTargetResolution(makeAgentCaptureError('AGENT_BRIDGE_DISABLED', 'Agent Bridge is disabled in this browser profile.'))
+  }
+  if (!(await hasAgentBridgeDataConsent())) {
+    return rejectBeforeTargetResolution(
+      makeAgentCaptureError('AGENT_BRIDGE_DISABLED', 'Agent Bridge data transfer permission was not granted in this browser profile.')
+    )
+  }
+  const requestResult = validateAgentCaptureRequest(message.request)
+  if (!requestResult.ok) return rejectBeforeTargetResolution(requestResult.error)
+  const settings = await loadDetectorSettings()
+  const allowAllNetworkTargets = settings.agentBridgeAllowAllNetworkTargets === true
+  const targetUrlError = validateTargetUrlBeforeResolution(requestResult.request, session.session.bridgeOrigin, allowAllNetworkTargets)
+  if (targetUrlError) return rejectBeforeTargetResolution(targetUrlError)
+
+  const prepared = await withStartCaptureLock<PreparedAgentCapture>(async () => {
+    if ((await loadActiveAgentCaptureStates()).length > 0)
+      return { ok: false, error: makeAgentCaptureError('CAPTURE_BUSY', 'An agent capture is already running.') }
+    const bridgeTab = sender.tab
+    if (bridgeTab?.incognito)
+      return { ok: false, error: makeAgentCaptureError('INCOGNITO_NOT_SUPPORTED', 'Incognito bridge tabs are not supported.') }
+    const now = Date.now()
+    const target = await resolveTargetTab(requestResult.request, session.session.windowId)
+    if (!target.ok) return { ok: false, error: target.error }
+    if (target.tab.incognito)
+      return { ok: false, error: makeAgentCaptureError('INCOGNITO_NOT_SUPPORTED', 'Incognito target tabs are not supported.') }
+    const state: AgentCaptureState = {
+      captureId: session.session.captureId,
+      sessionId: session.session.sessionId,
+      nonce: session.session.nonce,
+      bridgeOrigin: session.session.bridgeOrigin,
+      bridgeUrl: sender.url || '',
+      bridgeTabId: session.session.tabId,
+      bridgeWindowId: session.session.windowId,
+      targetTabId: target.tab.id,
+      targetWindowId: target.tab.windowId,
+      targetUrl: requestResult.request.url,
+      targetMode: requestResult.request.options.targetMode,
+      createdByCapture: target.createdByCapture,
+      keepTabOpen: requestResult.request.options.keepTabOpen,
+      phase: 'target_opening',
+      status: 'running',
+      startedAt: now,
+      updatedAt: now,
+      deadlineAt: now + CAPTURE_DEADLINE_MS
+    }
+    const saveError = await savePreparedCaptureState(state)
+    if (saveError) return { ok: false, error: saveError }
+    return { ok: true, state, request: requestResult.request }
+  })
+  if (!prepared.ok) return rejectBeforeTargetResolution(prepared.error, { clearSession: prepared.error.code !== 'CAPTURE_BUSY' })
+  const { state, request } = prepared
+  if (!(await waitForProfileTransferPort(state))) {
+    await cleanupTargetAndReport(state)
+    await cleanupStoredCaptureAndSession(state)
+    return {
+      ok: false,
+      error: makeAgentCaptureError('BRIDGE_TRANSPORT_DISCONNECTED', 'Agent bridge profile transfer port is not connected.')
+    }
+  }
+  runCapture(state, request, getAgentBridgeCapabilities()).catch(error => {
+    logBackgroundError('Agent capture runner failed', { captureId: state.captureId, error })
+    failAgentCapture(
+      state,
+      mapCaughtErrorCode(error, 'PROFILE_TRANSPORT_FAILED'),
+      'Agent capture runner failed.',
+      getCaptureFailureDetails(error)
+    ).catch(caught => logBackgroundError('Agent capture runner failure cleanup failed', { captureId: state.captureId, error: caught }))
+  })
+  return { ok: true, data: null }
+}
+
+export const cancelAgentCapture = async (
+  message: AgentBridgeRuntimeMessage,
+  sender: chrome.runtime.MessageSender
+): Promise<AgentCaptureResponse> => {
+  if (message.type !== 'AGENT_CAPTURE_CONTROL' || message.command !== 'cancel') return { ok: true, data: null }
+  const storage = assertStorageSessionAvailable()
+  if (!storage.ok) return { ok: false, error: storage.error }
+  await reconcileAndCleanupAgentCaptures()
+  const validated = await validateRegisteredBridgeMessage(message, sender)
+  if (!validated.ok) return { ok: false, error: validated.error }
+  const state = await getAgentCaptureState(message.captureId)
+  if (!state || !nonTerminalStatuses.has(state.status)) return { ok: true, data: null }
+  state.status = 'cancelled'
+  state.phase = 'cleanup'
+  state.updatedAt = Date.now()
+  state.error = undefined
+  await saveAgentCaptureState(state)
+  clearProfileTransferPort(state)
+  await cleanupTargetAndReport(state)
+  await postCaptureStatusToBridge(state, 'cancelled', 'cleanup').catch(caught => reportCleanupFailure('postCaptureStatusToBridge', caught))
+  await cleanupStoredCaptureAndSession(state)
+  return { ok: true, data: null }
+}
diff --git a/src/background/content-injector.ts b/src/background/content-injector.ts
index dbc2b875..a70db6f4 100644
--- a/src/background/content-injector.ts
+++ b/src/background/content-injector.ts
@@ -1,18 +1,124 @@
 import { isDetectablePageUrl } from '@/utils/page-support'
+import { runContentObserver } from '@/content/content-observer'
+import { runAgentBridgeClient } from '@/content/agent-bridge-client'
+import { sanitizeLogDetails } from './logging'
+import { isScriptFileLoadError } from './script-injection-errors'
+
+const CONTENT_OBSERVER_FILE_PATTERN = /(^|\/)content-observer(?:\.ts)?(?:[-.]|$)/
+const AGENT_BRIDGE_CLIENT_FILE_PATTERN = /(^|\/)agent-bridge-client(?:\.ts)?(?:[-.]|$)/
 
 const canInjectContentObserver = (tab: chrome.tabs.Tab): boolean => typeof tab?.id === 'number' && isDetectablePageUrl(tab.url)
 
-export const injectContentObserver = async (tabId: number): Promise<void> => {
-  const observerFile = chrome.runtime.getManifest().content_scripts?.[0]?.js?.[0]
-  if (!observerFile) return
+const normalizeExtensionScriptPath = (file: string): string => {
   try {
-    await chrome.scripting.executeScript({
-      target: { tabId },
-      files: [observerFile]
-    })
-  } catch {
+    const url = new URL(file)
+    if (url.protocol === 'chrome-extension:' || url.protocol === 'moz-extension:') return url.pathname.replace(/^\/+/, '')
+  } catch {}
+  return file.replace(/^\/+/, '')
+}
+
+const getContentScriptFile = (pattern: RegExp): string | undefined => {
+  const contentScripts = chrome.runtime.getManifest().content_scripts || []
+  for (const script of contentScripts) {
+    const file = script.js?.find(item => pattern.test(item))
+    if (file) return normalizeExtensionScriptPath(file)
+  }
+  return undefined
+}
+
+const executeScriptFile = async (tabId: number, file: string): Promise<void> => {
+  const candidates = [normalizeExtensionScriptPath(file)]
+  candidates.push(`/${candidates[0]}`)
+  let lastError: unknown = null
+  for (const candidate of candidates) {
+    try {
+      const results = await chrome.scripting.executeScript({
+        target: { tabId },
+        files: [candidate]
+      })
+      const frameError = (results as Array<{ error?: unknown }>).find(result => result.error !== undefined)?.error
+      if (frameError) throw new Error(String(frameError))
+      return
+    } catch (error) {
+      if (!isScriptFileLoadError(error)) throw error
+      lastError = error
+    }
+  }
+  throw lastError || new Error('SCRIPT_INJECTION_FAILED')
+}
+
+const executeAgentBridgeClientFunction = async (tabId: number): Promise<void> => {
+  const results = await chrome.scripting.executeScript({
+    target: { tabId },
+    func: runAgentBridgeClient
+  })
+  const frameError = (results as Array<{ error?: unknown }>).find(result => result.error !== undefined)?.error
+  if (frameError) throw new Error(String(frameError))
+}
+
+const executeContentObserverFunction = async (tabId: number): Promise<void> => {
+  const results = await chrome.scripting.executeScript({
+    target: { tabId },
+    func: runContentObserver
+  })
+  const frameError = (results as Array<{ error?: unknown }>).find(result => result.error !== undefined)?.error
+  if (frameError) throw new Error(String(frameError))
+}
+
+export const getContentObserverFile = (): string | undefined => getContentScriptFile(CONTENT_OBSERVER_FILE_PATTERN)
+
+export const getAgentBridgeClientFile = (): string | undefined => getContentScriptFile(AGENT_BRIDGE_CLIENT_FILE_PATTERN)
+
+export const injectContentObserver = async (tabId: number, options: { failOnError?: boolean } = {}): Promise<void> => {
+  const observerFile = getContentObserverFile()
+  if (!observerFile) {
+    if (options.failOnError) throw new Error('CONTENT_OBSERVER_NOT_FOUND')
+    console.warn('[SP background] Content observer injection skipped.', sanitizeLogDetails({ reason: 'CONTENT_OBSERVER_NOT_FOUND', tabId }))
+    return
+  }
+  try {
+    await executeScriptFile(tabId, observerFile)
+  } catch (error) {
+    if (!isScriptFileLoadError(error)) {
+      if (options.failOnError) throw error
+      console.warn('[SP background] Content observer injection failed.', sanitizeLogDetails({ tabId, observerFile, error }))
+      return
+    }
+    try {
+      await executeContentObserverFunction(tabId)
+    } catch (fallbackError) {
+      if (options.failOnError) throw fallbackError
+      console.warn('[SP background] Content observer injection failed.', sanitizeLogDetails({ tabId, observerFile, error, fallbackError }))
+      return
+    }
+  }
+}
+
+export const injectAgentBridgeClient = async (tabId: number, options: { failOnError?: boolean } = {}): Promise<void> => {
+  const bridgeFile = getAgentBridgeClientFile()
+  if (!bridgeFile) {
+    if (options.failOnError) throw new Error('AGENT_BRIDGE_CLIENT_NOT_FOUND')
+    console.warn('[SP background] Agent Bridge client injection skipped.', sanitizeLogDetails({ reason: 'AGENT_BRIDGE_CLIENT_NOT_FOUND', tabId }))
     return
   }
+  try {
+    await executeScriptFile(tabId, bridgeFile)
+  } catch (error) {
+    if (!isScriptFileLoadError(error)) {
+      if (options.failOnError) throw error
+      console.warn('[SP background] Agent Bridge client injection failed.', sanitizeLogDetails({ tabId, bridgeFile, error }))
+      return
+    }
+    try {
+      await executeAgentBridgeClientFunction(tabId)
+    } catch (fallbackError) {
+      if (options.failOnError) throw fallbackError
+      console.warn(
+        '[SP background] Agent Bridge client injection failed.',
+        sanitizeLogDetails({ tabId, bridgeFile, error, fallbackError })
+      )
+    }
+  }
 }
 
 export const injectContentObserverIntoOpenTabs = async (): Promise<void> => {
diff --git a/src/background/detection.ts b/src/background/detection.ts
index dc14d516..84ac2d7a 100644
--- a/src/background/detection.ts
+++ b/src/background/detection.ts
@@ -5,12 +5,15 @@ import { clearBadge, clearTabSession, getTabData, getTabSnapshot, updateBadgeFor
 import { buildEffectivePageRules, loadDetectorSettings, loadTechRules } from './detector-settings'
 import { scheduleBundleLicenseDetection } from './bundle-license'
 import { injectContentObserver } from './content-injector'
+import { isScriptFileLoadError } from './script-injection-errors'
 import { withTabWriteLock } from './tab-write-lock'
 import { isDetectablePageUrl } from '@/utils/page-support'
+import { detectPageTechnologies } from '@/injected/page-detector-runtime'
 
 const activeDetectionTimers = new Map<number, ReturnType<typeof setTimeout>>()
 const lastDetectionRunAt = new Map<number, number>()
 const DETECTION_THROTTLE_MS = 30000
+type DetectionTabSnapshot = { url?: string }
 
 const normalizePageUrl = (value: unknown): string => {
   try {
@@ -87,6 +90,127 @@ export const refreshAllBadges = async () => {
   }
 }
 
+const withAgentDetectionDeadline = async <T>(operation: Promise<T>, deadlineAt?: number): Promise<T> => {
+  if (deadlineAt === undefined) return operation
+  if (!Number.isFinite(deadlineAt)) throw new Error('INVALID_DEADLINE')
+  const timeoutMs = deadlineAt - Date.now()
+  if (timeoutMs <= 0) throw new Error('TARGET_LOAD_TIMEOUT')
+  let timeout: ReturnType<typeof setTimeout> | null = null
+  try {
+    return await Promise.race([
+      operation,
+      new Promise<never>((_resolve, reject) => {
+        timeout = setTimeout(() => reject(new Error('TARGET_LOAD_TIMEOUT')), timeoutMs)
+      })
+    ])
+  } finally {
+    if (timeout) clearTimeout(timeout)
+  }
+}
+
+const getFrameInjectionError = (results: chrome.scripting.InjectionResult[] | undefined): unknown =>
+  (results as Array<{ error?: unknown }> | undefined)?.find(result => result.error !== undefined)?.error
+
+const executePageDetection = async (
+  tabId: number,
+  tab: DetectionTabSnapshot,
+  deadlineAt?: number,
+  options: { failOnContentObserverError?: boolean } = {}
+): Promise<any> => {
+  await withAgentDetectionDeadline(injectContentObserver(tabId, { failOnError: options.failOnContentObserverError }), deadlineAt)
+  // 这里不再预读 data —— page-detector 注入要 500ms+,期间其他 writer 会写过 storage;
+  // 等 detector 跑完再统一 re-read 最新 data 再做合并写回
+  const [rules, settings] = await withAgentDetectionDeadline(Promise.all([loadTechRules(), loadDetectorSettings()]), deadlineAt)
+  const pageRules = buildEffectivePageRules(rules.page || {}, settings)
+  await withAgentDetectionDeadline(
+    chrome.scripting.executeScript({
+      target: { tabId },
+      world: 'MAIN',
+      func: r => {
+        ;(window as any).__SP_RULES__ = r
+      },
+      args: [pageRules]
+    }),
+    deadlineAt
+  )
+  let page: any = null
+  try {
+    try {
+      const injection = await withAgentDetectionDeadline(
+        chrome.scripting.executeScript({
+          target: { tabId },
+          world: 'MAIN',
+          files: ['injected/page-detector.iife.js']
+        }),
+        deadlineAt
+      )
+      const frameError = getFrameInjectionError(injection)
+      if (frameError) throw new Error(String(frameError))
+      page = await injection?.[0]?.result
+    } catch (error) {
+      if (!isScriptFileLoadError(error)) throw error
+      const fallback = await withAgentDetectionDeadline(
+        chrome.scripting.executeScript({
+          target: { tabId },
+          world: 'MAIN',
+          func: detectPageTechnologies,
+          args: [pageRules]
+        }),
+        deadlineAt
+      )
+      const frameError = getFrameInjectionError(fallback)
+      if (frameError) throw new Error(String(frameError))
+      page = await fallback?.[0]?.result
+    }
+  } finally {
+    await withAgentDetectionDeadline(
+      chrome.scripting.executeScript({
+        target: { tabId },
+        world: 'MAIN',
+        func: () => {
+          try {
+            delete (window as any).__SP_RULES__
+          } catch {
+            ;(window as any).__SP_RULES__ = undefined
+          }
+        }
+      }),
+      deadlineAt
+    ).catch(() => {})
+  }
+  if (!page) throw new Error('TARGET_INJECTION_FAILED')
+
+  const augmentedPage = await augmentPageWithWordPressThemeStyles(page)
+  const freshClean = cleanPageDetectionRecord(augmentedPage)
+  let fallbackForMain: any = null
+  const pageUrl = (augmentedPage as any).url || tab.url || ''
+  const needsFallback = await withTabWriteLock(tabId, async () => {
+    const peek = (await getTabData(tabId)) || {}
+    return needsMainHeadersFallback(peek.main, pageUrl)
+  })
+  if (needsFallback) {
+    fallbackForMain = await withAgentDetectionDeadline(fetchMainHeadersFallback(pageUrl, rules.headers || {}, settings), deadlineAt)
+  }
+
+  await withTabWriteLock(tabId, async () => {
+    const latest = (await getTabData(tabId)) || {}
+    latest.page = mergePageDetectionRecord(latest.page, freshClean)
+    if (needsMainHeadersFallback(latest.main, pageUrl)) {
+      if (fallbackForMain) {
+        latest.main = shouldPreserveMainHeaderRecord(latest.main, pageUrl)
+          ? mergeHeaderRecords(latest.main, fallbackForMain)
+          : fallbackForMain
+      } else if (latest.main && !shouldPreserveMainHeaderRecord(latest.main, pageUrl)) {
+        delete latest.main
+      }
+    }
+    latest.updatedAt = Date.now()
+    await saveTabDataAndBadge(tabId, latest, settings)
+  })
+  scheduleBundleLicenseDetection(tabId)
+  return freshClean
+}
+
 export const runActivePageDetection = async (tabId: number, options: { force?: boolean } = {}) => {
   if (typeof tabId !== 'number' || tabId < 0) return
 
@@ -106,64 +230,21 @@ export const runActivePageDetection = async (tabId: number, options: { force?: b
     }
     lastDetectionRunAt.set(tabId, Date.now())
     console.log('[SP detection] run start', tabId, 'force:', Boolean(options.force))
-    await injectContentObserver(tabId)
-    // 这里不再预读 data —— page-detector 注入要 500ms+,期间其他 writer 会写过 storage;
-    // 等 detector 跑完再统一 re-read 最新 data 再做合并写回
-    const [rules, settings] = await Promise.all([loadTechRules(), loadDetectorSettings()])
-    const pageRules = buildEffectivePageRules(rules.page || {}, settings)
-    await chrome.scripting.executeScript({
-      target: { tabId },
-      world: 'MAIN',
-      func: r => {
-        ;(window as any).__SP_RULES__ = r
-      },
-      args: [pageRules]
-    })
-    const injection = await chrome.scripting.executeScript({
-      target: { tabId },
-      world: 'MAIN',
-      files: ['injected/page-detector.iife.js']
-    })
-    const page = await injection?.[0]?.result
-    if (!page) return
-
-    const augmentedPage = await augmentPageWithWordPressThemeStyles(page)
-    const freshClean = cleanPageDetectionRecord(augmentedPage)
-
-    // 进 per-tab 锁:read-modify-write 段必须跟其他 writer 串行,避免 dynamic/bundle/headers 并发读到同一份旧快照,
-    // 互相把对方刚写好的字段覆盖掉(popup 上数字回落)
-    let fallbackForMain: any = null
-    const needsFallback = await withTabWriteLock(tabId, async () => {
-      const peek = (await getTabData(tabId)) || {}
-      return needsMainHeadersFallback(peek.main, (page as any).url || tab.url)
-    })
-    if (needsFallback) {
-      fallbackForMain = await fetchMainHeadersFallback((page as any).url || '', rules.headers || {}, settings)
-    }
-
-    await withTabWriteLock(tabId, async () => {
-      const latest = (await getTabData(tabId)) || {}
-      latest.page = mergePageDetectionRecord(latest.page, freshClean)
-
-      if (needsMainHeadersFallback(latest.main, (page as any).url || tab.url)) {
-        if (fallbackForMain) {
-          latest.main = shouldPreserveMainHeaderRecord(latest.main, (page as any).url || tab.url)
-            ? mergeHeaderRecords(latest.main, fallbackForMain)
-            : fallbackForMain
-        } else if (latest.main && !shouldPreserveMainHeaderRecord(latest.main, (page as any).url || tab.url)) {
-          delete latest.main
-        }
-      }
-
-      latest.updatedAt = Date.now()
-      await saveTabDataAndBadge(tabId, latest, settings)
-    })
-    scheduleBundleLicenseDetection(tabId)
+    await executePageDetection(tabId, tab)
   } catch {
     return
   }
 }
 
+export const runAgentPageDetection = async (tabId: number, deadlineAt?: number): Promise<any> => {
+  if (deadlineAt !== undefined && !Number.isFinite(deadlineAt)) throw new Error('INVALID_DEADLINE')
+  const tab = await getTabSnapshot(tabId)
+  if (!isDetectablePageUrl(tab.url)) {
+    throw new Error('TARGET_LOAD_FAILED')
+  }
+  return executePageDetection(tabId, tab, deadlineAt, { failOnContentObserverError: true })
+}
+
 export const clearActiveDetectionTimer = (tabId: number) => {
   const timer = activeDetectionTimers.get(tabId)
   if (timer) {
@@ -178,6 +259,7 @@ export const clearDetectionThrottle = (tabId: number) => {
 
 export const scheduleActivePageDetection = (tabId: number, delay = 600) => {
   if (typeof tabId !== 'number' || tabId < 0) return
+  if (activeDetectionTimers.has(tabId)) return
   const last = lastDetectionRunAt.get(tabId) || 0
   if (last && Date.now() - last < DETECTION_THROTTLE_MS) {
     console.log('[SP detection] schedule skipped (throttle)', tabId, 'sinceLast', Date.now() - last + 'ms')
diff --git a/src/background/detector-settings.ts b/src/background/detector-settings.ts
index 33c0003b..faa73a89 100644
--- a/src/background/detector-settings.ts
+++ b/src/background/detector-settings.ts
@@ -1,5 +1,6 @@
 import { loadStackPrismRules } from './rule-loader'
-import { normalizeSettings } from '@/utils/normalize-settings'
+import { sanitizeLogDetails } from './logging'
+import { normalizeSettings, normalizeSettingsWithLocalOptIn } from '@/utils/normalize-settings'
 
 export const SETTINGS_STORAGE_KEY = 'stackPrismSettings'
 
@@ -25,8 +26,19 @@ export const loadDetectorSettings = async () => {
   if (!detectorSettingsPromise) {
     detectorSettingsPromise = chrome.storage.sync
       .get(SETTINGS_STORAGE_KEY)
-      .then(stored => {
-        detectorSettingsCache = normalizeSettings(stored[SETTINGS_STORAGE_KEY])
+      .then(async stored => {
+        let local: Record<string, any> = {}
+        try {
+          local = await chrome.storage.local.get(SETTINGS_STORAGE_KEY)
+        } catch (caught) {
+          console.warn(
+            '[StackPrism] Failed to read local settings; using local defaults.',
+            SETTINGS_STORAGE_KEY,
+            sanitizeLogDetails({ error: caught })
+          )
+          local = {}
+        }
+        detectorSettingsCache = normalizeSettingsWithLocalOptIn(stored[SETTINGS_STORAGE_KEY], local[SETTINGS_STORAGE_KEY])
         return detectorSettingsCache
       })
       .catch(() => {
@@ -37,8 +49,8 @@ export const loadDetectorSettings = async () => {
   return detectorSettingsPromise
 }
 
-export const applyDetectorSettingsUpdate = (rawValue: unknown) => {
-  detectorSettingsCache = normalizeSettings(rawValue)
+export const applyDetectorSettingsUpdate = (syncValue: unknown, localValue: unknown = {}) => {
+  detectorSettingsCache = normalizeSettingsWithLocalOptIn(syncValue, localValue)
   detectorSettingsPromise = Promise.resolve(detectorSettingsCache)
   return detectorSettingsCache
 }
diff --git a/src/background/dynamic-snapshot.ts b/src/background/dynamic-snapshot.ts
index 1bdc84bb..222742a5 100644
--- a/src/background/dynamic-snapshot.ts
+++ b/src/background/dynamic-snapshot.ts
@@ -724,3 +724,8 @@ export const queueDynamicSnapshot = (tabId, snapshot) => {
 export const clearPendingDynamicSnapshot = tabId => {
   pendingDynamicSnapshots.delete(tabId)
 }
+
+export const clearDynamicSnapshotState = tabId => {
+  clearDynamicSnapshotTimer(tabId)
+  clearPendingDynamicSnapshot(tabId)
+}
diff --git a/src/background/headers.ts b/src/background/headers.ts
index 3be50b4b..f2c8b30f 100644
--- a/src/background/headers.ts
+++ b/src/background/headers.ts
@@ -1,4 +1,5 @@
 import { mergeTechnologyRecords } from './merge'
+import { redactHeaderValue } from '@/utils/site-experience-redaction'
 import {
   createCollector,
   filterCustomRulesForTarget,
@@ -10,19 +11,6 @@ import {
 
 const MAX_API_RECORDS = 30
 
-const sanitizeHeaderValue = (name: string, value: string) => {
-  if (name !== 'set-cookie') {
-    return value
-  }
-
-  const cookieNames = String(value)
-    .split(/,\s*(?=[^;,=\s]+=)/)
-    .map(cookie => cookie.split('=')[0]?.trim())
-    .filter(Boolean)
-
-  return cookieNames.length ? cookieNames.join(', ') : '[redacted]'
-}
-
 const normalizeHeaders = (responseHeaders: any[]) => {
   const map: Record<string, string> = {}
   for (const header of responseHeaders || []) {
@@ -48,7 +36,7 @@ const pickHeaders = (headers: Record<string, string>, interestingNames: string[]
   const picked: Record<string, string> = {}
   for (const name of interestingNames) {
     if (headers[name]) {
-      picked[name] = sanitizeHeaderValue(name, headers[name])
+      picked[name] = redactHeaderValue(name, headers[name])
     }
   }
   return picked
@@ -273,7 +261,7 @@ export const fetchMainHeadersFallback = async (url: string, headerRules: any, se
 const sanitizeAllHeaders = (headers: Record<string, string>) => {
   const out: Record<string, string> = {}
   for (const [name, value] of Object.entries(headers)) {
-    out[name] = sanitizeHeaderValue(name, value)
+    out[name] = redactHeaderValue(name, value)
   }
   return out
 }
diff --git a/src/background/index.ts b/src/background/index.ts
index 87e7acf6..342dd074 100644
--- a/src/background/index.ts
+++ b/src/background/index.ts
@@ -1,4 +1,4 @@
-import { injectContentObserverIntoOpenTabs } from './content-injector'
+import { injectAgentBridgeClient, injectContentObserverIntoOpenTabs } from './content-injector'
 import { clearBadge, clearTabSession } from './tab-store'
 import { clearDynamicSnapshotTimer, clearPendingDynamicSnapshot } from './dynamic-snapshot'
 import { buildHeaderRecord, dedupeApiRecords, mergeHeaderRecords, shouldMergeHeaderRecords } from './headers'
@@ -14,29 +14,91 @@ import { SETTINGS_STORAGE_KEY, applyDetectorSettingsUpdate, loadDetectorSettings
 import { registerMessageRouter } from './message-router'
 import { clearBundleLicenseTimer } from './bundle-license'
 import { clearTabWriteLock, withTabWriteLock } from './tab-write-lock'
+import { registerActiveTabTracker } from './active-tab-tracker'
+import { isAgentBridgeRequestForTab, isAgentBridgeRequestUrl, shouldIgnoreBridgeTabEvent } from './agent-bridge-tabs'
+import { clearBridgeSession } from './agent-bridge-session'
+import { logBackgroundError, redactLogUrl } from './logging'
+import {
+  handleAgentBridgeDataConsentRemoved,
+  handleAgentBridgeOptInDisabled,
+  handleAgentCaptureNavigationError,
+  handleAgentCaptureTabNavigation,
+  handleAgentCaptureTabRemoved,
+  isActiveAgentCaptureTargetTab,
+  recoverInterruptedAgentCaptures,
+  setAgentCaptureStartupRecoveryGate
+} from './agent-capture'
+import { clearAgentCaptureNetworkEvidence, clearStaleAgentCaptureNetworkEvidence, registerAgentCaptureNetworkObserver } from './agent-capture-network'
+import { clearAgentCaptureTargetTabGuard, isRecentlyAgentCaptureTargetTab } from './agent-capture-target-guard'
 import { isDetectablePageUrl, isObservableRequestUrl } from '@/utils/page-support'
 import { clearLegacySessionKeys } from '@/utils/browser-compat'
+import { includesAgentBridgeDataConsentRemoval } from '@/utils/firefox-data-consent'
 
 registerMessageRouter()
-refreshAllBadges().catch(() => {})
+registerActiveTabTracker()
 
-chrome.runtime.onInstalled.addListener(() => {
-  clearLegacySessionKeys().catch(() => {})
-  injectContentObserverIntoOpenTabs()
-})
+const recoverInterruptedAgentCapturesAndLog = (): void => {
+  const recovery = recoverInterruptedAgentCaptures().catch(error => logBackgroundError('recoverInterruptedAgentCaptures failed', { error }))
+  setAgentCaptureStartupRecoveryGate(recovery)
+}
 
-chrome.runtime.onStartup.addListener(() => {
-  clearLegacySessionKeys().catch(() => {})
+const getUrlOrigin = (value: unknown): string => {
+  try {
+    return new URL(String(value || '')).origin
+  } catch {
+    return ''
+  }
+}
+
+const clearCrossOriginDynamicSnapshot = (data: any, nextUrl: string) => {
+  const dynamicOrigin = getUrlOrigin(data?.dynamic?.url)
+  const nextOrigin = getUrlOrigin(nextUrl)
+  if (dynamicOrigin && nextOrigin && dynamicOrigin !== nextOrigin) {
+    delete data.dynamic
+  }
+}
+
+const applySyncDetectorSettingsChange = async (syncValue: unknown): Promise<void> => {
+  let localValue: unknown = {}
+  try {
+    const local = await chrome.storage.local.get(SETTINGS_STORAGE_KEY)
+    localValue = local[SETTINGS_STORAGE_KEY]
+  } catch (error) {
+    logBackgroundError('sync settings local read failed', { areaName: 'sync', key: SETTINGS_STORAGE_KEY, error })
+  }
+  applyDetectorSettingsUpdate(syncValue, localValue)
+  await refreshAllBadges()
+}
+
+recoverInterruptedAgentCapturesAndLog()
+refreshAllBadges().catch(error => logBackgroundError('refreshAllBadges failed', { error }))
+
+const handleExtensionLifecycleWake = (): void => {
+  clearLegacySessionKeys().catch(error => logBackgroundError('clearLegacySessionKeys failed', { error }))
   injectContentObserverIntoOpenTabs()
+  recoverInterruptedAgentCapturesAndLog()
+}
+
+chrome.runtime.onInstalled.addListener(handleExtensionLifecycleWake)
+
+chrome.runtime.onStartup.addListener(handleExtensionLifecycleWake)
+
+chrome.permissions?.onRemoved?.addListener(permissions => {
+  if (!includesAgentBridgeDataConsentRemoval(permissions)) return
+  handleAgentBridgeDataConsentRemoved().catch(error => logBackgroundError('handleAgentBridgeDataConsentRemoved failed', { error }))
 })
 
 chrome.tabs.onRemoved.addListener(tabId => {
+  handleAgentCaptureTabRemoved(tabId).catch(error => logBackgroundError('handleAgentCaptureTabRemoved failed', { tabId, error }))
   clearActiveDetectionTimer(tabId)
   clearDetectionThrottle(tabId)
   clearBundleLicenseTimer(tabId)
   clearDynamicSnapshotTimer(tabId)
   clearPendingDynamicSnapshot(tabId)
-  clearTabSession(tabId)
+  clearAgentCaptureNetworkEvidence(tabId)
+  clearAgentCaptureTargetTabGuard(tabId)
+  clearTabSession(tabId).catch(error => logBackgroundError('clearTabSession failed', { tabId, error }))
+  clearBridgeSession(tabId).catch(error => logBackgroundError('clearBridgeSession failed', { tabId, error }))
 })
 
 const clearTabDetectionState = (tabId: number) => {
@@ -46,46 +108,53 @@ const clearTabDetectionState = (tabId: number) => {
   clearDynamicSnapshotTimer(tabId)
   clearPendingDynamicSnapshot(tabId)
   clearTabWriteLock(tabId)
+  clearAgentCaptureNetworkEvidence(tabId)
   clearBadge(tabId)
-  clearTabSession(tabId).catch(() => {})
-}
-
-const getUrlOrigin = (value: unknown): string => {
-  try {
-    return new URL(String(value || '')).origin
-  } catch {
-    return ''
-  }
-}
-
-const clearCrossOriginDynamicSnapshot = (data: any, nextUrl: string) => {
-  const dynamicOrigin = getUrlOrigin(data?.dynamic?.url)
-  const nextOrigin = getUrlOrigin(nextUrl)
-  if (dynamicOrigin && nextOrigin && dynamicOrigin !== nextOrigin) {
-    delete data.dynamic
-  }
+  clearTabSession(tabId).catch(error => logBackgroundError('clearTabSession failed', { tabId, error }))
 }
 
 chrome.tabs.onUpdated.addListener((tabId, changeInfo, tab) => {
   const url = changeInfo.url || tab.url || ''
+  if (changeInfo.url) {
+    handleAgentCaptureTabNavigation(tabId, changeInfo.url).catch(error =>
+      logBackgroundError('handleAgentCaptureTabNavigation failed', { tabId, error })
+    )
+  }
+  if (shouldIgnoreBridgeTabEvent(tab)) {
+    if (changeInfo.status === 'complete') {
+      injectAgentBridgeClient(tabId).catch(error => logBackgroundError('injectAgentBridgeClient failed', { tabId, error }))
+    }
+    return
+  }
   if (url && !isDetectablePageUrl(url)) {
     clearTabDetectionState(tabId)
     return
   }
 
   if (changeInfo.status === 'loading') {
-    console.log('[SP detection] onUpdated loading', tabId, 'url', url)
+    console.log('[SP detection] onUpdated loading', tabId, 'url', redactLogUrl(url))
     clearActiveDetectionTimer(tabId)
     clearDynamicSnapshotTimer(tabId)
     clearPendingDynamicSnapshot(tabId)
+    clearStaleAgentCaptureNetworkEvidence(tabId).catch(error =>
+      logBackgroundError('clearStaleAgentCaptureNetworkEvidence failed', { tabId, error })
+    )
     clearBadge(tabId)
     return
   }
 
   if (changeInfo.status === 'complete') {
-    console.log('[SP detection] onUpdated complete', tabId, 'url', url)
+    console.log('[SP detection] onUpdated complete', tabId, 'url', redactLogUrl(url))
     if (isDetectablePageUrl(url)) {
-      scheduleActivePageDetection(tabId, 600)
+      const wasCaptureTarget = isRecentlyAgentCaptureTargetTab(tabId)
+      isActiveAgentCaptureTargetTab(tabId)
+        .then(isCaptureTarget => {
+          if (!isCaptureTarget && !wasCaptureTarget) scheduleActivePageDetection(tabId, 600)
+        })
+        .catch(error => {
+          logBackgroundError('active capture target check failed', { tabId, error })
+          if (!wasCaptureTarget) scheduleActivePageDetection(tabId, 600)
+        })
     } else {
       clearTabDetectionState(tabId)
     }
@@ -94,24 +163,53 @@ chrome.tabs.onUpdated.addListener((tabId, changeInfo, tab) => {
 
 chrome.webNavigation.onCommitted.addListener(details => {
   if (details.frameId !== 0) return
-  console.log('[SP detection] webNav committed', details.tabId, 'transition:', details.transitionType, details.url)
-  clearDetectionThrottle(details.tabId)
+  if (isAgentBridgeRequestUrl(details.url)) return
+  getTabSnapshot(details.tabId)
+    .then(async tab => {
+      if (await isAgentBridgeRequestForTab(details.url, details.tabId, tab)) return
+      console.log('[SP detection] webNav committed', details.tabId, 'transition:', details.transitionType, redactLogUrl(details.url))
+      clearDetectionThrottle(details.tabId)
+    })
+    .catch(error => logBackgroundError('webNav committed handling failed', { tabId: details.tabId, error }))
+})
+
+chrome.webNavigation.onErrorOccurred.addListener(details => {
+  handleAgentCaptureNavigationError(details.tabId, details.frameId, details.error).catch(error =>
+    logBackgroundError('handleAgentCaptureNavigationError failed', {
+      tabId: details.tabId,
+      frameId: details.frameId,
+      error
+    })
+  )
 })
 
 chrome.storage.onChanged.addListener((changes, areaName) => {
   if (areaName === 'sync' && changes[SETTINGS_STORAGE_KEY]) {
-    applyDetectorSettingsUpdate(changes[SETTINGS_STORAGE_KEY].newValue)
-    refreshAllBadges()
+    applySyncDetectorSettingsChange(changes[SETTINGS_STORAGE_KEY].newValue)
+      .catch(error => logBackgroundError('sync settings change handling failed', { areaName, key: SETTINGS_STORAGE_KEY, error }))
+  }
+  if (areaName === 'local' && changes[SETTINGS_STORAGE_KEY]) {
+    chrome.storage.sync
+      .get(SETTINGS_STORAGE_KEY)
+      .then(async sync => {
+        const settings = applyDetectorSettingsUpdate(sync[SETTINGS_STORAGE_KEY], changes[SETTINGS_STORAGE_KEY].newValue)
+        if (!settings.agentBridgeEnabled) await handleAgentBridgeOptInDisabled()
+        await refreshAllBadges()
+      })
+      .catch(error => logBackgroundError('local settings change handling failed', { areaName, key: SETTINGS_STORAGE_KEY, error }))
   }
 })
 
 chrome.webRequest.onHeadersReceived.addListener(
   details => {
     if (details.tabId < 0 || !details.responseHeaders) return
+    if (isAgentBridgeRequestUrl(details.url)) return
     if (!isObservableRequestUrl(details.url)) return
 
-    Promise.all([loadTechRules(), loadDetectorSettings(), getTabSnapshot(details.tabId)])
-      .then(async ([rules, settings, tab]) => {
+    getTabSnapshot(details.tabId)
+      .then(async tab => {
+        if (await isAgentBridgeRequestForTab(details.url, details.tabId, tab)) return
+        const [rules, settings] = await Promise.all([loadTechRules(), loadDetectorSettings()])
         if (details.type === 'main_frame' && !isDetectablePageUrl(details.url)) {
           clearTabDetectionState(details.tabId)
           return
@@ -138,8 +236,12 @@ chrome.webRequest.onHeadersReceived.addListener(
           await saveTabDataAndBadge(details.tabId, latest, settings)
         })
       })
-      .catch(() => {})
+      .catch(error => logBackgroundError('webRequest header handling failed', { tabId: details.tabId, error }))
   },
   { urls: ['http://*/*', 'https://*/*', 'ws://*/*', 'wss://*/*'] },
   ['responseHeaders', 'extraHeaders']
 )
+
+registerAgentCaptureNetworkObserver((tabId, error) =>
+  logBackgroundError('agent capture network response handling failed', { tabId, error })
+)
diff --git a/src/background/logging.ts b/src/background/logging.ts
new file mode 100644
index 00000000..b7caa5bd
--- /dev/null
+++ b/src/background/logging.ts
@@ -0,0 +1,43 @@
+const SENSITIVE_DETAIL_KEY = /authorization|cookie|token|nonce|secret/i
+const ID_PATTERN = /\b(?:spbt?_|cap_|s_|n_|xfer_|shot_)[A-Za-z0-9_-]{8,}\b/g
+const URL_PATTERN = /https?:\/\/[^\s"')]+/g
+const MAX_LOG_DETAIL_DEPTH = 4
+
+export const redactLogUrl = (value: unknown): string => {
+  try {
+    const url = new URL(String(value || ''))
+    url.hash = ''
+    if (url.search) url.search = '?[redacted]'
+    return url.toString()
+  } catch {
+    return ''
+  }
+}
+
+const redactLogText = (value: string): string =>
+  value.replace(URL_PATTERN, url => redactLogUrl(url) || '[redacted-url]').replace(ID_PATTERN, '[redacted-id]')
+
+const sanitizeErrorName = (value: unknown): string => {
+  const name = typeof value === 'string' && value ? value : 'Error'
+  return redactLogText(name)
+}
+
+const sanitizeLogValue = (key: string, value: unknown, depth: number): unknown => {
+  if (SENSITIVE_DETAIL_KEY.test(key)) return '[redacted]'
+  if (value instanceof Error) return { errorName: sanitizeErrorName(value.name) }
+  if (typeof value === 'string') return redactLogText(value)
+  if (!value || typeof value !== 'object') return value
+  if (depth >= MAX_LOG_DETAIL_DEPTH) return '[redacted-object]'
+  if (Array.isArray(value)) return value.map(item => sanitizeLogValue('', item, depth + 1))
+
+  return Object.fromEntries(
+    Object.entries(value as Record<string, unknown>).map(([childKey, child]) => [childKey, sanitizeLogValue(childKey, child, depth + 1)])
+  )
+}
+
+export const sanitizeLogDetails = (details: Record<string, unknown>): Record<string, unknown> =>
+  Object.fromEntries(Object.entries(details).map(([key, value]) => [key, sanitizeLogValue(key, value, 0)]))
+
+export const logBackgroundError = (message: string, details: Record<string, unknown>) => {
+  console.error('[SP background]', message, sanitizeLogDetails(details))
+}
diff --git a/src/background/message-router.ts b/src/background/message-router.ts
index 95bb885a..c1bc31a6 100644
--- a/src/background/message-router.ts
+++ b/src/background/message-router.ts
@@ -12,22 +12,148 @@ import {
 } from './popup-cache'
 import { runActivePageDetection, saveTabDataAndBadge } from './detection'
 import { loadDetectorSettings } from './detector-settings'
+import { handleAgentBridgeHello, validateAgentCaptureControlMessage } from './agent-bridge-session'
+import { cancelAgentCapture, registerAgentProfileTransferPort, startAgentCapture } from './agent-capture'
+import { isAgentBridgeRequestForTab, isAgentBridgeTab } from './agent-bridge-tabs'
 import { withTabWriteLock } from './tab-write-lock'
+import { logBackgroundError } from './logging'
 import { checkPageSupport, isDetectablePageUrl } from '@/utils/page-support'
+import type { AgentBridgeError } from '@/types/agent-bridge'
 
 const clearUnsupportedTab = async (tabId: number) => {
   await clearTabSession(tabId)
   clearBadge(tabId)
 }
 
+const tabIdMessages = new Set([
+  'GET_HEADER_DATA',
+  'GET_POPUP_RESULT',
+  'GET_POPUP_RAW_RESULT',
+  'START_BACKGROUND_DETECTION',
+  'PAGE_DETECTION_RESULT'
+])
+
+const ORDINARY_BRIDGE_CACHE_ERROR = 'Agent Bridge 页面不能访问普通检测缓存。'
+
+class OrdinaryBridgeSenderError extends Error {
+  constructor(message = ORDINARY_BRIDGE_CACHE_ERROR) {
+    super(message)
+    this.name = 'OrdinaryBridgeSenderError'
+  }
+}
+
+const rejectOrdinaryBridgeSender = (message: any, sender: chrome.runtime.MessageSender): string => {
+  if (isAgentBridgeTab(sender.tab)) return ORDINARY_BRIDGE_CACHE_ERROR
+  if (sender.tab?.id !== undefined && tabIdMessages.has(message.type) && Number(message.tabId) !== sender.tab.id) {
+    return 'content script 不能操作其他 tab。'
+  }
+  return ''
+}
+
+const rejectRegisteredBridgeSender = async (sender: chrome.runtime.MessageSender): Promise<string> => {
+  const tabId = sender.tab?.id
+  if (typeof tabId !== 'number' || tabId < 0) return ''
+  const url = sender.url || sender.tab?.url || sender.tab?.pendingUrl || ''
+  return (await isAgentBridgeRequestForTab(url, tabId, sender.tab)) ? ORDINARY_BRIDGE_CACHE_ERROR : ''
+}
+
+const ensureRegisteredBridgeSenderAllowed = async (sender: chrome.runtime.MessageSender): Promise<void> => {
+  const rejected = await rejectRegisteredBridgeSender(sender)
+  if (rejected) throw new OrdinaryBridgeSenderError(rejected)
+}
+
+const sendOrdinaryMessageError = (sendResponse: (response?: any) => void, error: unknown): void => {
+  sendResponse({ ok: false, error: error instanceof OrdinaryBridgeSenderError ? error.message : String(error) })
+}
+
+const sendAgentBridgeInternalError = (sendResponse: (response?: any) => void, operation: string, error: unknown): void => {
+  logBackgroundError(`${operation} failed`, { error })
+  const bridgeError: AgentBridgeError = {
+    code: 'INVALID_REQUEST',
+    message: 'Agent Bridge request failed.'
+  }
+  sendResponse({ ok: false, error: bridgeError })
+}
+
+const rejectPopupTargetTab = async (tabId: number, sender: chrome.runtime.MessageSender): Promise<string> => {
+  if (sender.tab) return ''
+  const [tab, snapshot] = await Promise.all([chrome.tabs.get(tabId).catch(() => null), getTabSnapshot(tabId).catch(() => null)])
+  const url = tab?.url || tab?.pendingUrl || snapshot?.url || ''
+  if (!url) return '目标 tab 不可用。'
+  if (tab?.incognito) return '不能读取隐身窗口 tab。'
+  if (await isAgentBridgeRequestForTab(url, tabId, { url, pendingUrl: tab?.pendingUrl })) {
+    return ORDINARY_BRIDGE_CACHE_ERROR
+  }
+  const support = checkPageSupport(url)
+  return support.supported ? '' : support.reason
+}
+
+const runBackgroundDetectionAfterResponse = async (tabId: number): Promise<void> => {
+  const tab = await getTabSnapshot(tabId)
+  if (!isDetectablePageUrl(tab.url)) {
+    await clearUnsupportedTab(tabId)
+    return
+  }
+  await runActivePageDetection(tabId, { force: true })
+}
+
 export const registerMessageRouter = () => {
+  chrome.runtime.onConnect.addListener(registerAgentProfileTransferPort)
+
   chrome.runtime.onMessage.addListener((message, sender, sendResponse) => {
     if (!message || !message.type) return false
 
+    if (message.type === 'AGENT_BRIDGE_HELLO') {
+      handleAgentBridgeHello(message, sender)
+        .then(response => sendResponse(response))
+        .catch(error => sendAgentBridgeInternalError(sendResponse, 'AGENT_BRIDGE_HELLO', error))
+      return true
+    }
+
+    if (message.type === 'START_AGENT_CAPTURE') {
+      startAgentCapture(message, sender)
+        .then(response => sendResponse(response))
+        .catch(caught => sendAgentBridgeInternalError(sendResponse, 'START_AGENT_CAPTURE', caught))
+      return true
+    }
+
+    if (message.type === 'AGENT_CAPTURE_CONTROL') {
+      validateAgentCaptureControlMessage(message, sender)
+        .then(validated => {
+          if (!validated.ok) {
+            sendResponse({ ok: false, error: validated.error })
+            return
+          }
+          return cancelAgentCapture(message, sender).then(sendResponse)
+        })
+        .catch(error => sendAgentBridgeInternalError(sendResponse, 'AGENT_CAPTURE_CONTROL', error))
+      return true
+    }
+
+    const ordinaryBridgeError = rejectOrdinaryBridgeSender(message, sender)
+    if (ordinaryBridgeError) {
+      sendResponse({ ok: false, error: ordinaryBridgeError })
+      return false
+    }
+
     if (message.type === 'GET_HEADER_DATA') {
-      Promise.all([getTabData(message.tabId), loadDetectorSettings()])
-        .then(([data, settings]) => sendResponse({ ok: true, data: addStoredCustomHeaderRules(data, settings) }))
-        .catch(error => sendResponse({ ok: false, error: String(error) }))
+      const tabId = Number(message.tabId)
+      if (!Number.isInteger(tabId) || tabId < 0) {
+        sendResponse({ ok: false, error: '缺少有效 tabId' })
+        return false
+      }
+      ensureRegisteredBridgeSenderAllowed(sender)
+        .then(() => {
+          return rejectPopupTargetTab(tabId, sender)
+        })
+        .then(rejected => {
+          if (rejected) throw new Error(rejected)
+          return Promise.all([getTabData(tabId), loadDetectorSettings()])
+        })
+        .then(([tabData, settings]) => {
+          sendResponse({ ok: true, data: addStoredCustomHeaderRules(tabData, settings) })
+        })
+        .catch(error => sendOrdinaryMessageError(sendResponse, error))
       return true
     }
 
@@ -37,9 +163,16 @@ export const registerMessageRouter = () => {
         sendResponse({ ok: false, error: '缺少有效 tabId' })
         return false
       }
-      getPopupResultResponse(tabId)
+      ensureRegisteredBridgeSenderAllowed(sender)
+        .then(() => {
+          return rejectPopupTargetTab(tabId, sender)
+        })
+        .then(rejected => {
+          if (rejected) throw new Error(rejected)
+          return getPopupResultResponse(tabId)
+        })
         .then(response => sendResponse(response))
-        .catch(error => sendResponse({ ok: false, error: String(error) }))
+        .catch(error => sendOrdinaryMessageError(sendResponse, error))
       return true
     }
 
@@ -49,7 +182,14 @@ export const registerMessageRouter = () => {
         sendResponse({ ok: false, error: '缺少有效 tabId' })
         return false
       }
-      getTabSnapshot(tabId)
+      ensureRegisteredBridgeSenderAllowed(sender)
+        .then(() => {
+          return rejectPopupTargetTab(tabId, sender)
+        })
+        .then(rejected => {
+          if (rejected) throw new Error(rejected)
+          return getTabSnapshot(tabId)
+        })
         .then(async tab => {
           const support = checkPageSupport(tab.url)
           if (!support.supported) {
@@ -60,7 +200,7 @@ export const registerMessageRouter = () => {
           return buildPopupRawResult(addStoredCustomHeaderRules(data, settings), settings, tab)
         })
         .then(data => sendResponse({ ok: true, data }))
-        .catch(error => sendResponse({ ok: false, error: String(error) }))
+        .catch(error => sendOrdinaryMessageError(sendResponse, error))
       return true
     }
 
@@ -78,16 +218,19 @@ export const registerMessageRouter = () => {
         sendResponse({ ok: false, error: '缺少有效 tabId' })
         return false
       }
-      sendResponse({ ok: true })
-      getTabSnapshot(tabId)
-        .then(tab => {
-          if (!isDetectablePageUrl(tab.url)) {
-            return clearUnsupportedTab(tabId)
-          }
-          return runActivePageDetection(tabId, { force: true })
+      ensureRegisteredBridgeSenderAllowed(sender)
+        .then(() => {
+          return rejectPopupTargetTab(tabId, sender)
         })
-        .catch(() => {})
-      return false
+        .then(rejected => {
+          if (rejected) throw new Error(rejected)
+          sendResponse({ ok: true })
+          runBackgroundDetectionAfterResponse(tabId).catch(error =>
+            logBackgroundError('runBackgroundDetectionAfterResponse failed', { tabId, error })
+          )
+        })
+        .catch(error => sendOrdinaryMessageError(sendResponse, error))
+      return true
     }
 
     if (message.type === 'GET_WORDPRESS_THEME_DETAILS') {
@@ -103,7 +246,10 @@ export const registerMessageRouter = () => {
         sendResponse({ ok: false, error: '缺少有效 tabId' })
         return false
       }
-      getTabSnapshot(tabId)
+      ensureRegisteredBridgeSenderAllowed(sender)
+        .then(() => {
+          return getTabSnapshot(tabId)
+        })
         .then(tab => {
           if (!isDetectablePageUrl(tab.url)) {
             return clearUnsupportedTab(tabId).then(() => false)
@@ -112,7 +258,7 @@ export const registerMessageRouter = () => {
           return true
         })
         .then(queued => sendResponse({ ok: true, queued }))
-        .catch(error => sendResponse({ ok: false, error: String(error) }))
+        .catch(error => sendOrdinaryMessageError(sendResponse, error))
       return true
     }
 
@@ -122,7 +268,10 @@ export const registerMessageRouter = () => {
         sendResponse({ ok: false, error: '缺少有效 tabId' })
         return false
       }
-      Promise.all([loadDetectorSettings(), getTabSnapshot(tabId)])
+      ensureRegisteredBridgeSenderAllowed(sender)
+        .then(() => {
+          return Promise.all([loadDetectorSettings(), getTabSnapshot(tabId)])
+        })
         .then(async ([settings, tab]) => {
           if (!isDetectablePageUrl(tab.url)) {
             await clearUnsupportedTab(tabId)
@@ -139,7 +288,7 @@ export const registerMessageRouter = () => {
           })
         })
         .then(() => sendResponse({ ok: true }))
-        .catch(error => sendResponse({ ok: false, error: String(error) }))
+        .catch(error => sendOrdinaryMessageError(sendResponse, error))
       return true
     }
 
diff --git a/src/background/popup-cache.ts b/src/background/popup-cache.ts
index ae68e94d..00ca5e49 100644
--- a/src/background/popup-cache.ts
+++ b/src/background/popup-cache.ts
@@ -151,6 +151,13 @@ const addAllTechnologies = (target: any[], items: any[]) => {
   }
 }
 
+const CROSS_SITE_INFRASTRUCTURE_CATEGORIES = new Set(['CDN / 托管', 'Web 服务器', '后端 / 服务器框架'])
+
+const filterCrossSiteTechnologies = (items: any[], recordUrl: unknown, pageUrl: unknown): any[] => {
+  if (isSameSite(recordUrl, pageUrl)) return Array.isArray(items) ? items : []
+  return (items || []).filter(tech => !CROSS_SITE_INFRASTRUCTURE_CATEGORIES.has(String(tech?.category || '')))
+}
+
 const GENERIC_CDN_FALLBACK_NAMES = new Set(['自定义 / 私有 CDN', '未知 / 自定义 CDN'])
 
 export const suppressGenericCdnFallbacks = (technologies: any[]) => {
@@ -241,16 +248,17 @@ const mergeDisplayTechnologyRecords = (items: any[]) => {
     .sort(compareDisplayTechnologies)
 }
 
-const collectRawReferenceTechnologies = (data: any) => {
+const getCurrentPageUrl = (data: any, tab: any): string => tab?.url || data.dynamic?.url || data.main?.url || data.page?.url || ''
+
+const collectRawReferenceTechnologies = (data: any, pageUrl: string = data.page?.url || data.dynamic?.url || data.main?.url || '') => {
   const items: any[] = []
-  const pageUrl = data.page?.url || data.dynamic?.url || data.main?.url || ''
   addAllTechnologies(items, data.page?.technologies)
   addAllTechnologies(items, data.main?.technologies)
   for (const api of data.apis || []) {
-    if (isSameSite(api.url, pageUrl)) addAllTechnologies(items, api.technologies)
+    addAllTechnologies(items, filterCrossSiteTechnologies(api.technologies, api.url, pageUrl))
   }
   for (const frame of data.frames || []) {
-    if (isSameSite(frame.url, pageUrl)) addAllTechnologies(items, frame.technologies)
+    addAllTechnologies(items, filterCrossSiteTechnologies(frame.technologies, frame.url, pageUrl))
   }
   addAllTechnologies(items, data.bundle?.technologies)
   return items
@@ -259,11 +267,11 @@ const collectRawReferenceTechnologies = (data: any) => {
 const cleanRawObservationTechnologies = (items: any[], referenceItems: any[] = []) =>
   mergeTechnologyRecords(suppressFrontendFallbackDuplicates(items || [], referenceItems))
 
-const cleanRawDynamicObservation = (dynamic: any, data: any) => {
+const cleanRawDynamicObservation = (dynamic: any, data: any, pageUrl?: string) => {
   if (!dynamic) return null
   return {
     ...dynamic,
-    technologies: cleanRawObservationTechnologies(dynamic.technologies, collectRawReferenceTechnologies(data))
+    technologies: cleanRawObservationTechnologies(dynamic.technologies, collectRawReferenceTechnologies(data, pageUrl))
   }
 }
 
@@ -308,7 +316,7 @@ const suppressSelfHostTechs = (technologies: any[], pageUrl: string, suppressMap
 
 // 从所有 webRequest 记录里收集 HTTP 协议版本，比注入脚本里读 PerformanceResourceTiming.nextHopProtocol
 // 可靠得多——跨域资源没有 Timing-Allow-Origin 时浏览器把 nextHopProtocol 置空，而 statusLine 是请求发起时浏览器自己写的
-const collectHttpProtocolTechs = (data: any): any[] => {
+const collectHttpProtocolTechs = (data: any, pageUrl: string): any[] => {
   const protocols = new Set<string>()
   const sampleByProto = new Map<string, string>()
   const consume = (record: any) => {
@@ -318,8 +326,12 @@ const collectHttpProtocolTechs = (data: any): any[] => {
     if (!sampleByProto.has(proto)) sampleByProto.set(proto, String(record?.url || ''))
   }
   consume(data?.main)
-  for (const api of data?.apis || []) consume(api)
-  for (const frame of data?.frames || []) consume(frame)
+  for (const api of data?.apis || []) {
+    if (isSameSite(api.url, pageUrl)) consume(api)
+  }
+  for (const frame of data?.frames || []) {
+    if (isSameSite(frame.url, pageUrl)) consume(frame)
+  }
   const out: any[] = []
   const has3 = ['3', '3.0', 'h3'].some(v => protocols.has(v))
   const has2 = ['2', '2.0', 'h2', 'h2c'].some(v => protocols.has(v))
@@ -354,29 +366,26 @@ const shortHostFromUrl = (url: string): string => {
   }
 }
 
-const buildDisplayTechnologies = (data: any, settings: any, suppressMap: Record<string, string[]>) => {
+const buildDisplayTechnologies = (data: any, settings: any, suppressMap: Record<string, string[]>, pageUrl: string) => {
   const all: any[] = []
-  const pageUrl = data.page?.url || data.dynamic?.url || data.main?.url || ''
   addAllTechnologies(all, data.page?.technologies)
   addAllTechnologies(all, data.main?.technologies)
-  addAllTechnologies(all, collectHttpProtocolTechs(data))
-  // 跨可注册域的 API / iframe 响应头只代表第三方（公共 CDN、三方服务）自身的基建，
-  // 不算本站技术栈；同站子域（含前后端分离的 api.* 子域）仍计入。
+  addAllTechnologies(all, collectHttpProtocolTechs(data, pageUrl))
+  // 跨可注册域的 API / iframe 响应头只保留明确第三方服务；CDN、服务器、
+  // 后端框架等基础设施类响应头不算本站技术栈。
   for (const api of data.apis || []) {
-    if (!isSameSite(api.url, pageUrl)) continue
     addAllTechnologies(
       all,
-      (api.technologies || []).map((tech: any) => ({
+      filterCrossSiteTechnologies(api.technologies, api.url, pageUrl).map((tech: any) => ({
         ...tech,
         source: `${tech.source || '响应头'} · API`
       }))
     )
   }
   for (const frame of data.frames || []) {
-    if (!isSameSite(frame.url, pageUrl)) continue
     addAllTechnologies(
       all,
-      (frame.technologies || []).map((tech: any) => ({
+      filterCrossSiteTechnologies(frame.technologies, frame.url, pageUrl).map((tech: any) => ({
         ...tech,
         source: `${tech.source || '响应头'} · iframe`
       }))
@@ -408,13 +417,14 @@ const buildDisplayTechnologies = (data: any, settings: any, suppressMap: Record<
 
 const buildPopupResult = async (data: any, settings: any, tab: any) => {
   const suppressMap = collectSuppressMap(await loadTechRules())
-  const technologies = await attachTechnologyLinks(buildDisplayTechnologies(data, settings, suppressMap), settings)
+  const pageUrl = getCurrentPageUrl(data, tab)
+  const technologies = await attachTechnologyLinks(buildDisplayTechnologies(data, settings, suppressMap, pageUrl), settings)
   const resources = mergeResourceSummary(data.page?.resources || {}, data.dynamic || {})
   const main = data.main || {}
   const headerCount =
     typeof main.headerCount === 'number' && main.headerCount >= 0 ? main.headerCount : Object.keys(main.headers || {}).length
   return {
-    url: data.page?.url || data.dynamic?.url || tab?.url || '',
+    url: pageUrl,
     title: data.page?.title || data.dynamic?.title || tab?.title || '',
     generatedAt: new Date().toISOString(),
     updatedAt: getStoredUpdatedAt(data),
@@ -428,11 +438,12 @@ const buildPopupResult = async (data: any, settings: any, tab: any) => {
 
 export const buildPopupRawResult = async (data: any, settings: any, tab: any) => {
   const suppressMap = collectSuppressMap(await loadTechRules())
-  const technologies = await attachTechnologyLinks(buildDisplayTechnologies(data, settings, suppressMap), settings)
+  const pageUrl = getCurrentPageUrl(data, tab)
+  const technologies = await attachTechnologyLinks(buildDisplayTechnologies(data, settings, suppressMap, pageUrl), settings)
   const resources = mergeResourceSummary(data.page?.resources || {}, data.dynamic || {})
   const headers = data.main?.allHeaders || data.main?.headers || {}
   return {
-    url: data.page?.url || data.dynamic?.url || tab?.url || '',
+    url: pageUrl,
     title: data.page?.title || data.dynamic?.title || tab?.title || '',
     generatedAt: new Date().toISOString(),
     technologies,
@@ -441,7 +452,7 @@ export const buildPopupRawResult = async (data: any, settings: any, tab: any) =>
     apiObservations: data.apis || [],
     frameObservations: data.frames || [],
     bundleObservations: data.bundle || null,
-    dynamicObservations: cleanRawDynamicObservation(data.dynamic, data),
+    dynamicObservations: cleanRawDynamicObservation(data.dynamic, data, pageUrl),
     notes: [
       '前端框架和 UI 框架主要通过页面运行时、DOM、资源 URL 和样式类名判断。',
       'Web 服务器、CDN 和后端框架主要依赖响应头与 Cookie 命名线索；如果站点隐藏响应头，结果会保守显示。',
diff --git a/src/background/script-injection-errors.ts b/src/background/script-injection-errors.ts
new file mode 100644
index 00000000..9a145e72
--- /dev/null
+++ b/src/background/script-injection-errors.ts
@@ -0,0 +1,10 @@
+const SCRIPT_LOAD_ERROR_PATTERN = /\b(?:unable|could not|failed) to load script\b/i
+const SCRIPT_FILE_ACCESS_ERROR_PATTERN =
+  /\b(?:unable to load file|could not load file|failed to load file|no such file|file not found|can't access file|cannot access file)\b/i
+const SCRIPT_FILE_HINT_PATTERN = /(?:\.m?js\b|(?:^|[/\\])(?:assets|injected|src[/\\](?:content|injected))[/\\]|\bcontent script\b|\bscript file\b)/i
+
+export const isScriptFileLoadError = (error: unknown): boolean => {
+  const message = String(error instanceof Error ? error.message : error)
+  if (SCRIPT_LOAD_ERROR_PATTERN.test(message)) return true
+  return SCRIPT_FILE_ACCESS_ERROR_PATTERN.test(message) && SCRIPT_FILE_HINT_PATTERN.test(message)
+}
diff --git a/src/content/agent-bridge-client.ts b/src/content/agent-bridge-client.ts
new file mode 100644
index 00000000..a4eeba31
--- /dev/null
+++ b/src/content/agent-bridge-client.ts
@@ -0,0 +1,745 @@
+import type {
+  AgentBridgeCapabilities,
+  AgentBridgeError,
+  AgentBridgeRuntimeMessage,
+  AgentCaptureRequest,
+  AgentCaptureStatus,
+  AgentProfileTransferAckMessage,
+  AgentProfileTransferCompleteMessage,
+  SiteExperienceProfile
+} from '@/types/agent-bridge'
+
+const errorFromUnknown = (error: unknown, fallback: AgentBridgeError['code']): AgentBridgeError => {
+  const bridgeError = (error as { bridgeError?: AgentBridgeError } | null)?.bridgeError
+  if (bridgeError?.code) return bridgeError
+  return {
+    code: fallback,
+    message: error instanceof Error ? error.message : 'Agent Bridge request failed.'
+  }
+}
+
+export const runAgentBridgeClient = async (): Promise<void> => {
+  type BridgePageContext = {
+    bridgeOrigin: string
+    sessionId: string
+    captureId: string
+    nonce: string
+    bridgeToken: string
+    protocolVersion: number
+  }
+  type BridgeTransferContext = Omit<BridgePageContext, 'bridgeToken' | 'protocolVersion'>
+  type StatusPoster = (status: AgentCaptureStatus, phase?: string, error?: AgentBridgeError) => Promise<void>
+  type BridgeRequester = (path: string, init?: RequestInit) => Promise<any>
+  type TransferResponse = { ok: true; data: null } | { ok: false; error: AgentBridgeError }
+  type TransferState = {
+    chunks: Array<Uint8Array | null>
+    byteLength: number
+    expiresAt: number
+    chunkCount: number
+    nextChunkIndex: number
+    sha256: string
+  }
+
+  const bridgeProtocolVersion = 1 as const
+  const AGENT_PROFILE_TRANSFER_PORT = 'stackprism-agent-profile-transfer'
+  const REQUIRED_AGENT_BRIDGE_CAPABILITIES = [
+    'agentBridge',
+    'siteExperienceProfileV1',
+    'profileChunkTransport',
+    'bridgeContentPost',
+    'storageSession',
+    'experienceProfiler'
+  ] as const
+  const AGENT_BRIDGE_ERROR_CODES = [
+    'NOT_FOUND',
+    'METHOD_NOT_ALLOWED',
+    'UNAUTHORIZED',
+    'FORBIDDEN',
+    'ORIGIN_NOT_ALLOWED',
+    'UNSUPPORTED_MEDIA_TYPE',
+    'UNSUPPORTED_TRANSFER_ENCODING',
+    'INVALID_JSON',
+    'INVALID_REQUEST',
+    'REQUEST_TOO_LARGE',
+    'REQUEST_TIMEOUT',
+    'SERVER_BUSY',
+    'STALE_STATUS_UPDATE',
+    'PORT_IN_USE',
+    'BRIDGE_INVALID_ENV',
+    'BRIDGE_START_FAILED',
+    'BRIDGE_START_TIMEOUT',
+    'BRIDGE_READY_PARSE_FAILED',
+    'BRIDGE_PROTOCOL_UNSUPPORTED',
+    'BRIDGE_PAGE_RENDER_FAILED',
+    'BRIDGE_REQUEST_TIMEOUT',
+    'BRIDGE_REQUEST_MISMATCH',
+    'AGENT_BRIDGE_DISABLED',
+    'CAPTURE_BUSY',
+    'CAPTURE_TIMEOUT',
+    'EXTENSION_NOT_CONNECTED',
+    'BROWSER_OPEN_FAILED',
+    'BRIDGE_TOKEN_CANNOT_READ_PROFILE',
+    'PRIVATE_NETWORK_TARGET_BLOCKED',
+    'TARGET_DNS_LOOKUP_FAILED',
+    'BRIDGE_SELF_TARGET_BLOCKED',
+    'FINAL_URL_BLOCKED',
+    'ACTIVE_TAB_UNAVAILABLE',
+    'ACTIVE_TAB_MISMATCH',
+    'INCOGNITO_NOT_SUPPORTED',
+    'TARGET_LOAD_TIMEOUT',
+    'TARGET_LOAD_FAILED',
+    'TARGET_INJECTION_FAILED',
+    'TARGET_TAB_CLOSED',
+    'BRIDGE_TAB_CLOSED',
+    'TARGET_NAVIGATED_AWAY',
+    'SERVICE_WORKER_RESTARTED',
+    'BRIDGE_TRANSPORT_DISCONNECTED',
+    'PROFILE_TRANSPORT_FAILED',
+    'PROFILE_CHUNK_MISSING',
+    'PROFILE_HASH_MISMATCH',
+    'PROFILE_TOO_LARGE',
+    'RATE_LIMITED',
+    'NONCE_REUSED',
+    'CAPTURE_ALREADY_COMPLETED',
+    'CAPTURE_RESULT_EXPIRED',
+    'NOT_SUPPORTED'
+  ] as const
+  const protocolIdentifierSpecs = {
+    bridgeToken: /^spbt_[A-Za-z0-9_-]{43}$/,
+    captureId: /^cap_[A-Za-z0-9_-]{22}$/,
+    sessionId: /^s_[A-Za-z0-9_-]{22}$/,
+    nonce: /^n_[A-Za-z0-9_-]{22}$/
+  } as const
+  const REQUEST_FIELDS = new Set(['url', 'mode', 'waitMs', 'include', 'viewports', 'options', 'protocolVersion'])
+  const VIEWPORT_FIELDS = new Set(['name', 'width', 'height', 'deviceScaleFactor'])
+  const OPTION_FIELDS = new Set([
+    'forceRefresh',
+    'captureScreenshotMetadata',
+    'captureScreenshot',
+    'keepTabOpen',
+    'allowPrivateNetworkTarget',
+    'targetMode',
+    'maxResourceUrls'
+  ])
+  const REQUEST_ENVELOPE_FIELDS = new Set(['captureId', 'sessionId', 'nonce', 'protocolVersion', 'request'])
+  const ALLOWED_INCLUDES = new Set(['tech', 'visual', 'layout', 'components', 'interaction', 'ux', 'assets'])
+  const ALLOWED_TARGET_MODES = new Set(['reuse_or_new_tab', 'new_tab', 'active_tab'])
+  const BRIDGE_QUERY_KINDS = { session: 'sessionId', capture: 'captureId', nonce: 'nonce' } as const
+  const BRIDGE_META_SELECTOR = 'meta[name="stackprism-agent-bridge"][content="1"]'
+  const CONFIG_SELECTOR = '#stackprism-agent-bridge-config[type="application/json"]'
+  const STATUS_PHASES = new Set([
+    'bridge_connected',
+    'request_loaded',
+    'target_opening',
+    'target_loaded',
+    'detecting_tech',
+    'profiling_experience',
+    'posting_profile',
+    'cleanup'
+  ])
+  const CONTROL_POLL_MS = 1000
+  const TERMINAL_STATUSES = new Set(['completed', 'failed', 'cancelled', 'expired'])
+  const KNOWN_ERROR_CODES = new Set<string>(AGENT_BRIDGE_ERROR_CODES)
+  const PHASE_ORDER = new Map([...STATUS_PHASES].map((phase, index) => [phase, index]))
+  const transferState = new Map<string, TransferState>()
+  const TRANSFER_TTL_MS = 30000
+  const PROFILE_CHUNK_BYTES = 384 * 1024
+  const PROFILE_BODY_BYTES = 8 * 1024 * 1024
+  const SHA256_HEX_PATTERN = /^[a-f0-9]{64}$/
+  const PROFILE_TRANSFER_ID_PATTERN = /^xfer_[A-Za-z0-9_-]{22}$/
+
+  const makeError = (code: AgentBridgeError['code'], message: string, details: Record<string, unknown> = {}): AgentBridgeError => ({
+    code,
+    message,
+    details
+  })
+  const runtimeErrorFromUnknown = (error: unknown, fallback: AgentBridgeError['code']): AgentBridgeError => {
+    const bridgeError = (error as { bridgeError?: AgentBridgeError } | null)?.bridgeError
+    if (bridgeError?.code) return bridgeError
+    const message = error instanceof Error ? error.message : String(error || fallback)
+    const code = KNOWN_ERROR_CODES.has(message) ? (message as AgentBridgeError['code']) : fallback
+    return makeError(code, KNOWN_ERROR_CODES.has(message) ? message : 'Agent Bridge request failed.')
+  }
+  const validateProtocolIdentifier = (kind: keyof typeof protocolIdentifierSpecs | string, value: unknown): boolean => {
+    const spec = protocolIdentifierSpecs[kind as keyof typeof protocolIdentifierSpecs]
+    return typeof value === 'string' && Boolean(spec?.test(value))
+  }
+  const isBridgePageUrl = (value: unknown): boolean => {
+    try {
+      const url = new URL(String(value || ''))
+      return url.protocol === 'http:' && url.hostname === '127.0.0.1' && url.pathname === '/bridge'
+    } catch {
+      return false
+    }
+  }
+  const parseRawBridgeQuery = (url: URL): { session: string; capture: string; nonce: string } | null => {
+    const raw = url.search.replace(/^\?/, '')
+    const parts = raw ? raw.split('&') : []
+    if (parts.length !== 3) return null
+    const values: Record<string, string> = {}
+    for (const part of parts) {
+      const separatorIndex = part.indexOf('=')
+      if (!part || separatorIndex <= 0 || part.indexOf('=', separatorIndex + 1) !== -1) return null
+      const name = part.slice(0, separatorIndex)
+      const value = part.slice(separatorIndex + 1)
+      const kind = BRIDGE_QUERY_KINDS[name as keyof typeof BRIDGE_QUERY_KINDS]
+      if (!kind || values[name] !== undefined || !validateProtocolIdentifier(kind, value)) return null
+      values[name] = value
+    }
+    return values.session && values.capture && values.nonce ? { session: values.session, capture: values.capture, nonce: values.nonce } : null
+  }
+  const parseBridgePageContext = (href: string, configText: string): BridgePageContext => {
+    const url = new URL(href)
+    const query = parseRawBridgeQuery(url)
+    const sessionId = query?.session || ''
+    const captureId = query?.capture || ''
+    const nonce = query?.nonce || ''
+    let config: Record<string, unknown>
+    try {
+      config = JSON.parse(configText || '{}')
+    } catch {
+      throw new Error('INVALID_REQUEST')
+    }
+    const bridgeToken = String(config.bridgeToken || '')
+    const protocolVersion = config.protocolVersion
+    if (
+      !query ||
+      String(config.sessionId || '') !== sessionId ||
+      String(config.captureId || '') !== captureId ||
+      String(config.nonce || '') !== nonce ||
+      !validateProtocolIdentifier('bridgeToken', bridgeToken) ||
+      typeof protocolVersion !== 'number' ||
+      !Number.isInteger(protocolVersion)
+    ) {
+      throw new Error('INVALID_REQUEST')
+    }
+    return { bridgeOrigin: url.origin, sessionId, captureId, nonce, bridgeToken, protocolVersion }
+  }
+  const isCaptureViewport = (viewport: any): boolean =>
+    viewport &&
+    typeof viewport === 'object' &&
+    Object.keys(viewport).every(key => VIEWPORT_FIELDS.has(key)) &&
+    (viewport.name === undefined || (typeof viewport.name === 'string' && /^[A-Za-z0-9_-]{1,32}$/.test(viewport.name))) &&
+    Number.isInteger(viewport.width) &&
+    viewport.width >= 320 &&
+    viewport.width <= 3840 &&
+    Number.isInteger(viewport.height) &&
+    viewport.height >= 320 &&
+    viewport.height <= 2160 &&
+    typeof viewport.deviceScaleFactor === 'number' &&
+    Number.isFinite(viewport.deviceScaleFactor) &&
+    viewport.deviceScaleFactor >= 1 &&
+    viewport.deviceScaleFactor <= 4
+  const isCaptureRequest = (value: any): value is AgentCaptureRequest =>
+    value &&
+    typeof value === 'object' &&
+    Object.keys(value).every(key => REQUEST_FIELDS.has(key)) &&
+    typeof value.url === 'string' &&
+    value.mode === 'experience' &&
+    Number.isInteger(value.waitMs) &&
+    value.waitMs >= 0 &&
+    value.waitMs <= 30000 &&
+    Array.isArray(value.include) &&
+    value.include.length > 0 &&
+    value.include.every((section: unknown) => typeof section === 'string' && ALLOWED_INCLUDES.has(section)) &&
+    Array.isArray(value.viewports) &&
+    value.viewports.length <= 3 &&
+    value.viewports.every(isCaptureViewport) &&
+    value.options &&
+    typeof value.options === 'object' &&
+    Object.keys(value.options).every(key => OPTION_FIELDS.has(key)) &&
+    ['forceRefresh', 'captureScreenshotMetadata', 'keepTabOpen', 'allowPrivateNetworkTarget'].every(
+      key => typeof value.options[key] === 'boolean'
+    ) &&
+    (value.options.captureScreenshot === undefined || typeof value.options.captureScreenshot === 'boolean') &&
+    ALLOWED_TARGET_MODES.has(value.options.targetMode) &&
+    Number.isInteger(value.options.maxResourceUrls) &&
+    value.options.maxResourceUrls >= 0 &&
+    value.options.maxResourceUrls <= 1000 &&
+    value.protocolVersion === bridgeProtocolVersion
+  const validateCaptureRequestEnvelope = (context: BridgePageContext, value: any): AgentCaptureRequest => {
+    if (
+      !value ||
+      typeof value !== 'object' ||
+      !Object.keys(value).every(key => REQUEST_ENVELOPE_FIELDS.has(key)) ||
+      value?.captureId !== context.captureId ||
+      value?.sessionId !== context.sessionId ||
+      value?.nonce !== context.nonce ||
+      value?.protocolVersion !== bridgeProtocolVersion ||
+      !isCaptureRequest(value.request)
+    ) {
+      throw new Error('BRIDGE_REQUEST_MISMATCH')
+    }
+    return value.request
+  }
+  const readBridgeJson = async (response: Response): Promise<any> => {
+    try {
+      return await response.json()
+    } catch {
+      return {
+        error: {
+          code: 'PROFILE_TRANSPORT_FAILED',
+          message: 'Agent Bridge returned a non-JSON response.',
+          details: { status: response.status }
+        }
+      }
+    }
+  }
+  const requestJson = async (context: BridgePageContext, path: string, init: RequestInit = {}) => {
+    const response = await fetch(`${context.bridgeOrigin}${path}`, {
+      ...init,
+      headers: {
+        ...(init.body ? { 'Content-Type': 'application/json' } : {}),
+        Authorization: `Bearer ${context.bridgeToken}`,
+        ...(init.headers || {})
+      },
+      cache: 'no-store'
+    })
+    const body = await readBridgeJson(response)
+    if (!response.ok) {
+      const error = new Error(body?.error?.code || `BRIDGE_HTTP_${response.status}`) as Error & { bridgeError?: AgentBridgeError }
+      error.bridgeError = body?.error || {
+        code: 'PROFILE_TRANSPORT_FAILED',
+        message: 'Agent Bridge request failed.',
+        details: { status: response.status }
+      }
+      throw error
+    }
+    return body
+  }
+  const createStatusPoster = (context: BridgePageContext) => {
+    let sequence = 0
+    return async (
+      status: AgentCaptureStatus,
+      phase?: string,
+      error?: AgentBridgeError,
+      extra: Record<string, unknown> = {},
+      requestInit: RequestInit = {}
+    ) => {
+      sequence += 1
+      await requestJson(context, `/v1/captures/${context.captureId}/status`, {
+        method: 'POST',
+        ...requestInit,
+        body: JSON.stringify({
+          captureId: context.captureId,
+          sessionId: context.sessionId,
+          nonce: context.nonce,
+          protocolVersion: bridgeProtocolVersion,
+          status,
+          phase: normalizeWritableStatusPhase(status, phase && STATUS_PHASES.has(phase) ? phase : undefined),
+          sequence,
+          error,
+          ...extra
+        })
+      })
+    }
+  }
+  const hasRequiredCapabilities = (capabilities: AgentBridgeCapabilities): boolean =>
+    REQUIRED_AGENT_BRIDGE_CAPABILITIES.every(capability => capabilities?.[capability] === true)
+  const missingRequiredCapability = (capabilities: AgentBridgeCapabilities): string | undefined =>
+    REQUIRED_AGENT_BRIDGE_CAPABILITIES.find(capability => capabilities?.[capability] !== true)
+  const normalizeWritableStatusPhase = (status: AgentCaptureStatus, phase?: string): string | undefined =>
+    status === 'cancelled' ? 'cleanup' : status === 'failed' ? phase || 'cleanup' : phase
+  const laterPhase = (left: string, right: string): string => {
+    const leftOrder = PHASE_ORDER.get(left) ?? -1
+    const rightOrder = PHASE_ORDER.get(right) ?? -1
+    return rightOrder > leftOrder ? right : left
+  }
+  const runtimeTransportError = (code: AgentBridgeError['code']): Error & { bridgeError: AgentBridgeError } => {
+    const error = new Error(code) as Error & { bridgeError: AgentBridgeError }
+    error.bridgeError = makeError(code, 'Agent Bridge extension transport is unavailable.', { transport: 'chrome.runtime.sendMessage' })
+    return error
+  }
+  const sendRuntimeMessage = (message: AgentBridgeRuntimeMessage, failureCode: AgentBridgeError['code']): Promise<any> =>
+    new Promise((resolve, reject) => {
+      chrome.runtime.sendMessage(message, response => {
+        if (chrome.runtime.lastError) {
+          reject(runtimeTransportError(failureCode))
+          return
+        }
+        resolve(response)
+      })
+    })
+  const isStatusMessageForContext = (context: BridgePageContext, message: AgentBridgeRuntimeMessage): boolean =>
+    message.type === 'AGENT_CAPTURE_STATUS' &&
+    message.payload?.captureId === context.captureId &&
+    message.payload.sessionId === context.sessionId &&
+    message.payload.nonce === context.nonce &&
+    message.payload.protocolVersion === bridgeProtocolVersion
+  const isIncognitoExtensionContext = (): boolean =>
+    (chrome as { extension?: { inIncognitoContext?: boolean } }).extension?.inIncognitoContext === true
+  const startControlPolling = (context: BridgePageContext) => {
+    const intervalId = window.setInterval(() => {
+      requestJson(context, `/v1/captures/${context.captureId}/control`)
+        .then(control => {
+          const status = String(control?.status || '')
+          if (TERMINAL_STATUSES.has(status)) {
+            window.clearInterval(intervalId)
+            return
+          }
+          if (status === 'cancel_requested' && control?.command === 'cancel') {
+            window.clearInterval(intervalId)
+            return sendRuntimeMessage(
+              {
+                type: 'AGENT_CAPTURE_CONTROL',
+                captureId: context.captureId,
+                sessionId: context.sessionId,
+                nonce: context.nonce,
+                command: 'cancel'
+              },
+              'BRIDGE_TRANSPORT_DISCONNECTED'
+            )
+          }
+        })
+        .catch(() => {})
+    }, CONTROL_POLL_MS)
+    return () => window.clearInterval(intervalId)
+  }
+  const registerCaptureStatusListener = (
+    context: BridgePageContext,
+    postStatus: (status: AgentCaptureStatus, phase?: string, error?: AgentBridgeError, extra?: Record<string, unknown>) => Promise<void>,
+    stopControlPolling: () => void
+  ) => {
+    chrome.runtime.onMessage.addListener((message: AgentBridgeRuntimeMessage, _sender, sendResponse) => {
+      if (message?.type !== 'AGENT_CAPTURE_STATUS') return false
+      if (!isStatusMessageForContext(context, message)) {
+        sendResponse({ ok: false, error: makeError('BRIDGE_REQUEST_MISMATCH', 'Agent capture status context mismatch.') })
+        return false
+      }
+      if (TERMINAL_STATUSES.has(message.payload.status)) stopControlPolling()
+      postStatus(message.payload.status, message.payload.phase, message.payload.error, {
+        finalUrl: message.payload.finalUrl,
+        targetNetworkAddress: message.payload.targetNetworkAddress,
+        targetNetworkFromCache: message.payload.targetNetworkFromCache
+      })
+        .then(() => sendResponse({ ok: true, data: null }))
+        .catch(error => sendResponse({ ok: false, error: error.bridgeError || runtimeErrorFromUnknown(error, 'BRIDGE_TRANSPORT_DISCONNECTED') }))
+      return true
+    })
+  }
+  const decodeBase64 = (value: string): Uint8Array => {
+    if (!value || !/^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$/.test(value)) {
+      throw new Error('Invalid base64.')
+    }
+    const binary = atob(value)
+    const bytes = new Uint8Array(binary.length)
+    for (let index = 0; index < binary.length; index += 1) bytes[index] = binary.charCodeAt(index)
+    return bytes
+  }
+  const assembleChunks = (chunks: Uint8Array[], byteLength: number): Uint8Array => {
+    const bytes = new Uint8Array(byteLength)
+    let offset = 0
+    for (const chunk of chunks) {
+      bytes.set(chunk, offset)
+      offset += chunk.byteLength
+    }
+    return bytes
+  }
+  const sha256Hex = async (bytes: Uint8Array): Promise<string> => {
+    const digest = await crypto.subtle.digest('SHA-256', bytes)
+    return [...new Uint8Array(digest)].map(byte => byte.toString(16).padStart(2, '0')).join('')
+  }
+  const validateTransferMessage = (context: BridgeTransferContext, message: AgentBridgeRuntimeMessage): boolean =>
+    'captureId' in message && message.captureId === context.captureId && message.sessionId === context.sessionId && message.nonce === context.nonce
+  const validateTransferId = (message: AgentBridgeRuntimeMessage): boolean =>
+    'profileTransferId' in message && PROFILE_TRANSFER_ID_PATTERN.test(message.profileTransferId)
+  const clearTransfer = (message: AgentBridgeRuntimeMessage): void => {
+    if ('profileTransferId' in message) transferState.delete(message.profileTransferId)
+  }
+  const pruneExpiredTransfers = (): void => {
+    const now = Date.now()
+    for (const [transferId, state] of transferState) {
+      if (state.expiresAt <= now) transferState.delete(transferId)
+    }
+  }
+  const expectedChunkCount = (byteLength: number): number => Math.max(1, Math.ceil(byteLength / PROFILE_CHUNK_BYTES))
+  const isValidBeginMetadata = (message: AgentBridgeRuntimeMessage): boolean =>
+    message.type === 'AGENT_PROFILE_TRANSFER_BEGIN' &&
+    Number.isInteger(message.chunkCount) &&
+    Number.isInteger(message.byteLength) &&
+    message.byteLength > 0 &&
+    message.byteLength <= PROFILE_BODY_BYTES &&
+    message.chunkCount === expectedChunkCount(message.byteLength) &&
+    SHA256_HEX_PATTERN.test(message.sha256) &&
+    !transferState.has(message.profileTransferId)
+  const toAckMessage = (
+    context: BridgeTransferContext,
+    message: AgentBridgeRuntimeMessage,
+    response: TransferResponse
+  ): AgentProfileTransferAckMessage => {
+    const profileTransferId = 'profileTransferId' in message ? message.profileTransferId : ''
+    const chunkIndex = 'chunkIndex' in message ? message.chunkIndex : undefined
+    return {
+      type: 'AGENT_PROFILE_TRANSFER_ACK',
+      captureId: context.captureId,
+      sessionId: context.sessionId,
+      nonce: context.nonce,
+      profileTransferId,
+      chunkIndex,
+      ok: response.ok,
+      error: response.ok ? undefined : response.error
+    }
+  }
+  const completeProfileTransfer = async (
+    context: BridgeTransferContext,
+    postStatus: StatusPoster,
+    requestJsonForTransfer: BridgeRequester,
+    message: AgentProfileTransferCompleteMessage
+  ): Promise<TransferResponse> => {
+    const state = transferState.get(message.profileTransferId)
+    if (!state || state.chunks.some(chunk => !chunk)) {
+      transferState.delete(message.profileTransferId)
+      await postStatus('failed', 'posting_profile', makeError('PROFILE_CHUNK_MISSING', 'Profile transfer chunk is missing.'))
+      return { ok: false, error: makeError('PROFILE_CHUNK_MISSING', 'Profile transfer chunk is missing.') }
+    }
+    const chunks = state.chunks.filter((chunk): chunk is Uint8Array => Boolean(chunk))
+    const actualByteLength = chunks.reduce((total, chunk) => total + chunk.byteLength, 0)
+    if (actualByteLength !== state.byteLength) {
+      transferState.delete(message.profileTransferId)
+      await postStatus('failed', 'posting_profile', makeError('PROFILE_HASH_MISMATCH', 'Profile transfer hash mismatch.'))
+      return { ok: false, error: makeError('PROFILE_HASH_MISMATCH', 'Profile transfer hash mismatch.') }
+    }
+    const bytes = assembleChunks(chunks, state.byteLength)
+    if (bytes.byteLength !== message.byteLength || message.sha256 !== state.sha256 || (await sha256Hex(bytes)) !== state.sha256) {
+      transferState.delete(message.profileTransferId)
+      await postStatus('failed', 'posting_profile', makeError('PROFILE_HASH_MISMATCH', 'Profile transfer hash mismatch.'))
+      return { ok: false, error: makeError('PROFILE_HASH_MISMATCH', 'Profile transfer hash mismatch.') }
+    }
+    try {
+      const profile = JSON.parse(new TextDecoder('utf-8', { fatal: true }).decode(bytes)) as SiteExperienceProfile
+      await requestJsonForTransfer(`/v1/captures/${context.captureId}/profile`, { method: 'POST', body: JSON.stringify(profile) })
+      return { ok: true, data: null }
+    } catch {
+      await postStatus('failed', 'posting_profile', makeError('PROFILE_TRANSPORT_FAILED', 'Profile transfer payload is invalid.'))
+      return { ok: false, error: makeError('PROFILE_TRANSPORT_FAILED', 'Profile transfer payload is invalid.') }
+    } finally {
+      transferState.delete(message.profileTransferId)
+    }
+  }
+  const handleTransferMessage = async (
+    context: BridgeTransferContext,
+    postStatus: StatusPoster,
+    requestJsonForTransfer: BridgeRequester,
+    message: AgentBridgeRuntimeMessage
+  ): Promise<TransferResponse> => {
+    pruneExpiredTransfers()
+    if (!validateTransferMessage(context, message)) {
+      clearTransfer(message)
+      await postStatus('failed', 'posting_profile', makeError('PROFILE_TRANSPORT_FAILED', 'Profile transfer context mismatch.'))
+      return { ok: false, error: makeError('PROFILE_TRANSPORT_FAILED', 'Profile transfer context mismatch.') }
+    }
+    if (!validateTransferId(message)) {
+      await postStatus('failed', 'posting_profile', makeError('PROFILE_TRANSPORT_FAILED', 'Profile transfer id is invalid.'))
+      return { ok: false, error: makeError('PROFILE_TRANSPORT_FAILED', 'Profile transfer id is invalid.') }
+    }
+    if (message.type === 'AGENT_PROFILE_TRANSFER_BEGIN') {
+      if (!isValidBeginMetadata(message)) {
+        await postStatus('failed', 'posting_profile', makeError('PROFILE_TRANSPORT_FAILED', 'Profile transfer metadata is invalid.'))
+        return { ok: false, error: makeError('PROFILE_TRANSPORT_FAILED', 'Profile transfer metadata is invalid.') }
+      }
+      transferState.set(message.profileTransferId, {
+        chunks: Array(message.chunkCount).fill(null),
+        byteLength: message.byteLength,
+        expiresAt: Date.now() + TRANSFER_TTL_MS,
+        chunkCount: message.chunkCount,
+        nextChunkIndex: 0,
+        sha256: message.sha256
+      })
+      return { ok: true, data: null }
+    }
+    if (message.type === 'AGENT_PROFILE_TRANSFER_CHUNK') {
+      const state = transferState.get(message.profileTransferId)
+      if (
+        !state ||
+        message.chunkCount !== state.chunkCount ||
+        message.chunkIndex < 0 ||
+        message.chunkIndex >= state.chunks.length ||
+        message.chunkIndex !== state.nextChunkIndex ||
+        state.chunks[message.chunkIndex]
+      ) {
+        transferState.delete(message.profileTransferId)
+        await postStatus('failed', 'posting_profile', makeError('PROFILE_CHUNK_MISSING', 'Profile transfer chunk is missing.'))
+        return { ok: false, error: makeError('PROFILE_CHUNK_MISSING', 'Profile transfer chunk is missing.') }
+      }
+      let chunk: Uint8Array
+      try {
+        chunk = decodeBase64(message.payloadBase64)
+      } catch {
+        transferState.delete(message.profileTransferId)
+        await postStatus('failed', 'posting_profile', makeError('PROFILE_TRANSPORT_FAILED', 'Profile transfer chunk is invalid.'))
+        return { ok: false, error: makeError('PROFILE_TRANSPORT_FAILED', 'Profile transfer chunk is invalid.') }
+      }
+      if (chunk.byteLength !== message.chunkByteLength) {
+        transferState.delete(message.profileTransferId)
+        await postStatus('failed', 'posting_profile', makeError('PROFILE_TRANSPORT_FAILED', 'Profile chunk length mismatch.'))
+        return { ok: false, error: makeError('PROFILE_TRANSPORT_FAILED', 'Profile chunk length mismatch.') }
+      }
+      state.chunks[message.chunkIndex] = chunk
+      state.nextChunkIndex += 1
+      return { ok: true, data: null }
+    }
+    if (message.type === 'AGENT_PROFILE_TRANSFER_COMPLETE') return completeProfileTransfer(context, postStatus, requestJsonForTransfer, message)
+    return { ok: false, error: makeError('PROFILE_TRANSPORT_FAILED', 'Unsupported profile transfer message.') }
+  }
+  const registerProfileTransferListener = (context: BridgeTransferContext, postStatus: StatusPoster, requestJsonForTransfer: BridgeRequester) => {
+    const port = chrome.runtime.connect({ name: AGENT_PROFILE_TRANSFER_PORT })
+    let terminal = false
+    port.postMessage({
+      type: 'AGENT_PROFILE_TRANSFER_PORT_HELLO',
+      captureId: context.captureId,
+      sessionId: context.sessionId,
+      nonce: context.nonce,
+      protocolVersion: bridgeProtocolVersion
+    })
+    port.onMessage.addListener((message: AgentBridgeRuntimeMessage) => {
+      if (!message?.type || !message.type.startsWith('AGENT_PROFILE_TRANSFER_') || message.type === 'AGENT_PROFILE_TRANSFER_ACK') return
+      handleTransferMessage(context, postStatus, requestJsonForTransfer, message)
+        .then(response => {
+          if (message.type === 'AGENT_PROFILE_TRANSFER_COMPLETE' && response.ok) terminal = true
+          port.postMessage(toAckMessage(context, message, response))
+        })
+        .catch(error =>
+          port.postMessage(
+            toAckMessage(context, message, {
+              ok: false,
+              error: makeError(
+                'PROFILE_TRANSPORT_FAILED',
+                error instanceof Error && error.message === 'PROFILE_TRANSPORT_FAILED'
+                  ? 'PROFILE_TRANSPORT_FAILED'
+                  : 'Profile transfer handling failed.'
+              )
+            })
+          )
+        )
+    })
+    port.onDisconnect.addListener(() => {
+      if (terminal) return
+      postStatus('failed', 'posting_profile', makeError('BRIDGE_TRANSPORT_DISCONNECTED', 'Profile transfer port disconnected.')).catch(
+        () => {}
+      )
+    })
+  }
+
+  if (!isBridgePageUrl(location.href)) return
+  const meta = document.querySelector(BRIDGE_META_SELECTOR)
+  if (!meta) return
+  if (document.documentElement.dataset.stackprismAgentBridgeClient === 'ready') return
+  const configElement = document.querySelector(CONFIG_SELECTOR)
+  let context: BridgePageContext
+  try {
+    context = parseBridgePageContext(location.href, configElement?.textContent || '')
+  } catch (error) {
+    document.documentElement.dataset.stackprismAgentBridgeError = runtimeErrorFromUnknown(error, 'INVALID_REQUEST').code
+    return
+  }
+  const postStatus = createStatusPoster(context)
+  let terminalStatusPosted = false
+  let stopControlPolling = () => {}
+  let currentPhase = 'bridge_connected'
+  const postTrackedStatus = async (
+    status: AgentCaptureStatus,
+    phase?: string,
+    error?: AgentBridgeError,
+    extra: Record<string, unknown> = {},
+    requestInit: RequestInit = {}
+  ) => {
+    if (phase && STATUS_PHASES.has(phase)) currentPhase = laterPhase(currentPhase, phase)
+    const writablePhase = status === 'failed' ? currentPhase : phase
+    if (TERMINAL_STATUSES.has(status)) {
+      terminalStatusPosted = true
+      stopControlPolling()
+    }
+    await postStatus(status, writablePhase, error, extra, requestInit)
+  }
+  const postBridgeClosed = () => {
+    if (terminalStatusPosted) return
+    if (context.bridgeOrigin !== location.origin || !isBridgePageUrl(location.href)) return
+    terminalStatusPosted = true
+    postStatus('failed', 'cleanup', makeError('BRIDGE_TAB_CLOSED', 'Agent bridge page was closed.'), {}, { keepalive: true }).catch(
+      () => {}
+    )
+  }
+  window.addEventListener('pagehide', postBridgeClosed, { once: true })
+  window.addEventListener('beforeunload', postBridgeClosed, { once: true })
+  document.documentElement.dataset.stackprismAgentBridgeClient = 'ready'
+
+  try {
+    if (isIncognitoExtensionContext()) {
+      await postTrackedStatus(
+        'failed',
+        'bridge_connected',
+        makeError('INCOGNITO_NOT_SUPPORTED', 'Incognito bridge pages are not supported.')
+      )
+      return
+    }
+    if (context.protocolVersion !== bridgeProtocolVersion) {
+      await postTrackedStatus(
+        'failed',
+        'bridge_connected',
+        makeError('BRIDGE_PROTOCOL_UNSUPPORTED', 'Bridge protocol version is unsupported.')
+      )
+      return
+    }
+    registerCaptureStatusListener(context, postTrackedStatus, () => stopControlPolling())
+    const requestEnvelope = await requestJson(context, `/v1/captures/${context.captureId}/request`)
+    const request = validateCaptureRequestEnvelope(context, requestEnvelope)
+    await postTrackedStatus('waiting_extension', 'request_loaded')
+    const hello = await sendRuntimeMessage(
+      {
+        type: 'AGENT_BRIDGE_HELLO',
+        captureId: context.captureId,
+        sessionId: context.sessionId,
+        nonce: context.nonce,
+        protocolVersion: bridgeProtocolVersion
+      },
+      'EXTENSION_NOT_CONNECTED'
+    )
+    if (!hello?.ok) {
+      await postTrackedStatus('failed', 'request_loaded', hello?.error || makeError('INVALID_REQUEST', 'Agent bridge hello failed.'))
+      return
+    }
+    if (!hasRequiredCapabilities(hello.data.capabilities)) {
+      const missingCapability = missingRequiredCapability(hello.data.capabilities)
+      await postTrackedStatus(
+        'failed',
+        'request_loaded',
+        makeError('NOT_SUPPORTED', 'Required extension capabilities are missing.', { missingCapability })
+      )
+      return
+    }
+    registerProfileTransferListener(context, postTrackedStatus, (path, init) => requestJson(context, path, init))
+    await postTrackedStatus('running', 'target_opening')
+    const startResponse = await sendRuntimeMessage(
+      {
+        type: 'START_AGENT_CAPTURE',
+        captureId: context.captureId,
+        sessionId: context.sessionId,
+        nonce: context.nonce,
+        bridgeOrigin: context.bridgeOrigin,
+        request,
+        capabilities: hello.data.capabilities
+      },
+      'BRIDGE_TRANSPORT_DISCONNECTED'
+    )
+    if (!startResponse?.ok) {
+      await postTrackedStatus(
+        'failed',
+        'target_opening',
+        startResponse?.error || makeError('INVALID_REQUEST', 'Agent capture start failed.')
+      )
+      return
+    }
+    stopControlPolling = startControlPolling(context)
+  } catch (error) {
+    await postTrackedStatus('failed', currentPhase, runtimeErrorFromUnknown(error, 'PROFILE_TRANSPORT_FAILED')).catch(() => {})
+  }
+}
+
+if (typeof window !== 'undefined' && typeof document !== 'undefined' && typeof chrome !== 'undefined' && chrome.runtime) {
+  runAgentBridgeClient().catch(error => {
+    console.error('[StackPrism Agent Bridge] runAgentBridgeClient failed', {
+      errorCode: errorFromUnknown(error, 'PROFILE_TRANSPORT_FAILED').code
+    })
+    document.documentElement.dataset.stackprismAgentBridgeError = 'PROFILE_TRANSPORT_FAILED'
+  })
+}
diff --git a/src/content/agent-bridge-request.ts b/src/content/agent-bridge-request.ts
new file mode 100644
index 00000000..74e98f90
--- /dev/null
+++ b/src/content/agent-bridge-request.ts
@@ -0,0 +1,164 @@
+import type { AgentCaptureRequest } from '@/types/agent-bridge'
+
+const bridgeProtocolVersion = 1 as const
+const protocolIdentifierSpecs = {
+  bridgeToken: /^spbt_[A-Za-z0-9_-]{43}$/,
+  captureId: /^cap_[A-Za-z0-9_-]{22}$/,
+  sessionId: /^s_[A-Za-z0-9_-]{22}$/,
+  nonce: /^n_[A-Za-z0-9_-]{22}$/
+} as const
+const REQUEST_FIELDS = new Set(['url', 'mode', 'waitMs', 'include', 'viewports', 'options', 'protocolVersion'])
+const VIEWPORT_FIELDS = new Set(['name', 'width', 'height', 'deviceScaleFactor'])
+const OPTION_FIELDS = new Set([
+  'forceRefresh',
+  'captureScreenshotMetadata',
+  'captureScreenshot',
+  'keepTabOpen',
+  'allowPrivateNetworkTarget',
+  'targetMode',
+  'maxResourceUrls'
+])
+const REQUEST_ENVELOPE_FIELDS = new Set(['captureId', 'sessionId', 'nonce', 'protocolVersion', 'request'])
+const ALLOWED_INCLUDES = new Set(['tech', 'visual', 'layout', 'components', 'interaction', 'ux', 'assets'])
+const ALLOWED_TARGET_MODES = new Set(['reuse_or_new_tab', 'new_tab', 'active_tab'])
+const BRIDGE_QUERY_KINDS = {
+  session: 'sessionId',
+  capture: 'captureId',
+  nonce: 'nonce'
+} as const
+
+const validateProtocolIdentifier = (kind: keyof typeof protocolIdentifierSpecs | string, value: unknown): boolean => {
+  const spec = protocolIdentifierSpecs[kind as keyof typeof protocolIdentifierSpecs]
+  return typeof value === 'string' && Boolean(spec?.test(value))
+}
+
+export interface BridgePageContext {
+  bridgeOrigin: string
+  sessionId: string
+  captureId: string
+  nonce: string
+  bridgeToken: string
+  protocolVersion: number
+}
+
+export const isBridgePageUrl = (value: unknown): boolean => {
+  try {
+    const url = new URL(String(value || ''))
+    return url.protocol === 'http:' && url.hostname === '127.0.0.1' && url.pathname === '/bridge'
+  } catch {
+    return false
+  }
+}
+
+const parseRawBridgeQuery = (url: URL): { session: string; capture: string; nonce: string } | null => {
+  const raw = url.search.replace(/^\?/, '')
+  const parts = raw ? raw.split('&') : []
+  if (parts.length !== 3) return null
+  const values: Record<string, string> = {}
+  for (const part of parts) {
+    const separatorIndex = part.indexOf('=')
+    if (!part || separatorIndex <= 0 || part.indexOf('=', separatorIndex + 1) !== -1) return null
+    const name = part.slice(0, separatorIndex)
+    const value = part.slice(separatorIndex + 1)
+    const kind = BRIDGE_QUERY_KINDS[name as keyof typeof BRIDGE_QUERY_KINDS]
+    if (!kind || values[name] !== undefined || !validateProtocolIdentifier(kind, value)) return null
+    values[name] = value
+  }
+  return values.session && values.capture && values.nonce ? { session: values.session, capture: values.capture, nonce: values.nonce } : null
+}
+
+export const parseBridgePageContext = (href: string, configText: string): BridgePageContext => {
+  const url = new URL(href)
+  const query = parseRawBridgeQuery(url)
+  const sessionId = query?.session || ''
+  const captureId = query?.capture || ''
+  const nonce = query?.nonce || ''
+  let config: Record<string, unknown>
+  try {
+    config = JSON.parse(configText || '{}')
+  } catch {
+    throw new Error('INVALID_REQUEST')
+  }
+  const configSessionId = String(config.sessionId || '')
+  const configCaptureId = String(config.captureId || '')
+  const configNonce = String(config.nonce || '')
+  const bridgeToken = String(config.bridgeToken || '')
+  const protocolVersion = config.protocolVersion
+
+  if (
+    !query ||
+    !validateProtocolIdentifier('sessionId', sessionId) ||
+    !validateProtocolIdentifier('captureId', captureId) ||
+    !validateProtocolIdentifier('nonce', nonce) ||
+    configSessionId !== sessionId ||
+    configCaptureId !== captureId ||
+    configNonce !== nonce ||
+    !validateProtocolIdentifier('bridgeToken', bridgeToken) ||
+    typeof protocolVersion !== 'number' ||
+    !Number.isInteger(protocolVersion)
+  ) {
+    throw new Error('INVALID_REQUEST')
+  }
+
+  return { bridgeOrigin: url.origin, sessionId, captureId, nonce, bridgeToken, protocolVersion }
+}
+
+const isCaptureViewport = (viewport: any): boolean =>
+  viewport &&
+  typeof viewport === 'object' &&
+  Object.keys(viewport).every(key => VIEWPORT_FIELDS.has(key)) &&
+  (viewport.name === undefined || (typeof viewport.name === 'string' && /^[A-Za-z0-9_-]{1,32}$/.test(viewport.name))) &&
+  Number.isInteger(viewport.width) &&
+  viewport.width >= 320 &&
+  viewport.width <= 3840 &&
+  Number.isInteger(viewport.height) &&
+  viewport.height >= 320 &&
+  viewport.height <= 2160 &&
+  typeof viewport.deviceScaleFactor === 'number' &&
+  Number.isFinite(viewport.deviceScaleFactor) &&
+  viewport.deviceScaleFactor >= 1 &&
+  viewport.deviceScaleFactor <= 4
+
+const isCaptureRequest = (value: any): value is AgentCaptureRequest =>
+  value &&
+  typeof value === 'object' &&
+  Object.keys(value).every(key => REQUEST_FIELDS.has(key)) &&
+  typeof value.url === 'string' &&
+  value.mode === 'experience' &&
+  Number.isInteger(value.waitMs) &&
+  value.waitMs >= 0 &&
+  value.waitMs <= 30000 &&
+  Array.isArray(value.include) &&
+  value.include.length > 0 &&
+  value.include.every((section: unknown) => typeof section === 'string' && ALLOWED_INCLUDES.has(section)) &&
+  Array.isArray(value.viewports) &&
+  value.viewports.length <= 3 &&
+  value.viewports.every(isCaptureViewport) &&
+  value.options &&
+  typeof value.options === 'object' &&
+  Object.keys(value.options).every(key => OPTION_FIELDS.has(key)) &&
+  ['forceRefresh', 'captureScreenshotMetadata', 'keepTabOpen', 'allowPrivateNetworkTarget'].every(
+    key => typeof value.options[key] === 'boolean'
+  ) &&
+  (value.options.captureScreenshot === undefined || typeof value.options.captureScreenshot === 'boolean') &&
+  ALLOWED_TARGET_MODES.has(value.options.targetMode) &&
+  Number.isInteger(value.options.maxResourceUrls) &&
+  value.options.maxResourceUrls >= 0 &&
+  value.options.maxResourceUrls <= 1000 &&
+  value.protocolVersion === bridgeProtocolVersion
+
+export const validateCaptureRequestEnvelope = (context: BridgePageContext, value: any): AgentCaptureRequest => {
+  if (
+    !value ||
+    typeof value !== 'object' ||
+    !Object.keys(value).every(key => REQUEST_ENVELOPE_FIELDS.has(key)) ||
+    value?.captureId !== context.captureId ||
+    value?.sessionId !== context.sessionId ||
+    value?.nonce !== context.nonce ||
+    value?.protocolVersion !== bridgeProtocolVersion ||
+    !isCaptureRequest(value.request)
+  ) {
+    throw new Error('BRIDGE_REQUEST_MISMATCH')
+  }
+  return value.request
+}
diff --git a/src/content/agent-bridge-transfer.ts b/src/content/agent-bridge-transfer.ts
new file mode 100644
index 00000000..70c1a391
--- /dev/null
+++ b/src/content/agent-bridge-transfer.ts
@@ -0,0 +1,265 @@
+import type {
+  AgentBridgeRuntimeMessage,
+  AgentBridgeError,
+  AgentCaptureStatus,
+  AgentProfileTransferAckMessage,
+  AgentProfileTransferCompleteMessage,
+  SiteExperienceProfile
+} from '@/types/agent-bridge'
+
+const AGENT_PROFILE_TRANSFER_PORT = 'stackprism-agent-profile-transfer'
+const bridgeProtocolVersion = 1 as const
+interface BridgeTransferContext {
+  bridgeOrigin: string
+  sessionId: string
+  captureId: string
+  nonce: string
+}
+
+interface TransferState {
+  chunks: Array<Uint8Array | null>
+  byteLength: number
+  expiresAt: number
+  chunkCount: number
+  nextChunkIndex: number
+  sha256: string
+}
+
+type StatusPoster = (status: AgentCaptureStatus, phase?: string, error?: AgentBridgeError) => Promise<void>
+type BridgeRequester = (path: string, init?: RequestInit) => Promise<any>
+type TransferResponse = { ok: true; data: null } | { ok: false; error: AgentBridgeError }
+
+const transferState = new Map<string, TransferState>()
+const TRANSFER_TTL_MS = 30000
+const PROFILE_CHUNK_BYTES = 384 * 1024
+const PROFILE_BODY_BYTES = 8 * 1024 * 1024
+const SHA256_HEX_PATTERN = /^[a-f0-9]{64}$/
+const PROFILE_TRANSFER_ID_PATTERN = /^xfer_[A-Za-z0-9_-]{22}$/
+
+const makeError = (code: AgentBridgeError['code'], message: string): AgentBridgeError => ({ code, message })
+
+const decodeBase64 = (value: string): Uint8Array => {
+  if (!value || !/^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$/.test(value)) {
+    throw new Error('Invalid base64.')
+  }
+  const binary = atob(value)
+  const bytes = new Uint8Array(binary.length)
+  for (let index = 0; index < binary.length; index += 1) bytes[index] = binary.charCodeAt(index)
+  return bytes
+}
+
+const assembleChunks = (chunks: Uint8Array[], byteLength: number): Uint8Array => {
+  const bytes = new Uint8Array(byteLength)
+  let offset = 0
+  for (const chunk of chunks) {
+    bytes.set(chunk, offset)
+    offset += chunk.byteLength
+  }
+  return bytes
+}
+
+const sha256Hex = async (bytes: Uint8Array): Promise<string> => {
+  const digest = await crypto.subtle.digest('SHA-256', bytes)
+  return [...new Uint8Array(digest)].map(byte => byte.toString(16).padStart(2, '0')).join('')
+}
+
+const validateTransferMessage = (context: BridgeTransferContext, message: AgentBridgeRuntimeMessage): boolean =>
+  'captureId' in message &&
+  message.captureId === context.captureId &&
+  message.sessionId === context.sessionId &&
+  message.nonce === context.nonce
+
+const validateTransferId = (message: AgentBridgeRuntimeMessage): boolean =>
+  'profileTransferId' in message && PROFILE_TRANSFER_ID_PATTERN.test(message.profileTransferId)
+
+const clearTransfer = (message: AgentBridgeRuntimeMessage): void => {
+  if ('profileTransferId' in message) transferState.delete(message.profileTransferId)
+}
+
+const pruneExpiredTransfers = (): void => {
+  const now = Date.now()
+  for (const [transferId, state] of transferState) {
+    if (state.expiresAt <= now) transferState.delete(transferId)
+  }
+}
+
+const expectedChunkCount = (byteLength: number): number => Math.max(1, Math.ceil(byteLength / PROFILE_CHUNK_BYTES))
+
+const isValidBeginMetadata = (message: AgentBridgeRuntimeMessage): boolean =>
+  message.type === 'AGENT_PROFILE_TRANSFER_BEGIN' &&
+  Number.isInteger(message.chunkCount) &&
+  Number.isInteger(message.byteLength) &&
+  message.byteLength > 0 &&
+  message.byteLength <= PROFILE_BODY_BYTES &&
+  message.chunkCount === expectedChunkCount(message.byteLength) &&
+  SHA256_HEX_PATTERN.test(message.sha256) &&
+  !transferState.has(message.profileTransferId)
+
+export const registerProfileTransferListener = (context: BridgeTransferContext, postStatus: StatusPoster, requestJson: BridgeRequester) => {
+  const port = chrome.runtime.connect({ name: AGENT_PROFILE_TRANSFER_PORT })
+  let terminal = false
+  port.postMessage({
+    type: 'AGENT_PROFILE_TRANSFER_PORT_HELLO',
+    captureId: context.captureId,
+    sessionId: context.sessionId,
+    nonce: context.nonce,
+    protocolVersion: bridgeProtocolVersion
+  })
+  port.onMessage.addListener((message: AgentBridgeRuntimeMessage) => {
+    if (!message?.type || !message.type.startsWith('AGENT_PROFILE_TRANSFER_') || message.type === 'AGENT_PROFILE_TRANSFER_ACK') return
+    handleTransferMessage(context, postStatus, requestJson, message)
+      .then(response => {
+        if (message.type === 'AGENT_PROFILE_TRANSFER_COMPLETE' && response.ok) terminal = true
+        port.postMessage(toAckMessage(context, message, response))
+      })
+      .catch(error =>
+        port.postMessage(
+          toAckMessage(context, message, {
+            ok: false,
+            error: makeError(
+              'PROFILE_TRANSPORT_FAILED',
+              error instanceof Error && error.message === 'PROFILE_TRANSPORT_FAILED'
+                ? 'PROFILE_TRANSPORT_FAILED'
+                : 'Profile transfer handling failed.'
+            )
+          })
+        )
+      )
+  })
+  port.onDisconnect.addListener(() => {
+    if (terminal) return
+    postStatus('failed', 'posting_profile', makeError('BRIDGE_TRANSPORT_DISCONNECTED', 'Profile transfer port disconnected.')).catch(
+      () => {}
+    )
+  })
+}
+
+const toAckMessage = (
+  context: BridgeTransferContext,
+  message: AgentBridgeRuntimeMessage,
+  response: TransferResponse
+): AgentProfileTransferAckMessage => {
+  const profileTransferId = 'profileTransferId' in message ? message.profileTransferId : ''
+  const chunkIndex = 'chunkIndex' in message ? message.chunkIndex : undefined
+  return {
+    type: 'AGENT_PROFILE_TRANSFER_ACK',
+    captureId: context.captureId,
+    sessionId: context.sessionId,
+    nonce: context.nonce,
+    profileTransferId,
+    chunkIndex,
+    ok: response.ok,
+    error: response.ok ? undefined : response.error
+  }
+}
+
+export const handleTransferMessage = async (
+  context: BridgeTransferContext,
+  postStatus: StatusPoster,
+  requestJson: BridgeRequester,
+  message: AgentBridgeRuntimeMessage
+): Promise<TransferResponse> => {
+  pruneExpiredTransfers()
+  if (!validateTransferMessage(context, message)) {
+    clearTransfer(message)
+    await postStatus('failed', 'posting_profile', makeError('PROFILE_TRANSPORT_FAILED', 'Profile transfer context mismatch.'))
+    return { ok: false, error: makeError('PROFILE_TRANSPORT_FAILED', 'Profile transfer context mismatch.') }
+  }
+  if (!validateTransferId(message)) {
+    await postStatus('failed', 'posting_profile', makeError('PROFILE_TRANSPORT_FAILED', 'Profile transfer id is invalid.'))
+    return { ok: false, error: makeError('PROFILE_TRANSPORT_FAILED', 'Profile transfer id is invalid.') }
+  }
+
+  if (message.type === 'AGENT_PROFILE_TRANSFER_BEGIN') {
+    if (!isValidBeginMetadata(message)) {
+      await postStatus('failed', 'posting_profile', makeError('PROFILE_TRANSPORT_FAILED', 'Profile transfer metadata is invalid.'))
+      return { ok: false, error: makeError('PROFILE_TRANSPORT_FAILED', 'Profile transfer metadata is invalid.') }
+    }
+    transferState.set(message.profileTransferId, {
+      chunks: Array(message.chunkCount).fill(null),
+      byteLength: message.byteLength,
+      expiresAt: Date.now() + TRANSFER_TTL_MS,
+      chunkCount: message.chunkCount,
+      nextChunkIndex: 0,
+      sha256: message.sha256
+    })
+    return { ok: true, data: null }
+  }
+
+  if (message.type === 'AGENT_PROFILE_TRANSFER_CHUNK') {
+    const state = transferState.get(message.profileTransferId)
+    if (
+      !state ||
+      message.chunkCount !== state.chunkCount ||
+      message.chunkIndex < 0 ||
+      message.chunkIndex >= state.chunks.length ||
+      message.chunkIndex !== state.nextChunkIndex ||
+      state.chunks[message.chunkIndex]
+    ) {
+      transferState.delete(message.profileTransferId)
+      await postStatus('failed', 'posting_profile', makeError('PROFILE_CHUNK_MISSING', 'Profile transfer chunk is missing.'))
+      return { ok: false, error: makeError('PROFILE_CHUNK_MISSING', 'Profile transfer chunk is missing.') }
+    }
+    let chunk: Uint8Array
+    try {
+      chunk = decodeBase64(message.payloadBase64)
+    } catch {
+      transferState.delete(message.profileTransferId)
+      await postStatus('failed', 'posting_profile', makeError('PROFILE_TRANSPORT_FAILED', 'Profile transfer chunk is invalid.'))
+      return { ok: false, error: makeError('PROFILE_TRANSPORT_FAILED', 'Profile transfer chunk is invalid.') }
+    }
+    if (chunk.byteLength !== message.chunkByteLength) {
+      transferState.delete(message.profileTransferId)
+      await postStatus('failed', 'posting_profile', makeError('PROFILE_TRANSPORT_FAILED', 'Profile chunk length mismatch.'))
+      return { ok: false, error: makeError('PROFILE_TRANSPORT_FAILED', 'Profile chunk length mismatch.') }
+    }
+    state.chunks[message.chunkIndex] = chunk
+    state.nextChunkIndex += 1
+    return { ok: true, data: null }
+  }
+
+  if (message.type === 'AGENT_PROFILE_TRANSFER_COMPLETE') {
+    return completeProfileTransfer(context, postStatus, requestJson, message)
+  }
+
+  return { ok: false, error: makeError('PROFILE_TRANSPORT_FAILED', 'Unsupported profile transfer message.') }
+}
+
+const completeProfileTransfer = async (
+  context: BridgeTransferContext,
+  postStatus: StatusPoster,
+  requestJson: BridgeRequester,
+  message: AgentProfileTransferCompleteMessage
+): Promise<TransferResponse> => {
+  const state = transferState.get(message.profileTransferId)
+  if (!state || state.chunks.some(chunk => !chunk)) {
+    transferState.delete(message.profileTransferId)
+    await postStatus('failed', 'posting_profile', makeError('PROFILE_CHUNK_MISSING', 'Profile transfer chunk is missing.'))
+    return { ok: false, error: makeError('PROFILE_CHUNK_MISSING', 'Profile transfer chunk is missing.') }
+  }
+
+  const chunks = state.chunks.filter((chunk): chunk is Uint8Array => Boolean(chunk))
+  const actualByteLength = chunks.reduce((total, chunk) => total + chunk.byteLength, 0)
+  if (actualByteLength !== state.byteLength) {
+    transferState.delete(message.profileTransferId)
+    await postStatus('failed', 'posting_profile', makeError('PROFILE_HASH_MISMATCH', 'Profile transfer hash mismatch.'))
+    return { ok: false, error: makeError('PROFILE_HASH_MISMATCH', 'Profile transfer hash mismatch.') }
+  }
+  const bytes = assembleChunks(chunks, state.byteLength)
+  if (bytes.byteLength !== message.byteLength || message.sha256 !== state.sha256 || (await sha256Hex(bytes)) !== state.sha256) {
+    transferState.delete(message.profileTransferId)
+    await postStatus('failed', 'posting_profile', makeError('PROFILE_HASH_MISMATCH', 'Profile transfer hash mismatch.'))
+    return { ok: false, error: makeError('PROFILE_HASH_MISMATCH', 'Profile transfer hash mismatch.') }
+  }
+
+  try {
+    const profile = JSON.parse(new TextDecoder('utf-8', { fatal: true }).decode(bytes)) as SiteExperienceProfile
+    await requestJson(`/v1/captures/${context.captureId}/profile`, { method: 'POST', body: JSON.stringify(profile) })
+    return { ok: true, data: null }
+  } catch {
+    await postStatus('failed', 'posting_profile', makeError('PROFILE_TRANSPORT_FAILED', 'Profile transfer payload is invalid.'))
+    return { ok: false, error: makeError('PROFILE_TRANSPORT_FAILED', 'Profile transfer payload is invalid.') }
+  } finally {
+    transferState.delete(message.profileTransferId)
+  }
+}
diff --git a/src/content/content-observer.ts b/src/content/content-observer.ts
index d6b492f9..e98f3be1 100644
--- a/src/content/content-observer.ts
+++ b/src/content/content-observer.ts
@@ -1,5 +1,31 @@
 // @ts-nocheck
-;(() => {
+export const runContentObserver = () => {
+  const isStackPrismAgentBridgeUrl = () => {
+    if (location.protocol !== 'http:' || location.hostname !== '127.0.0.1' || location.pathname !== '/bridge') return false
+    const specs = {
+      session: /^s_[A-Za-z0-9_-]{22}$/,
+      capture: /^cap_[A-Za-z0-9_-]{22}$/,
+      nonce: /^n_[A-Za-z0-9_-]{22}$/
+    }
+    const values = {}
+    const parts = location.search.replace(/^\?/, '').split('&').filter(Boolean)
+    if (parts.length !== 3) return false
+    for (const part of parts) {
+      const separatorIndex = part.indexOf('=')
+      if (separatorIndex <= 0 || part.indexOf('=', separatorIndex + 1) !== -1) return false
+      const name = part.slice(0, separatorIndex)
+      const value = part.slice(separatorIndex + 1)
+      const spec = specs[name]
+      if (!spec || values[name] !== undefined || !spec.test(value)) return false
+      values[name] = value
+    }
+    return Boolean(values.session && values.capture && values.nonce)
+  }
+
+  if (isStackPrismAgentBridgeUrl()) {
+    return
+  }
+
   const MAX_ITEMS = 300
   const MAX_DOM_MARKERS = 120
   const MAX_MUTATION_COUNT = 5000
@@ -685,4 +711,8 @@
     }
     stopObserver({ keepErrorGuards: true })
   }
-})()
+}
+
+if (typeof window !== 'undefined' && typeof document !== 'undefined' && typeof chrome !== 'undefined') {
+  runContentObserver()
+}
diff --git a/src/injected/experience-profiler-common.ts b/src/injected/experience-profiler-common.ts
new file mode 100644
index 00000000..de5691b6
--- /dev/null
+++ b/src/injected/experience-profiler-common.ts
@@ -0,0 +1,111 @@
+export const LIMITS = {
+  nodes: 2000,
+  styleNodes: 80,
+  componentSamples: 80,
+  textSamples: 80,
+  cssRules: 400,
+  resourceUrls: 300,
+  executeScriptResultBytes: 2 * 1024 * 1024
+} as const
+
+export type Truncation = {
+  domNodes: number
+  componentSamples: number
+  textSamples: number
+  cssRules: number
+  resourceUrls: number
+  executeScriptResult: number
+  executeScriptResultOverLimit: number
+}
+
+export const emptyTruncation = (): Truncation => ({
+  domNodes: 0,
+  componentSamples: 0,
+  textSamples: 0,
+  cssRules: 0,
+  resourceUrls: 0,
+  executeScriptResult: 0,
+  executeScriptResultOverLimit: 0
+})
+
+export const cleanText = (value: unknown, limit = 140): string =>
+  String(value ?? '')
+    .replace(/[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,}/gi, '[redacted]')
+    .replace(/\b(?:\+?\d[\d\s-]{8,}\d|\d{11,})\b/g, '[redacted]')
+    .replace(/(?:[￥$€£]\s*\d+(?:\.\d+)?)/g, '[redacted]')
+    .replace(
+      /\b([A-Za-z0-9_-]*(?:token|secret|session|auth|authorization|key|signature|password|pass|cookie)[A-Za-z0-9_-]*)\s*[:=]\s*(?:Bearer\s+)?[^,\s;&]+/gi,
+      '$1=[redacted]'
+    )
+    .replace(/\s+/g, ' ')
+    .trim()
+    .slice(0, limit)
+
+export const includeScreenshotMetadata = (): boolean => Boolean((globalThis as any).__STACKPRISM_EXPERIENCE_OPTIONS__?.captureScreenshotMetadata)
+
+export const uniquePush = (target: string[], value: unknown, limit = 80): void => {
+  const clean = cleanText(value, 180)
+  if (clean && !target.includes(clean) && target.length < limit) target.push(clean)
+}
+
+const SENSITIVE_PATH_WORD_PATTERN = /^(?:token|secret|session|auth|authorization|signature|password|cookie|passcode)$/i
+const SENSITIVE_PATH_SHORT_TOKEN_PATTERN = /(?:^|[-_.])(?:key|pass)(?:$|[-_.])/i
+const SENSITIVE_PATH_COMPOUND_PATTERN =
+  /^(?:(?:api|access|private|public|secret|session|auth|token)[-_.]?(?:key|pass|token|secret|signature|code|id)|(?:key|pass|token)[-_.]?(?:token|secret|signature|code|id)|(?:reset|verify|access|auth|session|csrf|xsrf)[-_.]?(?:token|code|secret|key|signature))$/i
+const SENSITIVE_PATH_CAMEL_PATTERN = /^(?:apiKey|privateKey|publicKey|accessToken|refreshToken|sessionId|secretToken|authToken|csrfToken|xsrfToken)$/i
+const HIGH_ENTROPY_PATH_SEGMENT_PATTERN = /^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)[A-Za-z0-9_-]{24,}$/
+const pathSegmentStem = (segment: string): string => segment.replace(/\.[A-Za-z0-9]{1,8}$/i, '')
+
+const isSensitivePathSegment = (segment: string): boolean => {
+  const stem = pathSegmentStem(segment)
+  return (
+    SENSITIVE_PATH_WORD_PATTERN.test(segment) ||
+    SENSITIVE_PATH_WORD_PATTERN.test(stem) ||
+    SENSITIVE_PATH_SHORT_TOKEN_PATTERN.test(segment) ||
+    SENSITIVE_PATH_SHORT_TOKEN_PATTERN.test(stem) ||
+    SENSITIVE_PATH_COMPOUND_PATTERN.test(segment) ||
+    SENSITIVE_PATH_COMPOUND_PATTERN.test(stem) ||
+    SENSITIVE_PATH_CAMEL_PATTERN.test(segment) ||
+    SENSITIVE_PATH_CAMEL_PATTERN.test(stem) ||
+    /^[0-9a-f]{16,}$/i.test(stem) ||
+    HIGH_ENTROPY_PATH_SEGMENT_PATTERN.test(stem) ||
+    segment.includes('=')
+  )
+}
+
+const redactPathname = (pathname: string): string =>
+  pathname
+    .split('/')
+    .map(segment => (segment && isSensitivePathSegment(segment) ? '[redacted]' : segment))
+    .join('/')
+
+export const safeUrl = (value: unknown): string => {
+  try {
+    const url = new URL(String(value || ''), location.href)
+    if (!/^https?:$/i.test(url.protocol)) return ''
+    url.username = ''
+    url.password = ''
+    url.hash = ''
+    url.pathname = redactPathname(url.pathname)
+    for (const name of [...url.searchParams.keys()]) {
+      url.searchParams.set(name, '[redacted]')
+    }
+    return url.toString()
+  } catch {
+    return ''
+  }
+}
+
+export const safeRect = (element: Element) => {
+  try {
+    const rect = element.getBoundingClientRect()
+    return { x: Math.round(rect.x), y: Math.round(rect.y), width: Math.round(rect.width), height: Math.round(rect.height) }
+  } catch {
+    return null
+  }
+}
+
+export const selectNodes = (): Element[] => {
+  if (typeof document === 'undefined') return []
+  return [...document.querySelectorAll('body *')].slice(0, LIMITS.nodes)
+}
diff --git a/src/injected/experience-profiler-components.ts b/src/injected/experience-profiler-components.ts
new file mode 100644
index 00000000..07a78212
--- /dev/null
+++ b/src/injected/experience-profiler-components.ts
@@ -0,0 +1,80 @@
+import { LIMITS, cleanText, includeScreenshotMetadata, safeRect, uniquePush } from './experience-profiler-common'
+
+export const collectComponents = () => {
+  const includeMetadata = includeScreenshotMetadata()
+  const definitions = [
+    ['button', 'button, [role="button"]'],
+    ['input', 'input, textarea, select'],
+    ['card', '[class*="card" i], article'],
+    ['nav', 'nav, [role="navigation"]'],
+    ['tab', '[role="tab"], [class*="tab" i]'],
+    ['modal', '[role="dialog"], [class*="modal" i]'],
+    ['table', 'table, [role="table"]'],
+    ['list', 'ul, ol, [role="list"]'],
+    ['badge', '[class*="badge" i], [class*="tag" i], [class*="pill" i]']
+  ] as const
+  const samples: Array<Record<string, unknown>> = []
+  const counts: Record<string, number> = {}
+  for (const [type, selector] of definitions) {
+    const matches = [...document.querySelectorAll(selector)]
+    counts[type] = matches.length
+    for (const element of matches.slice(0, 20)) {
+      if (samples.length >= LIMITS.componentSamples) break
+      samples.push({
+        type,
+        tag: element.tagName.toLowerCase(),
+        text: cleanText(element.textContent, 80),
+        ...(includeMetadata ? { rect: safeRect(element) } : {})
+      })
+    }
+  }
+  return { samples, counts, omitted: Math.max(0, Object.values(counts).reduce((sum, count) => sum + count, 0) - samples.length) }
+}
+
+export const collectCssSignals = () => {
+  let inaccessibleStylesheets = 0
+  let scannedRules = 0
+  let totalRules = 0
+  const hoverOrFocusRules: string[] = []
+  for (const sheet of [...document.styleSheets]) {
+    try {
+      const rules = [...(sheet.cssRules || [])]
+      totalRules += rules.length
+      for (const rule of rules) {
+        if (scannedRules >= LIMITS.cssRules) break
+        scannedRules += 1
+        const text = 'cssText' in rule ? String(rule.cssText) : ''
+        if (/:hover|:focus|:focus-visible/i.test(text)) uniquePush(hoverOrFocusRules, text, 40)
+      }
+    } catch {
+      inaccessibleStylesheets += 1
+    }
+  }
+  return { inaccessibleStylesheets, scannedRules, hoverOrFocusRules, omittedCssRules: Math.max(0, totalRules - scannedRules) }
+}
+
+export const collectInteraction = (nodes: Element[], cssSignals: ReturnType<typeof collectCssSignals>) => {
+  const transitions: string[] = []
+  const animations: string[] = []
+  const stickyOrFixed: string[] = []
+  for (const node of nodes.slice(0, LIMITS.styleNodes)) {
+    try {
+      const style = getComputedStyle(node)
+      if (style.transitionDuration && style.transitionDuration !== '0s')
+        uniquePush(transitions, `${style.transitionProperty} ${style.transitionDuration}`, 50)
+      if (style.animationName && style.animationName !== 'none')
+        uniquePush(animations, `${style.animationName} ${style.animationDuration}`, 50)
+      if (style.position === 'sticky' || style.position === 'fixed')
+        uniquePush(stickyOrFixed, `${node.tagName.toLowerCase()}:${style.position}`, 40)
+    } catch {}
+  }
+  return {
+    passive: true,
+    transitions,
+    animations,
+    stickyOrFixed,
+    focusHoverHints: cssSignals.hoverOrFocusRules,
+    openShadowRoots: nodes.filter(node => Boolean((node as HTMLElement).shadowRoot)).length,
+    closedShadowRoots: 0
+  }
+}
diff --git a/src/injected/experience-profiler-ux-assets.ts b/src/injected/experience-profiler-ux-assets.ts
new file mode 100644
index 00000000..c9ecaca7
--- /dev/null
+++ b/src/injected/experience-profiler-ux-assets.ts
@@ -0,0 +1,87 @@
+import { LIMITS, cleanText, safeUrl, uniquePush, type Truncation } from './experience-profiler-common'
+
+export const collectBoundaries = () => {
+  const iframes = [...document.querySelectorAll('iframe')]
+  let sameOriginIframes = 0
+  let crossOriginIframes = 0
+  for (const iframe of iframes) {
+    const url = safeUrl(iframe.getAttribute('src') || '')
+    if (!url) continue
+    if (new URL(url).origin === location.origin) sameOriginIframes += 1
+    else crossOriginIframes += 1
+  }
+  return { sameOriginIframes, crossOriginIframes }
+}
+
+const collectTextSamples = (nodes: Element[], truncation: Truncation): string[] => {
+  const samples: string[] = []
+  for (const node of nodes) {
+    const text = cleanText(node.textContent, 120)
+    if (!text || text.length < 3) continue
+    if (samples.length >= LIMITS.textSamples) {
+      truncation.textSamples += 1
+      continue
+    }
+    uniquePush(samples, text, LIMITS.textSamples)
+  }
+  return samples
+}
+
+const collectElementLabels = (selector: string, limit: number): string[] => {
+  const labels: string[] = []
+  for (const element of [...document.querySelectorAll(selector)]) {
+    uniquePush(labels, element.getAttribute('aria-label') || element.textContent, limit)
+    if (labels.length >= limit) break
+  }
+  return labels
+}
+
+const inferPagePurpose = (): string => {
+  if (document.querySelector('main form, form[action], input, textarea, select')) return 'form_flow'
+  if (document.querySelector('table, [role="table"], [class*="dashboard" i], [class*="chart" i]')) return 'data_display'
+  if (document.querySelector('article, [class*="docs" i], [class*="blog" i]')) return 'content_or_docs'
+  if (document.querySelector('[class*="pricing" i], [class*="hero" i], [id*="hero" i]')) return 'marketing'
+  return 'unknown'
+}
+
+const inferFrictionPoints = (): string[] => {
+  const points: string[] = []
+  if (!document.querySelector('h1')) uniquePush(points, 'missing_h1', 8)
+  if (document.querySelectorAll('form input[required], form textarea[required], form select[required]').length > 5)
+    uniquePush(points, 'many_required_fields', 8)
+  if (document.querySelectorAll('button, a, [role="button"]').length === 0) uniquePush(points, 'no_visible_actions', 8)
+  return points
+}
+
+export const collectUxSignals = (nodes: Element[], truncation: Truncation) => {
+  const navLinks = document.querySelectorAll('nav a, [role="navigation"] a').length
+  const formControls = document.querySelectorAll('input, textarea, select').length
+  return {
+    pagePurpose: inferPagePurpose(),
+    primaryUserPath: collectElementLabels('main button, main a, [role="main"] button, [role="main"] a', 12),
+    informationHierarchy: collectElementLabels('h1, h2, h3, [role="heading"]', 20),
+    ctaStrategy: collectElementLabels('button, a, [role="button"], input[type="submit"]', 20),
+    trustSignals: collectElementLabels(
+      '[class*="trust" i], [class*="testimonial" i], [class*="review" i], [class*="security" i], [class*="privacy" i], footer',
+      20
+    ),
+    navigationDepth: `nav_links:${navLinks}; form_controls:${formControls}`,
+    contentGrouping: collectElementLabels('section, article, aside, [class*="card" i], [class*="panel" i]', 24),
+    frictionPoints: inferFrictionPoints(),
+    textSamples: collectTextSamples(nodes, truncation)
+  }
+}
+
+export const collectAssets = (truncation: Truncation) => {
+  const urls = [
+    ...[...document.scripts].map(item => item.src),
+    ...[...document.querySelectorAll('link[href]')].map(item => (item as HTMLLinkElement).href),
+    ...[...document.images].map(item => item.currentSrc || item.src),
+    ...performance.getEntriesByType('resource').map(item => item.name)
+  ]
+    .map(safeUrl)
+    .filter(Boolean)
+  const unique = [...new Set(urls)]
+  truncation.resourceUrls = Math.max(0, unique.length - LIMITS.resourceUrls)
+  return { urls: unique.slice(0, LIMITS.resourceUrls) }
+}
diff --git a/src/injected/experience-profiler-visual-layout.ts b/src/injected/experience-profiler-visual-layout.ts
new file mode 100644
index 00000000..2ded727f
--- /dev/null
+++ b/src/injected/experience-profiler-visual-layout.ts
@@ -0,0 +1,64 @@
+import { LIMITS, cleanText, includeScreenshotMetadata, safeRect, uniquePush } from './experience-profiler-common'
+
+export const collectVisual = (nodes: Element[]) => {
+  const colors: string[] = []
+  const fonts: string[] = []
+  const fontSizes: string[] = []
+  const lineHeights: string[] = []
+  const spacing: string[] = []
+  const radii: string[] = []
+  const shadows: string[] = []
+
+  for (const node of nodes.slice(0, LIMITS.styleNodes)) {
+    try {
+      const style = getComputedStyle(node)
+      for (const prop of ['color', 'backgroundColor', 'borderColor']) {
+        const value = style[prop as any]
+        if (value && !/transparent|rgba\(0,\s*0,\s*0,\s*0\)/i.test(value)) uniquePush(colors, value, 60)
+      }
+      uniquePush(fonts, style.fontFamily, 30)
+      uniquePush(fontSizes, style.fontSize, 30)
+      uniquePush(lineHeights, style.lineHeight, 30)
+      uniquePush(spacing, [style.margin, style.padding].filter(Boolean).join(' | '), 60)
+      uniquePush(radii, style.borderRadius, 40)
+      if (style.boxShadow && style.boxShadow !== 'none') uniquePush(shadows, style.boxShadow, 40)
+    } catch {}
+  }
+
+  return { colors, fonts, fontSizes, lineHeights, spacing, radii, shadows }
+}
+
+export const collectLayout = (nodes: Element[]) => {
+  const includeMetadata = includeScreenshotMetadata()
+  const landmarks = [
+    'header',
+    'nav',
+    'main',
+    'footer',
+    'aside',
+    '[role="banner"]',
+    '[role="navigation"]',
+    '[role="main"]',
+    '[role="contentinfo"]'
+  ]
+    .filter(selector => document.querySelector(selector))
+    .map(selector => selector.replace(/\[role="(.+)"\]/, 'role:$1'))
+  const keySelectors = ['header', 'nav', 'main', 'footer', 'aside', 'section', 'article', '[class*="hero" i]', '[id*="hero" i]']
+  const boundingBoxes = includeMetadata
+    ? keySelectors
+        .flatMap(selector => [...document.querySelectorAll(selector)].slice(0, 8).map(element => ({ selector, element })))
+        .map(({ selector, element }) => ({ selector, text: cleanText(element.textContent, 80), rect: safeRect(element) }))
+        .filter(item => item.rect)
+        .slice(0, 40)
+    : []
+  const aboveFoldCount = includeMetadata
+    ? nodes.filter(node => {
+        const rect = safeRect(node)
+        return rect && rect.y >= 0 && rect.y < window.innerHeight
+      }).length
+    : 0
+  return {
+    landmarks,
+    ...(includeMetadata ? { boundingBoxes, aboveFold: { elementCount: aboveFoldCount, viewportHeight: window.innerHeight } } : {})
+  }
+}
diff --git a/src/injected/experience-profiler.ts b/src/injected/experience-profiler.ts
new file mode 100644
index 00000000..5eed8989
--- /dev/null
+++ b/src/injected/experience-profiler.ts
@@ -0,0 +1,99 @@
+import { LIMITS, cleanText, emptyTruncation, selectNodes } from './experience-profiler-common'
+import { collectComponents, collectCssSignals, collectInteraction } from './experience-profiler-components'
+import { collectBoundaries, collectAssets, collectUxSignals } from './experience-profiler-ux-assets'
+import { collectLayout, collectVisual } from './experience-profiler-visual-layout'
+
+const byteLengthOf = (value: unknown): number => new TextEncoder().encode(JSON.stringify(value)).byteLength
+
+const unavailableProfile = () => ({
+  visual: {},
+  layout: {},
+  components: { samples: [] },
+  interaction: { passive: true },
+  ux: { textSamples: [] },
+  document: { language: '' },
+  assets: { urls: [] },
+  evidence: { truncation: emptyTruncation() },
+  limitations: ['document_unavailable']
+})
+
+const enforceResultLimit = (profile: any) => {
+  const initialBytes = byteLengthOf(profile)
+  if (initialBytes <= LIMITS.executeScriptResultBytes) return profile
+  const markTruncated = () => {
+    if (!profile.limitations.includes('execute_script_result_truncated')) profile.limitations.push('execute_script_result_truncated')
+  }
+  const shrinkSteps = [
+    () => {
+      profile.components.samples = profile.components.samples.slice(0, 10)
+    },
+    () => {
+      profile.ux.textSamples = profile.ux.textSamples.slice(0, 10)
+    },
+    () => {
+      profile.assets.urls = profile.assets.urls.slice(0, 50)
+    },
+    () => {
+      profile.components.samples = profile.components.samples.slice(0, 3)
+      profile.ux.textSamples = profile.ux.textSamples.slice(0, 3)
+      profile.assets.urls = profile.assets.urls.slice(0, 10)
+    },
+    () => {
+      profile.visual = {}
+      profile.layout = {}
+    },
+    () => {
+      profile.components.samples = []
+      profile.ux.textSamples = []
+      profile.assets.urls = []
+    }
+  ]
+  for (const shrink of shrinkSteps) {
+    shrink()
+    markTruncated()
+    const bytes = byteLengthOf(profile)
+    if (bytes <= LIMITS.executeScriptResultBytes) {
+      profile.evidence.truncation.executeScriptResult = Math.max(0, initialBytes - bytes)
+      profile.evidence.truncation.executeScriptResultOverLimit = 0
+      return profile
+    }
+  }
+  const finalBytes = byteLengthOf(profile)
+  profile.evidence.truncation.executeScriptResult = Math.max(0, initialBytes - finalBytes)
+  profile.evidence.truncation.executeScriptResultOverLimit = Math.max(0, finalBytes - LIMITS.executeScriptResultBytes)
+  return profile
+}
+
+const collectSiteExperienceProfile = () => {
+  if (typeof document === 'undefined') return unavailableProfile()
+
+  const truncation = emptyTruncation()
+  const nodes = selectNodes()
+  const cssSignals = collectCssSignals()
+  const boundaries = collectBoundaries()
+  const components = collectComponents()
+
+  truncation.domNodes = Math.max(0, document.querySelectorAll('body *').length - nodes.length)
+  truncation.componentSamples = components.omitted
+  truncation.cssRules = cssSignals.omittedCssRules
+
+  const profile = {
+    visual: collectVisual(nodes),
+    layout: collectLayout(nodes),
+    components: { samples: components.samples, counts: components.counts },
+    interaction: collectInteraction(nodes, cssSignals),
+    ux: collectUxSignals(nodes, truncation),
+    document: { language: cleanText(document.documentElement.lang || document.body?.getAttribute('lang') || '', 40) },
+    assets: collectAssets(truncation),
+    evidence: { inaccessibleStylesheets: cssSignals.inaccessibleStylesheets, ...boundaries, truncation },
+    limitations: [
+      'passive_interaction_only',
+      boundaries.crossOriginIframes ? 'cross_origin_iframes_limited' : '',
+      'closed_shadow_roots_unobservable'
+    ].filter(Boolean)
+  }
+
+  return enforceResultLimit(profile)
+}
+
+export default collectSiteExperienceProfile()
diff --git a/src/injected/page-detector-runtime.ts b/src/injected/page-detector-runtime.ts
new file mode 100644
index 00000000..d6aadd82
--- /dev/null
+++ b/src/injected/page-detector-runtime.ts
@@ -0,0 +1,1614 @@
+// @ts-nocheck
+/* eslint-disable */
+
+export const detectPageTechnologies = async (ruleConfig: Record<string, unknown> = {}) => {
+  const yieldToMainThread = () => new Promise(resolve => setTimeout(resolve, 0))
+  const technologies = []
+  const ruleRegexCache = new WeakMap()
+  const ruleCombinedCache = new WeakMap()
+  const ruleHintCache = new WeakMap()
+  const resources = collectResources()
+  const classTokens = collectClassTokens()
+  const cssVariables = collectCssVariables()
+  const documentHtmlSample = getHtmlSample()
+  const globalKeys = safeGlobalKeys()
+  const add = createCollector(technologies)
+  const phpRuntimeTechnologyNames = new Set(
+    [
+      'WordPress',
+      'ThinkPHP',
+      'Discuz!',
+      'phpBB',
+      'Drupal',
+      'Joomla',
+      'Typecho',
+      'Z-BlogPHP',
+      'Emlog',
+      'Magento / Adobe Commerce',
+      'OpenCart',
+      'PrestaShop',
+      'DedeCMS',
+      'EmpireCMS',
+      'PHPCMS',
+      'PHPWind',
+      'BBSXP',
+      'HDWiki',
+      'MediaWiki',
+      'Laravel',
+      'Laravel Livewire',
+      'Symfony',
+      'Yii',
+      'CodeIgniter',
+      'CakePHP',
+      'Laminas / Zend Framework',
+      'Zend Framework',
+      'Swoole',
+      'OpenSwoole',
+      'FrankenPHP'
+    ].map(normalizeRuleName)
+  )
+
+  await yieldToMainThread()
+  detectFrontendFrameworks(add, resources, classTokens, documentHtmlSample, globalKeys, ruleConfig.frontendFrameworks || [])
+  detectUiFrameworks(add, resources, classTokens, cssVariables, documentHtmlSample, ruleConfig.uiFrameworks || [])
+  detectAdditionalFrontendTechnologies(add, resources, classTokens, documentHtmlSample, ruleConfig.frontendExtra || [])
+  detectMinifiedScriptFallback(add, resources, technologies)
+
+  await yieldToMainThread()
+  detectBuildAndRuntime(add, resources, documentHtmlSample, globalKeys, ruleConfig.buildRuntime || [])
+  detectCdnAndHosting(add, resources, ruleConfig.cdnProviders || [])
+  detectBackendFrameworkHints(add, resources, documentHtmlSample, ruleConfig.backendHints || [])
+  detectCmsAndCommerce(add, resources, documentHtmlSample, ruleConfig.websitePrograms || [])
+
+  await yieldToMainThread()
+  detectWebsitePrograms(add, resources, documentHtmlSample, globalKeys, ruleConfig.websitePrograms || [])
+  detectCmsThemesAndSource(
+    add,
+    resources,
+    classTokens,
+    documentHtmlSample,
+    globalKeys,
+    ruleConfig.cmsThemes || [],
+    ruleConfig.dynamicAssetExtractors || []
+  )
+  detectProbeTools(add, resources, documentHtmlSample, globalKeys, ruleConfig.probes || [])
+  detectProgrammingLanguages(add, resources, documentHtmlSample, globalKeys, ruleConfig.languages || [])
+
+  await yieldToMainThread()
+  inferLanguagesFromDetectedTechnologies(add, technologies)
+  detectFeeds(add, resources, documentHtmlSample, ruleConfig.feeds || [])
+  detectSaasServices(add, resources, documentHtmlSample, globalKeys, ruleConfig.saasServices || [])
+  detectThirdPartyLogins(add, resources, documentHtmlSample, globalKeys, ruleConfig.thirdPartyLogins || [])
+
+  await yieldToMainThread()
+  detectPaymentSystems(add, resources, documentHtmlSample, globalKeys, ruleConfig.paymentSystems || [])
+  detectAnalytics(add, resources, documentHtmlSample, globalKeys, ruleConfig.analyticsProviders || [])
+  detectCustomRules(add, resources, documentHtmlSample, globalKeys, ruleConfig.customRules || [])
+  detectSecurityAndProtocol(add)
+
+  return {
+    url: location.href,
+    title: document.title,
+    generatedAt: new Date().toISOString(),
+    technologies: suppressDuplicateWebsiteProgramCategories(
+      suppressFrontendAliasTechnologies(suppressFrontendFallbackDuplicates(technologies))
+    ),
+    resources: {
+      total: resources.all.length,
+      scripts: resources.scripts.slice(0, 120),
+      stylesheets: resources.stylesheets.slice(0, 120),
+      resourceTiming: resources.resourceTiming.slice(0, 220),
+      all: resources.all.slice(0, 300),
+      themeAssetUrls: resources.all.filter(url => /\/wp-content\/themes\//i.test(url)).slice(0, 80),
+      resourceDomains: summarizeDomains(resources.all),
+      cssVariableCount: cssVariables.names.length,
+      metaGenerator: getMetaContent('generator'),
+      manifest: document.querySelector("link[rel='manifest']")?.href || null
+    }
+  }
+
+  function collectResources() {
+    const scripts = [...document.scripts].map(script => script.src).filter(isInspectableResourceUrl)
+    const stylesheets = [...document.querySelectorAll("link[rel~='stylesheet'], link[as='style']")]
+      .map(link => link.href)
+      .filter(isInspectableResourceUrl)
+    const resourceTiming = performance
+      .getEntriesByType('resource')
+      .map(entry => entry.name)
+      .filter(isInspectableResourceUrl)
+    const images = [...document.images]
+      .map(image => image.currentSrc || image.src)
+      .filter(isInspectableResourceUrl)
+      .slice(0, 200)
+    const all = unique([...scripts, ...stylesheets, ...resourceTiming, ...images])
+    return { scripts, stylesheets, resourceTiming, images, all, text: all.join('\n').toLowerCase() }
+  }
+
+  function collectClassTokens() {
+    const counts = {}
+    const nodes = document.querySelectorAll('[class]')
+    const limit = Math.min(nodes.length, 1000)
+    for (let i = 0; i < limit; i++) {
+      const list = nodes[i].classList
+      if (list && list.length) {
+        for (let j = 0; j < list.length; j++) {
+          const token = list[j]
+          if (!token) continue
+          counts[token] = (counts[token] || 0) + 1
+        }
+        continue
+      }
+      const raw = typeof nodes[i].className === 'string' ? nodes[i].className : nodes[i].getAttribute('class') || ''
+      if (!raw) continue
+      for (const token of raw.split(/\s+/)) {
+        if (!token) continue
+        counts[token] = (counts[token] || 0) + 1
+      }
+    }
+    return counts
+  }
+
+  function collectCssVariables() {
+    const names = new Set()
+    const values = {}
+    const targets = [document.documentElement, document.body].filter(Boolean)
+
+    for (const target of targets) {
+      try {
+        const style = getComputedStyle(target)
+        for (let index = 0; index < style.length; index += 1) {
+          const name = style.item(index)
+          if (!name || !name.startsWith('--')) {
+            continue
+          }
+          names.add(name)
+          if (!values[name]) {
+            values[name] = style.getPropertyValue(name).trim().slice(0, 160)
+          }
+        }
+      } catch {
+        continue
+      }
+    }
+
+    const orderedNames = [...names].slice(0, 500)
+    return {
+      names: orderedNames,
+      values,
+      text: orderedNames
+        .map(name => `${name}: ${values[name] || ''}`)
+        .join('\n')
+        .toLowerCase()
+    }
+  }
+
+  function getHtmlSample() {
+    const html = document.documentElement?.outerHTML || ''
+    return stripInlineDataUrls(html).slice(0, 500000).toLowerCase()
+  }
+
+  function isInspectableResourceUrl(value) {
+    const url = String(value || '').trim()
+    return Boolean(url) && !/^(?:data|blob|javascript|about):/i.test(url)
+  }
+
+  function stripInlineDataUrls(value) {
+    return String(value || '').replace(/data:[^"'()<>\s]+/gi, '[inline-data-url]')
+  }
+
+  function safeGlobalKeys() {
+    try {
+      return Object.keys(window).slice(0, 5000)
+    } catch {
+      return []
+    }
+  }
+
+  function detectFrontendFrameworks(add, resources, classes, html, globalKeys, externalRules) {
+    if (hasReactDomMarker()) {
+      add('前端框架', 'React', '高', 'DOM 节点存在 React Fiber 标记')
+    }
+
+    detectJsonRuleList(add, externalRules, {
+      defaultCategory: '前端框架',
+      resources,
+      classes,
+      html,
+      text: `${resources.text}\n${html}\n${globalKeys.join('\n')}`,
+      resourceConfidence: '中',
+      sourceLabel: 'JSON 前端框架规则'
+    })
+  }
+
+  function detectUiFrameworks(add, resources, classes, cssVariables, html, externalRules) {
+    const atomicCssOrigin = detectAtomicCssOrigin(cssVariables)
+    if (atomicCssOrigin === 'unocss') {
+      add('UI / CSS 框架', 'UnoCSS', '高', '存在 --un-* CSS 变量(UnoCSS 默认前缀)')
+    } else if (atomicCssOrigin === 'tailwind') {
+      add('UI / CSS 框架', 'Tailwind CSS', '高', '存在 --tw-* CSS 变量(Tailwind 默认前缀)')
+    } else if (scoreTailwind(classes) >= 10) {
+      add('UI / CSS 框架', 'Tailwind CSS', '中', '存在大量 Tailwind 风格原子类名')
+    }
+
+    detectJsonRuleList(add, externalRules, {
+      defaultCategory: 'UI / CSS 框架',
+      resources,
+      classes,
+      cssVariables,
+      html,
+      text: `${resources.text}\n${html}\n${cssVariables.text}`,
+      resourceConfidence: '中',
+      sourceLabel: 'JSON UI 框架规则'
+    })
+  }
+
+  function detectAtomicCssOrigin(cssVariables) {
+    const names = cssVariables?.names || []
+    let hasUn = false
+    let hasTw = false
+    for (const name of names) {
+      if (!hasUn && name.startsWith('--un-')) hasUn = true
+      if (!hasTw && name.startsWith('--tw-')) hasTw = true
+      if (hasUn && hasTw) break
+    }
+    if (hasUn) return 'unocss'
+    if (hasTw) return 'tailwind'
+
+    try {
+      for (const sheet of document.styleSheets) {
+        let rules
+        try {
+          rules = sheet.cssRules
+        } catch {
+          continue
+        }
+        if (!rules) continue
+        const limit = rules.length < 400 ? rules.length : 400
+        for (let i = 0; i < limit; i++) {
+          const text = rules[i]?.cssText || ''
+          if (!hasUn && text.includes('--un-')) hasUn = true
+          if (!hasTw && text.includes('--tw-')) hasTw = true
+          if (hasUn || hasTw) break
+        }
+        if (hasUn || hasTw) break
+      }
+    } catch {
+      // ignore
+    }
+
+    if (hasUn) return 'unocss'
+    if (hasTw) return 'tailwind'
+    return ''
+  }
+
+  function detectAdditionalFrontendTechnologies(add, resources, classes, html, externalRules) {
+    const text = `${resources.text}\n${html}`
+    detectJsonRuleList(add, externalRules, {
+      defaultCategory: '前端库',
+      resources,
+      classes,
+      html,
+      text,
+      resourceConfidence: '中',
+      sourceLabel: 'JSON 前端补充规则'
+    })
+  }
+
+  function detectMinifiedScriptFallback(add, resources, currentTechnologies) {
+    const knownNames = new Set(currentTechnologies.map(tech => normalizeFallbackTechName(tech.name)))
+    const seen = new Set()
+    const scriptUrls = unique([...(resources.scripts || []), ...(resources.resourceTiming || [])])
+    for (const rawUrl of scriptUrls) {
+      const info = extractMinifiedScriptLibrary(rawUrl)
+      if (!info) {
+        continue
+      }
+      const normalized = normalizeFallbackTechName(info.name)
+      if (!normalized || seen.has(normalized) || knownNames.has(normalized)) {
+        continue
+      }
+      seen.add(normalized)
+      add('前端库', `疑似前端库: ${info.name}`, '低', `兜底识别：根据脚本文件名 ${info.fileName} 判断，未匹配到内置规则或官网链接`)
+      if (seen.size >= 20) {
+        break
+      }
+    }
+  }
+
+  function extractMinifiedScriptLibrary(rawUrl) {
+    let pathname = ''
+    try {
+      pathname = new URL(rawUrl, location.href).pathname
+    } catch {
+      pathname = String(rawUrl || '').split(/[?#]/)[0]
+    }
+    if (/\/wp-includes\/js\/dist\//i.test(pathname)) {
+      return null
+    }
+    const fileName = safeDecodeURIComponent(pathname.split('/').filter(Boolean).pop() || '')
+    if (!/\.js$/i.test(fileName) || !/(?:^|[.-])min\.js$/i.test(fileName)) {
+      return null
+    }
+
+    let name = fileName
+      .replace(/\.js$/i, '')
+      .replace(
+        /(?:[._-](?:min|prod|production|development|dev|bundle|bundled|umd|esm|cjs|iife|global|runtime|legacy|modern|browser|web|all|full))+$/gi,
+        ''
+      )
+      .replace(/(?:[._-]pkgd)$/i, '')
+      .replace(/(?:[._-]v?\d+(?:\.\d+){1,4})$/i, '')
+      .replace(/(?:[._-][a-f0-9]{7,})$/i, '')
+      .replace(/^npm\./i, '')
+      .replace(/^@/, '')
+      .trim()
+
+    if (!isLikelyLibraryFileName(name)) {
+      return null
+    }
+    return { name, fileName }
+  }
+
+  function isLikelyLibraryFileName(name) {
+    if (!name || name.length < 2 || name.length > 60) {
+      return false
+    }
+    if (!/[a-z]/i.test(name)) {
+      return false
+    }
+    if (/^[a-f0-9]{8,}$/i.test(name) || /^[a-z0-9_-]{18,}$/i.test(name)) {
+      return false
+    }
+    const genericNames = new Set([
+      'app',
+      'application',
+      'message',
+      'main',
+      'index',
+      'home',
+      'base',
+      'core',
+      'common',
+      'commons',
+      'global',
+      'runtime',
+      'manifest',
+      'vendor',
+      'vendors',
+      'chunk',
+      'chunks',
+      'bundle',
+      'bundles',
+      'min',
+      'prod',
+      'production',
+      'development',
+      'dev',
+      'dist',
+      'all',
+      'full',
+      'browser',
+      'web',
+      'modern',
+      'legacy',
+      'umd',
+      'esm',
+      'cjs',
+      'iife',
+      'module',
+      'modules',
+      'plugin',
+      'plugins',
+      'lib',
+      'libs',
+      'cdn',
+      'scripts',
+      'script',
+      'custom',
+      'theme',
+      'frontend',
+      'backend',
+      'admin',
+      'site',
+      'page',
+      'public',
+      'static',
+      'lazyload',
+      'polyfill',
+      'polyfills',
+      'webpack',
+      'vite',
+      'parcel',
+      'rollup',
+      'esbuild',
+      'swc',
+      'turbopack',
+      'rspack',
+      'require',
+      'requirejs',
+      'system',
+      'systemjs',
+      // 文档站 / 内容站常见的搜索 worker 文件名（mkdocs / docusaurus / vitepress 等都叫这名），
+      // 真实的搜索库（Lunr / FlexSearch / Pagefind / Algolia）会通过专用规则或官方版权注释命中
+      'search',
+      // 通用名，几乎所有站点都有但不属于公共库
+      'sdk',
+      'analytics',
+      'tracker',
+      'tracking',
+      'beacon',
+      'pixel',
+      // 站点自身的内部脚本，不是公共库
+      'tgwallpaper',
+      'jsbin'
+    ])
+    if (genericNames.has(name.toLowerCase())) {
+      return false
+    }
+    // vscode.dev / 微软系站点的内部脚本：ms.core / ms.post / ms.deploy 等
+    if (/^ms\.[a-z0-9_-]+$/i.test(name)) {
+      return false
+    }
+    // Microsoft AB-test 客户端、Read the Docs 广告脚本、通用 svg loader 等不是公共库
+    if (/^(?:tas-client|ethicalads|svg-loader)$/i.test(name)) {
+      return false
+    }
+    return true
+  }
+
+  function normalizeFallbackTechName(name) {
+    const normalized = String(name || '')
+      .toLowerCase()
+      .replace(/^疑似前端库:\s*/, '')
+      .replace(/(?:\.js|js)$/i, '')
+      .replace(/(?:[._-]pkgd)$/i, '')
+      .replace(/[^a-z0-9\u4e00-\u9fa5]+/g, '')
+    const aliases = {
+      clipboardjs: 'clipboard',
+      jquerycompat: 'jquery',
+      imagesloadedjs: 'imagesloaded',
+      layerjs: 'layer',
+      slickcarousel: 'slick',
+      twitterbootstrap: 'bootstrap',
+      vuejs: 'vue'
+    }
+    return aliases[normalized] || normalized
+  }
+
+  function suppressFrontendAliasTechnologies(items) {
+    if (!Array.isArray(items) || !items.length) {
+      return []
+    }
+    const aliases = {
+      angular: { category: '前端框架', name: 'Angular' },
+      jquery: { category: '前端框架', name: 'jQuery' },
+      jquerycompat: { category: '前端框架', name: 'jQuery' },
+      layer: { category: '前端库', name: 'Layer.js' },
+      preact: { category: '前端框架', name: 'Preact' },
+      react: { category: '前端框架', name: 'React' },
+      svelte: { category: '前端框架', name: 'Svelte' },
+      twitterbootstrap: { category: 'UI / CSS 框架', name: 'Bootstrap' },
+      vue: { category: '前端框架', name: 'Vue' }
+    }
+    const frontendCategories = new Set(['前端库', '前端框架', 'UI / CSS 框架'])
+    return items.map(item => {
+      if (!frontendCategories.has(item?.category)) {
+        return item
+      }
+      const key = String(item?.name || '')
+        .toLowerCase()
+        .replace(/^疑似前端库:\s*/, '')
+        .replace(/(?:\.js|js)$/i, '')
+        .replace(/(?:[._-]pkgd)$/i, '')
+        .replace(/[^a-z0-9\u4e00-\u9fa5]+/g, '')
+      const canonical = aliases[key]
+      return canonical ? { ...item, category: canonical.category, name: canonical.name } : item
+    })
+  }
+
+  function suppressFrontendFallbackDuplicates(items) {
+    if (!Array.isArray(items) || !items.length) {
+      return []
+    }
+
+    // 任何已识别的技术都用来消重，避免 SaaS / 统计 / 第三方登录 / 支付 类目里已经命中的库
+    // 同名脚本（如 filestack.min.js 已识别为 Filestack SaaS）还被兜底再加一条「疑似前端库」
+    const knownNames = new Set(
+      items
+        .filter(item => !isFrontendFallback(item))
+        .map(item => normalizeFallbackTechName(item.name))
+        .filter(Boolean)
+    )
+    if (!knownNames.size) {
+      return items
+    }
+
+    return items.filter(item => !isFrontendFallback(item) || !knownNames.has(normalizeFallbackTechName(item.name)))
+  }
+
+  function isFrontendFallback(item) {
+    return item?.category === '前端库' && /^疑似前端库:/i.test(String(item?.name || '').trim())
+  }
+
+  function detectBuildAndRuntime(add, resources, html, globalKeys, externalRules) {
+    if (navigator.serviceWorker?.controller) {
+      add('构建与运行时', 'Service Worker', '中', '当前页面受 Service Worker 控制')
+    }
+
+    detectJsonRuleList(add, externalRules, {
+      defaultCategory: '构建与运行时',
+      resources,
+      html,
+      text: `${resources.text}\n${html}\n${globalKeys.join('\n')}`,
+      sourceLabel: 'JSON 构建运行时规则'
+    })
+  }
+
+  function detectCdnAndHosting(add, resources, externalRules) {
+    detectJsonRuleList(add, externalRules, {
+      defaultCategory: 'CDN / 托管',
+      resources,
+      text: resources.text,
+      resourceOnly: true,
+      sourceLabel: 'JSON CDN 规则'
+    })
+
+    const privateCdnMatches = collectPrivateCdnMatches(resources.all)
+    if (privateCdnMatches.length) {
+      add(
+        'CDN / 托管',
+        '自定义 / 私有 CDN',
+        '低',
+        privateCdnMatches.length + ' 个资源域名疑似私有 CDN，如 ' + privateCdnMatches.slice(0, 3).join('、')
+      )
+    }
+  }
+
+  function collectPrivateCdnMatches(urls) {
+    const pageHost = location.hostname.replace(/^www\./, '')
+    const hosts = new Set()
+    for (const raw of urls) {
+      try {
+        const host = new URL(raw, location.href).hostname.toLowerCase()
+        const normalizedHost = host.replace(/^www\./, '')
+        if (normalizedHost === pageHost) {
+          continue
+        }
+        if (isKnownThirdPartyServiceHost(normalizedHost)) {
+          continue
+        }
+        if (
+          /(^cdn\d*\.|\.cdn\d*\.|-cdn\d*\.|^static\d*\.|\.static\d*\.|^assets\d*\.|\.assets\d*\.|^edge\d*\.|\.edge\d*\.|^media\d*\.)/.test(
+            host
+          )
+        ) {
+          hosts.add(host)
+        }
+      } catch {
+        continue
+      }
+    }
+    return [...hosts].slice(0, 20)
+  }
+
+  function isKnownThirdPartyServiceHost(host) {
+    return /^(?:static\.cloudflareinsights\.com|challenges\.cloudflare\.com)$/i.test(host)
+  }
+
+  function detectBackendFrameworkHints(add, resources, html, externalRules) {
+    const text = [location.href, resources.text, html].join('\n')
+    detectJsonRuleList(add, externalRules, {
+      defaultCategory: '后端 / 服务器框架',
+      resources,
+      html,
+      text,
+      sourceLabel: 'JSON 后端规则'
+    })
+  }
+
+  function detectCmsAndCommerce(add, resources, html, externalRules) {
+    const generator = (getMetaContent('generator') || '').toLowerCase()
+    const text = [resources.text, html, 'generator: ' + generator].join('\n')
+    detectJsonRuleList(add, filterCmsAndCommerceRules(externalRules), {
+      defaultCategory: 'CMS / 电商平台',
+      resources,
+      html,
+      text,
+      sourceLabel: 'JSON CMS / 电商平台规则'
+    })
+  }
+
+  function filterCmsAndCommerceRules(rules) {
+    if (!Array.isArray(rules)) {
+      return []
+    }
+    return rules.filter(rule => normalizeRuleName(rule.name) !== 'wordpress')
+  }
+
+  function normalizeRuleName(name) {
+    return String(name || '')
+      .toLowerCase()
+      .replace(/[^a-z0-9\u4e00-\u9fa5]+/g, '')
+  }
+
+  function hasTechnology(items, category, name) {
+    const normalizedName = normalizeRuleName(name)
+    return items.some(item => item?.category === category && normalizeRuleName(item.name) === normalizedName)
+  }
+
+  function isPhpRuntimeSourceTechnology(item) {
+    return phpRuntimeTechnologyNames.has(normalizeRuleName(item?.name))
+  }
+
+  function phpRuntimeInferenceEvidence(item) {
+    const name = String(item?.name || '').trim() || 'PHP 系技术'
+    if (item?.category === '后端 / 服务器框架') {
+      return `由 ${name} 后端框架推断 PHP 后端运行时`
+    }
+    if (item?.category === '网站程序' || item?.category === 'CMS / 电商平台') {
+      return `由 ${name} 站点程序推断 PHP 后端运行时`
+    }
+    return `由 ${name} 技术线索推断 PHP 后端运行时`
+  }
+
+  function inferLanguagesFromDetectedTechnologies(add, items) {
+    if (hasTechnology(items, '开发语言 / 运行时', 'PHP')) {
+      return
+    }
+    const source = items.find(isPhpRuntimeSourceTechnology)
+    if (source) {
+      add('开发语言 / 运行时', 'PHP', '中', phpRuntimeInferenceEvidence(source))
+    }
+  }
+
+  function suppressDuplicateWebsiteProgramCategories(items) {
+    if (!Array.isArray(items) || !items.length) {
+      return []
+    }
+
+    const websiteProgramNames = new Set(
+      items
+        .filter(item => item?.category === '网站程序')
+        .map(item => normalizeRuleName(item.name))
+        .filter(Boolean)
+    )
+    if (!websiteProgramNames.size) {
+      return items
+    }
+
+    return items.filter(item => item?.category !== 'CMS / 电商平台' || !websiteProgramNames.has(normalizeRuleName(item.name)))
+  }
+
+  function detectCmsThemesAndSource(add, resources, classes, html, globalKeys, externalRules, assetExtractors = []) {
+    const assetText = `${location.href}
+${resources.all.join('\n')}`
+    const text = `${assetText}
+${html}`
+    const normalizedText = text.toLowerCase()
+    const normalizedAssetText = assetText.toLowerCase()
+
+    for (const extractor of assetExtractors) {
+      collectAssetDirectoryMatches(add, assetText, normalizedAssetText, extractor)
+    }
+
+    try {
+      const shopifyTheme = window.Shopify?.theme
+      if (shopifyTheme?.name) {
+        add(
+          '主题 / 模板',
+          `Shopify 主题: ${String(shopifyTheme.name).slice(0, 80)}`,
+          '高',
+          `存在 window.Shopify.theme${shopifyTheme.id ? `，theme id: ${shopifyTheme.id}` : ''}`
+        )
+      } else if (shopifyTheme?.id) {
+        add('主题 / 模板', `Shopify 主题 ID: ${shopifyTheme.id}`, '中', '存在 window.Shopify.theme.id')
+      }
+    } catch {
+      // 忽略跨站脚本或代理对象异常。
+    }
+
+    detectJsonRuleList(add, externalRules, {
+      defaultCategory: '主题 / 模板',
+      resources,
+      classes,
+      html,
+      text,
+      sourceLabel: 'JSON 主题模板规则',
+      evidencePrefix: rule => (rule.kind ? `${rule.kind}：` : '')
+    })
+  }
+
+  function collectAssetDirectoryMatches(add, text, normalizedText, extractor) {
+    const requires = compileAssetPattern(extractor.requires)
+    if (requires && !requires.test(normalizedText)) {
+      return
+    }
+
+    let count = 0
+    const limit = extractor.limit || 12
+    const seen = new Set()
+    const pattern = compileAssetPattern(extractor.pattern, 'gi')
+    if (!pattern) {
+      return
+    }
+    let match
+    while ((match = pattern.exec(text)) && count < limit) {
+      const groups = match.slice(1).map(cleanAssetSlug)
+      if (groups.some(value => !value)) {
+        continue
+      }
+      const value = extractor.format === 'joinSlash' ? groups.join('/') : groups[0]
+      const key = `${extractor.category}::${extractor.label}::${value}`.toLowerCase()
+      if (seen.has(key)) {
+        continue
+      }
+      seen.add(key)
+      count += 1
+      add(extractor.category, `${extractor.label}: ${value}`, '高', `资源或源码路径包含 ${shortPathEvidence(match[0])}`)
+    }
+  }
+
+  function compileAssetPattern(pattern, defaultFlags = 'i') {
+    if (!pattern) {
+      return null
+    }
+    try {
+      const source = pattern instanceof RegExp ? pattern.source : String(pattern)
+      return new RegExp(source, defaultFlags)
+    } catch {
+      return null
+    }
+  }
+
+  function cleanAssetSlug(value) {
+    const decoded = safeDecodeURIComponent(String(value || ''))
+      .replace(/\\/g, '/')
+      .replace(/['")<>]/g, '')
+      .trim()
+    if (!decoded || decoded.length > 90 || decoded.includes('/') || /[*{}[\]]/.test(decoded)) {
+      return ''
+    }
+    if (!/[a-z0-9\u4e00-\u9fa5]/i.test(decoded)) {
+      return ''
+    }
+    if (/^(?:assets?|static|public|dist|build|cache|css|js|img|images?|fonts?|vendor)$/i.test(decoded)) {
+      return ''
+    }
+    return decoded
+  }
+
+  function safeDecodeURIComponent(value) {
+    try {
+      return decodeURIComponent(value)
+    } catch {
+      return value
+    }
+  }
+
+  function shortPathEvidence(value) {
+    return String(value || '')
+      .replace(/\s+/g, ' ')
+      .slice(0, 160)
+  }
+
+  function detectSaasServices(add, resources, html, globalKeys, externalRules) {
+    const text = [resources.text, html].join('\n')
+    detectJsonRuleList(add, externalRules, {
+      defaultCategory: 'SaaS / 第三方服务',
+      resources,
+      html,
+      text,
+      sourceLabel: 'JSON SaaS 规则',
+      evidencePrefix: rule => (rule.kind ? rule.kind + '：' : '')
+    })
+  }
+
+  function detectWebsitePrograms(add, resources, html, globalKeys, externalRules) {
+    detectJsonRuleList(add, externalRules, {
+      defaultCategory: '网站程序',
+      resources,
+      html,
+      text: `${resources.text}\n${html}`,
+      sourceLabel: 'JSON 网站程序规则',
+      evidencePrefix: rule => (rule.kind ? `${rule.kind}：` : '')
+    })
+  }
+
+  function detectProbeTools(add, resources, html, globalKeys, externalRules) {
+    const titleText = document.title ? `\n${document.title}` : ''
+    const appMetadataText = [getMetaContent('apple-mobile-web-app-title'), getMetaContent('application-name')].filter(Boolean).join('\n')
+    const appMetadata = appMetadataText ? `\n${appMetadataText}` : ''
+    detectJsonRuleList(add, externalRules, {
+      defaultCategory: '探针 / 监控',
+      resources,
+      html: '',
+      text: `${location.href}\n${resources.text}${titleText}${appMetadata}`,
+      sourceLabel: 'JSON 探针规则',
+      evidencePrefix: rule => (rule.kind ? `${rule.kind}：` : '')
+    })
+  }
+
+  function detectThirdPartyLogins(add, resources, html, globalKeys, externalRules) {
+    const titleText = document.title ? `\n${document.title}` : ''
+    const bodyText = document.body?.innerText ? `\n${document.body.innerText.slice(0, 100000)}` : ''
+    detectJsonRuleList(add, externalRules, {
+      defaultCategory: '第三方登录 / OAuth',
+      resources,
+      html,
+      text: `${resources.text}\n${html}${titleText}${bodyText}`,
+      sourceLabel: 'JSON 第三方登录规则',
+      evidencePrefix: rule => (rule.kind ? `${rule.kind}：` : '')
+    })
+  }
+
+  function detectPaymentSystems(add, resources, html, globalKeys, externalRules) {
+    const bodyText = document.body?.innerText ? `\n${document.body.innerText.slice(0, 80000)}` : ''
+    detectJsonRuleList(add, externalRules, {
+      defaultCategory: '支付系统',
+      resources,
+      html,
+      text: `${location.href}\n${resources.text}\n${html}${bodyText}`,
+      sourceLabel: 'JSON 支付规则',
+      evidencePrefix: rule => (rule.kind ? `${rule.kind}：` : '')
+    })
+  }
+
+  function detectCustomRules(add, resources, html, globalKeys, externalRules) {
+    const bodyText = document.body?.innerText ? `\n${document.body.innerText.slice(0, 120000)}` : ''
+    const text = [location.href, document.title, resources.text, html, bodyText, globalKeys.join('\n')].join('\n')
+    detectJsonRuleList(add, externalRules, {
+      defaultCategory: '其他库',
+      resources,
+      html,
+      text,
+      sourceLabel: '自定义页面规则',
+      evidencePrefix: rule => (rule.kind ? `${rule.kind}：` : '')
+    })
+  }
+
+  function detectProgrammingLanguages(add, resources, html, globalKeys, externalRules) {
+    detectJsonRuleList(add, externalRules, {
+      defaultCategory: '开发语言 / 运行时',
+      resources,
+      html,
+      text: `${resources.text}\n${html}`,
+      sourceLabel: 'JSON 语言规则',
+      evidencePrefix: rule => (rule.kind ? `${rule.kind}：` : '')
+    })
+  }
+
+  function detectFeeds(add, resources, html, externalRules) {
+    const feedLinks = [...document.querySelectorAll("link[rel~='alternate']")]
+      .map(link => ({
+        href: link.href || link.getAttribute('href') || '',
+        type: (link.type || '').toLowerCase(),
+        title: link.title || ''
+      }))
+      // 只接受真正的 feed 类型，避免 application/json+oembed 这种非 feed 的备用链接被误算成 JSON Feed
+      .filter(
+        link =>
+          link.href &&
+          !/oembed/.test(`${link.type} ${link.href}`.toLowerCase()) &&
+          /(?:rss|atom|jsonfeed|feed\+json|json\+feed|application\/feed|\.rss\b|\.atom\b|\/feed(?:\/|\.json|$|\?)|\/rss(?:\/|$|\?)|\/atom(?:\/|$|\?))/.test(
+            `${link.type} ${link.href}`.toLowerCase()
+          )
+      )
+
+    for (const link of feedLinks.slice(0, 20)) {
+      const name = feedNameFromType(link.type, link.href)
+      add('RSS / 订阅', name, '高', `发现 feed 链接：${shortUrl(link.href)}${link.title ? ` (${link.title})` : ''}`)
+    }
+
+    detectJsonRuleList(add, externalRules, {
+      defaultCategory: 'RSS / 订阅',
+      resources,
+      html,
+      text: `${resources.text}\n${html}`,
+      sourceLabel: 'JSON Feed 规则',
+      confidence: '中'
+    })
+  }
+
+  function feedNameFromType(type, href) {
+    const value = `${type} ${href}`.toLowerCase()
+    if (value.includes('atom')) {
+      return 'Atom Feed'
+    }
+    if (value.includes('json')) {
+      return 'JSON Feed'
+    }
+    return 'RSS Feed'
+  }
+
+  function detectJsonRuleList(add, rules, context) {
+    if (!Array.isArray(rules) || !rules.length) {
+      return
+    }
+
+    for (const rule of rules) {
+      const match = matchJsonRule(rule, context)
+      if (!match) {
+        continue
+      }
+      const confidence = match.confidence || context.confidence || rule.confidence || '中'
+      const prefix = typeof context.evidencePrefix === 'function' ? context.evidencePrefix(rule) : context.evidencePrefix || ''
+      const extras: { version?: string; url?: string } = {}
+      if (match.version) extras.version = match.version
+      if (rule.url) extras.url = rule.url
+      add(
+        rule.category || context.defaultCategory || '其他库',
+        rule.name,
+        confidence,
+        `${prefix}${match.evidence}`,
+        Object.keys(extras).length ? extras : undefined
+      )
+    }
+  }
+
+  // 从命中的资源 URL 里抽版本号:覆盖 cdn / npm / 自托管几种常见 URL 形态
+  // 例:cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js → 3.6.0
+  //     unpkg.com/react@18.3.1/umd/react.production.min.js → 18.3.1
+  //     /assets/swiper-bundle-9.4.1.min.js → 9.4.1
+  function extractVersionFromUrl(rule, url) {
+    if (!url || typeof url !== 'string') return ''
+    const name = String(rule?.name || '').trim()
+    if (!name) return ''
+    const escape = s => s.replace(/[.*+?^${}()|[\]\\]/g, '\\$&')
+    const npmToken = name
+      .toLowerCase()
+      .replace(/\.js$/i, '')
+      .replace(/\s*\/\s*.*$/, '')
+      .replace(/\s+/g, '-')
+      .replace(/[^a-z0-9@_-]/gi, '')
+    const tokens = [npmToken, name.toLowerCase()].filter(Boolean)
+    for (const token of tokens) {
+      const esc = escape(token)
+      // 形式 1:`<token>@X.Y.Z`(unpkg / jsdelivr)
+      const m1 = new RegExp('[/@]' + esc + '@(\\d+\\.\\d+(?:\\.\\d+)?)', 'i').exec(url)
+      if (m1) return m1[1]
+      // 形式 2:`/<token>/X.Y.Z/`(cdnjs 风格)
+      const m2 = new RegExp('/' + esc + '/(\\d+\\.\\d+(?:\\.\\d+)?)/', 'i').exec(url)
+      if (m2) return m2[1]
+      // 形式 3:`/<token>-X.Y.Z.(?:min\\.)?js`(自托管直接命名)
+      const m3 = new RegExp('/' + esc + '[-._](\\d+\\.\\d+(?:\\.\\d+)?)\\.(?:min\\.)?(?:m?js|css)', 'i').exec(url)
+      if (m3) return m3[1]
+    }
+    return ''
+  }
+
+  // 比较两个 semver 字符串("3.10.0" > "3.9.0",字典序则相反):用作 sort comparator
+  function compareSemver(a, b) {
+    const parse = (s: string) =>
+      String(s || '')
+        .split('.')
+        .map(x => parseInt(x, 10) || 0)
+    const aa = parse(a)
+    const bb = parse(b)
+    const len = Math.max(aa.length, bb.length)
+    for (let i = 0; i < len; i++) {
+      const av = aa[i] || 0
+      const bv = bb[i] || 0
+      if (av !== bv) return av - bv
+    }
+    return 0
+  }
+
+  // 命中 globals 时,从 window.<path> 智能抽版本号:
+  // 1) value 本身是版本号字符串
+  // 2) 对象上有 .version / .VERSION 字符串字段
+  // 3) lit-html: window.litHtmlVersions 是数组 ["1.1.2", "2.8.0"],push 进去的版本字符串
+  // 4) 数组里的元素是版本号字符串
+  // 5) 兜底:扫一层自身属性找符合严格 semver(\d+\.\d+\.\d+)的字符串
+  function extractGlobalVersion(globalPath) {
+    try {
+      let value: any = window
+      for (const key of globalPath.split('.')) {
+        if (value == null) return ''
+        value = value[key]
+      }
+      if (value == null) return ''
+      if (typeof value === 'string' && /^\d+\.\d+/.test(value)) return value
+      if (typeof value !== 'object' && typeof value !== 'function') return ''
+      if (Array.isArray(value)) {
+        // 数组元素可能是版本号字符串(lit-html: ["2.8.0"]),也可能是带 .version 字段的对象
+        // (core-js: __core-js_shared__.versions = [{version: "3.46.0", mode: "global"}, ...])
+        const versions = value
+          .map(item => {
+            if (typeof item === 'string') return item
+            if (item && typeof item === 'object' && typeof item.version === 'string') return item.version
+            return ''
+          })
+          .filter(v => typeof v === 'string' && /^\d+\.\d+/.test(v))
+        if (!versions.length) return ''
+        // 按 semver 数字比较,避免 "3.10.0" 字典序 < "3.9.0" 的坑
+        return versions.slice().sort(compareSemver).pop() || ''
+      }
+      if (typeof value.version === 'string' && /^\d+\.\d+/.test(value.version)) return value.version
+      if (typeof value.VERSION === 'string' && /^\d+\.\d+/.test(value.VERSION)) return value.VERSION
+      // 兜底:遍历自身属性找 semver 字符串(\d+\.\d+\.\d+)
+      try {
+        for (const key of Object.keys(value)) {
+          const v = value[key]
+          if (typeof v === 'string' && v.length < 20 && /^\d+\.\d+\.\d+$/.test(v)) return v
+        }
+      } catch {
+        // 跨 origin / Proxy 阻止访问属性时静默忽略
+      }
+      return ''
+    } catch {
+      return ''
+    }
+  }
+
+  function matchJsonRule(rule, context) {
+    const ruleResourceOnly = rule?.resourceOnly === true
+    const globalName = !ruleResourceOnly && shouldMatchTarget(rule, 'globals') ? (rule.globals || []).find(name => hasGlobal(name)) : null
+    if (globalName) {
+      // 优先看规则上的 versionFrom 显式路径(jQuery.fn.jquery 这种非标准位置),
+      // 否则用通用启发(.version / .VERSION / 数组元素)
+      const version = (rule.versionFrom && extractGlobalVersion(rule.versionFrom)) || extractGlobalVersion(globalName)
+      return { confidence: '高', evidence: `存在 window.${globalName}`, version }
+    }
+
+    const selector =
+      !ruleResourceOnly && shouldMatchTarget(rule, 'selectors')
+        ? (rule.selectors || []).find(selectorText => hasSelector(selectorText))
+        : null
+    if (selector) {
+      // 规则可声明 versionFromAttribute(例如 styled-components 把版本写在 <style data-styled-version="5.2.3">),
+      // 命中后从首个匹配元素抽属性值作为版本号
+      let version = ''
+      if (rule.versionFromAttribute) {
+        try {
+          const el = document.querySelector(selector)
+          const raw = el ? el.getAttribute(rule.versionFromAttribute) : ''
+          if (raw && /^\d+\.\d+/.test(raw)) version = raw
+        } catch {
+          // 选择器异常静默忽略
+        }
+      }
+      return { confidence: '高', evidence: `DOM 匹配 ${selector}`, version }
+    }
+
+    const classPrefix = !ruleResourceOnly
+      ? (rule.classPrefixes || []).find(prefix => context.classes && hasClassPrefix(context.classes, prefix))
+      : null
+    if (classPrefix) {
+      return { confidence: '高', evidence: `存在 ${classPrefix}* 类名` }
+    }
+
+    const className = !ruleResourceOnly ? (rule.classNames || []).find(name => context.classes && context.classes[name] > 0) : null
+    if (className) {
+      return { confidence: '高', evidence: `存在 ${className} 类名` }
+    }
+
+    const cssVariableMatch = ruleResourceOnly ? null : matchCssVariables(rule, context.cssVariables)
+    if (cssVariableMatch) {
+      return cssVariableMatch
+    }
+
+    if (!matchesResourceHints(rule, context.resources?.text || context.text || '')) {
+      return null
+    }
+
+    const lowerResources = context.resources?.text || ''
+    const getLowerHtml = () => {
+      if (context._lowerHtml === undefined) {
+        context._lowerHtml = (context.text || '').toLowerCase()
+      }
+      return context._lowerHtml
+    }
+    if (!passesRulePrefilter(rule, lowerResources, getLowerHtml)) {
+      return null
+    }
+
+    const matchResource = shouldMatchTarget(rule, 'resources')
+    const matchHtml = !ruleResourceOnly && !context.resourceOnly && shouldMatchTarget(rule, 'html')
+    const allResources =
+      Array.isArray(rule.matchIn) && rule.matchIn.includes('url')
+        ? unique([location.href, ...(context.resources?.all || [])])
+        : context.resources?.all || []
+    const htmlText = context.text || ''
+    const formatUrlEvidence = resource =>
+      resource === location.href ? `页面 URL 匹配 ${shortUrl(resource)}` : `资源 URL 匹配 ${shortUrl(resource)}`
+
+    // minPatternMatches=N:要求 N 条 patterns 都至少命中一个资源(组合 heuristic,e.g. shadcn-vue 需要至少 5 个标志性组件 chunk 同时出现才算)
+    // 这种 AND 检测必须绕过 combined optimization(combined 把 patterns OR 在一起,无法计数)
+    const minPatternMatches = Number(rule.minPatternMatches) || 0
+    if (minPatternMatches > 0) {
+      if (!matchResource) return null
+      const patterns = getCompiledRulePatterns(rule)
+      const hits: string[] = []
+      for (const pattern of patterns) {
+        for (const url of allResources) {
+          pattern.lastIndex = 0
+          if (pattern.test(url)) {
+            hits.push(url)
+            break
+          }
+        }
+      }
+      if (hits.length < minPatternMatches) return null
+      return {
+        confidence: rule.confidence || context.resourceConfidence || '中',
+        evidence: `资源 URL 匹配 ${shortUrl(hits[0])} 等 ${hits.length} 个`,
+        version: extractVersionFromUrl(rule, hits[0])
+      }
+    }
+
+    const combined = getCompiledCombinedPattern(rule)
+    if (combined) {
+      if (matchResource) {
+        const resource = allResources.find(url => {
+          combined.lastIndex = 0
+          return combined.test(url)
+        })
+        if (resource) {
+          return {
+            confidence: rule.confidence || context.resourceConfidence || '高',
+            evidence: formatUrlEvidence(resource),
+            version: extractVersionFromUrl(rule, resource)
+          }
+        }
+      }
+      if (matchHtml) {
+        combined.lastIndex = 0
+        if (combined.test(htmlText)) {
+          return { confidence: rule.confidence || '中', evidence: '页面源码或资源索引包含规则特征' }
+        }
+      }
+      return null
+    }
+
+    const patterns = getCompiledRulePatterns(rule)
+    for (const pattern of patterns) {
+      if (matchResource) {
+        const resource = allResources.find(url => {
+          pattern.lastIndex = 0
+          return pattern.test(url)
+        })
+        if (resource) {
+          return {
+            confidence: rule.confidence || context.resourceConfidence || '高',
+            evidence: formatUrlEvidence(resource),
+            version: extractVersionFromUrl(rule, resource)
+          }
+        }
+      }
+      if (matchHtml) {
+        pattern.lastIndex = 0
+        if (pattern.test(htmlText)) {
+          return { confidence: rule.confidence || '中', evidence: '页面源码或资源索引包含规则特征' }
+        }
+      }
+    }
+
+    return null
+  }
+
+  function matchCssVariables(rule, cssVariables) {
+    if (!Array.isArray(rule.cssVariables) || !rule.cssVariables.length || !cssVariables?.names?.length) {
+      return null
+    }
+
+    const normalizedNames = new Set(cssVariables.names.map(name => name.toLowerCase()))
+    const matched = rule.cssVariables.filter(name => normalizedNames.has(String(name).toLowerCase()))
+    const minMatches = Math.max(1, Number(rule.minCssVariableMatches || 1))
+    if (matched.length < minMatches) {
+      return null
+    }
+
+    const preview = matched.slice(0, 6).join(', ')
+    const suffix = matched.length > 6 ? ` 等 ${matched.length} 个` : ''
+    return {
+      confidence: rule.confidence || '高',
+      evidence: `CSS 变量匹配 ${preview}${suffix}`
+    }
+  }
+
+  function matchesResourceHints(rule, text) {
+    if (!Array.isArray(rule.resourceHints) || !rule.resourceHints.length) {
+      return true
+    }
+    const value = String(text || '').toLowerCase()
+    return rule.resourceHints.some(hint => value.includes(String(hint || '').toLowerCase()))
+  }
+
+  function compileRulePattern(pattern, rule) {
+    try {
+      if (rule?.matchType === 'keyword') {
+        return new RegExp(escapeRegExp(pattern), rule?.caseSensitive ? '' : 'i')
+      }
+      return new RegExp(pattern, rule?.caseSensitive ? '' : 'i')
+    } catch {
+      return null
+    }
+  }
+
+  function getCompiledRulePatterns(rule) {
+    if (!rule || typeof rule !== 'object') return []
+    const patterns = rule.patterns || []
+    const cached = ruleRegexCache.get(rule)
+    if (cached && cached.source === patterns) return cached.compiled
+    const compiled = patterns.map(pattern => compileRulePattern(pattern, rule)).filter(Boolean)
+    ruleRegexCache.set(rule, { source: patterns, compiled })
+    return compiled
+  }
+
+  function getCompiledCombinedPattern(rule) {
+    if (!rule || rule.matchType !== 'keyword') return null
+    const patterns = rule.patterns || []
+    if (!patterns.length) return null
+    const cached = ruleCombinedCache.get(rule)
+    if (cached && cached.source === patterns) return cached.compiled
+    let compiled = null
+    if (typeof rule.__keywordCombined === 'string' && rule.__keywordCombined) {
+      try {
+        compiled = new RegExp(rule.__keywordCombined, 'i')
+      } catch {
+        compiled = null
+      }
+    }
+    if (!compiled) {
+      try {
+        const segments = patterns
+          .map(pattern => String(pattern || '').trim())
+          .filter(Boolean)
+          .map(escapeRegExp)
+        if (segments.length) compiled = new RegExp(segments.join('|'), 'i')
+      } catch {
+        compiled = null
+      }
+    }
+    ruleCombinedCache.set(rule, { source: patterns, compiled })
+    return compiled
+  }
+
+  function getRuleAutoHints(rule) {
+    if (!rule || typeof rule !== 'object') return []
+    if (Array.isArray(rule.__hints) && rule.__hints.length) {
+      ruleHintCache.set(rule, rule.__hints)
+      return rule.__hints
+    }
+    const cached = ruleHintCache.get(rule)
+    if (cached) return cached
+    const patterns = rule.patterns || []
+    const isKeyword = rule.matchType === 'keyword'
+    const candidates = []
+    const genericHintParts = new Set([
+      'api',
+      'asset',
+      'assets',
+      'cache',
+      'cdn',
+      'common',
+      'content',
+      'css',
+      'data',
+      'file',
+      'files',
+      'image',
+      'images',
+      'img',
+      'js',
+      'plugin',
+      'plugins',
+      'script',
+      'scripts',
+      'source',
+      'static',
+      'style',
+      'styles',
+      'template',
+      'theme',
+      'themes',
+      'url',
+      'version'
+    ])
+    const normalizeHintCandidate = value =>
+      String(value || '')
+        .toLowerCase()
+        .replace(/\s+/g, ' ')
+        .replace(/^[^a-z0-9\u4e00-\u9fa5]+|[^a-z0-9\u4e00-\u9fa5]+$/g, '')
+        .trim()
+    const getRuleNameTokens = () => {
+      const text = `${rule.name || ''} ${rule.kind || ''}`.toLowerCase()
+      const tokens = text
+        .split(/[^a-z0-9\u4e00-\u9fa5]+/)
+        .map(token => token.trim())
+        .filter(token => token.length >= 3 && !genericHintParts.has(token))
+      if (/discuz/i.test(text)) tokens.push('discuz')
+      if (/phpbb/i.test(text)) tokens.push('phpbb')
+      if (/vbulletin/i.test(text)) tokens.push('vbulletin')
+      if (/xenforo/i.test(text)) tokens.push('xenforo')
+      if (/mediawiki/i.test(text)) tokens.push('mediawiki')
+      if (/typecho/i.test(text)) tokens.push('typecho')
+      return [...new Set(tokens)]
+    }
+    const scoreHintCandidate = (candidate, ruleTokens) => {
+      const parts = candidate.split(/[\/._\-\s:=%]+/).filter(Boolean)
+      const hasRuleToken = ruleTokens.some(token => candidate.includes(token))
+      const genericPartCount = parts.filter(part => genericHintParts.has(part)).length
+      let score = Math.min(candidate.length, 32)
+      if (hasRuleToken) score += 90
+      if (/[_-]/.test(candidate)) score += 14
+      if (/[.]/.test(candidate)) score += 8
+      if (/\d/.test(candidate) && /[a-z]/.test(candidate)) score += 6
+      if (candidate.includes('/')) score += hasRuleToken ? 4 : -8
+      if (parts.length && genericPartCount === parts.length) score -= 80
+      else score -= genericPartCount * 12
+      if (/^(?:content|static|assets|data|source|template|common)(?:[\/:=]|$)/.test(candidate) && !hasRuleToken) score -= 24
+      return score
+    }
+    for (const pattern of patterns) {
+      const text = String(pattern || '')
+      if (!text) continue
+      if (isKeyword) {
+        const lower = normalizeHintCandidate(text)
+        if (lower.length >= 4) candidates.push(lower)
+        continue
+      }
+      for (const segment of text.replace(/\\[bBdDsSwW]/g, ' ').split(/[\\^$.|?*+()[\]{}]/)) {
+        const lowerSeg = normalizeHintCandidate(segment)
+        if (lowerSeg.length >= 4) candidates.push(lowerSeg)
+      }
+    }
+    const ruleTokens = getRuleNameTokens()
+    const unique = [...new Set(candidates)]
+      .sort((a, b) => scoreHintCandidate(b, ruleTokens) - scoreHintCandidate(a, ruleTokens) || b.length - a.length)
+      .slice(0, 5)
+    ruleHintCache.set(rule, unique)
+    return unique
+  }
+
+  function passesRulePrefilter(rule, lowerResources, getLowerHtml) {
+    if (!rule) return true
+    if (Array.isArray(rule.resourceHints) && rule.resourceHints.length) return true
+    const hints = getRuleAutoHints(rule)
+    if (!hints.length) return true
+    for (const hint of hints) {
+      if (lowerResources && lowerResources.includes(hint)) return true
+    }
+    const lowerHtml = typeof getLowerHtml === 'function' ? getLowerHtml() : getLowerHtml || ''
+    if (!lowerHtml) return false
+    for (const hint of hints) {
+      if (lowerHtml.includes(hint)) return true
+    }
+    return false
+  }
+
+  function shouldMatchTarget(rule, target) {
+    if (!Array.isArray(rule.matchIn) || !rule.matchIn.length) {
+      return true
+    }
+    if (target === 'resources') {
+      return rule.matchIn.some(item => ['resources', 'url', 'dynamic'].includes(item))
+    }
+    if (target === 'html') {
+      return rule.matchIn.some(item => ['html', 'body', 'title'].includes(item))
+    }
+    if (target === 'globals') {
+      return rule.matchIn.some(item => ['html', 'body', 'resources', 'dynamic'].includes(item))
+    }
+    if (target === 'selectors') {
+      return rule.matchIn.some(item => ['html', 'body'].includes(item))
+    }
+    return rule.matchIn.includes(target)
+  }
+
+  function escapeRegExp(value) {
+    return String(value).replace(/[.*+?^${}()|[\]\\]/g, '\\$&')
+  }
+
+  function detectAnalytics(add, resources, html, globalKeys, externalRules) {
+    const text = [location.href, resources.text, html].join('\n')
+    detectJsonRuleList(add, externalRules, {
+      defaultCategory: '统计 / 分析',
+      resources,
+      html: '',
+      text,
+      sourceLabel: 'JSON 统计规则',
+      evidencePrefix: rule => (rule.kind ? rule.kind + '：' : '')
+    })
+  }
+
+  function detectSecurityAndProtocol(add) {
+    if (location.protocol === 'https:') {
+      add('安全与协议', 'HTTPS', '高', '当前页面使用 HTTPS')
+    }
+    const csp = document.querySelector("meta[http-equiv='Content-Security-Policy' i]")
+    if (csp) {
+      add('安全与协议', 'Content Security Policy', '中', '页面包含 CSP meta 标签')
+    }
+    detectHttpProtocolVersion(add)
+  }
+
+  function detectHttpProtocolVersion(add) {
+    let entries
+    try {
+      entries = performance.getEntriesByType('resource')
+    } catch {
+      return
+    }
+    if (!entries || !entries.length) return
+    const protocols = new Set()
+    for (const entry of entries) {
+      const protocol = String(entry?.nextHopProtocol || '').toLowerCase()
+      if (protocol) protocols.add(protocol)
+    }
+    // 取一个最具代表性的样本 URL（便于 evidence 显示）
+    const sampleFor = wanted => {
+      for (const entry of entries) {
+        if (String(entry?.nextHopProtocol || '').toLowerCase() === wanted) return entry.name
+      }
+      return ''
+    }
+    if (protocols.has('h3') || protocols.has('h3-29') || protocols.has('h3-Q050')) {
+      add('安全与协议', 'HTTP/3', '高', `资源使用 HTTP/3 协议（如 ${shortUrl(sampleFor('h3'))}）`)
+    }
+    if (protocols.has('h2') || protocols.has('h2c')) {
+      add('安全与协议', 'HTTP/2', '高', `资源使用 HTTP/2 协议（如 ${shortUrl(sampleFor('h2'))}）`)
+    }
+    // 注意：浏览器对 HTTP/1.x 不再单独标，避免噪音
+  }
+
+  function createCollector(target) {
+    return function add(category, name, confidence, evidence, extras) {
+      const tech: any = {
+        category,
+        name,
+        confidence,
+        evidence: evidence ? [String(evidence)] : [],
+        source: '页面扫描'
+      }
+      if (extras && typeof extras.version === 'string' && extras.version) {
+        tech.version = extras.version
+      }
+      if (extras && typeof extras.url === 'string' && extras.url) {
+        tech.url = extras.url
+      }
+      target.push(tech)
+    }
+  }
+
+  function hasGlobal(path) {
+    try {
+      let value = window
+      for (const key of path.split('.')) {
+        if (value == null || !(key in value)) {
+          return false
+        }
+        value = value[key]
+      }
+      return !isDomNamedGlobal(value)
+    } catch {
+      return false
+    }
+  }
+
+  function isDomNamedGlobal(value) {
+    try {
+      return (
+        (typeof Element !== 'undefined' && value instanceof Element) ||
+        (typeof HTMLCollection !== 'undefined' && value instanceof HTMLCollection) ||
+        (typeof NodeList !== 'undefined' && value instanceof NodeList)
+      )
+    } catch {
+      return false
+    }
+  }
+
+  function hasSelector(selector) {
+    try {
+      return Boolean(document.querySelector(selector))
+    } catch {
+      return false
+    }
+  }
+
+  function hasReactDomMarker() {
+    const nodes = [
+      document.getElementById('root'),
+      document.getElementById('__next'),
+      document.body,
+      ...document.querySelectorAll('[id], [class]')
+    ]
+      .filter(Boolean)
+      .slice(0, 800)
+    for (const node of nodes) {
+      try {
+        if (
+          Object.keys(node).some(
+            key => key.startsWith('__reactFiber$') || key.startsWith('__reactProps$') || key.startsWith('_reactRootContainer')
+          )
+        ) {
+          return true
+        }
+      } catch {
+        continue
+      }
+    }
+    return false
+  }
+
+  function hasClassPrefix(classes, prefix) {
+    return Object.keys(classes).some(name => name.startsWith(prefix))
+  }
+
+  function scoreTailwind(classes) {
+    const tokens = Object.keys(classes)
+    let utilityScore = 0
+    let specificScore = 0
+    let bootstrapScore = 0
+    let distinctUtilityCount = 0
+    let count = 0
+    const TAILWIND_PATTERN =
+      /^(?:sm|md|lg|xl|2xl):|^-?(?:m|p|mt|mr|mb|ml|mx|my|pt|pr|pb|pl|px|py)-|^(?:text|bg|border|ring|shadow|rounded|grid|flex|items|justify|gap|space|w|h|min-w|max-w|min-h|max-h)-|^(?:hover|focus|active|disabled|dark):|\[[^\]]+\]/
+    const TAILWIND_SPECIFIC_PATTERN =
+      /^(?:sm|md|lg|xl|2xl|hover|focus|active|disabled|dark):|^\[[^\]]+\]$|^(?:text|bg|border|ring|from|to|via)-(?:slate|gray|zinc|neutral|stone|red|orange|amber|yellow|lime|green|emerald|teal|cyan|sky|blue|indigo|violet|purple|fuchsia|pink|rose)-(?:50|100|200|300|400|500|600|700|800|900|950)$|^(?:grid-cols|grid-rows|gap|space-x|space-y)-\d+$|^(?:w|h|min-w|max-w|min-h|max-h)-(?:screen|full|fit|min|max|\d+\/\d+)$/
+    const BOOTSTRAP_PATTERN =
+      /^(?:container(?:-(?:fluid|sm|md|lg|xl|xxl))?|row|col(?:-\d+|-(?:sm|md|lg|xl|xxl)(?:-\d+)?)?|btn(?:-.+)?|navbar(?:-.+)?|card(?:-.+)?|dropdown(?:-.+)?|modal(?:-.+)?|form(?:-.+)?|input-group(?:-.+)?|table(?:-.+)?|alert(?:-.+)?|badge(?:-.+)?|d-(?:none|inline|inline-block|block|grid|table|flex|inline-flex)|justify-content-.+|align-items-.+|text-(?:center|start|end|left|right|muted|primary|secondary|success|danger|warning|info|light|dark|white|body|black-50|white-50)|(?:m|p)[tblrxy]?-(?:[0-5]|auto)|mdi(?:-.+)?)$/
+    for (const token of tokens) {
+      if (count++ >= 5000) break
+      if (BOOTSTRAP_PATTERN.test(token)) {
+        const c = classes[token]
+        bootstrapScore += c < 3 ? c : 3
+      }
+      if (TAILWIND_PATTERN.test(token)) {
+        const c = classes[token]
+        utilityScore += c < 3 ? c : 3
+        distinctUtilityCount += 1
+        if (TAILWIND_SPECIFIC_PATTERN.test(token)) {
+          specificScore += c < 3 ? c : 3
+        }
+      }
+    }
+    if (specificScore < 3 && bootstrapScore >= 8) {
+      return 0
+    }
+    if (specificScore < 2 && (distinctUtilityCount < 14 || utilityScore < 24)) {
+      return 0
+    }
+    return utilityScore + specificScore * 4
+  }
+
+  function getMetaContent(name) {
+    return document.querySelector(`meta[name='${cssEscape(name)}' i]`)?.content || ''
+  }
+
+  function cssEscape(value) {
+    if (window.CSS?.escape) {
+      return CSS.escape(value)
+    }
+    return String(value).replace(/'/g, "\\'")
+  }
+
+  function summarizeDomains(urls) {
+    const counts = {}
+    for (const raw of urls) {
+      try {
+        const host = new URL(raw, location.href).hostname
+        counts[host] = (counts[host] || 0) + 1
+      } catch {
+        continue
+      }
+    }
+    return Object.entries(counts)
+      .sort((a, b) => b[1] - a[1])
+      .slice(0, 30)
+      .map(([domain, count]) => ({ domain, count }))
+  }
+
+  function unique(items) {
+    return [...new Set(items)]
+  }
+
+  function shortUrl(raw) {
+    try {
+      const url = new URL(raw, location.href)
+      return `${url.hostname}${url.pathname}`.slice(0, 96)
+    } catch {
+      return String(raw).slice(0, 96)
+    }
+  }
+}
diff --git a/src/injected/page-detector.ts b/src/injected/page-detector.ts
index e4ac6834..78674f1b 100644
--- a/src/injected/page-detector.ts
+++ b/src/injected/page-detector.ts
@@ -1,1639 +1,33 @@
 // @ts-nocheck
-/* eslint-disable */
 
-const yieldToMainThread = () => new Promise(resolve => setTimeout(resolve, 0))
-
-const detectPageTechnologies = async (ruleConfig: Record<string, unknown> = {}) => {
-  const technologies = []
-  const ruleRegexCache = new WeakMap()
-  const ruleCombinedCache = new WeakMap()
-  const ruleHintCache = new WeakMap()
-  const resources = collectResources()
-  const classTokens = collectClassTokens()
-  const cssVariables = collectCssVariables()
-  const documentHtmlSample = getHtmlSample()
-  const globalKeys = safeGlobalKeys()
-  const add = createCollector(technologies)
-  const phpRuntimeTechnologyNames = new Set(
-    [
-      'WordPress',
-      'ThinkPHP',
-      'Discuz!',
-      'phpBB',
-      'Drupal',
-      'Joomla',
-      'Typecho',
-      'Z-BlogPHP',
-      'Emlog',
-      'Magento / Adobe Commerce',
-      'OpenCart',
-      'PrestaShop',
-      'DedeCMS',
-      'EmpireCMS',
-      'PHPCMS',
-      'PHPWind',
-      'BBSXP',
-      'HDWiki',
-      'MediaWiki',
-      'Laravel',
-      'Laravel Livewire',
-      'Symfony',
-      'Yii',
-      'CodeIgniter',
-      'CakePHP',
-      'Laminas / Zend Framework',
-      'Zend Framework',
-      'Swoole',
-      'OpenSwoole',
-      'FrankenPHP'
-    ].map(normalizeRuleName)
-  )
-
-  await yieldToMainThread()
-  detectFrontendFrameworks(add, resources, classTokens, documentHtmlSample, globalKeys, ruleConfig.frontendFrameworks || [])
-  detectUiFrameworks(add, resources, classTokens, cssVariables, documentHtmlSample, ruleConfig.uiFrameworks || [])
-  detectAdditionalFrontendTechnologies(add, resources, classTokens, documentHtmlSample, ruleConfig.frontendExtra || [])
-  detectMinifiedScriptFallback(add, resources, technologies)
-
-  await yieldToMainThread()
-  detectBuildAndRuntime(add, resources, documentHtmlSample, globalKeys, ruleConfig.buildRuntime || [])
-  detectCdnAndHosting(add, resources, ruleConfig.cdnProviders || [])
-  detectBackendFrameworkHints(add, resources, documentHtmlSample, ruleConfig.backendHints || [])
-  detectCmsAndCommerce(add, resources, documentHtmlSample, ruleConfig.websitePrograms || [])
-
-  await yieldToMainThread()
-  detectWebsitePrograms(add, resources, documentHtmlSample, globalKeys, ruleConfig.websitePrograms || [])
-  detectCmsThemesAndSource(
-    add,
-    resources,
-    classTokens,
-    documentHtmlSample,
-    globalKeys,
-    ruleConfig.cmsThemes || [],
-    ruleConfig.dynamicAssetExtractors || []
-  )
-  detectProbeTools(add, resources, documentHtmlSample, globalKeys, ruleConfig.probes || [])
-  detectProgrammingLanguages(add, resources, documentHtmlSample, globalKeys, ruleConfig.languages || [])
-
-  await yieldToMainThread()
-  inferLanguagesFromDetectedTechnologies(add, technologies)
-  detectFeeds(add, resources, documentHtmlSample, ruleConfig.feeds || [])
-  detectSaasServices(add, resources, documentHtmlSample, globalKeys, ruleConfig.saasServices || [])
-  detectThirdPartyLogins(add, resources, documentHtmlSample, globalKeys, ruleConfig.thirdPartyLogins || [])
-
-  await yieldToMainThread()
-  detectPaymentSystems(add, resources, documentHtmlSample, globalKeys, ruleConfig.paymentSystems || [])
-  detectAnalytics(add, resources, documentHtmlSample, globalKeys, ruleConfig.analyticsProviders || [])
-  detectCustomRules(add, resources, documentHtmlSample, globalKeys, ruleConfig.customRules || [])
-  detectSecurityAndProtocol(add)
-
-  return {
-    url: location.href,
-    title: document.title,
-    generatedAt: new Date().toISOString(),
-    technologies: suppressDuplicateWebsiteProgramCategories(
-      suppressFrontendAliasTechnologies(suppressFrontendFallbackDuplicates(technologies))
-    ),
-    resources: {
-      total: resources.all.length,
-      scripts: resources.scripts.slice(0, 120),
-      stylesheets: resources.stylesheets.slice(0, 120),
-      resourceTiming: resources.resourceTiming.slice(0, 220),
-      all: resources.all.slice(0, 300),
-      themeAssetUrls: resources.all.filter(url => /\/wp-content\/themes\//i.test(url)).slice(0, 80),
-      resourceDomains: summarizeDomains(resources.all),
-      cssVariableCount: cssVariables.names.length,
-      metaGenerator: getMetaContent('generator'),
-      manifest: document.querySelector("link[rel='manifest']")?.href || null
-    }
-  }
-
-  function collectResources() {
-    const scripts = [...document.scripts].map(script => script.src).filter(isInspectableResourceUrl)
-    const stylesheets = [...document.querySelectorAll("link[rel~='stylesheet'], link[as='style']")]
-      .map(link => link.href)
-      .filter(isInspectableResourceUrl)
-    const resourceTiming = performance
-      .getEntriesByType('resource')
-      .map(entry => entry.name)
-      .filter(isInspectableResourceUrl)
-    const images = [...document.images]
-      .map(image => image.currentSrc || image.src)
-      .filter(isInspectableResourceUrl)
-      .slice(0, 200)
-    const all = unique([...scripts, ...stylesheets, ...resourceTiming, ...images])
-    return { scripts, stylesheets, resourceTiming, images, all, text: all.join('\n').toLowerCase() }
-  }
-
-  function collectClassTokens() {
-    const counts = {}
-    const nodes = document.querySelectorAll('[class]')
-    const limit = Math.min(nodes.length, 1000)
-    for (let i = 0; i < limit; i++) {
-      const list = nodes[i].classList
-      if (list && list.length) {
-        for (let j = 0; j < list.length; j++) {
-          const token = list[j]
-          if (!token) continue
-          counts[token] = (counts[token] || 0) + 1
-        }
-        continue
-      }
-      const raw = typeof nodes[i].className === 'string' ? nodes[i].className : nodes[i].getAttribute('class') || ''
-      if (!raw) continue
-      for (const token of raw.split(/\s+/)) {
-        if (!token) continue
-        counts[token] = (counts[token] || 0) + 1
-      }
-    }
-    return counts
-  }
-
-  function collectCssVariables() {
-    const names = new Set()
-    const values = {}
-    const targets = [document.documentElement, document.body].filter(Boolean)
-
-    for (const target of targets) {
-      try {
-        const style = getComputedStyle(target)
-        for (let index = 0; index < style.length; index += 1) {
-          const name = style.item(index)
-          if (!name || !name.startsWith('--')) {
-            continue
-          }
-          names.add(name)
-          if (!values[name]) {
-            values[name] = style.getPropertyValue(name).trim().slice(0, 160)
-          }
-        }
-      } catch {
-        continue
-      }
-    }
-
-    const orderedNames = [...names].slice(0, 500)
-    return {
-      names: orderedNames,
-      values,
-      text: orderedNames
-        .map(name => `${name}: ${values[name] || ''}`)
-        .join('\n')
-        .toLowerCase()
-    }
-  }
-
-  function getHtmlSample() {
-    const html = document.documentElement?.outerHTML || ''
-    return stripInlineDataUrls(html).slice(0, 500000).toLowerCase()
-  }
-
-  function isInspectableResourceUrl(value) {
-    const url = String(value || '').trim()
-    return Boolean(url) && !/^(?:data|blob|javascript|about):/i.test(url)
-  }
-
-  function stripInlineDataUrls(value) {
-    return String(value || '').replace(/data:[^"'()<>\s]+/gi, '[inline-data-url]')
-  }
-
-  function safeGlobalKeys() {
-    try {
-      return Object.keys(window).slice(0, 5000)
-    } catch {
-      return []
-    }
-  }
-
-  function detectFrontendFrameworks(add, resources, classes, html, globalKeys, externalRules) {
-    if (hasReactDomMarker()) {
-      add('前端框架', 'React', '高', 'DOM 节点存在 React Fiber 标记')
-    }
-
-    detectJsonRuleList(add, externalRules, {
-      defaultCategory: '前端框架',
-      resources,
-      classes,
-      html,
-      text: `${resources.text}\n${html}\n${globalKeys.join('\n')}`,
-      resourceConfidence: '中',
-      sourceLabel: 'JSON 前端框架规则'
-    })
-  }
-
-  function detectUiFrameworks(add, resources, classes, cssVariables, html, externalRules) {
-    const atomicCssOrigin = detectAtomicCssOrigin(cssVariables)
-    if (atomicCssOrigin === 'unocss') {
-      add('UI / CSS 框架', 'UnoCSS', '高', '存在 --un-* CSS 变量(UnoCSS 默认前缀)')
-    } else if (atomicCssOrigin === 'tailwind') {
-      add('UI / CSS 框架', 'Tailwind CSS', '高', '存在 --tw-* CSS 变量(Tailwind 默认前缀)')
-    } else if (scoreTailwind(classes) >= 10) {
-      add('UI / CSS 框架', 'Tailwind CSS', '中', '存在大量 Tailwind 风格原子类名')
-    }
-
-    detectJsonRuleList(add, externalRules, {
-      defaultCategory: 'UI / CSS 框架',
-      resources,
-      classes,
-      cssVariables,
-      html,
-      text: `${resources.text}\n${html}\n${cssVariables.text}`,
-      resourceConfidence: '中',
-      sourceLabel: 'JSON UI 框架规则'
-    })
-  }
-
-  function detectAtomicCssOrigin(cssVariables) {
-    const names = cssVariables?.names || []
-    let hasUn = false
-    let hasTw = false
-    for (const name of names) {
-      if (!hasUn && name.startsWith('--un-')) hasUn = true
-      if (!hasTw && name.startsWith('--tw-')) hasTw = true
-      if (hasUn && hasTw) break
-    }
-    if (hasUn) return 'unocss'
-    if (hasTw) return 'tailwind'
-
-    try {
-      for (const sheet of document.styleSheets) {
-        let rules
-        try {
-          rules = sheet.cssRules
-        } catch {
-          continue
-        }
-        if (!rules) continue
-        const limit = rules.length < 400 ? rules.length : 400
-        for (let i = 0; i < limit; i++) {
-          const text = rules[i]?.cssText || ''
-          if (!hasUn && text.includes('--un-')) hasUn = true
-          if (!hasTw && text.includes('--tw-')) hasTw = true
-          if (hasUn || hasTw) break
-        }
-        if (hasUn || hasTw) break
-      }
-    } catch {
-      // ignore
-    }
-
-    if (hasUn) return 'unocss'
-    if (hasTw) return 'tailwind'
-    return ''
-  }
-
-  function detectAdditionalFrontendTechnologies(add, resources, classes, html, externalRules) {
-    const text = `${resources.text}\n${html}`
-    detectJsonRuleList(add, externalRules, {
-      defaultCategory: '前端库',
-      resources,
-      classes,
-      html,
-      text,
-      resourceConfidence: '中',
-      sourceLabel: 'JSON 前端补充规则'
-    })
-  }
-
-  function detectMinifiedScriptFallback(add, resources, currentTechnologies) {
-    const knownNames = new Set(currentTechnologies.map(tech => normalizeFallbackTechName(tech.name)))
-    const seen = new Set()
-    const scriptUrls = unique([...(resources.scripts || []), ...(resources.resourceTiming || [])])
-    for (const rawUrl of scriptUrls) {
-      const info = extractMinifiedScriptLibrary(rawUrl)
-      if (!info) {
-        continue
-      }
-      const normalized = normalizeFallbackTechName(info.name)
-      if (!normalized || seen.has(normalized) || knownNames.has(normalized)) {
-        continue
-      }
-      seen.add(normalized)
-      add('前端库', `疑似前端库: ${info.name}`, '低', `兜底识别：根据脚本文件名 ${info.fileName} 判断，未匹配到内置规则或官网链接`)
-      if (seen.size >= 20) {
-        break
-      }
-    }
-  }
-
-  function extractMinifiedScriptLibrary(rawUrl) {
-    let pathname = ''
-    try {
-      pathname = new URL(rawUrl, location.href).pathname
-    } catch {
-      pathname = String(rawUrl || '').split(/[?#]/)[0]
-    }
-    if (/\/wp-includes\/js\/dist\//i.test(pathname)) {
-      return null
-    }
-    const fileName = safeDecodeURIComponent(pathname.split('/').filter(Boolean).pop() || '')
-    if (!/\.js$/i.test(fileName) || !/(?:^|[.-])min\.js$/i.test(fileName)) {
-      return null
-    }
-
-    let name = fileName
-      .replace(/\.js$/i, '')
-      .replace(
-        /(?:[._-](?:min|prod|production|development|dev|bundle|bundled|umd|esm|cjs|iife|global|runtime|legacy|modern|browser|web|all|full))+$/gi,
-        ''
-      )
-      .replace(/(?:[._-]pkgd)$/i, '')
-      .replace(/(?:[._-]v?\d+(?:\.\d+){1,4})$/i, '')
-      .replace(/(?:[._-][a-f0-9]{7,})$/i, '')
-      .replace(/^npm\./i, '')
-      .replace(/^@/, '')
-      .trim()
-
-    if (!isLikelyLibraryFileName(name)) {
-      return null
-    }
-    return { name, fileName }
-  }
-
-  function isLikelyLibraryFileName(name) {
-    if (!name || name.length < 2 || name.length > 60) {
-      return false
-    }
-    if (!/[a-z]/i.test(name)) {
-      return false
-    }
-    if (/^[a-f0-9]{8,}$/i.test(name) || /^[a-z0-9_-]{18,}$/i.test(name)) {
-      return false
-    }
-    const genericNames = new Set([
-      'app',
-      'application',
-      'message',
-      'main',
-      'index',
-      'home',
-      'base',
-      'core',
-      'common',
-      'commons',
-      'global',
-      'runtime',
-      'manifest',
-      'vendor',
-      'vendors',
-      'chunk',
-      'chunks',
-      'bundle',
-      'bundles',
-      'min',
-      'prod',
-      'production',
-      'development',
-      'dev',
-      'dist',
-      'all',
-      'full',
-      'browser',
-      'web',
-      'modern',
-      'legacy',
-      'umd',
-      'esm',
-      'cjs',
-      'iife',
-      'module',
-      'modules',
-      'plugin',
-      'plugins',
-      'lib',
-      'libs',
-      'cdn',
-      'scripts',
-      'script',
-      'custom',
-      'theme',
-      'frontend',
-      'backend',
-      'admin',
-      'site',
-      'page',
-      'public',
-      'static',
-      'lazyload',
-      'polyfill',
-      'polyfills',
-      'webpack',
-      'vite',
-      'parcel',
-      'rollup',
-      'esbuild',
-      'swc',
-      'turbopack',
-      'rspack',
-      'require',
-      'requirejs',
-      'system',
-      'systemjs',
-      // 文档站 / 内容站常见的搜索 worker 文件名（mkdocs / docusaurus / vitepress 等都叫这名），
-      // 真实的搜索库（Lunr / FlexSearch / Pagefind / Algolia）会通过专用规则或官方版权注释命中
-      'search',
-      // 通用名，几乎所有站点都有但不属于公共库
-      'sdk',
-      'analytics',
-      'tracker',
-      'tracking',
-      'beacon',
-      'pixel',
-      // 站点自身的内部脚本，不是公共库
-      'tgwallpaper',
-      'jsbin'
-    ])
-    if (genericNames.has(name.toLowerCase())) {
-      return false
-    }
-    // vscode.dev / 微软系站点的内部脚本：ms.core / ms.post / ms.deploy 等
-    if (/^ms\.[a-z0-9_-]+$/i.test(name)) {
-      return false
-    }
-    // Microsoft AB-test 客户端、Read the Docs 广告脚本、通用 svg loader 等不是公共库
-    if (/^(?:tas-client|ethicalads|svg-loader)$/i.test(name)) {
-      return false
-    }
-    return true
-  }
-
-  function normalizeFallbackTechName(name) {
-    const normalized = String(name || '')
-      .toLowerCase()
-      .replace(/^疑似前端库:\s*/, '')
-      .replace(/(?:\.js|js)$/i, '')
-      .replace(/(?:[._-]pkgd)$/i, '')
-      .replace(/[^a-z0-9\u4e00-\u9fa5]+/g, '')
-    const aliases = {
-      clipboardjs: 'clipboard',
-      jquerycompat: 'jquery',
-      imagesloadedjs: 'imagesloaded',
-      layerjs: 'layer',
-      slickcarousel: 'slick',
-      twitterbootstrap: 'bootstrap',
-      vuejs: 'vue'
-    }
-    return aliases[normalized] || normalized
-  }
-
-  function suppressFrontendAliasTechnologies(items) {
-    if (!Array.isArray(items) || !items.length) {
-      return []
-    }
-    const aliases = {
-      angular: { category: '前端框架', name: 'Angular' },
-      jquery: { category: '前端框架', name: 'jQuery' },
-      jquerycompat: { category: '前端框架', name: 'jQuery' },
-      layer: { category: '前端库', name: 'Layer.js' },
-      preact: { category: '前端框架', name: 'Preact' },
-      react: { category: '前端框架', name: 'React' },
-      svelte: { category: '前端框架', name: 'Svelte' },
-      twitterbootstrap: { category: 'UI / CSS 框架', name: 'Bootstrap' },
-      vue: { category: '前端框架', name: 'Vue' }
-    }
-    const frontendCategories = new Set(['前端库', '前端框架', 'UI / CSS 框架'])
-    return items.map(item => {
-      if (!frontendCategories.has(item?.category)) {
-        return item
-      }
-      const key = String(item?.name || '')
-        .toLowerCase()
-        .replace(/^疑似前端库:\s*/, '')
-        .replace(/(?:\.js|js)$/i, '')
-        .replace(/(?:[._-]pkgd)$/i, '')
-        .replace(/[^a-z0-9\u4e00-\u9fa5]+/g, '')
-      const canonical = aliases[key]
-      return canonical ? { ...item, category: canonical.category, name: canonical.name } : item
-    })
-  }
-
-  function suppressFrontendFallbackDuplicates(items) {
-    if (!Array.isArray(items) || !items.length) {
-      return []
-    }
-
-    // 任何已识别的技术都用来消重，避免 SaaS / 统计 / 第三方登录 / 支付 类目里已经命中的库
-    // 同名脚本（如 filestack.min.js 已识别为 Filestack SaaS）还被兜底再加一条「疑似前端库」
-    const knownNames = new Set(
-      items
-        .filter(item => !isFrontendFallback(item))
-        .map(item => normalizeFallbackTechName(item.name))
-        .filter(Boolean)
-    )
-    if (!knownNames.size) {
-      return items
-    }
-
-    return items.filter(item => !isFrontendFallback(item) || !knownNames.has(normalizeFallbackTechName(item.name)))
-  }
-
-  function isFrontendFallback(item) {
-    return item?.category === '前端库' && /^疑似前端库:/i.test(String(item?.name || '').trim())
-  }
-
-  function detectBuildAndRuntime(add, resources, html, globalKeys, externalRules) {
-    if (navigator.serviceWorker?.controller) {
-      add('构建与运行时', 'Service Worker', '中', '当前页面受 Service Worker 控制')
-    }
-
-    detectJsonRuleList(add, externalRules, {
-      defaultCategory: '构建与运行时',
-      resources,
-      html,
-      text: `${resources.text}\n${html}\n${globalKeys.join('\n')}`,
-      sourceLabel: 'JSON 构建运行时规则'
-    })
-  }
-
-  function detectCdnAndHosting(add, resources, externalRules) {
-    detectJsonRuleList(add, externalRules, {
-      defaultCategory: 'CDN / 托管',
-      resources,
-      text: resources.text,
-      resourceOnly: true,
-      sourceLabel: 'JSON CDN 规则'
-    })
-
-    const privateCdnMatches = collectPrivateCdnMatches(resources.all)
-    if (privateCdnMatches.length) {
-      add(
-        'CDN / 托管',
-        '自定义 / 私有 CDN',
-        '低',
-        privateCdnMatches.length + ' 个资源域名疑似私有 CDN，如 ' + privateCdnMatches.slice(0, 3).join('、')
-      )
-    }
-  }
-
-  function collectPrivateCdnMatches(urls) {
-    const pageHost = location.hostname.replace(/^www\./, '')
-    const hosts = new Set()
-    for (const raw of urls) {
-      try {
-        const host = new URL(raw, location.href).hostname.toLowerCase()
-        const normalizedHost = host.replace(/^www\./, '')
-        if (normalizedHost === pageHost) {
-          continue
-        }
-        if (isKnownThirdPartyServiceHost(normalizedHost)) {
-          continue
-        }
-        if (
-          /(^cdn\d*\.|\.cdn\d*\.|-cdn\d*\.|^static\d*\.|\.static\d*\.|^assets\d*\.|\.assets\d*\.|^edge\d*\.|\.edge\d*\.|^media\d*\.)/.test(
-            host
-          )
-        ) {
-          hosts.add(host)
-        }
-      } catch {
-        continue
-      }
-    }
-    return [...hosts].slice(0, 20)
-  }
-
-  function isKnownThirdPartyServiceHost(host) {
-    return /^(?:static\.cloudflareinsights\.com|challenges\.cloudflare\.com)$/i.test(host)
-  }
-
-  function detectBackendFrameworkHints(add, resources, html, externalRules) {
-    const text = [location.href, resources.text, html].join('\n')
-    detectJsonRuleList(add, externalRules, {
-      defaultCategory: '后端 / 服务器框架',
-      resources,
-      html,
-      text,
-      sourceLabel: 'JSON 后端规则'
-    })
-  }
-
-  function detectCmsAndCommerce(add, resources, html, externalRules) {
-    const generator = (getMetaContent('generator') || '').toLowerCase()
-    const text = [resources.text, html, 'generator: ' + generator].join('\n')
-    detectJsonRuleList(add, filterCmsAndCommerceRules(externalRules), {
-      defaultCategory: 'CMS / 电商平台',
-      resources,
-      html,
-      text,
-      sourceLabel: 'JSON CMS / 电商平台规则'
-    })
-  }
-
-  function filterCmsAndCommerceRules(rules) {
-    if (!Array.isArray(rules)) {
-      return []
-    }
-    return rules.filter(rule => normalizeRuleName(rule.name) !== 'wordpress')
-  }
-
-  function normalizeRuleName(name) {
-    return String(name || '')
-      .toLowerCase()
-      .replace(/[^a-z0-9\u4e00-\u9fa5]+/g, '')
-  }
-
-  function hasTechnology(items, category, name) {
-    const normalizedName = normalizeRuleName(name)
-    return items.some(item => item?.category === category && normalizeRuleName(item.name) === normalizedName)
-  }
-
-  function isPhpRuntimeSourceTechnology(item) {
-    return phpRuntimeTechnologyNames.has(normalizeRuleName(item?.name))
-  }
-
-  function phpRuntimeInferenceEvidence(item) {
-    const name = String(item?.name || '').trim() || 'PHP 系技术'
-    if (item?.category === '后端 / 服务器框架') {
-      return `由 ${name} 后端框架推断 PHP 后端运行时`
-    }
-    if (item?.category === '网站程序' || item?.category === 'CMS / 电商平台') {
-      return `由 ${name} 站点程序推断 PHP 后端运行时`
-    }
-    return `由 ${name} 技术线索推断 PHP 后端运行时`
-  }
-
-  function inferLanguagesFromDetectedTechnologies(add, items) {
-    if (hasTechnology(items, '开发语言 / 运行时', 'PHP')) {
-      return
-    }
-    const source = items.find(isPhpRuntimeSourceTechnology)
-    if (source) {
-      add('开发语言 / 运行时', 'PHP', '中', phpRuntimeInferenceEvidence(source))
-    }
-  }
-
-  function suppressDuplicateWebsiteProgramCategories(items) {
-    if (!Array.isArray(items) || !items.length) {
-      return []
-    }
-
-    const websiteProgramNames = new Set(
-      items
-        .filter(item => item?.category === '网站程序')
-        .map(item => normalizeRuleName(item.name))
-        .filter(Boolean)
-    )
-    if (!websiteProgramNames.size) {
-      return items
-    }
-
-    return items.filter(item => item?.category !== 'CMS / 电商平台' || !websiteProgramNames.has(normalizeRuleName(item.name)))
-  }
-
-  function detectCmsThemesAndSource(add, resources, classes, html, globalKeys, externalRules, assetExtractors = []) {
-    const assetText = `${location.href}
-${resources.all.join('\n')}`
-    const text = `${assetText}
-${html}`
-    const normalizedText = text.toLowerCase()
-    const normalizedAssetText = assetText.toLowerCase()
-
-    for (const extractor of assetExtractors) {
-      collectAssetDirectoryMatches(add, assetText, normalizedAssetText, extractor)
-    }
-
-    try {
-      const shopifyTheme = window.Shopify?.theme
-      if (shopifyTheme?.name) {
-        add(
-          '主题 / 模板',
-          `Shopify 主题: ${String(shopifyTheme.name).slice(0, 80)}`,
-          '高',
-          `存在 window.Shopify.theme${shopifyTheme.id ? `，theme id: ${shopifyTheme.id}` : ''}`
+import { detectPageTechnologies } from './page-detector-runtime'
+
+const runDefaultPageDetection = () => {
+  const __spRules = (window as any).__SP_RULES__ ?? {}
+  ;(window as any).__SP_RULES__ = undefined
+  const __spStart = performance.now()
+  return detectPageTechnologies(__spRules).then(result => {
+    try {
+      if (localStorage.getItem('__sp_observer_debug__') === '1') {
+        const __spDuration = performance.now() - __spStart
+        console.log(
+          '[StackPrism page-detector] 耗时',
+          __spDuration.toFixed(1) + 'ms',
+          '| 识别',
+          result?.technologies?.length || 0,
+          '项 |',
+          'resources',
+          result?.resources?.total || 0
         )
-      } else if (shopifyTheme?.id) {
-        add('主题 / 模板', `Shopify 主题 ID: ${shopifyTheme.id}`, '中', '存在 window.Shopify.theme.id')
-      }
-    } catch {
-      // 忽略跨站脚本或代理对象异常。
-    }
-
-    detectJsonRuleList(add, externalRules, {
-      defaultCategory: '主题 / 模板',
-      resources,
-      classes,
-      html,
-      text,
-      sourceLabel: 'JSON 主题模板规则',
-      evidencePrefix: rule => (rule.kind ? `${rule.kind}：` : '')
-    })
-  }
-
-  function collectAssetDirectoryMatches(add, text, normalizedText, extractor) {
-    const requires = compileAssetPattern(extractor.requires)
-    if (requires && !requires.test(normalizedText)) {
-      return
-    }
-
-    let count = 0
-    const limit = extractor.limit || 12
-    const seen = new Set()
-    const pattern = compileAssetPattern(extractor.pattern, 'gi')
-    if (!pattern) {
-      return
-    }
-    let match
-    while ((match = pattern.exec(text)) && count < limit) {
-      const groups = match.slice(1).map(cleanAssetSlug)
-      if (groups.some(value => !value)) {
-        continue
-      }
-      const value = extractor.format === 'joinSlash' ? groups.join('/') : groups[0]
-      const key = `${extractor.category}::${extractor.label}::${value}`.toLowerCase()
-      if (seen.has(key)) {
-        continue
-      }
-      seen.add(key)
-      count += 1
-      add(extractor.category, `${extractor.label}: ${value}`, '高', `资源或源码路径包含 ${shortPathEvidence(match[0])}`)
-    }
-  }
-
-  function compileAssetPattern(pattern, defaultFlags = 'i') {
-    if (!pattern) {
-      return null
-    }
-    try {
-      const source = pattern instanceof RegExp ? pattern.source : String(pattern)
-      return new RegExp(source, defaultFlags)
-    } catch {
-      return null
-    }
-  }
-
-  function cleanAssetSlug(value) {
-    const decoded = safeDecodeURIComponent(String(value || ''))
-      .replace(/\\/g, '/')
-      .replace(/['")<>]/g, '')
-      .trim()
-    if (!decoded || decoded.length > 90 || decoded.includes('/') || /[*{}[\]]/.test(decoded)) {
-      return ''
-    }
-    if (!/[a-z0-9\u4e00-\u9fa5]/i.test(decoded)) {
-      return ''
-    }
-    if (/^(?:assets?|static|public|dist|build|cache|css|js|img|images?|fonts?|vendor)$/i.test(decoded)) {
-      return ''
-    }
-    return decoded
-  }
-
-  function safeDecodeURIComponent(value) {
-    try {
-      return decodeURIComponent(value)
-    } catch {
-      return value
-    }
-  }
-
-  function shortPathEvidence(value) {
-    return String(value || '')
-      .replace(/\s+/g, ' ')
-      .slice(0, 160)
-  }
-
-  function detectSaasServices(add, resources, html, globalKeys, externalRules) {
-    const text = [resources.text, html].join('\n')
-    detectJsonRuleList(add, externalRules, {
-      defaultCategory: 'SaaS / 第三方服务',
-      resources,
-      html,
-      text,
-      sourceLabel: 'JSON SaaS 规则',
-      evidencePrefix: rule => (rule.kind ? rule.kind + '：' : '')
-    })
-  }
-
-  function detectWebsitePrograms(add, resources, html, globalKeys, externalRules) {
-    detectJsonRuleList(add, externalRules, {
-      defaultCategory: '网站程序',
-      resources,
-      html,
-      text: `${resources.text}\n${html}`,
-      sourceLabel: 'JSON 网站程序规则',
-      evidencePrefix: rule => (rule.kind ? `${rule.kind}：` : '')
-    })
-  }
-
-  function detectProbeTools(add, resources, html, globalKeys, externalRules) {
-    const titleText = document.title ? `\n${document.title}` : ''
-    const appMetadataText = [getMetaContent('apple-mobile-web-app-title'), getMetaContent('application-name')].filter(Boolean).join('\n')
-    const appMetadata = appMetadataText ? `\n${appMetadataText}` : ''
-    detectJsonRuleList(add, externalRules, {
-      defaultCategory: '探针 / 监控',
-      resources,
-      html: '',
-      text: `${location.href}\n${resources.text}${titleText}${appMetadata}`,
-      sourceLabel: 'JSON 探针规则',
-      evidencePrefix: rule => (rule.kind ? `${rule.kind}：` : '')
-    })
-  }
-
-  function detectThirdPartyLogins(add, resources, html, globalKeys, externalRules) {
-    const titleText = document.title ? `\n${document.title}` : ''
-    const bodyText = document.body?.innerText ? `\n${document.body.innerText.slice(0, 100000)}` : ''
-    detectJsonRuleList(add, externalRules, {
-      defaultCategory: '第三方登录 / OAuth',
-      resources,
-      html,
-      text: `${resources.text}\n${html}${titleText}${bodyText}`,
-      sourceLabel: 'JSON 第三方登录规则',
-      evidencePrefix: rule => (rule.kind ? `${rule.kind}：` : '')
-    })
-  }
-
-  function detectPaymentSystems(add, resources, html, globalKeys, externalRules) {
-    const bodyText = document.body?.innerText ? `\n${document.body.innerText.slice(0, 80000)}` : ''
-    detectJsonRuleList(add, externalRules, {
-      defaultCategory: '支付系统',
-      resources,
-      html,
-      text: `${location.href}\n${resources.text}\n${html}${bodyText}`,
-      sourceLabel: 'JSON 支付规则',
-      evidencePrefix: rule => (rule.kind ? `${rule.kind}：` : '')
-    })
-  }
-
-  function detectCustomRules(add, resources, html, globalKeys, externalRules) {
-    const bodyText = document.body?.innerText ? `\n${document.body.innerText.slice(0, 120000)}` : ''
-    const text = [location.href, document.title, resources.text, html, bodyText, globalKeys.join('\n')].join('\n')
-    detectJsonRuleList(add, externalRules, {
-      defaultCategory: '其他库',
-      resources,
-      html,
-      text,
-      sourceLabel: '自定义页面规则',
-      evidencePrefix: rule => (rule.kind ? `${rule.kind}：` : '')
-    })
-  }
-
-  function detectProgrammingLanguages(add, resources, html, globalKeys, externalRules) {
-    detectJsonRuleList(add, externalRules, {
-      defaultCategory: '开发语言 / 运行时',
-      resources,
-      html,
-      text: `${resources.text}\n${html}`,
-      sourceLabel: 'JSON 语言规则',
-      evidencePrefix: rule => (rule.kind ? `${rule.kind}：` : '')
-    })
-  }
-
-  function detectFeeds(add, resources, html, externalRules) {
-    const feedLinks = [...document.querySelectorAll("link[rel~='alternate']")]
-      .map(link => ({
-        href: link.href || link.getAttribute('href') || '',
-        type: (link.type || '').toLowerCase(),
-        title: link.title || ''
-      }))
-      // 只接受真正的 feed 类型，避免 application/json+oembed 这种非 feed 的备用链接被误算成 JSON Feed
-      .filter(
-        link =>
-          link.href &&
-          !/oembed/.test(`${link.type} ${link.href}`.toLowerCase()) &&
-          /(?:rss|atom|jsonfeed|feed\+json|json\+feed|application\/feed|\.rss\b|\.atom\b|\/feed(?:\/|\.json|$|\?)|\/rss(?:\/|$|\?)|\/atom(?:\/|$|\?))/.test(
-            `${link.type} ${link.href}`.toLowerCase()
-          )
-      )
-
-    for (const link of feedLinks.slice(0, 20)) {
-      const name = feedNameFromType(link.type, link.href)
-      add('RSS / 订阅', name, '高', `发现 feed 链接：${shortUrl(link.href)}${link.title ? ` (${link.title})` : ''}`)
-    }
-
-    detectJsonRuleList(add, externalRules, {
-      defaultCategory: 'RSS / 订阅',
-      resources,
-      html,
-      text: `${resources.text}\n${html}`,
-      sourceLabel: 'JSON Feed 规则',
-      confidence: '中'
-    })
-  }
-
-  function feedNameFromType(type, href) {
-    const value = `${type} ${href}`.toLowerCase()
-    if (value.includes('atom')) {
-      return 'Atom Feed'
-    }
-    if (value.includes('json')) {
-      return 'JSON Feed'
-    }
-    return 'RSS Feed'
-  }
-
-  function detectJsonRuleList(add, rules, context) {
-    if (!Array.isArray(rules) || !rules.length) {
-      return
-    }
-
-    for (const rule of rules) {
-      const match = matchJsonRule(rule, context)
-      if (!match) {
-        continue
-      }
-      const confidence = match.confidence || context.confidence || rule.confidence || '中'
-      const prefix = typeof context.evidencePrefix === 'function' ? context.evidencePrefix(rule) : context.evidencePrefix || ''
-      const extras: { version?: string; url?: string } = {}
-      if (match.version) extras.version = match.version
-      if (rule.url) extras.url = rule.url
-      add(
-        rule.category || context.defaultCategory || '其他库',
-        rule.name,
-        confidence,
-        `${prefix}${match.evidence}`,
-        Object.keys(extras).length ? extras : undefined
-      )
-    }
-  }
-
-  // 从命中的资源 URL 里抽版本号:覆盖 cdn / npm / 自托管几种常见 URL 形态
-  // 例:cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js → 3.6.0
-  //     unpkg.com/react@18.3.1/umd/react.production.min.js → 18.3.1
-  //     /assets/swiper-bundle-9.4.1.min.js → 9.4.1
-  function extractVersionFromUrl(rule, url) {
-    if (!url || typeof url !== 'string') return ''
-    const name = String(rule?.name || '').trim()
-    if (!name) return ''
-    const escape = s => s.replace(/[.*+?^${}()|[\]\\]/g, '\\$&')
-    const npmToken = name
-      .toLowerCase()
-      .replace(/\.js$/i, '')
-      .replace(/\s*\/\s*.*$/, '')
-      .replace(/\s+/g, '-')
-      .replace(/[^a-z0-9@_-]/gi, '')
-    const tokens = [npmToken, name.toLowerCase()].filter(Boolean)
-    for (const token of tokens) {
-      const esc = escape(token)
-      // 形式 1:`<token>@X.Y.Z`(unpkg / jsdelivr)
-      const m1 = new RegExp('[/@]' + esc + '@(\\d+\\.\\d+(?:\\.\\d+)?)', 'i').exec(url)
-      if (m1) return m1[1]
-      // 形式 2:`/<token>/X.Y.Z/`(cdnjs 风格)
-      const m2 = new RegExp('/' + esc + '/(\\d+\\.\\d+(?:\\.\\d+)?)/', 'i').exec(url)
-      if (m2) return m2[1]
-      // 形式 3:`/<token>-X.Y.Z.(?:min\\.)?js`(自托管直接命名)
-      const m3 = new RegExp('/' + esc + '[-._](\\d+\\.\\d+(?:\\.\\d+)?)\\.(?:min\\.)?(?:m?js|css)', 'i').exec(url)
-      if (m3) return m3[1]
-    }
-    return ''
-  }
-
-  // 比较两个 semver 字符串("3.10.0" > "3.9.0",字典序则相反):用作 sort comparator
-  function compareSemver(a, b) {
-    const parse = (s: string) =>
-      String(s || '')
-        .split('.')
-        .map(x => parseInt(x, 10) || 0)
-    const aa = parse(a)
-    const bb = parse(b)
-    const len = Math.max(aa.length, bb.length)
-    for (let i = 0; i < len; i++) {
-      const av = aa[i] || 0
-      const bv = bb[i] || 0
-      if (av !== bv) return av - bv
-    }
-    return 0
-  }
-
-  // 命中 globals 时,从 window.<path> 智能抽版本号:
-  // 1) value 本身是版本号字符串
-  // 2) 对象上有 .version / .VERSION 字符串字段
-  // 3) lit-html: window.litHtmlVersions 是数组 ["1.1.2", "2.8.0"],push 进去的版本字符串
-  // 4) 数组里的元素是版本号字符串
-  // 5) 兜底:扫一层自身属性找符合严格 semver(\d+\.\d+\.\d+)的字符串
-  function extractGlobalVersion(globalPath) {
-    try {
-      let value: any = window
-      for (const key of globalPath.split('.')) {
-        if (value == null) return ''
-        value = value[key]
-      }
-      if (value == null) return ''
-      if (typeof value === 'string' && /^\d+\.\d+/.test(value)) return value
-      if (typeof value !== 'object' && typeof value !== 'function') return ''
-      if (Array.isArray(value)) {
-        // 数组元素可能是版本号字符串(lit-html: ["2.8.0"]),也可能是带 .version 字段的对象
-        // (core-js: __core-js_shared__.versions = [{version: "3.46.0", mode: "global"}, ...])
-        const versions = value
-          .map(item => {
-            if (typeof item === 'string') return item
-            if (item && typeof item === 'object' && typeof item.version === 'string') return item.version
-            return ''
-          })
-          .filter(v => typeof v === 'string' && /^\d+\.\d+/.test(v))
-        if (!versions.length) return ''
-        // 按 semver 数字比较,避免 "3.10.0" 字典序 < "3.9.0" 的坑
-        return versions.slice().sort(compareSemver).pop() || ''
       }
-      if (typeof value.version === 'string' && /^\d+\.\d+/.test(value.version)) return value.version
-      if (typeof value.VERSION === 'string' && /^\d+\.\d+/.test(value.VERSION)) return value.VERSION
-      // 兜底:遍历自身属性找 semver 字符串(\d+\.\d+\.\d+)
-      try {
-        for (const key of Object.keys(value)) {
-          const v = value[key]
-          if (typeof v === 'string' && v.length < 20 && /^\d+\.\d+\.\d+$/.test(v)) return v
-        }
-      } catch {
-        // 跨 origin / Proxy 阻止访问属性时静默忽略
-      }
-      return ''
     } catch {
-      return ''
-    }
-  }
-
-  function matchJsonRule(rule, context) {
-    const ruleResourceOnly = rule?.resourceOnly === true
-    const globalName = !ruleResourceOnly && shouldMatchTarget(rule, 'globals') ? (rule.globals || []).find(name => hasGlobal(name)) : null
-    if (globalName) {
-      // 优先看规则上的 versionFrom 显式路径(jQuery.fn.jquery 这种非标准位置),
-      // 否则用通用启发(.version / .VERSION / 数组元素)
-      const version = (rule.versionFrom && extractGlobalVersion(rule.versionFrom)) || extractGlobalVersion(globalName)
-      return { confidence: '高', evidence: `存在 window.${globalName}`, version }
-    }
-
-    const selector =
-      !ruleResourceOnly && shouldMatchTarget(rule, 'selectors')
-        ? (rule.selectors || []).find(selectorText => hasSelector(selectorText))
-        : null
-    if (selector) {
-      // 规则可声明 versionFromAttribute(例如 styled-components 把版本写在 <style data-styled-version="5.2.3">),
-      // 命中后从首个匹配元素抽属性值作为版本号
-      let version = ''
-      if (rule.versionFromAttribute) {
-        try {
-          const el = document.querySelector(selector)
-          const raw = el ? el.getAttribute(rule.versionFromAttribute) : ''
-          if (raw && /^\d+\.\d+/.test(raw)) version = raw
-        } catch {
-          // 选择器异常静默忽略
-        }
-      }
-      return { confidence: '高', evidence: `DOM 匹配 ${selector}`, version }
-    }
-
-    const classPrefix = !ruleResourceOnly
-      ? (rule.classPrefixes || []).find(prefix => context.classes && hasClassPrefix(context.classes, prefix))
-      : null
-    if (classPrefix) {
-      return { confidence: '高', evidence: `存在 ${classPrefix}* 类名` }
-    }
-
-    const className = !ruleResourceOnly ? (rule.classNames || []).find(name => context.classes && context.classes[name] > 0) : null
-    if (className) {
-      return { confidence: '高', evidence: `存在 ${className} 类名` }
-    }
-
-    const cssVariableMatch = ruleResourceOnly ? null : matchCssVariables(rule, context.cssVariables)
-    if (cssVariableMatch) {
-      return cssVariableMatch
-    }
-
-    if (!matchesResourceHints(rule, context.resources?.text || context.text || '')) {
-      return null
-    }
-
-    const lowerResources = context.resources?.text || ''
-    const getLowerHtml = () => {
-      if (context._lowerHtml === undefined) {
-        context._lowerHtml = (context.text || '').toLowerCase()
-      }
-      return context._lowerHtml
-    }
-    if (!passesRulePrefilter(rule, lowerResources, getLowerHtml)) {
-      return null
-    }
-
-    const matchResource = shouldMatchTarget(rule, 'resources')
-    const matchHtml = !ruleResourceOnly && !context.resourceOnly && shouldMatchTarget(rule, 'html')
-    const allResources =
-      Array.isArray(rule.matchIn) && rule.matchIn.includes('url')
-        ? unique([location.href, ...(context.resources?.all || [])])
-        : context.resources?.all || []
-    const htmlText = context.text || ''
-    const formatUrlEvidence = resource =>
-      resource === location.href ? `页面 URL 匹配 ${shortUrl(resource)}` : `资源 URL 匹配 ${shortUrl(resource)}`
-
-    // minPatternMatches=N:要求 N 条 patterns 都至少命中一个资源(组合 heuristic,e.g. shadcn-vue 需要至少 5 个标志性组件 chunk 同时出现才算)
-    // 这种 AND 检测必须绕过 combined optimization(combined 把 patterns OR 在一起,无法计数)
-    const minPatternMatches = Number(rule.minPatternMatches) || 0
-    if (minPatternMatches > 0) {
-      if (!matchResource) return null
-      const patterns = getCompiledRulePatterns(rule)
-      const hits: string[] = []
-      for (const pattern of patterns) {
-        for (const url of allResources) {
-          pattern.lastIndex = 0
-          if (pattern.test(url)) {
-            hits.push(url)
-            break
-          }
-        }
-      }
-      if (hits.length < minPatternMatches) return null
-      return {
-        confidence: rule.confidence || context.resourceConfidence || '中',
-        evidence: `资源 URL 匹配 ${shortUrl(hits[0])} 等 ${hits.length} 个`,
-        version: extractVersionFromUrl(rule, hits[0])
-      }
-    }
-
-    const combined = getCompiledCombinedPattern(rule)
-    if (combined) {
-      if (matchResource) {
-        const resource = allResources.find(url => {
-          combined.lastIndex = 0
-          return combined.test(url)
-        })
-        if (resource) {
-          return {
-            confidence: rule.confidence || context.resourceConfidence || '高',
-            evidence: formatUrlEvidence(resource),
-            version: extractVersionFromUrl(rule, resource)
-          }
-        }
-      }
-      if (matchHtml) {
-        combined.lastIndex = 0
-        if (combined.test(htmlText)) {
-          return { confidence: rule.confidence || '中', evidence: '页面源码或资源索引包含规则特征' }
-        }
-      }
-      return null
-    }
-
-    const patterns = getCompiledRulePatterns(rule)
-    for (const pattern of patterns) {
-      if (matchResource) {
-        const resource = allResources.find(url => {
-          pattern.lastIndex = 0
-          return pattern.test(url)
-        })
-        if (resource) {
-          return {
-            confidence: rule.confidence || context.resourceConfidence || '高',
-            evidence: formatUrlEvidence(resource),
-            version: extractVersionFromUrl(rule, resource)
-          }
-        }
-      }
-      if (matchHtml) {
-        pattern.lastIndex = 0
-        if (pattern.test(htmlText)) {
-          return { confidence: rule.confidence || '中', evidence: '页面源码或资源索引包含规则特征' }
-        }
-      }
-    }
-
-    return null
-  }
-
-  function matchCssVariables(rule, cssVariables) {
-    if (!Array.isArray(rule.cssVariables) || !rule.cssVariables.length || !cssVariables?.names?.length) {
-      return null
-    }
-
-    const normalizedNames = new Set(cssVariables.names.map(name => name.toLowerCase()))
-    const matched = rule.cssVariables.filter(name => normalizedNames.has(String(name).toLowerCase()))
-    const minMatches = Math.max(1, Number(rule.minCssVariableMatches || 1))
-    if (matched.length < minMatches) {
-      return null
-    }
-
-    const preview = matched.slice(0, 6).join(', ')
-    const suffix = matched.length > 6 ? ` 等 ${matched.length} 个` : ''
-    return {
-      confidence: rule.confidence || '高',
-      evidence: `CSS 变量匹配 ${preview}${suffix}`
-    }
-  }
-
-  function matchesResourceHints(rule, text) {
-    if (!Array.isArray(rule.resourceHints) || !rule.resourceHints.length) {
-      return true
-    }
-    const value = String(text || '').toLowerCase()
-    return rule.resourceHints.some(hint => value.includes(String(hint || '').toLowerCase()))
-  }
-
-  function compileRulePattern(pattern, rule) {
-    try {
-      if (rule?.matchType === 'keyword') {
-        return new RegExp(escapeRegExp(pattern), rule?.caseSensitive ? '' : 'i')
-      }
-      return new RegExp(pattern, rule?.caseSensitive ? '' : 'i')
-    } catch {
-      return null
-    }
-  }
-
-  function getCompiledRulePatterns(rule) {
-    if (!rule || typeof rule !== 'object') return []
-    const patterns = rule.patterns || []
-    const cached = ruleRegexCache.get(rule)
-    if (cached && cached.source === patterns) return cached.compiled
-    const compiled = patterns.map(pattern => compileRulePattern(pattern, rule)).filter(Boolean)
-    ruleRegexCache.set(rule, { source: patterns, compiled })
-    return compiled
-  }
-
-  function getCompiledCombinedPattern(rule) {
-    if (!rule || rule.matchType !== 'keyword') return null
-    const patterns = rule.patterns || []
-    if (!patterns.length) return null
-    const cached = ruleCombinedCache.get(rule)
-    if (cached && cached.source === patterns) return cached.compiled
-    let compiled = null
-    if (typeof rule.__keywordCombined === 'string' && rule.__keywordCombined) {
-      try {
-        compiled = new RegExp(rule.__keywordCombined, 'i')
-      } catch {
-        compiled = null
-      }
-    }
-    if (!compiled) {
-      try {
-        const segments = patterns
-          .map(pattern => String(pattern || '').trim())
-          .filter(Boolean)
-          .map(escapeRegExp)
-        if (segments.length) compiled = new RegExp(segments.join('|'), 'i')
-      } catch {
-        compiled = null
-      }
-    }
-    ruleCombinedCache.set(rule, { source: patterns, compiled })
-    return compiled
-  }
-
-  function getRuleAutoHints(rule) {
-    if (!rule || typeof rule !== 'object') return []
-    if (Array.isArray(rule.__hints) && rule.__hints.length) {
-      ruleHintCache.set(rule, rule.__hints)
-      return rule.__hints
-    }
-    const cached = ruleHintCache.get(rule)
-    if (cached) return cached
-    const patterns = rule.patterns || []
-    const isKeyword = rule.matchType === 'keyword'
-    const candidates = []
-    const genericHintParts = new Set([
-      'api',
-      'asset',
-      'assets',
-      'cache',
-      'cdn',
-      'common',
-      'content',
-      'css',
-      'data',
-      'file',
-      'files',
-      'image',
-      'images',
-      'img',
-      'js',
-      'plugin',
-      'plugins',
-      'script',
-      'scripts',
-      'source',
-      'static',
-      'style',
-      'styles',
-      'template',
-      'theme',
-      'themes',
-      'url',
-      'version'
-    ])
-    const normalizeHintCandidate = value =>
-      String(value || '')
-        .toLowerCase()
-        .replace(/\s+/g, ' ')
-        .replace(/^[^a-z0-9\u4e00-\u9fa5]+|[^a-z0-9\u4e00-\u9fa5]+$/g, '')
-        .trim()
-    const getRuleNameTokens = () => {
-      const text = `${rule.name || ''} ${rule.kind || ''}`.toLowerCase()
-      const tokens = text
-        .split(/[^a-z0-9\u4e00-\u9fa5]+/)
-        .map(token => token.trim())
-        .filter(token => token.length >= 3 && !genericHintParts.has(token))
-      if (/discuz/i.test(text)) tokens.push('discuz')
-      if (/phpbb/i.test(text)) tokens.push('phpbb')
-      if (/vbulletin/i.test(text)) tokens.push('vbulletin')
-      if (/xenforo/i.test(text)) tokens.push('xenforo')
-      if (/mediawiki/i.test(text)) tokens.push('mediawiki')
-      if (/typecho/i.test(text)) tokens.push('typecho')
-      return [...new Set(tokens)]
-    }
-    const scoreHintCandidate = (candidate, ruleTokens) => {
-      const parts = candidate.split(/[\/._\-\s:=%]+/).filter(Boolean)
-      const hasRuleToken = ruleTokens.some(token => candidate.includes(token))
-      const genericPartCount = parts.filter(part => genericHintParts.has(part)).length
-      let score = Math.min(candidate.length, 32)
-      if (hasRuleToken) score += 90
-      if (/[_-]/.test(candidate)) score += 14
-      if (/[.]/.test(candidate)) score += 8
-      if (/\d/.test(candidate) && /[a-z]/.test(candidate)) score += 6
-      if (candidate.includes('/')) score += hasRuleToken ? 4 : -8
-      if (parts.length && genericPartCount === parts.length) score -= 80
-      else score -= genericPartCount * 12
-      if (/^(?:content|static|assets|data|source|template|common)(?:[\/:=]|$)/.test(candidate) && !hasRuleToken) score -= 24
-      return score
-    }
-    for (const pattern of patterns) {
-      const text = String(pattern || '')
-      if (!text) continue
-      if (isKeyword) {
-        const lower = normalizeHintCandidate(text)
-        if (lower.length >= 4) candidates.push(lower)
-        continue
-      }
-      for (const segment of text.replace(/\\[bBdDsSwW]/g, ' ').split(/[\\^$.|?*+()[\]{}]/)) {
-        const lowerSeg = normalizeHintCandidate(segment)
-        if (lowerSeg.length >= 4) candidates.push(lowerSeg)
-      }
-    }
-    const ruleTokens = getRuleNameTokens()
-    const unique = [...new Set(candidates)]
-      .sort((a, b) => scoreHintCandidate(b, ruleTokens) - scoreHintCandidate(a, ruleTokens) || b.length - a.length)
-      .slice(0, 5)
-    ruleHintCache.set(rule, unique)
-    return unique
-  }
-
-  function passesRulePrefilter(rule, lowerResources, getLowerHtml) {
-    if (!rule) return true
-    if (Array.isArray(rule.resourceHints) && rule.resourceHints.length) return true
-    const hints = getRuleAutoHints(rule)
-    if (!hints.length) return true
-    for (const hint of hints) {
-      if (lowerResources && lowerResources.includes(hint)) return true
-    }
-    const lowerHtml = typeof getLowerHtml === 'function' ? getLowerHtml() : getLowerHtml || ''
-    if (!lowerHtml) return false
-    for (const hint of hints) {
-      if (lowerHtml.includes(hint)) return true
-    }
-    return false
-  }
-
-  function shouldMatchTarget(rule, target) {
-    if (!Array.isArray(rule.matchIn) || !rule.matchIn.length) {
-      return true
-    }
-    if (target === 'resources') {
-      return rule.matchIn.some(item => ['resources', 'url', 'dynamic'].includes(item))
-    }
-    if (target === 'html') {
-      return rule.matchIn.some(item => ['html', 'body', 'title'].includes(item))
-    }
-    if (target === 'globals') {
-      return rule.matchIn.some(item => ['html', 'body', 'resources', 'dynamic'].includes(item))
-    }
-    if (target === 'selectors') {
-      return rule.matchIn.some(item => ['html', 'body'].includes(item))
-    }
-    return rule.matchIn.includes(target)
-  }
-
-  function escapeRegExp(value) {
-    return String(value).replace(/[.*+?^${}()|[\]\\]/g, '\\$&')
-  }
-
-  function detectAnalytics(add, resources, html, globalKeys, externalRules) {
-    const text = [location.href, resources.text, html].join('\n')
-    detectJsonRuleList(add, externalRules, {
-      defaultCategory: '统计 / 分析',
-      resources,
-      html: '',
-      text,
-      sourceLabel: 'JSON 统计规则',
-      evidencePrefix: rule => (rule.kind ? rule.kind + '：' : '')
-    })
-  }
-
-  function detectSecurityAndProtocol(add) {
-    if (location.protocol === 'https:') {
-      add('安全与协议', 'HTTPS', '高', '当前页面使用 HTTPS')
-    }
-    const csp = document.querySelector("meta[http-equiv='Content-Security-Policy' i]")
-    if (csp) {
-      add('安全与协议', 'Content Security Policy', '中', '页面包含 CSP meta 标签')
-    }
-    detectHttpProtocolVersion(add)
-  }
-
-  function detectHttpProtocolVersion(add) {
-    let entries
-    try {
-      entries = performance.getEntriesByType('resource')
-    } catch {
-      return
-    }
-    if (!entries || !entries.length) return
-    const protocols = new Set()
-    for (const entry of entries) {
-      const protocol = String(entry?.nextHopProtocol || '').toLowerCase()
-      if (protocol) protocols.add(protocol)
-    }
-    // 取一个最具代表性的样本 URL（便于 evidence 显示）
-    const sampleFor = wanted => {
-      for (const entry of entries) {
-        if (String(entry?.nextHopProtocol || '').toLowerCase() === wanted) return entry.name
-      }
-      return ''
-    }
-    if (protocols.has('h3') || protocols.has('h3-29') || protocols.has('h3-Q050')) {
-      add('安全与协议', 'HTTP/3', '高', `资源使用 HTTP/3 协议（如 ${shortUrl(sampleFor('h3'))}）`)
-    }
-    if (protocols.has('h2') || protocols.has('h2c')) {
-      add('安全与协议', 'HTTP/2', '高', `资源使用 HTTP/2 协议（如 ${shortUrl(sampleFor('h2'))}）`)
-    }
-    // 注意：浏览器对 HTTP/1.x 不再单独标，避免噪音
-  }
-
-  function createCollector(target) {
-    return function add(category, name, confidence, evidence, extras) {
-      const tech: any = {
-        category,
-        name,
-        confidence,
-        evidence: evidence ? [String(evidence)] : [],
-        source: '页面扫描'
-      }
-      if (extras && typeof extras.version === 'string' && extras.version) {
-        tech.version = extras.version
-      }
-      if (extras && typeof extras.url === 'string' && extras.url) {
-        tech.url = extras.url
-      }
-      target.push(tech)
-    }
-  }
-
-  function hasGlobal(path) {
-    try {
-      let value = window
-      for (const key of path.split('.')) {
-        if (value == null || !(key in value)) {
-          return false
-        }
-        value = value[key]
-      }
-      return !isDomNamedGlobal(value)
-    } catch {
-      return false
-    }
-  }
-
-  function isDomNamedGlobal(value) {
-    try {
-      return (
-        (typeof Element !== 'undefined' && value instanceof Element) ||
-        (typeof HTMLCollection !== 'undefined' && value instanceof HTMLCollection) ||
-        (typeof NodeList !== 'undefined' && value instanceof NodeList)
-      )
-    } catch {
-      return false
-    }
-  }
-
-  function hasSelector(selector) {
-    try {
-      return Boolean(document.querySelector(selector))
-    } catch {
-      return false
-    }
-  }
-
-  function hasReactDomMarker() {
-    const nodes = [
-      document.getElementById('root'),
-      document.getElementById('__next'),
-      document.body,
-      ...document.querySelectorAll('[id], [class]')
-    ]
-      .filter(Boolean)
-      .slice(0, 800)
-    for (const node of nodes) {
-      try {
-        if (
-          Object.keys(node).some(
-            key => key.startsWith('__reactFiber$') || key.startsWith('__reactProps$') || key.startsWith('_reactRootContainer')
-          )
-        ) {
-          return true
-        }
-      } catch {
-        continue
-      }
-    }
-    return false
-  }
-
-  function hasClassPrefix(classes, prefix) {
-    return Object.keys(classes).some(name => name.startsWith(prefix))
-  }
-
-  function scoreTailwind(classes) {
-    const tokens = Object.keys(classes)
-    let utilityScore = 0
-    let specificScore = 0
-    let bootstrapScore = 0
-    let distinctUtilityCount = 0
-    let count = 0
-    const TAILWIND_PATTERN =
-      /^(?:sm|md|lg|xl|2xl):|^-?(?:m|p|mt|mr|mb|ml|mx|my|pt|pr|pb|pl|px|py)-|^(?:text|bg|border|ring|shadow|rounded|grid|flex|items|justify|gap|space|w|h|min-w|max-w|min-h|max-h)-|^(?:hover|focus|active|disabled|dark):|\[[^\]]+\]/
-    const TAILWIND_SPECIFIC_PATTERN =
-      /^(?:sm|md|lg|xl|2xl|hover|focus|active|disabled|dark):|^\[[^\]]+\]$|^(?:text|bg|border|ring|from|to|via)-(?:slate|gray|zinc|neutral|stone|red|orange|amber|yellow|lime|green|emerald|teal|cyan|sky|blue|indigo|violet|purple|fuchsia|pink|rose)-(?:50|100|200|300|400|500|600|700|800|900|950)$|^(?:grid-cols|grid-rows|gap|space-x|space-y)-\d+$|^(?:w|h|min-w|max-w|min-h|max-h)-(?:screen|full|fit|min|max|\d+\/\d+)$/
-    const BOOTSTRAP_PATTERN =
-      /^(?:container(?:-(?:fluid|sm|md|lg|xl|xxl))?|row|col(?:-\d+|-(?:sm|md|lg|xl|xxl)(?:-\d+)?)?|btn(?:-.+)?|navbar(?:-.+)?|card(?:-.+)?|dropdown(?:-.+)?|modal(?:-.+)?|form(?:-.+)?|input-group(?:-.+)?|table(?:-.+)?|alert(?:-.+)?|badge(?:-.+)?|d-(?:none|inline|inline-block|block|grid|table|flex|inline-flex)|justify-content-.+|align-items-.+|text-(?:center|start|end|left|right|muted|primary|secondary|success|danger|warning|info|light|dark|white|body|black-50|white-50)|(?:m|p)[tblrxy]?-(?:[0-5]|auto)|mdi(?:-.+)?)$/
-    for (const token of tokens) {
-      if (count++ >= 5000) break
-      if (BOOTSTRAP_PATTERN.test(token)) {
-        const c = classes[token]
-        bootstrapScore += c < 3 ? c : 3
-      }
-      if (TAILWIND_PATTERN.test(token)) {
-        const c = classes[token]
-        utilityScore += c < 3 ? c : 3
-        distinctUtilityCount += 1
-        if (TAILWIND_SPECIFIC_PATTERN.test(token)) {
-          specificScore += c < 3 ? c : 3
-        }
-      }
-    }
-    if (specificScore < 3 && bootstrapScore >= 8) {
-      return 0
-    }
-    if (specificScore < 2 && (distinctUtilityCount < 14 || utilityScore < 24)) {
-      return 0
-    }
-    return utilityScore + specificScore * 4
-  }
-
-  function getMetaContent(name) {
-    return document.querySelector(`meta[name='${cssEscape(name)}' i]`)?.content || ''
-  }
-
-  function cssEscape(value) {
-    if (window.CSS?.escape) {
-      return CSS.escape(value)
-    }
-    return String(value).replace(/'/g, "\\'")
-  }
-
-  function summarizeDomains(urls) {
-    const counts = {}
-    for (const raw of urls) {
-      try {
-        const host = new URL(raw, location.href).hostname
-        counts[host] = (counts[host] || 0) + 1
-      } catch {
-        continue
-      }
-    }
-    return Object.entries(counts)
-      .sort((a, b) => b[1] - a[1])
-      .slice(0, 30)
-      .map(([domain, count]) => ({ domain, count }))
-  }
-
-  function unique(items) {
-    return [...new Set(items)]
-  }
-
-  function shortUrl(raw) {
-    try {
-      const url = new URL(raw, location.href)
-      return `${url.hostname}${url.pathname}`.slice(0, 96)
-    } catch {
-      return String(raw).slice(0, 96)
+      // ignore
     }
-  }
+    return result
+  })
 }
 
-const __spRules = (window as any).__SP_RULES__ ?? {}
-;(window as any).__SP_RULES__ = undefined
-const __spStart = performance.now()
-const __spResult = detectPageTechnologies(__spRules).then(result => {
-  try {
-    if (localStorage.getItem('__sp_observer_debug__') === '1') {
-      const __spDuration = performance.now() - __spStart
-      console.log(
-        '[StackPrism page-detector] 耗时',
-        __spDuration.toFixed(1) + 'ms',
-        '| 识别',
-        result?.technologies?.length || 0,
-        '项 |',
-        'resources',
-        result?.resources?.total || 0
-      )
-    }
-  } catch {
-    // ignore
-  }
-  return result
-})
+const __spResult =
+  typeof window !== 'undefined' && typeof document !== 'undefined' ? runDefaultPageDetection() : Promise.resolve(null)
+
 export default __spResult
diff --git a/src/manifest.config.ts b/src/manifest.config.ts
index 4e1deb86..ee4c42c4 100644
--- a/src/manifest.config.ts
+++ b/src/manifest.config.ts
@@ -7,7 +7,7 @@ export default defineManifest({
   description: 'StackPrism 用于检测网页前端、后端、CDN、SaaS、广告营销、统计、登录、支付、网站程序和主题模板线索。',
   version: pkg.version,
   permissions: ['activeTab', 'scripting', 'tabs', 'storage', 'webRequest', 'webNavigation'],
-  host_permissions: ['<all_urls>'],
+  host_permissions: ['<all_urls>', 'http://*/*', 'https://*/*', 'http://127.0.0.1/*'],
   background: {
     service_worker: 'src/background/index.ts',
     type: 'module'
@@ -23,6 +23,11 @@ export default defineManifest({
       matches: ['http://*/*', 'https://*/*'],
       js: ['src/content/content-observer.ts'],
       run_at: 'document_idle'
+    },
+    {
+      matches: ['http://127.0.0.1/*'],
+      js: ['src/content/agent-bridge-client.ts'],
+      run_at: 'document_idle'
     }
   ],
   action: {
diff --git a/src/types/agent-bridge.ts b/src/types/agent-bridge.ts
new file mode 100644
index 00000000..11418809
--- /dev/null
+++ b/src/types/agent-bridge.ts
@@ -0,0 +1,345 @@
+export const bridgeProtocolVersion = 1 as const
+export const SITE_EXPERIENCE_PROFILE_SCHEMA = 'stackprism.site_experience_profile.v1' as const
+export const AGENT_PROFILE_TRANSFER_PORT = 'stackprism-agent-profile-transfer' as const
+
+export const REQUIRED_AGENT_BRIDGE_CAPABILITIES = [
+  'agentBridge',
+  'siteExperienceProfileV1',
+  'profileChunkTransport',
+  'bridgeContentPost',
+  'storageSession',
+  'experienceProfiler'
+] as const
+
+export const AGENT_BRIDGE_CAPABILITIES = [...REQUIRED_AGENT_BRIDGE_CAPABILITIES, 'rawProfile', 'viewportMetadata', 'visualScreenshot'] as const
+
+export type AgentBridgeCapability = (typeof AGENT_BRIDGE_CAPABILITIES)[number]
+
+export type AgentBridgeCapabilities = Record<AgentBridgeCapability, boolean>
+
+export const AGENT_BRIDGE_ERROR_CODES = [
+  'NOT_FOUND',
+  'METHOD_NOT_ALLOWED',
+  'UNAUTHORIZED',
+  'FORBIDDEN',
+  'ORIGIN_NOT_ALLOWED',
+  'UNSUPPORTED_MEDIA_TYPE',
+  'UNSUPPORTED_TRANSFER_ENCODING',
+  'INVALID_JSON',
+  'INVALID_REQUEST',
+  'REQUEST_TOO_LARGE',
+  'REQUEST_TIMEOUT',
+  'SERVER_BUSY',
+  'STALE_STATUS_UPDATE',
+  'PORT_IN_USE',
+  'BRIDGE_INVALID_ENV',
+  'BRIDGE_START_FAILED',
+  'BRIDGE_START_TIMEOUT',
+  'BRIDGE_READY_PARSE_FAILED',
+  'BRIDGE_PROTOCOL_UNSUPPORTED',
+  'BRIDGE_PAGE_RENDER_FAILED',
+  'BRIDGE_REQUEST_TIMEOUT',
+  'BRIDGE_REQUEST_MISMATCH',
+  'AGENT_BRIDGE_DISABLED',
+  'CAPTURE_BUSY',
+  'CAPTURE_TIMEOUT',
+  'EXTENSION_NOT_CONNECTED',
+  'BROWSER_OPEN_FAILED',
+  'BRIDGE_TOKEN_CANNOT_READ_PROFILE',
+  'PRIVATE_NETWORK_TARGET_BLOCKED',
+  'TARGET_DNS_LOOKUP_FAILED',
+  'BRIDGE_SELF_TARGET_BLOCKED',
+  'FINAL_URL_BLOCKED',
+  'ACTIVE_TAB_UNAVAILABLE',
+  'ACTIVE_TAB_MISMATCH',
+  'INCOGNITO_NOT_SUPPORTED',
+  'TARGET_LOAD_TIMEOUT',
+  'TARGET_LOAD_FAILED',
+  'TARGET_INJECTION_FAILED',
+  'TARGET_TAB_CLOSED',
+  'BRIDGE_TAB_CLOSED',
+  'TARGET_NAVIGATED_AWAY',
+  'SERVICE_WORKER_RESTARTED',
+  'BRIDGE_TRANSPORT_DISCONNECTED',
+  'PROFILE_TRANSPORT_FAILED',
+  'PROFILE_CHUNK_MISSING',
+  'PROFILE_HASH_MISMATCH',
+  'PROFILE_TOO_LARGE',
+  'RATE_LIMITED',
+  'NONCE_REUSED',
+  'CAPTURE_ALREADY_COMPLETED',
+  'CAPTURE_RESULT_EXPIRED',
+  'NOT_SUPPORTED'
+] as const
+
+export type AgentBridgeErrorCode = (typeof AGENT_BRIDGE_ERROR_CODES)[number]
+
+export interface AgentBridgeError {
+  code: AgentBridgeErrorCode
+  message: string
+  details?: Record<string, unknown>
+}
+
+export const protocolIdentifierSpecs = {
+  apiToken: /^spb_[A-Za-z0-9_-]{43}$/,
+  bridgeToken: /^spbt_[A-Za-z0-9_-]{43}$/,
+  captureId: /^cap_[A-Za-z0-9_-]{22}$/,
+  sessionId: /^s_[A-Za-z0-9_-]{22}$/,
+  nonce: /^n_[A-Za-z0-9_-]{22}$/,
+  profileTransferId: /^xfer_[A-Za-z0-9_-]{22}$/,
+  cspNonce: /^[A-Za-z0-9_-]{22}$/
+} as const
+
+export type ProtocolIdentifierKind = keyof typeof protocolIdentifierSpecs
+
+export const validateProtocolIdentifier = (kind: ProtocolIdentifierKind | string, value: unknown): boolean => {
+  const spec = protocolIdentifierSpecs[kind as ProtocolIdentifierKind]
+  return typeof value === 'string' && Boolean(spec?.test(value))
+}
+
+export type AgentCaptureStatus =
+  | 'queued'
+  | 'waiting_extension'
+  | 'running'
+  | 'cancel_requested'
+  | 'cancelled'
+  | 'completed'
+  | 'failed'
+  | 'expired'
+
+export type AgentCapturePhase =
+  | 'bridge_connected'
+  | 'request_loaded'
+  | 'target_opening'
+  | 'target_loaded'
+  | 'detecting_tech'
+  | 'profiling_experience'
+  | 'posting_profile'
+  | 'cleanup'
+
+export type AgentCaptureInclude = 'tech' | 'visual' | 'layout' | 'components' | 'interaction' | 'ux' | 'assets'
+export type AgentCaptureMode = 'experience'
+export type AgentCaptureTargetMode = 'reuse_or_new_tab' | 'new_tab' | 'active_tab'
+
+export interface AgentCaptureViewport {
+  name?: string
+  width: number
+  height: number
+  deviceScaleFactor: number
+}
+
+export interface AgentCaptureOptions {
+  forceRefresh: boolean
+  captureScreenshotMetadata: boolean
+  captureScreenshot?: boolean
+  keepTabOpen: boolean
+  allowPrivateNetworkTarget: boolean
+  targetMode: AgentCaptureTargetMode
+  maxResourceUrls: number
+}
+
+export interface AgentCaptureScreenshot {
+  dataUrl: string
+  mimeType: 'image/jpeg'
+  byteLength: number
+  source: 'chrome.tabs.captureVisibleTab'
+  scope: 'visible_viewport'
+  capturedAt: string
+}
+
+export interface AgentProfileScreenshotReference {
+  downloadUrl: string
+  downloadMethod: 'GET' | 'file'
+  localPath?: string
+  mimeType: 'image/jpeg' | 'image/png' | 'image/webp'
+  byteLength: number
+  source: 'chrome.tabs.captureVisibleTab'
+  scope: 'visible_viewport'
+  capturedAt: string
+  lifecycle: {
+    requiresLocalBridge: boolean
+    availableUntil: string
+    note: string
+  }
+  profileJsonNote: string
+  note: string
+}
+
+export interface AgentCaptureRequest {
+  url: string
+  mode: AgentCaptureMode
+  waitMs: number
+  include: AgentCaptureInclude[]
+  viewports: AgentCaptureViewport[]
+  options: AgentCaptureOptions
+  protocolVersion: typeof bridgeProtocolVersion
+}
+
+export interface AgentCaptureStatusPayload {
+  captureId: string
+  sessionId: string
+  nonce: string
+  protocolVersion: typeof bridgeProtocolVersion
+  status: AgentCaptureStatus
+  phase?: AgentCapturePhase
+  sequence?: number
+  finalUrl?: string
+  targetNetworkAddress?: string
+  targetNetworkFromCache?: boolean
+  error?: AgentBridgeError
+}
+
+export interface SiteExperienceProfile {
+  schema: typeof SITE_EXPERIENCE_PROFILE_SCHEMA
+  captureId: string
+  generatedAt: string
+  target: Record<string, unknown>
+  browserContext: {
+    extensionCapabilities: AgentBridgeCapabilities
+    [key: string]: unknown
+  }
+  techProfile: Record<string, unknown>
+  visualProfile: Record<string, unknown>
+  layoutProfile: Record<string, unknown>
+  componentProfile: Record<string, unknown>
+  interactionProfile: Record<string, unknown>
+  uxProfile: Record<string, unknown>
+  assetProfile: Record<string, unknown>
+  evidence: Record<string, unknown>
+  limitations: string[]
+  agentGuidance: Record<string, unknown>
+}
+
+export const START_AGENT_CAPTURE_MESSAGE_FIELDS = [
+  'type',
+  'captureId',
+  'sessionId',
+  'nonce',
+  'bridgeOrigin',
+  'request',
+  'capabilities'
+] as const
+export const PROFILE_TRANSFER_BEGIN_FIELDS = [
+  'type',
+  'captureId',
+  'sessionId',
+  'nonce',
+  'profileTransferId',
+  'chunkCount',
+  'byteLength',
+  'sha256'
+] as const
+export const PROFILE_TRANSFER_CHUNK_FIELDS = [
+  'type',
+  'captureId',
+  'sessionId',
+  'nonce',
+  'profileTransferId',
+  'chunkIndex',
+  'chunkCount',
+  'chunkByteLength',
+  'payloadBase64'
+] as const
+export const PROFILE_TRANSFER_COMPLETE_FIELDS = [
+  'type',
+  'captureId',
+  'sessionId',
+  'nonce',
+  'profileTransferId',
+  'byteLength',
+  'sha256'
+] as const
+
+export interface AgentBridgeHelloMessage {
+  type: 'AGENT_BRIDGE_HELLO'
+  captureId: string
+  sessionId: string
+  nonce: string
+  protocolVersion: typeof bridgeProtocolVersion
+}
+
+export interface StartAgentCaptureMessage {
+  type: 'START_AGENT_CAPTURE'
+  captureId: string
+  sessionId: string
+  nonce: string
+  bridgeOrigin: string
+  request: AgentCaptureRequest
+  capabilities: AgentBridgeCapabilities
+}
+
+export interface AgentCaptureStatusMessage {
+  type: 'AGENT_CAPTURE_STATUS'
+  payload: AgentCaptureStatusPayload
+}
+
+export interface AgentCaptureControlMessage {
+  type: 'AGENT_CAPTURE_CONTROL'
+  captureId: string
+  sessionId: string
+  nonce: string
+  command: 'continue' | 'cancel'
+}
+
+export interface AgentProfileTransferBeginMessage {
+  type: 'AGENT_PROFILE_TRANSFER_BEGIN'
+  captureId: string
+  sessionId: string
+  nonce: string
+  profileTransferId: string
+  chunkCount: number
+  byteLength: number
+  sha256: string
+}
+
+export interface AgentProfileTransferChunkMessage {
+  type: 'AGENT_PROFILE_TRANSFER_CHUNK'
+  captureId: string
+  sessionId: string
+  nonce: string
+  profileTransferId: string
+  chunkIndex: number
+  chunkCount: number
+  chunkByteLength: number
+  payloadBase64: string
+}
+
+export interface AgentProfileTransferCompleteMessage {
+  type: 'AGENT_PROFILE_TRANSFER_COMPLETE'
+  captureId: string
+  sessionId: string
+  nonce: string
+  profileTransferId: string
+  byteLength: number
+  sha256: string
+}
+
+export interface AgentProfileTransferAckMessage {
+  type: 'AGENT_PROFILE_TRANSFER_ACK'
+  captureId: string
+  sessionId: string
+  nonce: string
+  profileTransferId: string
+  chunkIndex?: number
+  ok: boolean
+  error?: AgentBridgeError
+}
+
+export interface AgentProfileTransferPortHelloMessage {
+  type: 'AGENT_PROFILE_TRANSFER_PORT_HELLO'
+  captureId: string
+  sessionId: string
+  nonce: string
+  protocolVersion: typeof bridgeProtocolVersion
+}
+
+export type AgentBridgeRuntimeMessage =
+  | AgentBridgeHelloMessage
+  | StartAgentCaptureMessage
+  | AgentCaptureStatusMessage
+  | AgentCaptureControlMessage
+  | AgentProfileTransferBeginMessage
+  | AgentProfileTransferChunkMessage
+  | AgentProfileTransferCompleteMessage
+  | AgentProfileTransferAckMessage
+  | AgentProfileTransferPortHelloMessage
diff --git a/src/types/messages.ts b/src/types/messages.ts
index a754ca66..15d21ecf 100644
--- a/src/types/messages.ts
+++ b/src/types/messages.ts
@@ -1,5 +1,6 @@
 import type { DynamicSnapshot, PageDetectionResult } from './rules'
 import type { HeaderRecord, PopupRawResult, PopupResult } from './popup'
+import type { AgentBridgeCapabilities, AgentBridgeRuntimeMessage, AgentCaptureStatusPayload, AgentBridgeError } from './agent-bridge'
 
 export type Message =
   | { type: 'GET_HEADER_DATA'; tabId: number }
@@ -10,6 +11,7 @@ export type Message =
   | { type: 'GET_WORDPRESS_THEME_DETAILS'; page: PageDetectionResult }
   | { type: 'DYNAMIC_PAGE_SNAPSHOT'; snapshot: DynamicSnapshot }
   | { type: 'PAGE_DETECTION_RESULT'; tabId: number; page: PageDetectionResult }
+  | AgentBridgeRuntimeMessage
 
 export type MessageType = Message['type']
 
@@ -34,6 +36,15 @@ export type ResponsePayloadMap = {
   GET_WORDPRESS_THEME_DETAILS: Ok<{ technologies: PageDetectionResult['technologies'] }> | Err
   DYNAMIC_PAGE_SNAPSHOT: Ok<null> | Err
   PAGE_DETECTION_RESULT: Ok<null> | Err
+  AGENT_BRIDGE_HELLO: Ok<{ extensionVersion: string; protocolVersion: 1; capabilities: AgentBridgeCapabilities }> | Err
+  START_AGENT_CAPTURE: Ok<null> | Err
+  AGENT_CAPTURE_STATUS: Ok<null> | Err
+  AGENT_CAPTURE_CONTROL: Ok<null> | Err
+  AGENT_PROFILE_TRANSFER_BEGIN: Ok<null> | Err
+  AGENT_PROFILE_TRANSFER_CHUNK: Ok<null> | Err
+  AGENT_PROFILE_TRANSFER_COMPLETE: Ok<null> | Err
+  AGENT_PROFILE_TRANSFER_ACK: Ok<{ status?: AgentCaptureStatusPayload; error?: AgentBridgeError }> | Err
+  AGENT_PROFILE_TRANSFER_PORT_HELLO: Ok<null> | Err
 }
 
-export type ResponseFor<T extends MessageType> = ResponsePayloadMap[T]
+export type ResponseFor<T extends MessageType> = T extends keyof ResponsePayloadMap ? ResponsePayloadMap[T] : Err
diff --git a/src/types/settings.ts b/src/types/settings.ts
index b7070ceb..150f5fef 100644
--- a/src/types/settings.ts
+++ b/src/types/settings.ts
@@ -20,6 +20,8 @@ export interface DetectorSettings {
   disabledTechnologies: string[]
   customRules: CustomRule[]
   customCss: string
+  agentBridgeEnabled: boolean
+  agentBridgeAllowAllNetworkTargets: boolean
 }
 
 export const ALLOWED_CONFIDENCES: readonly Confidence[] = ['高', '中', '低']
@@ -44,5 +46,7 @@ export const DEFAULT_SETTINGS: DetectorSettings = {
   disabledCategories: [],
   disabledTechnologies: [],
   customRules: [],
-  customCss: ''
+  customCss: '',
+  agentBridgeEnabled: false,
+  agentBridgeAllowAllNetworkTargets: false
 }
diff --git a/src/ui/help/Help.vue b/src/ui/help/Help.vue
index 59e9d30b..cc4a6e51 100644
--- a/src/ui/help/Help.vue
+++ b/src/ui/help/Help.vue
@@ -31,6 +31,20 @@
       <p>你添加规则，就是告诉插件："以后看到这个字、这个网址、这个标签，就显示我指定的技术名称"。</p>
     </section>
 
+    <section class="panel">
+      <h2>Agent Bridge 是什么</h2>
+      <p>
+        它让本机 AI Agent 通过
+        <code>127.0.0.1</code>
+        读取当前浏览器 profile 里可观测的技术栈、页面结构、截图和体验摘要，用来复刻相似的网站体验。
+      </p>
+      <ul class="plain-list">
+        <li>默认关闭，只在当前浏览器 profile 手动开启。</li>
+        <li>只读采集，不读取 Cookie、Authorization、localStorage/sessionStorage 明文。</li>
+        <li>网络限制默认收紧；放开所有网络目标会要求二次确认。</li>
+      </ul>
+    </section>
+
     <section class="panel">
       <h2>最快上手：五步添加一条规则</h2>
       <ol class="steps">
@@ -366,6 +380,12 @@ examplepay-sdk</pre
     line-height: 1.65;
     padding-top: 132px;
   }
+
+  @media (max-width: 760px) {
+    body {
+      padding-top: 0;
+    }
+  }
 </style>
 
 <style lang="scss" scoped>
@@ -466,7 +486,7 @@ examplepay-sdk</pre
     font-size: 24px;
     font-weight: 600;
     gap: 10px;
-    letter-spacing: -0.01em;
+    letter-spacing: 0;
     line-height: 1.2;
     margin-bottom: 8px;
   }
@@ -475,7 +495,7 @@ examplepay-sdk</pre
     color: var(--text);
     font-size: 16px;
     font-weight: 600;
-    letter-spacing: -0.005em;
+    letter-spacing: 0;
     margin-bottom: 12px;
   }
 
@@ -613,6 +633,10 @@ examplepay-sdk</pre
   }
 
   @media (max-width: 760px) {
+    .help-header {
+      position: static;
+    }
+
     .help-shell {
       padding: 16px 16px 48px;
     }
diff --git a/src/ui/popup/Popup.vue b/src/ui/popup/Popup.vue
index 70726370..8c6e533b 100644
--- a/src/ui/popup/Popup.vue
+++ b/src/ui/popup/Popup.vue
@@ -5,6 +5,16 @@
         <h1>
           <a class="app-title-link" :href="REPOSITORY_URL" target="_blank" rel="noreferrer" @click="openRepository">栈棱镜</a>
           <span v-if="version" class="version-badge">v{{ version }}</span>
+          <span
+            v-if="agentBridgeEnabled"
+            class="agent-bridge-badge"
+            :class="{ warning: state.settings.agentBridgeAllowAllNetworkTargets }"
+            :title="agentBridgeBadgeTitle"
+            :aria-label="agentBridgeBadgeTitle"
+          >
+            <Bot :size="12" :stroke-width="2.2" />
+            <span>{{ agentBridgeBadgeLabel }}</span>
+          </span>
         </h1>
         <p class="url">{{ pageUrl }}</p>
       </div>
@@ -20,7 +30,7 @@
         <RippleButton class="icon-btn" title="复制当前页 URL" @click="copyResult">
           <Copy :size="16" :stroke-width="2" />
         </RippleButton>
-        <RippleButton class="icon-btn primary" variant="primary" title="重新检测" @click="runDetection({ force: true })">
+        <RippleButton class="icon-btn refresh-btn" title="重新检测" @click="runDetection({ force: true })">
           <RefreshCw :size="16" :stroke-width="2" />
         </RippleButton>
       </div>
@@ -301,6 +311,7 @@
   import {
     ArrowUp,
     Ban,
+    Bot,
     ClipboardList,
     Copy,
     Download,
@@ -325,7 +336,7 @@
   import TechChip from '@/ui/components/TechChip.vue'
   import { categoryIndex, confidenceClass, confidenceRank } from '@/utils/category-order'
   import { applyCustomCss } from '@/utils/apply-custom-css'
-  import { normalizeSettings } from '@/utils/normalize-settings'
+  import { normalizeSettings, normalizeSettingsWithLocalOptIn } from '@/utils/normalize-settings'
   import { buildCorrectionIssueUrl } from '@/utils/build-issue-url'
   import {
     CACHE_REFRESH_DELAYS,
@@ -382,7 +393,7 @@
     if (footerPanel.value !== 'raw') return ''
     const ctx = rawSourceContext.value
     if (!ctx) return '原始线索'
-    return `原始线索 · ${ctx.tech?.name || ''} · ${ctx.source}`
+    return `原始线索 - ${ctx.tech?.name || ''} - ${ctx.source}`
   })
 
   const footerPanelTitle = computed(() => {
@@ -534,6 +545,11 @@
   const animatedTotal = useAnimatedCounter(totalCount)
   const animatedResource = useAnimatedCounter(resourceCount)
   const animatedHeader = useAnimatedCounter(headerCount)
+  const agentBridgeEnabled = computed(() => state.settings.agentBridgeEnabled === true)
+  const agentBridgeBadgeLabel = computed(() => (state.settings.agentBridgeAllowAllNetworkTargets ? '网络放开' : 'Bridge 开启'))
+  const agentBridgeBadgeTitle = computed(() =>
+    state.settings.agentBridgeAllowAllNetworkTargets ? 'Agent Bridge 已开启，所有网络目标已放开' : 'Agent Bridge 已开启'
+  )
 
   const focusCount = computed(() => {
     if (!state.result?.technologies?.length) return 0
@@ -559,7 +575,7 @@
   })
 
   const categoryFilterOptions = computed(() =>
-    tabItems.value.map(item => ({ value: item.category, label: `${item.category} · ${item.count}` }))
+    tabItems.value.map(item => ({ value: item.category, label: `${item.category} - ${item.count}` }))
   )
 
   const categoryFilterValue = computed({
@@ -607,8 +623,11 @@
 
   const loadSettings = async () => {
     try {
-      const stored = await chrome.storage.sync.get(SETTINGS_STORAGE_KEY)
-      return normalizeSettings(stored[SETTINGS_STORAGE_KEY])
+      const [stored, local] = await Promise.all([
+        chrome.storage.sync.get(SETTINGS_STORAGE_KEY).catch(() => ({}) as Record<string, unknown>),
+        chrome.storage.local.get(SETTINGS_STORAGE_KEY).catch(() => ({}) as Record<string, unknown>)
+      ])
+      return normalizeSettingsWithLocalOptIn(stored[SETTINGS_STORAGE_KEY], local[SETTINGS_STORAGE_KEY])
     } catch {
       return normalizeSettings()
     }
@@ -942,8 +961,8 @@
     const techName = String(tech?.name || '').toLowerCase()
     const matchTech = (item: any) => String(item?.name || '').toLowerCase() === techName
     const trimmed = String(source || '').trim()
-    const isHeaderApi = /·\s*api/i.test(trimmed)
-    const isHeaderFrame = /·\s*iframe/i.test(trimmed)
+    const isHeaderApi = /(?:-|\u00b7)\s*api/i.test(trimmed)
+    const isHeaderFrame = /(?:-|\u00b7)\s*iframe/i.test(trimmed)
     const isDynamic = trimmed.startsWith('动态监控')
     const isBundle = trimmed.startsWith('JS 版权注释')
     const isHeader = !isHeaderApi && !isHeaderFrame && trimmed.startsWith('响应头')
@@ -1151,6 +1170,14 @@
   }
 
   const onStorageChange = (changes: { [key: string]: chrome.storage.StorageChange }, area: string) => {
+    if ((area === 'sync' || area === 'local') && SETTINGS_STORAGE_KEY in changes) {
+      loadSettings()
+        .then(settings => {
+          state.settings = settings
+          applyCustomCss(settings.customCss)
+        })
+        .catch(() => {})
+    }
     if (area !== 'session' || !state.currentTabId) return
     const popupKey = `popup:${state.currentTabId}`
     if (!(popupKey in changes)) return
@@ -1225,7 +1252,7 @@
     font-size: 16px;
     font-weight: 600;
     gap: 8px;
-    letter-spacing: -0.01em;
+    letter-spacing: 0;
     line-height: 1.2;
     margin: 0 0 4px;
   }
@@ -1247,7 +1274,39 @@
     color: var(--muted);
     font-size: 11px;
     font-weight: 500;
-    letter-spacing: 0.02em;
+    letter-spacing: 0;
+  }
+
+  .agent-bridge-badge {
+    align-items: center;
+    background: rgba(15, 118, 110, 0.1);
+    border: 1px solid rgba(15, 118, 110, 0.28);
+    border-radius: 999px;
+    color: var(--accent);
+    display: inline-flex;
+    flex: 0 0 auto;
+    font-size: 11px;
+    font-weight: 700;
+    gap: 4px;
+    height: 22px;
+    line-height: 1;
+    padding: 0 8px;
+
+    &.warning {
+      background: #fff7ed;
+      border-color: rgba(180, 83, 9, 0.28);
+      color: #9a3412;
+    }
+  }
+
+  :global(:root[data-theme='dark']) .agent-bridge-badge.warning {
+    color: #fbbf24;
+  }
+
+  @media (prefers-color-scheme: dark) {
+    :global(:root:not([data-theme='light'])) .agent-bridge-badge.warning {
+      color: #fbbf24;
+    }
   }
 
   .url {
@@ -1268,13 +1327,14 @@
 
     button {
       background: transparent;
-      border: 0;
+      border: 1px solid transparent;
       border-radius: 5px;
       color: var(--muted);
       font-size: 12px;
-      padding: 5px 8px;
+      padding: 4px 7px;
       transition:
         background 0.15s ease,
+        border-color 0.15s ease,
         color 0.15s ease;
       white-space: nowrap;
 
@@ -1283,8 +1343,22 @@
         color: var(--accent);
       }
 
+      &.refresh-btn {
+        background: rgba(15, 118, 110, 0.08);
+        border-color: rgba(15, 118, 110, 0.2);
+        color: var(--accent);
+        font-weight: 600;
+
+        &:hover {
+          background: var(--accent-soft);
+          border-color: rgba(15, 118, 110, 0.34);
+          color: var(--accent);
+        }
+      }
+
       &.primary {
         background: var(--accent);
+        border-color: var(--accent);
         color: #ffffff;
         font-weight: 500;
 
@@ -1349,67 +1423,70 @@
       transform 0.2s ease;
   }
 
-  // summary：主指标加重，去三盒子，inline baseline 对齐
+  // summary：三个入口保持同一组控件感，active 只做轻量强调
   .summary {
-    align-items: baseline;
+    align-items: center;
     border-bottom: 1px solid var(--line);
     display: flex;
     flex-shrink: 0;
-    gap: 20px;
+    gap: 6px;
     margin: 0;
-    padding: 14px 16px;
+    padding: 12px 16px;
 
     > div,
     .summary-tile {
-      align-items: baseline;
-      background: transparent;
-      border: 0;
-      color: inherit;
-      cursor: default;
+      align-items: center;
+      background: var(--panel);
+      border: 1px solid var(--line);
+      border-radius: 7px;
+      color: var(--muted);
+      cursor: pointer;
       display: flex;
       font: inherit;
       gap: 6px;
       margin: 0;
-      padding: 0;
+      min-height: 34px;
+      padding: 5px 9px;
       text-align: left;
+      transition:
+        background 0.15s ease,
+        border-color 0.15s ease,
+        color 0.15s ease;
     }
 
     span {
       color: var(--text);
-      font-size: 16px;
+      font-size: 17px;
       font-variant-numeric: tabular-nums;
       font-weight: 600;
+      line-height: 1;
     }
 
     > div:first-child span,
     .summary-tile:first-child span {
       color: var(--accent);
-      font-size: 24px;
+      font-size: 18px;
       font-weight: 700;
-      letter-spacing: -0.02em;
+      letter-spacing: 0;
     }
 
     label {
       color: var(--muted);
       font-size: 12px;
+      line-height: 1.1;
     }
   }
 
   .summary-tile {
-    border-radius: 4px;
-    cursor: pointer;
-    margin: -2px -6px;
-    padding: 2px 6px;
-    transition:
-      background 0.15s ease,
-      color 0.15s ease;
-
     &:hover {
       background: var(--accent-soft);
+      border-color: rgba(15, 118, 110, 0.2);
     }
 
     &.active {
       background: var(--accent-soft);
+      border-color: rgba(15, 118, 110, 0.28);
+      box-shadow: inset 0 0 0 1px rgba(15, 118, 110, 0.08);
       color: var(--accent);
 
       span {
@@ -1424,7 +1501,7 @@
     gap: 4px;
   }
 
-  // filter-bar：左侧 segment + 右侧分类下拉
+  // filter-bar: left segment + right category select
   .filter-bar {
     align-items: center;
     border-bottom: 1px solid var(--line);
@@ -1439,8 +1516,10 @@
     background: var(--bg);
     border: 1px solid var(--line);
     border-radius: 6px;
+    align-items: center;
     display: inline-flex;
     flex: 0 0 auto;
+    min-height: 34px;
     padding: 2px;
   }
 
@@ -1454,7 +1533,8 @@
     display: inline-flex;
     font-size: 12px;
     gap: 6px;
-    padding: 4px 10px;
+    min-height: 28px;
+    padding: 5px 10px;
     transition:
       background 0.15s ease,
       color 0.15s ease;
@@ -1559,7 +1639,7 @@
     transform: scale(0.8) translateY(8px);
   }
 
-  // sections 切换淡入，从无→有数据 / 切分类时整体过渡
+  // sections transition for first data load and category switches
   .sections-fade-enter-active,
   .sections-fade-leave-active {
     transition:
@@ -1624,26 +1704,30 @@
   // 单个技术 chip:色块图标 + 名字
   .tech-row {
     align-items: center;
-    background: transparent;
-    border: 0;
+    background: var(--panel);
+    border: 1px solid transparent;
     border-radius: 5px;
     color: var(--text);
     cursor: pointer;
     display: inline-flex;
     font: inherit;
     gap: 6px;
+    min-height: 28px;
     padding: 4px 8px;
     text-align: left;
-    transition: background 0.15s ease;
+    transition:
+      background 0.15s ease,
+      border-color 0.15s ease;
 
     &:hover {
       background: var(--accent-soft);
+      border-color: rgba(15, 118, 110, 0.18);
     }
 
     &:focus-visible {
       background: var(--accent-soft);
-      outline: 2px solid var(--accent);
-      outline-offset: -2px;
+      border-color: var(--accent);
+      outline: none;
     }
   }
 
@@ -1865,7 +1949,7 @@
       color: var(--text);
       font-size: 15px;
       font-weight: 600;
-      letter-spacing: -0.01em;
+      letter-spacing: 0;
       margin: 0 0 6px;
       text-transform: none;
     }
@@ -1886,7 +1970,7 @@
     opacity: 0.75;
   }
 
-  // footer：toolbar 风格，左侧两个工具按钮 + 右侧 GitHub
+  // footer: toolbar layout, action buttons on the left and GitHub on the right
   .app-footer {
     align-items: center;
     backdrop-filter: saturate(180%) blur(8px);
diff --git a/src/ui/settings/Settings.vue b/src/ui/settings/Settings.vue
index d38e4cca..45975282 100644
--- a/src/ui/settings/Settings.vue
+++ b/src/ui/settings/Settings.vue
@@ -34,7 +34,7 @@
       </div>
     </div>
   </header>
-  <main class="settings-shell">
+  <main ref="settingsShell" class="settings-shell" tabindex="-1">
     <div v-if="status.message" class="msg" :class="status.type" role="status" aria-live="polite">{{ status.message }}</div>
 
     <section class="panel">
@@ -53,13 +53,81 @@
       </div>
     </section>
 
+    <section
+      class="panel agent-bridge-panel"
+      :class="{
+        'is-enabled': savedAgentBridgeEnabled,
+        'has-pending-change': hasPendingAgentBridgeChange,
+        'has-network-override': state.settings.agentBridgeAllowAllNetworkTargets
+      }"
+    >
+      <div class="agent-bridge-main">
+        <div class="agent-bridge-title">
+          <span class="agent-bridge-mark">
+            <Bot :size="22" :stroke-width="2" />
+          </span>
+          <div>
+            <div class="agent-bridge-kicker">本机通道</div>
+            <h2 class="agent-bridge-heading">Agent Bridge</h2>
+            <p>只读采集目标页面的技术栈、视觉结构与体验摘要，供本机 Agent 使用。</p>
+          </div>
+        </div>
+        <span
+          class="agent-bridge-state"
+          :class="{
+            active: savedAgentBridgeEnabled,
+            pending: hasPendingAgentBridgeChange,
+            warning: state.settings.agentBridgeAllowAllNetworkTargets
+          }"
+        >
+          {{ agentBridgeStateLabel }}
+        </span>
+      </div>
+      <div class="agent-bridge-control">
+        <div class="agent-bridge-toggle-stack">
+          <label class="agent-bridge-toggle">
+            <Checkbox v-model="state.settings.agentBridgeEnabled" />
+            <span>
+              <strong>允许本机访问</strong>
+              <small>{{ agentBridgeToggleHint }}</small>
+            </span>
+          </label>
+          <label class="agent-bridge-toggle agent-bridge-network-toggle">
+            <Checkbox v-model="state.settings.agentBridgeAllowAllNetworkTargets" :disabled="!state.settings.agentBridgeEnabled" />
+            <span>
+              <strong>允许所有网络目标</strong>
+              <small>{{ agentBridgeNetworkOverrideHint }}</small>
+            </span>
+          </label>
+        </div>
+        <div class="agent-bridge-facts" aria-label="Agent Bridge 边界">
+          <span>
+            <ShieldCheck :size="13" :stroke-width="2" />
+            手动开启
+          </span>
+          <span :class="{ warning: state.settings.agentBridgeAllowAllNetworkTargets }">
+            <Network :size="13" :stroke-width="2" />
+            {{ state.settings.agentBridgeAllowAllNetworkTargets ? '网络放开' : '网络受限' }}
+          </span>
+          <span>
+            <Server :size="13" :stroke-width="2" />
+            127.0.0.1
+          </span>
+          <span>
+            <Monitor :size="13" :stroke-width="2" />
+            当前 profile
+          </span>
+        </div>
+      </div>
+    </section>
+
     <section class="panel two-column">
-      <div>
+      <div class="settings-fieldset">
         <h2>禁用指定技术</h2>
         <p class="hint">每行一个技术名称。名称匹配后不会在结果里显示。</p>
         <Textarea v-model="disabledTechnologiesText" :rows="9" placeholder="例如：&#10;Google Analytics&#10;WordPress 插件: akismet" />
       </div>
-      <div>
+      <div class="settings-fieldset">
         <h2>自定义样式 CSS</h2>
         <p class="hint">保存后会应用到弹窗和设置页。留空则不覆盖样式。</p>
         <Textarea v-model="customCssText" :rows="9" placeholder=".tech-name { color: #0f766e; }" />
@@ -162,11 +230,49 @@
       <Textarea v-model="rulesJsonText" :rows="13" />
     </section>
   </main>
+  <Teleport to="body">
+    <div v-if="confirmDialog.open" class="confirm-backdrop" @click.self="resolveConfirmation(false)">
+      <section
+        ref="confirmDialogPanel"
+        class="confirm-modal"
+        :class="`is-${confirmDialog.tone}`"
+        role="dialog"
+        aria-modal="true"
+        aria-labelledby="settings-confirm-title"
+        aria-describedby="settings-confirm-message"
+        tabindex="-1"
+      >
+        <p id="settings-confirm-title" class="confirm-title">{{ confirmDialog.title }}</p>
+        <p id="settings-confirm-message" class="confirm-message">{{ confirmDialog.message }}</p>
+        <div class="confirm-actions">
+          <RippleButton @click="resolveConfirmation(false)">{{ confirmDialog.cancelLabel }}</RippleButton>
+          <RippleButton class="primary" variant="primary" @click="resolveConfirmation(true)">
+            {{ confirmDialog.confirmLabel }}
+          </RippleButton>
+        </div>
+      </section>
+    </div>
+  </Teleport>
 </template>
 
 <script setup lang="ts">
-  import { onMounted, reactive, ref, watch, computed } from 'vue'
-  import { BookOpen, ExternalLink, Inbox, Monitor, Moon, Pencil, RotateCcw, Save, Sun, Trash2 } from 'lucide-vue-next'
+  import { nextTick, onMounted, onUnmounted, reactive, ref, watch, computed } from 'vue'
+  import {
+    BookOpen,
+    Bot,
+    ExternalLink,
+    Inbox,
+    Monitor,
+    Moon,
+    Network,
+    Pencil,
+    RotateCcw,
+    Save,
+    Server,
+    ShieldCheck,
+    Sun,
+    Trash2
+  } from 'lucide-vue-next'
   import Select from '@/ui/components/Select.vue'
   import Checkbox from '@/ui/components/Checkbox.vue'
   import Input from '@/ui/components/Input.vue'
@@ -176,7 +282,20 @@
   import { applyCustomCss } from '@/utils/apply-custom-css'
   import { cleanCustomRules, cleanStringArray, defaultSettings, normalizeSettings } from '@/utils/normalize-settings'
   import { buildRuleContributionUrl } from '@/utils/build-issue-url'
-  import { REPOSITORY_URL, SETTINGS_STORAGE_KEY, STATUS_HIDE_DELAY } from '@/utils/constants'
+  import {
+    loadAgentBridgeDataConsentSnapshot,
+    requestAgentBridgeDataConsent,
+    revokeAgentBridgeDataConsent,
+    rollbackAgentBridgeDataConsent,
+    type AgentBridgeDataConsentSnapshot
+  } from '@/utils/firefox-data-consent'
+  import {
+    AGENT_BRIDGE_ALLOW_ALL_NETWORK_TARGETS_STORAGE_KEY,
+    AGENT_BRIDGE_ENABLED_STORAGE_KEY,
+    REPOSITORY_URL,
+    SETTINGS_STORAGE_KEY,
+    STATUS_HIDE_DELAY
+  } from '@/utils/constants'
   import { ALLOWED_CONFIDENCES, ALLOWED_MATCH_TARGETS, ALLOWED_MATCH_TYPES, CUSTOM_RULE_LIMITS } from '@/types/settings'
   import { cycleTheme, getStoredTheme, setStoredTheme, themeLabel, type ThemeMode } from '@/utils/theme'
 
@@ -209,7 +328,25 @@
   const status = reactive({ message: '', type: '' as 'ok' | 'error' | '' })
   const version = ref('')
   const theme = ref<ThemeMode>('auto')
+  const savedAgentBridgeEnabled = ref(false)
+  const savedAgentBridgeAllowAllNetworkTargets = ref(false)
+  const savedAgentBridgeDataConsent = ref<AgentBridgeDataConsentSnapshot | null>(null)
+  const agentBridgeDataConsentBaseline = ref<AgentBridgeDataConsentSnapshot | null>(null)
+  const confirmDialogPanel = ref<HTMLElement | null>(null)
+  const settingsShell = ref<HTMLElement | null>(null)
   let statusTimer = 0
+  let confirmResolver: ((value: boolean) => void) | null = null
+  let confirmReturnFocusTarget: HTMLElement | null = null
+  let confirmKeydownBound = false
+
+  const confirmDialog = reactive({
+    open: false,
+    title: '',
+    message: '',
+    confirmLabel: '确认',
+    cancelLabel: '取消',
+    tone: 'warning' as 'warning' | 'danger'
+  })
 
   const toggleTheme = async () => {
     const next = cycleTheme(theme.value)
@@ -241,6 +378,33 @@
       rule => `${rule.category} · ${rule.kind} · ${rule.confidence} · ${rule.matchType} · ${rule.patterns.length} 条匹配规则`
     )
   )
+  const hasPendingAgentBridgeAccessChange = computed(() => state.settings.agentBridgeEnabled !== savedAgentBridgeEnabled.value)
+  const hasPendingAgentBridgeNetworkOverrideChange = computed(
+    () => state.settings.agentBridgeAllowAllNetworkTargets !== savedAgentBridgeAllowAllNetworkTargets.value
+  )
+  const hasPendingAgentBridgeChange = computed(
+    () => hasPendingAgentBridgeAccessChange.value || hasPendingAgentBridgeNetworkOverrideChange.value
+  )
+  const agentBridgeStateLabel = computed(() => {
+    if (hasPendingAgentBridgeAccessChange.value) return state.settings.agentBridgeEnabled ? '待保存启用' : '待保存关闭'
+    if (hasPendingAgentBridgeNetworkOverrideChange.value) {
+      return state.settings.agentBridgeAllowAllNetworkTargets ? '待保存放开' : '待保存收紧'
+    }
+    if (savedAgentBridgeAllowAllNetworkTargets.value) return '网络已放开'
+    return savedAgentBridgeEnabled.value ? '启用中' : '已关闭'
+  })
+  const agentBridgeToggleHint = computed(() =>
+    hasPendingAgentBridgeAccessChange.value
+      ? '点击保存设置后生效；未保存前仍按当前 profile 的已保存状态处理。'
+      : '仅保存在当前浏览器 profile，关闭后拒绝捕获请求。'
+  )
+  const agentBridgeNetworkOverrideHint = computed(() => {
+    if (!state.settings.agentBridgeEnabled) return '需先允许本机访问；关闭 Agent Bridge 时不生效。'
+    if (hasPendingAgentBridgeNetworkOverrideChange.value) return '点击保存设置时会要求确认；未保存前仍按已保存策略处理。'
+    return state.settings.agentBridgeAllowAllNetworkTargets
+      ? '已允许采集本机、私网、保留地址和 DNS/proxy 映射到私网的目标。'
+      : '默认拦截本机、私网、保留地址和 DNS/proxy 映射到私网的目标。'
+  })
 
   const lines = (value: string) => {
     return String(value || '')
@@ -269,6 +433,108 @@
     showStatus(`规则语法检查未通过：\n${visible.join('\n')}${more}`, 'error')
   }
 
+  const getConfirmControls = () => Array.from(confirmDialogPanel.value?.querySelectorAll<HTMLElement>('button:not(:disabled)') || [])
+
+  const focusConfirmStart = () => {
+    const controls = getConfirmControls()
+    ;(controls[0] || confirmDialogPanel.value)?.focus()
+  }
+
+  const trapConfirmationFocus = (event: KeyboardEvent) => {
+    if (!confirmDialog.open) return
+    const controls = getConfirmControls()
+    if (!controls.length) {
+      event.preventDefault()
+      confirmDialogPanel.value?.focus()
+      return
+    }
+    const first = controls[0]
+    const last = controls[controls.length - 1]
+    const active = document.activeElement
+    if (!confirmDialogPanel.value?.contains(active)) {
+      event.preventDefault()
+      ;(event.shiftKey ? last : first).focus()
+    } else if (event.shiftKey && active === first) {
+      event.preventDefault()
+      last.focus()
+    } else if (!event.shiftKey && active === last) {
+      event.preventDefault()
+      first.focus()
+    }
+  }
+
+  const onConfirmDialogKeydown = (event: KeyboardEvent) => {
+    if (!confirmDialog.open) return
+    if (event.key === 'Escape') {
+      event.preventDefault()
+      resolveConfirmation(false)
+      return
+    }
+    if (event.key === 'Tab') trapConfirmationFocus(event)
+  }
+
+  const bindConfirmDialogKeydown = () => {
+    if (confirmKeydownBound) return
+    document.addEventListener('keydown', onConfirmDialogKeydown)
+    confirmKeydownBound = true
+  }
+
+  const unbindConfirmDialogKeydown = () => {
+    if (!confirmKeydownBound) return
+    document.removeEventListener('keydown', onConfirmDialogKeydown)
+    confirmKeydownBound = false
+  }
+
+  const requestConfirmation = async (options: {
+    title: string
+    message: string
+    confirmLabel: string
+    cancelLabel?: string
+    tone?: 'warning' | 'danger'
+  }) => {
+    if (confirmResolver) confirmResolver(false)
+    const active = document.activeElement
+    confirmReturnFocusTarget = active instanceof HTMLElement && active !== document.body ? active : null
+    return new Promise<boolean>(resolve => {
+      confirmResolver = resolve
+      Object.assign(confirmDialog, {
+        open: true,
+        title: options.title,
+        message: options.message,
+        confirmLabel: options.confirmLabel,
+        cancelLabel: options.cancelLabel || '取消',
+        tone: options.tone || 'warning'
+      })
+      bindConfirmDialogKeydown()
+      nextTick(focusConfirmStart)
+    })
+  }
+
+  const resolveConfirmation = (value: boolean) => {
+    const resolver = confirmResolver
+    const returnTarget = confirmReturnFocusTarget
+    confirmResolver = null
+    confirmReturnFocusTarget = null
+    confirmDialog.open = false
+    unbindConfirmDialogKeydown()
+    resolver?.(value)
+    nextTick(() => {
+      if (returnTarget?.isConnected) returnTarget.focus()
+      else settingsShell.value?.focus()
+    })
+  }
+
+  const cancelPendingConfirmation = () => {
+    const resolver = confirmResolver
+    confirmResolver = null
+    confirmReturnFocusTarget = null
+    confirmDialog.open = false
+    unbindConfirmDialogKeydown()
+    resolver?.(false)
+  }
+
+  onUnmounted(cancelPendingConfirmation)
+
   const validateRegexPatterns = (rule: any, label = '规则') => {
     if (rule.matchType === 'keyword') return ''
     for (const [index, pattern] of rule.patterns.entries()) {
@@ -470,7 +736,20 @@
   const loadSettings = async () => {
     try {
       const stored = await chrome.storage.sync.get(SETTINGS_STORAGE_KEY)
-      return normalizeSettings(stored[SETTINGS_STORAGE_KEY])
+      let local: Record<string, any> = {}
+      try {
+        local = await chrome.storage.local.get(SETTINGS_STORAGE_KEY)
+      } catch {
+        local = {}
+      }
+      return normalizeSettings(
+        {
+          ...stored[SETTINGS_STORAGE_KEY],
+          agentBridgeEnabled: local[SETTINGS_STORAGE_KEY]?.[AGENT_BRIDGE_ENABLED_STORAGE_KEY],
+          agentBridgeAllowAllNetworkTargets: local[SETTINGS_STORAGE_KEY]?.[AGENT_BRIDGE_ALLOW_ALL_NETWORK_TARGETS_STORAGE_KEY]
+        },
+        { allowAgentBridge: true, allowAgentBridgeNetworkOverride: true }
+      )
     } catch {
       return defaultSettings()
     }
@@ -484,6 +763,13 @@
     rulesJsonText.value = JSON.stringify(state.settings.customRules, null, 2)
   }
 
+  const applyLoadedSettings = (settings: ReturnType<typeof defaultSettings>) => {
+    state.settings = settings
+    savedAgentBridgeEnabled.value = settings.agentBridgeEnabled
+    savedAgentBridgeAllowAllNetworkTargets.value = settings.agentBridgeAllowAllNetworkTargets
+    syncFromSettings()
+  }
+
   const collectCategorySettings = () => {
     const disabled: string[] = []
     for (const cat of CATEGORY_ORDER) {
@@ -628,34 +914,141 @@
     showStatus('规则 JSON 已格式化。', 'ok')
   }
 
+  const rollbackPendingAgentBridgeDataConsent = async (
+    snapshot: AgentBridgeDataConsentSnapshot | null,
+    consentWasRequested: boolean
+  ): Promise<boolean> => {
+    if (!consentWasRequested) return true
+    try {
+      const rolledBack = await rollbackAgentBridgeDataConsent(snapshot)
+      if (rolledBack) savedAgentBridgeDataConsent.value = snapshot
+      return true
+    } catch (error: any) {
+      showStatus(`保存已中止，但撤回浏览器数据许可失败：${error.message || error}`, 'error')
+      return false
+    }
+  }
+
+  const updateAgentBridgeDataConsentState = async (
+    snapshot: AgentBridgeDataConsentSnapshot | null,
+    baseline: AgentBridgeDataConsentSnapshot | null = snapshot
+  ): Promise<void> => {
+    savedAgentBridgeDataConsent.value = snapshot
+    agentBridgeDataConsentBaseline.value = baseline
+  }
+
+  const revokeDisabledAgentBridgeDataConsent = async (agentBridgeEnabled: boolean): Promise<boolean> => {
+    if (agentBridgeEnabled || !savedAgentBridgeEnabled.value) return true
+    try {
+      await revokeAgentBridgeDataConsent()
+      await updateAgentBridgeDataConsentState(await loadAgentBridgeDataConsentSnapshot())
+      return true
+    } catch (error: any) {
+      showStatus(`保存失败：撤回浏览器数据许可失败：${error.message || error}`, 'error')
+      return false
+    }
+  }
+
   const saveSettings = async () => {
     collectCategorySettings()
     const jsonRules = parseRulesJsonTextarea()
     if (!jsonRules) return
-    const settings = normalizeSettings({
-      disabledCategories: state.settings.disabledCategories,
-      disabledTechnologies: cleanStringArray(lines(disabledTechnologiesText.value)),
-      customRules: jsonRules,
-      customCss: customCssText.value
+    const allowAllNetworkTargets = state.settings.agentBridgeEnabled && state.settings.agentBridgeAllowAllNetworkTargets
+    const consentSnapshot = savedAgentBridgeDataConsent.value
+    let agentBridgeDataConsentGranted = false
+    if (state.settings.agentBridgeEnabled) {
+      try {
+        agentBridgeDataConsentGranted = await requestAgentBridgeDataConsent()
+      } catch (error: any) {
+        if (await rollbackPendingAgentBridgeDataConsent(consentSnapshot, true)) {
+          showStatus(`保存失败：${error.message || error}`, 'error')
+        }
+        return
+      }
+      if (!agentBridgeDataConsentGranted) {
+        showStatus('已取消保存：浏览器未授予 Agent Bridge 数据传输许可。', 'error')
+        return
+      }
+    }
+    if (allowAllNetworkTargets && !savedAgentBridgeAllowAllNetworkTargets.value) {
+      const confirmed = await requestConfirmation({
+        title: '放开所有网络目标？',
+        message:
+          '这会允许 Agent Bridge 采集本机、内网、保留地址和 DNS/proxy 映射到私网的目标。仅在你确认当前本机 Agent、bridge 进程和浏览器 profile 可信时开启。',
+        confirmLabel: '确认保存',
+        tone: 'warning'
+      })
+      if (!confirmed) {
+        if (await rollbackPendingAgentBridgeDataConsent(consentSnapshot, agentBridgeDataConsentGranted)) {
+          showStatus('已取消保存。', 'error')
+        }
+        return
+      }
+    }
+    const settings = normalizeSettings(
+      {
+        disabledCategories: state.settings.disabledCategories,
+        disabledTechnologies: cleanStringArray(lines(disabledTechnologiesText.value)),
+        customRules: jsonRules,
+        customCss: customCssText.value,
+        agentBridgeEnabled: state.settings.agentBridgeEnabled,
+        agentBridgeAllowAllNetworkTargets: allowAllNetworkTargets
+      },
+      { allowAgentBridge: true, allowAgentBridgeNetworkOverride: true }
+    )
+    const syncSettings = normalizeSettings({
+      disabledCategories: settings.disabledCategories,
+      disabledTechnologies: settings.disabledTechnologies,
+      customRules: settings.customRules,
+      customCss: settings.customCss
     })
     try {
-      await chrome.storage.sync.set({ [SETTINGS_STORAGE_KEY]: settings })
-      state.settings = settings
-      syncFromSettings()
+      if (!(await revokeDisabledAgentBridgeDataConsent(settings.agentBridgeEnabled))) return
+      await chrome.storage.sync.set({ [SETTINGS_STORAGE_KEY]: syncSettings })
+      await chrome.storage.local.set({
+        [SETTINGS_STORAGE_KEY]: {
+          [AGENT_BRIDGE_ENABLED_STORAGE_KEY]: settings.agentBridgeEnabled,
+          [AGENT_BRIDGE_ALLOW_ALL_NETWORK_TARGETS_STORAGE_KEY]: settings.agentBridgeAllowAllNetworkTargets
+        }
+      })
+      applyLoadedSettings(settings)
+      if (agentBridgeDataConsentGranted) {
+        await updateAgentBridgeDataConsentState(await loadAgentBridgeDataConsentSnapshot(), consentSnapshot)
+      }
       applyCustomCss(settings.customCss)
       showStatus('设置已保存。重新打开或刷新插件弹窗后生效。', 'ok')
     } catch (error: any) {
-      showStatus(`保存失败：${error.message || error}`, 'error')
+      if (await rollbackPendingAgentBridgeDataConsent(consentSnapshot, agentBridgeDataConsentGranted)) {
+        showStatus(`保存失败：${error.message || error}`, 'error')
+      }
     }
   }
 
   const resetSettings = async () => {
-    if (!confirm('确定恢复默认设置？自定义规则和自定义 CSS 会被清空。')) return
-    state.settings = defaultSettings()
+    const confirmed = await requestConfirmation({
+      title: '恢复默认设置？',
+      message: '自定义规则、自定义 CSS 和 Agent Bridge 本地开关都会恢复为默认状态。',
+      confirmLabel: '恢复默认',
+      tone: 'danger'
+    })
+    if (!confirmed) return
+    const defaults = defaultSettings()
+    state.settings = defaults
+    const syncDefaults = normalizeSettings({
+      disabledCategories: state.settings.disabledCategories,
+      disabledTechnologies: state.settings.disabledTechnologies,
+      customRules: state.settings.customRules,
+      customCss: state.settings.customCss
+    })
     try {
-      await chrome.storage.sync.set({ [SETTINGS_STORAGE_KEY]: state.settings })
+      await revokeAgentBridgeDataConsent()
+      await updateAgentBridgeDataConsentState(await loadAgentBridgeDataConsentSnapshot())
+      await Promise.all([
+        chrome.storage.sync.set({ [SETTINGS_STORAGE_KEY]: syncDefaults }),
+        chrome.storage.local.remove(SETTINGS_STORAGE_KEY)
+      ])
       clearRuleForm()
-      syncFromSettings()
+      applyLoadedSettings(defaults)
       applyCustomCss('')
       showStatus('已恢复默认设置。', 'ok')
     } catch (error: any) {
@@ -681,11 +1074,18 @@
     value => applyCustomCss(value || '')
   )
 
+  watch(
+    () => state.settings.agentBridgeEnabled,
+    enabled => {
+      if (!enabled) state.settings.agentBridgeAllowAllNetworkTargets = false
+    }
+  )
+
   onMounted(async () => {
     version.value = chrome.runtime.getManifest?.()?.version || ''
     theme.value = await getStoredTheme()
-    state.settings = await loadSettings()
-    syncFromSettings()
+    applyLoadedSettings(await loadSettings())
+    await updateAgentBridgeDataConsentState(await loadAgentBridgeDataConsentSnapshot())
     applyCustomCss(state.settings.customCss)
   })
 </script>
@@ -696,6 +1096,12 @@
     line-height: 1.5;
     padding-top: 152px;
   }
+
+  @media (max-width: 760px) {
+    body {
+      padding-top: 0;
+    }
+  }
 </style>
 
 <style lang="scss" scoped>
@@ -747,17 +1153,18 @@
     font-size: 22px;
     font-weight: 600;
     gap: 10px;
-    letter-spacing: -0.01em;
+    letter-spacing: 0;
     line-height: 1.2;
     margin-bottom: 6px;
   }
 
   h2 {
-    color: var(--muted);
-    font-size: 11px;
-    font-weight: 600;
-    letter-spacing: 0.06em;
-    text-transform: uppercase;
+    color: var(--text);
+    font-size: 14px;
+    font-weight: 650;
+    letter-spacing: 0;
+    line-height: 1.35;
+    text-transform: none;
   }
 
   .version-badge {
@@ -769,8 +1176,9 @@
 
   .hint {
     color: var(--muted);
-    font-size: 13px;
-    margin-bottom: 8px;
+    font-size: 14px;
+    line-height: 1.5;
+    margin-bottom: 12px;
   }
 
   // header-actions：透明 ghost + 一个 primary
@@ -847,11 +1255,81 @@
     }
   }
 
+  .confirm-backdrop {
+    align-items: center;
+    background: rgba(15, 23, 42, 0.42);
+    display: flex;
+    inset: 0;
+    justify-content: center;
+    padding: 24px;
+    position: fixed;
+    z-index: 70;
+  }
+
+  .confirm-modal {
+    background: var(--panel);
+    border: 1px solid var(--line);
+    border-radius: 10px;
+    box-shadow: 0 24px 70px rgba(15, 23, 42, 0.26);
+    max-width: 460px;
+    outline: none;
+    padding: 22px;
+    width: min(100%, 460px);
+
+    &.is-warning {
+      border-color: rgba(180, 83, 9, 0.34);
+    }
+
+    &.is-danger {
+      border-color: rgba(185, 28, 28, 0.34);
+    }
+  }
+
+  .confirm-title {
+    color: var(--text);
+    font-size: 17px;
+    font-weight: 700;
+    line-height: 1.35;
+  }
+
+  .confirm-message {
+    color: var(--muted);
+    font-size: 14px;
+    line-height: 1.65;
+    margin-top: 10px;
+  }
+
+  .confirm-actions {
+    display: flex;
+    gap: 8px;
+    justify-content: flex-end;
+    margin-top: 20px;
+
+    button {
+      background: var(--panel);
+      border: 1px solid var(--line);
+      border-radius: 7px;
+      color: var(--text);
+      cursor: pointer;
+      font-size: 14px;
+      min-height: 36px;
+      padding: 0 14px;
+
+      &.primary {
+        background: var(--accent);
+        border-color: var(--accent);
+        color: #ffffff;
+        font-weight: 600;
+      }
+    }
+  }
+
   // panel：去 box-shadow，仅 hairline
   .panel {
     background: var(--panel);
     border: 1px solid var(--line);
     border-radius: 8px;
+    box-shadow: 0 1px 2px rgba(20, 35, 50, 0.03);
     margin-bottom: 16px;
     padding: 20px 24px 24px;
   }
@@ -879,7 +1357,7 @@
       border-radius: 5px;
       color: var(--muted);
       cursor: pointer;
-      font-size: 12px;
+      font-size: 13px;
       padding: 4px 10px;
       transition:
         border-color 0.15s ease,
@@ -895,19 +1373,274 @@
   // category toggle 列表：去边框，紧凑 inline 风格
   .category-grid {
     display: grid;
-    gap: 4px 16px;
+    gap: 8px;
     grid-template-columns: repeat(auto-fit, minmax(160px, 1fr));
   }
 
   .toggle-item {
     align-items: center;
+    background: var(--dt-bg);
+    border: 1px solid transparent;
+    border-radius: 6px;
     color: var(--text);
     cursor: pointer;
     display: flex;
-    font-size: 13px;
+    font-size: 14px;
     gap: 8px;
-    padding: 4px 0;
+    min-height: 36px;
+    padding: 7px 10px;
+    transition:
+      background 0.15s ease,
+      border-color 0.15s ease,
+      color 0.15s ease;
     user-select: none;
+
+    &:hover {
+      background: var(--accent-soft);
+      border-color: rgba(15, 118, 110, 0.2);
+    }
+  }
+
+  .agent-bridge-panel {
+    background: linear-gradient(90deg, var(--accent-soft), transparent 52%), var(--panel);
+    border-color: rgba(15, 118, 110, 0.32);
+    box-shadow: 0 12px 28px rgba(15, 118, 110, 0.08);
+    overflow: hidden;
+    padding: 0;
+
+    &.is-enabled {
+      border-color: rgba(4, 120, 87, 0.52);
+      box-shadow: 0 16px 34px rgba(4, 120, 87, 0.12);
+    }
+
+    &.has-pending-change {
+      border-color: rgba(180, 83, 9, 0.42);
+      box-shadow: 0 14px 30px rgba(180, 83, 9, 0.1);
+    }
+
+    &.has-network-override {
+      background: linear-gradient(90deg, rgba(245, 158, 11, 0.13), transparent 58%), var(--panel);
+      border-color: rgba(180, 83, 9, 0.42);
+    }
+  }
+
+  .agent-bridge-main {
+    align-items: flex-start;
+    display: flex;
+    gap: 16px;
+    justify-content: space-between;
+    padding: 22px 24px 16px;
+  }
+
+  .agent-bridge-title {
+    align-items: flex-start;
+    display: flex;
+    gap: 14px;
+
+    p {
+      color: var(--muted);
+      font-size: 14px;
+      line-height: 1.5;
+      margin-top: 4px;
+      max-width: 620px;
+    }
+  }
+
+  .agent-bridge-mark {
+    align-items: center;
+    background: var(--accent);
+    border-radius: 8px;
+    box-shadow: 0 10px 20px rgba(15, 118, 110, 0.22);
+    color: #ffffff;
+    display: inline-flex;
+    flex-shrink: 0;
+    height: 44px;
+    justify-content: center;
+    width: 44px;
+  }
+
+  .agent-bridge-kicker {
+    color: var(--accent);
+    font-size: 11px;
+    font-weight: 700;
+    letter-spacing: 0.08em;
+    line-height: 1;
+    margin-bottom: 7px;
+    text-transform: uppercase;
+  }
+
+  .agent-bridge-heading {
+    color: var(--text);
+    font-size: 20px;
+    font-weight: 650;
+    letter-spacing: 0;
+    line-height: 1.2;
+    text-transform: none;
+  }
+
+  .agent-bridge-state {
+    align-items: center;
+    background: var(--confidence-low-bg);
+    border: 1px solid var(--line);
+    border-radius: 999px;
+    color: var(--muted);
+    display: inline-flex;
+    flex-shrink: 0;
+    font-size: 13px;
+    font-weight: 600;
+    min-height: 30px;
+    padding: 4px 12px;
+
+    &.active {
+      background: var(--confidence-high-bg);
+      border-color: rgba(4, 120, 87, 0.24);
+      color: var(--confidence-high-text);
+    }
+
+    &.pending {
+      background: rgba(245, 158, 11, 0.12);
+      border-color: rgba(180, 83, 9, 0.26);
+      color: #92400e;
+    }
+
+    &.warning {
+      background: rgba(245, 158, 11, 0.14);
+      border-color: rgba(180, 83, 9, 0.34);
+      color: #92400e;
+    }
+  }
+
+  .agent-bridge-control {
+    align-items: center;
+    background: rgba(255, 255, 255, 0.58);
+    border-top: 1px solid rgba(15, 118, 110, 0.16);
+    display: flex;
+    gap: 18px;
+    justify-content: space-between;
+    padding: 16px 24px 18px;
+  }
+
+  .agent-bridge-toggle-stack {
+    display: flex;
+    flex-direction: column;
+    gap: 10px;
+    min-width: 0;
+  }
+
+  :global(:root[data-theme='dark']) .agent-bridge-control {
+    background: rgba(15, 20, 25, 0.28);
+  }
+
+  @media (prefers-color-scheme: dark) {
+    :global(:root:not([data-theme='light'])) .agent-bridge-control {
+      background: rgba(15, 20, 25, 0.28);
+    }
+
+    :global(:root:not([data-theme='light'])) .agent-bridge-state.pending,
+    :global(:root:not([data-theme='light'])) .agent-bridge-state.warning,
+    :global(:root:not([data-theme='light'])) .agent-bridge-network-toggle strong,
+    :global(:root:not([data-theme='light'])) .agent-bridge-facts .warning {
+      color: #fbbf24;
+    }
+
+    :global(:root:not([data-theme='light'])) .agent-bridge-network-toggle small {
+      color: #fcd34d;
+    }
+
+    :global(:root:not([data-theme='light'])) .agent-bridge-facts .warning svg {
+      color: #f59e0b;
+    }
+  }
+
+  .agent-bridge-toggle {
+    align-items: flex-start;
+    color: var(--text);
+    cursor: pointer;
+    display: flex;
+    gap: 11px;
+    min-width: 0;
+    user-select: none;
+
+    strong,
+    small {
+      display: block;
+    }
+
+    strong {
+      font-size: 15px;
+      font-weight: 650;
+      line-height: 1.25;
+    }
+
+    small {
+      color: var(--muted);
+      font-size: 14px;
+      line-height: 1.45;
+      margin-top: 2px;
+    }
+  }
+
+  .agent-bridge-network-toggle {
+    align-items: flex-start;
+
+    strong {
+      color: #92400e;
+    }
+
+    small {
+      color: #a16207;
+      max-width: 560px;
+    }
+  }
+
+  :global(:root[data-theme='dark']) .agent-bridge-state.pending,
+  :global(:root[data-theme='dark']) .agent-bridge-state.warning,
+  :global(:root[data-theme='dark']) .agent-bridge-network-toggle strong,
+  :global(:root[data-theme='dark']) .agent-bridge-facts .warning {
+    color: #fbbf24;
+  }
+
+  :global(:root[data-theme='dark']) .agent-bridge-network-toggle small {
+    color: #fcd34d;
+  }
+
+  :global(:root[data-theme='dark']) .agent-bridge-facts .warning svg {
+    color: #f59e0b;
+  }
+
+  .agent-bridge-facts {
+    display: flex;
+    flex-wrap: wrap;
+    gap: 6px;
+    justify-content: flex-end;
+
+    span {
+      align-items: center;
+      background: var(--panel);
+      border: 1px solid rgba(15, 118, 110, 0.18);
+      border-radius: 999px;
+      color: var(--muted);
+      display: inline-flex;
+      font-size: 13px;
+      gap: 5px;
+      min-height: 30px;
+      padding: 5px 10px;
+      white-space: nowrap;
+    }
+
+    svg {
+      color: var(--accent);
+    }
+
+    .warning {
+      background: rgba(245, 158, 11, 0.12);
+      border-color: rgba(180, 83, 9, 0.26);
+      color: #92400e;
+    }
+
+    .warning svg {
+      color: #b45309;
+    }
   }
 
   // two-column / rule-textareas
@@ -918,6 +1651,34 @@
     grid-template-columns: repeat(2, minmax(0, 1fr));
   }
 
+  .settings-fieldset {
+    background: var(--dt-bg);
+    border: 1px solid var(--tech-divider);
+    border-radius: 8px;
+    padding: 20px;
+
+    :deep(.sp-textarea) {
+      background: var(--panel);
+      font-size: 14px;
+    }
+
+    :deep(.sp-textarea-inner) {
+      font-size: 14px;
+      line-height: 1.6;
+      padding: 12px;
+    }
+  }
+
+  .panel > :deep(.sp-textarea) {
+    font-size: 14px;
+  }
+
+  .panel > :deep(.sp-textarea) :deep(.sp-textarea-inner) {
+    font-size: 14px;
+    line-height: 1.6;
+    padding: 12px;
+  }
+
   .rule-textareas {
     grid-template-columns: repeat(3, minmax(0, 1fr));
     margin-top: 16px;
@@ -927,9 +1688,9 @@
   label span {
     color: var(--text);
     display: block;
-    font-size: 12px;
-    font-weight: 500;
-    letter-spacing: 0.01em;
+    font-size: 14px;
+    font-weight: 550;
+    letter-spacing: 0;
     margin-bottom: 6px;
   }
 
@@ -938,6 +1699,13 @@
     display: grid;
     gap: 12px 16px;
     grid-template-columns: repeat(3, minmax(0, 1fr));
+
+    :deep(.sp-input),
+    :deep(.sp-input-inner),
+    :deep(.sp-select-trigger),
+    :deep(.sp-select-input) {
+      font-size: 14px;
+    }
   }
 
   // match-targets：inline checkbox 列
@@ -952,7 +1720,7 @@
       color: var(--muted);
       cursor: pointer;
       display: inline-flex;
-      font-size: 13px;
+      font-size: 14px;
       gap: 6px;
     }
   }
@@ -969,7 +1737,7 @@
       border-radius: 6px;
       color: var(--text);
       cursor: pointer;
-      font-size: 13px;
+      font-size: 14px;
       padding: 6px 14px;
       transition:
         border-color 0.15s ease,
@@ -1020,7 +1788,7 @@
     color: var(--muted);
     display: flex;
     flex-direction: column;
-    font-size: 13px;
+    font-size: 14px;
     gap: 8px;
     padding: 32px 0 24px;
   }
@@ -1032,13 +1800,13 @@
 
   .rule-title {
     color: var(--text);
-    font-size: 13px;
+    font-size: 14px;
     font-weight: 600;
   }
 
   .rule-meta {
     color: var(--muted);
-    font-size: 12px;
+    font-size: 13px;
     margin-top: 2px;
     overflow-wrap: anywhere;
   }
@@ -1076,6 +1844,10 @@
   }
 
   @media (max-width: 760px) {
+    .settings-header {
+      position: static;
+    }
+
     .settings-shell {
       padding: 16px;
     }
@@ -1092,6 +1864,54 @@
       padding: 12px 16px;
     }
 
+    .header-actions {
+      display: grid;
+      gap: 6px;
+      grid-template-columns: repeat(2, minmax(0, 1fr));
+      width: 100%;
+
+      button {
+        justify-content: center;
+        min-height: 36px;
+      }
+
+      button.primary {
+        grid-column: 1 / -1;
+        order: -1;
+      }
+    }
+
+    .agent-bridge-main,
+    .agent-bridge-control {
+      align-items: stretch;
+      flex-direction: column;
+    }
+
+    .agent-bridge-toggle-stack {
+      width: 100%;
+    }
+
+    .agent-bridge-state {
+      align-self: flex-start;
+    }
+
+    .agent-bridge-facts {
+      justify-content: flex-start;
+    }
+
+    .confirm-backdrop {
+      align-items: flex-end;
+      padding: 16px;
+    }
+
+    .confirm-actions {
+      flex-direction: column-reverse;
+
+      button {
+        width: 100%;
+      }
+    }
+
     .msg {
       left: 14px;
       max-width: none;
diff --git a/src/utils/category-order.ts b/src/utils/category-order.ts
index 961220e2..4c7e5584 100644
--- a/src/utils/category-order.ts
+++ b/src/utils/category-order.ts
@@ -7,19 +7,56 @@ export const CATEGORY_ORDER: readonly string[] = [
   'Web 服务器',
   '后端 / 服务器框架',
   '开发语言 / 运行时',
+  '数据基础设施',
+  '对象存储 / 文件存储',
+  'DevOps / 研发效能',
+  '开发者工具 / 代码托管',
+  '低代码 / 自动化 / 内部工具',
   '网站程序',
+  'CMS / 电商平台',
+  'Headless CMS',
   '主题 / 模板',
   '网站源码线索',
   '探针 / 监控',
-  'CMS / 电商平台',
+  '状态页 / 可用性监控',
   'RSS / 订阅',
   'SaaS / 第三方服务',
   'AI / 大模型',
   '第三方登录 / OAuth',
   '支付系统',
+  '订阅计费 / 税务发票',
+  '电子签名 / 合同',
+  'KYC / 反欺诈风控',
+  '会员积分 / 推荐返利',
+  '招聘 / ATS',
+  '预约排程',
+  '活动 / 票务',
+  '物流追踪 / 退货售后',
   '广告 / 营销',
   '统计 / 分析',
   '分析与标签',
+  '站内搜索 / 个性化推荐',
+  '评论 / 社区嵌入',
+  '评价 / UGC',
+  '产品引导 / 用户反馈',
+  '表单 / 问卷',
+  '隐私合规 / Cookie 同意',
+  '无障碍辅助',
+  'Web Push / 消息推送',
+  '短信 / 通信 API',
+  '电话 / 呼叫追踪',
+  '邮箱验证 / 邮件校验 API',
+  '地址验证 / 地理编码',
+  'IP 地理位置 / IP 情报',
+  '金融数据 / 汇率 API',
+  '天气 / 气象数据',
+  '翻译 / 本地化 API',
+  'OCR / 文档智能 API',
+  '文档生成 / 截图 API',
+  '媒体托管 / 图片处理',
+  '实时音视频 / 视频 SDK',
+  'Web3 钱包 / 链上基础设施',
+  '代码示例 / 在线 IDE 嵌入',
   '安全与协议',
   '其他库'
 ]
diff --git a/src/utils/constants.ts b/src/utils/constants.ts
index aaba4972..0c689c5d 100644
--- a/src/utils/constants.ts
+++ b/src/utils/constants.ts
@@ -1,4 +1,6 @@
 export const SETTINGS_STORAGE_KEY = 'stackPrismSettings'
+export const AGENT_BRIDGE_ENABLED_STORAGE_KEY = 'agentBridgeEnabled'
+export const AGENT_BRIDGE_ALLOW_ALL_NETWORK_TARGETS_STORAGE_KEY = 'agentBridgeAllowAllNetworkTargets'
 export const REPOSITORY_URL = 'https://github.com/setube/stackprism'
 export const RULE_CONTRIBUTION_URL = `${REPOSITORY_URL}/issues/new?template=rule_contribution.yml`
 export const DETECTION_CORRECTION_TEMPLATE = 'detection_correction.md'
diff --git a/src/utils/domain.ts b/src/utils/domain.ts
index 0917aab7..f146d4b0 100644
--- a/src/utils/domain.ts
+++ b/src/utils/domain.ts
@@ -50,6 +50,13 @@ const MULTI_LABEL_SUFFIXES = new Set(
     .filter(Boolean)
 )
 
+const HOSTING_TENANT_SUFFIXES = `github.io vercel.app netlify.app pages.dev workers.dev webflow.io firebaseapp.com web.app
+  herokuapp.com fly.dev glitch.me repl.co replit.app surge.sh render.com onrender.com
+  railway.app up.railway.app azurewebsites.net cloudfront.net`
+  .split(/\s+/)
+  .filter(Boolean)
+  .sort((a, b) => b.split('.').length - a.split('.').length || b.length - a.length)
+
 const IPV4_RE = /^\d{1,3}(?:\.\d{1,3}){3}$/
 
 const isIpHost = (host: string): boolean => IPV4_RE.test(host) || host.includes(':')
@@ -62,6 +69,11 @@ export const getRegistrableDomain = (hostname: unknown): string => {
   if (!host || isIpHost(host)) return host
   const labels = host.split('.')
   if (labels.length <= 2) return host
+  for (const suffix of HOSTING_TENANT_SUFFIXES) {
+    const suffixLabels = suffix.split('.').length
+    if (host === suffix) return host
+    if (host.endsWith(`.${suffix}`)) return labels.slice(-(suffixLabels + 1)).join('.')
+  }
   const last2 = labels.slice(-2).join('.')
   if (MULTI_LABEL_SUFFIXES.has(last2)) return labels.slice(-3).join('.')
   return last2
diff --git a/src/utils/firefox-data-consent.ts b/src/utils/firefox-data-consent.ts
new file mode 100644
index 00000000..d42f43fb
--- /dev/null
+++ b/src/utils/firefox-data-consent.ts
@@ -0,0 +1,134 @@
+export const AGENT_BRIDGE_DATA_COLLECTION_PERMISSIONS = ['browsingActivity', 'technicalAndInteraction', 'websiteContent'] as const
+
+type AgentBridgeDataCollectionPermission = (typeof AGENT_BRIDGE_DATA_COLLECTION_PERMISSIONS)[number]
+type DataCollectionPermissionRequest = { data_collection: AgentBridgeDataCollectionPermission[] }
+export type AgentBridgeDataConsentSnapshot = {
+  supported: boolean
+  granted: AgentBridgeDataCollectionPermission[]
+  missing: AgentBridgeDataCollectionPermission[]
+}
+type DataCollectionPermissionsApi = {
+  getAll?: () => Promise<{ data_collection?: string[] }>
+  request?: (permissions: DataCollectionPermissionRequest) => Promise<boolean>
+  remove?: (permissions: DataCollectionPermissionRequest) => Promise<boolean>
+}
+type DataCollectionPermissionSet = Record<string, unknown> & {
+  data_collection?: unknown
+}
+
+const declaredAgentBridgeDataCollectionPermissions = (): Set<string> | null => {
+  const manifest = globalThis.chrome?.runtime?.getManifest?.() as
+    | {
+        browser_specific_settings?: {
+          gecko?: {
+            data_collection_permissions?: {
+              optional?: unknown
+            }
+          }
+        }
+      }
+    | undefined
+  const optional = manifest?.browser_specific_settings?.gecko?.data_collection_permissions?.optional
+  if (!Array.isArray(optional)) return null
+  return new Set(optional.filter((permission): permission is string => typeof permission === 'string'))
+}
+
+const supportsAgentBridgeDataCollectionPermissions = (): boolean => {
+  const declared = declaredAgentBridgeDataCollectionPermissions()
+  if (!declared) return false
+  return AGENT_BRIDGE_DATA_COLLECTION_PERMISSIONS.every(permission => declared.has(permission))
+}
+
+const dataCollectionSet = (permissions: unknown): Set<string> | null => {
+  if (!permissions || typeof permissions !== 'object') return null
+  const dataCollection = (permissions as DataCollectionPermissionSet).data_collection
+  if (!Array.isArray(dataCollection)) return null
+  return new Set(dataCollection.filter((permission): permission is string => typeof permission === 'string'))
+}
+
+const dataCollectionPermissionsApi = (): DataCollectionPermissionsApi | null => {
+  const permissions = globalThis.chrome?.permissions
+  if (!supportsAgentBridgeDataCollectionPermissions()) return null
+  if (!permissions?.getAll) return null
+  return permissions as DataCollectionPermissionsApi
+}
+
+const dataCollectionPermissionRequestApi = (): Pick<DataCollectionPermissionsApi, 'request'> | null => {
+  const permissions = globalThis.chrome?.permissions
+  if (!supportsAgentBridgeDataCollectionPermissions()) return null
+  if (!permissions?.request) return null
+  return permissions as Pick<DataCollectionPermissionsApi, 'request'>
+}
+
+const dataCollectionPermissionRemoveApi = (): Pick<DataCollectionPermissionsApi, 'remove'> | null => {
+  const permissions = globalThis.chrome?.permissions
+  if (!supportsAgentBridgeDataCollectionPermissions()) return null
+  if (!permissions?.remove) return null
+  return permissions as Pick<DataCollectionPermissionsApi, 'remove'>
+}
+
+const grantedDataCollectionPermissions = async (permissions: DataCollectionPermissionsApi): Promise<Set<string> | null> => {
+  return dataCollectionSet(await permissions.getAll!())
+}
+
+const snapshotFromGrantedPermissions = (granted: Set<string>): AgentBridgeDataConsentSnapshot => {
+  const grantedCategories = AGENT_BRIDGE_DATA_COLLECTION_PERMISSIONS.filter(permission => granted.has(permission))
+  const missingCategories = AGENT_BRIDGE_DATA_COLLECTION_PERMISSIONS.filter(permission => !granted.has(permission))
+  return { supported: true, granted: grantedCategories, missing: missingCategories }
+}
+
+const unsupportedDataConsentSnapshot = (): AgentBridgeDataConsentSnapshot => ({
+  supported: false,
+  granted: [...AGENT_BRIDGE_DATA_COLLECTION_PERMISSIONS],
+  missing: []
+})
+
+export const includesAgentBridgeDataConsentRemoval = (permissions: unknown): boolean => {
+  const removed = dataCollectionSet(permissions)
+  if (!removed) return false
+  return AGENT_BRIDGE_DATA_COLLECTION_PERMISSIONS.some(permission => removed.has(permission))
+}
+
+export const loadAgentBridgeDataConsentSnapshot = async (): Promise<AgentBridgeDataConsentSnapshot> => {
+  const permissions = dataCollectionPermissionsApi()
+  if (!permissions) return unsupportedDataConsentSnapshot()
+  const granted = await grantedDataCollectionPermissions(permissions)
+  if (!granted) return unsupportedDataConsentSnapshot()
+  return snapshotFromGrantedPermissions(granted)
+}
+
+export const hasAgentBridgeDataConsent = async (): Promise<boolean> => {
+  return (await loadAgentBridgeDataConsentSnapshot()).missing.length === 0
+}
+
+export const requestAgentBridgeDataConsent = (): Promise<boolean> => {
+  const permissions = dataCollectionPermissionRequestApi()
+  if (!permissions) return Promise.resolve(true)
+  return permissions.request!({ data_collection: [...AGENT_BRIDGE_DATA_COLLECTION_PERMISSIONS] })
+}
+
+export const rollbackAgentBridgeDataConsent = async (snapshot: AgentBridgeDataConsentSnapshot | null | undefined): Promise<boolean> => {
+  if (!snapshot?.supported) return false
+  const previouslyGranted = new Set(snapshot.granted)
+  const grantedByRequest = AGENT_BRIDGE_DATA_COLLECTION_PERMISSIONS.filter(permission => !previouslyGranted.has(permission))
+  if (!grantedByRequest.length) return false
+  const permissions = dataCollectionPermissionRemoveApi()
+  if (!permissions) throw new Error('Agent Bridge data consent removal is unavailable.')
+  const removed = await permissions.remove!({ data_collection: grantedByRequest })
+  if (!removed) throw new Error('Agent Bridge data consent removal was rejected.')
+  return true
+}
+
+export const revokeAgentBridgeDataConsent = async (): Promise<boolean> => {
+  const permissions = dataCollectionPermissionsApi()
+  if (!permissions) return false
+  const granted = await grantedDataCollectionPermissions(permissions)
+  if (!granted) return false
+  const grantedCategories = AGENT_BRIDGE_DATA_COLLECTION_PERMISSIONS.filter(permission => granted.has(permission))
+  if (!grantedCategories.length) return false
+  const removePermissions = dataCollectionPermissionRemoveApi()
+  if (!removePermissions) throw new Error('Agent Bridge data consent removal is unavailable.')
+  const removed = await removePermissions.remove!({ data_collection: grantedCategories })
+  if (!removed) throw new Error('Agent Bridge data consent removal was rejected.')
+  return true
+}
diff --git a/src/utils/network-address-policy.ts b/src/utils/network-address-policy.ts
new file mode 100644
index 00000000..3a5e5beb
--- /dev/null
+++ b/src/utils/network-address-policy.ts
@@ -0,0 +1,155 @@
+const IPV4_BITS = 32n
+const IPV6_BITS = 128n
+
+const ipv4Blocks: Array<[string, number]> = [
+  ['0.0.0.0', 8],
+  ['10.0.0.0', 8],
+  ['100.64.0.0', 10],
+  ['127.0.0.0', 8],
+  ['169.254.0.0', 16],
+  ['172.16.0.0', 12],
+  ['192.0.0.0', 24],
+  ['192.0.2.0', 24],
+  ['192.88.99.0', 24],
+  ['192.168.0.0', 16],
+  ['198.18.0.0', 15],
+  ['198.51.100.0', 24],
+  ['203.0.113.0', 24],
+  ['224.0.0.0', 4],
+  ['240.0.0.0', 4],
+  ['255.255.255.255', 32]
+]
+
+const ipv6Blocks: Array<[string, number]> = [
+  ['::', 128],
+  ['::1', 128],
+  ['64:ff9b:1::', 48],
+  ['100::', 64],
+  ['2001::', 23],
+  ['2001:db8::', 32],
+  ['2002::', 16],
+  ['3fff::', 20],
+  ['fc00::', 7],
+  ['fe80::', 10],
+  ['ff00::', 8]
+]
+
+const publicIpv4Exceptions = new Set(['192.0.0.9', '192.0.0.10'])
+const publicIpv6Exceptions: Array<[string, number]> = [
+  ['2001:1::1', 128],
+  ['2001:1::2', 128],
+  ['2001:3::', 32],
+  ['2001:4:112::', 48],
+  ['2001:20::', 28],
+  ['2001:30::', 28]
+]
+
+const proxyReservedIpv4Blocks: Array<[string, number]> = [['198.18.0.0', 15]]
+
+const cleanAddress = (value: unknown): string =>
+  String(value || '')
+    .trim()
+    .replace(/^\[|\]$/g, '')
+    .split('%')[0]
+    .toLowerCase()
+
+const parseIpv4 = (value: string): number | null => {
+  const parts = value.split('.')
+  if (parts.length !== 4) return null
+  let result = 0
+  for (const part of parts) {
+    if (!/^\d{1,3}$/.test(part)) return null
+    const number = Number(part)
+    if (!Number.isInteger(number) || number < 0 || number > 255) return null
+    result = result * 256 + number
+  }
+  return result >>> 0
+}
+
+const ipv4ToText = (value: number): string => [24, 16, 8, 0].map(shift => String((value >>> shift) & 0xff)).join('.')
+
+const normalizeEmbeddedIpv4 = (value: string): string => {
+  const match = /^(.*:)(\d{1,3}(?:\.\d{1,3}){3})$/.exec(value)
+  if (!match) return value
+  const ipv4 = parseIpv4(match[2])
+  if (ipv4 === null) return value
+  return `${match[1]}${((ipv4 >>> 16) & 0xffff).toString(16)}:${(ipv4 & 0xffff).toString(16)}`
+}
+
+const mappedIpv4FromIpv6 = (value: string): string | null => {
+  const normalized = normalizeEmbeddedIpv4(value)
+  const parts = expandIpv6Parts(normalized)
+  if (!parts) return null
+  const mapped = parts.slice(0, 5).every(part => part === 0) && parts[5] === 0xffff
+  if (!mapped) return null
+  return ipv4ToText(parts[6] * 65536 + parts[7])
+}
+
+const expandIpv6Parts = (value: string): number[] | null => {
+  if (!value.includes(':')) return null
+  const normalized = normalizeEmbeddedIpv4(value)
+  if ((normalized.match(/::/g) || []).length > 1) return null
+  const [leftText, rightText = ''] = normalized.split('::')
+  const left = leftText ? leftText.split(':') : []
+  const right = rightText ? rightText.split(':') : []
+  if (!normalized.includes('::') && left.length !== 8) return null
+  const missing = 8 - left.length - right.length
+  if (missing < 0 || (!normalized.includes('::') && missing !== 0)) return null
+  const parts = [...left, ...Array(missing).fill('0'), ...right]
+  if (parts.length !== 8) return null
+  return parts.map(part => (/^[0-9a-f]{1,4}$/i.test(part) ? Number.parseInt(part, 16) : NaN)).every(Number.isFinite)
+    ? parts.map(part => Number.parseInt(part, 16))
+    : null
+}
+
+const parseIpv6 = (value: string): bigint | null => {
+  const parts = expandIpv6Parts(value)
+  if (!parts) return null
+  return parts.reduce((result, part) => (result << 16n) + BigInt(part), 0n)
+}
+
+const contains = (address: bigint, base: bigint, prefix: number, bits: bigint): boolean => {
+  const shift = bits - BigInt(prefix)
+  return shift === 0n ? address === base : address >> shift === base >> shift
+}
+
+const isBlockedIpv4 = (address: number): boolean => {
+  const text = ipv4ToText(address)
+  if (publicIpv4Exceptions.has(text)) return false
+  return ipv4Blocks.some(([base, prefix]) => contains(BigInt(address), BigInt(parseIpv4(base) ?? 0), prefix, IPV4_BITS))
+}
+
+const isPublicIpv6Exception = (address: bigint): boolean =>
+  publicIpv6Exceptions.some(([base, prefix]) => {
+    const parsed = parseIpv6(base)
+    return parsed !== null && contains(address, parsed, prefix, IPV6_BITS)
+  })
+
+const isBlockedIpv6 = (address: bigint): boolean =>
+  !isPublicIpv6Exception(address) &&
+  ipv6Blocks.some(([base, prefix]) => {
+    const parsed = parseIpv6(base)
+    return parsed !== null && contains(address, parsed, prefix, IPV6_BITS)
+  })
+
+export const isPrivateNetworkAddress = (value: unknown): boolean => {
+  const address = cleanAddress(value)
+  if (!address) return false
+  const ipv4 = parseIpv4(address)
+  if (ipv4 !== null) return isBlockedIpv4(ipv4)
+  const mapped = mappedIpv4FromIpv6(address)
+  if (mapped) return isPrivateNetworkAddress(mapped)
+  const ipv6 = parseIpv6(address)
+  return ipv6 !== null && isBlockedIpv6(ipv6)
+}
+
+export const isProxyReservedNetworkAddress = (value: unknown): boolean => {
+  const address = cleanAddress(value)
+  if (!address) return false
+  const ipv4 = parseIpv4(address)
+  if (ipv4 !== null) {
+    return proxyReservedIpv4Blocks.some(([base, prefix]) => contains(BigInt(ipv4), BigInt(parseIpv4(base) ?? 0), prefix, IPV4_BITS))
+  }
+  const mapped = mappedIpv4FromIpv6(address)
+  return mapped ? isProxyReservedNetworkAddress(mapped) : false
+}
diff --git a/src/utils/normalize-settings.ts b/src/utils/normalize-settings.ts
index ce911be1..15d81fc6 100644
--- a/src/utils/normalize-settings.ts
+++ b/src/utils/normalize-settings.ts
@@ -9,6 +9,11 @@ import {
   type MatchType
 } from '@/types/settings'
 
+export interface NormalizeSettingsOptions {
+  allowAgentBridge?: boolean
+  allowAgentBridgeNetworkOverride?: boolean
+}
+
 export const cleanStringArray = (value: unknown): string[] => {
   if (!Array.isArray(value)) return []
   const trimmed = value.map(item => String(item ?? '').trim()).filter(Boolean)
@@ -55,15 +60,31 @@ export const cleanCustomRules = (value: unknown): CustomRule[] => {
     .slice(0, CUSTOM_RULE_LIMITS.rules)
 }
 
-export const normalizeSettings = (value: unknown = {}): DetectorSettings => {
+export const normalizeSettings = (value: unknown = {}, options: NormalizeSettingsOptions = {}): DetectorSettings => {
   const v = (value ?? {}) as Partial<DetectorSettings>
   const customCss = typeof v.customCss === 'string' ? v.customCss.slice(0, CUSTOM_RULE_LIMITS.customCss) : ''
+  const agentBridgeEnabled = options.allowAgentBridge === true && v.agentBridgeEnabled === true
   return {
     disabledCategories: cleanStringArray(v.disabledCategories),
     disabledTechnologies: cleanStringArray(v.disabledTechnologies),
     customRules: cleanCustomRules(v.customRules),
-    customCss
+    customCss,
+    agentBridgeEnabled,
+    agentBridgeAllowAllNetworkTargets: agentBridgeEnabled && options.allowAgentBridgeNetworkOverride === true && v.agentBridgeAllowAllNetworkTargets === true
   }
 }
 
+export const normalizeSettingsWithLocalOptIn = (syncValue: unknown = {}, localValue: unknown = {}): DetectorSettings => {
+  const local = (localValue ?? {}) as Partial<DetectorSettings>
+  const localAgentBridgeEnabled = local.agentBridgeEnabled === true
+  return normalizeSettings(
+    {
+      ...(syncValue as Record<string, unknown>),
+      agentBridgeEnabled: localAgentBridgeEnabled,
+      agentBridgeAllowAllNetworkTargets: localAgentBridgeEnabled ? local.agentBridgeAllowAllNetworkTargets : false
+    },
+    { allowAgentBridge: true, allowAgentBridgeNetworkOverride: true }
+  )
+}
+
 export const defaultSettings = (): DetectorSettings => ({ ...DEFAULT_SETTINGS, customRules: [] })
diff --git a/src/utils/page-support.ts b/src/utils/page-support.ts
index 9a608b84..06fa8c20 100644
--- a/src/utils/page-support.ts
+++ b/src/utils/page-support.ts
@@ -1,5 +1,10 @@
 const DETECTABLE_PROTOCOLS = new Set(['http:', 'https:'])
 const OBSERVABLE_REQUEST_PROTOCOLS = new Set(['http:', 'https:', 'ws:', 'wss:'])
+const BRIDGE_QUERY_SPECS = {
+  session: /^s_[A-Za-z0-9_-]{22}$/,
+  capture: /^cap_[A-Za-z0-9_-]{22}$/,
+  nonce: /^n_[A-Za-z0-9_-]{22}$/
+} as const
 
 export type PageSupport = {
   supported: boolean
@@ -17,12 +22,35 @@ const getProtocol = (url: unknown): string => {
   }
 }
 
-export const isDetectablePageUrl = (url: unknown): boolean => DETECTABLE_PROTOCOLS.has(getProtocol(url))
+export const isAgentBridgePageUrl = (url: unknown): boolean => {
+  try {
+    const parsed = new URL(String(url || ''))
+    if (parsed.protocol !== 'http:' || parsed.hostname !== '127.0.0.1' || parsed.pathname !== '/bridge') return false
+    const values: Record<string, string> = {}
+    const parts = parsed.search.replace(/^\?/, '').split('&').filter(Boolean)
+    if (parts.length !== 3) return false
+    for (const part of parts) {
+      const separatorIndex = part.indexOf('=')
+      if (separatorIndex <= 0 || part.indexOf('=', separatorIndex + 1) !== -1) return false
+      const name = part.slice(0, separatorIndex)
+      const value = part.slice(separatorIndex + 1)
+      const spec = BRIDGE_QUERY_SPECS[name as keyof typeof BRIDGE_QUERY_SPECS]
+      if (!spec || values[name] !== undefined || !spec.test(value)) return false
+      values[name] = value
+    }
+    return Boolean(values.session && values.capture && values.nonce)
+  } catch {
+    return false
+  }
+}
+
+export const isDetectablePageUrl = (url: unknown): boolean => DETECTABLE_PROTOCOLS.has(getProtocol(url)) && !isAgentBridgePageUrl(url)
 
 export const isObservableRequestUrl = (url: unknown): boolean => OBSERVABLE_REQUEST_PROTOCOLS.has(getProtocol(url))
 
 export const checkPageSupport = (url: unknown): PageSupport => {
   const protocol = getProtocol(url)
+  if (isAgentBridgePageUrl(url)) return { supported: false, reason: 'Agent Bridge 页面不进入普通检测流程。' }
   if (!protocol) return { supported: false, reason: '当前标签页还没有加载网页。' }
   if (protocol === 'chrome:') return { supported: false, reason: 'Chrome 浏览器内置页面无法注入检测脚本。' }
   if (protocol === 'edge:') return { supported: false, reason: 'Edge 浏览器内置页面无法注入检测脚本。' }
diff --git a/src/utils/site-experience-guidance.ts b/src/utils/site-experience-guidance.ts
new file mode 100644
index 00000000..4f7113bf
--- /dev/null
+++ b/src/utils/site-experience-guidance.ts
@@ -0,0 +1,188 @@
+import { redactText, sanitizeRecord } from '@/utils/site-experience-redaction'
+
+interface GuidanceSections {
+  visualProfile?: Record<string, unknown>
+  layoutProfile?: Record<string, unknown>
+  componentProfile?: Record<string, unknown>
+  interactionProfile?: Record<string, unknown>
+  uxProfile?: Record<string, unknown>
+  assetProfile?: Record<string, unknown>
+  evidence?: Record<string, unknown>
+  browserContext?: Record<string, unknown>
+}
+
+const cleanGuidanceText = (value: unknown): string => {
+  const text = redactText(value)
+    .replace(/[\u0000-\u001f\u007f]/g, ' ')
+    .replace(/\s+/g, ' ')
+    .trim()
+  return text.slice(0, 100)
+}
+
+const toTextList = (value: unknown, limit: number): string[] => {
+  const values = Array.isArray(value) ? value : typeof value === 'string' ? [value] : []
+  return [...new Set(values.map(cleanGuidanceText).filter(Boolean))].slice(0, limit)
+}
+
+const toRecord = (value: unknown): Record<string, unknown> =>
+  Boolean(value) && typeof value === 'object' && !Array.isArray(value) ? sanitizeRecord(value) : {}
+const isPlainRecord = (value: unknown): value is Record<string, unknown> =>
+  Boolean(value) && typeof value === 'object' && !Array.isArray(value)
+
+const toCountRecord = (value: unknown): Record<string, number> => {
+  const counts: Record<string, number> = {}
+  for (const [key, item] of Object.entries(toRecord(value))) {
+    const count = Number(item)
+    if (Number.isFinite(count) && count > 0) counts[cleanGuidanceText(key)] = count
+  }
+  return counts
+}
+
+const toTopKeys = (counts: Record<string, number>, limit: number): string[] =>
+  Object.entries(counts)
+    .sort((a, b) => b[1] - a[1])
+    .map(([key]) => key)
+    .slice(0, limit)
+
+const valueCount = (value: unknown): number => (Array.isArray(value) ? value.length : 0)
+const GEOMETRY_METADATA_KEYS = new Set(['rect', 'boundingbox', 'bounds'])
+const screenshotSummary = (value: unknown) => {
+  const screenshot = isPlainRecord(value) ? value : {}
+  const hasDataUrl = typeof screenshot.dataUrl === 'string' && /^data:image\/jpeg;base64,/i.test(screenshot.dataUrl)
+  const hasDownloadUrl = typeof screenshot.downloadUrl === 'string'
+  return {
+    screenshotIncluded: hasDataUrl || hasDownloadUrl,
+    screenshotBase64Included: hasDataUrl,
+    screenshotDownloadUrl: cleanGuidanceText(screenshot.downloadUrl),
+    screenshotLocalPath: cleanGuidanceText(screenshot.localPath),
+    screenshotDownloadHint:
+      hasDataUrl || hasDownloadUrl
+        ? 'To inspect actual visual appearance, download or open the screenshot image from visualProfile.screenshot.downloadUrl. The Profile JSON intentionally omits screenshot base64.'
+        : 'No screenshot image is available in this capture. Review limitations before treating visual evidence as absent.',
+    screenshotProfileJsonNote:
+      'Profile JSON is standard JSON and cannot contain comments. Read this field as the instruction note for screenshot handling.',
+    screenshotScope: cleanGuidanceText(screenshot.scope),
+    screenshotMimeType: cleanGuidanceText(screenshot.mimeType),
+    screenshotByteLength: Number.isFinite(Number(screenshot.byteLength)) ? Number(screenshot.byteLength) : 0
+  }
+}
+
+const hasGeometryMetadata = (value: unknown): boolean => {
+  if (Array.isArray(value)) return value.some(hasGeometryMetadata)
+  if (!value || typeof value !== 'object') return false
+  return Object.entries(value).some(([key, item]) => GEOMETRY_METADATA_KEYS.has(key.toLowerCase()) || hasGeometryMetadata(item))
+}
+
+const toDomainHints = (value: unknown, limit: number): string[] => {
+  const values = Array.isArray(value) ? value : []
+  return values
+    .map(item => {
+      const record = toRecord(item)
+      if (Object.keys(record).length) {
+        const domain = cleanGuidanceText(record.domain)
+        const count = Number(record.count || 0)
+        return domain && count > 0 ? `${domain}:${count}` : domain
+      }
+      return cleanGuidanceText(item)
+    })
+    .filter(Boolean)
+    .slice(0, limit)
+}
+
+const buildRecreationPlan = (sections: GuidanceSections, limitations: string[]) => {
+  const rawVisual = isPlainRecord(sections.visualProfile) ? sections.visualProfile : {}
+  const { screenshot: rawScreenshot, ...visualWithoutScreenshot } = rawVisual
+  const visual = toRecord(visualWithoutScreenshot)
+  const layout = toRecord(sections.layoutProfile)
+  const components = toRecord(sections.componentProfile)
+  const interaction = toRecord(sections.interactionProfile)
+  const ux = toRecord(sections.uxProfile)
+  const assets = toRecord(sections.assetProfile)
+  const evidence = toRecord(sections.evidence)
+  const counts = toCountRecord(components.counts)
+  const rawCounts = toRecord(evidence.rawCounts)
+
+  return {
+    objective: 'Recreate a similar website experience from browser-observed StackPrism evidence.',
+    implementationOrder: [
+      'Map high-confidence tech evidence to the destination project stack.',
+      'Define design tokens from observed colors, typography, spacing, radii, and shadows.',
+      'Build the page layout from landmarks, above-fold structure, and content grouping.',
+      'Implement component variants in count-priority order.',
+      'Add passive interaction states from transitions, animations, sticky elements, and focus or hover hints.',
+      'Verify screenshots, DOM geometry, responsive fit, and interaction smoke tests against the profile limitations.'
+    ],
+    designTokens: {
+      colors: toTextList(visual.colorTokens, 16),
+      fontFamilies: toTextList(visual.fonts, 12),
+      fontSizes: toTextList(visual.fontSizes, 12),
+      lineHeights: toTextList(visual.lineHeights, 12),
+      spacing: toTextList(visual.spacing, 16),
+      radii: toTextList(visual.radii, 12),
+      shadows: toTextList(visual.shadows, 12)
+    },
+    visualReference: screenshotSummary(rawScreenshot),
+    layoutBlueprint: {
+      landmarks: toTextList(layout.landmarks, 20),
+      firstViewportSummary: toRecord(layout.aboveFold),
+      contentGrouping: toTextList(ux.contentGrouping, 20),
+      informationHierarchy: toTextList(ux.informationHierarchy, 20),
+      viewportMode: cleanGuidanceText(sections.browserContext?.viewportMode) || 'unknown',
+      responsiveNote: 'Requested viewports are capture context only unless viewportMode proves real resizing.'
+    },
+    componentInventory: {
+      counts,
+      priorityTypes: toTopKeys(counts, 8),
+      sampleCount: valueCount(components.samples),
+      geometryIncluded: hasGeometryMetadata(components)
+    },
+    interactionChecklist: {
+      passiveOnly: interaction.passive !== false,
+      transitions: toTextList(interaction.transitions, 12),
+      animations: toTextList(interaction.animations, 12),
+      stickyOrFixed: toTextList(interaction.stickyOrFixed, 12),
+      focusHoverHints: toTextList(interaction.focusHoverHints, 12)
+    },
+    uxChecklist: {
+      pagePurpose: cleanGuidanceText(ux.pagePurpose),
+      primaryUserPath: toTextList(ux.primaryUserPath, 12),
+      ctaStrategy: toTextList(ux.ctaStrategy, 12),
+      trustSignals: toTextList(ux.trustSignals, 12),
+      frictionPoints: toTextList(ux.frictionPoints, 12)
+    },
+    assetHints: {
+      resourceDomains: toDomainHints(assets.resourceDomains, 16),
+      cdnHints: toTextList(assets.cdnHints, 16),
+      scriptCount: valueCount(assets.scripts),
+      stylesheetCount: valueCount(assets.stylesheets),
+      imageDomains: toTextList(assets.imageDomains, 16),
+      fontUrls: toTextList(assets.fontUrls, 16),
+      resourceUrlCount: Number(rawCounts.resourceUrls || 0)
+    },
+    verificationChecklist: [
+      'Compare desktop screenshot composition and first-viewport hierarchy.',
+      'Check key component geometry, density, and typography in the destination app.',
+      'Smoke test hover, focus, sticky, loading, and scroll behavior without copying private data.',
+      'Review limitations and truncation before treating any missing section as absent from the source site.'
+    ],
+    limitations: limitations.map(cleanGuidanceText).filter(Boolean)
+  }
+}
+
+export const buildAgentGuidance = (techProfile: Record<string, unknown>, limitations: string[], sections: GuidanceSections = {}) => {
+  const summaryParts = []
+  const primaryFrontend = cleanGuidanceText(techProfile.primaryFrontend)
+  if (primaryFrontend) {
+    summaryParts.push(`优先复刻 ${primaryFrontend} 的前端体验。`)
+  }
+  summaryParts.push('优先复刻视觉层级、交互反馈、布局密度和信息结构。')
+  const allSafeLimitations = limitations.map(cleanGuidanceText).filter(Boolean).slice(0, 20)
+  const safeLimitations = allSafeLimitations.slice(0, 3)
+  if (safeLimitations.length) summaryParts.push(`注意 limitations: ${safeLimitations.join('、')}`)
+  return {
+    summary: summaryParts.join(' '),
+    priorities: ['布局密度', '视觉层级', '交互反馈', '信息结构'],
+    cautions: ['高置信证据优先', '低置信候选仅作参考', '隐私字段已脱敏'],
+    recreationPlan: buildRecreationPlan(sections, allSafeLimitations)
+  }
+}
diff --git a/src/utils/site-experience-limitations.ts b/src/utils/site-experience-limitations.ts
new file mode 100644
index 00000000..5a34d435
--- /dev/null
+++ b/src/utils/site-experience-limitations.ts
@@ -0,0 +1,34 @@
+import type { AgentCaptureRequest } from '@/types/agent-bridge'
+import { cleanStringArray } from '@/utils/normalize-settings'
+import { cleanInlineText, redactText } from '@/utils/site-experience-redaction'
+
+export const buildLimitations = (request: AgentCaptureRequest, experience: any): string[] => {
+  const limitations = new Set<string>()
+  const truncation = experience?.evidence?.truncation || experience?.evidence?.omitted || {}
+  for (const item of cleanStringArray(experience?.limitations).map(redactText).map(cleanInlineText).filter(Boolean)) limitations.add(item)
+  if (request.viewports.length) limitations.add('viewport_emulation_unsupported')
+  if (request.options.captureScreenshotMetadata === false) limitations.add('screenshot_metadata_not_requested')
+  if (request.options.captureScreenshot !== true) limitations.add('screenshot_image_not_requested')
+  if (request.options.captureScreenshot === true && request.include && !request.include.includes('visual')) {
+    limitations.add('screenshot_image_requires_visual_section')
+  }
+  if (request.include && !request.include.includes('tech')) limitations.add('tech_section_not_requested')
+  if (request.include && !request.include.includes('visual')) limitations.add('visual_section_not_requested')
+  if (request.include && !request.include.includes('layout')) limitations.add('layout_section_not_requested')
+  if (request.include && !request.include.includes('components')) limitations.add('components_section_not_requested')
+  if (request.include && !request.include.includes('interaction')) limitations.add('interaction_section_not_requested')
+  if (request.include && !request.include.includes('ux')) limitations.add('ux_section_not_requested')
+  if (request.include && !request.include.includes('assets')) limitations.add('assets_section_not_requested')
+  if (Number(experience?.evidence?.crossOriginIframes || 0) > 0) limitations.add('cross_origin_iframes_limited')
+  if (Number(experience?.interaction?.closedShadowRoots || 0) > 0) limitations.add('closed_shadow_roots_limited')
+  if (Number(experience?.evidence?.inaccessibleStylesheets || 0) > 0) limitations.add('stylesheet_access_limited')
+  if (experience?.interaction?.passive) limitations.add('passive_interaction_only')
+  if (Number(truncation.resourceUrls || 0) > 0) limitations.add('resource_urls_truncated')
+  if (Number(truncation.textSamples || 0) > 0) limitations.add('text_samples_truncated')
+  if (Number(truncation.componentSamples || 0) > 0) limitations.add('component_samples_truncated')
+  if (Number(truncation.cssRules || 0) > 0) limitations.add('css_rules_truncated')
+  if (Number(truncation.executeScriptResult || 0) > 0 || Number(truncation.executeScriptResultOverLimit || 0) > 0) {
+    limitations.add('execute_script_result_truncated')
+  }
+  return [...limitations]
+}
diff --git a/src/utils/site-experience-profile-sections.ts b/src/utils/site-experience-profile-sections.ts
new file mode 100644
index 00000000..b07a6b93
--- /dev/null
+++ b/src/utils/site-experience-profile-sections.ts
@@ -0,0 +1,215 @@
+import type { PopupRawResult } from '@/types/popup'
+import type { TechnologyRecord } from '@/types/rules'
+import { cleanStringArray } from '@/utils/normalize-settings'
+import {
+  cleanInlineText,
+  isRecord,
+  redactText,
+  redactUrl,
+  sanitizeList,
+  sanitizeRecord,
+  sanitizeUrlList,
+  sanitizeValue
+} from '@/utils/site-experience-redaction'
+
+export const sanitizeTechnology = (technology: TechnologyRecord): TechnologyRecord => ({
+  category: cleanInlineText(technology.category) || '其他库',
+  name: cleanInlineText(technology.name),
+  kind: cleanInlineText(technology.kind) || undefined,
+  confidence:
+    technology.confidence === '高' || technology.confidence === '中' || technology.confidence === '低' ? technology.confidence : '中',
+  evidence: sanitizeList(technology.evidence).slice(0, 8),
+  sources: sanitizeList(technology.sources || (technology.source ? [technology.source] : [])).slice(0, 8),
+  url: redactUrl(technology.url) || undefined,
+  version: cleanInlineText(technology.version) || undefined
+})
+
+const buildConfidenceSummary = (technologies: TechnologyRecord[]) => ({
+  high: technologies.filter(item => item.confidence === '高').length,
+  medium: technologies.filter(item => item.confidence === '中').length,
+  low: technologies.filter(item => item.confidence === '低').length
+})
+
+const pickPrimaryFrontend = (technologies: TechnologyRecord[]) =>
+  technologies.find(
+    tech => /前端框架|ui \/ css 框架|前端库/i.test(tech.category) || /^(react|vue|svelte|angular|next\.js|nuxt|solid)/i.test(tech.name)
+  )
+
+const pickNamedTechnology = (technologies: TechnologyRecord[], pattern: RegExp) =>
+  technologies.find(tech => pattern.test(`${tech.category} ${tech.name}`))
+
+export const buildTechProfile = (technologies: TechnologyRecord[]) => {
+  const primaryFrontend = pickPrimaryFrontend(technologies)
+  const uiFramework = pickNamedTechnology(technologies, /UI \/ CSS 框架|Tailwind|Bootstrap|Ant Design|Element Plus/i)
+  const buildRuntime = pickNamedTechnology(technologies, /构建与运行时|Vite|Webpack|Rollup|esbuild|Node/i)
+  const cmsOrSiteProgram = pickNamedTechnology(technologies, /网站程序|CMS|电商平台|WordPress|Shopify|Drupal/i)
+  const thirdPartyServices = technologies.filter(tech => /第三方服务|CDN \/ 托管|统计|广告|支付/i.test(tech.category))
+  return {
+    technologies,
+    primaryFrontend: primaryFrontend?.name || '',
+    uiFramework: uiFramework?.name || '',
+    buildRuntime: buildRuntime?.name || '',
+    cmsOrSiteProgram: cmsOrSiteProgram?.name || '',
+    serverHints: [],
+    thirdPartyServices: thirdPartyServices.map(tech => tech.name),
+    confidenceSummary: buildConfidenceSummary(technologies),
+    implementationNotes: '技术栈用于复刻参考，不是必须照搬。'
+  }
+}
+
+export const buildAssetProfile = (raw: PopupRawResult | null, experience: any, maxResourceUrls: number) => {
+  const resources = raw?.resources
+  const scripts = sanitizeUrlList(resources?.scripts)
+  const stylesheets = sanitizeUrlList(resources?.stylesheets)
+  const themeAssetUrls = sanitizeUrlList(resources?.themeAssetUrls)
+  const manifest = redactUrl(resources?.manifest)
+  const experienceAssetUrls = sanitizeUrlList(experience?.assets?.urls)
+  const resourceUrls = [
+    ...new Set([...scripts, ...stylesheets, ...themeAssetUrls, ...experienceAssetUrls, ...(manifest ? [manifest] : [])])
+  ].slice(0, maxResourceUrls)
+  return {
+    scripts,
+    stylesheets,
+    resourceDomains: sanitizeValue(resources?.resourceDomains) || [],
+    imageDomains: [],
+    fontUrls: [],
+    manifest,
+    themeAssetUrls,
+    favicon: '',
+    cdnHints: [
+      ...new Set(
+        resourceUrls
+          .map(url => {
+            try {
+              return new URL(url).hostname
+            } catch {
+              return ''
+            }
+          })
+          .filter(Boolean)
+      )
+    ],
+    resourceUrls,
+    redactionPolicy: {
+      hashDropped: true,
+      sensitiveQueryValuesRedacted: true
+    }
+  }
+}
+
+const hasHeaderCoverage = (headers: unknown): boolean =>
+  Array.isArray(headers) ? headers.length > 0 : isRecord(headers) ? Object.keys(headers).length > 0 : false
+
+const buildSourceCoverage = (raw: PopupRawResult | null, experience: any) =>
+  [
+    hasHeaderCoverage(raw?.headers) ? 'headers' : '',
+    raw?.technologies?.length ? 'page' : '',
+    raw?.resources ? 'bundle' : '',
+    experience ? 'visual' : '',
+    experience?.interaction ? 'interaction' : ''
+  ].filter(Boolean)
+
+export const buildEvidence = (
+  raw: PopupRawResult | null,
+  technologies: TechnologyRecord[],
+  assetProfile: { resourceUrls?: string[] },
+  experience: any
+) => {
+  const truncation = experience?.evidence?.truncation || experience?.evidence?.omitted || {}
+  const resourceUrls = assetProfile.resourceUrls || []
+  return {
+    highConfidence: technologies.filter(item => item.confidence === '高').map(item => item.name),
+    mediumConfidence: technologies.filter(item => item.confidence === '中').map(item => item.name),
+    lowConfidence: technologies.filter(item => item.confidence === '低').map(item => item.name),
+    rawCounts: {
+      technologies: technologies.length,
+      resourceUrls: resourceUrls.length,
+      textSamples: cleanStringArray(experience?.ux?.textSamples).length,
+      componentSamples: Array.isArray(experience?.components?.samples) ? experience.components.samples.length : 0,
+      cssRules: Number(truncation.cssRules || 0)
+    },
+    sourceCoverage: buildSourceCoverage(raw, experience),
+    truncation: {
+      resourceUrls: Number(truncation.resourceUrls || 0),
+      textSamples: Number(truncation.textSamples || 0),
+      componentSamples: Number(truncation.componentSamples || 0),
+      cssRules: Number(truncation.cssRules || 0),
+      executeScriptResult: Number(truncation.executeScriptResult || 0),
+      executeScriptResultOverLimit: Number(truncation.executeScriptResultOverLimit || 0)
+    }
+  }
+}
+
+const stripScreenshotMetadata = (value: Record<string, unknown>, includeMetadata: boolean): Record<string, unknown> => {
+  if (includeMetadata) return value
+  const out: Record<string, unknown> = {}
+  for (const [key, item] of Object.entries(value)) {
+    if (/abovefold|bounding|^(bounds|rect)$/i.test(key)) continue
+    out[key] = item
+  }
+  return out
+}
+
+export const buildVisualProfile = (experience: any, includeMetadata: boolean): Record<string, unknown> => {
+  const visual = experience?.visual || {}
+  if (!isRecord(visual) || !Object.keys(visual).length) return {}
+  const { colors, ...rest } = visual
+  return {
+    colorTokens: sanitizeList(colors),
+    ...stripScreenshotMetadata(sanitizeRecord(rest), includeMetadata)
+  }
+}
+
+export const buildLayoutProfile = (experience: any, includeMetadata: boolean): Record<string, unknown> => {
+  const layout = experience?.layout || {}
+  if (!isRecord(layout) || !Object.keys(layout).length) return {}
+  return stripScreenshotMetadata(sanitizeRecord(layout), includeMetadata)
+}
+
+const stripComponentRects = (value: unknown): unknown => {
+  if (Array.isArray(value)) return value.map(stripComponentRects)
+  if (!isRecord(value)) return value
+  const out: Record<string, unknown> = {}
+  for (const [key, item] of Object.entries(value)) {
+    if (/^(rect|boundingBox|bounds)$/i.test(key)) continue
+    out[key] = stripComponentRects(item)
+  }
+  return out
+}
+
+export const buildComponentProfile = (experience: any, includeMetadata: boolean): Record<string, unknown> => {
+  const components = experience?.components || {}
+  if (!isRecord(components) || !Object.keys(components).length) return {}
+  const sanitized = sanitizeRecord(components)
+  return includeMetadata ? sanitized : (stripComponentRects(sanitized) as Record<string, unknown>)
+}
+
+export const buildInteractionProfile = (experience: any): Record<string, unknown> => {
+  const interaction = experience?.interaction || {}
+  if (!isRecord(interaction) || !Object.keys(interaction).length) return {}
+  return sanitizeRecord(interaction)
+}
+
+const redactTextList = (values: unknown, limit = Infinity): string[] =>
+  cleanStringArray(values).map(redactText).filter(Boolean).slice(0, limit)
+
+export const buildUxProfile = (experience: any): Record<string, unknown> => {
+  const ux = experience?.ux || {}
+  if (!isRecord(ux) || !Object.keys(ux).length) return {}
+  return sanitizeRecord({
+    pagePurpose: redactText(ux.pagePurpose),
+    primaryUserPath: redactTextList(ux.primaryUserPath, 12),
+    informationHierarchy: redactTextList(ux.informationHierarchy, 20),
+    ctaStrategy: redactTextList(ux.ctaStrategy, 20),
+    trustSignals: redactTextList(ux.trustSignals, 20),
+    navigationDepth: redactText(ux.navigationDepth),
+    contentGrouping: redactTextList(ux.contentGrouping, 24),
+    frictionPoints: redactTextList(ux.frictionPoints, 12),
+    textSamples: redactTextList(ux.textSamples, 80)
+  })
+}
+
+export const buildTargetLanguage = (experience: any): string => {
+  const documentLanguage = isRecord(experience?.document) ? experience.document.language : ''
+  return cleanInlineText(documentLanguage || experience?.language || '')
+}
diff --git a/src/utils/site-experience-profile.ts b/src/utils/site-experience-profile.ts
new file mode 100644
index 00000000..44539370
--- /dev/null
+++ b/src/utils/site-experience-profile.ts
@@ -0,0 +1,136 @@
+import {
+  bridgeProtocolVersion,
+  SITE_EXPERIENCE_PROFILE_SCHEMA,
+  type AgentBridgeCapabilities,
+  type AgentCaptureRequest,
+  type AgentCaptureScreenshot,
+  type SiteExperienceProfile
+} from '@/types/agent-bridge'
+import type { PopupRawResult } from '@/types/popup'
+import { buildAgentGuidance } from '@/utils/site-experience-guidance'
+import { buildLimitations } from '@/utils/site-experience-limitations'
+import { cleanInlineText, isRecord, redactText, redactUrl } from '@/utils/site-experience-redaction'
+import {
+  buildAssetProfile,
+  buildComponentProfile,
+  buildEvidence,
+  buildInteractionProfile,
+  buildLayoutProfile,
+  buildTargetLanguage,
+  buildTechProfile,
+  buildUxProfile,
+  buildVisualProfile,
+  sanitizeTechnology
+} from '@/utils/site-experience-profile-sections'
+
+export interface BuildSiteExperienceProfileInput {
+  captureId: string
+  request: AgentCaptureRequest
+  raw: PopupRawResult | null
+  experience: any
+  capabilities: AgentBridgeCapabilities
+  finalUrl?: string
+  userAgent?: string
+  extensionVersion?: string
+  screenshot?: AgentCaptureScreenshot | null
+  limitations?: string[]
+  capturedAt?: string
+  loginState?: 'unknown' | 'likely_authenticated' | 'likely_public'
+  pageSupported?: boolean
+}
+
+const isValidScreenshot = (value: unknown): value is AgentCaptureScreenshot =>
+  isRecord(value) &&
+  typeof value.dataUrl === 'string' &&
+  /^data:image\/jpeg;base64,[A-Za-z0-9+/=]+$/i.test(value.dataUrl) &&
+  value.mimeType === 'image/jpeg' &&
+  typeof value.byteLength === 'number' &&
+  Number.isInteger(value.byteLength) &&
+  value.byteLength > 0 &&
+  value.source === 'chrome.tabs.captureVisibleTab' &&
+  value.scope === 'visible_viewport' &&
+  typeof value.capturedAt === 'string'
+
+export const buildSiteExperienceProfile = (input: BuildSiteExperienceProfileInput): SiteExperienceProfile => {
+  const include = new Set(input.request.include)
+  const technologies = include.has('tech') ? (input.raw?.technologies || []).map(sanitizeTechnology) : []
+  const assetProfile = include.has('assets') ? buildAssetProfile(input.raw, input.experience, input.request.options.maxResourceUrls) : {}
+  const limitations = [...new Set([...buildLimitations(input.request, input.experience), ...(input.limitations || [])])]
+  const techProfile = include.has('tech') ? buildTechProfile(technologies) : {}
+  const visualProfile = include.has('visual') ? buildVisualProfile(input.experience, input.request.options.captureScreenshotMetadata) : {}
+  if (include.has('visual') && input.request.options.captureScreenshot && isValidScreenshot(input.screenshot)) {
+    visualProfile.screenshot = input.screenshot
+  }
+  const layoutProfile = include.has('layout') ? buildLayoutProfile(input.experience, input.request.options.captureScreenshotMetadata) : {}
+  const componentProfile = include.has('components')
+    ? buildComponentProfile(input.experience, input.request.options.captureScreenshotMetadata)
+    : {}
+  const interactionProfile = include.has('interaction') ? buildInteractionProfile(input.experience) : {}
+  const uxProfile = include.has('ux') ? buildUxProfile(input.experience) : {}
+  const evidence = buildEvidence(input.raw, technologies, assetProfile, input.experience)
+  const browserContext = {
+    userAgent: cleanInlineText(input.userAgent || ''),
+    extensionVersion: cleanInlineText(input.extensionVersion || ''),
+    capturedAt: cleanInlineText(input.capturedAt || input.raw?.generatedAt || new Date().toISOString()),
+    waitMs: input.request.waitMs,
+    viewports: input.request.viewports.map(viewport => ({
+      name: cleanInlineText(viewport.name || ''),
+      width: viewport.width,
+      height: viewport.height,
+      deviceScaleFactor: viewport.deviceScaleFactor
+    })),
+    pageSupported: input.pageSupported ?? Boolean(input.raw || input.experience),
+    loginState: input.loginState || 'unknown',
+    viewportMode: 'current_viewport',
+    bridgeProtocolVersion,
+    extensionCapabilities: input.capabilities
+  }
+  const targetUrl = redactUrl(input.request.url)
+  const finalUrl = redactUrl(input.finalUrl || input.raw?.url || input.request.url)
+
+  return {
+    schema: SITE_EXPERIENCE_PROFILE_SCHEMA,
+    captureId: input.captureId,
+    generatedAt: cleanInlineText(input.capturedAt || input.raw?.generatedAt || new Date().toISOString()),
+    target: {
+      url: targetUrl,
+      finalUrl,
+      origin: (() => {
+        try {
+          return new URL(finalUrl || targetUrl).origin
+        } catch {
+          return ''
+        }
+      })(),
+      title: redactText(input.raw?.title || ''),
+      language: buildTargetLanguage(input.experience),
+      viewportProfiles: input.request.viewports.map(viewport => ({
+        name: cleanInlineText(viewport.name || ''),
+        width: viewport.width,
+        height: viewport.height,
+        deviceScaleFactor: viewport.deviceScaleFactor
+      })),
+      captureScope: 'target_url'
+    },
+    browserContext,
+    techProfile,
+    visualProfile,
+    layoutProfile,
+    componentProfile,
+    interactionProfile,
+    uxProfile,
+    assetProfile,
+    evidence,
+    limitations,
+    agentGuidance: buildAgentGuidance(techProfile, limitations, {
+      visualProfile,
+      layoutProfile,
+      componentProfile,
+      interactionProfile,
+      uxProfile,
+      assetProfile,
+      evidence,
+      browserContext
+    })
+  }
+}
diff --git a/src/utils/site-experience-redaction.ts b/src/utils/site-experience-redaction.ts
new file mode 100644
index 00000000..cb1ee3f0
--- /dev/null
+++ b/src/utils/site-experience-redaction.ts
@@ -0,0 +1,144 @@
+import { cleanStringArray } from '@/utils/normalize-settings'
+import { normalizeHttpUrl } from '@/utils/url'
+
+const REDACTED = '[redacted]'
+const EMAIL_RE = /[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,}/gi
+const LONG_NUMBER_RE = /\b\d{11,}\b/g
+const MONEY_RE = /(?:[￥$€£]\s*\d+(?:\.\d+)?)/g
+const PHONE_RE = /\b(?:\+?\d[\d\s-]{8,}\d)\b/g
+const PERSONAL_NAME_RE = /(联系人|收件人|收货人|姓名|用户|客户|负责人|给|致)\s*([\u4e00-\u9fa5]{2,4})/g
+const SENSITIVE_QUERY_RE = /(?:token|secret|session|auth|key|signature|password|pass|cookie)/i
+const SENSITIVE_TEXT_PAIR_RE =
+  /\b([A-Za-z0-9_-]*(?:token|secret|session|auth|authorization|key|signature|password|pass|cookie)[A-Za-z0-9_-]*)\s*[:=]\s*(?:Bearer\s+)?[^,\s;&]+/gi
+const EMBEDDED_HTTP_URL_RE = /\bhttps?:\/\/[^\s"'<>()[\]{}]+/gi
+const SENSITIVE_PATH_WORD_RE = /^(?:token|secret|session|auth|authorization|signature|password|cookie|passcode)$/i
+const SENSITIVE_PATH_SHORT_TOKEN_RE = /(?:^|[-_.])(?:key|pass)(?:$|[-_.])/i
+const SENSITIVE_PATH_COMPOUND_RE =
+  /^(?:(?:api|access|private|public|secret|session|auth|token)[-_.]?(?:key|pass|token|secret|signature|code|id)|(?:key|pass|token)[-_.]?(?:token|secret|signature|code|id)|(?:reset|verify|access|auth|session|csrf|xsrf)[-_.]?(?:token|code|secret|key|signature))$/i
+const SENSITIVE_PATH_CAMEL_RE = /^(?:apiKey|privateKey|publicKey|accessToken|refreshToken|sessionId|secretToken|authToken|csrfToken|xsrfToken)$/i
+const HIGH_ENTROPY_PATH_SEGMENT_RE = /^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)[A-Za-z0-9_-]{24,}$/
+const pathSegmentStem = (segment: string): string => segment.replace(/\.[A-Za-z0-9]{1,8}$/i, '')
+
+export const isRecord = (value: unknown): value is Record<string, unknown> => Boolean(value) && typeof value === 'object' && !Array.isArray(value)
+
+export const cleanInlineText = (value: unknown): string =>
+  String(value ?? '')
+    .replace(/\s+/g, ' ')
+    .trim()
+
+const isSensitivePathSegment = (segment: string): boolean => {
+  const stem = pathSegmentStem(segment)
+  return (
+    SENSITIVE_PATH_WORD_RE.test(segment) ||
+    SENSITIVE_PATH_WORD_RE.test(stem) ||
+    SENSITIVE_PATH_SHORT_TOKEN_RE.test(segment) ||
+    SENSITIVE_PATH_SHORT_TOKEN_RE.test(stem) ||
+    SENSITIVE_PATH_COMPOUND_RE.test(segment) ||
+    SENSITIVE_PATH_COMPOUND_RE.test(stem) ||
+    SENSITIVE_PATH_CAMEL_RE.test(segment) ||
+    SENSITIVE_PATH_CAMEL_RE.test(stem) ||
+    /^[0-9a-f]{16,}$/i.test(stem) ||
+    HIGH_ENTROPY_PATH_SEGMENT_RE.test(stem) ||
+    segment.includes('=')
+  )
+}
+
+export const redactUrlPathname = (pathname: string): string =>
+  String(pathname || '')
+    .split('/')
+    .map(segment => (segment && isSensitivePathSegment(segment) ? REDACTED : segment))
+    .join('/')
+
+const redactNormalizedUrl = (value: unknown): string => {
+  const normalized = normalizeHttpUrl(value)
+  if (!normalized) return ''
+  try {
+    const url = new URL(normalized)
+    url.hash = ''
+    url.username = ''
+    url.password = ''
+    url.pathname = redactUrlPathname(url.pathname)
+    if (url.search) {
+      const query = [...url.searchParams.entries()].map(([name]) => `${name}=${REDACTED}`).join('&')
+      url.search = query ? `?${query}` : ''
+    }
+    return url.toString()
+  } catch {
+    return normalized.replace(/#.*$/, '')
+  }
+}
+
+export const redactText = (value: unknown): string => {
+  const text = cleanInlineText(value)
+  if (!text) return ''
+  return text
+    .replace(EMBEDDED_HTTP_URL_RE, url => redactNormalizedUrl(url) || REDACTED)
+    .replace(EMAIL_RE, REDACTED)
+    .replace(PHONE_RE, REDACTED)
+    .replace(LONG_NUMBER_RE, REDACTED)
+    .replace(MONEY_RE, REDACTED)
+    .replace(SENSITIVE_TEXT_PAIR_RE, (_match, key) => `${key}=${REDACTED}`)
+    .replace(PERSONAL_NAME_RE, (_match, prefix) => `${prefix} ${REDACTED}`)
+}
+
+export const redactUrl = (value: unknown): string => {
+  return redactNormalizedUrl(value) || redactText(value)
+}
+
+export const redactHeaderValue = (name: string, value: string): string => {
+  const lowerName = String(name || '').toLowerCase()
+  if (!lowerName) return REDACTED
+  if (lowerName === 'set-cookie') {
+    const cookieNames = String(value)
+      .split(/,\s*(?=[^;,=\s]+=)/)
+      .map(cookie => cookie.split('=')[0]?.trim())
+      .filter(Boolean)
+    return cookieNames.length ? cookieNames.join(', ') : REDACTED
+  }
+  if (
+    lowerName === 'cookie' ||
+    lowerName === 'authorization' ||
+    lowerName === 'proxy-authorization' ||
+    lowerName === 'x-api-key' ||
+    SENSITIVE_QUERY_RE.test(lowerName)
+  ) {
+    return REDACTED
+  }
+  return redactText(value)
+}
+
+export const sanitizeValue = (value: unknown): unknown => {
+  if (typeof value === 'string') {
+    return /^https?:\/\//i.test(value) || /^\/\//.test(value) || /^www\./i.test(value) ? redactUrl(value) : redactText(value)
+  }
+  if (Array.isArray(value)) return value.map(item => sanitizeValue(item))
+  if (isRecord(value)) {
+    const out: Record<string, unknown> = {}
+    for (const [key, item] of Object.entries(value)) {
+      const baseKey = redactText(key).slice(0, 120) || 'field'
+      let safeKey = baseKey
+      let suffix = 2
+      while (Object.prototype.hasOwnProperty.call(out, safeKey)) {
+        safeKey = `${baseKey}_${suffix}`
+        suffix += 1
+      }
+      out[safeKey] = sanitizeValue(item)
+    }
+    return out
+  }
+  return value
+}
+
+export const sanitizeRecord = (value: unknown): Record<string, unknown> =>
+  isRecord(value) ? (sanitizeValue(value) as Record<string, unknown>) : {}
+
+export const sanitizeList = (values: unknown, limit = Infinity): string[] => {
+  const list = cleanStringArray(values).map(item => cleanInlineText(sanitizeValue(item)))
+  return [...new Set(list.filter(Boolean))].slice(0, limit)
+}
+
+export const sanitizeUrlList = (values: unknown, limit = Infinity): string[] => {
+  if (!Array.isArray(values)) return []
+  const list = values.map(item => redactUrl(item)).filter(Boolean)
+  return [...new Set(list)].slice(0, limit)
+}
diff --git a/tests/agent-bridge-browser-smoke-output.test.mjs b/tests/agent-bridge-browser-smoke-output.test.mjs
new file mode 100644
index 00000000..aa793c1b
--- /dev/null
+++ b/tests/agent-bridge-browser-smoke-output.test.mjs
@@ -0,0 +1,380 @@
+import assert from 'node:assert/strict'
+import { readFile } from 'node:fs/promises'
+import { test } from 'node:test'
+
+const smokeSource = await readFile(new URL('./agent-bridge-browser-smoke.mjs', import.meta.url), 'utf8')
+const harnessSource = await readFile(new URL('./helpers/agent-bridge-browser-smoke-harness.mjs', import.meta.url), 'utf8')
+const e2eReport = await readFile(new URL('../docs/reviews/CR-AGENT-BRIDGE-E2E-2026-05-22.md', import.meta.url), 'utf8')
+const completionAudit = await readFile(new URL('../docs/reviews/CR-AGENT-BRIDGE-COMPLETION-AUDIT-2026-05-24.md', import.meta.url), 'utf8')
+const implementationPlan = await readFile(
+  new URL('../docs/superpowers/plans/2026-05-21-stackprism-agent-bridge-plan.md', import.meta.url),
+  'utf8'
+)
+
+test('browser smoke summaries do not print token prefixes', () => {
+  assert.doesNotMatch(smokeSource, /\bapiTokenPrefix\b/)
+  assert.doesNotMatch(smokeSource, /\bbridgeTokenPrefix\b/)
+  assert.doesNotMatch(smokeSource, /\btokenPrefix\b/)
+  assert.doesNotMatch(harnessSource, /\btokenPrefix\b/)
+  assertNoReportTokenPrefix(e2eReport)
+  assertNoReportTokenPrefix(completionAudit)
+  assert.match(smokeSource, /\bapiTokenPresent: Boolean\(/)
+  assert.match(e2eReport, /\bapiTokenPresent = true\b/)
+})
+
+test('current reports separate public complex-site proof from default policy proof', () => {
+  const e2eCurrentSummary = sectionBetween(e2eReport, 'This report is no longer', '## Current Verification')
+  const e2eCurrentVerification = sectionBetween(e2eReport, '## Current Verification', '## Browser Smoke')
+  const latestSmoke = sectionBetween(e2eReport, 'Latest successful smoke:', '## Remaining Risks')
+  const task10Matrix = sectionBetween(completionAudit, 'Task 10 当前共有', '## Verification Run')
+
+  assert.doesNotMatch(e2eCurrentSummary, /live-browser smoke covers `https:\/\/example\.com`/)
+  assert.doesNotMatch(e2eCurrentVerification, /Enabled captures completed for `https:\/\/example\.com`/)
+  assert.doesNotMatch(latestSmoke, /Capture targets: `https:\/\/example\.com`/)
+  assert.doesNotMatch(latestSmoke, /Public target assertions: final URL was `https:\/\/example\.com\/`/)
+  assert.doesNotMatch(task10Matrix, /Chrome for Testing smoke 覆盖 `https:\/\/example\.com`/)
+  assert.doesNotMatch(task10Matrix, /public complex-site gap remains/)
+
+  assert.match(e2eCurrentSummary, /separate public complex-site capture for `https:\/\/www\.wikipedia\.org\/`/)
+  assert.match(e2eCurrentVerification, /public-complex-target/)
+  assert.match(e2eCurrentVerification, /198\.18\.0\.19/)
+  assert.match(latestSmoke, /Public target status: counted only through the explicit `public-complex-target` scenario/)
+  assert.match(latestSmoke, /privateNetworkOverrideUsed = true/)
+  assert.match(task10Matrix, /Proven locally with explicit DNS-proxy caveat/)
+  assert.match(smokeSource, /runPublicComplexTargetScenario/)
+  assert.match(smokeSource, /privateNetworkOverrideUsed: true/)
+})
+
+test('default browser smoke uses fixture-backed capture as the deterministic success path', () => {
+  const e2eCurrentSummary = sectionBetween(e2eReport, 'This report is no longer', '## Current Verification')
+  const latestSmoke = sectionBetween(e2eReport, 'Latest successful smoke:', '## Remaining Risks')
+
+  assert.match(smokeSource, /const defaultTargetUrl = fixture\.url/)
+  assert.doesNotMatch(smokeSource, /process\.env\.STACKPRISM_BROWSER_SMOKE_TARGET_URL \|\| 'https:\/\/example\.com'/)
+  assert.doesNotMatch(smokeSource, /Example capture creation failed/)
+  assert.doesNotMatch(smokeSource, /Example capture did not complete/)
+  assert.match(e2eCurrentSummary, /default smoke success path is fixture-backed/)
+  assert.match(latestSmoke, /Default smoke success path: fixture-backed/)
+  assert.doesNotMatch(latestSmoke, /Extension version: `1\.3\.71`/)
+})
+
+test('current reports keep incognito live metadata branch unproven', () => {
+  const e2eRemainingRisks = sectionFrom(e2eReport, '## Remaining Risks')
+  const e2eAdditionalChecks = sectionBetween(e2eReport, 'Additional focused checks recorded for this slice:', 'Environment note:')
+  const task10Matrix = sectionBetween(completionAudit, '| Target policy and target failures', '| Profile privacy and transfer')
+  const currentStatus = sectionFrom(completionAudit, '## Current Status')
+
+  assert.match(smokeSource, /runIncognitoWindowBridgeProbeScenario/)
+  assert.match(smokeSource, /environment-skip-incognito-window-extension-not-connected/)
+  assert.match(e2eRemainingRisks, /incognito-window-bridge-probe/)
+  assert.match(e2eRemainingRisks, /failed as `EXTENSION_NOT_CONNECTED`/)
+  assert.match(e2eRemainingRisks, /Incognito live metadata rejection is still not fully run/)
+  assert.match(e2eRemainingRisks, /exact live incognito `INCOGNITO_NOT_SUPPORTED` browser metadata rejection/)
+  assert.match(e2eRemainingRisks, /chrome\.extension\.inIncognitoContext === true/)
+  assert.match(e2eRemainingRisks, /posts `INCOGNITO_NOT_SUPPORTED` before loading `\/request`/)
+  assert.match(e2eAdditionalChecks, /content incognito context follow-up/)
+  assert.match(e2eAdditionalChecks, /PROFILE_TRANSPORT_FAILED/)
+  assert.match(e2eAdditionalChecks, /failed \/ INCOGNITO_NOT_SUPPORTED/)
+  assert.match(task10Matrix, /`--incognito` 窗口路径 probe 也未加载扩展 content script/)
+  assert.match(task10Matrix, /chrome\.extension\.inIncognitoContext === true/)
+  assert.match(task10Matrix, /INCOGNITO_NOT_SUPPORTED/)
+  assert.match(currentStatus, /content client 已有 `chrome\.extension\.inIncognitoContext` 单元契约/)
+  assert.doesNotMatch(currentStatus, /精确 incognito `INCOGNITO_NOT_SUPPORTED` 浏览器元数据路径.*已完成/)
+})
+
+test('implementation plan carries a current status overlay instead of looking fully unchecked', () => {
+  const statusOverlay = sectionBetween(implementationPlan, '## 当前实现状态', '## 总目标')
+  const task10 = sectionBetween(implementationPlan, '### Task 10: 端到端验证与收口', '## 安全门禁')
+
+  assert.doesNotMatch(implementationPlan, /\n- \[ \]/)
+  assert.match(statusOverlay, /可用第一版已落地/)
+  assert.match(statusOverlay, /不能按原计划标记为全量完成/)
+  assert.match(statusOverlay, /Historical item:/)
+  assert.match(statusOverlay, /Task 10 状态矩阵/)
+  assert.match(statusOverlay, /外部或未触发 gate/)
+  assert.match(statusOverlay, /Chrome Web Store \/ Edge Add-ons/)
+  assert.match(statusOverlay, /发布 workflow 升级为打包前人工确认硬门禁/)
+  assert.match(statusOverlay, /运行中 idle-driven service worker eviction/)
+  assert.match(statusOverlay, /精确 incognito `INCOGNITO_NOT_SUPPORTED` live/)
+  assert.match(task10, /Current status source/)
+  assert.match(task10, /\| Default browser smoke\s+\| Complete locally\s+\|/)
+  assert.match(task10, /\| Store release and disclosure\s+\| Workflow-gated external gate\s+\|/)
+  assert.match(task10, /agent_bridge_disclosure_confirmed=true/)
+  assert.match(task10, /Agent Bridge disclosure confirmed/)
+  assert.match(task10, /Use a real public URL only as an explicit external-target scenario/)
+  assert.match(task10, /External gates retained after local completion/)
+  assert.doesNotMatch(task10, /\n- \[ \]/)
+})
+
+test('current verification records the latest unit test count', () => {
+  const e2eCurrentVerification = sectionBetween(e2eReport, '## Current Verification', '## Browser Smoke')
+  const task10Matrix = sectionBetween(completionAudit, 'Task 10 当前共有', '## Verification Run')
+
+  assert.doesNotMatch(e2eCurrentVerification, /175 tests passed, 0 failed/)
+  assert.match(e2eCurrentVerification, /2026-05-26/)
+  assert.doesNotMatch(e2eCurrentVerification, /198 tests passed, 0 failed/)
+  assert.doesNotMatch(e2eCurrentVerification, /199 tests passed, 0 failed/)
+  assert.doesNotMatch(e2eCurrentVerification, /202 tests passed, 0 failed/)
+  assert.doesNotMatch(e2eCurrentVerification, /203 tests passed, 0 failed/)
+  assert.doesNotMatch(e2eCurrentVerification, /204 tests passed, 0 failed/)
+  assert.doesNotMatch(e2eCurrentVerification, /205 tests passed, 0 failed/)
+  assert.doesNotMatch(e2eCurrentVerification, /206 tests passed, 0 failed/)
+  assert.doesNotMatch(e2eCurrentVerification, /207 tests passed, 0 failed/)
+  assert.doesNotMatch(e2eCurrentVerification, /208 tests passed, 0 failed/)
+  assert.doesNotMatch(e2eCurrentVerification, /209 tests passed, 0 failed/)
+  assert.doesNotMatch(e2eCurrentVerification, /210 tests passed, 0 failed/)
+  assert.doesNotMatch(e2eCurrentVerification, /211 tests passed, 0 failed/)
+  assert.doesNotMatch(e2eCurrentVerification, /212 tests passed, 0 failed/)
+  assert.doesNotMatch(e2eCurrentVerification, /213 tests passed, 0 failed/)
+  assert.doesNotMatch(e2eCurrentVerification, /219 tests passed, 0 failed/)
+  assert.doesNotMatch(e2eCurrentVerification, /222 tests passed, 0 failed/)
+  assert.doesNotMatch(e2eCurrentVerification, /225 tests passed, 0 failed/)
+  assert.doesNotMatch(e2eCurrentVerification, /228 tests passed, 0 failed/)
+  assert.doesNotMatch(e2eCurrentVerification, /230 tests passed, 0 failed/)
+  assert.doesNotMatch(e2eCurrentVerification, /232 tests passed, 0 failed/)
+  assert.doesNotMatch(e2eCurrentVerification, /233 tests passed, 0 failed/)
+  assert.doesNotMatch(e2eCurrentVerification, /240 tests passed, 0 failed/)
+  assert.match(e2eCurrentVerification, /248 tests passed, 0 failed/)
+  assert.doesNotMatch(task10Matrix, /最新 `pnpm run test:unit` 为 180 tests passed/)
+  assert.doesNotMatch(task10Matrix, /最新 `pnpm run test:unit` 为 198 tests passed/)
+  assert.doesNotMatch(task10Matrix, /最新 `pnpm run test:unit` 为 199 tests passed/)
+  assert.doesNotMatch(task10Matrix, /最新 `pnpm run test:unit` 为 202 tests passed/)
+  assert.doesNotMatch(task10Matrix, /最新 `pnpm run test:unit` 为 203 tests passed/)
+  assert.doesNotMatch(task10Matrix, /最新 `pnpm run test:unit` 为 204 tests passed/)
+  assert.doesNotMatch(task10Matrix, /最新 `pnpm run test:unit` 为 205 tests passed/)
+  assert.doesNotMatch(task10Matrix, /最新 `pnpm run test:unit` 为 206 tests passed/)
+  assert.doesNotMatch(task10Matrix, /最新 `pnpm run test:unit` 为 207 tests passed/)
+  assert.doesNotMatch(task10Matrix, /最新 `pnpm run test:unit` 为 208 tests passed/)
+  assert.doesNotMatch(task10Matrix, /最新 `pnpm run test:unit` 为 209 tests passed/)
+  assert.doesNotMatch(task10Matrix, /最新 `pnpm run test:unit` 为 210 tests passed/)
+  assert.doesNotMatch(task10Matrix, /最新 `pnpm run test:unit` 为 211 tests passed/)
+  assert.doesNotMatch(task10Matrix, /最新 `pnpm run test:unit` 为 212 tests passed/)
+  assert.doesNotMatch(task10Matrix, /最新 `pnpm run test:unit` 为 213 tests passed/)
+  assert.doesNotMatch(task10Matrix, /最新 `pnpm run test:unit` 为 219 tests passed/)
+  assert.doesNotMatch(task10Matrix, /最新 `pnpm run test:unit` 为 222 tests passed/)
+  assert.doesNotMatch(task10Matrix, /最新 `pnpm run test:unit` 为 225 tests passed/)
+  assert.doesNotMatch(task10Matrix, /最新 `pnpm run test:unit` 为 228 tests passed/)
+  assert.doesNotMatch(task10Matrix, /最新 `pnpm run test:unit` 为 230 tests passed/)
+  assert.doesNotMatch(task10Matrix, /最新 `pnpm run test:unit` 为 232 tests passed/)
+  assert.doesNotMatch(task10Matrix, /最新 `pnpm run test:unit` 为 233 tests passed/)
+  assert.doesNotMatch(task10Matrix, /最新 `pnpm run test:unit` 为 240 tests passed/)
+  assert.match(task10Matrix, /最新 `pnpm run test:unit` 为 248 tests passed/)
+})
+
+test('current reports include fresh lint and typecheck gate evidence', () => {
+  const e2eCurrentVerification = sectionBetween(e2eReport, '## Current Verification', '## Browser Smoke')
+  const verificationRun = sectionBetween(completionAudit, '## Verification Run', '## Current Status')
+
+  assert.match(e2eCurrentVerification, /\| `pnpm run lint`[\s\S]*2026-05-26/)
+  assert.match(e2eCurrentVerification, /\| `pnpm run typecheck`[\s\S]*2026-05-26/)
+  assert.match(e2eCurrentVerification, /rate-limit smoke\/report follow-up/)
+  assert.match(e2eCurrentVerification, /vue-tsc --noEmit/)
+  assert.match(e2eCurrentVerification, /production build/)
+  assert.match(e2eCurrentVerification, /dist\/manifest\.json/)
+  assert.match(verificationRun, /追加 active-tab unavailable smoke\/report follow-up 后重新执行 `pnpm run lint`：通过/)
+  assert.match(verificationRun, /追加 active-tab unavailable smoke\/report follow-up 后重新执行 `pnpm run typecheck`：通过/)
+  assert.match(verificationRun, /追加 rate-limit smoke\/report follow-up 后重新执行 `pnpm run lint`：通过/)
+  assert.match(verificationRun, /追加 rate-limit smoke\/report follow-up 后重新执行 `pnpm run typecheck`：通过/)
+  assert.match(verificationRun, /重新生成 injected IIFE 与 `dist\/manifest\.json`/)
+})
+
+test('current reports include live result-expiry bridge page evidence', () => {
+  const e2eAdditionalChecks = sectionBetween(e2eReport, 'Additional focused checks recorded for this slice:', 'Environment note:')
+  const e2eRemainingRisks = sectionFrom(e2eReport, '## Remaining Risks')
+  const task10Matrix = sectionBetween(completionAudit, '| 终态、并发和取消语义', '| HTTP resource pressure')
+  const currentStatus = sectionFrom(completionAudit, '## Current Status')
+
+  assert.match(smokeSource, /runResultExpiryBridgePageScenario/)
+  assert.match(smokeSource, /result-expiry-bridge-page/)
+  assert.match(e2eAdditionalChecks, /STACKPRISM_BROWSER_SMOKE_SCENARIO=result-expiry-bridge-page/)
+  assert.match(e2eAdditionalChecks, /410 \/ CAPTURE_RESULT_EXPIRED/)
+  assert.match(e2eAdditionalChecks, /did not contain bridge token material/)
+  assert.match(e2eRemainingRisks, /Completed-result expiry is also covered by `result-expiry-bridge-page` live Chrome smoke/)
+  assert.doesNotMatch(e2eRemainingRisks, /Expired bridge page token suppression remains covered by JS\/Python automated bridge tests/)
+  assert.match(task10Matrix, /completed result TTL 过期后 profile endpoint 和 `\/bridge` 均返回 `CAPTURE_RESULT_EXPIRED`/)
+  assert.match(currentStatus, /result expiry bridge page smoke/)
+})
+
+test('current reports include focused bridge self-target smoke evidence', () => {
+  const e2eAdditionalChecks = sectionBetween(e2eReport, 'Additional focused checks recorded for this slice:', 'Environment note:')
+  const targetPolicyRow = sectionBetween(completionAudit, '| Target policy and target failures', '| Profile privacy and transfer')
+  const currentStatus = sectionFrom(completionAudit, '## Current Status')
+
+  assert.match(smokeSource, /runBridgeSelfTargetBlockedScenario/)
+  assert.match(smokeSource, /bridge-self-target-blocked/)
+  assert.match(e2eAdditionalChecks, /STACKPRISM_BROWSER_SMOKE_SCENARIO=bridge-self-target-blocked/)
+  assert.match(e2eAdditionalChecks, /400 \/ BRIDGE_SELF_TARGET_BLOCKED/)
+  assert.match(e2eAdditionalChecks, /`localhost` loopback alias/)
+  assert.match(e2eAdditionalChecks, /\/health\.activeCaptures` remained 0/)
+  assert.match(targetPolicyRow, /`bridge-self-target-blocked`/)
+  assert.match(targetPolicyRow, /当前 bridge origin 和 `localhost` alias/)
+  assert.doesNotMatch(targetPolicyRow, /self-target guard/)
+  assert.match(currentStatus, /bridge self-target smoke/)
+  assert.match(currentStatus, /bridge-origin 初始目标拒绝/)
+})
+
+test('current reports include live active-tab unavailable evidence', () => {
+  const e2eAdditionalChecks = sectionBetween(e2eReport, 'Additional focused checks recorded for this slice:', 'Environment note:')
+  const targetPolicyRow = sectionBetween(completionAudit, '| Target policy and target failures', '| Profile privacy and transfer')
+  const currentStatus = sectionFrom(completionAudit, '## Current Status')
+
+  assert.match(smokeSource, /runActiveTabUnavailableScenario/)
+  assert.match(smokeSource, /active-tab-unavailable/)
+  assert.match(e2eAdditionalChecks, /STACKPRISM_BROWSER_SMOKE_SCENARIO=active-tab-unavailable/)
+  assert.match(e2eAdditionalChecks, /ACTIVE_TAB_UNAVAILABLE/)
+  assert.match(e2eAdditionalChecks, /profile read returned 409/)
+  assert.match(e2eAdditionalChecks, /target probe received 0 requests/)
+  assert.match(e2eAdditionalChecks, /no target URL tab was opened/)
+  assert.match(targetPolicyRow, /`active-tab-unavailable`/)
+  assert.match(targetPolicyRow, /target request count 0/)
+  assert.match(currentStatus, /active-tab unavailable smoke/)
+  assert.match(currentStatus, /active-tab 缺失 fail-closed/)
+})
+
+test('current reports include target-mode query and keep-tab-open smoke evidence', () => {
+  const e2eFollowUps = sectionBetween(
+    e2eReport,
+    '2026-05-25 targetMode query live smoke follow-up',
+    '2026-05-25 sequential capture pressure'
+  )
+  const task10Matrix = sectionBetween(completionAudit, '| Target policy and target failures', '| Profile privacy and transfer')
+
+  assert.match(smokeSource, /target-mode-query-boundaries/)
+  assert.match(smokeSource, /keepTabOpenWasTrue/)
+  assert.match(smokeSource, /keptNewTargetTabId/)
+  assert.match(e2eFollowUps, /STACKPRISM_BROWSER_SMOKE_SCENARIO=target-mode-query-boundaries/)
+  assert.match(e2eFollowUps, /keepTabOpen=true/)
+  assert.match(e2eFollowUps, /keptNewTargetTabId/)
+  assert.match(task10Matrix, /targetMode query live smoke/)
+  assert.match(task10Matrix, /keepTabOpen=true/)
+  assert.match(task10Matrix, /保留插件新建目标 tab/)
+})
+
+test('current reports include live request-shell rejection smoke evidence', () => {
+  const e2eAdditionalChecks = sectionBetween(e2eReport, 'Additional focused checks recorded for this slice:', 'Environment note:')
+  const resourcePressureRow = sectionBetween(completionAudit, '| HTTP resource pressure', '| Service worker / extension lifecycle')
+
+  assert.match(smokeSource, /runRequestShellRejectionsScenario/)
+  assert.match(smokeSource, /request-shell-rejections/)
+  assert.match(smokeSource, /rejectedCases/)
+  assert.match(smokeSource, /duplicateContentType/)
+  assert.match(smokeSource, /duplicateContentLength/)
+  assert.match(smokeSource, /invalidContentLength/)
+  assert.match(smokeSource, /unsupportedCharset/)
+  assert.match(e2eAdditionalChecks, /STACKPRISM_BROWSER_SMOKE_SCENARIO=request-shell-rejections/)
+  assert.match(e2eAdditionalChecks, /19 类原始 request-shell/)
+  assert.match(e2eAdditionalChecks, /duplicate Content-Type/)
+  assert.match(e2eAdditionalChecks, /invalid Content-Length/)
+  assert.match(e2eAdditionalChecks, /target request count 0/)
+  assert.match(e2eAdditionalChecks, /healthAfterRejections/)
+  assert.match(resourcePressureRow, /request-shell-rejections/)
+  assert.match(resourcePressureRow, /19 类原始 request-shell/)
+  assert.match(resourcePressureRow, /拒绝后 `\/health` 恢复 200/)
+})
+
+test('current reports include live keep-alive timeout evidence', () => {
+  const e2eFollowUps = sectionBetween(e2eReport, '2026-05-25 resource timeouts smoke follow-up', '2026-05-25 release workflow gate')
+  const resourcePressureRow = sectionBetween(completionAudit, '| HTTP resource pressure', '| Service worker / extension lifecycle')
+  const verificationRun = sectionBetween(completionAudit, '## Verification Run', '## Current Status')
+
+  assert.match(smokeSource, /probeKeepAliveIdleClose/)
+  assert.match(smokeSource, /afterKeepAliveIdleStatusLine/)
+  assert.match(e2eFollowUps, /STACKPRISM_BROWSER_SMOKE_SCENARIO=resource-timeouts/)
+  assert.match(e2eFollowUps, /default idle window/)
+  assert.match(e2eFollowUps, /subsequent `\/health` request returned 200/)
+  assert.match(resourcePressureRow, /默认 idle 窗口/)
+  assert.match(verificationRun, /STACKPRISM_BROWSER_SMOKE_SCENARIO=resource-timeouts STACKPRISM_BROWSER_SMOKE_CDP_PORT=9561/)
+})
+
+test('current reports include live default rate-limit evidence', () => {
+  const e2eFollowUps = sectionBetween(
+    e2eReport,
+    '2026-05-26 rate-limit smoke follow-up',
+    '2026-05-26 target URL validation smoke follow-up'
+  )
+  const bridgeApiRow = sectionBetween(completionAudit, '| Bridge API semantics and rate limiting', '| Bridge 启动与环境错误')
+  const verificationRun = sectionBetween(completionAudit, '## Verification Run', '## Current Status')
+
+  assert.match(smokeSource, /runRateLimitScenario/)
+  assert.match(smokeSource, /runProfileRateLimitScenario/)
+  assert.match(smokeSource, /rate-limit/)
+  assert.match(smokeSource, /profile-rate-limit/)
+  assert.match(smokeSource, /createRateLimit/)
+  assert.match(smokeSource, /queryRateLimit/)
+  assert.match(smokeSource, /profileRateLimit/)
+  assert.match(e2eFollowUps, /STACKPRISM_BROWSER_SMOKE_SCENARIO=rate-limit/)
+  assert.match(e2eFollowUps, /STACKPRISM_BROWSER_SMOKE_SCENARIO=profile-rate-limit/)
+  assert.match(e2eFollowUps, /11th create request returned `429 \/ RATE_LIMITED`/)
+  assert.match(e2eFollowUps, /121st status read returned `429 \/ RATE_LIMITED`/)
+  assert.match(e2eFollowUps, /121st profile read returned `429 \/ RATE_LIMITED`/)
+  assert.match(e2eFollowUps, /target request count was 0/)
+  assert.match(bridgeApiRow, /`rate-limit`/)
+  assert.match(bridgeApiRow, /`profile-rate-limit`/)
+  assert.match(bridgeApiRow, /默认 create limit 10/)
+  assert.match(bridgeApiRow, /默认 query limit 120/)
+  assert.match(bridgeApiRow, /120 次 profile reads/)
+  assert.match(verificationRun, /STACKPRISM_BROWSER_SMOKE_SCENARIO=rate-limit STACKPRISM_BROWSER_SMOKE_CDP_PORT=9562/)
+  assert.match(verificationRun, /STACKPRISM_BROWSER_SMOKE_SCENARIO=profile-rate-limit STACKPRISM_BROWSER_SMOKE_CDP_PORT=9564/)
+})
+
+test('current reports include live target URL validation evidence', () => {
+  const e2eFollowUps = sectionBetween(e2eReport, '2026-05-26 target URL validation smoke follow-up', 'Environment note:')
+  const targetPolicyRow = sectionBetween(completionAudit, '| Target policy and target failures', '| Profile privacy and transfer')
+  const verificationRun = sectionBetween(completionAudit, '## Verification Run', '## Current Status')
+
+  assert.match(smokeSource, /runTargetUrlValidationScenario/)
+  assert.match(smokeSource, /target-url-validation/)
+  assert.match(smokeSource, /unsupportedProtocol/)
+  assert.match(smokeSource, /credentialUrl/)
+  assert.match(smokeSource, /loopbackPrivateTarget/)
+  assert.match(smokeSource, /bridgeSelfTarget/)
+  assert.match(e2eFollowUps, /STACKPRISM_BROWSER_SMOKE_SCENARIO=target-url-validation/)
+  assert.match(e2eFollowUps, /unsupported protocol/)
+  assert.match(e2eFollowUps, /credential URL/)
+  assert.match(e2eFollowUps, /loopback private target/)
+  assert.match(e2eFollowUps, /bridge self-target/)
+  assert.match(e2eFollowUps, /activeCaptures = 0/)
+  assert.match(e2eFollowUps, /target request count was 0/)
+  assert.match(targetPolicyRow, /`target-url-validation`/)
+  assert.match(targetPolicyRow, /unsupported protocol/)
+  assert.match(targetPolicyRow, /credential URL/)
+  assert.match(targetPolicyRow, /loopback private target/)
+  assert.match(targetPolicyRow, /bridge self-target/)
+  assert.match(verificationRun, /STACKPRISM_BROWSER_SMOKE_SCENARIO=target-url-validation STACKPRISM_BROWSER_SMOKE_CDP_PORT=9563/)
+})
+
+test('completion audit records handoff baseline as clean', () => {
+  const currentStatus = sectionFrom(completionAudit, '## Current Status')
+
+  assert.doesNotMatch(currentStatus, /47 个 unstaged 文件/)
+  assert.doesNotMatch(currentStatus, /52 个 staged 文件/)
+  assert.doesNotMatch(currentStatus, /39 个 unstaged 文件/)
+  assert.doesNotMatch(currentStatus, /4 个 untracked Agent Bridge 文件/)
+  assert.match(currentStatus, /历史交接基线状态：工作区干净/)
+  assert.match(currentStatus, /此行只记录接手前基线，不表示当前 HEAD 或远端同步状态/)
+})
+
+const assertNoReportTokenPrefix = source => {
+  assert.doesNotMatch(source, /apiTokenPrefix\s*=\s*"spb_/)
+  assert.doesNotMatch(source, /bridgeTokenPrefix\s*=\s*"spbt_/)
+  assert.doesNotMatch(source, /把 `spb_`/)
+  assert.doesNotMatch(source, /把 `spbt_`/)
+  assert.doesNotMatch(source, /`spb_`\/`spbt_` token/)
+  assert.doesNotMatch(source, /`spb_` token/)
+  assert.doesNotMatch(source, /`spbt_` token/)
+  assert.doesNotMatch(source, /records only the extension id and token prefix/)
+}
+
+const sectionBetween = (source, start, end) => {
+  const startIndex = source.indexOf(start)
+  assert.notEqual(startIndex, -1, `Missing section start: ${start}`)
+  const endIndex = source.indexOf(end, startIndex)
+  assert.notEqual(endIndex, -1, `Missing section end: ${end}`)
+  return source.slice(startIndex, endIndex)
+}
+
+const sectionFrom = (source, start) => {
+  const startIndex = source.indexOf(start)
+  assert.notEqual(startIndex, -1, `Missing section start: ${start}`)
+  return source.slice(startIndex)
+}
diff --git a/tests/agent-bridge-browser-smoke.mjs b/tests/agent-bridge-browser-smoke.mjs
new file mode 100644
index 00000000..28de6c58
--- /dev/null
+++ b/tests/agent-bridge-browser-smoke.mjs
@@ -0,0 +1,3702 @@
+import { existsSync } from 'node:fs'
+import dns from 'node:dns/promises'
+import net from 'node:net'
+import { resolve } from 'node:path'
+import { createBridgeServer } from '../agent-skill/stackprism-site-experience/scripts/bridge/http-server.mjs'
+import { protocolVersion } from '../agent-skill/stackprism-site-experience/scripts/bridge/protocol.mjs'
+import { assert, createBrowserSmokeHarness, redactText } from './helpers/agent-bridge-browser-smoke-harness.mjs'
+
+const root = resolve(new URL('..', import.meta.url).pathname)
+const dist = resolve(root, 'dist')
+const cdpPort = Number(process.env.STACKPRISM_BROWSER_SMOKE_CDP_PORT || 9451)
+const configuredTargetUrl = process.env.STACKPRISM_BROWSER_SMOKE_TARGET_URL || ''
+const externalTargetUrl = configuredTargetUrl || 'https://www.wikipedia.org/'
+const scenario = process.env.STACKPRISM_BROWSER_SMOKE_SCENARIO || 'default'
+const cdpBaseUrl = `http://127.0.0.1:${cdpPort}`
+
+const hasMetadataKey = value => {
+  if (!value || typeof value !== 'object') return false
+  if (Array.isArray(value)) return value.some(hasMetadataKey)
+  return Object.entries(value).some(([key, item]) => /^(boundingBoxes|boundingBox|bounds|aboveFold|rect)$/i.test(key) || hasMetadataKey(item))
+}
+
+const hasScreenshotPayloadKey = value => {
+  if (!value || typeof value !== 'object') return false
+  if (Array.isArray(value)) return value.some(hasScreenshotPayloadKey)
+  return Object.entries(value).some(
+    ([key, item]) =>
+      /^(screenshotData|imageData|pixelData|pixels|dataUrl|base64Image)$/i.test(key) ||
+      (key === 'screenshot' && Boolean(item?.dataUrl)) ||
+      hasScreenshotPayloadKey(item)
+  )
+}
+
+const profileSummary = (profile, captureId) => {
+  const body = profile?.body
+  if (!body) return null
+  const profileBytes = new TextEncoder().encode(JSON.stringify(body)).byteLength
+  const serialized = JSON.stringify(body).toLowerCase()
+  return {
+    httpStatus: profile.status,
+    schema: body.schema,
+    captureIdMatches: body.captureId === captureId,
+    userAgentPresent: Boolean(body.browserContext?.userAgent),
+    extensionVersion: body.browserContext?.extensionVersion || '',
+    targetFinalUrl: body.target?.finalUrl || '',
+    visualKeys: Object.keys(body.visualProfile || {}),
+    layoutKeys: Object.keys(body.layoutProfile || {}),
+    componentKeys: Object.keys(body.componentProfile || {}),
+    limitationCount: Array.isArray(body.limitations) ? body.limitations.length : 0,
+    profileBytes,
+    estimatedTransferChunks: Math.max(1, Math.ceil(profileBytes / (384 * 1024))),
+    screenshotMetadataPresent: hasMetadataKey(body),
+    screenshotPayloadPresent: hasScreenshotPayloadKey(body),
+    privacyLeakDetected: /cookie|authorization|set-cookie|token=secret|#frag/.test(serialized)
+  }
+}
+
+const unrequestedSectionChecks = {
+  visual: 'visualProfile',
+  layout: 'layoutProfile',
+  components: 'componentProfile',
+  interaction: 'interactionProfile',
+  ux: 'uxProfile',
+  assets: 'assetProfile'
+}
+
+const assertSectionNotRequested = (profile, sections) => {
+  const body = profile?.body
+  assert(body && Array.isArray(body.limitations), `Profile body did not include limitations: ${JSON.stringify(profile)}`)
+  for (const section of sections) {
+    const key = unrequestedSectionChecks[section]
+    assert(JSON.stringify(body[key] || {}) === '{}', `${key} was not empty for an unrequested section.`)
+    assert(body.limitations.includes(`${section}_section_not_requested`), `${section} limitation was missing.`)
+  }
+}
+
+const openBridgeWithCdpScript = `
+const bridgeUrl = process.argv.at(-1)
+const cdpBaseUrl = process.env.STACKPRISM_BROWSER_SMOKE_CDP_BASE_URL
+if (!bridgeUrl || !cdpBaseUrl) process.exit(2)
+const response = await fetch(cdpBaseUrl + '/json/new?' + encodeURIComponent(bridgeUrl), { method: 'PUT' })
+if (!response.ok) process.exit(3)
+`
+
+const ensureDistBuilt = () => {
+  if (!existsSync(resolve(dist, 'manifest.json'))) throw new Error('dist/manifest.json is missing. Run pnpm run build first.')
+}
+
+const withoutFragment = url => {
+  const parsed = new URL(url)
+  parsed.hash = ''
+  return parsed.toString()
+}
+
+const resolveTargetAddresses = async value => {
+  const hostname = new URL(value).hostname
+  try {
+    return {
+      hostname,
+      addresses: (await dns.lookup(hostname, { all: true, verbatim: true })).map(item => item.address)
+    }
+  } catch (error) {
+    return {
+      hostname,
+      addresses: [],
+      dnsError: error?.code || (error instanceof Error ? error.message : String(error))
+    }
+  }
+}
+
+const assertRawHttpStatus = (raw, status, label) => {
+  assert(raw.startsWith(`HTTP/1.1 ${status} `), `${label} returned unexpected raw response: ${redactText(raw)}`)
+}
+
+const assertRawHttpIncludes = (raw, pattern, label) => {
+  assert(pattern.test(raw), `${label} did not include ${pattern}: ${redactText(raw)}`)
+}
+
+const rawStatusLine = raw => String(raw || '').split('\r\n')[0]
+
+const probeKeepAliveIdleClose = (port, hostHeader, { idleMs = 2600, timeoutMs = 5000 } = {}) =>
+  new Promise((resolveProbe, rejectProbe) => {
+    const socket = net.createConnection({ host: '127.0.0.1', port: Number(port) })
+    let data = ''
+    let closed = false
+    let settled = false
+    let idleTimer
+    const finish = result => {
+      if (settled) return
+      settled = true
+      clearTimeout(timeout)
+      clearTimeout(idleTimer)
+      socket.destroy()
+      resolveProbe(result)
+    }
+    const timeout = setTimeout(() => finish({ firstResponse: data, closed, reason: 'timeout' }), timeoutMs)
+    socket.on('connect', () => socket.write(`GET /health HTTP/1.1\r\nHost: ${hostHeader}\r\nConnection: keep-alive\r\n\r\n`))
+    socket.on('data', chunk => {
+      data += chunk.toString('utf8')
+      if (data.includes('\r\n\r\n') && !idleTimer) {
+        idleTimer = setTimeout(() => finish({ firstResponse: data, closed, reason: closed ? 'closed' : 'open_after_idle' }), idleMs)
+      }
+    })
+    socket.on('end', () => {
+      closed = true
+    })
+    socket.on('close', () => {
+      closed = true
+    })
+    socket.on('error', rejectProbe)
+  })
+
+const openHoldingHttpSocket = (port, hostHeader) =>
+  new Promise((resolveOpen, rejectOpen) => {
+    const socket = net.createConnection({ host: '127.0.0.1', port: Number(port) })
+    let opened = false
+    socket.once('connect', () => {
+      opened = true
+      socket.write(`GET /health HTTP/1.1\r\nHost: ${hostHeader}\r\n`)
+      socket.on('error', () => {})
+      resolveOpen(socket)
+    })
+    socket.once('error', error => {
+      if (!opened) rejectOpen(error)
+    })
+  })
+
+const rawHttpWithTimeout = (port, lines, timeoutMs = 750) =>
+  new Promise(resolveRaw => {
+    const socket = net.createConnection({ host: '127.0.0.1', port: Number(port) })
+    let settled = false
+    let data = ''
+    const finish = reason => {
+      if (settled) return
+      settled = true
+      clearTimeout(timeout)
+      socket.destroy()
+      resolveRaw({ data, reason })
+    }
+    const timeout = setTimeout(() => finish('timeout'), timeoutMs)
+    socket.on('connect', () => socket.write(lines.join('\r\n')))
+    socket.on('data', chunk => {
+      data += chunk.toString('utf8')
+    })
+    socket.on('error', error => finish(error?.code || 'error'))
+    socket.on('end', () => finish('end'))
+    socket.on('close', () => finish('close'))
+  })
+
+const rawHttpPartialWithDeadline = (port, chunks, { deadlineMs = 12000, chunkDelayMs = 0 } = {}) =>
+  new Promise((resolveRaw, rejectRaw) => {
+    const startedAt = Date.now()
+    const socket = net.createConnection({ host: '127.0.0.1', port: Number(port) })
+    let settled = false
+    let data = ''
+    const finish = reason => {
+      if (settled) return
+      settled = true
+      clearTimeout(timeout)
+      socket.destroy()
+      resolveRaw({ data, elapsedMs: Date.now() - startedAt, reason })
+    }
+    const writeChunks = async () => {
+      try {
+        for (const chunk of chunks) {
+          if (settled) return
+          socket.write(chunk)
+          if (chunkDelayMs > 0) await new Promise(resolveWait => setTimeout(resolveWait, chunkDelayMs))
+        }
+      } catch (error) {
+        if (!settled) rejectRaw(error)
+      }
+    }
+    const timeout = setTimeout(() => finish('deadline'), deadlineMs)
+    socket.on('connect', writeChunks)
+    socket.on('data', chunk => {
+      data += chunk.toString('utf8')
+    })
+    socket.on('error', error => finish(error?.code || 'error'))
+    socket.on('end', () => finish('end'))
+    socket.on('close', () => finish('close'))
+  })
+
+const corsAllowHeaders = [
+  'access-control-allow-origin',
+  'access-control-allow-headers',
+  'access-control-allow-methods',
+  'access-control-allow-credentials'
+]
+
+const readJsonEnvelope = async response => ({ status: response.status, body: await response.json(), headers: response.headers })
+
+const assertJsonSecurityHeaders = (response, label, { referrerPolicy = false } = {}) => {
+  assert(
+    /^application\/json; charset=utf-8\b/i.test(response.headers.get('content-type') || ''),
+    `${label} did not return JSON content-type.`
+  )
+  assert(response.headers.get('cache-control') === 'no-store', `${label} did not return Cache-Control: no-store.`)
+  assert(response.headers.get('x-content-type-options') === 'nosniff', `${label} did not return X-Content-Type-Options: nosniff.`)
+  if (referrerPolicy) assert(response.headers.get('referrer-policy') === 'no-referrer', `${label} did not return no-referrer.`)
+}
+
+const assertNoCorsAllowHeaders = (headers, label) => {
+  for (const header of corsAllowHeaders) {
+    assert(!headers.has(header), `${label} returned ${header}.`)
+  }
+}
+
+const parseBridgeConfig = html => {
+  const match = html.match(/<script id="stackprism-agent-bridge-config" type="application\/json" nonce="[^"]+">([^<]+)<\/script>/)
+  assert(match, `Bridge HTML did not include config JSON: ${redactText(html)}`)
+  const config = JSON.parse(match[1])
+  assert(/^spbt_[A-Za-z0-9_-]{43}$/.test(config.bridgeToken || ''), 'Bridge config did not include a valid bridge token.')
+  return config
+}
+
+const runClearedStorageSessionScenario = async () => {
+  ensureDistBuilt()
+  const harness = createBrowserSmokeHarness({ root, dist, cdpPort })
+  const slowFixture = await harness.startSlowFixtureServer()
+  const chrome = await harness.startChrome()
+  let bridge
+  let worker
+  try {
+    const version = await harness.waitForCdp()
+    const workerTarget = await harness.waitForWorker()
+    worker = await harness.connectTarget(workerTarget)
+    await worker.send('Runtime.enable')
+    await harness.waitForExtensionRuntime(worker)
+    await harness.setAgentBridgeEnabled(worker, true)
+    bridge = await harness.startBridge()
+    const capture = await harness.createCapture(bridge.ready, {
+      url: slowFixture.url,
+      options: { allowPrivateNetworkTarget: true, captureScreenshotMetadata: false, keepTabOpen: false, targetMode: 'new_tab' }
+    })
+    assert(capture.status === 200, `Capture creation failed: ${JSON.stringify(capture)}`)
+    const cleared = await harness.driveCaptureWithClearedStorageSessionAndReload(bridge.ready, worker, capture, slowFixture.url)
+    assert(cleared.finalStatus?.status === 'failed', `Expected failed terminal status: ${JSON.stringify(cleared.finalStatus)}`)
+    assert(
+      ['BRIDGE_TRANSPORT_DISCONNECTED', 'CAPTURE_TIMEOUT', 'EXTENSION_NOT_CONNECTED'].includes(cleared.finalStatus.error?.code),
+      `Unexpected failure code: ${JSON.stringify(cleared.finalStatus)}`
+    )
+    const profile = await harness.fetchJson(`${bridge.ready.baseUrl}/v1/captures/${capture.body.id}/profile`, {
+      headers: { authorization: `Bearer ${bridge.ready.apiToken}` }
+    })
+    assert(profile.status !== 200, `Profile endpoint returned fake success: ${JSON.stringify(profile.body)}`)
+    console.log(
+      JSON.stringify(
+        {
+          browser: version.Browser,
+          dist,
+          scenario,
+          bridge: {
+            baseUrl: bridge.ready.baseUrl,
+            protocolVersion: bridge.ready.protocolVersion,
+            apiTokenPresent: Boolean(bridge.ready.apiToken)
+          },
+          clearedStorageSessionReloaded: {
+            status: cleared.finalStatus.status,
+            errorCode: cleared.finalStatus.error?.code,
+            profileStatus: profile.status,
+            targetTabId: cleared.targetTabId,
+            targetStillVisible: cleared.targetStillVisible
+          },
+          bridgeStderrTail: redactText(bridge.stderr().slice(-500))
+        },
+        null,
+        2
+      )
+    )
+  } finally {
+    worker?.close()
+    await harness.stopBridge(bridge)
+    slowFixture.server.close()
+    await harness.cleanupChrome(chrome)
+  }
+}
+
+const runLocalOptInDisabledScenario = async () => {
+  ensureDistBuilt()
+  const harness = createBrowserSmokeHarness({ root, dist, cdpPort })
+  const slowFixture = await harness.startSlowFixtureServer()
+  const chrome = await harness.startChrome()
+  let bridge
+  let worker
+  try {
+    const version = await harness.waitForCdp()
+    const workerTarget = await harness.waitForWorker()
+    worker = await harness.connectTarget(workerTarget)
+    await worker.send('Runtime.enable')
+    await harness.waitForExtensionRuntime(worker)
+    await harness.setAgentBridgeEnabled(worker, true)
+    bridge = await harness.startBridge()
+    const capture = await harness.createCapture(bridge.ready, {
+      url: slowFixture.url,
+      options: { allowPrivateNetworkTarget: true, captureScreenshotMetadata: false, keepTabOpen: false, targetMode: 'new_tab' }
+    })
+    assert(capture.status === 200, `Capture creation failed: ${JSON.stringify(capture)}`)
+    const disabled = await harness.driveCaptureWithLocalOptInDisabled(bridge.ready, worker, capture, slowFixture.url)
+    assert(disabled.finalStatus?.status === 'failed', `Expected failed terminal status: ${JSON.stringify(disabled.finalStatus)}`)
+    assert(disabled.finalStatus.error?.code === 'AGENT_BRIDGE_DISABLED', `Unexpected failure code: ${JSON.stringify(disabled.finalStatus)}`)
+    const profile = await harness.fetchJson(`${bridge.ready.baseUrl}/v1/captures/${capture.body.id}/profile`, {
+      headers: { authorization: `Bearer ${bridge.ready.apiToken}` }
+    })
+    assert(profile.status !== 200, `Profile endpoint returned fake success: ${JSON.stringify(profile.body)}`)
+    console.log(
+      JSON.stringify(
+        {
+          browser: version.Browser,
+          dist,
+          scenario,
+          bridge: {
+            baseUrl: bridge.ready.baseUrl,
+            protocolVersion: bridge.ready.protocolVersion,
+            apiTokenPresent: Boolean(bridge.ready.apiToken)
+          },
+          localOptInDisabled: {
+            status: disabled.finalStatus.status,
+            errorCode: disabled.finalStatus.error?.code,
+            profileStatus: profile.status,
+            targetTabId: disabled.targetTabId,
+            targetStillVisible: disabled.targetStillVisible
+          },
+          bridgeStderrTail: redactText(bridge.stderr().slice(-500))
+        },
+        null,
+        2
+      )
+    )
+  } finally {
+    worker?.close()
+    await harness.stopBridge(bridge)
+    slowFixture.server.close()
+    await harness.cleanupChrome(chrome)
+  }
+}
+
+const runBrowserExtensionDisabledScenario = async () => {
+  ensureDistBuilt()
+  const harness = createBrowserSmokeHarness({ root, dist, cdpPort })
+  const slowFixture = await harness.startSlowFixtureServer()
+  const chrome = await harness.startChrome()
+  let bridge
+  let worker
+  let opened
+  try {
+    const version = await harness.waitForCdp()
+    const workerTarget = await harness.waitForWorker()
+    const extensionId = new URL(workerTarget.url).host
+    worker = await harness.connectTarget(workerTarget)
+    await worker.send('Runtime.enable')
+    await harness.waitForExtensionRuntime(worker)
+    await harness.setAgentBridgeEnabled(worker, true)
+    bridge = await harness.startBridge()
+    const capture = await harness.createCapture(bridge.ready, {
+      url: slowFixture.url,
+      options: { allowPrivateNetworkTarget: true, captureScreenshotMetadata: false, keepTabOpen: false, targetMode: 'new_tab' }
+    })
+    assert(capture.status === 200, `Capture creation failed: ${JSON.stringify(capture)}`)
+    opened = await harness.openBridgePage(capture.body.bridgeUrl)
+    const runningState = await harness.waitForExtensionCaptureState(worker, capture.body.id, value => Number.isInteger(value.targetTabId))
+    const disabled = await harness.disableExtensionFromExtensionsPage(extensionId)
+    assert(
+      disabled.found && disabled.before === true && disabled.after === false,
+      `Extension toggle did not disable: ${JSON.stringify(disabled)}`
+    )
+    const finalStatus = await harness.pollCapture(bridge.ready, capture.body.id, 80)
+    assert(finalStatus?.status === 'failed', `Expected failed terminal status: ${JSON.stringify(finalStatus)}`)
+    assert(
+      ['BRIDGE_TRANSPORT_DISCONNECTED', 'SERVICE_WORKER_RESTARTED', 'CAPTURE_TIMEOUT', 'EXTENSION_NOT_CONNECTED'].includes(
+        finalStatus.error?.code
+      ),
+      `Unexpected failure code: ${JSON.stringify(finalStatus)}`
+    )
+    const profile = await harness.fetchJson(`${bridge.ready.baseUrl}/v1/captures/${capture.body.id}/profile`, {
+      headers: { authorization: `Bearer ${bridge.ready.apiToken}` }
+    })
+    assert(profile.status !== 200, `Profile endpoint returned fake success: ${JSON.stringify(profile.body)}`)
+    const targets = await harness.listTargets()
+    const targetStillVisible = targets.some(target => target.type === 'page' && String(target.url || '').startsWith(slowFixture.url))
+    assert(!targetStillVisible, `Browser-disabled target remained visible for tab ${runningState.targetTabId}.`)
+    console.log(
+      JSON.stringify(
+        {
+          browser: version.Browser,
+          dist,
+          scenario,
+          bridge: {
+            baseUrl: bridge.ready.baseUrl,
+            protocolVersion: bridge.ready.protocolVersion,
+            apiTokenPresent: Boolean(bridge.ready.apiToken)
+          },
+          browserExtensionDisabled: {
+            extensionId,
+            targetTabId: runningState.targetTabId,
+            toggleBefore: disabled.before,
+            toggleAfter: disabled.after,
+            status: finalStatus.status,
+            errorCode: finalStatus.error?.code,
+            profileStatus: profile.status,
+            targetStillVisible
+          },
+          bridgeStderrTail: redactText(bridge.stderr().slice(-500))
+        },
+        null,
+        2
+      )
+    )
+  } finally {
+    opened?.page.close()
+    worker?.close()
+    await harness.stopBridge(bridge)
+    slowFixture.server.close()
+    await harness.cleanupChrome(chrome)
+  }
+}
+
+const runBrowserExtensionReloadedScenario = async () => {
+  ensureDistBuilt()
+  const harness = createBrowserSmokeHarness({ root, dist, cdpPort })
+  const slowFixture = await harness.startSlowFixtureServer()
+  const chrome = await harness.startChrome()
+  let bridge
+  let worker
+  let opened
+  try {
+    const version = await harness.waitForCdp()
+    const workerTarget = await harness.waitForWorker()
+    const extensionId = new URL(workerTarget.url).host
+    worker = await harness.connectTarget(workerTarget)
+    await worker.send('Runtime.enable')
+    await harness.waitForExtensionRuntime(worker)
+    await harness.setAgentBridgeEnabled(worker, true)
+    bridge = await harness.startBridge()
+    const capture = await harness.createCapture(bridge.ready, {
+      url: slowFixture.url,
+      options: { allowPrivateNetworkTarget: true, captureScreenshotMetadata: false, keepTabOpen: false, targetMode: 'new_tab' }
+    })
+    assert(capture.status === 200, `Capture creation failed: ${JSON.stringify(capture)}`)
+    opened = await harness.openBridgePage(capture.body.bridgeUrl)
+    const runningState = await harness.waitForExtensionCaptureState(worker, capture.body.id, value => Number.isInteger(value.targetTabId))
+    const reloaded = await harness.reloadExtensionFromExtensionsPage(extensionId)
+    assert(reloaded.found && reloaded.clicked, `Extension reload button did not click: ${JSON.stringify(reloaded)}`)
+    const finalStatus = await harness.pollCapture(bridge.ready, capture.body.id, 80)
+    assert(finalStatus?.status === 'failed', `Expected failed terminal status: ${JSON.stringify(finalStatus)}`)
+    assert(
+      ['BRIDGE_TRANSPORT_DISCONNECTED', 'SERVICE_WORKER_RESTARTED', 'CAPTURE_TIMEOUT', 'EXTENSION_NOT_CONNECTED'].includes(
+        finalStatus.error?.code
+      ),
+      `Unexpected failure code: ${JSON.stringify(finalStatus)}`
+    )
+    const profile = await harness.fetchJson(`${bridge.ready.baseUrl}/v1/captures/${capture.body.id}/profile`, {
+      headers: { authorization: `Bearer ${bridge.ready.apiToken}` }
+    })
+    assert(profile.status !== 200, `Profile endpoint returned fake success: ${JSON.stringify(profile.body)}`)
+    const targets = await harness.listTargets()
+    const targetStillVisible = targets.some(target => target.type === 'page' && String(target.url || '').startsWith(slowFixture.url))
+    assert(!targetStillVisible, `Browser-reloaded target remained visible for tab ${runningState.targetTabId}.`)
+    console.log(
+      JSON.stringify(
+        {
+          browser: version.Browser,
+          dist,
+          scenario,
+          bridge: {
+            baseUrl: bridge.ready.baseUrl,
+            protocolVersion: bridge.ready.protocolVersion,
+            apiTokenPresent: Boolean(bridge.ready.apiToken)
+          },
+          browserExtensionReloaded: {
+            extensionId,
+            targetTabId: runningState.targetTabId,
+            reloadClicked: reloaded.clicked,
+            status: finalStatus.status,
+            errorCode: finalStatus.error?.code,
+            profileStatus: profile.status,
+            targetStillVisible
+          },
+          bridgeStderrTail: redactText(bridge.stderr().slice(-500))
+        },
+        null,
+        2
+      )
+    )
+  } finally {
+    opened?.page.close()
+    worker?.close()
+    await harness.stopBridge(bridge)
+    slowFixture.server.close()
+    await harness.cleanupChrome(chrome)
+  }
+}
+
+const runIncognitoBridgeProbeScenario = async () => {
+  ensureDistBuilt()
+  const harness = createBrowserSmokeHarness({ root, dist, cdpPort })
+  const probe = await harness.startProbeServer()
+  let chrome = await harness.startChrome()
+  let bridge
+  let initialWorker
+  let opened
+  try {
+    await harness.waitForCdp()
+    const initialWorkerTarget = await harness.waitForWorker()
+    const extensionId = new URL(initialWorkerTarget.url).host
+    initialWorker = await harness.connectTarget(initialWorkerTarget)
+    await initialWorker.send('Runtime.enable')
+    await harness.waitForExtensionRuntime(initialWorker)
+    await harness.setAgentBridgeEnabled(initialWorker, true)
+    const incognitoEnabled = await harness.enableIncognitoFromExtensionsPage(extensionId)
+    assert(
+      incognitoEnabled.found && incognitoEnabled.after === true && incognitoEnabled.disabled !== true,
+      `Incognito permission was not enabled: ${JSON.stringify(incognitoEnabled)}`
+    )
+    initialWorker.close()
+    initialWorker = null
+    await harness.stopChrome(chrome)
+    chrome = await harness.startChrome({ profileDir: chrome.profileDir })
+
+    const version = await harness.waitForCdp()
+    bridge = await harness.startBridge()
+    const capture = await harness.createCapture(bridge.ready, {
+      url: probe.url,
+      options: { allowPrivateNetworkTarget: true, captureScreenshotMetadata: false, keepTabOpen: false, targetMode: 'new_tab' }
+    })
+    assert(capture.status === 200, `Capture creation failed: ${JSON.stringify(capture)}`)
+    opened = await harness.openIncognitoBridgePage(capture.body.bridgeUrl)
+    const finalStatus = await harness.pollCapture(bridge.ready, capture.body.id, 40)
+    const errorCode = finalStatus.error?.code
+    assert(
+      finalStatus?.status === 'failed' && ['INCOGNITO_NOT_SUPPORTED', 'EXTENSION_NOT_CONNECTED'].includes(errorCode),
+      `Incognito bridge probe did not fail closed: ${JSON.stringify(finalStatus)}`
+    )
+    const profile = await harness.fetchJson(`${bridge.ready.baseUrl}/v1/captures/${capture.body.id}/profile`, {
+      headers: { authorization: `Bearer ${bridge.ready.apiToken}` }
+    })
+    assert(profile.status !== 200, `Incognito rejected capture returned fake profile: ${JSON.stringify(profile.body)}`)
+    assert(probe.requestCount() === 0, `Incognito bridge rejection fetched target before failing: ${probe.requestCount()}`)
+    const coverage = errorCode === 'INCOGNITO_NOT_SUPPORTED' ? 'live-rejected' : 'environment-skip-cdp-incognito-extension-not-connected'
+    console.log(
+      JSON.stringify(
+        {
+          browser: version.Browser,
+          dist,
+          scenario,
+          bridge: {
+            baseUrl: bridge.ready.baseUrl,
+            protocolVersion: bridge.ready.protocolVersion,
+            apiTokenPresent: Boolean(bridge.ready.apiToken)
+          },
+          incognitoBridgeProbe: {
+            coverage,
+            extensionId,
+            permissionFound: incognitoEnabled.found,
+            permissionEnabledAfter: incognitoEnabled.after,
+            restartRequired: incognitoEnabled.restartRequired === true,
+            status: finalStatus.status,
+            errorCode,
+            profileStatus: profile.status,
+            targetRequestCount: probe.requestCount()
+          },
+          bridgeStderrTail: redactText(bridge.stderr().slice(-500))
+        },
+        null,
+        2
+      )
+    )
+  } finally {
+    await opened?.close?.()
+    initialWorker?.close()
+    await harness.stopBridge(bridge)
+    probe.server.close()
+    await harness.cleanupChrome(chrome)
+  }
+}
+
+const runIncognitoWindowBridgeProbeScenario = async () => {
+  ensureDistBuilt()
+  const harness = createBrowserSmokeHarness({ root, dist, cdpPort })
+  const probe = await harness.startProbeServer()
+  let chrome = await harness.startChrome()
+  let bridge
+  let initialWorker
+  let opened
+  try {
+    await harness.waitForCdp()
+    const initialWorkerTarget = await harness.waitForWorker()
+    const extensionId = new URL(initialWorkerTarget.url).host
+    initialWorker = await harness.connectTarget(initialWorkerTarget)
+    await initialWorker.send('Runtime.enable')
+    await harness.waitForExtensionRuntime(initialWorker)
+    await harness.setAgentBridgeEnabled(initialWorker, true)
+    const incognitoEnabled = await harness.enableIncognitoFromExtensionsPage(extensionId)
+    assert(
+      incognitoEnabled.found && incognitoEnabled.after === true && incognitoEnabled.disabled !== true,
+      `Incognito permission was not enabled: ${JSON.stringify(incognitoEnabled)}`
+    )
+    initialWorker.close()
+    initialWorker = null
+    await harness.stopChrome(chrome)
+    chrome = await harness.startChrome({ profileDir: chrome.profileDir, extraArgs: ['--incognito'] })
+
+    const version = await harness.waitForCdp()
+    bridge = await harness.startBridge()
+    const capture = await harness.createCapture(bridge.ready, {
+      url: probe.url,
+      options: { allowPrivateNetworkTarget: true, captureScreenshotMetadata: false, keepTabOpen: false, targetMode: 'new_tab' }
+    })
+    assert(capture.status === 200, `Capture creation failed: ${JSON.stringify(capture)}`)
+    opened = await harness.openBridgePage(capture.body.bridgeUrl)
+    const finalStatus = await harness.pollCapture(bridge.ready, capture.body.id, 40)
+    const errorCode = finalStatus.error?.code
+    assert(
+      finalStatus?.status === 'failed' && ['INCOGNITO_NOT_SUPPORTED', 'EXTENSION_NOT_CONNECTED'].includes(errorCode),
+      `Incognito window bridge probe did not fail closed: ${JSON.stringify(finalStatus)}`
+    )
+    const profile = await harness.fetchJson(`${bridge.ready.baseUrl}/v1/captures/${capture.body.id}/profile`, {
+      headers: { authorization: `Bearer ${bridge.ready.apiToken}` }
+    })
+    assert(profile.status !== 200, `Incognito window rejected capture returned fake profile: ${JSON.stringify(profile.body)}`)
+    assert(probe.requestCount() === 0, `Incognito window rejection fetched target before failing: ${probe.requestCount()}`)
+    const coverage = errorCode === 'INCOGNITO_NOT_SUPPORTED' ? 'live-rejected' : 'environment-skip-incognito-window-extension-not-connected'
+    console.log(
+      JSON.stringify(
+        {
+          browser: version.Browser,
+          dist,
+          scenario,
+          bridge: {
+            baseUrl: bridge.ready.baseUrl,
+            protocolVersion: bridge.ready.protocolVersion,
+            apiTokenPresent: Boolean(bridge.ready.apiToken)
+          },
+          incognitoWindowBridgeProbe: {
+            coverage,
+            extensionId,
+            permissionFound: incognitoEnabled.found,
+            permissionEnabledAfter: incognitoEnabled.after,
+            restartRequired: incognitoEnabled.restartRequired === true,
+            status: finalStatus.status,
+            errorCode,
+            profileStatus: profile.status,
+            targetRequestCount: probe.requestCount()
+          },
+          bridgeStderrTail: redactText(bridge.stderr().slice(-500))
+        },
+        null,
+        2
+      )
+    )
+  } finally {
+    opened?.page?.close()
+    initialWorker?.close()
+    await harness.stopBridge(bridge)
+    probe.server.close()
+    await harness.cleanupChrome(chrome)
+  }
+}
+
+const runExpiredDeadlineReconciliationScenario = async () => {
+  ensureDistBuilt()
+  const harness = createBrowserSmokeHarness({ root, dist, cdpPort })
+  const fixture = await harness.startFixtureServer()
+  const chrome = await harness.startChrome()
+  let bridge
+  let worker
+  try {
+    const version = await harness.waitForCdp()
+    const workerTarget = await harness.waitForWorker()
+    worker = await harness.connectTarget(workerTarget)
+    await worker.send('Runtime.enable')
+    await harness.waitForExtensionRuntime(worker)
+    await harness.setAgentBridgeEnabled(worker, true)
+    bridge = await harness.startBridge()
+    const capture = await harness.createCapture(bridge.ready, {
+      url: fixture.url,
+      waitMs: 30000,
+      options: { allowPrivateNetworkTarget: true, captureScreenshotMetadata: false, keepTabOpen: false, targetMode: 'new_tab' }
+    })
+    assert(capture.status === 200, `Capture creation failed: ${JSON.stringify(capture)}`)
+    const expired = await harness.driveCaptureWithExpiredDeadlineReconciliation(bridge.ready, worker, capture, fixture.url)
+    assert(expired.finalStatus?.status === 'failed', `Expected failed terminal status: ${JSON.stringify(expired.finalStatus)}`)
+    assert(expired.finalStatus.error?.code === 'CAPTURE_TIMEOUT', `Unexpected failure code: ${JSON.stringify(expired.finalStatus)}`)
+    const profile = await harness.fetchJson(`${bridge.ready.baseUrl}/v1/captures/${capture.body.id}/profile`, {
+      headers: { authorization: `Bearer ${bridge.ready.apiToken}` }
+    })
+    assert(profile.status !== 200, `Profile endpoint returned fake success: ${JSON.stringify(profile.body)}`)
+    assert(!expired.targetStillVisible, `Expired-deadline target remained visible for tab ${expired.targetTabId}.`)
+    console.log(
+      JSON.stringify(
+        {
+          browser: version.Browser,
+          dist,
+          scenario,
+          bridge: {
+            baseUrl: bridge.ready.baseUrl,
+            protocolVersion: bridge.ready.protocolVersion,
+            apiTokenPresent: Boolean(bridge.ready.apiToken)
+          },
+          expiredDeadlineReconciliation: {
+            status: expired.finalStatus.status,
+            errorCode: expired.finalStatus.error?.code,
+            profileStatus: profile.status,
+            targetTabId: expired.targetTabId,
+            triggerTabId: expired.triggerTabId,
+            targetStillVisible: expired.targetStillVisible
+          },
+          bridgeStderrTail: redactText(bridge.stderr().slice(-500))
+        },
+        null,
+        2
+      )
+    )
+  } finally {
+    worker?.close()
+    await harness.stopBridge(bridge)
+    fixture.server.close()
+    await harness.cleanupChrome(chrome)
+  }
+}
+
+const runFinalUrlBlockedScenario = async () => {
+  ensureDistBuilt()
+  const harness = createBrowserSmokeHarness({ root, dist, cdpPort })
+  const chrome = await harness.startChrome()
+  let bridge
+  let worker
+  let redirectFixture
+  try {
+    const version = await harness.waitForCdp()
+    const workerTarget = await harness.waitForWorker()
+    worker = await harness.connectTarget(workerTarget)
+    await worker.send('Runtime.enable')
+    await harness.waitForExtensionRuntime(worker)
+    await harness.setAgentBridgeEnabled(worker, true)
+    bridge = await harness.startBridge()
+    redirectFixture = await harness.startBridgeSelfRedirectServer(bridge.ready.baseUrl)
+    const capture = await harness.createCapture(bridge.ready, {
+      url: redirectFixture.url,
+      waitMs: 100,
+      options: { allowPrivateNetworkTarget: true, captureScreenshotMetadata: false, keepTabOpen: false, targetMode: 'new_tab' }
+    })
+    assert(capture.status === 200, `Capture creation failed: ${JSON.stringify(capture)}`)
+    const redirected = await harness.driveCaptureWithFinalUrlBlocked(bridge.ready, capture, [
+      redirectFixture.url,
+      redirectFixture.finalUrlPrefix
+    ])
+    const finalStatus = redirected.finalStatus
+    assert(finalStatus?.status === 'failed', `Expected failed terminal status: ${JSON.stringify(finalStatus)}`)
+    assert(finalStatus.error?.code === 'FINAL_URL_BLOCKED', `Unexpected failure code: ${JSON.stringify(finalStatus)}`)
+    const profile = await harness.fetchJson(`${bridge.ready.baseUrl}/v1/captures/${capture.body.id}/profile`, {
+      headers: { authorization: `Bearer ${bridge.ready.apiToken}` }
+    })
+    assert(profile.status !== 200, `Profile endpoint returned fake success: ${JSON.stringify(profile.body)}`)
+    assert(!redirected.targetStillVisible, 'Final URL blocked target remained visible.')
+    console.log(
+      JSON.stringify(
+        {
+          browser: version.Browser,
+          dist,
+          scenario,
+          bridge: {
+            baseUrl: bridge.ready.baseUrl,
+            protocolVersion: bridge.ready.protocolVersion,
+            apiTokenPresent: Boolean(bridge.ready.apiToken)
+          },
+          finalUrlBlocked: {
+            status: finalStatus.status,
+            errorCode: finalStatus.error?.code,
+            reason: finalStatus.error?.details?.reason || '',
+            profileStatus: profile.status,
+            requestCount: redirectFixture.requestCount(),
+            targetStillVisible: redirected.targetStillVisible
+          },
+          bridgeStderrTail: redactText(bridge.stderr().slice(-500))
+        },
+        null,
+        2
+      )
+    )
+  } finally {
+    worker?.close()
+    await harness.stopBridge(bridge)
+    redirectFixture?.server.close()
+    await harness.cleanupChrome(chrome)
+  }
+}
+
+const runFinalPrivateUrlBlockedScenario = async () => {
+  ensureDistBuilt()
+  const harness = createBrowserSmokeHarness({ root, dist, cdpPort })
+  let redirectFixture
+  redirectFixture = await harness.startPrivateFinalProxyServer()
+  const chrome = await harness.startChrome({
+    extraArgs: [`--proxy-server=${redirectFixture.proxyUrl}`, '--proxy-bypass-list=127.0.0.1;localhost']
+  })
+  let bridge
+  let worker
+  try {
+    const version = await harness.waitForCdp()
+    const workerTarget = await harness.waitForWorker()
+    worker = await harness.connectTarget(workerTarget)
+    await worker.send('Runtime.enable')
+    await harness.waitForExtensionRuntime(worker)
+    await harness.setAgentBridgeEnabled(worker, true)
+    bridge = await harness.startBridge()
+    const capture = await harness.createCapture(bridge.ready, {
+      url: redirectFixture.url,
+      waitMs: 100,
+      options: { allowPrivateNetworkTarget: false, captureScreenshotMetadata: false, keepTabOpen: false, targetMode: 'new_tab' }
+    })
+    assert(capture.status === 200, `Capture creation failed: ${JSON.stringify(capture)}`)
+    const redirected = await harness.driveCaptureWithFinalUrlBlocked(bridge.ready, capture, [
+      redirectFixture.url,
+      redirectFixture.finalUrlPrefix
+    ])
+    const finalStatus = redirected.finalStatus
+    assert(finalStatus?.status === 'failed', `Expected failed terminal status: ${JSON.stringify(finalStatus)}`)
+    assert(finalStatus.error?.code === 'FINAL_URL_BLOCKED', `Unexpected failure code: ${JSON.stringify(finalStatus)}`)
+    assert(
+      finalStatus.error?.details?.reason === 'private_network_address',
+      `Unexpected final URL block reason: ${JSON.stringify(finalStatus)}`
+    )
+    const profile = await harness.fetchJson(`${bridge.ready.baseUrl}/v1/captures/${capture.body.id}/profile`, {
+      headers: { authorization: `Bearer ${bridge.ready.apiToken}` }
+    })
+    assert(profile.status !== 200, `Profile endpoint returned fake success: ${JSON.stringify(profile.body)}`)
+    assert(redirectFixture.proxyRequestCount() > 0, 'Public-IP proxy fixture was not reached before final URL validation.')
+    assert(redirectFixture.privateRequestCount() > 0, 'Private final target was not reached before final URL validation.')
+    assert(!redirected.targetStillVisible, 'Final private URL blocked target remained visible.')
+    console.log(
+      JSON.stringify(
+        {
+          browser: version.Browser,
+          dist,
+          scenario,
+          bridge: {
+            baseUrl: bridge.ready.baseUrl,
+            protocolVersion: bridge.ready.protocolVersion,
+            apiTokenPresent: Boolean(bridge.ready.apiToken)
+          },
+          finalPrivateUrlBlocked: {
+            status: finalStatus.status,
+            errorCode: finalStatus.error?.code,
+            reason: finalStatus.error?.details?.reason || '',
+            profileStatus: profile.status,
+            proxyRequestCount: redirectFixture.proxyRequestCount(),
+            privateRequestCount: redirectFixture.privateRequestCount(),
+            targetStillVisible: redirected.targetStillVisible
+          },
+          bridgeStderrTail: redactText(bridge.stderr().slice(-500))
+        },
+        null,
+        2
+      )
+    )
+  } finally {
+    worker?.close()
+    await harness.stopBridge(bridge)
+    redirectFixture?.proxyServer.close()
+    redirectFixture?.privateServer.close()
+    await harness.cleanupChrome(chrome)
+  }
+}
+
+const runFinalDnsPolicyBlockedScenario = async () => {
+  ensureDistBuilt()
+  const harness = createBrowserSmokeHarness({ root, dist, cdpPort })
+  let redirectFixture
+  redirectFixture = await harness.startDnsFinalProxyServer({ finalHostname: 'stackprism-browser-smoke.invalid' })
+  const chrome = await harness.startChrome({
+    extraArgs: [`--proxy-server=${redirectFixture.proxyUrl}`, '--proxy-bypass-list=127.0.0.1;localhost']
+  })
+  let bridge
+  let worker
+  try {
+    const version = await harness.waitForCdp()
+    const workerTarget = await harness.waitForWorker()
+    worker = await harness.connectTarget(workerTarget)
+    await worker.send('Runtime.enable')
+    await harness.waitForExtensionRuntime(worker)
+    await harness.setAgentBridgeEnabled(worker, true)
+    bridge = await harness.startBridge()
+    const capture = await harness.createCapture(bridge.ready, {
+      url: redirectFixture.url,
+      waitMs: 100,
+      options: { allowPrivateNetworkTarget: false, captureScreenshotMetadata: false, keepTabOpen: false, targetMode: 'new_tab' }
+    })
+    assert(capture.status === 200, `Capture creation failed: ${JSON.stringify(capture)}`)
+    const redirected = await harness.driveCaptureWithFinalUrlBlocked(bridge.ready, capture, [
+      redirectFixture.url,
+      redirectFixture.finalUrlPrefix
+    ])
+    const finalStatus = redirected.finalStatus
+    assert(finalStatus?.status === 'failed', `Expected failed terminal status: ${JSON.stringify(finalStatus)}`)
+    assert(finalStatus.error?.code === 'FINAL_URL_BLOCKED', `Unexpected failure code: ${JSON.stringify(finalStatus)}`)
+    assert(
+      ['private_network_address', 'dns_lookup_failed'].includes(finalStatus.error?.details?.reason),
+      `Unexpected final URL block reason: ${JSON.stringify(finalStatus)}`
+    )
+    const profile = await harness.fetchJson(`${bridge.ready.baseUrl}/v1/captures/${capture.body.id}/profile`, {
+      headers: { authorization: `Bearer ${bridge.ready.apiToken}` }
+    })
+    assert(profile.status !== 200, `Profile endpoint returned fake success: ${JSON.stringify(profile.body)}`)
+    assert(redirectFixture.proxyRequestCount() > 0, 'Public-IP proxy fixture was not reached before final URL validation.')
+    assert(redirectFixture.finalRequestCount() > 0, 'DNS final target was not reached before final URL validation.')
+    assert(!redirected.targetStillVisible, 'Final DNS policy blocked target remained visible.')
+    console.log(
+      JSON.stringify(
+        {
+          browser: version.Browser,
+          dist,
+          scenario,
+          bridge: {
+            baseUrl: bridge.ready.baseUrl,
+            protocolVersion: bridge.ready.protocolVersion,
+            apiTokenPresent: Boolean(bridge.ready.apiToken)
+          },
+          finalDnsPolicyBlocked: {
+            status: finalStatus.status,
+            errorCode: finalStatus.error?.code,
+            hostname: redirectFixture.hostname,
+            reason: finalStatus.error?.details?.reason || '',
+            profileStatus: profile.status,
+            proxyRequestCount: redirectFixture.proxyRequestCount(),
+            finalRequestCount: redirectFixture.finalRequestCount(),
+            targetStillVisible: redirected.targetStillVisible
+          },
+          bridgeStderrTail: redactText(bridge.stderr().slice(-500))
+        },
+        null,
+        2
+      )
+    )
+  } finally {
+    worker?.close()
+    await harness.stopBridge(bridge)
+    redirectFixture?.proxyServer.close()
+    await harness.cleanupChrome(chrome)
+  }
+}
+
+const runFinalDnsLookupFailedScenario = async () => {
+  ensureDistBuilt()
+  const harness = createBrowserSmokeHarness({ root, dist, cdpPort })
+  const lookupFailedHostname = `${'a'.repeat(64)}.com`
+  let redirectFixture
+  redirectFixture = await harness.startDnsFinalProxyServer({ finalHostname: lookupFailedHostname })
+  const chrome = await harness.startChrome({
+    extraArgs: [`--proxy-server=${redirectFixture.proxyUrl}`, '--proxy-bypass-list=127.0.0.1;localhost']
+  })
+  let bridge
+  let worker
+  try {
+    const version = await harness.waitForCdp()
+    const workerTarget = await harness.waitForWorker()
+    worker = await harness.connectTarget(workerTarget)
+    await worker.send('Runtime.enable')
+    await harness.waitForExtensionRuntime(worker)
+    await harness.setAgentBridgeEnabled(worker, true)
+    bridge = await harness.startBridge()
+    const capture = await harness.createCapture(bridge.ready, {
+      url: redirectFixture.url,
+      waitMs: 100,
+      options: { allowPrivateNetworkTarget: false, captureScreenshotMetadata: false, keepTabOpen: false, targetMode: 'new_tab' }
+    })
+    assert(capture.status === 200, `Capture creation failed: ${JSON.stringify(capture)}`)
+    const redirected = await harness.driveCaptureWithFinalUrlBlocked(bridge.ready, capture, [
+      redirectFixture.url,
+      redirectFixture.finalUrlPrefix
+    ])
+    const finalStatus = redirected.finalStatus
+    assert(finalStatus?.status === 'failed', `Expected failed terminal status: ${JSON.stringify(finalStatus)}`)
+    assert(finalStatus.error?.code === 'FINAL_URL_BLOCKED', `Unexpected failure code: ${JSON.stringify(finalStatus)}`)
+    assert(finalStatus.error?.details?.reason === 'dns_lookup_failed', `Unexpected final URL block reason: ${JSON.stringify(finalStatus)}`)
+    const profile = await harness.fetchJson(`${bridge.ready.baseUrl}/v1/captures/${capture.body.id}/profile`, {
+      headers: { authorization: `Bearer ${bridge.ready.apiToken}` }
+    })
+    assert(profile.status !== 200, `Profile endpoint returned fake success: ${JSON.stringify(profile.body)}`)
+    assert(redirectFixture.proxyRequestCount() > 0, 'Public-IP proxy fixture was not reached before final URL validation.')
+    assert(redirectFixture.finalRequestCount() > 0, 'DNS lookup-failed final target was not reached before final URL validation.')
+    assert(!redirected.targetStillVisible, 'Final DNS lookup failed target remained visible.')
+    console.log(
+      JSON.stringify(
+        {
+          browser: version.Browser,
+          dist,
+          scenario,
+          bridge: {
+            baseUrl: bridge.ready.baseUrl,
+            protocolVersion: bridge.ready.protocolVersion,
+            apiTokenPresent: Boolean(bridge.ready.apiToken)
+          },
+          finalDnsLookupFailed: {
+            status: finalStatus.status,
+            errorCode: finalStatus.error?.code,
+            hostname: redirectFixture.hostname,
+            reason: finalStatus.error?.details?.reason || '',
+            profileStatus: profile.status,
+            proxyRequestCount: redirectFixture.proxyRequestCount(),
+            finalRequestCount: redirectFixture.finalRequestCount(),
+            targetStillVisible: redirected.targetStillVisible
+          },
+          bridgeStderrTail: redactText(bridge.stderr().slice(-500))
+        },
+        null,
+        2
+      )
+    )
+  } finally {
+    worker?.close()
+    await harness.stopBridge(bridge)
+    redirectFixture?.proxyServer.close()
+    await harness.cleanupChrome(chrome)
+  }
+}
+
+const runPrivateTargetBlockedScenario = async () => {
+  ensureDistBuilt()
+  const harness = createBrowserSmokeHarness({ root, dist, cdpPort })
+  const privateTarget = await harness.startProbeServer()
+  const chrome = await harness.startChrome()
+  let bridge
+  try {
+    const version = await harness.waitForCdp()
+    await harness.waitForWorker()
+    bridge = await harness.startBridge()
+    const blocked = await harness.createPrivateTargetBlockedCapture(bridge.ready, privateTarget)
+    const createResult = blocked.blocked
+    assert(createResult.status === 400, `Private target was not rejected: ${JSON.stringify(createResult)}`)
+    assert(
+      createResult.body.error?.code === 'PRIVATE_NETWORK_TARGET_BLOCKED',
+      `Unexpected private target error: ${JSON.stringify(createResult)}`
+    )
+    assert(blocked.requestCount === 0, 'Private target server was contacted before bridge rejection.')
+    assert(!blocked.targetStillVisible, 'Blocked private target became visible in CDP targets.')
+    console.log(
+      JSON.stringify(
+        {
+          browser: version.Browser,
+          dist,
+          scenario,
+          bridge: {
+            baseUrl: bridge.ready.baseUrl,
+            protocolVersion: bridge.ready.protocolVersion,
+            apiTokenPresent: Boolean(bridge.ready.apiToken)
+          },
+          privateTargetBlocked: {
+            createStatus: createResult.status,
+            errorCode: createResult.body.error?.code,
+            reason: createResult.body.error?.details?.reason || '',
+            requestCount: blocked.requestCount,
+            targetStillVisible: blocked.targetStillVisible
+          },
+          bridgeStderrTail: redactText(bridge.stderr().slice(-500))
+        },
+        null,
+        2
+      )
+    )
+  } finally {
+    await harness.stopBridge(bridge)
+    privateTarget.server.close()
+    await harness.cleanupChrome(chrome)
+  }
+}
+
+const runDnsNonGlobalBlockedScenario = async () => {
+  ensureDistBuilt()
+  const harness = createBrowserSmokeHarness({ root, dist, cdpPort })
+  const chrome = await harness.startChrome()
+  let bridge
+  try {
+    const version = await harness.waitForCdp()
+    await harness.waitForWorker()
+    bridge = await harness.startBridge()
+    const blocked = await harness.createDnsNonGlobalBlockedCapture(bridge.ready)
+    const createResult = blocked.blocked
+    assert(createResult.status === 400, `DNS policy target was not rejected: ${JSON.stringify(createResult)}`)
+    assert(
+      ['PRIVATE_NETWORK_TARGET_BLOCKED', 'TARGET_DNS_LOOKUP_FAILED'].includes(createResult.body.error?.code),
+      `Unexpected DNS policy error: ${JSON.stringify(createResult)}`
+    )
+    assert(!blocked.targetStillVisible, 'Blocked DNS policy target became visible in CDP targets.')
+    console.log(
+      JSON.stringify(
+        {
+          browser: version.Browser,
+          dist,
+          scenario,
+          bridge: {
+            baseUrl: bridge.ready.baseUrl,
+            protocolVersion: bridge.ready.protocolVersion,
+            apiTokenPresent: Boolean(bridge.ready.apiToken)
+          },
+          dnsNonGlobalBlocked: {
+            hostname: blocked.hostname,
+            resolvedAddresses: blocked.resolvedAddresses,
+            dnsError: blocked.dnsError,
+            createStatus: createResult.status,
+            errorCode: createResult.body.error?.code,
+            reason: createResult.body.error?.details?.reason || '',
+            targetStillVisible: blocked.targetStillVisible
+          },
+          bridgeStderrTail: redactText(bridge.stderr().slice(-500))
+        },
+        null,
+        2
+      )
+    )
+  } finally {
+    await harness.stopBridge(bridge)
+    await harness.cleanupChrome(chrome)
+  }
+}
+
+const runDnsLookupFailedScenario = async () => {
+  const harness = createBrowserSmokeHarness({ root, dist, cdpPort })
+  let bridge
+  try {
+    bridge = await harness.startBridge()
+    const hostname = `${'a'.repeat(64)}.com`
+    const targetUrl = `https://${hostname}/dns-lookup-failed?token=secret#frag`
+    let dnsError = ''
+    try {
+      await import('node:dns/promises').then(({ lookup }) => lookup(hostname, { all: true, verbatim: true }))
+    } catch (error) {
+      dnsError = error?.code || (error instanceof Error ? error.message : String(error))
+    }
+    assert(dnsError, 'DNS lookup failure fixture unexpectedly resolved.')
+    const createResult = await harness.createCapture(bridge.ready, {
+      url: targetUrl,
+      options: { allowPrivateNetworkTarget: false, captureScreenshotMetadata: false, keepTabOpen: false, targetMode: 'new_tab' }
+    })
+    assert(createResult.status === 400, `DNS lookup failure target was not rejected: ${JSON.stringify(createResult)}`)
+    assert(
+      createResult.body.error?.code === 'TARGET_DNS_LOOKUP_FAILED',
+      `Unexpected DNS lookup failure error: ${JSON.stringify(createResult)}`
+    )
+    assert(
+      createResult.body.error?.details?.reason === 'dns_lookup_failed',
+      `Unexpected DNS lookup failure reason: ${JSON.stringify(createResult)}`
+    )
+    const health = await harness.fetchJson(bridge.ready.healthUrl)
+    assert(health.status === 200 && health.body.activeCaptures === 0, `DNS lookup failure left active capture: ${JSON.stringify(health)}`)
+    console.log(
+      JSON.stringify(
+        {
+          scenario,
+          bridge: {
+            baseUrl: bridge.ready.baseUrl,
+            protocolVersion: bridge.ready.protocolVersion,
+            apiTokenPresent: Boolean(bridge.ready.apiToken)
+          },
+          dnsLookupFailed: {
+            hostname,
+            dnsError,
+            createStatus: createResult.status,
+            errorCode: createResult.body.error?.code,
+            reason: createResult.body.error?.details?.reason || '',
+            activeCapturesAfterReject: health.body.activeCaptures
+          },
+          bridgeStderrTail: redactText(bridge.stderr().slice(-500))
+        },
+        null,
+        2
+      )
+    )
+  } finally {
+    await harness.stopBridge(bridge)
+  }
+}
+
+const runBridgeSelfTargetBlockedScenario = async () => {
+  const harness = createBrowserSmokeHarness({ root, dist, cdpPort })
+  let bridge
+  try {
+    bridge = await harness.startBridge()
+    const selfTargetUrl = `${bridge.ready.baseUrl}/bridge?session=s_test&capture=c_test&nonce=n_test#apiToken=secret`
+    const localhostAliasUrl = selfTargetUrl.replace('127.0.0.1', 'localhost')
+    const options = { allowPrivateNetworkTarget: true, captureScreenshotMetadata: false, keepTabOpen: false, targetMode: 'new_tab' }
+    const selfTarget = await harness.createCapture(bridge.ready, { url: selfTargetUrl, options })
+    const localhostAlias = await harness.createCapture(bridge.ready, { url: localhostAliasUrl, options })
+    assert(selfTarget.status === 400, `Bridge self-target was not rejected: ${JSON.stringify(selfTarget)}`)
+    assert(
+      selfTarget.body.error?.code === 'BRIDGE_SELF_TARGET_BLOCKED',
+      `Unexpected bridge self-target error: ${JSON.stringify(selfTarget)}`
+    )
+    assert(localhostAlias.status === 400, `Bridge localhost alias self-target was not rejected: ${JSON.stringify(localhostAlias)}`)
+    assert(
+      localhostAlias.body.error?.code === 'BRIDGE_SELF_TARGET_BLOCKED',
+      `Unexpected bridge localhost alias self-target error: ${JSON.stringify(localhostAlias)}`
+    )
+    const health = await harness.fetchJson(bridge.ready.healthUrl)
+    assert(
+      health.status === 200 && health.body.activeCaptures === 0,
+      `Bridge self-target rejection left active capture: ${JSON.stringify(health)}`
+    )
+    console.log(
+      JSON.stringify(
+        {
+          scenario,
+          bridge: {
+            baseUrl: bridge.ready.baseUrl,
+            protocolVersion: bridge.ready.protocolVersion,
+            apiTokenPresent: Boolean(bridge.ready.apiToken)
+          },
+          bridgeSelfTargetBlocked: {
+            createStatus: selfTarget.status,
+            errorCode: selfTarget.body.error?.code,
+            localhostAliasStatus: localhostAlias.status,
+            localhostAliasErrorCode: localhostAlias.body.error?.code,
+            activeCapturesAfterReject: health.body.activeCaptures
+          },
+          bridgeStderrTail: redactText(bridge.stderr().slice(-500))
+        },
+        null,
+        2
+      )
+    )
+  } finally {
+    await harness.stopBridge(bridge)
+  }
+}
+
+const runActiveTabUnavailableScenario = async () => {
+  ensureDistBuilt()
+  const harness = createBrowserSmokeHarness({ root, dist, cdpPort })
+  const probe = await harness.startProbeServer()
+  const chrome = await harness.startChrome()
+  let bridge
+  let worker
+  try {
+    const version = await harness.waitForCdp()
+    const workerTarget = await harness.waitForWorker()
+    worker = await harness.connectTarget(workerTarget)
+    await worker.send('Runtime.enable')
+    await harness.waitForExtensionRuntime(worker)
+    await harness.setAgentBridgeEnabled(worker, true)
+    bridge = await harness.startBridge()
+
+    const capture = await harness.createCapture(bridge.ready, {
+      url: probe.url,
+      waitMs: 100,
+      options: { allowPrivateNetworkTarget: true, captureScreenshotMetadata: false, keepTabOpen: false, targetMode: 'active_tab' }
+    })
+    assert(capture.status === 200, `Active-tab-unavailable capture creation failed: ${JSON.stringify(capture)}`)
+    const opened = await harness.openBridgePage(capture.body.bridgeUrl)
+    let finalStatus
+    let profile
+    let dom
+    try {
+      finalStatus = await harness.pollCapture(bridge.ready, capture.body.id, 30)
+      profile = await harness.fetchJson(`${bridge.ready.baseUrl}/v1/captures/${capture.body.id}/profile`, {
+        headers: { authorization: `Bearer ${bridge.ready.apiToken}` }
+      })
+      dom = await opened.page.send('Runtime.evaluate', {
+        expression:
+          '({ready:document.documentElement.dataset.stackprismAgentBridgeClient||"",error:document.documentElement.dataset.stackprismAgentBridgeError||"",title:document.title})',
+        returnByValue: true
+      })
+    } finally {
+      try {
+        opened.page.close()
+      } catch {}
+      await harness.closeTarget(opened.target.id).catch(() => {})
+    }
+    assert(
+      finalStatus?.status === 'failed' && finalStatus.error?.code === 'ACTIVE_TAB_UNAVAILABLE',
+      `Active-tab unavailable did not fail as ACTIVE_TAB_UNAVAILABLE: ${JSON.stringify(finalStatus)}`
+    )
+    assert(profile.status !== 200, `Active-tab unavailable returned fake profile: ${JSON.stringify(profile.body)}`)
+    assert(probe.requestCount() === 0, `Active-tab unavailable fetched target before resolving active tab: ${probe.requestCount()}`)
+    const tabs = await harness.listExtensionTabs(worker)
+    assert(!tabs.some(tab => String(tab.url).startsWith(probe.url)), `Active-tab unavailable opened target URL: ${JSON.stringify(tabs)}`)
+
+    console.log(
+      JSON.stringify(
+        {
+          browser: version.Browser,
+          dist,
+          scenario,
+          bridge: {
+            baseUrl: bridge.ready.baseUrl,
+            protocolVersion: bridge.ready.protocolVersion,
+            apiTokenPresent: Boolean(bridge.ready.apiToken)
+          },
+          activeTabUnavailable: {
+            status: finalStatus.status,
+            errorCode: finalStatus.error?.code,
+            profileStatus: profile.status,
+            targetRequestCount: probe.requestCount(),
+            targetTabOpened: false,
+            bridgeDom: dom.result.value
+          },
+          bridgeStderrTail: redactText(bridge.stderr().slice(-500))
+        },
+        null,
+        2
+      )
+    )
+  } finally {
+    worker?.close()
+    await harness.stopBridge(bridge)
+    probe.server.close()
+    await harness.cleanupChrome(chrome)
+  }
+}
+
+const runCaptureBusyScenario = async () => {
+  ensureDistBuilt()
+  const harness = createBrowserSmokeHarness({ root, dist, cdpPort })
+  const slowFixture = await harness.startSlowFixtureServer()
+  const chrome = await harness.startChrome()
+  let bridge
+  let worker
+  let opened
+  try {
+    const version = await harness.waitForCdp()
+    const workerTarget = await harness.waitForWorker()
+    worker = await harness.connectTarget(workerTarget)
+    await worker.send('Runtime.enable')
+    await harness.waitForExtensionRuntime(worker)
+    await harness.setAgentBridgeEnabled(worker, true)
+    bridge = await harness.startBridge()
+    const first = await harness.createCapture(bridge.ready, {
+      url: slowFixture.url,
+      options: { allowPrivateNetworkTarget: true, captureScreenshotMetadata: false, keepTabOpen: false, targetMode: 'new_tab' }
+    })
+    assert(first.status === 200, `First capture creation failed: ${JSON.stringify(first)}`)
+    opened = await harness.openBridgePage(first.body.bridgeUrl)
+    const runningState = await harness.waitForExtensionCaptureState(worker, first.body.id, value => Number.isInteger(value.targetTabId))
+    const second = await harness.createCapture(bridge.ready, {
+      url: slowFixture.url,
+      options: { allowPrivateNetworkTarget: true, captureScreenshotMetadata: false, keepTabOpen: false, targetMode: 'new_tab' }
+    })
+    assert(second.status === 429, `Second capture was not rejected as busy: ${JSON.stringify(second)}`)
+    assert(second.body.error?.code === 'CAPTURE_BUSY', `Second capture error was not CAPTURE_BUSY: ${JSON.stringify(second)}`)
+    const cancel = await harness.fetchJson(`${bridge.ready.baseUrl}/v1/captures/${first.body.id}`, {
+      method: 'DELETE',
+      headers: { authorization: `Bearer ${bridge.ready.apiToken}` }
+    })
+    assert(cancel.status === 200, `DELETE running capture returned ${cancel.status}.`)
+    const finalStatus = await harness.pollCapture(bridge.ready, first.body.id, 20)
+    assert(finalStatus.status === 'cancelled', `First capture did not cancel cleanly: ${JSON.stringify(finalStatus)}`)
+    const profile = await harness.fetchJson(`${bridge.ready.baseUrl}/v1/captures/${first.body.id}/profile`, {
+      headers: { authorization: `Bearer ${bridge.ready.apiToken}` }
+    })
+    assert(profile.status !== 200, `Cancelled capture returned fake profile: ${JSON.stringify(profile.body)}`)
+    const targets = await harness.listTargets()
+    const targetStillVisible = targets.some(target => target.type === 'page' && String(target.url || '').startsWith(slowFixture.url))
+    assert(!targetStillVisible, `Cancelled busy-smoke target remained visible for tab ${runningState.targetTabId}.`)
+    console.log(
+      JSON.stringify(
+        {
+          browser: version.Browser,
+          dist,
+          scenario,
+          bridge: {
+            baseUrl: bridge.ready.baseUrl,
+            protocolVersion: bridge.ready.protocolVersion,
+            apiTokenPresent: Boolean(bridge.ready.apiToken)
+          },
+          captureBusy: {
+            firstCaptureId: first.body.id,
+            targetTabId: runningState.targetTabId,
+            secondStatus: second.status,
+            secondErrorCode: second.body.error?.code,
+            cancelStatus: cancel.status,
+            finalStatus: finalStatus.status,
+            profileStatus: profile.status,
+            targetStillVisible
+          },
+          bridgeStderrTail: redactText(bridge.stderr().slice(-500))
+        },
+        null,
+        2
+      )
+    )
+  } finally {
+    opened?.page.close()
+    worker?.close()
+    await harness.stopBridge(bridge)
+    slowFixture.server.close()
+    await harness.cleanupChrome(chrome)
+  }
+}
+
+const runTechOnlyScenario = async () => {
+  ensureDistBuilt()
+  const harness = createBrowserSmokeHarness({ root, dist, cdpPort })
+  const fixture = await harness.startFixtureServer()
+  const chrome = await harness.startChrome()
+  let bridge
+  let worker
+  try {
+    const version = await harness.waitForCdp()
+    const workerTarget = await harness.waitForWorker()
+    worker = await harness.connectTarget(workerTarget)
+    await worker.send('Runtime.enable')
+    await harness.waitForExtensionRuntime(worker)
+    await harness.setAgentBridgeEnabled(worker, true)
+    bridge = await harness.startBridge()
+    const capture = await harness.createCapture(bridge.ready, {
+      url: fixture.url,
+      include: ['tech'],
+      waitMs: 100,
+      options: { allowPrivateNetworkTarget: true, maxResourceUrls: 50, captureScreenshotMetadata: true, targetMode: 'new_tab' }
+    })
+    assert(capture.status === 200, `Tech-only capture creation failed: ${JSON.stringify(capture)}`)
+    const driven = await harness.driveCapture(bridge.ready, capture)
+    assert(driven.finalStatus?.status === 'completed', `Tech-only capture did not complete: ${JSON.stringify(driven.finalStatus)}`)
+    assert(driven.profile?.status === 200, `Tech-only profile read failed: ${JSON.stringify(driven.profile)}`)
+    assertSectionNotRequested(driven.profile, ['visual', 'layout', 'components', 'interaction', 'ux', 'assets'])
+    assert(!profileSummary(driven.profile, capture.body.id).screenshotMetadataPresent, 'Tech-only profile included profiler metadata.')
+    console.log(
+      JSON.stringify(
+        {
+          browser: version.Browser,
+          dist,
+          scenario,
+          bridge: {
+            baseUrl: bridge.ready.baseUrl,
+            protocolVersion: bridge.ready.protocolVersion,
+            apiTokenPresent: Boolean(bridge.ready.apiToken)
+          },
+          techOnly: {
+            status: driven.finalStatus.status,
+            profile: profileSummary(driven.profile, capture.body.id),
+            limitations: driven.profile.body.limitations
+          },
+          bridgeStderrTail: redactText(bridge.stderr().slice(-500))
+        },
+        null,
+        2
+      )
+    )
+  } finally {
+    worker?.close()
+    await harness.stopBridge(bridge)
+    fixture.server.close()
+    await harness.cleanupChrome(chrome)
+  }
+}
+
+const runPublicComplexTargetScenario = async () => {
+  ensureDistBuilt()
+  const harness = createBrowserSmokeHarness({ root, dist, cdpPort })
+  const chrome = await harness.startChrome()
+  let bridge
+  let worker
+  try {
+    const version = await harness.waitForCdp()
+    const workerTarget = await harness.waitForWorker()
+    worker = await harness.connectTarget(workerTarget)
+    await worker.send('Runtime.enable')
+    await harness.waitForExtensionRuntime(worker)
+    await harness.setAgentBridgeEnabled(worker, true)
+    bridge = await harness.startBridge()
+
+    const targetResolution = await resolveTargetAddresses(externalTargetUrl)
+    const capture = await harness.createCapture(bridge.ready, {
+      url: externalTargetUrl,
+      include: ['tech', 'visual', 'layout', 'components', 'interaction', 'ux', 'assets'],
+      waitMs: 1000,
+      options: {
+        allowPrivateNetworkTarget: true,
+        captureScreenshotMetadata: false,
+        keepTabOpen: false,
+        maxResourceUrls: 100,
+        targetMode: 'new_tab'
+      }
+    })
+    assert(capture.status === 200, `Public complex target capture creation failed: ${JSON.stringify(capture)}`)
+    const driven = await harness.driveCapture(bridge.ready, capture)
+    assert(
+      driven.finalStatus?.status === 'completed',
+      `Public complex target capture did not complete: ${JSON.stringify(driven.finalStatus)}`
+    )
+    assert(driven.profile?.status === 200, `Public complex target profile read failed: ${JSON.stringify(driven.profile)}`)
+    const profile = profileSummary(driven.profile, capture.body.id)
+    assert(profile?.schema === 'stackprism.site_experience_profile.v1', 'Public complex target profile schema mismatch.')
+    assert(profile.targetFinalUrl.startsWith('https://'), `Public complex target final URL was not HTTPS: ${profile.targetFinalUrl}`)
+    assert(profile.userAgentPresent, 'Public complex target profile did not include browser user agent.')
+    assert(profile.visualKeys.length > 0, 'Public complex target visual profile was empty.')
+    assert(profile.layoutKeys.length > 0, 'Public complex target layout profile was empty.')
+    assert(profile.componentKeys.length > 0, 'Public complex target component profile was empty.')
+    assert(!targetResolution.dnsError, `Public complex target DNS lookup failed: ${targetResolution.dnsError}`)
+    assert(!profile.screenshotMetadataPresent, 'Public complex target included screenshot metadata without request.')
+    assert(!profile.screenshotPayloadPresent, 'Public complex target included screenshot image or pixel payload.')
+    assert(!profile.privacyLeakDetected, 'Public complex target profile included privacy leak markers.')
+
+    console.log(
+      JSON.stringify(
+        {
+          browser: version.Browser,
+          dist,
+          scenario,
+          target: {
+            requestedUrl: externalTargetUrl,
+            resolvedHostname: targetResolution.hostname,
+            resolvedAddresses: targetResolution.addresses,
+            dnsError: targetResolution.dnsError || '',
+            privateNetworkOverrideUsed: true
+          },
+          bridge: {
+            baseUrl: bridge.ready.baseUrl,
+            protocolVersion: bridge.ready.protocolVersion,
+            apiTokenPresent: Boolean(bridge.ready.apiToken)
+          },
+          publicComplexTarget: {
+            status: driven.finalStatus.status,
+            phase: driven.finalStatus.phase,
+            profile
+          },
+          bridgeStderrTail: redactText(bridge.stderr().slice(-500))
+        },
+        null,
+        2
+      )
+    )
+  } finally {
+    worker?.close()
+    await harness.stopBridge(bridge)
+    await harness.cleanupChrome(chrome)
+  }
+}
+
+const runVisualScreenshotScenario = async () => {
+  ensureDistBuilt()
+  const harness = createBrowserSmokeHarness({ root, dist, cdpPort })
+  const fixture = await harness.startFixtureServer()
+  const chrome = await harness.startChrome()
+  let bridge
+  let worker
+  try {
+    const version = await harness.waitForCdp()
+    const workerTarget = await harness.waitForWorker()
+    worker = await harness.connectTarget(workerTarget)
+    await worker.send('Runtime.enable')
+    await harness.waitForExtensionRuntime(worker)
+    await harness.setAgentBridgeEnabled(worker, true)
+    bridge = await harness.startBridge()
+
+    const capture = await harness.createCapture(bridge.ready, {
+      url: fixture.url,
+      include: ['visual', 'layout', 'ux'],
+      waitMs: 100,
+      options: {
+        allowPrivateNetworkTarget: true,
+        captureScreenshot: true,
+        captureScreenshotMetadata: false,
+        keepTabOpen: false,
+        maxResourceUrls: 50,
+        targetMode: 'new_tab'
+      }
+    })
+    assert(capture.status === 200, `Visual screenshot capture creation failed: ${JSON.stringify(capture)}`)
+    const driven = await harness.driveCapture(bridge.ready, capture)
+    assert(driven.finalStatus?.status === 'completed', `Visual screenshot capture did not complete: ${JSON.stringify(driven.finalStatus)}`)
+    assert(driven.profile?.status === 200, `Visual screenshot profile read failed: ${JSON.stringify(driven.profile)}`)
+    const profile = profileSummary(driven.profile, capture.body.id)
+    const screenshot = driven.profile.body.visualProfile?.screenshot
+    const visualReference = driven.profile.body.agentGuidance?.recreationPlan?.visualReference
+    const screenshotFailureLimitations = [
+      'screenshot_capture_unavailable',
+      'screenshot_capture_invalid',
+      'screenshot_image_too_large',
+      'screenshot_capture_failed'
+    ]
+    if (profile?.screenshotPayloadPresent) {
+      assert(typeof screenshot?.dataUrl === 'string' && screenshot.dataUrl.startsWith('data:image/jpeg;base64,'), 'Screenshot data URL is invalid.')
+      assert(screenshot.mimeType === 'image/jpeg', `Unexpected screenshot mime type: ${screenshot.mimeType}`)
+      assert(screenshot.scope === 'visible_viewport', `Unexpected screenshot scope: ${screenshot.scope}`)
+      assert(Number.isInteger(screenshot.byteLength) && screenshot.byteLength > 1000, `Unexpected screenshot byte length: ${screenshot.byteLength}`)
+      assert(visualReference?.screenshotIncluded === true, 'Agent guidance did not mark screenshot as included.')
+    } else {
+      assert(
+        screenshotFailureLimitations.some(limitation => driven.profile.body.limitations.includes(limitation)),
+        `Visual screenshot request omitted payload without a screenshot limitation: ${JSON.stringify(driven.profile.body.limitations)}`
+      )
+      assert(visualReference?.screenshotIncluded === false, 'Agent guidance marked missing screenshot as included.')
+    }
+    assert(!driven.profile.body.limitations.includes('screenshot_image_not_requested'), 'Profile still reported screenshot not requested.')
+
+    console.log(
+      JSON.stringify(
+        {
+          browser: version.Browser,
+          dist,
+          scenario,
+          bridge: {
+            baseUrl: bridge.ready.baseUrl,
+            protocolVersion: bridge.ready.protocolVersion,
+            apiTokenPresent: Boolean(bridge.ready.apiToken)
+          },
+          visualScreenshot: {
+            status: driven.finalStatus.status,
+            phase: driven.finalStatus.phase,
+            profile,
+            screenshot: {
+              included: Boolean(profile.screenshotPayloadPresent),
+              mimeType: screenshot?.mimeType || '',
+              byteLength: screenshot?.byteLength || 0,
+              scope: screenshot?.scope || '',
+              source: screenshot?.source || ''
+            },
+            visualReference
+          },
+          bridgeStderrTail: redactText(bridge.stderr().slice(-500))
+        },
+        null,
+        2
+      )
+    )
+  } finally {
+    worker?.close()
+    await harness.stopBridge(bridge)
+    fixture.server.close()
+    await harness.cleanupChrome(chrome)
+  }
+}
+
+const runServiceWorkerIdleWakeScenario = async () => {
+  ensureDistBuilt()
+  const harness = createBrowserSmokeHarness({ root, dist, cdpPort })
+  const fixture = await harness.startFixtureServer()
+  const chrome = await harness.startChrome()
+  let bridge
+  let worker
+  try {
+    const version = await harness.waitForCdp()
+    const workerTarget = await harness.waitForWorker()
+    worker = await harness.connectTarget(workerTarget)
+    await worker.send('Runtime.enable')
+    await harness.waitForExtensionRuntime(worker)
+    await harness.setAgentBridgeEnabled(worker, true)
+    worker.close()
+    worker = null
+
+    const idle = await harness.waitForNoWorker()
+    bridge = await harness.startBridge()
+    const capture = await harness.createCapture(bridge.ready, {
+      url: fixture.url,
+      include: ['tech'],
+      waitMs: 100,
+      options: { allowPrivateNetworkTarget: true, captureScreenshotMetadata: false, keepTabOpen: false, targetMode: 'new_tab' }
+    })
+    assert(capture.status === 200, `Idle-wake capture creation failed: ${JSON.stringify(capture)}`)
+    const driven = await harness.driveCapture(bridge.ready, capture)
+    assert(driven.finalStatus?.status === 'completed', `Idle-wake capture did not complete: ${JSON.stringify(driven.finalStatus)}`)
+    assert(driven.profile?.status === 200, `Idle-wake profile read failed: ${JSON.stringify(driven.profile)}`)
+    const wokenWorkerTarget = await harness.waitForWorker()
+
+    console.log(
+      JSON.stringify(
+        {
+          browser: version.Browser,
+          dist,
+          scenario,
+          bridge: {
+            baseUrl: bridge.ready.baseUrl,
+            protocolVersion: bridge.ready.protocolVersion,
+            apiTokenPresent: Boolean(bridge.ready.apiToken)
+          },
+          serviceWorkerIdleWake: {
+            initialWorkerTargetId: workerTarget.id,
+            idleElapsedMs: idle.elapsedMs,
+            idleAttempts: idle.attempts,
+            wokenWorkerTargetId: wokenWorkerTarget.id,
+            status: driven.finalStatus.status,
+            profile: profileSummary(driven.profile, capture.body.id)
+          },
+          bridgeStderrTail: redactText(bridge.stderr().slice(-500))
+        },
+        null,
+        2
+      )
+    )
+  } finally {
+    worker?.close()
+    await harness.stopBridge(bridge)
+    fixture.server.close()
+    await harness.cleanupChrome(chrome)
+  }
+}
+
+const runSequentialCapturePressureScenario = async () => {
+  ensureDistBuilt()
+  const harness = createBrowserSmokeHarness({ root, dist, cdpPort })
+  const fixture = await harness.startFixtureServer()
+  const chrome = await harness.startChrome()
+  let bridge
+  let worker
+  try {
+    const version = await harness.waitForCdp()
+    const workerTarget = await harness.waitForWorker()
+    worker = await harness.connectTarget(workerTarget)
+    await worker.send('Runtime.enable')
+    await harness.waitForExtensionRuntime(worker)
+    await harness.setAgentBridgeEnabled(worker, true)
+    bridge = await harness.startBridge()
+    const targetPrefix = withoutFragment(fixture.url)
+    const rounds = []
+
+    for (let index = 0; index < 4; index += 1) {
+      const capture = await harness.createCapture(bridge.ready, {
+        url: fixture.url,
+        waitMs: 100,
+        options: {
+          allowPrivateNetworkTarget: true,
+          captureScreenshotMetadata: index % 2 === 0,
+          keepTabOpen: false,
+          maxResourceUrls: 50,
+          targetMode: 'new_tab'
+        }
+      })
+      assert(capture.status === 200, `Sequential capture ${index + 1} creation failed: ${JSON.stringify(capture)}`)
+      const driven = await harness.driveCapture(bridge.ready, capture)
+      assert(
+        driven.finalStatus?.status === 'completed',
+        `Sequential capture ${index + 1} did not complete: ${JSON.stringify(driven.finalStatus)}`
+      )
+      assert(driven.profile?.status === 200, `Sequential capture ${index + 1} profile read failed: ${JSON.stringify(driven.profile)}`)
+      const health = await harness.fetchJson(bridge.ready.healthUrl)
+      assert(health.body?.activeCaptures === 0, `Sequential capture ${index + 1} left active captures: ${JSON.stringify(health)}`)
+      const targetCleanup = await harness.waitForNoPageTarget(targetPrefix)
+      assert(
+        !targetCleanup.targetStillVisible,
+        `Sequential capture ${index + 1} left target tab visible: ${JSON.stringify(targetCleanup.visibleTargets)}`
+      )
+      rounds.push({
+        round: index + 1,
+        status: driven.finalStatus.status,
+        phase: driven.finalStatus.phase,
+        profileStatus: driven.profile.status,
+        activeCaptures: health.body.activeCaptures,
+        targetStillVisible: targetCleanup.targetStillVisible,
+        screenshotMetadataPresent: profileSummary(driven.profile, capture.body.id).screenshotMetadataPresent
+      })
+    }
+
+    console.log(
+      JSON.stringify(
+        {
+          browser: version.Browser,
+          dist,
+          scenario,
+          bridge: {
+            baseUrl: bridge.ready.baseUrl,
+            protocolVersion: bridge.ready.protocolVersion,
+            apiTokenPresent: Boolean(bridge.ready.apiToken)
+          },
+          sequentialCapturePressure: {
+            rounds
+          },
+          bridgeStderrTail: redactText(bridge.stderr().slice(-500))
+        },
+        null,
+        2
+      )
+    )
+  } finally {
+    worker?.close()
+    await harness.stopBridge(bridge)
+    fixture.server.close()
+    await harness.cleanupChrome(chrome)
+  }
+}
+
+const runTargetNavigatedAwayScenario = async () => {
+  ensureDistBuilt()
+  const harness = createBrowserSmokeHarness({ root, dist, cdpPort })
+  const fixture = await harness.startFixtureServer()
+  const chrome = await harness.startChrome()
+  let bridge
+  let worker
+  try {
+    const version = await harness.waitForCdp()
+    const workerTarget = await harness.waitForWorker()
+    worker = await harness.connectTarget(workerTarget)
+    await worker.send('Runtime.enable')
+    await harness.waitForExtensionRuntime(worker)
+    await harness.setAgentBridgeEnabled(worker, true)
+    bridge = await harness.startBridge()
+
+    const origin = new URL(fixture.url).origin
+    const awayUrl = `${origin}/target-navigated-away?view=other`
+    const capture = await harness.createCapture(bridge.ready, {
+      url: fixture.url,
+      include: ['visual'],
+      waitMs: 5000,
+      options: { allowPrivateNetworkTarget: true, captureScreenshotMetadata: false, keepTabOpen: false, targetMode: 'new_tab' }
+    })
+    assert(capture.status === 200, `Target navigation-away capture creation failed: ${JSON.stringify(capture)}`)
+    const navigatedAway = await harness.driveCaptureWithTargetNavigationAway(bridge.ready, worker, capture, awayUrl, origin)
+    assert(
+      navigatedAway.finalStatus?.status === 'failed' &&
+        navigatedAway.finalStatus.error?.code === 'TARGET_NAVIGATED_AWAY' &&
+        navigatedAway.finalStatus.error?.details?.finalUrlChanged === true,
+      `Target navigation-away capture did not fail as TARGET_NAVIGATED_AWAY: ${JSON.stringify(navigatedAway.finalStatus)}`
+    )
+    assert(navigatedAway.profileStatus !== 200, `Navigation-away capture returned fake profile: ${JSON.stringify(navigatedAway)}`)
+    assert(!navigatedAway.targetStillVisible, `Navigation-away target remained visible: ${JSON.stringify(navigatedAway)}`)
+
+    console.log(
+      JSON.stringify(
+        {
+          browser: version.Browser,
+          dist,
+          scenario,
+          bridge: {
+            baseUrl: bridge.ready.baseUrl,
+            protocolVersion: bridge.ready.protocolVersion,
+            apiTokenPresent: Boolean(bridge.ready.apiToken)
+          },
+          targetNavigatedAway: {
+            status: navigatedAway.finalStatus.status,
+            errorCode: navigatedAway.finalStatus.error?.code,
+            finalUrlChanged: navigatedAway.finalStatus.error?.details?.finalUrlChanged === true,
+            originalFinalUrl: navigatedAway.originalFinalUrl,
+            requestedAwayUrl: navigatedAway.requestedAwayUrl,
+            updateResultUrl: navigatedAway.updateResultUrl,
+            profileStatus: navigatedAway.profileStatus,
+            targetTabId: navigatedAway.targetTabId,
+            targetStillVisible: navigatedAway.targetStillVisible
+          },
+          bridgeStderrTail: redactText(bridge.stderr().slice(-500))
+        },
+        null,
+        2
+      )
+    )
+  } finally {
+    worker?.close()
+    await harness.stopBridge(bridge)
+    fixture.server.close()
+    await harness.cleanupChrome(chrome)
+  }
+}
+
+const runTargetLoadFailedScenario = async () => {
+  ensureDistBuilt()
+  const harness = createBrowserSmokeHarness({ root, dist, cdpPort })
+  const loadFailure = await harness.startLoadFailureServer()
+  const chrome = await harness.startChrome()
+  let bridge
+  let worker
+  try {
+    const version = await harness.waitForCdp()
+    const workerTarget = await harness.waitForWorker()
+    worker = await harness.connectTarget(workerTarget)
+    await worker.send('Runtime.enable')
+    await harness.waitForExtensionRuntime(worker)
+    await harness.setAgentBridgeEnabled(worker, true)
+    bridge = await harness.startBridge()
+
+    const capture = await harness.createCapture(bridge.ready, {
+      url: loadFailure.url,
+      include: ['visual'],
+      waitMs: 100,
+      options: { allowPrivateNetworkTarget: true, captureScreenshotMetadata: false, keepTabOpen: false, targetMode: 'new_tab' }
+    })
+    assert(capture.status === 200, `Target load-failed capture creation failed: ${JSON.stringify(capture)}`)
+    const failedLoad = await harness.driveCaptureWithTargetLoadFailure(bridge.ready, worker, capture)
+    assert(
+      failedLoad.finalStatus?.status === 'failed' && failedLoad.finalStatus.error?.code === 'TARGET_LOAD_FAILED',
+      `Target load failure did not fail as TARGET_LOAD_FAILED: ${JSON.stringify(failedLoad.finalStatus)}`
+    )
+    assert(failedLoad.profileStatus !== 200, `Load-failed capture returned fake profile: ${JSON.stringify(failedLoad)}`)
+    assert(!failedLoad.targetStillExists, `Load-failed target tab remained open: ${JSON.stringify(failedLoad)}`)
+    assert(loadFailure.requestCount() > 0, 'Load failure fixture was not reached by Chrome.')
+
+    console.log(
+      JSON.stringify(
+        {
+          browser: version.Browser,
+          dist,
+          scenario,
+          bridge: {
+            baseUrl: bridge.ready.baseUrl,
+            protocolVersion: bridge.ready.protocolVersion,
+            apiTokenPresent: Boolean(bridge.ready.apiToken)
+          },
+          targetLoadFailed: {
+            status: failedLoad.finalStatus.status,
+            errorCode: failedLoad.finalStatus.error?.code,
+            profileStatus: failedLoad.profileStatus,
+            requestCount: loadFailure.requestCount(),
+            targetTabId: failedLoad.targetTabId,
+            targetStillExists: failedLoad.targetStillExists
+          },
+          bridgeStderrTail: redactText(bridge.stderr().slice(-500))
+        },
+        null,
+        2
+      )
+    )
+  } finally {
+    worker?.close()
+    await harness.stopBridge(bridge)
+    loadFailure.server.close()
+    await harness.cleanupChrome(chrome)
+  }
+}
+
+const runTargetLoadTimeoutScenario = async () => {
+  ensureDistBuilt()
+  const harness = createBrowserSmokeHarness({ root, dist, cdpPort })
+  const slowFixture = await harness.startSlowFixtureServer(70000)
+  const chrome = await harness.startChrome()
+  let bridge
+  let worker
+  try {
+    const version = await harness.waitForCdp()
+    const workerTarget = await harness.waitForWorker()
+    worker = await harness.connectTarget(workerTarget)
+    await worker.send('Runtime.enable')
+    await harness.waitForExtensionRuntime(worker)
+    await harness.setAgentBridgeEnabled(worker, true)
+    bridge = await harness.startBridge()
+
+    const capture = await harness.createCapture(bridge.ready, {
+      url: slowFixture.url,
+      include: ['visual'],
+      waitMs: 0,
+      options: { allowPrivateNetworkTarget: true, captureScreenshotMetadata: false, keepTabOpen: false, targetMode: 'new_tab' }
+    })
+    assert(capture.status === 200, `Target load-timeout capture creation failed: ${JSON.stringify(capture)}`)
+    const timedOut = await harness.driveCaptureWithTargetLoadTimeout(bridge.ready, worker, capture)
+    assert(
+      timedOut.finalStatus?.status === 'failed' && timedOut.finalStatus.error?.code === 'TARGET_LOAD_TIMEOUT',
+      `Target load timeout did not fail as TARGET_LOAD_TIMEOUT: ${JSON.stringify(timedOut.finalStatus)}`
+    )
+    assert(timedOut.profileStatus !== 200, `Load-timeout capture returned fake profile: ${JSON.stringify(timedOut)}`)
+    assert(!timedOut.targetStillExists, `Load-timeout target tab remained open: ${JSON.stringify(timedOut)}`)
+
+    console.log(
+      JSON.stringify(
+        {
+          browser: version.Browser,
+          dist,
+          scenario,
+          bridge: {
+            baseUrl: bridge.ready.baseUrl,
+            protocolVersion: bridge.ready.protocolVersion,
+            apiTokenPresent: Boolean(bridge.ready.apiToken)
+          },
+          targetLoadTimeout: {
+            status: timedOut.finalStatus.status,
+            errorCode: timedOut.finalStatus.error?.code,
+            profileStatus: timedOut.profileStatus,
+            targetTabId: timedOut.targetTabId,
+            targetStillExists: timedOut.targetStillExists
+          },
+          bridgeStderrTail: redactText(bridge.stderr().slice(-500))
+        },
+        null,
+        2
+      )
+    )
+  } finally {
+    worker?.close()
+    await harness.stopBridge(bridge)
+    slowFixture.server.close()
+    await harness.cleanupChrome(chrome)
+  }
+}
+
+const runTargetModeQueryBoundariesScenario = async () => {
+  ensureDistBuilt()
+  const harness = createBrowserSmokeHarness({ root, dist, cdpPort })
+  const fixture = await harness.startFixtureServer()
+  const chrome = await harness.startChrome()
+  let bridge
+  let worker
+  const createdTabIds = new Set()
+  try {
+    const version = await harness.waitForCdp()
+    const workerTarget = await harness.waitForWorker()
+    worker = await harness.connectTarget(workerTarget)
+    await worker.send('Runtime.enable')
+    await harness.waitForExtensionRuntime(worker)
+    await harness.setAgentBridgeEnabled(worker, true)
+    bridge = await harness.startBridge()
+
+    const origin = new URL(fixture.url).origin
+    const reuseExistingUrl = `${origin}/target-mode-query?view=existing`
+    const reuseCaptureUrl = `${origin}/target-mode-query?view=capture`
+    const activeExistingUrl = `${origin}/target-mode-active?view=existing`
+    const activeCaptureUrl = `${origin}/target-mode-active?view=capture`
+
+    const reuseExistingTab = await harness.createExtensionTab(worker, reuseExistingUrl, { active: true })
+    createdTabIds.add(reuseExistingTab.id)
+    const reuseCapture = await harness.createCapture(bridge.ready, {
+      url: reuseCaptureUrl,
+      waitMs: 100,
+      options: { allowPrivateNetworkTarget: true, captureScreenshotMetadata: false, keepTabOpen: true, targetMode: 'reuse_or_new_tab' }
+    })
+    assert(reuseCapture.status === 200, `Reuse query capture creation failed: ${JSON.stringify(reuseCapture)}`)
+    const reused = await harness.driveCapture(bridge.ready, reuseCapture)
+    assert(reused.finalStatus?.status === 'completed', `Reuse query capture did not complete: ${JSON.stringify(reused.finalStatus)}`)
+    const afterReuseTabs = await harness.listExtensionTabs(worker)
+    const separateQueryTabs = afterReuseTabs.filter(tab => tab.id !== reuseExistingTab.id && String(tab.url).startsWith(reuseCaptureUrl))
+    for (const tab of separateQueryTabs) createdTabIds.add(tab.id)
+    assert(
+      afterReuseTabs.some(tab => tab.id === reuseExistingTab.id && String(tab.url).startsWith(reuseExistingUrl)),
+      `Existing query tab was not preserved: ${JSON.stringify(afterReuseTabs)}`
+    )
+    assert(separateQueryTabs.length > 0, `Query-different target did not open a separate tab: ${JSON.stringify(afterReuseTabs)}`)
+    const keptNewTargetTabId = separateQueryTabs[0].id
+
+    const activeExistingTab = await harness.createExtensionTab(worker, activeExistingUrl, { active: true })
+    createdTabIds.add(activeExistingTab.id)
+    const activeCapture = await harness.createCapture(bridge.ready, {
+      url: activeCaptureUrl,
+      waitMs: 100,
+      options: { allowPrivateNetworkTarget: true, captureScreenshotMetadata: false, keepTabOpen: false, targetMode: 'active_tab' }
+    })
+    assert(activeCapture.status === 200, `Active-tab capture creation failed: ${JSON.stringify(activeCapture)}`)
+    const activeMismatch = await harness.driveCapture(bridge.ready, activeCapture)
+    assert(
+      activeMismatch.finalStatus?.status === 'failed' && activeMismatch.finalStatus.error?.code === 'ACTIVE_TAB_MISMATCH',
+      `Active-tab query mismatch did not fail as ACTIVE_TAB_MISMATCH: ${JSON.stringify(activeMismatch.finalStatus)}`
+    )
+    const afterActiveTabs = await harness.listExtensionTabs(worker)
+    assert(
+      !afterActiveTabs.some(tab => String(tab.url).startsWith(activeCaptureUrl)),
+      `Active-tab mismatch unexpectedly opened the target URL: ${JSON.stringify(afterActiveTabs)}`
+    )
+
+    console.log(
+      JSON.stringify(
+        {
+          browser: version.Browser,
+          dist,
+          scenario,
+          bridge: {
+            baseUrl: bridge.ready.baseUrl,
+            protocolVersion: bridge.ready.protocolVersion,
+            apiTokenPresent: Boolean(bridge.ready.apiToken)
+          },
+          targetModeQueryBoundaries: {
+            reuseStatus: reused.finalStatus.status,
+            existingTabId: reuseExistingTab.id,
+            separateQueryTabFound: true,
+            keepTabOpenWasTrue: true,
+            keptNewTargetTabId,
+            activeStatus: activeMismatch.finalStatus.status,
+            activeErrorCode: activeMismatch.finalStatus.error?.code,
+            activeExistingTabId: activeExistingTab.id
+          },
+          bridgeStderrTail: redactText(bridge.stderr().slice(-500))
+        },
+        null,
+        2
+      )
+    )
+  } finally {
+    if (worker) {
+      await Promise.all([...createdTabIds].map(tabId => harness.removeTab(worker, tabId).catch(() => {})))
+      worker.close()
+    }
+    await harness.stopBridge(bridge)
+    fixture.server.close()
+    await harness.cleanupChrome(chrome)
+  }
+}
+
+const runBridgeIframeBlockedScenario = async () => {
+  ensureDistBuilt()
+  const harness = createBrowserSmokeHarness({ root, dist, cdpPort })
+  const chrome = await harness.startChrome()
+  let bridge
+  try {
+    const version = await harness.waitForCdp()
+    bridge = await harness.startBridge()
+    const capture = await harness.createCapture(bridge.ready, {
+      url: externalTargetUrl,
+      options: { allowPrivateNetworkTarget: true, captureScreenshotMetadata: false, keepTabOpen: false, targetMode: 'new_tab' }
+    })
+    assert(capture.status === 200, `Capture creation failed: ${JSON.stringify(capture)}`)
+    const iframeProbe = await harness.probeBridgeIframeBlocking(capture.body.bridgeUrl)
+    assert(iframeProbe.attackerRequestCount === 1, `Attacker iframe page was not requested once: ${JSON.stringify(iframeProbe)}`)
+    assert(!iframeProbe.probe.outerHtmlIncludesBridgeToken, `Attacker DOM included bridge token: ${JSON.stringify(iframeProbe)}`)
+    assert(!iframeProbe.probe.frameHtmlIncludesBridgeToken, `Iframe document included bridge token: ${JSON.stringify(iframeProbe)}`)
+    assert(
+      iframeProbe.firstRenderStatus === 200 && iframeProbe.firstRenderContainsBridgeToken,
+      `Iframe attempt consumed or blocked the first top-level bridge token render: ${JSON.stringify(iframeProbe)}`
+    )
+    const cancel = await harness.fetchJson(`${bridge.ready.baseUrl}/v1/captures/${capture.body.id}`, {
+      method: 'DELETE',
+      headers: { authorization: `Bearer ${bridge.ready.apiToken}` }
+    })
+    assert(cancel.status === 200 || cancel.status === 409, `Cleanup DELETE returned ${cancel.status}: ${JSON.stringify(cancel.body)}`)
+    console.log(
+      JSON.stringify(
+        {
+          browser: version.Browser,
+          dist,
+          scenario,
+          bridge: {
+            baseUrl: bridge.ready.baseUrl,
+            protocolVersion: bridge.ready.protocolVersion,
+            apiTokenPresent: Boolean(bridge.ready.apiToken)
+          },
+          bridgeIframeBlocked: {
+            attackerRequestCount: iframeProbe.attackerRequestCount,
+            frameAccess: iframeProbe.probe.frameAccess,
+            frameBodyText: redactText(iframeProbe.probe.frameBodyText || ''),
+            frameCount: iframeProbe.probe.frameCount,
+            frameHtmlIncludedBridgeToken: iframeProbe.probe.frameHtmlIncludesBridgeToken,
+            firstRenderStatus: iframeProbe.firstRenderStatus,
+            firstRenderContainsBridgeToken: iframeProbe.firstRenderContainsBridgeToken,
+            attackerDomIncludedBridgeToken: iframeProbe.probe.outerHtmlIncludesBridgeToken,
+            cleanupDeleteStatus: cancel.status
+          },
+          bridgeStderrTail: redactText(bridge.stderr().slice(-500))
+        },
+        null,
+        2
+      )
+    )
+  } finally {
+    await harness.stopBridge(bridge)
+    await harness.cleanupChrome(chrome)
+  }
+}
+
+const runWrongProfileExtensionMissingScenario = async () => {
+  ensureDistBuilt()
+  const harness = createBrowserSmokeHarness({ root, dist, cdpPort })
+  const probe = await harness.startProbeServer()
+  const chrome = await harness.startChromeWithoutExtension()
+  let bridge
+  try {
+    const version = await harness.waitForCdp()
+    bridge = await harness.startBridge({
+      noOpen: false,
+      env: {
+        STACKPRISM_BROWSER_OPEN_COMMAND: process.execPath,
+        STACKPRISM_BROWSER_OPEN_ARGS_JSON: JSON.stringify(['--input-type=module', '-e', openBridgeWithCdpScript]),
+        STACKPRISM_BROWSER_SMOKE_CDP_BASE_URL: cdpBaseUrl
+      }
+    })
+    const capture = await harness.createCapture(bridge.ready, {
+      url: probe.url,
+      options: { allowPrivateNetworkTarget: true, captureScreenshotMetadata: false, keepTabOpen: false, targetMode: 'new_tab' }
+    })
+    assert(capture.status === 200, `Capture creation failed: ${JSON.stringify(capture)}`)
+    const finalStatus = await harness.pollCapture(bridge.ready, capture.body.id, 40)
+    assert(
+      finalStatus.status === 'failed' && finalStatus.error?.code === 'EXTENSION_NOT_CONNECTED',
+      `Wrong-profile capture did not fail as EXTENSION_NOT_CONNECTED: ${JSON.stringify(finalStatus)}`
+    )
+    const profile = await harness.fetchJson(`${bridge.ready.baseUrl}/v1/captures/${capture.body.id}/profile`, {
+      headers: { authorization: `Bearer ${bridge.ready.apiToken}` }
+    })
+    assert(profile.status !== 200, `Wrong-profile capture returned fake profile: ${JSON.stringify(profile.body)}`)
+    assert(probe.requestCount() === 0, `Wrong-profile capture fetched target before extension connected: ${probe.requestCount()}`)
+    console.log(
+      JSON.stringify(
+        {
+          browser: version.Browser,
+          dist,
+          scenario,
+          bridge: {
+            baseUrl: bridge.ready.baseUrl,
+            protocolVersion: bridge.ready.protocolVersion,
+            apiTokenPresent: Boolean(bridge.ready.apiToken)
+          },
+          wrongProfileExtensionMissing: {
+            status: finalStatus.status,
+            errorCode: finalStatus.error?.code,
+            profileStatus: profile.status,
+            targetRequestCount: probe.requestCount()
+          },
+          bridgeStderrTail: redactText(bridge.stderr().slice(-500))
+        },
+        null,
+        2
+      )
+    )
+  } finally {
+    await harness.stopBridge(bridge)
+    probe.server.close()
+    await harness.cleanupChrome(chrome)
+  }
+}
+
+const runHostValidationScenario = async () => {
+  const harness = createBrowserSmokeHarness({ root, dist, cdpPort })
+  const probe = await harness.startProbeServer()
+  let bridge
+  try {
+    bridge = await harness.startBridge()
+    const url = new URL(bridge.ready.baseUrl)
+    const host = url.host
+    const capture = await harness.createCapture(bridge.ready, {
+      url: probe.url,
+      options: { allowPrivateNetworkTarget: true, captureScreenshotMetadata: false, keepTabOpen: false, targetMode: 'new_tab' }
+    })
+    assert(capture.status === 200, `Capture creation failed: ${JSON.stringify(capture)}`)
+    const bridgePath = new URL(capture.body.bridgeUrl).pathname + new URL(capture.body.bridgeUrl).search
+    const statusPath = `/v1/captures/${capture.body.id}`
+
+    const correctHealth = await harness.rawHttp(url.port, ['GET /health HTTP/1.1', `Host: ${host}`, 'Connection: close', '', ''])
+    assertRawHttpStatus(correctHealth, 200, 'Correct /health host')
+    assertRawHttpIncludes(correctHealth, /"service":"stackprism-agent-bridge"/, 'Correct /health host')
+
+    const localhostHealth = await harness.rawHttp(url.port, [
+      'GET /health HTTP/1.1',
+      `Host: localhost:${url.port}`,
+      'Connection: close',
+      '',
+      ''
+    ])
+    assertRawHttpStatus(localhostHealth, 400, 'localhost /health host')
+    assertRawHttpIncludes(localhostHealth, /INVALID_REQUEST/, 'localhost /health host')
+
+    const wrongPortHealth = await harness.rawHttp(url.port, [
+      'GET /health HTTP/1.1',
+      `Host: 127.0.0.1:${Number(url.port) + 1}`,
+      'Connection: close',
+      '',
+      ''
+    ])
+    assertRawHttpStatus(wrongPortHealth, 400, 'wrong-port /health host')
+    assertRawHttpIncludes(wrongPortHealth, /INVALID_REQUEST/, 'wrong-port /health host')
+
+    const ipv6Health = await harness.rawHttp(url.port, ['GET /health HTTP/1.1', `Host: [::1]:${url.port}`, 'Connection: close', '', ''])
+    assertRawHttpStatus(ipv6Health, 400, 'ipv6 /health host')
+    assertRawHttpIncludes(ipv6Health, /INVALID_REQUEST/, 'ipv6 /health host')
+
+    const wrongBridgeHost = await harness.rawHttp(url.port, [
+      `GET ${bridgePath} HTTP/1.1`,
+      `Host: localhost:${url.port}`,
+      'Connection: close',
+      '',
+      ''
+    ])
+    assertRawHttpStatus(wrongBridgeHost, 400, 'wrong-host /bridge')
+    assertRawHttpIncludes(wrongBridgeHost, /INVALID_REQUEST/, 'wrong-host /bridge')
+    assert(!wrongBridgeHost.includes('spbt_'), `wrong-host /bridge leaked bridge token: ${redactText(wrongBridgeHost)}`)
+
+    const correctBridgeHost = await harness.rawHttp(url.port, [`GET ${bridgePath} HTTP/1.1`, `Host: ${host}`, 'Connection: close', '', ''])
+    assertRawHttpStatus(correctBridgeHost, 200, 'correct-host /bridge')
+    assertRawHttpIncludes(correctBridgeHost, /spbt_/, 'correct-host /bridge')
+
+    const wrongBearerHost = await harness.rawHttp(url.port, [
+      `GET ${statusPath} HTTP/1.1`,
+      `Host: localhost:${url.port}`,
+      `Authorization: Bearer ${bridge.ready.apiToken}`,
+      'Connection: close',
+      '',
+      ''
+    ])
+    assertRawHttpStatus(wrongBearerHost, 400, 'wrong-host bearer endpoint')
+    assertRawHttpIncludes(wrongBearerHost, /INVALID_REQUEST/, 'wrong-host bearer endpoint')
+
+    const correctBearerHost = await harness.rawHttp(url.port, [
+      `GET ${statusPath} HTTP/1.1`,
+      `Host: ${host}`,
+      `Authorization: Bearer ${bridge.ready.apiToken}`,
+      'Connection: close',
+      '',
+      ''
+    ])
+    assertRawHttpStatus(correctBearerHost, 200, 'correct-host bearer endpoint')
+    assertRawHttpIncludes(correctBearerHost, /"id":/, 'correct-host bearer endpoint')
+    assert(probe.requestCount() === 0, `Host validation scenario unexpectedly fetched target: ${probe.requestCount()}`)
+
+    console.log(
+      JSON.stringify(
+        {
+          scenario,
+          bridge: {
+            baseUrl: bridge.ready.baseUrl,
+            protocolVersion: bridge.ready.protocolVersion,
+            apiTokenPresent: Boolean(bridge.ready.apiToken)
+          },
+          hostValidation: {
+            correctHealth: 200,
+            localhostHealth: 400,
+            wrongPortHealth: 400,
+            ipv6Health: 400,
+            wrongBridgeHost: 400,
+            correctBridgeHost: 200,
+            wrongBearerHost: 400,
+            correctBearerHost: 200,
+            targetRequestCount: probe.requestCount()
+          },
+          bridgeStderrTail: redactText(bridge.stderr().slice(-500))
+        },
+        null,
+        2
+      )
+    )
+  } finally {
+    await harness.stopBridge(bridge)
+    probe.server.close()
+  }
+}
+
+const runResponseHeadersCorsScenario = async () => {
+  const harness = createBrowserSmokeHarness({ root, dist, cdpPort })
+  const probe = await harness.startProbeServer()
+  let bridge
+  let captureId = null
+  let cleanupStatus = null
+  try {
+    bridge = await harness.startBridge()
+    const capture = await harness.createCapture(bridge.ready, {
+      url: probe.url,
+      options: { allowPrivateNetworkTarget: true, captureScreenshotMetadata: false, keepTabOpen: false, targetMode: 'new_tab' }
+    })
+    assert(capture.status === 200, `Capture creation failed: ${JSON.stringify(capture)}`)
+    captureId = capture.body.id
+
+    const bridgeRender = await fetch(capture.body.bridgeUrl)
+    const bridgeHtml = await bridgeRender.text()
+    assert(bridgeRender.status === 200, `Bridge render failed: ${bridgeRender.status}`)
+    const bridgeConfig = parseBridgeConfig(bridgeHtml)
+    assert(bridgeConfig.captureId === capture.body.id, 'Bridge config capture id did not match.')
+
+    const apiAuth = { authorization: `Bearer ${bridge.ready.apiToken}` }
+    const bridgeAuth = { authorization: `Bearer ${bridgeConfig.bridgeToken}` }
+    const baseCaptureUrl = `${bridge.ready.baseUrl}/v1/captures/${capture.body.id}`
+
+    const statusGetResponse = await fetch(baseCaptureUrl, { headers: apiAuth })
+    assertJsonSecurityHeaders(statusGetResponse, 'GET capture status')
+    const statusGet = await readJsonEnvelope(statusGetResponse)
+    assert(statusGet.status === 200 && statusGet.body.id === capture.body.id, `GET status failed: ${JSON.stringify(statusGet.body)}`)
+
+    const requestResponse = await fetch(`${baseCaptureUrl}/request`, { headers: bridgeAuth })
+    assertJsonSecurityHeaders(requestResponse, 'GET capture request')
+    const request = await readJsonEnvelope(requestResponse)
+    assert(
+      request.status === 200 && request.body.captureId === capture.body.id && request.body.sessionId === bridgeConfig.sessionId,
+      `GET request failed: ${JSON.stringify(request.body)}`
+    )
+
+    const controlResponse = await fetch(`${baseCaptureUrl}/control`, { headers: bridgeAuth })
+    assertJsonSecurityHeaders(controlResponse, 'GET capture control')
+    const control = await readJsonEnvelope(controlResponse)
+    assert(control.status === 200 && control.body.command === 'continue', `GET control failed: ${JSON.stringify(control.body)}`)
+
+    const statusPostResponse = await fetch(`${baseCaptureUrl}/status`, {
+      method: 'POST',
+      headers: { ...bridgeAuth, 'content-type': 'application/json' },
+      body: JSON.stringify({
+        captureId: capture.body.id,
+        sessionId: bridgeConfig.sessionId,
+        nonce: bridgeConfig.nonce,
+        protocolVersion: bridgeConfig.protocolVersion,
+        status: 'waiting_extension',
+        phase: 'bridge_connected',
+        sequence: 1
+      })
+    })
+    assertJsonSecurityHeaders(statusPostResponse, 'POST capture status')
+    const statusPost = await readJsonEnvelope(statusPostResponse)
+    assert(
+      statusPost.status === 200 && statusPost.body.status === 'waiting_extension',
+      `POST status failed: ${JSON.stringify(statusPost.body)}`
+    )
+
+    const profileResponse = await fetch(`${baseCaptureUrl}/profile`, { headers: apiAuth })
+    assertJsonSecurityHeaders(profileResponse, 'GET capture profile', { referrerPolicy: true })
+    const profile = await readJsonEnvelope(profileResponse)
+    assert(profile.status === 409 && profile.body.error?.code === 'INVALID_REQUEST', `GET profile failed: ${JSON.stringify(profile.body)}`)
+
+    const preflightResponse = await fetch(`${bridge.ready.baseUrl}/v1/captures`, {
+      method: 'OPTIONS',
+      headers: {
+        origin: 'https://attacker.example',
+        'access-control-request-method': 'POST',
+        'access-control-request-headers': 'authorization, content-type'
+      }
+    })
+    assertJsonSecurityHeaders(preflightResponse, 'OPTIONS captures')
+    assertNoCorsAllowHeaders(preflightResponse.headers, 'OPTIONS captures')
+    const preflight = await readJsonEnvelope(preflightResponse)
+    assert(preflight.status === 405 && preflight.body.error?.code === 'METHOD_NOT_ALLOWED', `OPTIONS failed: ${JSON.stringify(preflight)}`)
+
+    const crossSiteCreateResponse = await fetch(`${bridge.ready.baseUrl}/v1/captures`, {
+      method: 'POST',
+      headers: { ...apiAuth, 'content-type': 'application/json', origin: 'https://attacker.example' },
+      body: JSON.stringify({
+        url: probe.url,
+        mode: 'experience',
+        waitMs: 0,
+        include: ['tech'],
+        options: { allowPrivateNetworkTarget: true, captureScreenshotMetadata: false, keepTabOpen: false, targetMode: 'new_tab' }
+      })
+    })
+    assertJsonSecurityHeaders(crossSiteCreateResponse, 'cross-site capture create')
+    assertNoCorsAllowHeaders(crossSiteCreateResponse.headers, 'cross-site capture create')
+    const crossSiteCreate = await readJsonEnvelope(crossSiteCreateResponse)
+    assert(
+      crossSiteCreate.status === 403 && crossSiteCreate.body.error?.code === 'ORIGIN_NOT_ALLOWED',
+      `Cross-site create was not rejected: ${JSON.stringify(crossSiteCreate.body)}`
+    )
+
+    const crossSiteRefererResponse = await fetch(baseCaptureUrl, {
+      headers: { ...apiAuth, referer: 'https://attacker.example/page' }
+    })
+    assertJsonSecurityHeaders(crossSiteRefererResponse, 'cross-site referer status')
+    assertNoCorsAllowHeaders(crossSiteRefererResponse.headers, 'cross-site referer status')
+    const crossSiteReferer = await readJsonEnvelope(crossSiteRefererResponse)
+    assert(
+      crossSiteReferer.status === 403 && crossSiteReferer.body.error?.code === 'ORIGIN_NOT_ALLOWED',
+      `Cross-site Referer was not rejected: ${JSON.stringify(crossSiteReferer.body)}`
+    )
+
+    const crossSiteFetchResponse = await fetch(baseCaptureUrl, {
+      headers: { ...apiAuth, 'sec-fetch-site': 'cross-site' }
+    })
+    assertJsonSecurityHeaders(crossSiteFetchResponse, 'cross-site sec-fetch status')
+    assertNoCorsAllowHeaders(crossSiteFetchResponse.headers, 'cross-site sec-fetch status')
+    const crossSiteFetch = await readJsonEnvelope(crossSiteFetchResponse)
+    assert(
+      crossSiteFetch.status === 403 && crossSiteFetch.body.error?.code === 'ORIGIN_NOT_ALLOWED',
+      `Cross-site Sec-Fetch-Site was not rejected: ${JSON.stringify(crossSiteFetch.body)}`
+    )
+
+    assert(probe.requestCount() === 0, `Headers/CORS scenario unexpectedly fetched target: ${probe.requestCount()}`)
+    const cleanup = await harness.fetchJson(baseCaptureUrl, { method: 'DELETE', headers: apiAuth })
+    cleanupStatus = cleanup.status
+    assert(cleanup.status === 200 || cleanup.status === 409, `Cleanup DELETE returned ${cleanup.status}: ${JSON.stringify(cleanup.body)}`)
+
+    console.log(
+      JSON.stringify(
+        {
+          scenario,
+          bridge: {
+            baseUrl: bridge.ready.baseUrl,
+            protocolVersion: bridge.ready.protocolVersion,
+            apiTokenPresent: Boolean(bridge.ready.apiToken)
+          },
+          responseHeadersCors: {
+            statusGet: statusGet.status,
+            requestGet: request.status,
+            controlGet: control.status,
+            statusPost: statusPost.status,
+            profileGet: profile.status,
+            optionsCaptures: preflight.status,
+            crossSiteCreate: crossSiteCreate.status,
+            crossSiteReferer: crossSiteReferer.status,
+            crossSiteFetchSite: crossSiteFetch.status,
+            noCorsAllowHeaders: true,
+            targetRequestCount: probe.requestCount(),
+            cleanupDeleteStatus: cleanupStatus
+          },
+          bridgeStderrTail: redactText(bridge.stderr().slice(-500))
+        },
+        null,
+        2
+      )
+    )
+  } finally {
+    if (bridge && captureId && cleanupStatus === null) {
+      await harness
+        .fetchJson(`${bridge.ready.baseUrl}/v1/captures/${captureId}`, {
+          method: 'DELETE',
+          headers: { authorization: `Bearer ${bridge.ready.apiToken}` }
+        })
+        .catch(() => {})
+    }
+    await harness.stopBridge(bridge)
+    probe.server.close()
+  }
+}
+
+const runRequestShellRejectionsScenario = async () => {
+  const harness = createBrowserSmokeHarness({ root, dist, cdpPort })
+  const probe = await harness.startProbeServer()
+  let bridge
+  try {
+    bridge = await harness.startBridge()
+    const url = new URL(bridge.ready.baseUrl)
+    const host = url.host
+    const capture = await harness.createCapture(bridge.ready, {
+      url: probe.url,
+      options: { allowPrivateNetworkTarget: true, captureScreenshotMetadata: false, keepTabOpen: false, targetMode: 'new_tab' }
+    })
+    assert(capture.status === 200, `Request-shell setup capture failed: ${JSON.stringify(capture)}`)
+    const bridgeUrl = new URL(capture.body.bridgeUrl)
+    const duplicateSessionBridgePath = `${bridgeUrl.pathname}${bridgeUrl.search}&session=${bridgeUrl.searchParams.get('session')}`
+
+    const cases = [
+      {
+        name: 'missingHost',
+        expectedStatus: 400,
+        expectedCode: /INVALID_REQUEST/,
+        lines: ['GET /health HTTP/1.1', 'Connection: close', '', '']
+      },
+      {
+        name: 'duplicateHost',
+        expectedStatus: 400,
+        expectedCode: /INVALID_REQUEST/,
+        lines: ['GET /health HTTP/1.1', `Host: ${host}`, `Host: ${host}`, 'Connection: close', '', '']
+      },
+      {
+        name: 'absoluteForm',
+        expectedStatus: 400,
+        expectedCode: /INVALID_REQUEST/,
+        lines: [`GET http://127.0.0.1:${url.port}/health HTTP/1.1`, `Host: ${host}`, 'Connection: close', '', '']
+      },
+      {
+        name: 'authorityForm',
+        expectedStatus: 400,
+        expectedCode: /INVALID_REQUEST/,
+        lines: [`CONNECT 127.0.0.1:${url.port} HTTP/1.1`, `Host: ${host}`, 'Connection: close', '', '']
+      },
+      {
+        name: 'encodedSlashPath',
+        expectedStatus: 400,
+        expectedCode: /INVALID_REQUEST/,
+        lines: ['GET /v1%2fcaptures HTTP/1.1', `Host: ${host}`, 'Connection: close', '', '']
+      },
+      {
+        name: 'encodedBackslashPath',
+        expectedStatus: 400,
+        expectedCode: /INVALID_REQUEST/,
+        lines: ['GET /v1%5ccaptures HTTP/1.1', `Host: ${host}`, 'Connection: close', '', '']
+      },
+      {
+        name: 'dotSegmentPath',
+        expectedStatus: 400,
+        expectedCode: /INVALID_REQUEST/,
+        lines: ['GET /v1/../health HTTP/1.1', `Host: ${host}`, 'Connection: close', '', '']
+      },
+      {
+        name: 'emptySegmentPath',
+        expectedStatus: 400,
+        expectedCode: /INVALID_REQUEST/,
+        lines: ['GET /v1//captures HTTP/1.1', `Host: ${host}`, 'Connection: close', '', '']
+      },
+      {
+        name: 'unexpectedHealthQuery',
+        expectedStatus: 400,
+        expectedCode: /INVALID_REQUEST/,
+        lines: ['GET /health?x=1 HTTP/1.1', `Host: ${host}`, 'Connection: close', '', '']
+      },
+      {
+        name: 'duplicateBridgeQuery',
+        expectedStatus: 400,
+        expectedCode: /INVALID_REQUEST/,
+        mustNotInclude: /spbt_/,
+        lines: [`GET ${duplicateSessionBridgePath} HTTP/1.1`, `Host: ${host}`, 'Connection: close', '', '']
+      },
+      {
+        name: 'duplicateAuthorization',
+        expectedStatus: 400,
+        expectedCode: /INVALID_REQUEST/,
+        lines: [
+          'GET /health HTTP/1.1',
+          `Host: ${host}`,
+          'Authorization: Bearer one',
+          'Authorization: Bearer two',
+          'Connection: close',
+          '',
+          ''
+        ]
+      },
+      {
+        name: 'duplicateContentType',
+        expectedStatus: 400,
+        expectedCode: /INVALID_REQUEST/,
+        lines: [
+          'POST /v1/captures HTTP/1.1',
+          `Host: ${host}`,
+          `Authorization: Bearer ${bridge.ready.apiToken}`,
+          'Content-Type: application/json',
+          'Content-Type: application/json',
+          'Content-Length: 2',
+          'Connection: close',
+          '',
+          '{}'
+        ]
+      },
+      {
+        name: 'contentLengthAndTransferEncoding',
+        expectedStatus: 400,
+        expectedCode: /INVALID_REQUEST/,
+        lines: [
+          'POST /v1/captures HTTP/1.1',
+          `Host: ${host}`,
+          `Authorization: Bearer ${bridge.ready.apiToken}`,
+          'Content-Type: application/json',
+          'Content-Length: 2',
+          'Transfer-Encoding: chunked',
+          'Connection: close',
+          '',
+          '{}'
+        ]
+      },
+      {
+        name: 'duplicateContentLength',
+        expectedStatus: 400,
+        expectedCode: /INVALID_REQUEST/,
+        lines: [
+          'POST /v1/captures HTTP/1.1',
+          `Host: ${host}`,
+          `Authorization: Bearer ${bridge.ready.apiToken}`,
+          'Content-Type: application/json',
+          'Content-Length: 2',
+          'Content-Length: 2',
+          'Connection: close',
+          '',
+          '{}'
+        ]
+      },
+      {
+        name: 'invalidContentLength',
+        expectedStatus: 400,
+        expectedCode: /INVALID_REQUEST/,
+        lines: [
+          'POST /v1/captures HTTP/1.1',
+          `Host: ${host}`,
+          `Authorization: Bearer ${bridge.ready.apiToken}`,
+          'Content-Type: application/json',
+          'Content-Length: nope',
+          'Connection: close',
+          '',
+          '{}'
+        ]
+      },
+      {
+        name: 'chunkedBody',
+        expectedStatus: 400,
+        expectedCode: /UNSUPPORTED_TRANSFER_ENCODING/,
+        lines: [
+          'POST /v1/captures HTTP/1.1',
+          `Host: ${host}`,
+          `Authorization: Bearer ${bridge.ready.apiToken}`,
+          'Content-Type: application/json',
+          'Transfer-Encoding: chunked',
+          'Connection: close',
+          '',
+          '2',
+          '{}',
+          '0',
+          '',
+          ''
+        ]
+      },
+      {
+        name: 'unsupportedTransferEncoding',
+        expectedStatus: 400,
+        expectedCode: /UNSUPPORTED_TRANSFER_ENCODING/,
+        lines: [
+          'POST /v1/captures HTTP/1.1',
+          `Host: ${host}`,
+          `Authorization: Bearer ${bridge.ready.apiToken}`,
+          'Content-Type: application/json',
+          'Transfer-Encoding: gzip',
+          'Connection: close',
+          '',
+          ''
+        ]
+      },
+      {
+        name: 'unsupportedContentEncoding',
+        expectedStatus: 415,
+        expectedCode: /UNSUPPORTED_MEDIA_TYPE/,
+        lines: [
+          'POST /v1/captures HTTP/1.1',
+          `Host: ${host}`,
+          `Authorization: Bearer ${bridge.ready.apiToken}`,
+          'Content-Type: application/json',
+          'Content-Encoding: gzip',
+          'Content-Length: 2',
+          'Connection: close',
+          '',
+          '{}'
+        ]
+      },
+      {
+        name: 'unsupportedCharset',
+        expectedStatus: 415,
+        expectedCode: /UNSUPPORTED_MEDIA_TYPE/,
+        lines: [
+          'POST /v1/captures HTTP/1.1',
+          `Host: ${host}`,
+          `Authorization: Bearer ${bridge.ready.apiToken}`,
+          'Content-Type: application/json; charset=latin1',
+          'Content-Length: 2',
+          'Connection: close',
+          '',
+          '{}'
+        ]
+      }
+    ]
+    const results = {}
+    for (const item of cases) {
+      const raw = await harness.rawHttp(url.port, item.lines)
+      assertRawHttpStatus(raw, item.expectedStatus, item.name)
+      assertRawHttpIncludes(raw, item.expectedCode, item.name)
+      if (item.mustNotInclude) assert(!item.mustNotInclude.test(raw), `${item.name} leaked forbidden content: ${redactText(raw)}`)
+      results[item.name] = rawStatusLine(raw)
+    }
+    const health = await rawHttpWithTimeout(url.port, ['GET /health HTTP/1.1', `Host: ${host}`, 'Connection: close', '', ''], 1000)
+    assertRawHttpStatus(health.data, 200, 'request-shell health recovery')
+    assertRawHttpIncludes(health.data, /"activeCaptures":1/, 'request-shell health recovery')
+    assert(probe.requestCount() === 0, `Request-shell rejection scenario unexpectedly fetched target: ${probe.requestCount()}`)
+    const cleanup = await harness.fetchJson(`${bridge.ready.baseUrl}/v1/captures/${capture.body.id}`, {
+      method: 'DELETE',
+      headers: { authorization: `Bearer ${bridge.ready.apiToken}` }
+    })
+    assert(cleanup.status === 200 || cleanup.status === 409, `Cleanup DELETE returned ${cleanup.status}: ${JSON.stringify(cleanup.body)}`)
+
+    console.log(
+      JSON.stringify(
+        {
+          scenario,
+          bridge: {
+            baseUrl: bridge.ready.baseUrl,
+            protocolVersion: bridge.ready.protocolVersion,
+            apiTokenPresent: Boolean(bridge.ready.apiToken)
+          },
+          requestShellRejections: {
+            rejectedCases: Object.keys(results).length,
+            results,
+            targetRequestCount: probe.requestCount(),
+            healthAfterRejections: rawStatusLine(health.data),
+            cleanupDeleteStatus: cleanup.status
+          },
+          bridgeStderrTail: redactText(bridge.stderr().slice(-500))
+        },
+        null,
+        2
+      )
+    )
+  } finally {
+    await harness.stopBridge(bridge)
+    probe.server.close()
+  }
+}
+
+const runConnectionPressureScenario = async () => {
+  const harness = createBrowserSmokeHarness({ root, dist, cdpPort })
+  const holders = []
+  let bridge
+  try {
+    bridge = await harness.startBridge()
+    const url = new URL(bridge.ready.baseUrl)
+    for (let index = 0; index < 20; index += 1) {
+      holders.push(await openHoldingHttpSocket(url.port, url.host))
+    }
+
+    const blocked = await rawHttpWithTimeout(url.port, ['GET /health HTTP/1.1', `Host: ${url.host}`, 'Connection: close', '', ''])
+    assert(
+      !blocked.data.startsWith('HTTP/1.1 200 '),
+      `Connection pressure request unexpectedly reached /health: ${redactText(blocked.data)}`
+    )
+
+    const released = holders.shift()
+    released?.destroy()
+    await new Promise(resolveWait => setTimeout(resolveWait, 150))
+
+    const recovered = await rawHttpWithTimeout(url.port, ['GET /health HTTP/1.1', `Host: ${url.host}`, 'Connection: close', '', ''], 1000)
+    assertRawHttpStatus(recovered.data, 200, 'Recovered /health after releasing one held connection')
+    assertRawHttpIncludes(recovered.data, /"service":"stackprism-agent-bridge"/, 'Recovered /health after releasing one held connection')
+
+    console.log(
+      JSON.stringify(
+        {
+          scenario,
+          bridge: {
+            baseUrl: bridge.ready.baseUrl,
+            protocolVersion: bridge.ready.protocolVersion,
+            apiTokenPresent: Boolean(bridge.ready.apiToken)
+          },
+          connectionPressure: {
+            heldConnections: 20,
+            blockedReason: blocked.reason,
+            blockedDataLength: blocked.data.length,
+            releasedBeforeRecovery: 1,
+            recoveredStatusLine: recovered.data.split('\r\n')[0]
+          },
+          bridgeStderrTail: redactText(bridge.stderr().slice(-500))
+        },
+        null,
+        2
+      )
+    )
+  } finally {
+    for (const socket of holders) socket.destroy()
+    await harness.stopBridge(bridge)
+  }
+}
+
+const runResourceTimeoutsScenario = async () => {
+  const harness = createBrowserSmokeHarness({ root, dist, cdpPort })
+  let bridge
+  try {
+    bridge = await harness.startBridge()
+    const url = new URL(bridge.ready.baseUrl)
+    const slowHeaders = await rawHttpPartialWithDeadline(url.port, ['GET /health HTTP/1.1\r\n', `Host: ${url.host}`], {
+      deadlineMs: 7000,
+      chunkDelayMs: 6000
+    })
+    assert(
+      slowHeaders.reason !== 'deadline' && !slowHeaders.data.includes('"ok":true'),
+      `Slow headers reached business routing or stayed open: ${JSON.stringify(slowHeaders)}`
+    )
+    assertRawHttpStatus(slowHeaders.data, 408, 'Slow headers timeout')
+
+    const afterSlowHeaders = await rawHttpWithTimeout(
+      url.port,
+      ['GET /health HTTP/1.1', `Host: ${url.host}`, 'Connection: close', '', ''],
+      1000
+    )
+    assertRawHttpStatus(afterSlowHeaders.data, 200, 'Recovered /health after slow headers')
+
+    const slowBody = await rawHttpPartialWithDeadline(
+      url.port,
+      [
+        [
+          'POST /v1/captures HTTP/1.1',
+          `Host: ${url.host}`,
+          `Authorization: Bearer ${bridge.ready.apiToken}`,
+          'Content-Type: application/json',
+          'Content-Length: 64',
+          'Connection: close',
+          '',
+          '{"url"'
+        ].join('\r\n')
+      ],
+      { deadlineMs: 12000 }
+    )
+    assert(
+      slowBody.reason !== 'deadline' && !slowBody.data.includes('"id":"cap_'),
+      `Slow body created a capture or stayed open: ${JSON.stringify(slowBody)}`
+    )
+    assert(/HTTP\/1\.1 (400|408)/.test(slowBody.data), `Slow body returned unexpected status: ${redactText(slowBody.data)}`)
+
+    const afterSlowBody = await rawHttpWithTimeout(
+      url.port,
+      ['GET /health HTTP/1.1', `Host: ${url.host}`, 'Connection: close', '', ''],
+      1000
+    )
+    assertRawHttpStatus(afterSlowBody.data, 200, 'Recovered /health after slow body')
+    assertRawHttpIncludes(afterSlowBody.data, /"activeCaptures":0/, 'Recovered /health after slow body')
+
+    const keepAlive = await probeKeepAliveIdleClose(url.port, url.host)
+    assertRawHttpStatus(keepAlive.firstResponse, 200, 'Keep-alive first /health response')
+    assert(
+      keepAlive.reason === 'closed',
+      `Keep-alive socket stayed open beyond idle timeout: ${JSON.stringify({ reason: keepAlive.reason, closed: keepAlive.closed })}`
+    )
+
+    const afterKeepAliveIdle = await rawHttpWithTimeout(
+      url.port,
+      ['GET /health HTTP/1.1', `Host: ${url.host}`, 'Connection: close', '', ''],
+      1000
+    )
+    assertRawHttpStatus(afterKeepAliveIdle.data, 200, 'Recovered /health after keep-alive idle close')
+
+    console.log(
+      JSON.stringify(
+        {
+          scenario,
+          bridge: {
+            baseUrl: bridge.ready.baseUrl,
+            protocolVersion: bridge.ready.protocolVersion,
+            apiTokenPresent: Boolean(bridge.ready.apiToken)
+          },
+          resourceTimeouts: {
+            slowHeaders: {
+              reason: slowHeaders.reason,
+              elapsedMs: slowHeaders.elapsedMs,
+              statusLine: slowHeaders.data.split('\r\n')[0]
+            },
+            afterSlowHeadersStatusLine: afterSlowHeaders.data.split('\r\n')[0],
+            slowBody: {
+              reason: slowBody.reason,
+              elapsedMs: slowBody.elapsedMs,
+              statusLine: slowBody.data.split('\r\n')[0]
+            },
+            afterSlowBodyStatusLine: afterSlowBody.data.split('\r\n')[0],
+            keepAlive: {
+              reason: keepAlive.reason,
+              firstStatusLine: keepAlive.firstResponse.split('\r\n')[0]
+            },
+            afterKeepAliveIdleStatusLine: afterKeepAliveIdle.data.split('\r\n')[0],
+            activeCapturesAfterSlowBody: 0
+          },
+          bridgeStderrTail: redactText(bridge.stderr().slice(-500))
+        },
+        null,
+        2
+      )
+    )
+  } finally {
+    await harness.stopBridge(bridge)
+  }
+}
+
+const runRateLimitScenario = async () => {
+  const harness = createBrowserSmokeHarness({ root, dist, cdpPort })
+  const probe = await harness.startProbeServer()
+  let bridge
+  let captureId = null
+  let cleanupStatus = null
+  try {
+    bridge = await harness.startBridge()
+    const request = {
+      url: probe.url,
+      options: { allowPrivateNetworkTarget: true, captureScreenshotMetadata: false, keepTabOpen: false, targetMode: 'new_tab' }
+    }
+    const first = await harness.createCapture(bridge.ready, request)
+    assert(first.status === 200, `Initial capture creation failed: ${JSON.stringify(first)}`)
+    captureId = first.body.id
+
+    let createLimited = null
+    let busyBeforeLimit = 0
+    for (let attempt = 2; attempt <= 11; attempt += 1) {
+      const response = await harness.createCapture(bridge.ready, request)
+      if (attempt < 11) {
+        assert(response.status === 429, `Create attempt ${attempt} did not fail closed: ${JSON.stringify(response)}`)
+        assert(response.body.error?.code === 'CAPTURE_BUSY', `Create attempt ${attempt} was not CAPTURE_BUSY: ${JSON.stringify(response)}`)
+        busyBeforeLimit += 1
+      } else {
+        createLimited = response
+      }
+    }
+    assert(createLimited?.status === 429, `Create attempt 11 was not rate limited: ${JSON.stringify(createLimited)}`)
+    assert(createLimited.body.error?.code === 'RATE_LIMITED', `Create attempt 11 returned wrong code: ${JSON.stringify(createLimited)}`)
+
+    let successfulReads = 0
+    let queryLimited = null
+    const statusUrl = `${bridge.ready.baseUrl}/v1/captures/${captureId}`
+    const apiAuth = { authorization: `Bearer ${bridge.ready.apiToken}` }
+    for (let attempt = 1; attempt <= 121; attempt += 1) {
+      const response = await harness.fetchJson(statusUrl, { headers: apiAuth })
+      if (attempt <= 120) {
+        assert(response.status === 200, `Status read ${attempt} failed before limit: ${JSON.stringify(response)}`)
+        successfulReads += 1
+      } else {
+        queryLimited = response
+      }
+    }
+    assert(queryLimited?.status === 429, `Status read 121 was not rate limited: ${JSON.stringify(queryLimited)}`)
+    assert(queryLimited.body.error?.code === 'RATE_LIMITED', `Status read 121 returned wrong code: ${JSON.stringify(queryLimited)}`)
+    assert(probe.requestCount() === 0, `Rate-limit scenario unexpectedly fetched target: ${probe.requestCount()}`)
+
+    const cleanup = await harness.fetchJson(statusUrl, { method: 'DELETE', headers: apiAuth })
+    cleanupStatus = cleanup.status
+    assert(cleanup.status === 200 || cleanup.status === 409, `Cleanup DELETE returned ${cleanup.status}: ${JSON.stringify(cleanup.body)}`)
+
+    console.log(
+      JSON.stringify(
+        {
+          scenario,
+          bridge: {
+            baseUrl: bridge.ready.baseUrl,
+            protocolVersion: bridge.ready.protocolVersion,
+            apiTokenPresent: Boolean(bridge.ready.apiToken)
+          },
+          rateLimit: {
+            createRateLimit: {
+              attemptsBeforeLimited: 10,
+              busyBeforeLimit,
+              limitedStatus: createLimited.status,
+              limitedCode: createLimited.body.error.code
+            },
+            queryRateLimit: {
+              successfulReads,
+              limitedStatus: queryLimited.status,
+              limitedCode: queryLimited.body.error.code
+            },
+            targetRequestCount: probe.requestCount(),
+            cleanupDeleteStatus: cleanup.status
+          },
+          bridgeStderrTail: redactText(bridge.stderr().slice(-500))
+        },
+        null,
+        2
+      )
+    )
+  } finally {
+    if (bridge && captureId && cleanupStatus === null) {
+      await harness
+        .fetchJson(`${bridge.ready.baseUrl}/v1/captures/${captureId}`, {
+          method: 'DELETE',
+          headers: { authorization: `Bearer ${bridge.ready.apiToken}` }
+        })
+        .catch(() => {})
+    }
+    await harness.stopBridge(bridge)
+    probe.server.close()
+  }
+}
+
+const runProfileRateLimitScenario = async () => {
+  const harness = createBrowserSmokeHarness({ root, dist, cdpPort })
+  const probe = await harness.startProbeServer()
+  let bridge
+  let captureId = null
+  let cleanupStatus = null
+  try {
+    bridge = await harness.startBridge()
+    const capture = await harness.createCapture(bridge.ready, {
+      url: probe.url,
+      options: { allowPrivateNetworkTarget: true, captureScreenshotMetadata: false, keepTabOpen: false, targetMode: 'new_tab' }
+    })
+    assert(capture.status === 200, `Profile rate-limit setup capture failed: ${JSON.stringify(capture)}`)
+    captureId = capture.body.id
+
+    let profileNotReadyReads = 0
+    let profileLimited = null
+    const profileUrl = `${bridge.ready.baseUrl}/v1/captures/${captureId}/profile`
+    const apiAuth = { authorization: `Bearer ${bridge.ready.apiToken}` }
+    for (let attempt = 1; attempt <= 121; attempt += 1) {
+      const response = await harness.fetchJson(profileUrl, { headers: apiAuth })
+      if (attempt <= 120) {
+        assert(response.status === 409, `Profile read ${attempt} did not reach profile endpoint before limit: ${JSON.stringify(response)}`)
+        assert(response.body.error?.code === 'INVALID_REQUEST', `Profile read ${attempt} returned wrong code: ${JSON.stringify(response)}`)
+        profileNotReadyReads += 1
+      } else {
+        profileLimited = response
+      }
+    }
+    assert(profileLimited?.status === 429, `Profile read 121 was not rate limited: ${JSON.stringify(profileLimited)}`)
+    assert(profileLimited.body.error?.code === 'RATE_LIMITED', `Profile read 121 returned wrong code: ${JSON.stringify(profileLimited)}`)
+    assert(probe.requestCount() === 0, `Profile rate-limit scenario unexpectedly fetched target: ${probe.requestCount()}`)
+
+    const cleanup = await harness.fetchJson(`${bridge.ready.baseUrl}/v1/captures/${captureId}`, { method: 'DELETE', headers: apiAuth })
+    cleanupStatus = cleanup.status
+    assert(cleanup.status === 200 || cleanup.status === 409, `Cleanup DELETE returned ${cleanup.status}: ${JSON.stringify(cleanup.body)}`)
+
+    console.log(
+      JSON.stringify(
+        {
+          scenario,
+          bridge: {
+            baseUrl: bridge.ready.baseUrl,
+            protocolVersion: bridge.ready.protocolVersion,
+            apiTokenPresent: Boolean(bridge.ready.apiToken)
+          },
+          profileRateLimit: {
+            profileNotReadyReads,
+            limitedStatus: profileLimited.status,
+            limitedCode: profileLimited.body.error.code,
+            targetRequestCount: probe.requestCount(),
+            cleanupDeleteStatus: cleanup.status
+          },
+          bridgeStderrTail: redactText(bridge.stderr().slice(-500))
+        },
+        null,
+        2
+      )
+    )
+  } finally {
+    if (bridge && captureId && cleanupStatus === null) {
+      await harness
+        .fetchJson(`${bridge.ready.baseUrl}/v1/captures/${captureId}`, {
+          method: 'DELETE',
+          headers: { authorization: `Bearer ${bridge.ready.apiToken}` }
+        })
+        .catch(() => {})
+    }
+    await harness.stopBridge(bridge)
+    probe.server.close()
+  }
+}
+
+const runTargetUrlValidationScenario = async () => {
+  const harness = createBrowserSmokeHarness({ root, dist, cdpPort })
+  const probe = await harness.startProbeServer()
+  let bridge
+  try {
+    bridge = await harness.startBridge()
+    const cases = [
+      {
+        name: 'unsupportedProtocol',
+        expectedCode: 'INVALID_REQUEST',
+        request: {
+          url: 'ftp://example.com/download',
+          options: { allowPrivateNetworkTarget: false, captureScreenshotMetadata: false, keepTabOpen: false, targetMode: 'new_tab' }
+        }
+      },
+      {
+        name: 'credentialUrl',
+        expectedCode: 'INVALID_REQUEST',
+        mustNotInclude: /user:pass/,
+        request: {
+          url: 'https://user:pass@example.com/dashboard',
+          options: { allowPrivateNetworkTarget: false, captureScreenshotMetadata: false, keepTabOpen: false, targetMode: 'new_tab' }
+        }
+      },
+      {
+        name: 'loopbackPrivateTarget',
+        expectedCode: 'PRIVATE_NETWORK_TARGET_BLOCKED',
+        request: {
+          url: probe.url,
+          options: { allowPrivateNetworkTarget: false, captureScreenshotMetadata: false, keepTabOpen: false, targetMode: 'new_tab' }
+        }
+      },
+      {
+        name: 'bridgeSelfTarget',
+        expectedCode: 'BRIDGE_SELF_TARGET_BLOCKED',
+        request: {
+          url: bridge.ready.baseUrl,
+          options: { allowPrivateNetworkTarget: true, captureScreenshotMetadata: false, keepTabOpen: false, targetMode: 'new_tab' }
+        }
+      }
+    ]
+    const results = {}
+    for (const item of cases) {
+      const response = await harness.createCapture(bridge.ready, item.request)
+      assert(response.status === 400, `${item.name} returned ${response.status}: ${JSON.stringify(response.body)}`)
+      assert(response.body.error?.code === item.expectedCode, `${item.name} returned wrong code: ${JSON.stringify(response.body)}`)
+      const serialized = JSON.stringify(response.body)
+      if (item.mustNotInclude) assert(!item.mustNotInclude.test(serialized), `${item.name} leaked rejected target: ${serialized}`)
+      results[item.name] = response.body.error.code
+    }
+
+    const health = await harness.fetchJson(bridge.ready.healthUrl)
+    assert(health.status === 200, `Health after target URL validation returned ${health.status}: ${JSON.stringify(health.body)}`)
+    assert(health.body.activeCaptures === 0, `Target URL validation created captures: ${JSON.stringify(health.body)}`)
+    assert(probe.requestCount() === 0, `Target URL validation unexpectedly fetched target: ${probe.requestCount()}`)
+
+    console.log(
+      JSON.stringify(
+        {
+          scenario,
+          bridge: {
+            baseUrl: bridge.ready.baseUrl,
+            protocolVersion: bridge.ready.protocolVersion,
+            apiTokenPresent: Boolean(bridge.ready.apiToken)
+          },
+          targetUrlValidation: {
+            results,
+            activeCapturesAfterRejections: health.body.activeCaptures,
+            targetRequestCount: probe.requestCount()
+          },
+          bridgeStderrTail: redactText(bridge.stderr().slice(-500))
+        },
+        null,
+        2
+      )
+    )
+  } finally {
+    await harness.stopBridge(bridge)
+    probe.server.close()
+  }
+}
+
+const runResultExpiryBridgePageScenario = async () => {
+  ensureDistBuilt()
+  const harness = createBrowserSmokeHarness({ root, dist, cdpPort })
+  const fixture = await harness.startFixtureServer()
+  const chrome = await harness.startChrome()
+  let worker
+  let bridge
+  let now = Date.now()
+  try {
+    const version = await harness.waitForCdp()
+    const workerTarget = await harness.waitForWorker()
+    worker = await harness.connectTarget(workerTarget)
+    await worker.send('Runtime.enable')
+    await harness.waitForExtensionRuntime(worker)
+    await harness.setAgentBridgeEnabled(worker, true)
+
+    bridge = createBridgeServer({
+      env: { ...process.env, STACKPRISM_BRIDGE_NO_OPEN: '1' },
+      now: () => now
+    })
+    const ready = await bridge.listen()
+    const capture = await harness.createCapture(ready, {
+      url: fixture.url,
+      waitMs: 100,
+      options: { allowPrivateNetworkTarget: true, maxResourceUrls: 50, captureScreenshotMetadata: false }
+    })
+    assert(capture.status === 200, `Capture creation failed: ${JSON.stringify(capture)}`)
+    const driven = await harness.driveCapture(ready, capture)
+    assert(driven.finalStatus?.status === 'completed', `Capture did not complete: ${JSON.stringify(driven.finalStatus)}`)
+    assert(driven.profile?.status === 200, `Profile endpoint did not return completed profile: ${JSON.stringify(driven.profile)}`)
+
+    const stored = ready.store.get(capture.body.id)
+    assert(stored?.resultExpiresAt, `Completed capture did not record result expiry: ${JSON.stringify(stored)}`)
+    now = stored.resultExpiresAt + 1
+
+    const expiredProfile = await harness.fetchJson(`${ready.baseUrl}/v1/captures/${capture.body.id}/profile`, {
+      headers: { authorization: `Bearer ${ready.apiToken}` }
+    })
+    assert(expiredProfile.status === 410, `Expired profile returned ${expiredProfile.status}: ${JSON.stringify(expiredProfile.body)}`)
+    assert(
+      expiredProfile.body?.error?.code === 'CAPTURE_RESULT_EXPIRED',
+      `Expired profile returned wrong code: ${JSON.stringify(expiredProfile.body)}`
+    )
+
+    const expiredBridgePage = await fetch(capture.body.bridgeUrl)
+    const expiredBridgeHtml = await expiredBridgePage.text()
+    assert(expiredBridgePage.status === 410, `Expired bridge page returned ${expiredBridgePage.status}.`)
+    assert(expiredBridgeHtml.includes('CAPTURE_RESULT_EXPIRED'), 'Expired bridge page did not report CAPTURE_RESULT_EXPIRED.')
+    assert(!expiredBridgeHtml.includes('spbt_'), 'Expired bridge page rendered bridge token material.')
+
+    console.log(
+      JSON.stringify(
+        {
+          browser: version.Browser,
+          dist,
+          scenario,
+          bridge: {
+            baseUrl: ready.baseUrl,
+            protocolVersion,
+            apiTokenPresent: Boolean(ready.apiToken)
+          },
+          resultExpiry: {
+            completedStatus: driven.finalStatus.status,
+            completedProfileStatus: driven.profile.status,
+            expiredProfileStatus: expiredProfile.status,
+            expiredProfileCode: expiredProfile.body?.error?.code,
+            expiredBridgePageStatus: expiredBridgePage.status,
+            expiredBridgePageHasToken: expiredBridgeHtml.includes('spbt_')
+          }
+        },
+        null,
+        2
+      )
+    )
+  } finally {
+    worker?.close()
+    if (bridge) await bridge.close().catch(() => {})
+    fixture.server.close()
+    await harness.cleanupChrome(chrome)
+  }
+}
+
+const run = async () => {
+  ensureDistBuilt()
+  const harness = createBrowserSmokeHarness({ root, dist, cdpPort })
+  const fixture = await harness.startFixtureServer()
+  const disabledProbe = await harness.startProbeServer()
+  const largeFixture = await harness.startLargeProfileFixtureServer()
+  const slowFixture = await harness.startSlowFixtureServer()
+  const chrome = await harness.startChrome()
+  let bridge
+  let openCommandBridge
+  let renderGuardBridge
+  let worker
+  try {
+    const version = await harness.waitForCdp()
+    const workerTarget = await harness.waitForWorker()
+    worker = await harness.connectTarget(workerTarget)
+    await worker.send('Runtime.enable')
+    await harness.waitForExtensionRuntime(worker)
+    const manifestResult = await worker.send('Runtime.evaluate', {
+      expression: 'JSON.stringify(chrome.runtime.getManifest())',
+      returnByValue: true
+    })
+    const manifestJson = manifestResult.result?.value
+    assert(typeof manifestJson === 'string', `Manifest evaluation did not return JSON: ${JSON.stringify(manifestResult)}`)
+    const manifest = JSON.parse(manifestJson)
+    bridge = await harness.startBridge()
+
+    await worker.send('Runtime.evaluate', {
+      expression:
+        'Promise.all([chrome.storage.sync.set({stackPrismSettings:{agentBridgeEnabled:true}}), chrome.storage.local.set({stackPrismSettings:{agentBridgeEnabled:false}})])',
+      awaitPromise: true
+    })
+    const disabled = await harness.createCapture(bridge.ready, {
+      url: disabledProbe.url,
+      options: { allowPrivateNetworkTarget: true, captureScreenshotMetadata: false }
+    })
+    assert(disabled.status === 200, 'Disabled capture creation failed.')
+    const disabledDriven = await harness.driveCapture(bridge.ready, disabled)
+    assert(disabledDriven.finalStatus?.error?.code === 'AGENT_BRIDGE_DISABLED', 'Disabled opt-in did not fail closed.')
+    assert(disabledProbe.requestCount() === 0, 'Disabled opt-in opened or fetched the target URL.')
+
+    await harness.setAgentBridgeEnabled(worker, true)
+    const defaultTargetUrl = fixture.url
+    const fixtureCapture = await harness.createCapture(bridge.ready, {
+      url: defaultTargetUrl,
+      waitMs: 100,
+      options: { allowPrivateNetworkTarget: true, maxResourceUrls: 50, captureScreenshotMetadata: false }
+    })
+    assert(fixtureCapture.status === 200, 'Fixture capture creation failed.')
+    const fixtureDriven = await harness.driveCapture(bridge.ready, fixtureCapture)
+    assert(
+      fixtureDriven.finalStatus?.status === 'completed',
+      `Fixture capture did not complete: ${JSON.stringify(fixtureDriven.finalStatus)}`
+    )
+    const deleteCompleted = await harness.fetchJson(`${bridge.ready.baseUrl}/v1/captures/${fixtureCapture.body.id}`, {
+      method: 'DELETE',
+      headers: { authorization: `Bearer ${bridge.ready.apiToken}` }
+    })
+    assert(deleteCompleted.status === 409, 'Deleting completed capture did not return 409.')
+
+    const fixtureMetadataCapture = await harness.createCapture(bridge.ready, {
+      url: fixture.url,
+      waitMs: 100,
+      options: { allowPrivateNetworkTarget: true, maxResourceUrls: 50, captureScreenshotMetadata: true }
+    })
+    assert(fixtureMetadataCapture.status === 200, 'Fixture metadata capture creation failed.')
+    const fixtureMetadataDriven = await harness.driveCapture(bridge.ready, fixtureMetadataCapture)
+    assert(
+      fixtureMetadataDriven.finalStatus?.status === 'completed',
+      `Fixture metadata capture did not complete: ${JSON.stringify(fixtureMetadataDriven.finalStatus)}`
+    )
+
+    const largeProfileCapture = await harness.createCapture(bridge.ready, {
+      url: largeFixture.url,
+      include: ['assets'],
+      waitMs: 100,
+      options: { allowPrivateNetworkTarget: true, maxResourceUrls: 1000, captureScreenshotMetadata: false }
+    })
+    assert(largeProfileCapture.status === 200, 'Large profile capture creation failed.')
+    const largeProfileDriven = await harness.driveCapture(bridge.ready, largeProfileCapture)
+    assert(
+      largeProfileDriven.finalStatus?.status === 'completed',
+      `Large profile capture did not complete: ${JSON.stringify(largeProfileDriven.finalStatus)}`
+    )
+
+    openCommandBridge = await harness.startBridge({
+      noOpen: false,
+      env: {
+        STACKPRISM_BROWSER_OPEN_COMMAND: process.execPath,
+        STACKPRISM_BROWSER_OPEN_ARGS_JSON: JSON.stringify(['--input-type=module', '-e', openBridgeWithCdpScript]),
+        STACKPRISM_BROWSER_SMOKE_CDP_BASE_URL: cdpBaseUrl
+      }
+    })
+    const openCommandCapture = await harness.createCapture(openCommandBridge.ready, {
+      url: fixture.url,
+      waitMs: 100,
+      options: { allowPrivateNetworkTarget: true, maxResourceUrls: 50, captureScreenshotMetadata: false }
+    })
+    assert(openCommandCapture.status === 200, 'Custom open command capture creation failed.')
+    const openCommandStatus = await harness.pollCapture(openCommandBridge.ready, openCommandCapture.body.id)
+    const openCommandProfile =
+      openCommandStatus.status === 'completed'
+        ? await harness.fetchJson(`${openCommandBridge.ready.baseUrl}/v1/captures/${openCommandCapture.body.id}/profile`, {
+            headers: { authorization: `Bearer ${openCommandBridge.ready.apiToken}` }
+          })
+        : null
+    assert(openCommandStatus.status === 'completed', `Custom open command capture did not complete: ${JSON.stringify(openCommandStatus)}`)
+
+    const targetCloseCapture = await harness.createCapture(bridge.ready, {
+      url: slowFixture.url,
+      options: { allowPrivateNetworkTarget: true, captureScreenshotMetadata: false, keepTabOpen: false, targetMode: 'new_tab' }
+    })
+    assert(targetCloseCapture.status === 200, 'Target-close capture creation failed.')
+    const targetClosed = await harness.driveCaptureWithClosedTarget(bridge.ready, worker, targetCloseCapture)
+    assert(
+      targetClosed.finalStatus?.status === 'failed' && targetClosed.finalStatus?.error?.code === 'TARGET_TAB_CLOSED',
+      `Target-close capture did not fail as TARGET_TAB_CLOSED: ${JSON.stringify(targetClosed.finalStatus)}`
+    )
+
+    const bridgeCloseCapture = await harness.createCapture(bridge.ready, {
+      url: slowFixture.url,
+      options: { allowPrivateNetworkTarget: true, captureScreenshotMetadata: false, keepTabOpen: false, targetMode: 'new_tab' }
+    })
+    assert(bridgeCloseCapture.status === 200, 'Bridge-close capture creation failed.')
+    const bridgeClosed = await harness.driveCaptureWithClosedBridge(bridge.ready, worker, bridgeCloseCapture)
+    assert(
+      bridgeClosed.finalStatus?.status === 'failed' && bridgeClosed.finalStatus?.error?.code === 'BRIDGE_TAB_CLOSED',
+      `Bridge-close capture did not fail as BRIDGE_TAB_CLOSED: ${JSON.stringify(bridgeClosed.finalStatus)}`
+    )
+
+    const cancelCapture = await harness.createCapture(bridge.ready, {
+      url: slowFixture.url,
+      options: { allowPrivateNetworkTarget: true, captureScreenshotMetadata: false, keepTabOpen: false, targetMode: 'new_tab' }
+    })
+    assert(cancelCapture.status === 200, 'Cancel capture creation failed.')
+    const cancelled = await harness.driveCaptureWithCancel(bridge.ready, worker, cancelCapture)
+    assert(cancelled.cancelStatus === 200, `DELETE running capture returned ${cancelled.cancelStatus}.`)
+    assert(
+      cancelled.finalStatus?.status === 'cancelled' && !cancelled.targetStillExists,
+      `Cancel capture did not close owned target tab: ${JSON.stringify(cancelled)}`
+    )
+
+    worker.close()
+    worker = null
+
+    const serviceWorkerStopCapture = await harness.createCapture(bridge.ready, {
+      url: slowFixture.url,
+      options: { allowPrivateNetworkTarget: true, captureScreenshotMetadata: false, keepTabOpen: false, targetMode: 'new_tab' }
+    })
+    assert(serviceWorkerStopCapture.status === 200, 'Service worker stop capture creation failed.')
+    const serviceWorkerStopped = await harness.driveCaptureWithServiceWorkerTargetClose(
+      bridge.ready,
+      serviceWorkerStopCapture,
+      slowFixture.url
+    )
+    assert(
+      serviceWorkerStopped.finalStatus?.status === 'failed' &&
+        ['BRIDGE_TRANSPORT_DISCONNECTED', 'SERVICE_WORKER_RESTARTED'].includes(serviceWorkerStopped.finalStatus.error?.code) &&
+        !serviceWorkerStopped.targetStillVisible,
+      `Service worker target close did not fail closed and clean up target: ${JSON.stringify(serviceWorkerStopped)}`
+    )
+
+    const reloadCapture = await harness.createCapture(bridge.ready, {
+      url: slowFixture.url,
+      options: { allowPrivateNetworkTarget: true, captureScreenshotMetadata: false, keepTabOpen: false, targetMode: 'new_tab' }
+    })
+    assert(reloadCapture.status === 200, 'Extension reload capture creation failed.')
+    const extensionReloaded = await harness.driveCaptureWithExtensionReload(bridge.ready, reloadCapture, slowFixture.url)
+    assert(
+      extensionReloaded.finalStatus?.status === 'failed' &&
+        ['BRIDGE_TRANSPORT_DISCONNECTED', 'SERVICE_WORKER_RESTARTED'].includes(extensionReloaded.finalStatus.error?.code) &&
+        !extensionReloaded.targetStillVisible,
+      `Extension reload did not fail closed and clean up target: ${JSON.stringify(extensionReloaded)}`
+    )
+
+    renderGuardBridge = await harness.startBridge()
+    const securityBridge = renderGuardBridge.ready
+    const terminalRenderCapture = await harness.createCapture(securityBridge, {
+      url: defaultTargetUrl,
+      waitMs: 100,
+      options: { allowPrivateNetworkTarget: true, maxResourceUrls: 50, captureScreenshotMetadata: false }
+    })
+    assert(terminalRenderCapture.status === 200, 'Terminal render guard capture creation failed.')
+    const terminalDelete = await harness.fetchJson(`${securityBridge.baseUrl}/v1/captures/${terminalRenderCapture.body.id}`, {
+      method: 'DELETE',
+      headers: { authorization: `Bearer ${securityBridge.apiToken}` }
+    })
+    assert(terminalDelete.status === 200, `DELETE terminal render guard capture returned ${terminalDelete.status}.`)
+    const terminalBeforeRender = await harness.pollCapture(securityBridge, terminalRenderCapture.body.id, 20)
+    assert(
+      terminalBeforeRender.status === 'cancelled',
+      `Terminal render guard did not become cancelled: ${JSON.stringify(terminalBeforeRender)}`
+    )
+    const terminalRender = await fetch(terminalRenderCapture.body.bridgeUrl)
+    const terminalRenderText = await terminalRender.text()
+    assert(terminalRender.status === 409 && !terminalRenderText.includes('spbt_'), 'Terminal bridge render exposed a token.')
+
+    const renderCapture = await harness.createCapture(securityBridge, {
+      url: defaultTargetUrl,
+      waitMs: 100,
+      options: { allowPrivateNetworkTarget: true, maxResourceUrls: 50, captureScreenshotMetadata: false }
+    })
+    assert(renderCapture.status === 200, 'Render guard capture creation failed.')
+    const crossSite = await fetch(renderCapture.body.bridgeUrl, { headers: { referer: 'https://attacker.example/page' } })
+    const crossSiteText = await crossSite.text()
+    assert(crossSite.status === 403 && !crossSiteText.includes('spbt_'), 'Cross-site bridge render was not rejected safely.')
+    const firstRender = await fetch(renderCapture.body.bridgeUrl)
+    const firstRenderText = await firstRender.text()
+    const secondRender = await fetch(renderCapture.body.bridgeUrl)
+    const secondRenderText = await secondRender.text()
+    assert(firstRender.status === 200 && firstRenderText.includes('spbt_'), 'First bridge render did not include bridge token.')
+    assert(secondRender.status === 409 && !secondRenderText.includes('spbt_'), 'Second bridge render did not reject without token.')
+
+    const summary = {
+      browser: version.Browser,
+      extensionName: manifest.name,
+      extensionVersion: manifest.version,
+      dist,
+      bridge: {
+        baseUrl: bridge.ready.baseUrl,
+        protocolVersion: bridge.ready.protocolVersion,
+        apiTokenPresent: Boolean(bridge.ready.apiToken)
+      },
+      disabled: {
+        status: disabledDriven.finalStatus.status,
+        errorCode: disabledDriven.finalStatus.error?.code,
+        targetFinalUrl: disabledDriven.finalStatus.finalUrl || '',
+        targetRequestCount: disabledProbe.requestCount(),
+        syncLegacyEnabledIgnored: true
+      },
+      defaultTarget: {
+        url: defaultTargetUrl,
+        status: fixtureDriven.finalStatus.status,
+        phase: fixtureDriven.finalStatus.phase,
+        deleteCompletedStatus: deleteCompleted.status,
+        profile: profileSummary(fixtureDriven.profile, fixtureCapture.body.id)
+      },
+      fixture: {
+        status: fixtureDriven.finalStatus.status,
+        phase: fixtureDriven.finalStatus.phase,
+        profile: profileSummary(fixtureDriven.profile, fixtureCapture.body.id)
+      },
+      fixtureMetadata: {
+        status: fixtureMetadataDriven.finalStatus.status,
+        phase: fixtureMetadataDriven.finalStatus.phase,
+        profile: profileSummary(fixtureMetadataDriven.profile, fixtureMetadataCapture.body.id)
+      },
+      largeProfile: {
+        status: largeProfileDriven.finalStatus.status,
+        phase: largeProfileDriven.finalStatus.phase,
+        profile: profileSummary(largeProfileDriven.profile, largeProfileCapture.body.id)
+      },
+      customOpenCommand: {
+        status: openCommandStatus.status,
+        phase: openCommandStatus.phase,
+        bridge: {
+          baseUrl: openCommandBridge.ready.baseUrl,
+          protocolVersion: openCommandBridge.ready.protocolVersion,
+          apiTokenPresent: Boolean(openCommandBridge.ready.apiToken)
+        },
+        profile: profileSummary(openCommandProfile, openCommandCapture.body.id)
+      },
+      bridgeSecurity: {
+        crossSiteStatus: crossSite.status,
+        firstRenderStatus: firstRender.status,
+        secondRenderStatus: secondRender.status,
+        terminalRenderStatus: terminalRender.status,
+        terminalRenderFinalStatus: terminalBeforeRender.status
+      },
+      lifecycle: {
+        targetTabClosed: {
+          status: targetClosed.finalStatus.status,
+          errorCode: targetClosed.finalStatus.error?.code,
+          closedTabId: targetClosed.closedTabId
+        },
+        bridgeTabClosed: {
+          status: bridgeClosed.finalStatus.status,
+          errorCode: bridgeClosed.finalStatus.error?.code,
+          closedTabId: bridgeClosed.closedTabId
+        },
+        cancelled: {
+          deleteStatus: cancelled.cancelStatus,
+          status: cancelled.finalStatus.status,
+          closedTabId: cancelled.closedTabId,
+          targetStillExists: cancelled.targetStillExists
+        },
+        extensionReloaded: {
+          status: extensionReloaded.finalStatus.status,
+          errorCode: extensionReloaded.finalStatus.error?.code,
+          targetTabId: extensionReloaded.targetTabId,
+          targetStillVisible: extensionReloaded.targetStillVisible
+        },
+        serviceWorkerStopped: {
+          status: serviceWorkerStopped.finalStatus.status,
+          errorCode: serviceWorkerStopped.finalStatus.error?.code,
+          targetTabId: serviceWorkerStopped.targetTabId,
+          workerTargetId: serviceWorkerStopped.workerTargetId,
+          targetStillVisible: serviceWorkerStopped.targetStillVisible
+        }
+      },
+      bridgeDom: fixtureDriven.dom,
+      bridgeStderrTail: redactText(bridge.stderr().slice(-500))
+    }
+    assert(summary.defaultTarget.profile?.schema === 'stackprism.site_experience_profile.v1', 'Default target profile schema mismatch.')
+    assert(summary.fixture.profile?.schema === 'stackprism.site_experience_profile.v1', 'Fixture profile schema mismatch.')
+    assert(summary.fixtureMetadata.profile?.schema === 'stackprism.site_experience_profile.v1', 'Fixture metadata profile schema mismatch.')
+    assert(summary.largeProfile.profile?.schema === 'stackprism.site_experience_profile.v1', 'Large profile schema mismatch.')
+    assert(
+      summary.customOpenCommand.profile?.schema === 'stackprism.site_experience_profile.v1',
+      'Custom open command profile schema mismatch.'
+    )
+    assert(
+      !summary.defaultTarget.profile.privacyLeakDetected &&
+        !summary.fixture.profile.privacyLeakDetected &&
+        !summary.fixtureMetadata.profile.privacyLeakDetected &&
+        !summary.largeProfile.profile.privacyLeakDetected &&
+        !summary.customOpenCommand.profile.privacyLeakDetected,
+      'Profile privacy leak marker detected.'
+    )
+    assert(
+      !summary.defaultTarget.profile.screenshotMetadataPresent && !summary.fixture.profile.screenshotMetadataPresent,
+      'Screenshot metadata was present even though captureScreenshotMetadata=false.'
+    )
+    assert(summary.fixtureMetadata.profile.screenshotMetadataPresent, 'Screenshot metadata was missing when requested.')
+    assert(
+      !summary.defaultTarget.profile.screenshotPayloadPresent &&
+        !summary.fixture.profile.screenshotPayloadPresent &&
+        !summary.fixtureMetadata.profile.screenshotPayloadPresent &&
+        !summary.largeProfile.profile.screenshotPayloadPresent &&
+        !summary.customOpenCommand.profile.screenshotPayloadPresent,
+      'Screenshot image or pixel payload was present.'
+    )
+    assert(summary.largeProfile.profile.estimatedTransferChunks > 1, 'Large profile did not exceed one transfer chunk.')
+    console.log(JSON.stringify(summary, null, 2))
+  } finally {
+    worker?.close()
+    await harness.stopBridge(bridge)
+    await harness.stopBridge(openCommandBridge)
+    await harness.stopBridge(renderGuardBridge)
+    fixture.server.close()
+    disabledProbe.server.close()
+    largeFixture.server.close()
+    slowFixture.server.close()
+    await harness.cleanupChrome(chrome)
+  }
+}
+
+const scenarioRunner =
+  scenario === 'cleared-storage-session'
+    ? runClearedStorageSessionScenario
+    : scenario === 'local-opt-in-disabled'
+      ? runLocalOptInDisabledScenario
+      : scenario === 'browser-extension-disabled'
+        ? runBrowserExtensionDisabledScenario
+        : scenario === 'browser-extension-reloaded'
+          ? runBrowserExtensionReloadedScenario
+          : scenario === 'incognito-bridge-probe'
+            ? runIncognitoBridgeProbeScenario
+            : scenario === 'incognito-window-bridge-probe'
+              ? runIncognitoWindowBridgeProbeScenario
+              : scenario === 'expired-deadline-reconciliation'
+                ? runExpiredDeadlineReconciliationScenario
+                : scenario === 'final-url-blocked'
+                  ? runFinalUrlBlockedScenario
+                  : scenario === 'final-private-url-blocked'
+                    ? runFinalPrivateUrlBlockedScenario
+                    : scenario === 'final-dns-policy-blocked'
+                      ? runFinalDnsPolicyBlockedScenario
+                      : scenario === 'final-dns-lookup-failed'
+                        ? runFinalDnsLookupFailedScenario
+                        : scenario === 'private-target-blocked'
+                          ? runPrivateTargetBlockedScenario
+                          : scenario === 'dns-non-global-blocked'
+                            ? runDnsNonGlobalBlockedScenario
+                            : scenario === 'dns-lookup-failed'
+                              ? runDnsLookupFailedScenario
+                              : scenario === 'bridge-self-target-blocked'
+                                ? runBridgeSelfTargetBlockedScenario
+                                : scenario === 'active-tab-unavailable'
+                                  ? runActiveTabUnavailableScenario
+                                  : scenario === 'capture-busy'
+                                    ? runCaptureBusyScenario
+                                    : scenario === 'tech-only'
+                                      ? runTechOnlyScenario
+                                      : scenario === 'public-complex-target'
+                                        ? runPublicComplexTargetScenario
+                                        : scenario === 'visual-screenshot'
+                                          ? runVisualScreenshotScenario
+                                          : scenario === 'service-worker-idle-wake'
+                                            ? runServiceWorkerIdleWakeScenario
+                                            : scenario === 'sequential-capture-pressure'
+                                              ? runSequentialCapturePressureScenario
+                                              : scenario === 'target-navigated-away'
+                                                ? runTargetNavigatedAwayScenario
+                                                : scenario === 'target-load-failed'
+                                                  ? runTargetLoadFailedScenario
+                                                  : scenario === 'target-load-timeout'
+                                                    ? runTargetLoadTimeoutScenario
+                                                    : scenario === 'target-mode-query-boundaries'
+                                                      ? runTargetModeQueryBoundariesScenario
+                                                      : scenario === 'bridge-iframe-blocked'
+                                                        ? runBridgeIframeBlockedScenario
+                                                        : scenario === 'wrong-profile-extension-missing'
+                                                          ? runWrongProfileExtensionMissingScenario
+                                                          : scenario === 'host-validation'
+                                                            ? runHostValidationScenario
+                                                            : scenario === 'response-headers-cors'
+                                                              ? runResponseHeadersCorsScenario
+                                                              : scenario === 'request-shell-rejections'
+                                                                ? runRequestShellRejectionsScenario
+                                                                : scenario === 'connection-pressure'
+                                                                  ? runConnectionPressureScenario
+                                                                  : scenario === 'resource-timeouts'
+                                                                    ? runResourceTimeoutsScenario
+                                                                    : scenario === 'rate-limit'
+                                                                      ? runRateLimitScenario
+                                                                      : scenario === 'profile-rate-limit'
+                                                                        ? runProfileRateLimitScenario
+                                                                        : scenario === 'target-url-validation'
+                                                                          ? runTargetUrlValidationScenario
+                                                                          : scenario === 'result-expiry-bridge-page'
+                                                                            ? runResultExpiryBridgePageScenario
+                                                                            : run
+
+scenarioRunner().catch(error => {
+  console.error(error instanceof Error ? error.message : String(error))
+  process.exitCode = 1
+})
diff --git a/tests/agent-bridge-complexity.test.mjs b/tests/agent-bridge-complexity.test.mjs
new file mode 100644
index 00000000..10fd33a2
--- /dev/null
+++ b/tests/agent-bridge-complexity.test.mjs
@@ -0,0 +1,34 @@
+import assert from 'node:assert/strict'
+import { readdir, readFile } from 'node:fs/promises'
+import { fileURLToPath } from 'node:url'
+import { join } from 'node:path'
+import { test } from 'node:test'
+
+const maxBridgeHelperLines = 300
+const scriptsRoot = fileURLToPath(new URL('../agent-skill/stackprism-site-experience/scripts/', import.meta.url))
+
+const collectBridgeScriptFiles = async dir => {
+  const entries = await readdir(dir, { withFileTypes: true })
+  const files = []
+  for (const entry of entries) {
+    const path = join(dir, entry.name)
+    if (entry.isDirectory()) {
+      if (entry.name !== '__pycache__') files.push(...(await collectBridgeScriptFiles(path)))
+    } else if (entry.name.endsWith('.mjs') || entry.name.endsWith('.py')) {
+      files.push(path)
+    }
+  }
+  return files
+}
+
+test('agent bridge helper source files stay within the plan line budget', async () => {
+  const files = await collectBridgeScriptFiles(scriptsRoot)
+  const oversized = []
+
+  for (const file of files) {
+    const lineCount = (await readFile(file, 'utf8')).split('\n').length
+    if (lineCount > maxBridgeHelperLines) oversized.push(`${file}: ${lineCount}`)
+  }
+
+  assert.deepEqual(oversized, [])
+})
diff --git a/tests/agent-bridge-handshake.test.mjs b/tests/agent-bridge-handshake.test.mjs
new file mode 100644
index 00000000..b7536e34
--- /dev/null
+++ b/tests/agent-bridge-handshake.test.mjs
@@ -0,0 +1,1659 @@
+import assert from 'node:assert/strict'
+import { createHash } from 'node:crypto'
+import { readFile } from 'node:fs/promises'
+import { test } from 'node:test'
+import { loadTsModule } from './helpers/load-ts-module.mjs'
+import identifiers from './fixtures/bridge-protocol-identifiers.json' with { type: 'json' }
+
+const sessionId = identifiers.sessionId.valid[0]
+const captureId = identifiers.captureId.valid[0]
+const nonce = identifiers.nonce.valid[0]
+const bridgeToken = identifiers.bridgeToken.valid[0]
+const bridgeUrl = `http://127.0.0.1:17370/bridge?session=${sessionId}&capture=${captureId}&nonce=${nonce}`
+
+const sender = (url = bridgeUrl, tabId = 7, windowId = 3) => ({ url, tab: { id: tabId, windowId } })
+const senderWithoutTabId = () => ({ url: bridgeUrl, tab: { windowId: 3 } })
+const sha256Hex = bytes => createHash('sha256').update(bytes).digest('hex')
+const profileChunkBytes = 384 * 1024
+const percentEncodeFirstPayloadChar = value =>
+  `${value.slice(0, 2)}%${value.charCodeAt(2).toString(16).toUpperCase().padStart(2, '0')}${value.slice(3)}`
+const waitForCondition = async (predicate, label) => {
+  const deadline = Date.now() + 1000
+  while (Date.now() < deadline) {
+    if (predicate()) return
+    await new Promise(resolve => setTimeout(resolve, 10))
+  }
+  assert.fail(`Timed out waiting for ${label}`)
+}
+const makeCaptureRequest = (overrides = {}) => {
+  const options = {
+    forceRefresh: false,
+    captureScreenshotMetadata: false,
+    keepTabOpen: false,
+    allowPrivateNetworkTarget: false,
+    targetMode: 'reuse_or_new_tab',
+    maxResourceUrls: 300,
+    ...(overrides.options || {})
+  }
+  return {
+    url: 'https://example.com',
+    mode: 'experience',
+    waitMs: 0,
+    include: ['tech'],
+    viewports: [],
+    protocolVersion: 1,
+    ...overrides,
+    options
+  }
+}
+
+const makeSessionChrome = ({ enabled = true } = {}) => {
+  const sessionStorage = {}
+  return {
+    sessionStorage,
+    chrome: {
+      storage: {
+        session: {
+          get: async key => {
+            if (Array.isArray(key)) return Object.fromEntries(key.map(item => [item, sessionStorage[item]]))
+            return { [key]: sessionStorage[key] }
+          },
+          set: async value => Object.assign(sessionStorage, value),
+          remove: async keys => {
+            for (const key of Array.isArray(keys) ? keys : [keys]) delete sessionStorage[key]
+          }
+        },
+        local: { get: async () => ({ stackPrismSettings: enabled ? { agentBridgeEnabled: true } : {} }) },
+        sync: { get: async () => ({ stackPrismSettings: { agentBridgeEnabled: true } }) }
+      },
+      runtime: { getManifest: () => ({ version: '1.3.71' }) }
+    }
+  }
+}
+const makeRequiredBridgeCapabilities = (overrides = {}) => ({
+  agentBridge: true,
+  siteExperienceProfileV1: true,
+  profileChunkTransport: true,
+  bridgeContentPost: true,
+  storageSession: true,
+  experienceProfiler: true,
+  rawProfile: true,
+  viewportMetadata: true,
+  visualScreenshot: true,
+  ...overrides
+})
+
+const pollStartedBridgeClientControl = async controlBody => {
+  const originalWindow = globalThis.window
+  const originalDocument = globalThis.document
+  const originalChrome = globalThis.chrome
+  const originalLocation = globalThis.location
+  const originalFetch = globalThis.fetch
+  const { resetLoadTsModuleCaches, loadTsModule: freshLoadTsModule } = await import('./helpers/load-ts-module.mjs')
+  resetLoadTsModuleCaches()
+
+  const controlIntervalId = 73
+  const clearIntervalCalls = []
+  const intervalCallbacks = []
+  const runtimeMessages = []
+  const statusPosts = []
+  globalThis.location = new URL(bridgeUrl)
+  globalThis.window = {
+    addEventListener: () => {},
+    setInterval: callback => {
+      intervalCallbacks.push(callback)
+      return controlIntervalId
+    },
+    clearInterval: id => clearIntervalCalls.push(id)
+  }
+  globalThis.document = {
+    querySelector: selector => {
+      if (selector === 'meta[name="stackprism-agent-bridge"][content="1"]') return {}
+      if (selector === '#stackprism-agent-bridge-config[type="application/json"]') {
+        return { textContent: JSON.stringify({ captureId, sessionId, nonce, bridgeToken, protocolVersion: 1 }) }
+      }
+      return null
+    },
+    documentElement: { dataset: {} }
+  }
+  globalThis.fetch = async (url, init = {}) => {
+    const requestUrl = String(url)
+    if (requestUrl === `http://127.0.0.1:17370/v1/captures/${captureId}/request`) {
+      return {
+        ok: true,
+        status: 200,
+        json: async () => ({ captureId, sessionId, nonce, protocolVersion: 1, request: makeCaptureRequest() })
+      }
+    }
+    if (requestUrl === `http://127.0.0.1:17370/v1/captures/${captureId}/status`) {
+      statusPosts.push(JSON.parse(String(init.body || '{}')))
+      return {
+        ok: true,
+        status: 200,
+        json: async () => ({ ok: true })
+      }
+    }
+    if (requestUrl === `http://127.0.0.1:17370/v1/captures/${captureId}/control`) {
+      return {
+        ok: true,
+        status: 200,
+        json: async () => controlBody
+      }
+    }
+    throw new Error(`Unexpected bridge HTTP request: ${requestUrl}`)
+  }
+  globalThis.chrome = {
+    runtime: {
+      onMessage: { addListener: () => {} },
+      sendMessage: (message, callback) => {
+        runtimeMessages.push(message)
+        if (message.type === 'AGENT_BRIDGE_HELLO') {
+          callback?.({
+            ok: true,
+            data: {
+              extensionVersion: '1.3.71',
+              protocolVersion: 1,
+              capabilities: makeRequiredBridgeCapabilities()
+            }
+          })
+          return
+        }
+        if (message.type === 'START_AGENT_CAPTURE' || message.type === 'AGENT_CAPTURE_CONTROL') {
+          callback?.({ ok: true, data: null })
+          return
+        }
+        throw new Error(`Unexpected runtime message: ${message.type}`)
+      },
+      connect: () => ({
+        postMessage: () => {},
+        onMessage: { addListener: () => {} },
+        onDisconnect: { addListener: () => {} }
+      })
+    }
+  }
+
+  try {
+    await freshLoadTsModule('src/content/agent-bridge-client.ts')
+    await waitForCondition(
+      () => statusPosts.length === 2 && runtimeMessages.length === 2 && intervalCallbacks.length === 1,
+      'bridge client control polling startup'
+    )
+
+    intervalCallbacks[0]()
+    await waitForCondition(() => clearIntervalCalls.includes(controlIntervalId), 'bridge client control poll completion')
+    await new Promise(resolve => setTimeout(resolve, 0))
+
+    return { clearIntervalCalls, runtimeMessages, statusPosts }
+  } finally {
+    if (originalWindow === undefined) delete globalThis.window
+    else globalThis.window = originalWindow
+    if (originalDocument === undefined) delete globalThis.document
+    else globalThis.document = originalDocument
+    if (originalChrome === undefined) delete globalThis.chrome
+    else globalThis.chrome = originalChrome
+    if (originalLocation === undefined) delete globalThis.location
+    else globalThis.location = originalLocation
+    if (originalFetch === undefined) delete globalThis.fetch
+    else globalThis.fetch = originalFetch
+    resetLoadTsModuleCaches()
+  }
+}
+
+test('bridge page parser validates loopback URL and JSON config token', async () => {
+  const { isBridgePageUrl, parseBridgePageContext, validateCaptureRequestEnvelope } = await loadTsModule(
+    'src/content/agent-bridge-request.ts'
+  )
+
+  assert.equal(isBridgePageUrl(bridgeUrl), true)
+  assert.equal(isBridgePageUrl('https://example.com/bridge'), false)
+
+  const context = parseBridgePageContext(bridgeUrl, JSON.stringify({ captureId, sessionId, nonce, bridgeToken, protocolVersion: 1 }))
+  assert.deepEqual(context, {
+    bridgeOrigin: 'http://127.0.0.1:17370',
+    sessionId,
+    captureId,
+    nonce,
+    bridgeToken,
+    protocolVersion: 1
+  })
+
+  const request = makeCaptureRequest()
+  assert.equal(validateCaptureRequestEnvelope(context, { captureId, sessionId, nonce, protocolVersion: 1, request }), request)
+  assert.throws(() => parseBridgePageContext(bridgeUrl, '{'), /INVALID_REQUEST/)
+  assert.throws(() => parseBridgePageContext(bridgeUrl, JSON.stringify({ protocolVersion: 1 })), /INVALID_REQUEST/)
+  assert.throws(
+    () => parseBridgePageContext(bridgeUrl, JSON.stringify({ captureId, sessionId, nonce, bridgeToken, protocolVersion: 'not-a-number' })),
+    /INVALID_REQUEST/
+  )
+  assert.throws(
+    () => parseBridgePageContext(bridgeUrl, JSON.stringify({ captureId, sessionId, nonce, bridgeToken, protocolVersion: '1' })),
+    /INVALID_REQUEST/
+  )
+  assert.throws(
+    () =>
+      parseBridgePageContext(
+        bridgeUrl,
+        JSON.stringify({ captureId, sessionId: identifiers.sessionId.valid[1], nonce, bridgeToken, protocolVersion: 1 })
+      ),
+    /INVALID_REQUEST/
+  )
+  assert.throws(
+    () =>
+      parseBridgePageContext(
+        `${bridgeUrl}&nonce=${identifiers.nonce.valid[1]}`,
+        JSON.stringify({ captureId, sessionId, nonce, bridgeToken, protocolVersion: 1 })
+      ),
+    /INVALID_REQUEST/
+  )
+  assert.throws(
+    () =>
+      parseBridgePageContext(
+        bridgeUrl.replace(`session=${sessionId}`, `session=${percentEncodeFirstPayloadChar(sessionId)}`),
+        JSON.stringify({ captureId, sessionId, nonce, bridgeToken, protocolVersion: 1 })
+      ),
+    /INVALID_REQUEST/
+  )
+  assert.throws(
+    () => validateCaptureRequestEnvelope(context, { captureId, sessionId, nonce: identifiers.nonce.valid[1], protocolVersion: 1, request }),
+    /BRIDGE_REQUEST_MISMATCH/
+  )
+  assert.throws(
+    () =>
+      validateCaptureRequestEnvelope(context, {
+        captureId,
+        sessionId,
+        nonce,
+        protocolVersion: 1,
+        request: { url: 'https://example.com', mode: 'experience', include: ['tech'], options: {} }
+      }),
+    /BRIDGE_REQUEST_MISMATCH/
+  )
+  assert.throws(
+    () =>
+      validateCaptureRequestEnvelope(context, {
+        captureId,
+        sessionId,
+        nonce,
+        protocolVersion: 1,
+        request: { ...request, waitMs: -1 }
+      }),
+    /BRIDGE_REQUEST_MISMATCH/
+  )
+  assert.throws(
+    () =>
+      validateCaptureRequestEnvelope(context, {
+        captureId,
+        sessionId,
+        nonce,
+        protocolVersion: 1,
+        request: { ...request, viewports: [{ name: 123, width: 1440, height: 900, deviceScaleFactor: 1 }] }
+      }),
+    /BRIDGE_REQUEST_MISMATCH/
+  )
+  assert.throws(
+    () =>
+      validateCaptureRequestEnvelope(context, {
+        captureId,
+        sessionId,
+        nonce,
+        protocolVersion: 1,
+        bridgeToken,
+        profileUrl: `${context.bridgeOrigin}/v1/captures/${captureId}/profile`,
+        request
+      }),
+    /BRIDGE_REQUEST_MISMATCH/
+  )
+})
+
+test('bridge client posts request mismatch and never starts capture when request envelope is bound to another capture', async () => {
+  const originalWindow = globalThis.window
+  const originalDocument = globalThis.document
+  const originalChrome = globalThis.chrome
+  const originalLocation = globalThis.location
+  const originalFetch = globalThis.fetch
+  const { resetLoadTsModuleCaches, loadTsModule: freshLoadTsModule } = await import('./helpers/load-ts-module.mjs')
+  resetLoadTsModuleCaches()
+
+  const statusPosts = []
+  const bridgeRequests = []
+  const runtimeMessages = []
+  globalThis.location = new URL(bridgeUrl)
+  globalThis.window = {
+    addEventListener: () => {},
+    setInterval: () => {
+      throw new Error('control polling must not start after request mismatch')
+    },
+    clearInterval: () => {}
+  }
+  globalThis.document = {
+    querySelector: selector => {
+      if (selector === 'meta[name="stackprism-agent-bridge"][content="1"]') return {}
+      if (selector === '#stackprism-agent-bridge-config[type="application/json"]') {
+        return { textContent: JSON.stringify({ captureId, sessionId, nonce, bridgeToken, protocolVersion: 1 }) }
+      }
+      return null
+    },
+    documentElement: { dataset: {} }
+  }
+  globalThis.fetch = async (url, init = {}) => {
+    const requestUrl = String(url)
+    bridgeRequests.push({ url: requestUrl, init })
+    if (requestUrl === `http://127.0.0.1:17370/v1/captures/${captureId}/request`) {
+      return {
+        ok: true,
+        status: 200,
+        json: async () => ({
+          captureId: identifiers.captureId.valid[1],
+          sessionId,
+          nonce,
+          protocolVersion: 1,
+          request: makeCaptureRequest()
+        })
+      }
+    }
+    if (requestUrl === `http://127.0.0.1:17370/v1/captures/${captureId}/status`) {
+      statusPosts.push(JSON.parse(String(init.body || '{}')))
+      return {
+        ok: true,
+        status: 200,
+        json: async () => ({ ok: true })
+      }
+    }
+    throw new Error(`Unexpected bridge HTTP request: ${requestUrl}`)
+  }
+  globalThis.chrome = {
+    runtime: {
+      onMessage: { addListener: () => {} },
+      sendMessage: (message, callback) => {
+        runtimeMessages.push(message)
+        callback?.({ ok: true, data: {} })
+      },
+      connect: () => {
+        throw new Error('profile transfer port must not open after request mismatch')
+      }
+    }
+  }
+
+  try {
+    await freshLoadTsModule('src/content/agent-bridge-client.ts')
+    await waitForCondition(() => statusPosts.length === 1, 'failed request mismatch status')
+
+    assert.deepEqual(runtimeMessages, [])
+    assert.equal(statusPosts[0].status, 'failed')
+    assert.equal(statusPosts[0].phase, 'bridge_connected')
+    assert.equal(statusPosts[0].error.code, 'BRIDGE_REQUEST_MISMATCH')
+    assert.deepEqual(
+      bridgeRequests.map(request => ({
+        url: request.url,
+        headers: request.init.headers
+      })),
+      [
+        {
+          url: `http://127.0.0.1:17370/v1/captures/${captureId}/request`,
+          headers: { Authorization: `Bearer ${bridgeToken}` }
+        },
+        {
+          url: `http://127.0.0.1:17370/v1/captures/${captureId}/status`,
+          headers: { 'Content-Type': 'application/json', Authorization: `Bearer ${bridgeToken}` }
+        }
+      ]
+    )
+    assert.equal(globalThis.document.documentElement.dataset.stackprismAgentBridgeClient, 'ready')
+  } finally {
+    if (originalWindow === undefined) delete globalThis.window
+    else globalThis.window = originalWindow
+    if (originalDocument === undefined) delete globalThis.document
+    else globalThis.document = originalDocument
+    if (originalChrome === undefined) delete globalThis.chrome
+    else globalThis.chrome = originalChrome
+    if (originalLocation === undefined) delete globalThis.location
+    else globalThis.location = originalLocation
+    if (originalFetch === undefined) delete globalThis.fetch
+    else globalThis.fetch = originalFetch
+    resetLoadTsModuleCaches()
+  }
+})
+
+test('bridge client rejects incognito extension context before loading request or sending runtime messages', async () => {
+  const originalWindow = globalThis.window
+  const originalDocument = globalThis.document
+  const originalChrome = globalThis.chrome
+  const originalLocation = globalThis.location
+  const originalFetch = globalThis.fetch
+  const { resetLoadTsModuleCaches, loadTsModule: freshLoadTsModule } = await import('./helpers/load-ts-module.mjs')
+  resetLoadTsModuleCaches()
+
+  const statusPosts = []
+  const bridgeRequests = []
+  const runtimeMessages = []
+  globalThis.location = new URL(bridgeUrl)
+  globalThis.window = {
+    addEventListener: () => {},
+    setInterval: () => {
+      throw new Error('control polling must not start in incognito extension context')
+    },
+    clearInterval: () => {}
+  }
+  globalThis.document = {
+    querySelector: selector => {
+      if (selector === 'meta[name="stackprism-agent-bridge"][content="1"]') return {}
+      if (selector === '#stackprism-agent-bridge-config[type="application/json"]') {
+        return { textContent: JSON.stringify({ captureId, sessionId, nonce, bridgeToken, protocolVersion: 1 }) }
+      }
+      return null
+    },
+    documentElement: { dataset: {} }
+  }
+  globalThis.fetch = async (url, init = {}) => {
+    const requestUrl = String(url)
+    bridgeRequests.push({ url: requestUrl, init })
+    if (requestUrl === `http://127.0.0.1:17370/v1/captures/${captureId}/status`) {
+      statusPosts.push(JSON.parse(String(init.body || '{}')))
+      return {
+        ok: true,
+        status: 200,
+        json: async () => ({ ok: true })
+      }
+    }
+    throw new Error(`Unexpected bridge HTTP request in incognito context: ${requestUrl}`)
+  }
+  globalThis.chrome = {
+    extension: { inIncognitoContext: true },
+    runtime: {
+      onMessage: {
+        addListener: () => {
+          throw new Error('status listener must not be registered in incognito extension context')
+        }
+      },
+      sendMessage: (message, callback) => {
+        runtimeMessages.push(message)
+        callback?.({ ok: true, data: {} })
+      },
+      connect: () => {
+        throw new Error('profile transfer port must not open in incognito extension context')
+      }
+    }
+  }
+
+  try {
+    await freshLoadTsModule('src/content/agent-bridge-client.ts')
+    await waitForCondition(() => statusPosts.length === 1, 'incognito rejection status')
+
+    assert.deepEqual(runtimeMessages, [])
+    assert.equal(statusPosts[0].status, 'failed')
+    assert.equal(statusPosts[0].phase, 'bridge_connected')
+    assert.equal(statusPosts[0].error.code, 'INCOGNITO_NOT_SUPPORTED')
+    assert.deepEqual(
+      bridgeRequests.map(request => request.url),
+      [`http://127.0.0.1:17370/v1/captures/${captureId}/status`]
+    )
+    assert.equal(globalThis.document.documentElement.dataset.stackprismAgentBridgeClient, 'ready')
+  } finally {
+    if (originalWindow === undefined) delete globalThis.window
+    else globalThis.window = originalWindow
+    if (originalDocument === undefined) delete globalThis.document
+    else globalThis.document = originalDocument
+    if (originalChrome === undefined) delete globalThis.chrome
+    else globalThis.chrome = originalChrome
+    if (originalLocation === undefined) delete globalThis.location
+    else globalThis.location = originalLocation
+    if (originalFetch === undefined) delete globalThis.fetch
+    else globalThis.fetch = originalFetch
+    resetLoadTsModuleCaches()
+  }
+})
+
+test('bridge client reports missing hello capabilities before starting capture', async () => {
+  const originalWindow = globalThis.window
+  const originalDocument = globalThis.document
+  const originalChrome = globalThis.chrome
+  const originalLocation = globalThis.location
+  const originalFetch = globalThis.fetch
+  const { resetLoadTsModuleCaches, loadTsModule: freshLoadTsModule } = await import('./helpers/load-ts-module.mjs')
+  resetLoadTsModuleCaches()
+
+  const statusPosts = []
+  const runtimeMessages = []
+  globalThis.location = new URL(bridgeUrl)
+  globalThis.window = {
+    addEventListener: () => {},
+    setInterval: () => {
+      throw new Error('control polling must not start when required capabilities are missing')
+    },
+    clearInterval: () => {}
+  }
+  globalThis.document = {
+    querySelector: selector => {
+      if (selector === 'meta[name="stackprism-agent-bridge"][content="1"]') return {}
+      if (selector === '#stackprism-agent-bridge-config[type="application/json"]') {
+        return { textContent: JSON.stringify({ captureId, sessionId, nonce, bridgeToken, protocolVersion: 1 }) }
+      }
+      return null
+    },
+    documentElement: { dataset: {} }
+  }
+  globalThis.fetch = async (url, init = {}) => {
+    const requestUrl = String(url)
+    if (requestUrl === `http://127.0.0.1:17370/v1/captures/${captureId}/request`) {
+      return {
+        ok: true,
+        status: 200,
+        json: async () => ({ captureId, sessionId, nonce, protocolVersion: 1, request: makeCaptureRequest() })
+      }
+    }
+    if (requestUrl === `http://127.0.0.1:17370/v1/captures/${captureId}/status`) {
+      statusPosts.push(JSON.parse(String(init.body || '{}')))
+      return {
+        ok: true,
+        status: 200,
+        json: async () => ({ ok: true })
+      }
+    }
+    throw new Error(`Unexpected bridge HTTP request: ${requestUrl}`)
+  }
+  globalThis.chrome = {
+    runtime: {
+      onMessage: { addListener: () => {} },
+      sendMessage: (message, callback) => {
+        runtimeMessages.push(message)
+        callback?.({
+          ok: true,
+          data: {
+            extensionVersion: '1.3.71',
+            protocolVersion: 1,
+            capabilities: {
+              agentBridge: true,
+              siteExperienceProfileV1: true,
+              profileChunkTransport: false,
+              bridgeContentPost: true,
+              storageSession: true,
+              experienceProfiler: true,
+              rawProfile: true,
+              viewportMetadata: true
+            }
+          }
+        })
+      },
+      connect: () => {
+        throw new Error('profile transfer port must not open when required capabilities are missing')
+      }
+    }
+  }
+
+  try {
+    await freshLoadTsModule('src/content/agent-bridge-client.ts')
+    await waitForCondition(() => statusPosts.length === 2, 'missing capability failure status')
+
+    assert.deepEqual(
+      runtimeMessages.map(message => message.type),
+      ['AGENT_BRIDGE_HELLO']
+    )
+    assert.equal(statusPosts[0].status, 'waiting_extension')
+    assert.equal(statusPosts[1].status, 'failed')
+    assert.equal(statusPosts[1].phase, 'request_loaded')
+    assert.equal(statusPosts[1].error.code, 'NOT_SUPPORTED')
+    assert.equal(statusPosts[1].error.details.missingCapability, 'profileChunkTransport')
+  } finally {
+    if (originalWindow === undefined) delete globalThis.window
+    else globalThis.window = originalWindow
+    if (originalDocument === undefined) delete globalThis.document
+    else globalThis.document = originalDocument
+    if (originalChrome === undefined) delete globalThis.chrome
+    else globalThis.chrome = originalChrome
+    if (originalLocation === undefined) delete globalThis.location
+    else globalThis.location = originalLocation
+    if (originalFetch === undefined) delete globalThis.fetch
+    else globalThis.fetch = originalFetch
+    resetLoadTsModuleCaches()
+  }
+})
+
+test('bridge client ignores capture status messages bound to another capture', async () => {
+  const originalWindow = globalThis.window
+  const originalDocument = globalThis.document
+  const originalChrome = globalThis.chrome
+  const originalLocation = globalThis.location
+  const originalFetch = globalThis.fetch
+  const { resetLoadTsModuleCaches, loadTsModule: freshLoadTsModule } = await import('./helpers/load-ts-module.mjs')
+  resetLoadTsModuleCaches()
+
+  const statusPosts = []
+  const runtimeMessages = []
+  const responses = []
+  let statusListener = null
+  let clearIntervalCalls = 0
+  globalThis.location = new URL(bridgeUrl)
+  globalThis.window = {
+    addEventListener: () => {},
+    setInterval: () => 41,
+    clearInterval: () => {
+      clearIntervalCalls += 1
+    }
+  }
+  globalThis.document = {
+    querySelector: selector => {
+      if (selector === 'meta[name="stackprism-agent-bridge"][content="1"]') return {}
+      if (selector === '#stackprism-agent-bridge-config[type="application/json"]') {
+        return { textContent: JSON.stringify({ captureId, sessionId, nonce, bridgeToken, protocolVersion: 1 }) }
+      }
+      return null
+    },
+    documentElement: { dataset: {} }
+  }
+  globalThis.fetch = async (url, init = {}) => {
+    const requestUrl = String(url)
+    if (requestUrl === `http://127.0.0.1:17370/v1/captures/${captureId}/request`) {
+      return {
+        ok: true,
+        status: 200,
+        json: async () => ({ captureId, sessionId, nonce, protocolVersion: 1, request: makeCaptureRequest() })
+      }
+    }
+    if (requestUrl === `http://127.0.0.1:17370/v1/captures/${captureId}/status`) {
+      statusPosts.push(JSON.parse(String(init.body || '{}')))
+      return {
+        ok: true,
+        status: 200,
+        json: async () => ({ ok: true })
+      }
+    }
+    throw new Error(`Unexpected bridge HTTP request: ${requestUrl}`)
+  }
+  globalThis.chrome = {
+    runtime: {
+      onMessage: {
+        addListener: listener => {
+          statusListener = listener
+        }
+      },
+      sendMessage: (message, callback) => {
+        runtimeMessages.push(message)
+        if (message.type === 'AGENT_BRIDGE_HELLO') {
+          callback?.({
+            ok: true,
+            data: {
+              extensionVersion: '1.3.71',
+              protocolVersion: 1,
+              capabilities: {
+                agentBridge: true,
+                siteExperienceProfileV1: true,
+                profileChunkTransport: true,
+                bridgeContentPost: true,
+                storageSession: true,
+                experienceProfiler: true,
+                rawProfile: true,
+                viewportMetadata: true,
+                visualScreenshot: true
+              }
+            }
+          })
+          return
+        }
+        callback?.({ ok: true, data: null })
+      },
+      connect: () => ({
+        postMessage: () => {},
+        onMessage: { addListener: () => {} },
+        onDisconnect: { addListener: () => {} }
+      })
+    }
+  }
+
+  try {
+    await freshLoadTsModule('src/content/agent-bridge-client.ts')
+    await waitForCondition(() => statusPosts.length === 2 && runtimeMessages.length === 2, 'bridge client startup')
+
+    const mismatchedHandled = statusListener(
+      {
+        type: 'AGENT_CAPTURE_STATUS',
+        payload: {
+          captureId: identifiers.captureId.valid[1],
+          sessionId,
+          nonce,
+          protocolVersion: 1,
+          status: 'failed',
+          phase: 'cleanup'
+        }
+      },
+      {},
+      response => responses.push(response)
+    )
+
+    assert.equal(mismatchedHandled, false)
+    assert.equal(statusPosts.length, 2)
+    assert.equal(clearIntervalCalls, 0)
+    assert.equal(responses.at(-1).ok, false)
+    assert.equal(responses.at(-1).error.code, 'BRIDGE_REQUEST_MISMATCH')
+
+    const matchedHandled = statusListener(
+      {
+        type: 'AGENT_CAPTURE_STATUS',
+        payload: {
+          captureId,
+          sessionId,
+          nonce,
+          protocolVersion: 1,
+          status: 'running',
+          phase: 'target_loaded',
+          finalUrl: 'https://example.com/'
+        }
+      },
+      {},
+      response => responses.push(response)
+    )
+    assert.equal(matchedHandled, true)
+    await waitForCondition(() => statusPosts.length === 3 && responses.at(-1)?.ok === true, 'matching status forward')
+    assert.equal(statusPosts[2].captureId, captureId)
+    assert.equal(statusPosts[2].phase, 'target_loaded')
+    assert.equal(statusPosts[2].finalUrl, 'https://example.com/')
+  } finally {
+    if (originalWindow === undefined) delete globalThis.window
+    else globalThis.window = originalWindow
+    if (originalDocument === undefined) delete globalThis.document
+    else globalThis.document = originalDocument
+    if (originalChrome === undefined) delete globalThis.chrome
+    else globalThis.chrome = originalChrome
+    if (originalLocation === undefined) delete globalThis.location
+    else globalThis.location = originalLocation
+    if (originalFetch === undefined) delete globalThis.fetch
+    else globalThis.fetch = originalFetch
+    resetLoadTsModuleCaches()
+  }
+})
+
+test('bridge client stops control polling without sending cancel for terminal bridge status', async () => {
+  const result = await pollStartedBridgeClientControl({ status: 'completed', command: 'cancel' })
+
+  assert.deepEqual(result.clearIntervalCalls, [73])
+  assert.deepEqual(
+    result.runtimeMessages.map(message => message.type),
+    ['AGENT_BRIDGE_HELLO', 'START_AGENT_CAPTURE']
+  )
+  assert.deepEqual(
+    result.statusPosts.map(post => post.status),
+    ['waiting_extension', 'running']
+  )
+})
+
+test('bridge client sends cancel control only for cancel requested bridge status', async () => {
+  const result = await pollStartedBridgeClientControl({ status: 'cancel_requested', command: 'cancel' })
+
+  assert.deepEqual(result.clearIntervalCalls, [73])
+  assert.deepEqual(
+    result.runtimeMessages.map(message => message.type),
+    ['AGENT_BRIDGE_HELLO', 'START_AGENT_CAPTURE', 'AGENT_CAPTURE_CONTROL']
+  )
+  assert.equal(result.runtimeMessages[2].captureId, captureId)
+  assert.equal(result.runtimeMessages[2].sessionId, sessionId)
+  assert.equal(result.runtimeMessages[2].nonce, nonce)
+  assert.equal(result.runtimeMessages[2].command, 'cancel')
+})
+
+test('bridge client exits on non-bridge loopback pages without side effects', async () => {
+  const originalWindow = globalThis.window
+  const originalDocument = globalThis.document
+  const originalChrome = globalThis.chrome
+  const originalLocation = globalThis.location
+  const originalFetch = globalThis.fetch
+  const { resetLoadTsModuleCaches, loadTsModule: freshLoadTsModule } = await import('./helpers/load-ts-module.mjs')
+  resetLoadTsModuleCaches()
+
+  let queried = false
+  let fetched = false
+  let runtimeMessaged = false
+  globalThis.location = new URL(`http://127.0.0.1:17370/not-bridge?session=${sessionId}&capture=${captureId}&nonce=${nonce}`)
+  globalThis.window = {
+    addEventListener: () => {
+      throw new Error('window listeners must not be registered on non-bridge pages')
+    },
+    setInterval: () => {
+      throw new Error('polling must not start on non-bridge pages')
+    },
+    clearInterval: () => {}
+  }
+  globalThis.document = {
+    querySelector: () => {
+      queried = true
+      throw new Error('bridge config DOM must not be read on non-bridge pages')
+    },
+    documentElement: { dataset: {} }
+  }
+  globalThis.fetch = async () => {
+    fetched = true
+    throw new Error('bridge HTTP must not be called on non-bridge pages')
+  }
+  globalThis.chrome = {
+    runtime: {
+      sendMessage: () => {
+        runtimeMessaged = true
+        throw new Error('runtime messages must not be sent on non-bridge pages')
+      }
+    }
+  }
+
+  try {
+    await freshLoadTsModule('src/content/agent-bridge-client.ts')
+
+    assert.equal(queried, false)
+    assert.equal(fetched, false)
+    assert.equal(runtimeMessaged, false)
+  } finally {
+    if (originalWindow === undefined) delete globalThis.window
+    else globalThis.window = originalWindow
+    if (originalDocument === undefined) delete globalThis.document
+    else globalThis.document = originalDocument
+    if (originalChrome === undefined) delete globalThis.chrome
+    else globalThis.chrome = originalChrome
+    if (originalLocation === undefined) delete globalThis.location
+    else globalThis.location = originalLocation
+    if (originalFetch === undefined) delete globalThis.fetch
+    else globalThis.fetch = originalFetch
+    resetLoadTsModuleCaches()
+  }
+})
+
+test('profile transfer failures clear transfer state and reject late completion', async () => {
+  const { handleTransferMessage } = await loadTsModule('src/content/agent-bridge-transfer.ts')
+  const transferSource = await readFile(new URL('../src/content/agent-bridge-transfer.ts', import.meta.url), 'utf8')
+  const context = { bridgeOrigin: 'http://127.0.0.1:17370', sessionId, captureId, nonce }
+  const transferId = identifiers.profileTransferId.valid[0]
+  const statuses = []
+  const postStatus = async (status, phase, error) => statuses.push({ status, phase, error })
+  let postedProfile = false
+  const requestJson = async () => {
+    postedProfile = true
+    return { ok: true }
+  }
+  const bytes = Buffer.alloc(profileChunkBytes + 1)
+
+  assert.equal(
+    (
+      await handleTransferMessage(context, postStatus, requestJson, {
+        type: 'AGENT_PROFILE_TRANSFER_BEGIN',
+        captureId,
+        sessionId,
+        nonce,
+        profileTransferId: transferId,
+        chunkCount: 2,
+        byteLength: bytes.byteLength,
+        sha256: sha256Hex(bytes)
+      })
+    ).ok,
+    true
+  )
+  const missing = await handleTransferMessage(context, postStatus, requestJson, {
+    type: 'AGENT_PROFILE_TRANSFER_COMPLETE',
+    captureId,
+    sessionId,
+    nonce,
+    profileTransferId: transferId,
+    byteLength: bytes.byteLength,
+    sha256: sha256Hex(bytes)
+  })
+  assert.equal(missing.ok, false)
+  assert.equal(missing.error.code, 'PROFILE_CHUNK_MISSING')
+
+  const lateChunk = await handleTransferMessage(context, postStatus, requestJson, {
+    type: 'AGENT_PROFILE_TRANSFER_CHUNK',
+    captureId,
+    sessionId,
+    nonce,
+    profileTransferId: transferId,
+    chunkIndex: 0,
+    chunkCount: 2,
+    chunkByteLength: 4,
+    payloadBase64: 'e30='
+  })
+  assert.equal(lateChunk.ok, false)
+  assert.equal(lateChunk.error.code, 'PROFILE_CHUNK_MISSING')
+  assert.equal(postedProfile, false)
+  assert.equal(statuses.at(-1).error.code, 'PROFILE_CHUNK_MISSING')
+  assert.doesNotMatch(transferSource, /String\(error\)/)
+})
+
+test('profile transfer rejects invalid begin metadata before buffering chunks', async () => {
+  const { handleTransferMessage } = await loadTsModule('src/content/agent-bridge-transfer.ts')
+  const context = { bridgeOrigin: 'http://127.0.0.1:17370', sessionId, captureId, nonce }
+  const statuses = []
+  const postStatus = async (status, phase, error) => statuses.push({ status, phase, error })
+  let postedProfile = false
+  const requestJson = async () => {
+    postedProfile = true
+    return { ok: true }
+  }
+
+  const invalidHash = await handleTransferMessage(context, postStatus, requestJson, {
+    type: 'AGENT_PROFILE_TRANSFER_BEGIN',
+    captureId,
+    sessionId,
+    nonce,
+    profileTransferId: 'xfer_GGGGGGGGGGGGGGGGGGGGGG',
+    chunkCount: 1,
+    byteLength: 2,
+    sha256: 'not-a-sha256'
+  })
+  assert.equal(invalidHash.ok, false)
+  assert.equal(invalidHash.error.code, 'PROFILE_TRANSPORT_FAILED')
+
+  const emptyTransfer = await handleTransferMessage(context, postStatus, requestJson, {
+    type: 'AGENT_PROFILE_TRANSFER_BEGIN',
+    captureId,
+    sessionId,
+    nonce,
+    profileTransferId: 'xfer_FFFFFFFFFFFFFFFFFFFFFF',
+    chunkCount: 1,
+    byteLength: 0,
+    sha256: sha256Hex(Buffer.alloc(0))
+  })
+  assert.equal(emptyTransfer.ok, false)
+  assert.equal(emptyTransfer.error.code, 'PROFILE_TRANSPORT_FAILED')
+
+  const mismatchedChunkCount = await handleTransferMessage(context, postStatus, requestJson, {
+    type: 'AGENT_PROFILE_TRANSFER_BEGIN',
+    captureId,
+    sessionId,
+    nonce,
+    profileTransferId: 'xfer_HHHHHHHHHHHHHHHHHHHHHH',
+    chunkCount: 2,
+    byteLength: 2,
+    sha256: sha256Hex(Buffer.from('{}'))
+  })
+  assert.equal(mismatchedChunkCount.ok, false)
+  assert.equal(mismatchedChunkCount.error.code, 'PROFILE_TRANSPORT_FAILED')
+
+  const oversized = await handleTransferMessage(context, postStatus, requestJson, {
+    type: 'AGENT_PROFILE_TRANSFER_BEGIN',
+    captureId,
+    sessionId,
+    nonce,
+    profileTransferId: 'xfer_IIIIIIIIIIIIIIIIIIIIII',
+    chunkCount: 22,
+    byteLength: 8 * 1024 * 1024 + 1,
+    sha256: 'a'.repeat(64)
+  })
+  assert.equal(oversized.ok, false)
+  assert.equal(oversized.error.code, 'PROFILE_TRANSPORT_FAILED')
+  assert.equal(postedProfile, false)
+  assert.equal(
+    statuses.every(item => item.error.code === 'PROFILE_TRANSPORT_FAILED'),
+    true
+  )
+})
+
+test('profile transfer rejects duplicate chunks and invalid utf8 payloads', async () => {
+  const { handleTransferMessage } = await loadTsModule('src/content/agent-bridge-transfer.ts')
+  const context = { bridgeOrigin: 'http://127.0.0.1:17370', sessionId, captureId, nonce }
+  const statuses = []
+  const postStatus = async (status, phase, error) => statuses.push({ status, phase, error })
+  let postedProfile = false
+  const requestJson = async () => {
+    postedProfile = true
+    return { ok: true }
+  }
+
+  const duplicateTransferId = identifiers.profileTransferId.valid[0]
+  assert.equal(
+    (
+      await handleTransferMessage(context, postStatus, requestJson, {
+        type: 'AGENT_PROFILE_TRANSFER_BEGIN',
+        captureId,
+        sessionId,
+        nonce,
+        profileTransferId: duplicateTransferId,
+        chunkCount: 1,
+        byteLength: 2,
+        sha256: sha256Hex(Buffer.from('{}'))
+      })
+    ).ok,
+    true
+  )
+  assert.equal(
+    (
+      await handleTransferMessage(context, postStatus, requestJson, {
+        type: 'AGENT_PROFILE_TRANSFER_CHUNK',
+        captureId,
+        sessionId,
+        nonce,
+        profileTransferId: duplicateTransferId,
+        chunkIndex: 0,
+        chunkCount: 1,
+        chunkByteLength: 2,
+        payloadBase64: Buffer.from('{}').toString('base64')
+      })
+    ).ok,
+    true
+  )
+  const duplicate = await handleTransferMessage(context, postStatus, requestJson, {
+    type: 'AGENT_PROFILE_TRANSFER_CHUNK',
+    captureId,
+    sessionId,
+    nonce,
+    profileTransferId: duplicateTransferId,
+    chunkIndex: 0,
+    chunkCount: 1,
+    chunkByteLength: 2,
+    payloadBase64: Buffer.from('{}').toString('base64')
+  })
+  assert.equal(duplicate.ok, false)
+  assert.equal(duplicate.error.code, 'PROFILE_CHUNK_MISSING')
+
+  const emptyChunkTransferId = 'xfer_AAAAAAAAAAAAAAAAAAAAAA'
+  assert.equal(
+    (
+      await handleTransferMessage(context, postStatus, requestJson, {
+        type: 'AGENT_PROFILE_TRANSFER_BEGIN',
+        captureId,
+        sessionId,
+        nonce,
+        profileTransferId: emptyChunkTransferId,
+        chunkCount: 1,
+        byteLength: 1,
+        sha256: sha256Hex(Buffer.from([0]))
+      })
+    ).ok,
+    true
+  )
+  const emptyChunk = await handleTransferMessage(context, postStatus, requestJson, {
+    type: 'AGENT_PROFILE_TRANSFER_CHUNK',
+    captureId,
+    sessionId,
+    nonce,
+    profileTransferId: emptyChunkTransferId,
+    chunkIndex: 0,
+    chunkCount: 1,
+    chunkByteLength: 0,
+    payloadBase64: ''
+  })
+  assert.equal(emptyChunk.ok, false)
+  assert.equal(emptyChunk.error.code, 'PROFILE_TRANSPORT_FAILED')
+
+  const shortChunkTransferId = 'xfer_BBBBBBBBBBBBBBBBBBBBBB'
+  assert.equal(
+    (
+      await handleTransferMessage(context, postStatus, requestJson, {
+        type: 'AGENT_PROFILE_TRANSFER_BEGIN',
+        captureId,
+        sessionId,
+        nonce,
+        profileTransferId: shortChunkTransferId,
+        chunkCount: 1,
+        byteLength: 2,
+        sha256: sha256Hex(Buffer.from('{}'))
+      })
+    ).ok,
+    true
+  )
+  const shortChunk = await handleTransferMessage(context, postStatus, requestJson, {
+    type: 'AGENT_PROFILE_TRANSFER_CHUNK',
+    captureId,
+    sessionId,
+    nonce,
+    profileTransferId: shortChunkTransferId,
+    chunkIndex: 0,
+    chunkCount: 1,
+    chunkByteLength: 3,
+    payloadBase64: Buffer.from('{}').toString('base64')
+  })
+  assert.equal(shortChunk.ok, false)
+  assert.equal(shortChunk.error.code, 'PROFILE_TRANSPORT_FAILED')
+
+  const invalidUtf8TransferId = identifiers.profileTransferId.valid[1]
+  const invalidUtf8 = Buffer.from([0x7b, 0x22, 0x78, 0x22, 0x3a, 0x22, 0xff, 0x22, 0x7d])
+  assert.equal(
+    (
+      await handleTransferMessage(context, postStatus, requestJson, {
+        type: 'AGENT_PROFILE_TRANSFER_BEGIN',
+        captureId,
+        sessionId,
+        nonce,
+        profileTransferId: invalidUtf8TransferId,
+        chunkCount: 1,
+        byteLength: invalidUtf8.byteLength,
+        sha256: sha256Hex(invalidUtf8)
+      })
+    ).ok,
+    true
+  )
+  assert.equal(
+    (
+      await handleTransferMessage(context, postStatus, requestJson, {
+        type: 'AGENT_PROFILE_TRANSFER_CHUNK',
+        captureId,
+        sessionId,
+        nonce,
+        profileTransferId: invalidUtf8TransferId,
+        chunkIndex: 0,
+        chunkCount: 1,
+        chunkByteLength: invalidUtf8.byteLength,
+        payloadBase64: invalidUtf8.toString('base64')
+      })
+    ).ok,
+    true
+  )
+  const invalid = await handleTransferMessage(context, postStatus, requestJson, {
+    type: 'AGENT_PROFILE_TRANSFER_COMPLETE',
+    captureId,
+    sessionId,
+    nonce,
+    profileTransferId: invalidUtf8TransferId,
+    byteLength: invalidUtf8.byteLength,
+    sha256: sha256Hex(invalidUtf8)
+  })
+  assert.equal(invalid.ok, false)
+  assert.equal(invalid.error.code, 'PROFILE_TRANSPORT_FAILED')
+  assert.equal(postedProfile, false)
+  assert.equal(statuses.at(-1).error.code, 'PROFILE_TRANSPORT_FAILED')
+})
+
+test('profile transfer binds complete metadata to the begin hash', async () => {
+  const { handleTransferMessage } = await loadTsModule('src/content/agent-bridge-transfer.ts')
+  const context = { bridgeOrigin: 'http://127.0.0.1:17370', sessionId, captureId, nonce }
+  const statuses = []
+  const postStatus = async (status, phase, error) => statuses.push({ status, phase, error })
+  let postedProfile = false
+  const requestJson = async () => {
+    postedProfile = true
+    return { ok: true }
+  }
+  const transferId = identifiers.profileTransferId.valid[1]
+  const bytes = Buffer.from('{}')
+
+  assert.equal(
+    (
+      await handleTransferMessage(context, postStatus, requestJson, {
+        type: 'AGENT_PROFILE_TRANSFER_BEGIN',
+        captureId,
+        sessionId,
+        nonce,
+        profileTransferId: transferId,
+        chunkCount: 1,
+        byteLength: bytes.byteLength,
+        sha256: sha256Hex(Buffer.from('[]'))
+      })
+    ).ok,
+    true
+  )
+  assert.equal(
+    (
+      await handleTransferMessage(context, postStatus, requestJson, {
+        type: 'AGENT_PROFILE_TRANSFER_CHUNK',
+        captureId,
+        sessionId,
+        nonce,
+        profileTransferId: transferId,
+        chunkIndex: 0,
+        chunkCount: 1,
+        chunkByteLength: bytes.byteLength,
+        payloadBase64: bytes.toString('base64')
+      })
+    ).ok,
+    true
+  )
+
+  const complete = await handleTransferMessage(context, postStatus, requestJson, {
+    type: 'AGENT_PROFILE_TRANSFER_COMPLETE',
+    captureId,
+    sessionId,
+    nonce,
+    profileTransferId: transferId,
+    byteLength: bytes.byteLength,
+    sha256: sha256Hex(bytes)
+  })
+  assert.equal(complete.ok, false)
+  assert.equal(complete.error.code, 'PROFILE_HASH_MISMATCH')
+  assert.equal(statuses.at(-1).error.code, 'PROFILE_HASH_MISMATCH')
+  assert.equal(postedProfile, false)
+})
+
+test('profile transfer rejects invalid transfer ids and non-contiguous chunks', async () => {
+  const { handleTransferMessage } = await loadTsModule('src/content/agent-bridge-transfer.ts')
+  const context = { bridgeOrigin: 'http://127.0.0.1:17370', sessionId, captureId, nonce }
+  const statuses = []
+  const postStatus = async (status, phase, error) => statuses.push({ status, phase, error })
+  const requestJson = async () => ({ ok: true })
+
+  const invalidTransfer = await handleTransferMessage(context, postStatus, requestJson, {
+    type: 'AGENT_PROFILE_TRANSFER_BEGIN',
+    captureId,
+    sessionId,
+    nonce,
+    profileTransferId: 'xfer_bad',
+    chunkCount: 1,
+    byteLength: 2,
+    sha256: sha256Hex(Buffer.from('{}'))
+  })
+  assert.equal(invalidTransfer.ok, false)
+  assert.equal(invalidTransfer.error.code, 'PROFILE_TRANSPORT_FAILED')
+
+  const transferId = identifiers.profileTransferId.valid[0]
+  const multiChunkBytes = Buffer.alloc(profileChunkBytes + 2)
+  assert.equal(
+    (
+      await handleTransferMessage(context, postStatus, requestJson, {
+        type: 'AGENT_PROFILE_TRANSFER_BEGIN',
+        captureId,
+        sessionId,
+        nonce,
+        profileTransferId: transferId,
+        chunkCount: 2,
+        byteLength: multiChunkBytes.byteLength,
+        sha256: sha256Hex(multiChunkBytes)
+      })
+    ).ok,
+    true
+  )
+  const outOfOrder = await handleTransferMessage(context, postStatus, requestJson, {
+    type: 'AGENT_PROFILE_TRANSFER_CHUNK',
+    captureId,
+    sessionId,
+    nonce,
+    profileTransferId: transferId,
+    chunkIndex: 1,
+    chunkCount: 2,
+    chunkByteLength: 2,
+    payloadBase64: Buffer.from('{}').toString('base64')
+  })
+  assert.equal(outOfOrder.ok, false)
+  assert.equal(outOfOrder.error.code, 'PROFILE_CHUNK_MISSING')
+  assert.equal(statuses.at(-1).error.code, 'PROFILE_CHUNK_MISSING')
+})
+
+test('background hello rejects forged or mismatched bridge senders', async () => {
+  const { extractBridgeSenderSession, clearBridgeSession, registerBridgeSession } = await loadTsModule(
+    'src/background/agent-bridge-session.ts'
+  )
+  const env = makeSessionChrome()
+  globalThis.chrome = env.chrome
+  try {
+    const message = { captureId, sessionId, nonce }
+
+    assert.equal(extractBridgeSenderSession(message, sender()).ok, true)
+    assert.equal(extractBridgeSenderSession(message, sender('https://example.com/bridge')).error.code, 'INVALID_REQUEST')
+    assert.equal(extractBridgeSenderSession(message, senderWithoutTabId()).error.code, 'INVALID_REQUEST')
+    assert.equal(
+      extractBridgeSenderSession({ captureId, sessionId, nonce: identifiers.nonce.valid[1] }, sender()).error.code,
+      'INVALID_REQUEST'
+    )
+
+    await clearBridgeSession(7)
+    assert.equal((await registerBridgeSession(extractBridgeSenderSession(message, sender()).session)).ok, true)
+    assert.equal((await registerBridgeSession(extractBridgeSenderSession(message, sender()).session)).ok, true)
+    const mismatch = extractBridgeSenderSession(message, sender(bridgeUrl.replace('17370', '17371')))
+    assert.equal((await registerBridgeSession(mismatch.session)).error.code, 'INVALID_REQUEST')
+    await clearBridgeSession(7)
+  } finally {
+    delete globalThis.chrome
+  }
+})
+
+test('registered bridge messages must keep matching sender tab and URL', async () => {
+  const { clearBridgeSession, extractBridgeSenderSession, registerBridgeSession, validateAgentCaptureControlMessage } = await loadTsModule(
+    'src/background/agent-bridge-session.ts'
+  )
+  const env = makeSessionChrome()
+  globalThis.chrome = env.chrome
+  const message = { type: 'AGENT_CAPTURE_CONTROL', captureId, sessionId, nonce, command: 'cancel' }
+
+  await clearBridgeSession(7)
+  assert.equal((await validateAgentCaptureControlMessage(message, sender())).error.code, 'INVALID_REQUEST')
+  assert.equal((await registerBridgeSession(extractBridgeSenderSession(message, sender()).session)).ok, true)
+  assert.equal((await validateAgentCaptureControlMessage(message, sender())).ok, true)
+  assert.equal(
+    (await validateAgentCaptureControlMessage(message, sender(bridgeUrl.replace('17370', '17371')))).error.code,
+    'INVALID_REQUEST'
+  )
+  await clearBridgeSession(7)
+  delete globalThis.chrome
+})
+
+test('registered bridge session survives module reload through chrome storage session', async () => {
+  const env = makeSessionChrome()
+  globalThis.chrome = env.chrome
+  const first = await loadTsModule('src/background/agent-bridge-session.ts')
+  await first.clearBridgeSession(7)
+  assert.equal(
+    (await first.registerBridgeSession(first.extractBridgeSenderSession({ captureId, sessionId, nonce }, sender()).session)).ok,
+    true
+  )
+
+  const { resetLoadTsModuleCaches, loadTsModule: freshLoadTsModule } = await import('./helpers/load-ts-module.mjs')
+  resetLoadTsModuleCaches()
+  const second = await freshLoadTsModule('src/background/agent-bridge-session.ts')
+  const message = { type: 'AGENT_CAPTURE_CONTROL', captureId, sessionId, nonce, command: 'cancel' }
+  assert.equal((await second.validateAgentCaptureControlMessage(message, sender())).ok, true)
+  await second.clearBridgeSession(7)
+  assert.equal(env.sessionStorage['agent-bridge-session:7'], undefined)
+  delete globalThis.chrome
+})
+
+test('bridge session registration rejects concurrent mismatched sessions for the same tab', async () => {
+  const env = makeSessionChrome()
+  let releaseGet
+  const firstGet = new Promise(resolve => {
+    releaseGet = resolve
+  })
+  let getCount = 0
+  env.chrome.storage.session.get = async key => {
+    getCount += 1
+    if (getCount <= 2) await firstGet
+    if (Array.isArray(key)) return Object.fromEntries(key.map(item => [item, env.sessionStorage[item]]))
+    return { [key]: env.sessionStorage[key] }
+  }
+  globalThis.chrome = env.chrome
+  const { clearBridgeSession, registerBridgeSession } = await loadTsModule('src/background/agent-bridge-session.ts')
+  await clearBridgeSession(7)
+
+  const first = {
+    tabId: 7,
+    windowId: 3,
+    bridgeOrigin: 'http://127.0.0.1:17370',
+    sessionId,
+    captureId,
+    nonce
+  }
+  const second = { ...first, nonce: identifiers.nonce.valid[1] }
+  const registrations = Promise.all([registerBridgeSession(first), registerBridgeSession(second)])
+  releaseGet()
+  const results = await registrations
+
+  assert.equal(results.filter(result => result.ok).length, 1)
+  assert.equal(results.filter(result => !result.ok && result.error.code === 'INVALID_REQUEST').length, 1)
+  assert.equal(env.sessionStorage['agent-bridge-session:7'].nonce, nonce)
+  await clearBridgeSession(7)
+  delete globalThis.chrome
+})
+
+test('background hello reads only local agent bridge opt-in', async () => {
+  const mod = await loadTsModule('src/background/agent-bridge-session.ts')
+  const env = makeSessionChrome({ enabled: false })
+  globalThis.chrome = env.chrome
+
+  assert.equal(await mod.loadAgentBridgeEnabled(), false)
+  const disabled = await mod.handleAgentBridgeHello(
+    { type: 'AGENT_BRIDGE_HELLO', captureId, sessionId, nonce, protocolVersion: 1 },
+    sender()
+  )
+  assert.equal(disabled.error.code, 'AGENT_BRIDGE_DISABLED')
+
+  globalThis.chrome.storage.local.get = async () => {
+    throw new Error('local storage unavailable')
+  }
+  assert.equal(await mod.loadAgentBridgeEnabled(), false)
+  const storageFailure = await mod.handleAgentBridgeHello(
+    { type: 'AGENT_BRIDGE_HELLO', captureId, sessionId, nonce, protocolVersion: 1 },
+    sender()
+  )
+  assert.equal(storageFailure.error.code, 'AGENT_BRIDGE_DISABLED')
+
+  globalThis.chrome.storage.local.get = async () => ({ stackPrismSettings: { agentBridgeEnabled: true } })
+  const enabled = await mod.handleAgentBridgeHello(
+    { type: 'AGENT_BRIDGE_HELLO', captureId, sessionId, nonce, protocolVersion: 1 },
+    sender()
+  )
+  assert.equal(enabled.ok, true)
+  assert.equal(enabled.data.protocolVersion, 1)
+  assert.equal(enabled.data.capabilities.profileChunkTransport, true)
+  await mod.clearBridgeSession(7)
+  delete globalThis.chrome
+})
+
+test('background hello fails closed when chrome storage session is unavailable', async () => {
+  const mod = await loadTsModule('src/background/agent-bridge-session.ts')
+  const env = makeSessionChrome()
+  delete env.chrome.storage.session
+  globalThis.chrome = env.chrome
+
+  const response = await mod.handleAgentBridgeHello(
+    { type: 'AGENT_BRIDGE_HELLO', captureId, sessionId, nonce, protocolVersion: 1 },
+    sender()
+  )
+
+  assert.equal(response.ok, false)
+  assert.equal(response.error.code, 'NOT_SUPPORTED')
+  assert.equal(response.error.details.missingCapability, 'storageSession')
+  delete globalThis.chrome
+})
+
+test('agent bridge pages are excluded from ordinary detection paths', async () => {
+  const { isAgentBridgePageUrl, isDetectablePageUrl, checkPageSupport } = await loadTsModule('src/utils/page-support.ts')
+  const observerSource = await readFile(new URL('../src/content/content-observer.ts', import.meta.url), 'utf8')
+  const routerSource = await readFile(new URL('../src/background/message-router.ts', import.meta.url), 'utf8')
+
+  assert.equal(isAgentBridgePageUrl(bridgeUrl), true)
+  assert.equal(isDetectablePageUrl(bridgeUrl), false)
+  assert.equal(checkPageSupport(bridgeUrl).supported, false)
+  assert.equal(isAgentBridgePageUrl('http://127.0.0.1:17370/bridge'), false)
+  assert.equal(isDetectablePageUrl('http://127.0.0.1:17370/bridge'), true)
+  assert.equal(checkPageSupport('http://127.0.0.1:17370/bridge').supported, true)
+  assert.match(observerSource, /location\.hostname !== '127\.0\.0\.1'/)
+  assert.match(observerSource, /location\.pathname !== '\/bridge'/)
+  assert.match(observerSource, /session: \/\^s_\[A-Za-z0-9_-\]\{22\}\$\//)
+  assert.match(routerSource, /const rejectPopupTargetTab = async/)
+  assert.match(routerSource, /isAgentBridgeTab\(sender\.tab\)/)
+  assert.match(routerSource, /tab\?\.incognito/)
+  assert.match(routerSource, /checkPageSupport\(tab\.url\)/)
+})
+
+test('bridge client registers profile transfer port only after hello succeeds', async () => {
+  const source = await readFile(new URL('../src/content/agent-bridge-client.ts', import.meta.url), 'utf8')
+  const helloIndex = source.indexOf("type: 'AGENT_BRIDGE_HELLO'")
+  const capabilityIndex = source.indexOf('if (!hasRequiredCapabilities')
+  const transferIndex = source.indexOf('registerProfileTransferListener(context')
+  const startIndex = source.indexOf("type: 'START_AGENT_CAPTURE'")
+
+  assert.ok(helloIndex >= 0)
+  assert.ok(capabilityIndex > helloIndex)
+  assert.ok(transferIndex > capabilityIndex)
+  assert.ok(startIndex > transferIndex)
+  assert.doesNotMatch(source, /console\.error\([^)]*,\s*error\)/)
+  assert.match(source, /errorCode: errorFromUnknown/)
+})
+
+test('bridge client surfaces sendMessage lastError as extension not connected during hello', async () => {
+  const originalWindow = globalThis.window
+  const originalDocument = globalThis.document
+  const originalChrome = globalThis.chrome
+  const originalLocation = globalThis.location
+  const originalFetch = globalThis.fetch
+  const { resetLoadTsModuleCaches, loadTsModule: freshLoadTsModule } = await import('./helpers/load-ts-module.mjs')
+  resetLoadTsModuleCaches()
+
+  const statusPosts = []
+  const runtimeMessages = []
+  const lastError = { message: 'Could not establish connection. Receiving end does not exist.' }
+  globalThis.location = new URL(bridgeUrl)
+  globalThis.window = {
+    addEventListener: () => {},
+    setInterval: () => {
+      throw new Error('control polling must not start when hello sendMessage fails')
+    },
+    clearInterval: () => {}
+  }
+  globalThis.document = {
+    querySelector: selector => {
+      if (selector === 'meta[name="stackprism-agent-bridge"][content="1"]') return {}
+      if (selector === '#stackprism-agent-bridge-config[type="application/json"]') {
+        return { textContent: JSON.stringify({ captureId, sessionId, nonce, bridgeToken, protocolVersion: 1 }) }
+      }
+      return null
+    },
+    documentElement: { dataset: {} }
+  }
+  globalThis.fetch = async (url, init = {}) => {
+    const requestUrl = String(url)
+    if (requestUrl === `http://127.0.0.1:17370/v1/captures/${captureId}/request`) {
+      return {
+        ok: true,
+        status: 200,
+        json: async () => ({ captureId, sessionId, nonce, protocolVersion: 1, request: makeCaptureRequest() })
+      }
+    }
+    if (requestUrl === `http://127.0.0.1:17370/v1/captures/${captureId}/status`) {
+      statusPosts.push(JSON.parse(String(init.body || '{}')))
+      return {
+        ok: true,
+        status: 200,
+        json: async () => ({ ok: true })
+      }
+    }
+    throw new Error(`Unexpected bridge HTTP request: ${requestUrl}`)
+  }
+  globalThis.chrome = {
+    runtime: {
+      onMessage: { addListener: () => {} },
+      sendMessage: (message, callback) => {
+        runtimeMessages.push(message)
+        if (message.type === 'AGENT_BRIDGE_HELLO') {
+          globalThis.chrome.runtime.lastError = lastError
+          callback?.(undefined)
+          delete globalThis.chrome.runtime.lastError
+          return
+        }
+        throw new Error('startAgentCapture must not run when hello transport fails')
+      },
+      connect: () => {
+        throw new Error('profile transfer port must not open when hello transport fails')
+      }
+    }
+  }
+
+  try {
+    await freshLoadTsModule('src/content/agent-bridge-client.ts')
+    await waitForCondition(() => statusPosts.length === 2, 'hello transport failure status')
+
+    assert.deepEqual(runtimeMessages.map(message => message.type), ['AGENT_BRIDGE_HELLO'])
+    assert.equal(statusPosts[0].status, 'waiting_extension')
+    assert.equal(statusPosts[1].status, 'failed')
+    assert.equal(statusPosts[1].phase, 'request_loaded')
+    assert.equal(statusPosts[1].error.code, 'EXTENSION_NOT_CONNECTED')
+  } finally {
+    if (originalWindow === undefined) delete globalThis.window
+    else globalThis.window = originalWindow
+    if (originalDocument === undefined) delete globalThis.document
+    else globalThis.document = originalDocument
+    if (originalChrome === undefined) delete globalThis.chrome
+    else globalThis.chrome = originalChrome
+    if (originalLocation === undefined) delete globalThis.location
+    else globalThis.location = originalLocation
+    if (originalFetch === undefined) delete globalThis.fetch
+    else globalThis.fetch = originalFetch
+    resetLoadTsModuleCaches()
+  }
+})
+
+test('bridge client surfaces sendMessage lastError as bridge transport disconnected during start', async () => {
+  const originalWindow = globalThis.window
+  const originalDocument = globalThis.document
+  const originalChrome = globalThis.chrome
+  const originalLocation = globalThis.location
+  const originalFetch = globalThis.fetch
+  const { resetLoadTsModuleCaches, loadTsModule: freshLoadTsModule } = await import('./helpers/load-ts-module.mjs')
+  resetLoadTsModuleCaches()
+
+  const statusPosts = []
+  const runtimeMessages = []
+  const lastError = { message: 'Could not establish connection. Receiving end does not exist.' }
+  globalThis.location = new URL(bridgeUrl)
+  globalThis.window = {
+    addEventListener: () => {},
+    setInterval: () => {
+      throw new Error('control polling must not start when start sendMessage fails')
+    },
+    clearInterval: () => {}
+  }
+  globalThis.document = {
+    querySelector: selector => {
+      if (selector === 'meta[name="stackprism-agent-bridge"][content="1"]') return {}
+      if (selector === '#stackprism-agent-bridge-config[type="application/json"]') {
+        return { textContent: JSON.stringify({ captureId, sessionId, nonce, bridgeToken, protocolVersion: 1 }) }
+      }
+      return null
+    },
+    documentElement: { dataset: {} }
+  }
+  globalThis.fetch = async (url, init = {}) => {
+    const requestUrl = String(url)
+    if (requestUrl === `http://127.0.0.1:17370/v1/captures/${captureId}/request`) {
+      return {
+        ok: true,
+        status: 200,
+        json: async () => ({ captureId, sessionId, nonce, protocolVersion: 1, request: makeCaptureRequest() })
+      }
+    }
+    if (requestUrl === `http://127.0.0.1:17370/v1/captures/${captureId}/status`) {
+      statusPosts.push(JSON.parse(String(init.body || '{}')))
+      return {
+        ok: true,
+        status: 200,
+        json: async () => ({ ok: true })
+      }
+    }
+    throw new Error(`Unexpected bridge HTTP request: ${requestUrl}`)
+  }
+  globalThis.chrome = {
+    runtime: {
+      onMessage: { addListener: () => {} },
+      sendMessage: (message, callback) => {
+        runtimeMessages.push(message)
+        if (message.type === 'AGENT_BRIDGE_HELLO') {
+          callback?.({
+            ok: true,
+            data: {
+              extensionVersion: '1.3.71',
+              protocolVersion: 1,
+              capabilities: {
+                agentBridge: true,
+                siteExperienceProfileV1: true,
+                profileChunkTransport: true,
+                bridgeContentPost: true,
+                storageSession: true,
+                experienceProfiler: true,
+                rawProfile: true,
+                viewportMetadata: true,
+                visualScreenshot: true
+              }
+            }
+          })
+          return
+        }
+        if (message.type === 'START_AGENT_CAPTURE') {
+          globalThis.chrome.runtime.lastError = lastError
+          callback?.(undefined)
+          delete globalThis.chrome.runtime.lastError
+          return
+        }
+        throw new Error(`Unexpected runtime message: ${message.type}`)
+      },
+      connect: () => ({
+        postMessage: () => {},
+        onMessage: { addListener: () => {} },
+        onDisconnect: { addListener: () => {} }
+      })
+    }
+  }
+
+  try {
+    await freshLoadTsModule('src/content/agent-bridge-client.ts')
+    await waitForCondition(() => statusPosts.length === 3, 'start transport failure status')
+
+    assert.deepEqual(runtimeMessages.map(message => message.type), ['AGENT_BRIDGE_HELLO', 'START_AGENT_CAPTURE'])
+    assert.equal(statusPosts[0].status, 'waiting_extension')
+    assert.equal(statusPosts[1].status, 'running')
+    assert.equal(statusPosts[1].phase, 'target_opening')
+    assert.equal(statusPosts[2].status, 'failed')
+    assert.equal(statusPosts[2].phase, 'target_opening')
+    assert.equal(statusPosts[2].error.code, 'BRIDGE_TRANSPORT_DISCONNECTED')
+  } finally {
+    if (originalWindow === undefined) delete globalThis.window
+    else globalThis.window = originalWindow
+    if (originalDocument === undefined) delete globalThis.document
+    else globalThis.document = originalDocument
+    if (originalChrome === undefined) delete globalThis.chrome
+    else globalThis.chrome = originalChrome
+    if (originalLocation === undefined) delete globalThis.location
+    else globalThis.location = originalLocation
+    if (originalFetch === undefined) delete globalThis.fetch
+    else globalThis.fetch = originalFetch
+    resetLoadTsModuleCaches()
+  }
+})
diff --git a/tests/agent-bridge-manifest.test.mjs b/tests/agent-bridge-manifest.test.mjs
new file mode 100644
index 00000000..e5eff973
--- /dev/null
+++ b/tests/agent-bridge-manifest.test.mjs
@@ -0,0 +1,140 @@
+import assert from 'node:assert/strict'
+import { readFile } from 'node:fs/promises'
+import { test } from 'node:test'
+
+const manifestSource = await readFile(new URL('../src/manifest.config.ts', import.meta.url), 'utf8')
+
+const EXTENSION_PERMISSIONS = ['activeTab', 'scripting', 'tabs', 'storage', 'webRequest', 'webNavigation']
+const HOST_PERMISSIONS = ['<all_urls>', 'http://*/*', 'https://*/*', 'http://127.0.0.1/*']
+const OBSERVER_MATCHES = ['http://*/*', 'https://*/*']
+const OBSERVER_SCRIPT = ['src/content/content-observer.ts']
+const BRIDGE_MATCHES = ['http://127.0.0.1/*']
+const BRIDGE_SCRIPT = ['src/content/agent-bridge-client.ts']
+const WEB_ACCESSIBLE_RESOURCES = ['rules/*', 'tech-links.json', 'injected/page-detector.iife.js', 'injected/page-source-search.iife.js']
+
+const findMatchingPair = (source, openIndex, openChar, closeChar) => {
+  let depth = 0
+  let quote = ''
+  let escaped = false
+
+  for (let index = openIndex; index < source.length; index += 1) {
+    const char = source[index]
+
+    if (quote) {
+      if (escaped) {
+        escaped = false
+      } else if (char === '\\') {
+        escaped = true
+      } else if (char === quote) {
+        quote = ''
+      }
+      continue
+    }
+
+    if (char === "'" || char === '"' || char === '`') {
+      quote = char
+    } else if (char === openChar) {
+      depth += 1
+    } else if (char === closeChar) {
+      depth -= 1
+      if (depth === 0) {
+        return index
+      }
+    }
+  }
+
+  assert.fail(`expected matching ${closeChar}`)
+}
+
+const extractPropertyBlock = (source, name, openChar, closeChar) => {
+  const propertyIndex = source.indexOf(`${name}:`)
+  assert.ok(propertyIndex >= 0, `expected ${name} property in manifest config`)
+
+  const openIndex = source.indexOf(openChar, propertyIndex)
+  assert.ok(openIndex >= 0, `expected ${name} ${openChar} block in manifest config`)
+
+  const closeIndex = findMatchingPair(source, openIndex, openChar, closeChar)
+  return source.slice(openIndex, closeIndex + 1)
+}
+
+const extractStringArray = (source, name) => {
+  const arrayBlock = extractPropertyBlock(source, name, '[', ']')
+  return [...arrayBlock.matchAll(/'([^']+)'/g)].map(item => item[1])
+}
+
+const extractStringProperty = (source, name) => {
+  const match = source.match(new RegExp(`${name}:\\s*'([^']+)'`))
+  assert.ok(match, `expected ${name} string in manifest config`)
+  return match[1]
+}
+
+const extractObjectContaining = needle => {
+  const needleIndex = manifestSource.indexOf(needle)
+  assert.ok(needleIndex >= 0, `expected manifest config to contain ${needle}`)
+
+  const openIndex = manifestSource.lastIndexOf('{', needleIndex)
+  assert.ok(openIndex >= 0, `expected object containing ${needle}`)
+
+  const closeIndex = findMatchingPair(manifestSource, openIndex, '{', '}')
+  return {
+    block: manifestSource.slice(openIndex, closeIndex + 1),
+    index: openIndex
+  }
+}
+
+const extractObjectBlocks = arrayBlock => {
+  const blocks = []
+
+  for (let index = 0; index < arrayBlock.length; index += 1) {
+    if (arrayBlock[index] !== '{') {
+      continue
+    }
+
+    const closeIndex = findMatchingPair(arrayBlock, index, '{', '}')
+    blocks.push(arrayBlock.slice(index, closeIndex + 1))
+    index = closeIndex
+  }
+
+  return blocks
+}
+
+test('manifest pins extension permissions and content script boundaries', () => {
+  const observer = extractObjectContaining("js: ['src/content/content-observer.ts']")
+  const bridge = extractObjectContaining("js: ['src/content/agent-bridge-client.ts']")
+  const permissions = extractStringArray(manifestSource, 'permissions')
+  const hostPermissions = extractStringArray(manifestSource, 'host_permissions')
+
+  assert.deepEqual(permissions, EXTENSION_PERMISSIONS)
+  assert.deepEqual(hostPermissions, HOST_PERMISSIONS)
+  assert.ok(bridge.index > observer.index)
+
+  assert.deepEqual(extractStringArray(observer.block, 'matches'), OBSERVER_MATCHES)
+  assert.deepEqual(extractStringArray(observer.block, 'js'), OBSERVER_SCRIPT)
+  assert.equal(extractStringProperty(observer.block, 'run_at'), 'document_idle')
+
+  assert.deepEqual(extractStringArray(bridge.block, 'matches'), BRIDGE_MATCHES)
+  assert.deepEqual(extractStringArray(bridge.block, 'js'), BRIDGE_SCRIPT)
+  assert.equal(extractStringProperty(bridge.block, 'run_at'), 'document_idle')
+  assert.equal(extractStringArray(bridge.block, 'matches').includes('http://localhost/*'), false)
+
+  assert.doesNotMatch(manifestSource, /externally_connectable/)
+})
+
+test('manifest keeps web accessible resources free of agent-only files', () => {
+  const webAccessibleArray = extractPropertyBlock(manifestSource, 'web_accessible_resources', '[', ']')
+  const webAccessibleBlocks = extractObjectBlocks(webAccessibleArray)
+
+  assert.equal(webAccessibleBlocks.length, 1)
+  assert.deepEqual(extractStringArray(webAccessibleBlocks[0], 'resources'), WEB_ACCESSIBLE_RESOURCES)
+  assert.deepEqual(extractStringArray(webAccessibleBlocks[0], 'matches'), OBSERVER_MATCHES)
+
+  const resources = extractStringArray(webAccessibleBlocks[0], 'resources').join('\n')
+  assert.doesNotMatch(manifestSource, /injected\/experience-profiler\.iife\.js/)
+  assert.doesNotMatch(resources, /agent-bridge-client/)
+  assert.doesNotMatch(resources, /experience-profiler/)
+  assert.doesNotMatch(resources, /agent-skill/)
+  assert.doesNotMatch(resources, /stackprism-bridge/)
+  assert.doesNotMatch(resources, /stackprism_bridge/)
+  assert.doesNotMatch(resources, /\.py$/)
+  assert.doesNotMatch(resources, /tests?\//)
+})
diff --git a/tests/agent-capture-orchestration.test.mjs b/tests/agent-capture-orchestration.test.mjs
new file mode 100644
index 00000000..4f8c97a0
--- /dev/null
+++ b/tests/agent-capture-orchestration.test.mjs
@@ -0,0 +1,5973 @@
+import assert from 'node:assert/strict'
+import { test } from 'node:test'
+import { loadTsModule, resetLoadTsModuleCaches } from './helpers/load-ts-module.mjs'
+import identifiers from './fixtures/bridge-protocol-identifiers.json' with { type: 'json' }
+
+const captureId = identifiers.captureId.valid[0]
+const secondCaptureId = identifiers.captureId.valid[1]
+const sessionId = identifiers.sessionId.valid[0]
+const nonce = identifiers.nonce.valid[0]
+const originalFetch = globalThis.fetch
+
+const baseRequest = {
+  url: 'https://example.com/app?view=one#frag',
+  mode: 'experience',
+  waitMs: 0,
+  include: ['tech', 'visual', 'layout', 'components', 'interaction', 'ux', 'assets'],
+  viewports: [{ name: 'desktop', width: 1440, height: 900, deviceScaleFactor: 1 }],
+  options: {
+    forceRefresh: true,
+    captureScreenshotMetadata: false,
+    keepTabOpen: false,
+    allowPrivateNetworkTarget: false,
+    targetMode: 'reuse_or_new_tab',
+    maxResourceUrls: 300
+  },
+  protocolVersion: 1
+}
+
+const fullCapabilities = {
+  agentBridge: true,
+  siteExperienceProfileV1: true,
+  profileChunkTransport: true,
+  bridgeContentPost: true,
+  storageSession: true,
+  experienceProfiler: true,
+  rawProfile: true,
+  viewportMetadata: true,
+  visualScreenshot: true
+}
+
+test('script file load classifier ignores runtime not found errors', async () => {
+  resetLoadTsModuleCaches()
+  const { isScriptFileLoadError } = await loadTsModule('src/background/script-injection-errors.ts')
+
+  assert.equal(isScriptFileLoadError('Unable to load script: injected/page-detector.iife.js'), true)
+  assert.equal(isScriptFileLoadError('Error: file not found: injected/page-detector.iife.js'), true)
+  assert.equal(isScriptFileLoadError("NotFoundError: Failed to execute 'removeChild' on 'Node': node was not found."), false)
+  assert.equal(isScriptFileLoadError(new Error('ReferenceError: detector registry not found')), false)
+
+  resetLoadTsModuleCaches()
+})
+
+const makeChrome = () => {
+  const storage = {}
+  const messages = []
+  const removedTabs = []
+  const ports = []
+  const tabEvents = {
+    onActivated: [],
+    onUpdated: [],
+    onRemoved: []
+  }
+  const storageEvents = {
+    onChanged: []
+  }
+  const permissionsEvents = {
+    onRemoved: []
+  }
+  const webRequestEvents = {
+    onHeadersReceived: [],
+    onResponseStarted: []
+  }
+  const webNavigationEvents = {
+    onCommitted: [],
+    onErrorOccurred: []
+  }
+  const runtimeEvents = {
+    onInstalled: [],
+    onStartup: []
+  }
+  const executedScripts = []
+  const tabs = [
+    { id: 1, windowId: 1, url: `http://127.0.0.1:17370/bridge?session=${sessionId}&capture=${captureId}&nonce=${nonce}`, incognito: false },
+    { id: 2, windowId: 1, url: 'https://example.com/app?view=one', title: 'Target', incognito: false, status: 'complete' }
+  ]
+  return {
+    storage,
+    messages,
+    removedTabs,
+    ports,
+    tabs,
+    executedScripts,
+    tabEvents,
+    storageEvents,
+    permissionsEvents,
+    webRequestEvents,
+    webNavigationEvents,
+    runtimeEvents,
+    chrome: {
+      storage: {
+        session: {
+          get: async key => {
+            if (Array.isArray(key)) return Object.fromEntries(key.map(item => [item, storage[item]]))
+            return { [key]: storage[key] }
+          },
+          set: async value => Object.assign(storage, value),
+          remove: async keys => {
+            for (const key of Array.isArray(keys) ? keys : [keys]) delete storage[key]
+          }
+        },
+        local: { get: async () => ({ stackPrismSettings: { agentBridgeEnabled: true } }) },
+        sync: { get: async () => ({}) },
+        onChanged: {
+          addListener: listener => storageEvents.onChanged.push(listener)
+        }
+      },
+      permissions: {
+        onRemoved: {
+          addListener: listener => permissionsEvents.onRemoved.push(listener)
+        }
+      },
+      tabs: {
+        query: async () => tabs,
+        get: async id => {
+          const tab = tabs.find(item => item.id === id)
+          if (!tab) throw new Error('TAB_NOT_FOUND')
+          return tab
+        },
+        update: async (id, update) => {
+          const tab = tabs.find(item => item.id === id)
+          if (!tab) throw new Error('TAB_NOT_FOUND')
+          if (update.active === true) {
+            for (const item of tabs) {
+              if (item.windowId === tab.windowId) item.active = item.id === id
+            }
+          } else if (update.active !== undefined) {
+            tab.active = update.active
+          }
+          if (update.url !== undefined) tab.url = update.url
+          return tab
+        },
+        create: async create => {
+          const tab = { id: 3, windowId: 1, url: create.url, incognito: false, status: 'complete' }
+          tabs.push(tab)
+          return tab
+        },
+        reload: async tabId => {
+          const tab = tabs.find(item => item.id === tabId)
+          if (!tab) throw new Error('TAB_NOT_FOUND')
+          queueMicrotask(() => {
+            for (const listener of webRequestEvents.onResponseStarted) {
+              listener({
+                tabId,
+                requestId: `reload-${tabId}`,
+                url: tab.url,
+                type: 'main_frame',
+                method: 'GET',
+                statusCode: 200,
+                statusLine: 'HTTP/1.1 200 OK',
+                fromCache: false,
+                ip: '93.184.216.34'
+              })
+            }
+            tab.status = 'loading'
+            for (const listener of tabEvents.onUpdated) {
+              listener(tabId, { status: 'loading', url: tab.url }, tab)
+            }
+            tab.status = 'complete'
+            for (const listener of tabEvents.onUpdated) {
+              listener(tabId, { status: 'complete', url: tab.url }, tab)
+            }
+          })
+        },
+        remove: async id => {
+          const index = tabs.findIndex(tab => tab.id === id)
+          if (index < 0) throw new Error('TAB_NOT_FOUND')
+          removedTabs.push(id)
+          tabs.splice(index, 1)
+        },
+        sendMessage: async (_tabId, message) => {
+          messages.push(message)
+          return { ok: true }
+        },
+        onActivated: {
+          addListener: listener => tabEvents.onActivated.push(listener)
+        },
+        onUpdated: {
+          addListener: listener => tabEvents.onUpdated.push(listener),
+          removeListener: listener => {
+            const index = tabEvents.onUpdated.indexOf(listener)
+            if (index >= 0) tabEvents.onUpdated.splice(index, 1)
+          }
+        },
+        onRemoved: {
+          addListener: listener => tabEvents.onRemoved.push(listener),
+          removeListener: listener => {
+            const index = tabEvents.onRemoved.indexOf(listener)
+            if (index >= 0) tabEvents.onRemoved.splice(index, 1)
+          }
+        }
+      },
+      scripting: {
+        executeScript: async details => {
+          executedScripts.push(details)
+          return [{ result: { visual: {}, layout: {}, components: {}, interaction: {}, ux: {}, assets: {}, evidence: {} } }]
+        }
+      },
+      action: {
+        setBadgeText: () => Promise.resolve(),
+        setTitle: () => Promise.resolve(),
+        setBadgeBackgroundColor: () => Promise.resolve()
+      },
+      runtime: {
+        getManifest: () => ({
+          version: '1.3.71',
+          content_scripts: [
+            { js: ['assets/content-observer.ts-unit.js'], matches: ['http://*/*', 'https://*/*'] },
+            { js: ['assets/agent-bridge-client.ts-unit.js'], matches: ['http://127.0.0.1/*'] }
+          ]
+        }),
+        getURL: path => `chrome-extension://stackprism/${path}`,
+        onConnect: {
+          addListener: listener => {
+            ports.push({ listener })
+          }
+        },
+        onMessage: {
+          addListener: () => {}
+        },
+        onInstalled: {
+          addListener: listener => runtimeEvents.onInstalled.push(listener)
+        },
+        onStartup: {
+          addListener: listener => runtimeEvents.onStartup.push(listener)
+        }
+      },
+      webNavigation: {
+        onCommitted: {
+          addListener: listener => webNavigationEvents.onCommitted.push(listener)
+        },
+        onErrorOccurred: {
+          addListener: listener => webNavigationEvents.onErrorOccurred.push(listener)
+        }
+      },
+      webRequest: {
+        onHeadersReceived: {
+          addListener: listener => webRequestEvents.onHeadersReceived.push(listener)
+        },
+        onResponseStarted: {
+          addListener: listener => webRequestEvents.onResponseStarted.push(listener)
+        }
+      }
+    }
+  }
+}
+
+const makeProfileTransferPort = (env, options = {}) => {
+  const backgroundListeners = []
+  const disconnectListeners = []
+  let disconnected = false
+  const port = {
+    name: 'stackprism-agent-profile-transfer',
+    sender: {
+      url: `http://127.0.0.1:17370/bridge?session=${sessionId}&capture=${captureId}&nonce=${nonce}`,
+      tab: { id: 1, windowId: 1 }
+    },
+    onMessage: {
+      addListener: listener => backgroundListeners.push(listener)
+    },
+    onDisconnect: {
+      addListener: listener => disconnectListeners.push(listener)
+    },
+    postMessage: message => {
+      env.messages.push(message)
+      if (options.disconnectOnMessageType === message.type && !disconnected) {
+        disconnected = true
+        queueMicrotask(() => disconnectListeners.forEach(listener => listener()))
+        return
+      }
+      if (options.autoAck === false) return
+      if (!message.type?.startsWith('AGENT_PROFILE_TRANSFER_') || message.type === 'AGENT_PROFILE_TRANSFER_ACK') return
+      const ack = {
+        type: 'AGENT_PROFILE_TRANSFER_ACK',
+        captureId: message.captureId,
+        sessionId: message.sessionId,
+        nonce: message.nonce,
+        profileTransferId: message.profileTransferId,
+        chunkIndex: message.chunkIndex,
+        ok: true
+      }
+      if (options.syncAck) {
+        backgroundListeners.forEach(listener => listener(ack))
+      } else {
+        queueMicrotask(() => backgroundListeners.forEach(listener => listener(ack)))
+      }
+    },
+    disconnect: () => {
+      if (disconnected) return
+      disconnected = true
+      disconnectListeners.forEach(listener => listener())
+    }
+  }
+  return {
+    port,
+    emit: message => backgroundListeners.forEach(listener => listener(message)),
+    disconnect: port.disconnect
+  }
+}
+
+const connectProfileTransferPort = async (env, registerAgentProfileTransferPort, options = {}) => {
+  const connection = makeProfileTransferPort(env, options)
+  registerAgentProfileTransferPort(connection.port)
+  connection.emit({
+    type: 'AGENT_PROFILE_TRANSFER_PORT_HELLO',
+    captureId,
+    sessionId,
+    nonce,
+    protocolVersion: 1
+  })
+  await new Promise(resolve => setTimeout(resolve, 0))
+  return connection
+}
+
+test('unit chrome tab mock removes tabs and rejects missing tab reads', async () => {
+  const env = makeChrome()
+
+  await env.chrome.tabs.remove(2)
+
+  assert.equal(env.removedTabs.includes(2), true)
+  assert.equal(env.tabs.some(tab => tab.id === 2), false)
+  await assert.rejects(env.chrome.tabs.get(2), /TAB_NOT_FOUND/)
+})
+
+test('cleanupTarget preserves reused tabs and still cleans capture-owned tabs', async () => {
+  resetLoadTsModuleCaches()
+  const env = makeChrome()
+  globalThis.chrome = env.chrome
+  const [{ cleanupTarget }, { storageKey, popupStorageKey }] = await Promise.all([
+    loadTsModule('src/background/agent-capture-target.ts'),
+    loadTsModule('src/background/tab-store.ts')
+  ])
+
+  env.storage[storageKey(2)] = { cached: true }
+  env.storage[popupStorageKey(2)] = { cached: true }
+  await cleanupTarget({ targetTabId: 2, createdByCapture: false, keepTabOpen: false })
+  assert.equal(env.removedTabs.includes(2), false)
+  assert.deepEqual(env.storage[storageKey(2)], { cached: true })
+  assert.deepEqual(env.storage[popupStorageKey(2)], { cached: true })
+
+  env.tabs.push({ id: 3, windowId: 1, url: 'https://example.com/three', incognito: false, status: 'complete' })
+  env.storage[storageKey(3)] = { cached: true }
+  env.storage[popupStorageKey(3)] = { cached: true }
+  await cleanupTarget({ targetTabId: 3, createdByCapture: true, keepTabOpen: true })
+  assert.equal(env.removedTabs.includes(3), false)
+  assert.equal(env.storage[storageKey(3)], undefined)
+  assert.equal(env.storage[popupStorageKey(3)], undefined)
+  delete globalThis.chrome
+})
+
+test('experience profiler injection receives screenshot metadata option and clears page global', async () => {
+  const calls = []
+  globalThis.chrome = {
+    scripting: {
+      executeScript: async options => {
+        calls.push(options)
+        return options.files
+          ? [{ result: { visual: {}, layout: {}, components: {}, interaction: {}, ux: {}, assets: {}, evidence: {} } }]
+          : []
+      }
+    }
+  }
+  const { executeExperienceProfiler } = await loadTsModule('src/background/agent-capture-target.ts')
+
+  const result = await executeExperienceProfiler(42, { captureScreenshotMetadata: false })
+
+  assert.ok(result.visual)
+  assert.equal(calls.length, 3)
+  assert.deepEqual(calls[0].args, [{ captureScreenshotMetadata: false }])
+  assert.deepEqual(calls[1].files, ['injected/experience-profiler.iife.js'])
+  assert.equal(typeof calls[2].func, 'function')
+  delete globalThis.chrome
+})
+
+test('experience profiler falls back to inline function when firefox cannot load script files', async () => {
+  const calls = []
+  const originalDocument = globalThis.document
+  const originalWindow = globalThis.window
+  const originalLocation = Object.getOwnPropertyDescriptor(globalThis, 'location')
+  const originalMatchMedia = globalThis.matchMedia
+  const button = {
+    tagName: 'BUTTON',
+    textContent: 'Authorization: Bearer sk_live_abc123 token=secret password=hunter2 user@example.com +1 415 555 1212',
+    getAttribute: name => (name === 'role' ? 'button' : ''),
+    getBoundingClientRect: () => ({ x: 1, y: 2, width: 120, height: 32 })
+  }
+  const asset = {
+    tagName: 'IMG',
+    currentSrc: 'https://cdn.example.com/account/sessionId/secretToken/Abcd1234EFGH5678ijkl9012.png?token=secret#frag',
+    src: '',
+    href: '',
+    getAttribute: () => '',
+    getBoundingClientRect: () => ({ x: 0, y: 0, width: 0, height: 0 })
+  }
+  globalThis.document = {
+    documentElement: { lang: 'en' },
+    body: { textContent: button.textContent, getAttribute: () => '' },
+    querySelectorAll: selector => {
+      if (selector === 'body *') return [button, asset]
+      if (selector === 'img[src], script[src], link[href]') return [asset]
+      if (selector === 'button') return [button]
+      return []
+    }
+  }
+  globalThis.window = { innerWidth: 1440, innerHeight: 900 }
+  globalThis.matchMedia = () => ({ matches: false })
+  Object.defineProperty(globalThis, 'location', {
+    configurable: true,
+    value: { href: 'https://example.com/base/' }
+  })
+  globalThis.chrome = {
+    scripting: {
+      executeScript: async options => {
+        calls.push(options)
+        if (options.files?.[0] === 'injected/experience-profiler.iife.js') {
+          return [{ error: 'Unable to load script: <anonymous code>' }]
+        }
+        if (options.func?.name === 'collectInlineExperienceProfile') {
+          return [{ result: options.func(options.args?.[0]) }]
+        }
+        if (typeof options.func === 'function' && options.world === 'MAIN') {
+          return [{ result: null }]
+        }
+        return [{ result: null }]
+      }
+    }
+  }
+
+  try {
+    const { executeExperienceProfiler } = await loadTsModule('src/background/agent-capture-target.ts')
+
+    const result = await executeExperienceProfiler(42, { captureScreenshotMetadata: false })
+
+    assert.ok(result.visual)
+    assert.deepEqual(calls.map(call => call.files?.[0]).filter(Boolean), ['injected/experience-profiler.iife.js'])
+    assert.equal(calls.filter(call => typeof call.func === 'function' && call.world === 'MAIN').length, 3)
+    const serialized = JSON.stringify(result)
+    assert.doesNotMatch(serialized, /Bearer|sk_live_abc123|token=secret|password=hunter2|user@example\.com|555 1212/)
+    assert.doesNotMatch(result.assets.urls[0], /sessionId|secretToken|Abcd1234EFGH5678ijkl9012|#frag/)
+    assert.equal('rect' in result.components.samples[0], false)
+    assert.match(serialized, /\[redacted\]|%5Bredacted%5D/)
+  } finally {
+    delete globalThis.chrome
+    if (originalDocument === undefined) delete globalThis.document
+    else globalThis.document = originalDocument
+    if (originalWindow === undefined) delete globalThis.window
+    else globalThis.window = originalWindow
+    if (originalMatchMedia === undefined) delete globalThis.matchMedia
+    else globalThis.matchMedia = originalMatchMedia
+    if (originalLocation) Object.defineProperty(globalThis, 'location', originalLocation)
+    else delete globalThis.location
+  }
+})
+
+test('experience profiler inline fallback includes rects only when metadata is requested', async () => {
+  const calls = []
+  const originalDocument = globalThis.document
+  const originalWindow = globalThis.window
+  const originalLocation = Object.getOwnPropertyDescriptor(globalThis, 'location')
+  const originalMatchMedia = globalThis.matchMedia
+  const nav = {
+    tagName: 'NAV',
+    textContent: 'Primary nav',
+    getAttribute: () => '',
+    getBoundingClientRect: () => ({ x: 10, y: 20, width: 300, height: 40 })
+  }
+  globalThis.document = {
+    documentElement: { lang: 'en' },
+    body: { textContent: nav.textContent, getAttribute: () => '' },
+    querySelectorAll: selector => {
+      if (selector === 'body *') return [nav]
+      if (selector === 'nav') return [nav]
+      return []
+    }
+  }
+  globalThis.window = { innerWidth: 1440, innerHeight: 900 }
+  globalThis.matchMedia = () => ({ matches: false })
+  Object.defineProperty(globalThis, 'location', {
+    configurable: true,
+    value: { href: 'https://example.com/base/' }
+  })
+  globalThis.chrome = {
+    scripting: {
+      executeScript: async options => {
+        calls.push(options)
+        if (options.files?.[0] === 'injected/experience-profiler.iife.js') {
+          return [{ error: 'Unable to load script: <anonymous code>' }]
+        }
+        if (options.func?.name === 'collectInlineExperienceProfile') {
+          return [{ result: options.func(options.args?.[0]) }]
+        }
+        return [{ result: null }]
+      }
+    }
+  }
+
+  try {
+    const { executeExperienceProfiler } = await loadTsModule('src/background/agent-capture-target.ts')
+
+    const result = await executeExperienceProfiler(42, { captureScreenshotMetadata: true })
+
+    assert.deepEqual(calls.find(call => call.func?.name === 'collectInlineExperienceProfile')?.args, [{ captureScreenshotMetadata: true }])
+    assert.deepEqual(result.components.samples[0].rect, { x: 10, y: 20, width: 300, height: 40 })
+    assert.deepEqual(result.layout.landmarks[0].rect, { x: 10, y: 20, width: 300, height: 40 })
+  } finally {
+    delete globalThis.chrome
+    if (originalDocument === undefined) delete globalThis.document
+    else globalThis.document = originalDocument
+    if (originalWindow === undefined) delete globalThis.window
+    else globalThis.window = originalWindow
+    if (originalMatchMedia === undefined) delete globalThis.matchMedia
+    else globalThis.matchMedia = originalMatchMedia
+    if (originalLocation) Object.defineProperty(globalThis, 'location', originalLocation)
+    else delete globalThis.location
+  }
+})
+
+test('experience profiler does not use inline fallback for runtime profiler errors', async () => {
+  const calls = []
+  globalThis.chrome = {
+    scripting: {
+      executeScript: async options => {
+        calls.push(options)
+        if (options.files?.[0] === 'injected/experience-profiler.iife.js') {
+          return [{ error: 'ReferenceError: profiler regression' }]
+        }
+        return [{ result: null }]
+      }
+    }
+  }
+
+  try {
+    const { executeExperienceProfiler } = await loadTsModule('src/background/agent-capture-target.ts')
+
+    await assert.rejects(() => executeExperienceProfiler(42, { captureScreenshotMetadata: false }), /profiler regression/)
+    assert.equal(calls.some(call => call.func?.name === 'collectInlineExperienceProfile'), false)
+  } finally {
+    delete globalThis.chrome
+  }
+})
+
+const enableBridgeStatusAck = env => {
+  env.chrome.tabs.sendMessage = async (_tabId, message) => {
+    env.messages.push(message)
+    if (message.type === 'AGENT_CAPTURE_STATUS') return { ok: true, data: { status: message.payload.status } }
+    return { ok: true }
+  }
+}
+
+const enableFastHeaderFallback = () => {
+  globalThis.fetch = async url =>
+    new Response('', {
+      status: 200,
+      headers: {
+        'content-type': 'text/html',
+        'x-powered-by': 'unit-test'
+      }
+    })
+}
+
+const restoreFetch = () => {
+  globalThis.fetch = originalFetch
+}
+
+const waitForMessage = async (messages, predicate, timeoutMs = 1000) => {
+  const deadline = Date.now() + timeoutMs
+  while (Date.now() < deadline) {
+    if (messages.some(predicate)) return messages.find(predicate)
+    await new Promise(resolve => setTimeout(resolve, 10))
+  }
+  assert.fail('expected message was not observed before timeout')
+}
+
+const waitForProfileTransferComplete = env =>
+  waitForMessage(env.messages, message => message.type === 'AGENT_PROFILE_TRANSFER_COMPLETE')
+
+const waitForCondition = async (predicate, timeoutMs = 1000) => {
+  const deadline = Date.now() + timeoutMs
+  while (Date.now() < deadline) {
+    const value = await predicate()
+    if (value) return value
+    await new Promise(resolve => setTimeout(resolve, 10))
+  }
+  assert.fail('expected condition was not observed before timeout')
+}
+
+const decodeTransferredProfile = messages => {
+  const begin = messages.find(message => message.type === 'AGENT_PROFILE_TRANSFER_BEGIN')
+  const chunks = messages
+    .filter(message => message.type === 'AGENT_PROFILE_TRANSFER_CHUNK' && message.profileTransferId === begin.profileTransferId)
+    .sort((a, b) => a.chunkIndex - b.chunkIndex)
+  const json = chunks.map(chunk => Buffer.from(chunk.payloadBase64, 'base64').toString('utf8')).join('')
+  return JSON.parse(json)
+}
+
+test('agent capture request validation is strict and normalizes URLs', async () => {
+  const { validateAgentCaptureRequest, normalizeComparableUrl } = await loadTsModule('src/background/agent-capture-request.ts')
+
+  const valid = validateAgentCaptureRequest(baseRequest)
+  assert.equal(valid.ok, true)
+  assert.equal(valid.request.url, 'https://example.com/app?view=one')
+  const reordered = validateAgentCaptureRequest({ ...baseRequest, include: ['ux', 'tech', 'ux', 'assets'] })
+  assert.deepEqual(reordered.request.include, ['tech', 'ux', 'assets'])
+  assert.equal(normalizeComparableUrl('HTTPS://Example.com:443/app?x=1#hash'), 'https://example.com/app?x=1')
+  assert.equal(normalizeComparableUrl('https://example.com/app'), 'https://example.com/app')
+  assert.equal(normalizeComparableUrl('https://example.com/app/'), 'https://example.com/app/')
+  assert.notEqual(normalizeComparableUrl('https://example.com/app'), normalizeComparableUrl('https://example.com/app/'))
+  assert.equal(
+    normalizeComparableUrl('https://example.com/a%20b/c%2Fd?tab=one&sort=a%2Bb#section'),
+    'https://example.com/a%20b/c%2Fd?tab=one&sort=a%2Bb'
+  )
+
+  assert.equal(validateAgentCaptureRequest({ ...baseRequest, include: [] }).error.code, 'INVALID_REQUEST')
+  assert.equal(validateAgentCaptureRequest({ ...baseRequest, url: 'https://user:pass@example.com/app' }).error.code, 'INVALID_REQUEST')
+  assert.equal(
+    validateAgentCaptureRequest({ ...baseRequest, options: { ...baseRequest.options, bridgeToken: true } }).error.code,
+    'INVALID_REQUEST'
+  )
+  assert.equal(
+    validateAgentCaptureRequest({ ...baseRequest, viewports: [{ width: 100, height: 900, deviceScaleFactor: 1 }] }).error.code,
+    'INVALID_REQUEST'
+  )
+  assert.equal(validateAgentCaptureRequest({ ...baseRequest, unexpected: true }).error.code, 'INVALID_REQUEST')
+  assert.equal(validateAgentCaptureRequest({ ...baseRequest, protocolVersion: 2 }).error.code, 'BRIDGE_PROTOCOL_UNSUPPORTED')
+  assert.equal(
+    validateAgentCaptureRequest({
+      ...baseRequest,
+      viewports: [{ name: 'bad space', width: 1440, height: 900, deviceScaleFactor: 1 }]
+    }).error.code,
+    'INVALID_REQUEST'
+  )
+  assert.equal(
+    validateAgentCaptureRequest({
+      ...baseRequest,
+      viewports: [{ name: 123, width: 1440, height: 900, deviceScaleFactor: 1 }]
+    }).error.code,
+    'INVALID_REQUEST'
+  )
+  assert.equal(
+    validateAgentCaptureRequest({
+      ...baseRequest,
+      viewports: [{ name: 'desktop', width: 1440, height: 900, deviceScaleFactor: 1, extra: true }]
+    }).error.code,
+    'INVALID_REQUEST'
+  )
+  assert.equal(
+    validateAgentCaptureRequest({
+      ...baseRequest,
+      viewports: [{ name: 'desktop', width: 1440, height: 900, deviceScaleFactor: '1' }]
+    }).error.code,
+    'INVALID_REQUEST'
+  )
+  assert.equal(
+    validateAgentCaptureRequest({
+      ...baseRequest,
+      viewports: [{ name: 'desktop', width: 1440, height: 900, deviceScaleFactor: true }]
+    }).error.code,
+    'INVALID_REQUEST'
+  )
+})
+
+test('agent capture network observer stays inactive when response-started API is unavailable', async () => {
+  resetLoadTsModuleCaches()
+  globalThis.chrome = { webRequest: {} }
+  const { registerAgentCaptureNetworkObserver, validateAgentCaptureNetwork, waitForAgentCaptureNetworkEvidence } = await loadTsModule(
+    'src/background/agent-capture-network.ts'
+  )
+  const state = {
+    captureId,
+    sessionId,
+    nonce,
+    bridgeOrigin: 'http://127.0.0.1:17370',
+    bridgeUrl: '',
+    bridgeTabId: 1,
+    bridgeWindowId: 1,
+    targetTabId: 2,
+    targetWindowId: 1,
+    targetUrl: baseRequest.url,
+    finalUrl: baseRequest.url,
+    targetMode: 'new_tab',
+    createdByCapture: true,
+    keepTabOpen: false,
+    phase: 'target_loaded',
+    status: 'running',
+    startedAt: Date.now(),
+    updatedAt: Date.now(),
+    deadlineAt: Date.now() + 1000
+  }
+
+  registerAgentCaptureNetworkObserver(() => assert.fail('network observer callback should not run'))
+
+  assert.equal(await waitForAgentCaptureNetworkEvidence(state), state)
+  assert.equal(validateAgentCaptureNetwork(state, baseRequest), null)
+  delete globalThis.chrome
+})
+
+test('agent capture network validation explains unverified browser evidence', async () => {
+  resetLoadTsModuleCaches()
+  const env = makeChrome()
+  globalThis.chrome = env.chrome
+  const { registerAgentCaptureNetworkObserver, validateAgentCaptureNetwork } = await loadTsModule('src/background/agent-capture-network.ts')
+  const state = {
+    captureId,
+    sessionId,
+    nonce,
+    bridgeOrigin: 'http://127.0.0.1:17370',
+    bridgeUrl: '',
+    bridgeTabId: 1,
+    bridgeWindowId: 1,
+    targetTabId: 2,
+    targetWindowId: 1,
+    targetUrl: baseRequest.url,
+    finalUrl: baseRequest.url,
+    targetMode: 'new_tab',
+    createdByCapture: true,
+    keepTabOpen: false,
+    phase: 'target_loaded',
+    status: 'running',
+    startedAt: Date.now(),
+    updatedAt: Date.now(),
+    deadlineAt: Date.now() + 1000
+  }
+
+  registerAgentCaptureNetworkObserver(() => assert.fail('network observer callback should not run'))
+
+  const missing = validateAgentCaptureNetwork(state, baseRequest)
+  assert.equal(missing, null)
+
+  const stale = validateAgentCaptureNetwork(
+    { ...state, targetNetwork: { url: baseRequest.url, ip: '93.184.216.34', fromCache: false, observedAt: state.startedAt - 1 } },
+    baseRequest
+  )
+  assert.equal(stale, null)
+
+  const mismatched = validateAgentCaptureNetwork(
+    { ...state, targetNetwork: { url: 'https://example.com/other', ip: '93.184.216.34', fromCache: false, observedAt: Date.now() } },
+    baseRequest
+  )
+  assert.equal(mismatched, null)
+
+  const cached = validateAgentCaptureNetwork(
+    { ...state, targetNetwork: { url: baseRequest.url, ip: '93.184.216.34', fromCache: true, observedAt: Date.now() } },
+    baseRequest
+  )
+  assert.equal(cached, null)
+
+  const missingAddress = validateAgentCaptureNetwork(
+    { ...state, targetNetwork: { url: baseRequest.url, fromCache: false, observedAt: Date.now() } },
+    baseRequest
+  )
+  assert.equal(missingAddress, null)
+
+  const privateNetworkState = {
+    ...state,
+    targetNetwork: { url: baseRequest.url, ip: '127.0.0.1', fromCache: false, observedAt: Date.now() }
+  }
+  const privateRequest = {
+    ...baseRequest,
+    options: { ...baseRequest.options, allowPrivateNetworkTarget: true }
+  }
+  assert.equal(validateAgentCaptureNetwork(privateNetworkState, privateRequest).code, 'PRIVATE_NETWORK_TARGET_BLOCKED')
+  assert.equal(
+    validateAgentCaptureNetwork(privateNetworkState, baseRequest, { allowAllNetworkTargets: true }).code,
+    'PRIVATE_NETWORK_TARGET_BLOCKED'
+  )
+  assert.equal(validateAgentCaptureNetwork(privateNetworkState, privateRequest, { allowAllNetworkTargets: true }), null)
+  delete globalThis.chrome
+})
+
+test('agent capture stores no tokens and sends profile chunks through bridge tab', async () => {
+  const env = makeChrome()
+  enableBridgeStatusAck(env)
+  enableFastHeaderFallback()
+  globalThis.chrome = env.chrome
+  const [{ registerBridgeSession }, { startAgentCapture, registerAgentProfileTransferPort }, { listAgentCaptureIds }] = await Promise.all([
+    loadTsModule('src/background/agent-bridge-session.ts'),
+    loadTsModule('src/background/agent-capture.ts'),
+    loadTsModule('src/background/agent-capture-state.ts')
+  ])
+  await registerBridgeSession({
+    tabId: 1,
+    windowId: 1,
+    bridgeOrigin: 'http://127.0.0.1:17370',
+    sessionId,
+    captureId,
+    nonce
+  })
+  await connectProfileTransferPort(env, registerAgentProfileTransferPort)
+
+  const response = await startAgentCapture(
+    {
+      type: 'START_AGENT_CAPTURE',
+      captureId,
+      sessionId,
+      nonce,
+      bridgeOrigin: 'http://127.0.0.1:17370',
+      request: baseRequest,
+      capabilities: {
+        agentBridge: true,
+        siteExperienceProfileV1: true,
+        profileChunkTransport: true,
+        bridgeContentPost: true,
+        storageSession: true,
+        experienceProfiler: true,
+        rawProfile: true,
+        viewportMetadata: true
+      }
+    },
+    { url: `http://127.0.0.1:17370/bridge?session=${sessionId}&capture=${captureId}&nonce=${nonce}`, tab: { id: 1, windowId: 1 } }
+  )
+
+  assert.equal(response.ok, true)
+  await waitForMessage(env.messages, message => message.type === 'AGENT_PROFILE_TRANSFER_COMPLETE')
+  const transferBegin = env.messages.find(message => message.type === 'AGENT_PROFILE_TRANSFER_BEGIN')
+  const transferComplete = env.messages.find(message => message.type === 'AGENT_PROFILE_TRANSFER_COMPLETE')
+  const profile = decodeTransferredProfile(env.messages)
+  assert.equal(JSON.stringify(env.storage).includes('spbt_'), false)
+  assert.equal(JSON.stringify(env.storage).includes('spb_'), false)
+  assert.match(transferBegin.profileTransferId, /^xfer_[A-Za-z0-9_-]{22}$/)
+  assert.equal(transferComplete.profileTransferId, transferBegin.profileTransferId)
+  assert.equal(profile.browserContext.extensionVersion, '1.3.71')
+  assert.match(profile.browserContext.userAgent, /Node|Mozilla|Chrome/)
+  assert.match(profile.browserContext.capturedAt, /^\d{4}-\d{2}-\d{2}T/)
+  assert.equal(env.removedTabs.includes(2), false)
+  assert.deepEqual(await listAgentCaptureIds(), [])
+  delete globalThis.chrome
+  restoreFetch()
+})
+
+test('agent capture can attach optional visible viewport screenshot evidence', async () => {
+  const env = makeChrome()
+  const screenshotDataUrl = `data:image/jpeg;base64,${Buffer.from('visible viewport').toString('base64')}`
+  env.tabs[0].active = true
+  env.tabs[1].active = false
+  env.chrome.tabs.captureVisibleTab = async (windowId, options) => {
+    assert.equal(windowId, 1)
+    assert.deepEqual(options, { format: 'jpeg', quality: 72 })
+    assert.equal(env.tabs.find(tab => tab.id === 3).active, true)
+    return screenshotDataUrl
+  }
+  enableBridgeStatusAck(env)
+  enableFastHeaderFallback()
+  globalThis.chrome = env.chrome
+  const [{ registerBridgeSession }, { startAgentCapture, registerAgentProfileTransferPort }] = await Promise.all([
+    loadTsModule('src/background/agent-bridge-session.ts'),
+    loadTsModule('src/background/agent-capture.ts')
+  ])
+  await registerBridgeSession({
+    tabId: 1,
+    windowId: 1,
+    bridgeOrigin: 'http://127.0.0.1:17370',
+    sessionId,
+    captureId,
+    nonce
+  })
+  await connectProfileTransferPort(env, registerAgentProfileTransferPort)
+
+  const response = await startAgentCapture(
+    {
+      type: 'START_AGENT_CAPTURE',
+      captureId,
+      sessionId,
+      nonce,
+      bridgeOrigin: 'http://127.0.0.1:17370',
+      request: {
+        ...baseRequest,
+        options: { ...baseRequest.options, targetMode: 'new_tab', captureScreenshot: true }
+      },
+      capabilities: fullCapabilities
+    },
+    { url: `http://127.0.0.1:17370/bridge?session=${sessionId}&capture=${captureId}&nonce=${nonce}`, tab: { id: 1, windowId: 1 } }
+  )
+
+  assert.equal(response.ok, true)
+  await waitForMessage(env.messages, message => message.type === 'AGENT_PROFILE_TRANSFER_COMPLETE')
+  const profile = decodeTransferredProfile(env.messages)
+  assert.equal(profile.visualProfile.screenshot.dataUrl, screenshotDataUrl)
+  assert.equal(profile.visualProfile.screenshot.mimeType, 'image/jpeg')
+  assert.equal(profile.visualProfile.screenshot.scope, 'visible_viewport')
+  assert.equal(profile.browserContext.extensionCapabilities.visualScreenshot, true)
+  assert.equal(env.tabs.find(tab => tab.id === 1).active, true)
+  delete globalThis.chrome
+  restoreFetch()
+})
+
+test('screenshot size cap uses decoded image bytes instead of data URL text length', async () => {
+  resetLoadTsModuleCaches()
+  const env = makeChrome()
+  const maxDecodedBytes = 2 * 1024 * 1024
+  const screenshotDataUrl = `data:image/jpeg;base64,${Buffer.alloc(maxDecodedBytes).toString('base64')}`
+  env.tabs[1].active = true
+  env.chrome.tabs.captureVisibleTab = async () => screenshotDataUrl
+  globalThis.chrome = env.chrome
+
+  const { captureVisibleViewportScreenshot } = await loadTsModule('src/background/agent-capture-target.ts')
+  const result = await captureVisibleViewportScreenshot(2, 1)
+
+  assert.equal(result.limitations.includes('screenshot_image_too_large'), false)
+  assert.equal(result.screenshot?.dataUrl, screenshotDataUrl)
+  assert.equal(result.screenshot?.byteLength, maxDecodedBytes)
+  delete globalThis.chrome
+})
+
+test('agent capture stops if capture is cancelled while optional screenshot is pending', async () => {
+  const env = makeChrome()
+  const screenshotDataUrl = `data:image/jpeg;base64,${Buffer.from('late viewport').toString('base64')}`
+  let resolveScreenshot
+  let screenshotStarted = false
+  env.tabs[0].active = true
+  env.tabs[1].active = false
+  env.chrome.tabs.captureVisibleTab = async () => {
+    screenshotStarted = true
+    return new Promise(resolve => {
+      resolveScreenshot = resolve
+    })
+  }
+  enableBridgeStatusAck(env)
+  enableFastHeaderFallback()
+  globalThis.chrome = env.chrome
+  const [{ registerBridgeSession }, { startAgentCapture, cancelAgentCapture, registerAgentProfileTransferPort }, { listAgentCaptureIds }] =
+    await Promise.all([
+      loadTsModule('src/background/agent-bridge-session.ts'),
+      loadTsModule('src/background/agent-capture.ts'),
+      loadTsModule('src/background/agent-capture-state.ts')
+    ])
+  await registerBridgeSession({
+    tabId: 1,
+    windowId: 1,
+    bridgeOrigin: 'http://127.0.0.1:17370',
+    sessionId,
+    captureId,
+    nonce
+  })
+  await connectProfileTransferPort(env, registerAgentProfileTransferPort)
+
+  const response = await startAgentCapture(
+    {
+      type: 'START_AGENT_CAPTURE',
+      captureId,
+      sessionId,
+      nonce,
+      bridgeOrigin: 'http://127.0.0.1:17370',
+      request: {
+        ...baseRequest,
+        options: { ...baseRequest.options, targetMode: 'new_tab', captureScreenshot: true }
+      },
+      capabilities: fullCapabilities
+    },
+    { url: `http://127.0.0.1:17370/bridge?session=${sessionId}&capture=${captureId}&nonce=${nonce}`, tab: { id: 1, windowId: 1 } }
+  )
+
+  assert.equal(response.ok, true)
+  await waitForCondition(() => screenshotStarted)
+  const cancel = await cancelAgentCapture(
+    { type: 'AGENT_CAPTURE_CONTROL', captureId, sessionId, nonce, command: 'cancel' },
+    { url: `http://127.0.0.1:17370/bridge?session=${sessionId}&capture=${captureId}&nonce=${nonce}`, tab: { id: 1, windowId: 1 } }
+  )
+
+  assert.equal(cancel.ok, true)
+  assert.equal((await listAgentCaptureIds()).includes(captureId), false)
+  resolveScreenshot(screenshotDataUrl)
+  await new Promise(resolve => setTimeout(resolve, 50))
+  assert.equal(env.messages.some(message => message.type?.startsWith('AGENT_PROFILE_TRANSFER_')), false)
+  assert.equal((await listAgentCaptureIds()).includes(captureId), false)
+  delete globalThis.chrome
+  restoreFetch()
+})
+
+test('agent bridge storage session access level is not widened to untrusted contexts', async () => {
+  const env = makeChrome()
+  const accessLevelCalls = []
+  env.chrome.storage.session.setAccessLevel = async options => {
+    accessLevelCalls.push(options)
+  }
+  globalThis.chrome = env.chrome
+  const [{ registerBridgeSession }, { saveAgentCaptureState }, { recordActiveTab }] = await Promise.all([
+    loadTsModule('src/background/agent-bridge-session.ts'),
+    loadTsModule('src/background/agent-capture-state.ts'),
+    loadTsModule('src/background/active-tab-tracker.ts')
+  ])
+
+  await registerBridgeSession({
+    tabId: 1,
+    windowId: 1,
+    bridgeOrigin: 'http://127.0.0.1:17370',
+    sessionId,
+    captureId,
+    nonce
+  })
+  await saveAgentCaptureState({
+    captureId,
+    sessionId,
+    nonce,
+    bridgeOrigin: 'http://127.0.0.1:17370',
+    bridgeUrl: 'http://127.0.0.1:17370/bridge',
+    bridgeTabId: 1,
+    bridgeWindowId: 1,
+    targetTabId: 2,
+    targetWindowId: 1,
+    targetUrl: 'https://example.com/app?view=one',
+    targetMode: 'new_tab',
+    createdByCapture: true,
+    keepTabOpen: false,
+    phase: 'target_opening',
+    status: 'running',
+    startedAt: 1,
+    updatedAt: 1,
+    deadlineAt: 100,
+    bridgeToken: 'spbt_should_not_store',
+    apiToken: 'spb_should_not_store'
+  })
+  await recordActiveTab({ id: 2, windowId: 1, url: 'https://example.com/app?view=one', incognito: false })
+
+  assert.deepEqual(accessLevelCalls, [])
+  assert.equal(JSON.stringify(env.storage).includes('TRUSTED_AND_UNTRUSTED_CONTEXTS'), false)
+  assert.equal(JSON.stringify(env.storage).includes('spbt_should_not_store'), false)
+  assert.equal(JSON.stringify(env.storage).includes('spb_should_not_store'), false)
+  delete globalThis.chrome
+})
+
+test('agent bridge router does not expose raw internal exception messages', async () => {
+  const env = makeChrome()
+  const errors = []
+  const originalError = console.error
+  console.error = (...args) => errors.push(args)
+  env.chrome.storage.session.get = async () => {
+    throw new Error(
+      'storage failed http://127.0.0.1:17370/bridge?token=secret&nonce=n_SECRETSECRETSECRETSECRET spb_ABCDEFGHIJKLMNOPQRSTUVWxy123456789012345'
+    )
+  }
+  let messageListener = null
+  env.chrome.runtime.onMessage.addListener = listener => {
+    messageListener = listener
+  }
+  try {
+    globalThis.chrome = env.chrome
+    const { registerMessageRouter } = await loadTsModule('src/background/message-router.ts')
+
+    registerMessageRouter()
+    assert.equal(typeof messageListener, 'function')
+
+    const response = await new Promise(resolve => {
+      messageListener(
+        { type: 'AGENT_BRIDGE_HELLO', captureId, sessionId, nonce, protocolVersion: 1 },
+        { url: `http://127.0.0.1:17370/bridge?session=${sessionId}&capture=${captureId}&nonce=${nonce}`, tab: { id: 1, windowId: 1 } },
+        resolve
+      )
+    })
+
+    const serialized = JSON.stringify(response)
+    const serializedLogs = JSON.stringify(errors)
+    assert.equal(response.ok, false)
+    assert.equal(response.error.code, 'INVALID_REQUEST')
+    assert.equal(serialized.includes('token=secret'), false)
+    assert.equal(serialized.includes('spb_'), false)
+    assert.equal(serialized.includes('nonce='), false)
+    assert.equal(serialized.includes('/bridge?'), false)
+    assert.equal(serializedLogs.includes('token=secret'), false)
+    assert.equal(serializedLogs.includes('spb_'), false)
+    assert.equal(serializedLogs.includes('nonce='), false)
+    assert.equal(serializedLogs.includes('/bridge?'), false)
+  } finally {
+    console.error = originalError
+    delete globalThis.chrome
+  }
+})
+
+test('agent capture rejects unknown top-level start payload fields', async () => {
+  const env = makeChrome()
+  globalThis.chrome = env.chrome
+  const [{ clearBridgeSession, getBridgeSession, registerBridgeSession }, { startAgentCapture }] = await Promise.all([
+    loadTsModule('src/background/agent-bridge-session.ts'),
+    loadTsModule('src/background/agent-capture.ts')
+  ])
+  await clearBridgeSession(1)
+  await registerBridgeSession({
+    tabId: 1,
+    windowId: 1,
+    bridgeOrigin: 'http://127.0.0.1:17370',
+    sessionId,
+    captureId,
+    nonce
+  })
+
+  const response = await startAgentCapture(
+    {
+      type: 'START_AGENT_CAPTURE',
+      captureId,
+      sessionId,
+      nonce,
+      bridgeOrigin: 'http://127.0.0.1:17370',
+      request: baseRequest,
+      capabilities: { ...fullCapabilities },
+      unexpectedField: true
+    },
+    { url: `http://127.0.0.1:17370/bridge?session=${sessionId}&capture=${captureId}&nonce=${nonce}`, tab: { id: 1, windowId: 1 } }
+  )
+
+  assert.equal(response.error.code, 'INVALID_REQUEST')
+  assert.equal(await getBridgeSession(1), null)
+  delete globalThis.chrome
+})
+
+test('agent capture rejects forbidden sensitive start payload fields before resolving target tabs', async () => {
+  const env = makeChrome()
+  let targetResolutionAttempted = false
+  env.chrome.tabs.query = async () => {
+    targetResolutionAttempted = true
+    return env.tabs
+  }
+  env.chrome.tabs.create = async () => {
+    targetResolutionAttempted = true
+    return { id: 3, windowId: 1, url: baseRequest.url, incognito: false, status: 'complete' }
+  }
+  globalThis.chrome = env.chrome
+  const [{ clearBridgeSession, getBridgeSession, registerBridgeSession }, { startAgentCapture }, { listAgentCaptureIds }] =
+    await Promise.all([
+      loadTsModule('src/background/agent-bridge-session.ts'),
+      loadTsModule('src/background/agent-capture.ts'),
+      loadTsModule('src/background/agent-capture-state.ts')
+    ])
+  await clearBridgeSession(1)
+  for (const forbidden of [
+    { bridgeToken: 'spbt_should_not_reach_background' },
+    { callbackUrl: 'https://example.com/callback' },
+    { profile: { schema: 'stackprism.site_experience_profile.v1' } }
+  ]) {
+    await registerBridgeSession({
+      tabId: 1,
+      windowId: 1,
+      bridgeOrigin: 'http://127.0.0.1:17370',
+      sessionId,
+      captureId,
+      nonce
+    })
+    const response = await startAgentCapture(
+      {
+        type: 'START_AGENT_CAPTURE',
+        captureId,
+        sessionId,
+        nonce,
+        bridgeOrigin: 'http://127.0.0.1:17370',
+        request: baseRequest,
+        capabilities: { ...fullCapabilities },
+        ...forbidden
+      },
+      { url: `http://127.0.0.1:17370/bridge?session=${sessionId}&capture=${captureId}&nonce=${nonce}`, tab: { id: 1, windowId: 1 } }
+    )
+
+    assert.equal(response.ok, false)
+    assert.equal(response.error.code, 'INVALID_REQUEST')
+    assert.equal(response.error.message, 'Agent capture payload contains forbidden fields.')
+    assert.equal(await getBridgeSession(1), null)
+  }
+  assert.equal(targetResolutionAttempted, false)
+  assert.deepEqual(await listAgentCaptureIds(), [])
+  delete globalThis.chrome
+})
+
+test('agent capture rejects missing required capabilities before resolving target tabs', async () => {
+  const env = makeChrome()
+  let targetResolutionAttempted = false
+  env.chrome.tabs.query = async () => {
+    targetResolutionAttempted = true
+    return env.tabs
+  }
+  env.chrome.tabs.create = async () => {
+    targetResolutionAttempted = true
+    return { id: 3, windowId: 1, url: baseRequest.url, incognito: false, status: 'complete' }
+  }
+  globalThis.chrome = env.chrome
+  const [{ clearBridgeSession, registerBridgeSession }, { startAgentCapture }, { listAgentCaptureIds }] = await Promise.all([
+    loadTsModule('src/background/agent-bridge-session.ts'),
+    loadTsModule('src/background/agent-capture.ts'),
+    loadTsModule('src/background/agent-capture-state.ts')
+  ])
+  await clearBridgeSession(1)
+  await registerBridgeSession({
+    tabId: 1,
+    windowId: 1,
+    bridgeOrigin: 'http://127.0.0.1:17370',
+    sessionId,
+    captureId,
+    nonce
+  })
+
+  const response = await startAgentCapture(
+    {
+      type: 'START_AGENT_CAPTURE',
+      captureId,
+      sessionId,
+      nonce,
+      bridgeOrigin: 'http://127.0.0.1:17370',
+      request: baseRequest,
+      capabilities: {
+        agentBridge: true,
+        siteExperienceProfileV1: true,
+        profileChunkTransport: false,
+        bridgeContentPost: true,
+        storageSession: true,
+        experienceProfiler: true,
+        rawProfile: true,
+        viewportMetadata: true
+      }
+    },
+    { url: `http://127.0.0.1:17370/bridge?session=${sessionId}&capture=${captureId}&nonce=${nonce}`, tab: { id: 1, windowId: 1 } }
+  )
+
+  assert.equal(response.ok, false)
+  assert.equal(response.error.code, 'NOT_SUPPORTED')
+  assert.equal(response.error.details.missingCapability, 'profileChunkTransport')
+  assert.equal(targetResolutionAttempted, false)
+  assert.deepEqual(await listAgentCaptureIds(), [])
+  delete globalThis.chrome
+})
+
+test('agent capture rechecks local opt-in before resolving target tabs', async () => {
+  const env = makeChrome()
+  let targetResolutionAttempted = false
+  env.chrome.storage.local.get = async () => ({ stackPrismSettings: { agentBridgeEnabled: false } })
+  env.chrome.tabs.query = async () => {
+    targetResolutionAttempted = true
+    return env.tabs
+  }
+  env.chrome.tabs.create = async () => {
+    targetResolutionAttempted = true
+    return { id: 3, windowId: 1, url: baseRequest.url, incognito: false, status: 'complete' }
+  }
+  globalThis.chrome = env.chrome
+  const [{ getBridgeSession, registerBridgeSession }, { startAgentCapture }] = await Promise.all([
+    loadTsModule('src/background/agent-bridge-session.ts'),
+    loadTsModule('src/background/agent-capture.ts')
+  ])
+  await registerBridgeSession({
+    tabId: 1,
+    windowId: 1,
+    bridgeOrigin: 'http://127.0.0.1:17370',
+    sessionId,
+    captureId,
+    nonce
+  })
+
+  const response = await startAgentCapture(
+    {
+      type: 'START_AGENT_CAPTURE',
+      captureId,
+      sessionId,
+      nonce,
+      bridgeOrigin: 'http://127.0.0.1:17370',
+      request: baseRequest,
+      capabilities: {
+        agentBridge: true,
+        siteExperienceProfileV1: true,
+        profileChunkTransport: true,
+        bridgeContentPost: true,
+        storageSession: true,
+        experienceProfiler: true,
+        rawProfile: true,
+        viewportMetadata: true
+      }
+    },
+    { url: `http://127.0.0.1:17370/bridge?session=${sessionId}&capture=${captureId}&nonce=${nonce}`, tab: { id: 1, windowId: 1 } }
+  )
+
+  assert.equal(response.ok, false)
+  assert.equal(response.error.code, 'AGENT_BRIDGE_DISABLED')
+  assert.equal(targetResolutionAttempted, false)
+  assert.equal(await getBridgeSession(1), null)
+  delete globalThis.chrome
+})
+
+test('agent capture rechecks browser data consent before resolving target tabs', async () => {
+  const env = makeChrome()
+  let targetResolutionAttempted = false
+  const getManifest = env.chrome.runtime.getManifest
+  env.chrome.runtime.getManifest = () => ({
+    ...getManifest(),
+    browser_specific_settings: {
+      gecko: {
+        data_collection_permissions: {
+          optional: ['browsingActivity', 'technicalAndInteraction', 'websiteContent']
+        }
+      }
+    }
+  })
+  env.chrome.permissions = {
+    getAll: async () => ({ data_collection: ['browsingActivity', 'websiteContent'] }),
+    request: async () => false
+  }
+  env.chrome.tabs.query = async () => {
+    targetResolutionAttempted = true
+    return env.tabs
+  }
+  env.chrome.tabs.create = async () => {
+    targetResolutionAttempted = true
+    return { id: 3, windowId: 1, url: baseRequest.url, incognito: false, status: 'complete' }
+  }
+  globalThis.chrome = env.chrome
+  const [{ getBridgeSession, registerBridgeSession }, { startAgentCapture }] = await Promise.all([
+    loadTsModule('src/background/agent-bridge-session.ts'),
+    loadTsModule('src/background/agent-capture.ts')
+  ])
+  await registerBridgeSession({
+    tabId: 1,
+    windowId: 1,
+    bridgeOrigin: 'http://127.0.0.1:17370',
+    sessionId,
+    captureId,
+    nonce
+  })
+
+  const response = await startAgentCapture(
+    {
+      type: 'START_AGENT_CAPTURE',
+      captureId,
+      sessionId,
+      nonce,
+      bridgeOrigin: 'http://127.0.0.1:17370',
+      request: baseRequest,
+      capabilities: { ...fullCapabilities }
+    },
+    { url: `http://127.0.0.1:17370/bridge?session=${sessionId}&capture=${captureId}&nonce=${nonce}`, tab: { id: 1, windowId: 1 } }
+  )
+
+  assert.equal(response.ok, false)
+  assert.equal(response.error.code, 'AGENT_BRIDGE_DISABLED')
+  assert.equal(targetResolutionAttempted, false)
+  assert.equal(await getBridgeSession(1), null)
+  delete globalThis.chrome
+})
+
+test('agent capture blocks unsafe target URLs before resolving target tabs', async () => {
+  const env = makeChrome()
+  let targetResolutionAttempted = false
+  env.chrome.tabs.query = async () => {
+    targetResolutionAttempted = true
+    return env.tabs
+  }
+  env.chrome.tabs.create = async create => {
+    targetResolutionAttempted = true
+    return { id: 3, windowId: 1, url: create.url, incognito: true, status: 'complete' }
+  }
+  globalThis.chrome = env.chrome
+  const [{ getBridgeSession, registerBridgeSession }, { startAgentCapture }, { listAgentCaptureIds }, { applyDetectorSettingsUpdate }] =
+    await Promise.all([
+      loadTsModule('src/background/agent-bridge-session.ts'),
+      loadTsModule('src/background/agent-capture.ts'),
+      loadTsModule('src/background/agent-capture-state.ts'),
+      loadTsModule('src/background/detector-settings.ts')
+    ])
+  const blockedTargets = [
+    { url: 'http://127.0.0.1:18080/admin', code: 'PRIVATE_NETWORK_TARGET_BLOCKED' },
+    { url: 'http://localhost:18080/admin', code: 'PRIVATE_NETWORK_TARGET_BLOCKED' },
+    { url: 'http://192.168.1.2/admin', code: 'PRIVATE_NETWORK_TARGET_BLOCKED' },
+    {
+      url: 'http://127.0.0.1:18080/admin',
+      code: 'PRIVATE_NETWORK_TARGET_BLOCKED',
+      options: { allowPrivateNetworkTarget: true }
+    },
+    {
+      url: 'http://internal.example.test/admin',
+      code: 'PRIVATE_NETWORK_TARGET_BLOCKED',
+      options: { allowPrivateNetworkTarget: true }
+    },
+    {
+      url: 'http://127.0.0.1:17370/v1/captures',
+      code: 'BRIDGE_SELF_TARGET_BLOCKED',
+      options: { allowPrivateNetworkTarget: true }
+    }
+  ]
+
+  for (const target of blockedTargets) {
+    targetResolutionAttempted = false
+    await registerBridgeSession({
+      tabId: 1,
+      windowId: 1,
+      bridgeOrigin: 'http://127.0.0.1:17370',
+      sessionId,
+      captureId,
+      nonce
+    })
+
+    const response = await startAgentCapture(
+      {
+        type: 'START_AGENT_CAPTURE',
+        captureId,
+        sessionId,
+        nonce,
+        bridgeOrigin: 'http://127.0.0.1:17370',
+        request: {
+          ...baseRequest,
+          url: target.url,
+          options: { ...baseRequest.options, targetMode: 'new_tab', ...target.options }
+        },
+        capabilities: { ...fullCapabilities }
+      },
+      { url: `http://127.0.0.1:17370/bridge?session=${sessionId}&capture=${captureId}&nonce=${nonce}`, tab: { id: 1, windowId: 1 } }
+    )
+
+    assert.equal(response.ok, false)
+    assert.equal(response.error.code, target.code)
+    assert.equal(targetResolutionAttempted, false)
+    assert.equal(await getBridgeSession(1), null)
+  }
+
+  targetResolutionAttempted = false
+  env.chrome.storage.local.get = async () => ({
+    stackPrismSettings: { agentBridgeEnabled: true, agentBridgeAllowAllNetworkTargets: true }
+  })
+  applyDetectorSettingsUpdate({}, { agentBridgeEnabled: true, agentBridgeAllowAllNetworkTargets: true })
+  await registerBridgeSession({
+    tabId: 1,
+    windowId: 1,
+    bridgeOrigin: 'http://127.0.0.1:17370',
+    sessionId,
+    captureId,
+    nonce
+  })
+  const allowed = await startAgentCapture(
+    {
+      type: 'START_AGENT_CAPTURE',
+      captureId,
+      sessionId,
+      nonce,
+      bridgeOrigin: 'http://127.0.0.1:17370',
+      request: {
+        ...baseRequest,
+        url: 'http://127.0.0.1:18080/admin',
+        options: { ...baseRequest.options, allowPrivateNetworkTarget: true, targetMode: 'new_tab' }
+      },
+      capabilities: { ...fullCapabilities }
+    },
+    { url: `http://127.0.0.1:17370/bridge?session=${sessionId}&capture=${captureId}&nonce=${nonce}`, tab: { id: 1, windowId: 1 } }
+  )
+
+  assert.equal(targetResolutionAttempted, true)
+  assert.equal(allowed.ok, false)
+  assert.equal(allowed.error.code, 'INCOGNITO_NOT_SUPPORTED')
+  assert.equal(await getBridgeSession(1), null)
+  assert.deepEqual(await listAgentCaptureIds(), [])
+  delete globalThis.chrome
+})
+
+test('agent capture cleans a newly created target tab when state persistence fails', async () => {
+  const env = makeChrome()
+  env.chrome.tabs.create = async create => {
+    const tab = { id: 4, windowId: 1, url: create.url, incognito: false, status: 'complete' }
+    env.tabs.push(tab)
+    return tab
+  }
+  globalThis.chrome = env.chrome
+  const [{ getBridgeSession, registerBridgeSession }, { startAgentCapture }, { listAgentCaptureIds }] = await Promise.all([
+    loadTsModule('src/background/agent-bridge-session.ts'),
+    loadTsModule('src/background/agent-capture.ts'),
+    loadTsModule('src/background/agent-capture-state.ts')
+  ])
+  await registerBridgeSession({
+    tabId: 1,
+    windowId: 1,
+    bridgeOrigin: 'http://127.0.0.1:17370',
+    sessionId,
+    captureId,
+    nonce
+  })
+  const originalSet = env.chrome.storage.session.set
+  env.chrome.storage.session.set = async value => {
+    if (Object.keys(value).includes(`agent-capture:${captureId}`)) {
+      throw new Error('state save failed')
+    }
+    await originalSet(value)
+  }
+
+  let response = null
+  let thrown = null
+  try {
+    response = await startAgentCapture(
+      {
+        type: 'START_AGENT_CAPTURE',
+        captureId,
+        sessionId,
+        nonce,
+        bridgeOrigin: 'http://127.0.0.1:17370',
+        request: {
+          ...baseRequest,
+          url: 'https://example.com/save-fails',
+          options: { ...baseRequest.options, targetMode: 'new_tab' }
+        },
+        capabilities: { ...fullCapabilities }
+      },
+      { url: `http://127.0.0.1:17370/bridge?session=${sessionId}&capture=${captureId}&nonce=${nonce}`, tab: { id: 1, windowId: 1 } }
+    )
+  } catch (error) {
+    thrown = error
+  }
+
+  assert.equal(thrown, null)
+  assert.equal(response.ok, false)
+  assert.equal(response.error.code, 'NOT_SUPPORTED')
+  assert.equal(env.removedTabs.includes(4), true)
+  assert.equal(await getBridgeSession(1), null)
+  assert.deepEqual(await listAgentCaptureIds(), [])
+  delete globalThis.chrome
+})
+
+test('agent capture fails running captures when local opt-in is disabled', async () => {
+  const env = makeChrome()
+  enableBridgeStatusAck(env)
+  globalThis.chrome = env.chrome
+  const [{ handleAgentBridgeOptInDisabled }, { saveAgentCaptureState, listAgentCaptureIds }] = await Promise.all([
+    loadTsModule('src/background/agent-capture.ts'),
+    loadTsModule('src/background/agent-capture-state.ts')
+  ])
+  await saveAgentCaptureState({
+    captureId,
+    sessionId,
+    nonce,
+    bridgeOrigin: 'http://127.0.0.1:17370',
+    bridgeUrl: `http://127.0.0.1:17370/bridge?session=${sessionId}&capture=${captureId}&nonce=${nonce}`,
+    bridgeTabId: 1,
+    bridgeWindowId: 1,
+    targetTabId: 2,
+    targetWindowId: 1,
+    targetUrl: 'https://example.com/app?view=one',
+    targetMode: 'new_tab',
+    createdByCapture: true,
+    keepTabOpen: false,
+    phase: 'target_loaded',
+    status: 'running',
+    startedAt: 1,
+    updatedAt: 1,
+    deadlineAt: Date.now() + 60000
+  })
+
+  await handleAgentBridgeOptInDisabled()
+
+  assert.equal(
+    env.messages.some(message => message.type === 'AGENT_CAPTURE_STATUS' && message.payload.error?.code === 'AGENT_BRIDGE_DISABLED'),
+    true
+  )
+  assert.equal(env.removedTabs.includes(2), true)
+  assert.deepEqual(await listAgentCaptureIds(), [])
+  delete globalThis.chrome
+})
+
+test('agent capture fails running captures when browser data consent is removed', async () => {
+  const env = makeChrome()
+  enableBridgeStatusAck(env)
+  globalThis.chrome = env.chrome
+  const [{ handleAgentBridgeDataConsentRemoved }, { saveAgentCaptureState, listAgentCaptureIds }] = await Promise.all([
+    loadTsModule('src/background/agent-capture.ts'),
+    loadTsModule('src/background/agent-capture-state.ts')
+  ])
+  await saveAgentCaptureState({
+    captureId,
+    sessionId,
+    nonce,
+    bridgeOrigin: 'http://127.0.0.1:17370',
+    bridgeUrl: `http://127.0.0.1:17370/bridge?session=${sessionId}&capture=${captureId}&nonce=${nonce}`,
+    bridgeTabId: 1,
+    bridgeWindowId: 1,
+    targetTabId: 2,
+    targetWindowId: 1,
+    targetUrl: 'https://example.com/app?view=one',
+    targetMode: 'new_tab',
+    createdByCapture: true,
+    keepTabOpen: false,
+    phase: 'target_loaded',
+    status: 'running',
+    startedAt: 1,
+    updatedAt: 1,
+    deadlineAt: Date.now() + 60000
+  })
+
+  await handleAgentBridgeDataConsentRemoved()
+
+  assert.equal(
+    env.messages.some(
+      message =>
+        message.type === 'AGENT_CAPTURE_STATUS' &&
+        message.payload.error?.code === 'AGENT_BRIDGE_DISABLED' &&
+        message.payload.error.message.includes('data transfer permission')
+    ),
+    true
+  )
+  assert.equal(env.removedTabs.includes(2), true)
+  assert.deepEqual(await listAgentCaptureIds(), [])
+  delete globalThis.chrome
+})
+
+test('agent capture reports owned target cleanup failures without leaving capture state', async () => {
+  const env = makeChrome()
+  enableBridgeStatusAck(env)
+  const warnings = []
+  const originalWarn = console.warn
+  console.warn = (...args) => warnings.push(args)
+  env.chrome.tabs.remove = async () => {
+    throw new Error('remove failed for bridge target')
+  }
+  globalThis.chrome = env.chrome
+  const [{ registerBridgeSession, getBridgeSession }, { handleAgentBridgeOptInDisabled }, { saveAgentCaptureState, listAgentCaptureIds }] =
+    await Promise.all([
+      loadTsModule('src/background/agent-bridge-session.ts'),
+      loadTsModule('src/background/agent-capture.ts'),
+      loadTsModule('src/background/agent-capture-state.ts')
+    ])
+  try {
+    await registerBridgeSession({
+      tabId: 1,
+      windowId: 1,
+      bridgeOrigin: 'http://127.0.0.1:17370',
+      sessionId,
+      captureId,
+      nonce
+    })
+    await saveAgentCaptureState({
+      captureId,
+      sessionId,
+      nonce,
+      bridgeOrigin: 'http://127.0.0.1:17370',
+      bridgeUrl: `http://127.0.0.1:17370/bridge?session=${sessionId}&capture=${captureId}&nonce=${nonce}`,
+      bridgeTabId: 1,
+      bridgeWindowId: 1,
+      targetTabId: 2,
+      targetWindowId: 1,
+      targetUrl: 'https://example.com/app?view=one',
+      targetMode: 'new_tab',
+      createdByCapture: true,
+      keepTabOpen: false,
+      phase: 'target_loaded',
+      status: 'running',
+      startedAt: 1,
+      updatedAt: 1,
+      deadlineAt: Date.now() + 60000
+    })
+
+    await handleAgentBridgeOptInDisabled()
+
+    assert.equal(
+      env.messages.some(message => message.type === 'AGENT_CAPTURE_STATUS' && message.payload.error?.code === 'AGENT_BRIDGE_DISABLED'),
+      true
+    )
+    assert.deepEqual(await listAgentCaptureIds(), [])
+    assert.equal(await getBridgeSession(1), null)
+    assert.equal(
+      warnings.some(args => args[0] === 'StackPrism agent capture cleanup failed.' && args[1]?.operation === 'cleanupTarget'),
+      true
+    )
+  } finally {
+    console.warn = originalWarn
+    delete globalThis.chrome
+  }
+})
+
+test('background local settings change disables running agent captures', async () => {
+  resetLoadTsModuleCaches()
+  const env = makeChrome()
+  enableBridgeStatusAck(env)
+  globalThis.chrome = env.chrome
+
+  await loadTsModule('src/background/index.ts')
+  await new Promise(resolve => setTimeout(resolve, 0))
+  const { saveAgentCaptureState, listAgentCaptureIds } = await loadTsModule('src/background/agent-capture-state.ts')
+  await saveAgentCaptureState({
+    captureId,
+    sessionId,
+    nonce,
+    bridgeOrigin: 'http://127.0.0.1:17370',
+    bridgeUrl: `http://127.0.0.1:17370/bridge?session=${sessionId}&capture=${captureId}&nonce=${nonce}`,
+    bridgeTabId: 1,
+    bridgeWindowId: 1,
+    targetTabId: 2,
+    targetWindowId: 1,
+    targetUrl: 'https://example.com/app?view=one',
+    targetMode: 'new_tab',
+    createdByCapture: true,
+    keepTabOpen: false,
+    phase: 'target_loaded',
+    status: 'running',
+    startedAt: 1,
+    updatedAt: 1,
+    deadlineAt: Date.now() + 60000
+  })
+
+  assert.equal(env.storageEvents.onChanged.length, 1)
+  env.storageEvents.onChanged[0](
+    { stackPrismSettings: { newValue: { agentBridgeEnabled: false }, oldValue: { agentBridgeEnabled: true } } },
+    'local'
+  )
+
+  await waitForMessage(
+    env.messages,
+    message => message.type === 'AGENT_CAPTURE_STATUS' && message.payload.error?.code === 'AGENT_BRIDGE_DISABLED'
+  )
+  assert.equal(env.removedTabs.includes(2), true)
+  assert.deepEqual(await listAgentCaptureIds(), [])
+  delete globalThis.chrome
+})
+
+test('background sync settings change preserves sync updates when local storage is unavailable', async () => {
+  resetLoadTsModuleCaches()
+  const env = makeChrome()
+  env.chrome.storage.local.get = async () => {
+    throw new Error('local settings unavailable token=secret')
+  }
+  globalThis.chrome = env.chrome
+
+  await loadTsModule('src/background/index.ts')
+  await new Promise(resolve => setTimeout(resolve, 0))
+  const { loadDetectorSettings } = await loadTsModule('src/background/detector-settings.ts')
+
+  assert.equal(env.storageEvents.onChanged.length, 1)
+  env.storageEvents.onChanged[0](
+    {
+      stackPrismSettings: {
+        newValue: {
+          disabledTechnologies: ['React'],
+          disabledCategories: ['Analytics']
+        },
+        oldValue: {}
+      }
+    },
+    'sync'
+  )
+
+  const settings = await waitForCondition(async () => {
+    const current = await loadDetectorSettings()
+    return current.disabledTechnologies.includes('React') ? current : null
+  })
+
+  assert.deepEqual(settings.disabledTechnologies, ['React'])
+  assert.deepEqual(settings.disabledCategories, ['Analytics'])
+  assert.equal(settings.agentBridgeEnabled, false)
+  delete globalThis.chrome
+})
+
+test('background data consent removal disables running agent captures', async () => {
+  resetLoadTsModuleCaches()
+  const env = makeChrome()
+  enableBridgeStatusAck(env)
+  globalThis.chrome = env.chrome
+
+  await loadTsModule('src/background/index.ts')
+  await new Promise(resolve => setTimeout(resolve, 0))
+  const { saveAgentCaptureState, listAgentCaptureIds } = await loadTsModule('src/background/agent-capture-state.ts')
+  await saveAgentCaptureState({
+    captureId,
+    sessionId,
+    nonce,
+    bridgeOrigin: 'http://127.0.0.1:17370',
+    bridgeUrl: `http://127.0.0.1:17370/bridge?session=${sessionId}&capture=${captureId}&nonce=${nonce}`,
+    bridgeTabId: 1,
+    bridgeWindowId: 1,
+    targetTabId: 2,
+    targetWindowId: 1,
+    targetUrl: 'https://example.com/app?view=one',
+    targetMode: 'new_tab',
+    createdByCapture: true,
+    keepTabOpen: false,
+    phase: 'target_loaded',
+    status: 'running',
+    startedAt: 1,
+    updatedAt: 1,
+    deadlineAt: Date.now() + 60000
+  })
+
+  assert.equal(env.permissionsEvents.onRemoved.length, 1)
+  env.permissionsEvents.onRemoved[0]({ data_collection: ['technicalAndInteraction'] })
+
+  await waitForMessage(
+    env.messages,
+    message =>
+      message.type === 'AGENT_CAPTURE_STATUS' &&
+      message.payload.error?.code === 'AGENT_BRIDGE_DISABLED' &&
+      message.payload.error.message.includes('data transfer permission')
+  )
+  assert.equal(env.removedTabs.includes(2), true)
+  assert.deepEqual(await listAgentCaptureIds(), [])
+  delete globalThis.chrome
+})
+
+test('background local opt-in disable is not delayed by badge refresh', async () => {
+  resetLoadTsModuleCaches()
+  const env = makeChrome()
+  enableBridgeStatusAck(env)
+  globalThis.chrome = env.chrome
+
+  await loadTsModule('src/background/index.ts')
+  await new Promise(resolve => setTimeout(resolve, 0))
+  const { saveAgentCaptureState, listAgentCaptureIds } = await loadTsModule('src/background/agent-capture-state.ts')
+  await saveAgentCaptureState({
+    captureId,
+    sessionId,
+    nonce,
+    bridgeOrigin: 'http://127.0.0.1:17370',
+    bridgeUrl: `http://127.0.0.1:17370/bridge?session=${sessionId}&capture=${captureId}&nonce=${nonce}`,
+    bridgeTabId: 1,
+    bridgeWindowId: 1,
+    targetTabId: 2,
+    targetWindowId: 1,
+    targetUrl: 'https://example.com/app?view=one',
+    targetMode: 'new_tab',
+    createdByCapture: true,
+    keepTabOpen: false,
+    phase: 'target_loaded',
+    status: 'running',
+    startedAt: 1,
+    updatedAt: 1,
+    deadlineAt: Date.now() + 60000
+  })
+
+  let releaseRefresh
+  env.chrome.tabs.query = async () =>
+    new Promise(resolve => {
+      releaseRefresh = () => resolve(env.tabs)
+    })
+  env.storageEvents.onChanged[0](
+    { stackPrismSettings: { newValue: { agentBridgeEnabled: false }, oldValue: { agentBridgeEnabled: true } } },
+    'local'
+  )
+
+  try {
+    await waitForMessage(
+      env.messages,
+      message => message.type === 'AGENT_CAPTURE_STATUS' && message.payload.error?.code === 'AGENT_BRIDGE_DISABLED',
+      150
+    )
+  } finally {
+    releaseRefresh?.()
+  }
+  assert.equal(env.removedTabs.includes(2), true)
+  assert.deepEqual(await listAgentCaptureIds(), [])
+  delete globalThis.chrome
+})
+
+test('background extension lifecycle wake fails active agent captures closed', async () => {
+  resetLoadTsModuleCaches()
+  const env = makeChrome()
+  enableBridgeStatusAck(env)
+  globalThis.chrome = env.chrome
+
+  await loadTsModule('src/background/index.ts')
+  await new Promise(resolve => setTimeout(resolve, 0))
+  const { saveAgentCaptureState, listAgentCaptureIds } = await loadTsModule('src/background/agent-capture-state.ts')
+  await saveAgentCaptureState({
+    captureId,
+    sessionId,
+    nonce,
+    bridgeOrigin: 'http://127.0.0.1:17370',
+    bridgeUrl: `http://127.0.0.1:17370/bridge?session=${sessionId}&capture=${captureId}&nonce=${nonce}`,
+    bridgeTabId: 1,
+    bridgeWindowId: 1,
+    targetTabId: 2,
+    targetWindowId: 1,
+    targetUrl: 'https://example.com/app?view=one',
+    targetMode: 'new_tab',
+    createdByCapture: true,
+    keepTabOpen: false,
+    phase: 'target_loaded',
+    status: 'running',
+    startedAt: 1,
+    updatedAt: 1,
+    deadlineAt: Date.now() + 60000
+  })
+
+  assert.equal(env.runtimeEvents.onInstalled.length, 1)
+  env.runtimeEvents.onInstalled[0]({ reason: 'update' })
+
+  await waitForMessage(
+    env.messages,
+    message => message.type === 'AGENT_CAPTURE_STATUS' && message.payload.error?.code === 'SERVICE_WORKER_RESTARTED'
+  )
+  await waitForCondition(() =>
+    env.executedScripts.some(
+      details => details.target?.tabId === 2 && details.files?.some(file => String(file).includes('content-observer'))
+    )
+  )
+  assert.equal(env.removedTabs.includes(2), true)
+  assert.deepEqual(await listAgentCaptureIds(), [])
+  delete globalThis.chrome
+})
+
+test('agent capture rejects duplicate start for the same active capture id', async () => {
+  const env = makeChrome()
+  globalThis.chrome = env.chrome
+  const [{ getBridgeSession, registerBridgeSession }, { startAgentCapture }, { saveAgentCaptureState }] = await Promise.all([
+    loadTsModule('src/background/agent-bridge-session.ts'),
+    loadTsModule('src/background/agent-capture.ts'),
+    loadTsModule('src/background/agent-capture-state.ts')
+  ])
+  await registerBridgeSession({
+    tabId: 1,
+    windowId: 1,
+    bridgeOrigin: 'http://127.0.0.1:17370',
+    sessionId,
+    captureId,
+    nonce
+  })
+  await saveAgentCaptureState({
+    captureId,
+    sessionId,
+    nonce,
+    bridgeOrigin: 'http://127.0.0.1:17370',
+    bridgeUrl: `http://127.0.0.1:17370/bridge?session=${sessionId}&capture=${captureId}&nonce=${nonce}`,
+    bridgeTabId: 1,
+    bridgeWindowId: 1,
+    targetUrl: baseRequest.url,
+    targetMode: baseRequest.options.targetMode,
+    createdByCapture: false,
+    keepTabOpen: false,
+    phase: 'target_opening',
+    status: 'running',
+    startedAt: 1,
+    updatedAt: 1,
+    deadlineAt: Date.now() + 60_000
+  })
+
+  const response = await startAgentCapture(
+    {
+      type: 'START_AGENT_CAPTURE',
+      captureId,
+      sessionId,
+      nonce,
+      bridgeOrigin: 'http://127.0.0.1:17370',
+      request: baseRequest,
+      capabilities: { ...fullCapabilities }
+    },
+    { url: `http://127.0.0.1:17370/bridge?session=${sessionId}&capture=${captureId}&nonce=${nonce}`, tab: { id: 1, windowId: 1 } }
+  )
+
+  assert.equal(response.error.code, 'CAPTURE_BUSY')
+  assert.equal((await getBridgeSession(1))?.captureId, captureId)
+  delete globalThis.chrome
+})
+
+test('agent capture serializes concurrent starts before target resolution', async () => {
+  const env = makeChrome()
+  enableBridgeStatusAck(env)
+  enableFastHeaderFallback()
+  globalThis.chrome = env.chrome
+  const [{ registerBridgeSession }, { startAgentCapture, registerAgentProfileTransferPort }] = await Promise.all([
+    loadTsModule('src/background/agent-bridge-session.ts'),
+    loadTsModule('src/background/agent-capture.ts')
+  ])
+  await registerBridgeSession({
+    tabId: 1,
+    windowId: 1,
+    bridgeOrigin: 'http://127.0.0.1:17370',
+    sessionId,
+    captureId,
+    nonce
+  })
+  const otherSessionId = identifiers.sessionId.valid[1]
+  const otherNonce = identifiers.nonce.valid[1]
+  env.tabs.push({
+    id: 4,
+    windowId: 1,
+    url: `http://127.0.0.1:17370/bridge?session=${otherSessionId}&capture=${secondCaptureId}&nonce=${otherNonce}`,
+    incognito: false
+  })
+  await registerBridgeSession({
+    tabId: 4,
+    windowId: 1,
+    bridgeOrigin: 'http://127.0.0.1:17370',
+    sessionId: otherSessionId,
+    captureId: secondCaptureId,
+    nonce: otherNonce
+  })
+  await connectProfileTransferPort(env, registerAgentProfileTransferPort)
+
+  const startMessage = (id, activeSessionId, activeNonce) => ({
+    type: 'START_AGENT_CAPTURE',
+    captureId: id,
+    sessionId: activeSessionId,
+    nonce: activeNonce,
+    bridgeOrigin: 'http://127.0.0.1:17370',
+    request: baseRequest,
+    capabilities: { ...fullCapabilities }
+  })
+  const results = await Promise.all([
+    startAgentCapture(startMessage(captureId, sessionId, nonce), {
+      url: `http://127.0.0.1:17370/bridge?session=${sessionId}&capture=${captureId}&nonce=${nonce}`,
+      tab: { id: 1, windowId: 1 }
+    }),
+    startAgentCapture(startMessage(secondCaptureId, otherSessionId, otherNonce), {
+      url: `http://127.0.0.1:17370/bridge?session=${otherSessionId}&capture=${secondCaptureId}&nonce=${otherNonce}`,
+      tab: { id: 4, windowId: 1 }
+    })
+  ])
+
+  assert.equal(results.filter(result => result.ok).length, 1)
+  assert.equal(results.filter(result => !result.ok && result.error.code === 'CAPTURE_BUSY').length, 1)
+  await waitForMessage(env.messages, message => message.type === 'AGENT_PROFILE_TRANSFER_COMPLETE')
+  delete globalThis.chrome
+})
+
+test('agent capture waits for profile transfer port before target capture', async () => {
+  const env = makeChrome()
+  enableBridgeStatusAck(env)
+  enableFastHeaderFallback()
+  const scheduledDelays = []
+  const baseRemove = env.chrome.tabs.remove
+  const originalSetTimeout = globalThis.setTimeout
+  const originalClearTimeout = globalThis.clearTimeout
+  globalThis.setTimeout = (callback, delay, ...args) => {
+    if (Number(delay) === 600) {
+      scheduledDelays.push(600)
+      return { fakeTimer: true }
+    }
+    return originalSetTimeout(callback, 0, ...args)
+  }
+  globalThis.clearTimeout = timer => {
+    if (timer && typeof timer === 'object' && 'fakeTimer' in timer) return
+    return originalClearTimeout(timer)
+  }
+  env.chrome.tabs.remove = async id => {
+    await baseRemove(id)
+    env.tabs.splice(
+      env.tabs.findIndex(tab => tab.id === id),
+      1
+    )
+  }
+  env.chrome.scripting.executeScript = async () => [{ result: {} }]
+  globalThis.chrome = env.chrome
+  try {
+    const [{ registerBridgeSession }, { startAgentCapture }, { listAgentCaptureIds }] = await Promise.all([
+      loadTsModule('src/background/agent-bridge-session.ts'),
+      loadTsModule('src/background/agent-capture.ts'),
+      loadTsModule('src/background/agent-capture-state.ts')
+    ])
+    await registerBridgeSession({
+      tabId: 1,
+      windowId: 1,
+      bridgeOrigin: 'http://127.0.0.1:17370',
+      sessionId,
+      captureId,
+      nonce
+    })
+
+    const ordinaryDetectionBaseline = scheduledDelays.length
+    const response = await startAgentCapture(
+      {
+        type: 'START_AGENT_CAPTURE',
+        captureId,
+        sessionId,
+        nonce,
+        bridgeOrigin: 'http://127.0.0.1:17370',
+        request: baseRequest,
+        capabilities: {
+          agentBridge: true,
+          siteExperienceProfileV1: true,
+          profileChunkTransport: true,
+          bridgeContentPost: true,
+          storageSession: true,
+          experienceProfiler: true,
+          rawProfile: true,
+          viewportMetadata: true
+        }
+      },
+      { url: `http://127.0.0.1:17370/bridge?session=${sessionId}&capture=${captureId}&nonce=${nonce}`, tab: { id: 1, windowId: 1 } }
+    )
+
+    assert.equal(response.ok, false)
+    assert.equal(response.error.code, 'BRIDGE_TRANSPORT_DISCONNECTED')
+    assert.deepEqual(scheduledDelays.slice(ordinaryDetectionBaseline), [])
+    assert.equal(env.removedTabs.includes(2), false)
+    assert.deepEqual(await listAgentCaptureIds(), [])
+  } finally {
+    globalThis.setTimeout = originalSetTimeout
+    globalThis.clearTimeout = originalClearTimeout
+    delete globalThis.chrome
+    restoreFetch()
+  }
+})
+
+test('agent capture starts when profile transfer port connects during wait window', async () => {
+  const env = makeChrome()
+  enableBridgeStatusAck(env)
+  enableFastHeaderFallback()
+  globalThis.chrome = env.chrome
+  const [{ registerBridgeSession }, { startAgentCapture, registerAgentProfileTransferPort }] = await Promise.all([
+    loadTsModule('src/background/agent-bridge-session.ts'),
+    loadTsModule('src/background/agent-capture.ts')
+  ])
+  await registerBridgeSession({
+    tabId: 1,
+    windowId: 1,
+    bridgeOrigin: 'http://127.0.0.1:17370',
+    sessionId,
+    captureId,
+    nonce
+  })
+
+  const start = startAgentCapture(
+    {
+      type: 'START_AGENT_CAPTURE',
+      captureId,
+      sessionId,
+      nonce,
+      bridgeOrigin: 'http://127.0.0.1:17370',
+      request: baseRequest,
+      capabilities: {
+        agentBridge: true,
+        siteExperienceProfileV1: true,
+        profileChunkTransport: true,
+        bridgeContentPost: true,
+        storageSession: true,
+        experienceProfiler: true,
+        rawProfile: true,
+        viewportMetadata: true
+      }
+    },
+    { url: `http://127.0.0.1:17370/bridge?session=${sessionId}&capture=${captureId}&nonce=${nonce}`, tab: { id: 1, windowId: 1 } }
+  )
+
+  await new Promise(resolve => setTimeout(resolve, 0))
+  await connectProfileTransferPort(env, registerAgentProfileTransferPort)
+  const response = await start
+
+  assert.equal(response.ok, true)
+  await waitForMessage(env.messages, message => message.type === 'AGENT_PROFILE_TRANSFER_COMPLETE')
+  delete globalThis.chrome
+  restoreFetch()
+})
+
+test('agent capture reports detection and experience phases before long-running collection', async () => {
+  const env = makeChrome()
+  enableBridgeStatusAck(env)
+  enableFastHeaderFallback()
+  globalThis.chrome = env.chrome
+  const [{ registerBridgeSession }, { startAgentCapture, registerAgentProfileTransferPort }] = await Promise.all([
+    loadTsModule('src/background/agent-bridge-session.ts'),
+    loadTsModule('src/background/agent-capture.ts')
+  ])
+  await registerBridgeSession({
+    tabId: 1,
+    windowId: 1,
+    bridgeOrigin: 'http://127.0.0.1:17370',
+    sessionId,
+    captureId,
+    nonce
+  })
+  await connectProfileTransferPort(env, registerAgentProfileTransferPort)
+
+  const response = await startAgentCapture(
+    {
+      type: 'START_AGENT_CAPTURE',
+      captureId,
+      sessionId,
+      nonce,
+      bridgeOrigin: 'http://127.0.0.1:17370',
+      request: {
+        ...baseRequest,
+        waitMs: 1,
+        include: ['tech', 'visual'],
+        options: { ...baseRequest.options, forceRefresh: false }
+      },
+      capabilities: { ...fullCapabilities }
+    },
+    { url: `http://127.0.0.1:17370/bridge?session=${sessionId}&capture=${captureId}&nonce=${nonce}`, tab: { id: 1, windowId: 1 } }
+  )
+
+  assert.equal(response.ok, true)
+  await waitForProfileTransferComplete(env)
+  assert.deepEqual(
+    env.messages.filter(message => message.type === 'AGENT_CAPTURE_STATUS').map(message => message.payload.phase),
+    ['target_loaded', 'detecting_tech', 'profiling_experience']
+  )
+  delete globalThis.chrome
+  restoreFetch()
+})
+
+test('agent profile transfer accepts immediate ack after waiter is notified', async () => {
+  const env = makeChrome()
+  globalThis.chrome = env.chrome
+  const [
+    { registerBridgeSession },
+    { clearProfileTransferPort, registerAgentProfileTransferPort, sendProfileToBridge, waitForProfileTransferPort }
+  ] = await Promise.all([
+    loadTsModule('src/background/agent-bridge-session.ts'),
+    loadTsModule('src/background/agent-capture-transfer.ts')
+  ])
+  await registerBridgeSession({
+    tabId: 1,
+    windowId: 1,
+    bridgeOrigin: 'http://127.0.0.1:17370',
+    sessionId,
+    captureId,
+    nonce
+  })
+  const connected = waitForProfileTransferPort({ captureId, sessionId, nonce }).then(async value => {
+    assert.equal(value, true)
+    await sendProfileToBridge(
+      {
+        captureId,
+        sessionId,
+        nonce,
+        bridgeOrigin: 'http://127.0.0.1:17370',
+        bridgeUrl: `http://127.0.0.1:17370/bridge?session=${sessionId}&capture=${captureId}&nonce=${nonce}`,
+        bridgeTabId: 1,
+        bridgeWindowId: 1,
+        targetUrl: baseRequest.url,
+        targetMode: 'new_tab',
+        createdByCapture: true,
+        keepTabOpen: false,
+        phase: 'posting_profile',
+        status: 'running',
+        startedAt: Date.now(),
+        updatedAt: Date.now(),
+        deadlineAt: Date.now() + 60000
+      },
+      {
+        schema: 'stackprism.site_experience_profile.v1',
+        captureId,
+        generatedAt: new Date(0).toISOString(),
+        target: {},
+        browserContext: { extensionCapabilities: {} },
+        techProfile: {},
+        visualProfile: {},
+        layoutProfile: {},
+        componentProfile: {},
+        interactionProfile: {},
+        uxProfile: {},
+        assetProfile: {},
+        evidence: {},
+        limitations: [],
+        agentGuidance: {}
+      }
+    )
+  })
+
+  try {
+    await connectProfileTransferPort(env, registerAgentProfileTransferPort, { syncAck: true })
+    await connected
+
+    assert.equal(env.messages.some(message => message.type === 'AGENT_PROFILE_TRANSFER_COMPLETE'), true)
+  } finally {
+    clearProfileTransferPort({ captureId, sessionId, nonce })
+    delete globalThis.chrome
+  }
+})
+
+test('agent profile transfer ignores malformed ack keys without breaking pending transfer', async () => {
+  const env = makeChrome()
+  globalThis.chrome = env.chrome
+  const [
+    { registerBridgeSession },
+    { clearProfileTransferPort, registerAgentProfileTransferPort, sendProfileToBridge, waitForProfileTransferPort }
+  ] = await Promise.all([
+    loadTsModule('src/background/agent-bridge-session.ts'),
+    loadTsModule('src/background/agent-capture-transfer.ts')
+  ])
+  await registerBridgeSession({
+    tabId: 1,
+    windowId: 1,
+    bridgeOrigin: 'http://127.0.0.1:17370',
+    sessionId,
+    captureId,
+    nonce
+  })
+  const connected = waitForProfileTransferPort({ captureId, sessionId, nonce })
+
+  try {
+    const connection = await connectProfileTransferPort(env, registerAgentProfileTransferPort, { autoAck: false })
+    await connected
+    connection.emit({
+      type: 'AGENT_PROFILE_TRANSFER_ACK',
+      captureId,
+      sessionId,
+      nonce,
+      profileTransferId: 'xfer_bad:key',
+      ok: true
+    })
+    const acknowledgeLastTransferMessage = () => {
+      const message = env.messages.at(-1)
+      connection.emit({
+        type: 'AGENT_PROFILE_TRANSFER_ACK',
+        captureId: message.captureId,
+        sessionId: message.sessionId,
+        nonce: message.nonce,
+        profileTransferId: message.profileTransferId,
+        chunkIndex: message.chunkIndex,
+        ok: true
+      })
+    }
+
+    const profilePromise = sendProfileToBridge(
+      {
+        captureId,
+        sessionId,
+        nonce,
+        bridgeOrigin: 'http://127.0.0.1:17370',
+        bridgeUrl: `http://127.0.0.1:17370/bridge?session=${sessionId}&capture=${captureId}&nonce=${nonce}`,
+        bridgeTabId: 1,
+        bridgeWindowId: 1,
+        targetUrl: baseRequest.url,
+        targetMode: 'new_tab',
+        createdByCapture: true,
+        keepTabOpen: false,
+        phase: 'posting_profile',
+        status: 'running',
+        startedAt: Date.now(),
+        updatedAt: Date.now(),
+        deadlineAt: Date.now() + 60000
+      },
+      {
+        schema: 'stackprism.site_experience_profile.v1',
+        captureId,
+        generatedAt: new Date(0).toISOString(),
+        target: {},
+        browserContext: { extensionCapabilities: {} },
+        techProfile: {},
+        visualProfile: {},
+        layoutProfile: {},
+        componentProfile: {},
+        interactionProfile: {},
+        uxProfile: {},
+        assetProfile: {},
+        evidence: {},
+        limitations: [],
+        agentGuidance: {}
+      }
+    )
+    await waitForMessage(env.messages, message => message.type === 'AGENT_PROFILE_TRANSFER_BEGIN')
+    acknowledgeLastTransferMessage()
+    await waitForMessage(env.messages, message => message.type === 'AGENT_PROFILE_TRANSFER_CHUNK')
+    acknowledgeLastTransferMessage()
+    await waitForMessage(env.messages, message => message.type === 'AGENT_PROFILE_TRANSFER_COMPLETE')
+    acknowledgeLastTransferMessage()
+    await profilePromise
+
+    assert.equal(env.messages.some(message => message.type === 'AGENT_PROFILE_TRANSFER_COMPLETE'), true)
+  } finally {
+    clearProfileTransferPort({ captureId, sessionId, nonce })
+    delete globalThis.chrome
+  }
+})
+
+test('agent capture fails closed when the profile transfer port disconnects', async () => {
+  const env = makeChrome()
+  enableBridgeStatusAck(env)
+  enableFastHeaderFallback()
+  globalThis.chrome = env.chrome
+  const [{ registerBridgeSession }, { startAgentCapture, registerAgentProfileTransferPort }, { listAgentCaptureIds }] = await Promise.all([
+    loadTsModule('src/background/agent-bridge-session.ts'),
+    loadTsModule('src/background/agent-capture.ts'),
+    loadTsModule('src/background/agent-capture-state.ts')
+  ])
+  await registerBridgeSession({
+    tabId: 1,
+    windowId: 1,
+    bridgeOrigin: 'http://127.0.0.1:17370',
+    sessionId,
+    captureId,
+    nonce
+  })
+  await connectProfileTransferPort(env, registerAgentProfileTransferPort, {
+    disconnectOnMessageType: 'AGENT_PROFILE_TRANSFER_BEGIN'
+  })
+
+  const response = await startAgentCapture(
+    {
+      type: 'START_AGENT_CAPTURE',
+      captureId,
+      sessionId,
+      nonce,
+      bridgeOrigin: 'http://127.0.0.1:17370',
+      request: baseRequest,
+      capabilities: {
+        agentBridge: true,
+        siteExperienceProfileV1: true,
+        profileChunkTransport: true,
+        bridgeContentPost: true,
+        storageSession: true,
+        experienceProfiler: true,
+        rawProfile: true,
+        viewportMetadata: true
+      }
+    },
+    { url: `http://127.0.0.1:17370/bridge?session=${sessionId}&capture=${captureId}&nonce=${nonce}`, tab: { id: 1, windowId: 1 } }
+  )
+
+  assert.equal(response.ok, true)
+  await waitForMessage(
+    env.messages,
+    message => message.type === 'AGENT_CAPTURE_STATUS' && message.payload.error?.code === 'BRIDGE_TRANSPORT_DISCONNECTED'
+  )
+  assert.deepEqual(await listAgentCaptureIds(), [])
+  delete globalThis.chrome
+  restoreFetch()
+})
+
+test('agent capture stops before detection when bridge blocks final URL', async () => {
+  const env = makeChrome()
+  let detectionAttempted = false
+  env.chrome.tabs.create = async create => {
+    const tab = {
+      id: 3,
+      windowId: 1,
+      url: 'https://redirect.internal.example/dashboard',
+      title: 'Redirected',
+      incognito: false,
+      status: 'complete'
+    }
+    env.tabs.push(tab)
+    return tab
+  }
+  env.chrome.scripting.executeScript = async () => {
+    detectionAttempted = true
+    return [{ result: {} }]
+  }
+  env.chrome.tabs.sendMessage = async (_tabId, message) => {
+    env.messages.push(message)
+    if (message.type === 'AGENT_CAPTURE_STATUS' && message.payload.phase === 'target_loaded') {
+      assert.equal(message.payload.targetNetworkAddress, undefined)
+      return {
+        ok: false,
+        error: { code: 'FINAL_URL_BLOCKED', message: 'Final URL blocked.', details: { reason: 'private_network_address' } }
+      }
+    }
+    return { ok: true }
+  }
+  globalThis.chrome = env.chrome
+  const [{ registerBridgeSession }, { startAgentCapture, registerAgentProfileTransferPort }, { listAgentCaptureIds }] = await Promise.all([
+    loadTsModule('src/background/agent-bridge-session.ts'),
+    loadTsModule('src/background/agent-capture.ts'),
+    loadTsModule('src/background/agent-capture-state.ts')
+  ])
+  await registerBridgeSession({
+    tabId: 1,
+    windowId: 1,
+    bridgeOrigin: 'http://127.0.0.1:17370',
+    sessionId,
+    captureId,
+    nonce
+  })
+  await connectProfileTransferPort(env, registerAgentProfileTransferPort)
+
+  const response = await startAgentCapture(
+    {
+      type: 'START_AGENT_CAPTURE',
+      captureId,
+      sessionId,
+      nonce,
+      bridgeOrigin: 'http://127.0.0.1:17370',
+      request: { ...baseRequest, options: { ...baseRequest.options, targetMode: 'new_tab' } },
+      capabilities: {
+        agentBridge: true,
+        siteExperienceProfileV1: true,
+        profileChunkTransport: true,
+        bridgeContentPost: true,
+        storageSession: true,
+        experienceProfiler: true,
+        rawProfile: true,
+        viewportMetadata: true
+      }
+    },
+    { url: `http://127.0.0.1:17370/bridge?session=${sessionId}&capture=${captureId}&nonce=${nonce}`, tab: { id: 1, windowId: 1 } }
+  )
+
+  assert.equal(response.ok, true)
+  await new Promise(resolve => setTimeout(resolve, 20))
+  assert.equal(
+    env.messages.some(
+      message => message.type === 'AGENT_CAPTURE_STATUS' && message.payload.finalUrl === 'https://redirect.internal.example/dashboard'
+    ),
+    true
+  )
+  assert.equal(detectionAttempted, false)
+  assert.deepEqual(await listAgentCaptureIds(), [])
+  delete globalThis.chrome
+})
+
+test('agent capture fails closed when Chrome reports private target network address', async () => {
+  resetLoadTsModuleCaches()
+  const env = makeChrome()
+  enableBridgeStatusAck(env)
+  const scheduledDelays = []
+  const originalSetTimeout = globalThis.setTimeout
+  const originalClearTimeout = globalThis.clearTimeout
+  globalThis.setTimeout = (callback, delay, ...args) => {
+    if (Number(delay) === 600) {
+      scheduledDelays.push(600)
+      return { fakeTimer: true }
+    }
+    return originalSetTimeout(callback, delay, ...args)
+  }
+  globalThis.clearTimeout = timer => {
+    if (timer && typeof timer === 'object' && 'fakeTimer' in timer) return
+    return originalClearTimeout(timer)
+  }
+  env.chrome.tabs.create = async create => {
+    const tab = { id: 3, windowId: 1, url: create.url, title: 'Target', incognito: false, status: 'loading' }
+    env.tabs.push(tab)
+    setTimeout(() => {
+      for (const listener of env.webRequestEvents.onResponseStarted) {
+        listener({
+          tabId: 3,
+          requestId: 'target-main-frame',
+          url: create.url,
+          type: 'main_frame',
+          method: 'GET',
+          statusCode: 200,
+          statusLine: 'HTTP/1.1 200 OK',
+          fromCache: false,
+          ip: '127.0.0.1'
+        })
+      }
+      tab.status = 'complete'
+      for (const listener of env.tabEvents.onUpdated) {
+        listener(3, { status: 'complete', url: tab.url }, tab)
+      }
+    }, 0)
+    return tab
+  }
+  env.chrome.scripting.executeScript = async () => [{ result: {} }]
+  globalThis.chrome = env.chrome
+  try {
+    const [{ registerBridgeSession }, { startAgentCapture, registerAgentProfileTransferPort }, { listAgentCaptureIds }] = await Promise.all([
+      loadTsModule('src/background/agent-bridge-session.ts'),
+      loadTsModule('src/background/agent-capture.ts'),
+      loadTsModule('src/background/agent-capture-state.ts'),
+      loadTsModule('src/background/index.ts')
+    ])
+    await registerBridgeSession({
+      tabId: 1,
+      windowId: 1,
+      bridgeOrigin: 'http://127.0.0.1:17370',
+      sessionId,
+      captureId,
+      nonce
+    })
+    await connectProfileTransferPort(env, registerAgentProfileTransferPort)
+
+    const ordinaryDetectionBaseline = scheduledDelays.length
+    const response = await startAgentCapture(
+      {
+        type: 'START_AGENT_CAPTURE',
+        captureId,
+        sessionId,
+        nonce,
+        bridgeOrigin: 'http://127.0.0.1:17370',
+        request: {
+          ...baseRequest,
+          include: ['tech'],
+          options: { ...baseRequest.options, targetMode: 'new_tab', forceRefresh: false }
+        },
+        capabilities: { ...fullCapabilities }
+      },
+      { url: `http://127.0.0.1:17370/bridge?session=${sessionId}&capture=${captureId}&nonce=${nonce}`, tab: { id: 1, windowId: 1 } }
+    )
+
+    assert.equal(response.ok, true)
+    const failed = await waitForMessage(
+      env.messages,
+      message => message.type === 'AGENT_CAPTURE_STATUS' && message.payload.error?.code === 'PRIVATE_NETWORK_TARGET_BLOCKED'
+    )
+    assert.equal(failed.payload.phase, 'target_loaded')
+    assert.equal(failed.payload.error.details.reason, 'private_network_address')
+    assert.equal(failed.payload.error.details.address, '127.0.0.1')
+    assert.deepEqual(scheduledDelays.slice(ordinaryDetectionBaseline), [])
+    assert.deepEqual(await listAgentCaptureIds(), [])
+  } finally {
+    globalThis.setTimeout = originalSetTimeout
+    globalThis.clearTimeout = originalClearTimeout
+    delete globalThis.chrome
+  }
+})
+
+test('agent capture allows public target when Chrome omits target network address', async () => {
+  resetLoadTsModuleCaches()
+  const env = makeChrome()
+  enableBridgeStatusAck(env)
+  enableFastHeaderFallback()
+  let detectionAttempted = false
+  env.chrome.tabs.create = async create => {
+    const tab = { id: 3, windowId: 1, url: create.url, title: 'Target', incognito: false, status: 'loading' }
+    env.tabs.push(tab)
+    setTimeout(() => {
+      for (const listener of env.webRequestEvents.onResponseStarted) {
+        listener({
+          tabId: 3,
+          requestId: 'target-main-frame',
+          url: create.url,
+          type: 'main_frame',
+          method: 'GET',
+          statusCode: 200,
+          statusLine: 'HTTP/1.1 200 OK',
+          fromCache: false
+        })
+      }
+      tab.status = 'complete'
+      for (const listener of env.tabEvents.onUpdated) {
+        listener(3, { status: 'complete', url: tab.url }, tab)
+      }
+    }, 0)
+    return tab
+  }
+  env.chrome.scripting.executeScript = async () => {
+    detectionAttempted = true
+    return [{ result: { visual: {}, layout: {}, components: {}, interaction: {}, ux: {}, assets: {}, evidence: {} } }]
+  }
+  globalThis.chrome = env.chrome
+  const [{ registerBridgeSession }, { startAgentCapture, registerAgentProfileTransferPort }, { listAgentCaptureIds }] = await Promise.all([
+    loadTsModule('src/background/agent-bridge-session.ts'),
+    loadTsModule('src/background/agent-capture.ts'),
+    loadTsModule('src/background/agent-capture-state.ts'),
+    loadTsModule('src/background/index.ts')
+  ])
+  await registerBridgeSession({
+    tabId: 1,
+    windowId: 1,
+    bridgeOrigin: 'http://127.0.0.1:17370',
+    sessionId,
+    captureId,
+    nonce
+  })
+  await connectProfileTransferPort(env, registerAgentProfileTransferPort)
+
+  const response = await startAgentCapture(
+    {
+      type: 'START_AGENT_CAPTURE',
+      captureId,
+      sessionId,
+      nonce,
+      bridgeOrigin: 'http://127.0.0.1:17370',
+      request: {
+        ...baseRequest,
+        include: ['tech'],
+        options: { ...baseRequest.options, targetMode: 'new_tab', forceRefresh: false }
+      },
+      capabilities: { ...fullCapabilities }
+    },
+    { url: `http://127.0.0.1:17370/bridge?session=${sessionId}&capture=${captureId}&nonce=${nonce}`, tab: { id: 1, windowId: 1 } }
+  )
+
+  assert.equal(response.ok, true)
+  const loaded = await waitForMessage(
+    env.messages,
+    message => message.type === 'AGENT_CAPTURE_STATUS' && message.payload.phase === 'target_loaded'
+  )
+  assert.equal(loaded.payload.targetNetworkAddress, undefined)
+  assert.equal(loaded.payload.error, undefined)
+  assert.equal(
+    env.messages.some(message => message.type === 'AGENT_CAPTURE_STATUS' && message.payload.error?.code === 'PRIVATE_NETWORK_TARGET_BLOCKED'),
+    false
+  )
+  assert.equal(detectionAttempted, true)
+  await waitForProfileTransferComplete(env)
+  assert.deepEqual(await listAgentCaptureIds(), [])
+  delete globalThis.chrome
+  restoreFetch()
+})
+
+test('agent capture blocks private final URL even when browser network metadata omits the target ip', async () => {
+  const env = makeChrome()
+  let detectionAttempted = false
+  env.chrome.tabs.create = async create => {
+    const tab = {
+      id: 3,
+      windowId: 1,
+      url: 'http://localhost:18080/admin',
+      title: 'Private final',
+      incognito: false,
+      status: 'complete'
+    }
+    env.tabs.push(tab)
+    return tab
+  }
+  env.chrome.scripting.executeScript = async () => {
+    detectionAttempted = true
+    return [{ result: {} }]
+  }
+  globalThis.chrome = env.chrome
+  const [{ registerBridgeSession }, { startAgentCapture, registerAgentProfileTransferPort }, { listAgentCaptureIds }] = await Promise.all([
+    loadTsModule('src/background/agent-bridge-session.ts'),
+    loadTsModule('src/background/agent-capture.ts'),
+    loadTsModule('src/background/agent-capture-state.ts')
+  ])
+  await registerBridgeSession({
+    tabId: 1,
+    windowId: 1,
+    bridgeOrigin: 'http://127.0.0.1:17370',
+    sessionId,
+    captureId,
+    nonce
+  })
+  await connectProfileTransferPort(env, registerAgentProfileTransferPort)
+
+  const response = await startAgentCapture(
+    {
+      type: 'START_AGENT_CAPTURE',
+      captureId,
+      sessionId,
+      nonce,
+      bridgeOrigin: 'http://127.0.0.1:17370',
+      request: {
+        ...baseRequest,
+        url: 'https://public.example/start',
+        options: { ...baseRequest.options, targetMode: 'new_tab' }
+      },
+      capabilities: { ...fullCapabilities }
+    },
+    { url: `http://127.0.0.1:17370/bridge?session=${sessionId}&capture=${captureId}&nonce=${nonce}`, tab: { id: 1, windowId: 1 } }
+  )
+
+  assert.equal(response.ok, true)
+  await new Promise(resolve => setTimeout(resolve, 20))
+  assert.equal(detectionAttempted, false)
+  const captureIds = await listAgentCaptureIds()
+  assert.deepEqual(captureIds, [])
+  const failed = env.messages.find(
+    message => message.type === 'AGENT_CAPTURE_STATUS' && message.payload.status === 'failed' && message.payload.error?.code === 'FINAL_URL_BLOCKED'
+  )
+  assert.equal(Boolean(failed), true)
+  assert.equal(failed.payload.error.details.reason, 'private_network_address')
+  assert.equal(failed.payload.error.details.finalUrl, 'http://localhost:18080/admin')
+  delete globalThis.chrome
+  restoreFetch()
+})
+
+test('agent capture keeps target network evidence across tab loading updates', async () => {
+  resetLoadTsModuleCaches()
+  const env = makeChrome()
+  enableBridgeStatusAck(env)
+  enableFastHeaderFallback()
+  let detectionAttempted = false
+  env.chrome.tabs.create = async create => {
+    const tab = { id: 3, windowId: 1, url: create.url, title: 'Target', incognito: false, status: 'loading' }
+    env.tabs.push(tab)
+    queueMicrotask(() => {
+      for (const listener of env.webRequestEvents.onResponseStarted) {
+        listener({
+          tabId: 3,
+          requestId: 'target-main-frame',
+          url: create.url,
+          type: 'main_frame',
+          method: 'GET',
+          statusCode: 200,
+          statusLine: 'HTTP/1.1 200 OK',
+          fromCache: false,
+          ip: '93.184.216.34'
+        })
+      }
+      for (const listener of env.tabEvents.onUpdated) {
+        listener(3, { status: 'loading', url: tab.url }, tab)
+      }
+      tab.status = 'complete'
+      for (const listener of env.tabEvents.onUpdated) {
+        listener(3, { status: 'complete', url: tab.url }, tab)
+      }
+    })
+    return tab
+  }
+  env.chrome.scripting.executeScript = async () => {
+    detectionAttempted = true
+    return [{ result: { visual: {}, layout: {}, components: {}, interaction: {}, ux: {}, assets: {}, evidence: {} } }]
+  }
+  globalThis.chrome = env.chrome
+  const [{ registerBridgeSession }, { startAgentCapture, registerAgentProfileTransferPort }] = await Promise.all([
+    loadTsModule('src/background/agent-bridge-session.ts'),
+    loadTsModule('src/background/agent-capture.ts'),
+    loadTsModule('src/background/agent-capture-state.ts'),
+    loadTsModule('src/background/index.ts')
+  ])
+  await registerBridgeSession({
+    tabId: 1,
+    windowId: 1,
+    bridgeOrigin: 'http://127.0.0.1:17370',
+    sessionId,
+    captureId,
+    nonce
+  })
+  await connectProfileTransferPort(env, registerAgentProfileTransferPort)
+
+  const response = await startAgentCapture(
+    {
+      type: 'START_AGENT_CAPTURE',
+      captureId,
+      sessionId,
+      nonce,
+      bridgeOrigin: 'http://127.0.0.1:17370',
+      request: {
+        ...baseRequest,
+        include: ['tech'],
+        options: { ...baseRequest.options, targetMode: 'new_tab', forceRefresh: false }
+      },
+      capabilities: { ...fullCapabilities }
+    },
+    { url: `http://127.0.0.1:17370/bridge?session=${sessionId}&capture=${captureId}&nonce=${nonce}`, tab: { id: 1, windowId: 1 } }
+  )
+
+  assert.equal(response.ok, true)
+  const loaded = await waitForMessage(
+    env.messages,
+    message => message.type === 'AGENT_CAPTURE_STATUS' && message.payload.phase === 'target_loaded'
+  )
+  assert.equal(loaded.payload.targetNetworkAddress, '93.184.216.34')
+  assert.equal(loaded.payload.error, undefined)
+  assert.equal(detectionAttempted, true)
+  await waitForProfileTransferComplete(env)
+  delete globalThis.chrome
+})
+
+test('agent capture force refresh reloads target with bypassCache before network validation', async () => {
+  resetLoadTsModuleCaches()
+  const env = makeChrome()
+  enableBridgeStatusAck(env)
+  enableFastHeaderFallback()
+  let detectionAttempted = false
+  const reloads = []
+  env.chrome.tabs.create = async create => {
+    const tab = { id: 3, windowId: 1, url: create.url, title: 'Target', incognito: false, status: 'complete' }
+    env.tabs.push(tab)
+    queueMicrotask(() => {
+      for (const listener of env.webRequestEvents.onResponseStarted) {
+        listener({
+          tabId: 3,
+          requestId: 'target-main-frame-cached',
+          url: create.url,
+          type: 'main_frame',
+          method: 'GET',
+          statusCode: 200,
+          statusLine: 'HTTP/1.1 200 OK',
+          fromCache: true,
+          ip: '93.184.216.33'
+        })
+      }
+    })
+    return tab
+  }
+  env.chrome.tabs.reload = async (tabId, options) => {
+    reloads.push({ tabId, options })
+    const tab = env.tabs.find(item => item.id === tabId)
+    for (const listener of env.tabEvents.onUpdated) {
+      listener(tabId, { title: 'Still old page' }, tab)
+    }
+    setTimeout(() => {
+      tab.status = 'loading'
+      for (const listener of env.tabEvents.onUpdated) {
+        listener(tabId, { status: 'loading', url: tab.url }, tab)
+      }
+      for (const listener of env.webRequestEvents.onResponseStarted) {
+        listener({
+          tabId,
+          requestId: 'target-main-frame-reloaded',
+          url: tab.url,
+          type: 'main_frame',
+          method: 'GET',
+          statusCode: 200,
+          statusLine: 'HTTP/1.1 200 OK',
+          fromCache: false,
+          ip: '93.184.216.34'
+        })
+      }
+      tab.status = 'complete'
+      for (const listener of env.tabEvents.onUpdated) {
+        listener(tabId, { status: 'complete', url: tab.url }, tab)
+      }
+    }, 0)
+  }
+  env.chrome.scripting.executeScript = async () => {
+    detectionAttempted = true
+    return [{ result: { visual: {}, layout: {}, components: {}, interaction: {}, ux: {}, assets: {}, evidence: {} } }]
+  }
+  globalThis.chrome = env.chrome
+  const [{ registerBridgeSession }, { startAgentCapture, registerAgentProfileTransferPort }] = await Promise.all([
+    loadTsModule('src/background/agent-bridge-session.ts'),
+    loadTsModule('src/background/agent-capture.ts'),
+    loadTsModule('src/background/agent-capture-state.ts'),
+    loadTsModule('src/background/index.ts')
+  ])
+  await registerBridgeSession({
+    tabId: 1,
+    windowId: 1,
+    bridgeOrigin: 'http://127.0.0.1:17370',
+    sessionId,
+    captureId,
+    nonce
+  })
+  await connectProfileTransferPort(env, registerAgentProfileTransferPort)
+
+  const response = await startAgentCapture(
+    {
+      type: 'START_AGENT_CAPTURE',
+      captureId,
+      sessionId,
+      nonce,
+      bridgeOrigin: 'http://127.0.0.1:17370',
+      request: {
+        ...baseRequest,
+        include: ['tech'],
+        options: { ...baseRequest.options, targetMode: 'new_tab', forceRefresh: true }
+      },
+      capabilities: { ...fullCapabilities }
+    },
+    { url: `http://127.0.0.1:17370/bridge?session=${sessionId}&capture=${captureId}&nonce=${nonce}`, tab: { id: 1, windowId: 1 } }
+  )
+
+  assert.equal(response.ok, true)
+  const loaded = await waitForMessage(
+    env.messages,
+    message => message.type === 'AGENT_CAPTURE_STATUS' && message.payload.phase === 'target_loaded'
+  )
+  assert.deepEqual(reloads, [{ tabId: 3, options: { bypassCache: true } }])
+  assert.equal(loaded.payload.targetNetworkAddress, '93.184.216.34')
+  assert.equal(loaded.payload.targetNetworkFromCache, false)
+  assert.equal(loaded.payload.error, undefined)
+  assert.equal(detectionAttempted, true)
+  await waitForProfileTransferComplete(env)
+  delete globalThis.chrome
+})
+
+test('agent capture force refresh ignores stale complete before reload loading starts', async () => {
+  resetLoadTsModuleCaches()
+  const env = makeChrome()
+  enableBridgeStatusAck(env)
+  enableFastHeaderFallback()
+  const reloads = []
+  const detectionUrls = []
+  env.chrome.tabs.create = async create => {
+    const tab = { id: 3, windowId: 1, url: create.url, title: 'Target', incognito: false, status: 'complete' }
+    env.tabs.push(tab)
+    return tab
+  }
+  env.chrome.tabs.reload = async (tabId, options) => {
+    reloads.push({ tabId, options })
+    const tab = env.tabs.find(item => item.id === tabId)
+    for (const listener of env.tabEvents.onUpdated) {
+      listener(tabId, { status: 'complete', url: tab.url }, tab)
+    }
+    setTimeout(() => {
+      tab.url = 'https://example.com/app?view=one&fresh=1'
+      tab.status = 'loading'
+      for (const listener of env.tabEvents.onUpdated) {
+        listener(tabId, { status: 'loading', url: tab.url }, tab)
+      }
+      for (const listener of env.webRequestEvents.onResponseStarted) {
+        listener({
+          tabId,
+          requestId: 'target-main-frame-reloaded',
+          url: tab.url,
+          type: 'main_frame',
+          method: 'GET',
+          statusCode: 200,
+          statusLine: 'HTTP/1.1 200 OK',
+          fromCache: false,
+          ip: '93.184.216.34'
+        })
+      }
+      tab.status = 'complete'
+      for (const listener of env.tabEvents.onUpdated) {
+        listener(tabId, { status: 'complete', url: tab.url }, tab)
+      }
+    }, 0)
+  }
+  env.chrome.scripting.executeScript = async () => {
+    detectionUrls.push(env.tabs.find(tab => tab.id === 3)?.url)
+    return [{ result: { visual: {}, layout: {}, components: {}, interaction: {}, ux: {}, assets: {}, evidence: {} } }]
+  }
+  globalThis.chrome = env.chrome
+  const [{ registerBridgeSession }, { startAgentCapture, registerAgentProfileTransferPort }] = await Promise.all([
+    loadTsModule('src/background/agent-bridge-session.ts'),
+    loadTsModule('src/background/agent-capture.ts'),
+    loadTsModule('src/background/agent-capture-state.ts'),
+    loadTsModule('src/background/index.ts')
+  ])
+  await registerBridgeSession({
+    tabId: 1,
+    windowId: 1,
+    bridgeOrigin: 'http://127.0.0.1:17370',
+    sessionId,
+    captureId,
+    nonce
+  })
+  await connectProfileTransferPort(env, registerAgentProfileTransferPort)
+
+  const response = await startAgentCapture(
+    {
+      type: 'START_AGENT_CAPTURE',
+      captureId,
+      sessionId,
+      nonce,
+      bridgeOrigin: 'http://127.0.0.1:17370',
+      request: {
+        ...baseRequest,
+        include: ['tech'],
+        options: { ...baseRequest.options, targetMode: 'new_tab', forceRefresh: true }
+      },
+      capabilities: { ...fullCapabilities }
+    },
+    { url: `http://127.0.0.1:17370/bridge?session=${sessionId}&capture=${captureId}&nonce=${nonce}`, tab: { id: 1, windowId: 1 } }
+  )
+
+  assert.equal(response.ok, true)
+  const loaded = await waitForMessage(
+    env.messages,
+    message => message.type === 'AGENT_CAPTURE_STATUS' && message.payload.phase === 'target_loaded'
+  )
+  assert.deepEqual(reloads, [{ tabId: 3, options: { bypassCache: true } }])
+  assert.equal(loaded.payload.finalUrl, 'https://example.com/app?view=one&fresh=1')
+  assert.equal(detectionUrls[0], 'https://example.com/app?view=one&fresh=1')
+  await waitForProfileTransferComplete(env)
+  delete globalThis.chrome
+})
+
+test('agent capture force refresh waits for delayed reload start before using complete state', async () => {
+  resetLoadTsModuleCaches()
+  const env = makeChrome()
+  enableBridgeStatusAck(env)
+  enableFastHeaderFallback()
+  const detectionUrls = []
+  env.chrome.tabs.create = async create => {
+    const tab = { id: 3, windowId: 1, url: create.url, title: 'Target', incognito: false, status: 'complete' }
+    env.tabs.push(tab)
+    return tab
+  }
+  env.chrome.tabs.reload = async tabId => {
+    const tab = env.tabs.find(item => item.id === tabId)
+    setTimeout(() => {
+      tab.url = 'https://example.com/app?view=one&fresh=delayed'
+      tab.status = 'loading'
+      for (const listener of env.tabEvents.onUpdated) {
+        listener(tabId, { status: 'loading', url: tab.url }, tab)
+      }
+      for (const listener of env.webRequestEvents.onResponseStarted) {
+        listener({
+          tabId,
+          requestId: 'target-main-frame-delayed-reload',
+          url: tab.url,
+          type: 'main_frame',
+          method: 'GET',
+          statusCode: 200,
+          statusLine: 'HTTP/1.1 200 OK',
+          fromCache: false,
+          ip: '93.184.216.34'
+        })
+      }
+      tab.status = 'complete'
+      for (const listener of env.tabEvents.onUpdated) {
+        listener(tabId, { status: 'complete', url: tab.url }, tab)
+      }
+    }, 20)
+  }
+  env.chrome.scripting.executeScript = async () => {
+    detectionUrls.push(env.tabs.find(tab => tab.id === 3)?.url)
+    return [{ result: { visual: {}, layout: {}, components: {}, interaction: {}, ux: {}, assets: {}, evidence: {} } }]
+  }
+  globalThis.chrome = env.chrome
+  const [{ registerBridgeSession }, { startAgentCapture, registerAgentProfileTransferPort }] = await Promise.all([
+    loadTsModule('src/background/agent-bridge-session.ts'),
+    loadTsModule('src/background/agent-capture.ts'),
+    loadTsModule('src/background/agent-capture-state.ts'),
+    loadTsModule('src/background/index.ts')
+  ])
+  await registerBridgeSession({
+    tabId: 1,
+    windowId: 1,
+    bridgeOrigin: 'http://127.0.0.1:17370',
+    sessionId,
+    captureId,
+    nonce
+  })
+  await connectProfileTransferPort(env, registerAgentProfileTransferPort)
+
+  const response = await startAgentCapture(
+    {
+      type: 'START_AGENT_CAPTURE',
+      captureId,
+      sessionId,
+      nonce,
+      bridgeOrigin: 'http://127.0.0.1:17370',
+      request: {
+        ...baseRequest,
+        include: ['tech'],
+        options: { ...baseRequest.options, targetMode: 'new_tab', forceRefresh: true }
+      },
+      capabilities: { ...fullCapabilities }
+    },
+    { url: `http://127.0.0.1:17370/bridge?session=${sessionId}&capture=${captureId}&nonce=${nonce}`, tab: { id: 1, windowId: 1 } }
+  )
+
+  assert.equal(response.ok, true)
+  const loaded = await waitForMessage(
+    env.messages,
+    message => message.type === 'AGENT_CAPTURE_STATUS' && message.payload.phase === 'target_loaded'
+  )
+  assert.equal(loaded.payload.finalUrl, 'https://example.com/app?view=one&fresh=delayed')
+  assert.equal(loaded.payload.targetNetworkAddress, '93.184.216.34')
+  assert.equal(detectionUrls[0], 'https://example.com/app?view=one&fresh=delayed')
+  await waitForProfileTransferComplete(env)
+  delete globalThis.chrome
+})
+
+test('agent capture force refresh waits for created tab initial load before reload', async () => {
+  resetLoadTsModuleCaches()
+  const env = makeChrome()
+  enableBridgeStatusAck(env)
+  enableFastHeaderFallback()
+  const reloads = []
+  env.chrome.tabs.create = async create => {
+    const tab = { id: 3, windowId: 1, url: create.url, title: 'Target', incognito: false, status: 'loading' }
+    env.tabs.push(tab)
+    setTimeout(() => {
+      for (const listener of env.webRequestEvents.onResponseStarted) {
+        listener({
+          tabId: 3,
+          requestId: 'target-main-frame-initial',
+          url: create.url,
+          type: 'main_frame',
+          method: 'GET',
+          statusCode: 200,
+          statusLine: 'HTTP/1.1 200 OK',
+          fromCache: false,
+          ip: '93.184.216.33'
+        })
+      }
+      tab.status = 'complete'
+      for (const listener of env.tabEvents.onUpdated) {
+        listener(3, { status: 'complete', url: tab.url }, tab)
+      }
+    }, 0)
+    return tab
+  }
+  env.chrome.tabs.reload = async (tabId, options) => {
+    const tab = env.tabs.find(item => item.id === tabId)
+    assert.equal(tab?.status, 'complete')
+    reloads.push({ tabId, options })
+    setTimeout(() => {
+      for (const listener of env.webNavigationEvents.onErrorOccurred) {
+        listener({ tabId, frameId: 0, error: 'net::ERR_ABORTED' })
+      }
+      for (const listener of env.webRequestEvents.onResponseStarted) {
+        listener({
+          tabId,
+          requestId: 'target-main-frame-reloaded',
+          url: tab.url,
+          type: 'main_frame',
+          method: 'GET',
+          statusCode: 200,
+          statusLine: 'HTTP/1.1 200 OK',
+          fromCache: false,
+          ip: '93.184.216.34'
+        })
+      }
+      tab.status = 'loading'
+      for (const listener of env.tabEvents.onUpdated) {
+        listener(tabId, { status: 'loading', url: tab.url }, tab)
+      }
+      tab.status = 'complete'
+      for (const listener of env.tabEvents.onUpdated) {
+        listener(tabId, { status: 'complete', url: tab.url }, tab)
+      }
+    }, 0)
+  }
+  globalThis.chrome = env.chrome
+  const [{ registerBridgeSession }, { startAgentCapture, registerAgentProfileTransferPort }] = await Promise.all([
+    loadTsModule('src/background/agent-bridge-session.ts'),
+    loadTsModule('src/background/agent-capture.ts'),
+    loadTsModule('src/background/agent-capture-state.ts'),
+    loadTsModule('src/background/index.ts')
+  ])
+  await registerBridgeSession({
+    tabId: 1,
+    windowId: 1,
+    bridgeOrigin: 'http://127.0.0.1:17370',
+    sessionId,
+    captureId,
+    nonce
+  })
+  await connectProfileTransferPort(env, registerAgentProfileTransferPort)
+
+  const response = await startAgentCapture(
+    {
+      type: 'START_AGENT_CAPTURE',
+      captureId,
+      sessionId,
+      nonce,
+      bridgeOrigin: 'http://127.0.0.1:17370',
+      request: {
+        ...baseRequest,
+        include: ['tech'],
+        options: { ...baseRequest.options, targetMode: 'new_tab', forceRefresh: true }
+      },
+      capabilities: { ...fullCapabilities }
+    },
+    { url: `http://127.0.0.1:17370/bridge?session=${sessionId}&capture=${captureId}&nonce=${nonce}`, tab: { id: 1, windowId: 1 } }
+  )
+
+  assert.equal(response.ok, true)
+  const loaded = await waitForMessage(
+    env.messages,
+    message => message.type === 'AGENT_CAPTURE_STATUS' && message.payload.phase === 'target_loaded'
+  )
+  assert.deepEqual(reloads, [{ tabId: 3, options: { bypassCache: true } }])
+  assert.equal(loaded.payload.targetNetworkAddress, '93.184.216.34')
+  assert.equal(
+    env.messages.some(message => message.type === 'AGENT_CAPTURE_STATUS' && message.payload.error?.code === 'TARGET_LOAD_FAILED'),
+    false
+  )
+  await waitForProfileTransferComplete(env)
+  delete globalThis.chrome
+})
+
+test('agent capture force refresh ignores same-url network evidence from before reload', async () => {
+  resetLoadTsModuleCaches()
+  const env = makeChrome()
+  enableBridgeStatusAck(env)
+  enableFastHeaderFallback()
+  const detectionUrls = []
+  env.chrome.tabs.create = async create => {
+    const tab = { id: 3, windowId: 1, url: create.url, title: 'Target', incognito: false, status: 'complete' }
+    env.tabs.push(tab)
+    queueMicrotask(() => {
+      for (const listener of env.webRequestEvents.onResponseStarted) {
+        listener({
+          tabId: 3,
+          requestId: 'target-main-frame-before-reload',
+          url: create.url,
+          type: 'main_frame',
+          method: 'GET',
+          statusCode: 200,
+          statusLine: 'HTTP/1.1 200 OK',
+          fromCache: true,
+          ip: '93.184.216.33'
+        })
+      }
+    })
+    return tab
+  }
+  env.chrome.tabs.reload = async tabId => {
+    const tab = env.tabs.find(item => item.id === tabId)
+    setTimeout(() => {
+      tab.status = 'loading'
+      for (const listener of env.tabEvents.onUpdated) {
+        listener(tabId, { status: 'loading', url: tab.url }, tab)
+      }
+      for (const listener of env.webRequestEvents.onResponseStarted) {
+        listener({
+          tabId,
+          requestId: 'target-main-frame-after-reload',
+          url: tab.url,
+          type: 'main_frame',
+          method: 'GET',
+          statusCode: 200,
+          statusLine: 'HTTP/1.1 200 OK',
+          fromCache: false,
+          ip: '93.184.216.34'
+        })
+      }
+      tab.status = 'complete'
+      for (const listener of env.tabEvents.onUpdated) {
+        listener(tabId, { status: 'complete', url: tab.url }, tab)
+      }
+    }, 20)
+  }
+  env.chrome.scripting.executeScript = async () => {
+    detectionUrls.push(env.tabs.find(tab => tab.id === 3)?.url)
+    return [{ result: { visual: {}, layout: {}, components: {}, interaction: {}, ux: {}, assets: {}, evidence: {} } }]
+  }
+  globalThis.chrome = env.chrome
+  const [{ registerBridgeSession }, { startAgentCapture, registerAgentProfileTransferPort }] = await Promise.all([
+    loadTsModule('src/background/agent-bridge-session.ts'),
+    loadTsModule('src/background/agent-capture.ts'),
+    loadTsModule('src/background/agent-capture-state.ts'),
+    loadTsModule('src/background/index.ts')
+  ])
+  await registerBridgeSession({
+    tabId: 1,
+    windowId: 1,
+    bridgeOrigin: 'http://127.0.0.1:17370',
+    sessionId,
+    captureId,
+    nonce
+  })
+  await connectProfileTransferPort(env, registerAgentProfileTransferPort)
+
+  const response = await startAgentCapture(
+    {
+      type: 'START_AGENT_CAPTURE',
+      captureId,
+      sessionId,
+      nonce,
+      bridgeOrigin: 'http://127.0.0.1:17370',
+      request: {
+        ...baseRequest,
+        include: ['tech'],
+        options: { ...baseRequest.options, targetMode: 'new_tab', forceRefresh: true }
+      },
+      capabilities: { ...fullCapabilities }
+    },
+    { url: `http://127.0.0.1:17370/bridge?session=${sessionId}&capture=${captureId}&nonce=${nonce}`, tab: { id: 1, windowId: 1 } }
+  )
+
+  assert.equal(response.ok, true)
+  const loaded = await waitForMessage(
+    env.messages,
+    message => message.type === 'AGENT_CAPTURE_STATUS' && message.payload.phase === 'target_loaded'
+  )
+  assert.equal(loaded.payload.targetNetworkAddress, '93.184.216.34')
+  assert.equal(loaded.payload.targetNetworkFromCache, false)
+  assert.equal(detectionUrls[0], 'https://example.com/app?view=one')
+  await waitForProfileTransferComplete(env)
+  delete globalThis.chrome
+})
+
+test('agent capture force refresh accepts rapid complete reload without loading event', async () => {
+  resetLoadTsModuleCaches()
+  const env = makeChrome()
+  enableBridgeStatusAck(env)
+  enableFastHeaderFallback()
+  const detectionUrls = []
+  env.chrome.tabs.create = async create => {
+    const tab = { id: 3, windowId: 1, url: create.url, title: 'Target', incognito: false, status: 'complete' }
+    env.tabs.push(tab)
+    return tab
+  }
+  env.chrome.tabs.reload = async tabId => {
+    const tab = env.tabs.find(item => item.id === tabId)
+    setTimeout(() => {
+      tab.url = 'https://example.com/app?view=one&fresh=2'
+      for (const listener of env.webRequestEvents.onResponseStarted) {
+        listener({
+          tabId,
+          requestId: 'target-main-frame-rapid-reload',
+          url: tab.url,
+          type: 'main_frame',
+          method: 'GET',
+          statusCode: 200,
+          statusLine: 'HTTP/1.1 200 OK',
+          fromCache: false,
+          ip: '93.184.216.34'
+        })
+      }
+      tab.status = 'complete'
+      for (const listener of env.tabEvents.onUpdated) {
+        listener(tabId, { status: 'complete', url: tab.url }, tab)
+      }
+    }, 0)
+  }
+  env.chrome.scripting.executeScript = async () => {
+    detectionUrls.push(env.tabs.find(tab => tab.id === 3)?.url)
+    return [{ result: { visual: {}, layout: {}, components: {}, interaction: {}, ux: {}, assets: {}, evidence: {} } }]
+  }
+  globalThis.chrome = env.chrome
+  const [{ registerBridgeSession }, { startAgentCapture, registerAgentProfileTransferPort }] = await Promise.all([
+    loadTsModule('src/background/agent-bridge-session.ts'),
+    loadTsModule('src/background/agent-capture.ts'),
+    loadTsModule('src/background/agent-capture-state.ts'),
+    loadTsModule('src/background/index.ts')
+  ])
+  await registerBridgeSession({
+    tabId: 1,
+    windowId: 1,
+    bridgeOrigin: 'http://127.0.0.1:17370',
+    sessionId,
+    captureId,
+    nonce
+  })
+  await connectProfileTransferPort(env, registerAgentProfileTransferPort)
+
+  const response = await startAgentCapture(
+    {
+      type: 'START_AGENT_CAPTURE',
+      captureId,
+      sessionId,
+      nonce,
+      bridgeOrigin: 'http://127.0.0.1:17370',
+      request: {
+        ...baseRequest,
+        include: ['tech'],
+        options: { ...baseRequest.options, targetMode: 'new_tab', forceRefresh: true }
+      },
+      capabilities: { ...fullCapabilities }
+    },
+    { url: `http://127.0.0.1:17370/bridge?session=${sessionId}&capture=${captureId}&nonce=${nonce}`, tab: { id: 1, windowId: 1 } }
+  )
+
+  assert.equal(response.ok, true)
+  const loaded = await waitForMessage(
+    env.messages,
+    message => message.type === 'AGENT_CAPTURE_STATUS' && message.payload.phase === 'target_loaded'
+  )
+  assert.equal(loaded.payload.finalUrl, 'https://example.com/app?view=one&fresh=2')
+  assert.equal(loaded.payload.targetNetworkAddress, '93.184.216.34')
+  assert.equal(detectionUrls[0], 'https://example.com/app?view=one&fresh=2')
+  await waitForProfileTransferComplete(env)
+  delete globalThis.chrome
+})
+
+test('agent capture allows proxy-reserved target address for public hostname by default', async () => {
+  resetLoadTsModuleCaches()
+  const env = makeChrome()
+  enableBridgeStatusAck(env)
+  enableFastHeaderFallback()
+  let detectionAttempted = false
+  env.chrome.tabs.create = async create => {
+    const tab = { id: 3, windowId: 1, url: create.url, title: 'Target', incognito: false, status: 'loading' }
+    env.tabs.push(tab)
+    setTimeout(() => {
+      for (const listener of env.webRequestEvents.onResponseStarted) {
+        listener({
+          tabId: 3,
+          requestId: 'target-main-frame',
+          url: create.url,
+          type: 'main_frame',
+          method: 'GET',
+          statusCode: 200,
+          statusLine: 'HTTP/1.1 200 OK',
+          fromCache: false,
+          ip: '198.18.0.12'
+        })
+      }
+      tab.status = 'complete'
+      for (const listener of env.tabEvents.onUpdated) {
+        listener(3, { status: 'complete', url: tab.url }, tab)
+      }
+    }, 0)
+    return tab
+  }
+  env.chrome.scripting.executeScript = async () => {
+    detectionAttempted = true
+    return [{ result: { visual: {}, layout: {}, components: {}, interaction: {}, ux: {}, assets: {}, evidence: {} } }]
+  }
+  globalThis.chrome = env.chrome
+  const [{ registerBridgeSession }, { startAgentCapture, registerAgentProfileTransferPort }, { listAgentCaptureIds }] = await Promise.all([
+    loadTsModule('src/background/agent-bridge-session.ts'),
+    loadTsModule('src/background/agent-capture.ts'),
+    loadTsModule('src/background/agent-capture-state.ts'),
+    loadTsModule('src/background/index.ts')
+  ])
+  await registerBridgeSession({
+    tabId: 1,
+    windowId: 1,
+    bridgeOrigin: 'http://127.0.0.1:17370',
+    sessionId,
+    captureId,
+    nonce
+  })
+  await connectProfileTransferPort(env, registerAgentProfileTransferPort)
+
+  const response = await startAgentCapture(
+    {
+      type: 'START_AGENT_CAPTURE',
+      captureId,
+      sessionId,
+      nonce,
+      bridgeOrigin: 'http://127.0.0.1:17370',
+      request: {
+        ...baseRequest,
+        include: ['tech'],
+        options: { ...baseRequest.options, targetMode: 'new_tab', forceRefresh: false }
+      },
+      capabilities: { ...fullCapabilities }
+    },
+    { url: `http://127.0.0.1:17370/bridge?session=${sessionId}&capture=${captureId}&nonce=${nonce}`, tab: { id: 1, windowId: 1 } }
+  )
+
+  assert.equal(response.ok, true)
+  await waitForMessage(env.messages, message => message.type === 'AGENT_PROFILE_TRANSFER_COMPLETE')
+  assert.equal(
+    env.messages.some(message => message.type === 'AGENT_CAPTURE_STATUS' && message.payload.error?.code === 'PRIVATE_NETWORK_TARGET_BLOCKED'),
+    false
+  )
+  assert.equal(detectionAttempted, true)
+  assert.deepEqual(await listAgentCaptureIds(), [])
+  delete globalThis.chrome
+  restoreFetch()
+})
+
+test('agent capture can be explicitly allowed to use all network targets from local settings', async () => {
+  resetLoadTsModuleCaches()
+  const env = makeChrome()
+  enableBridgeStatusAck(env)
+  enableFastHeaderFallback()
+  let detectionAttempted = false
+  env.chrome.storage.local.get = async () => ({
+    stackPrismSettings: { agentBridgeEnabled: true, agentBridgeAllowAllNetworkTargets: true }
+  })
+  env.chrome.tabs.create = async create => {
+    const tab = { id: 3, windowId: 1, url: create.url, title: 'Target', incognito: false, status: 'loading' }
+    env.tabs.push(tab)
+    setTimeout(() => {
+      for (const listener of env.webRequestEvents.onResponseStarted) {
+        listener({
+          tabId: 3,
+          requestId: 'target-main-frame',
+          url: create.url,
+          type: 'main_frame',
+          method: 'GET',
+          statusCode: 200,
+          statusLine: 'HTTP/1.1 200 OK',
+          fromCache: false,
+          ip: '127.0.0.1'
+        })
+      }
+      tab.status = 'complete'
+      for (const listener of env.tabEvents.onUpdated) {
+        listener(3, { status: 'complete', url: tab.url }, tab)
+      }
+    }, 0)
+    return tab
+  }
+  env.chrome.scripting.executeScript = async () => {
+    detectionAttempted = true
+    return [{ result: { visual: {}, layout: {}, components: {}, interaction: {}, ux: {}, assets: {}, evidence: {} } }]
+  }
+  globalThis.chrome = env.chrome
+  const [
+    { registerBridgeSession },
+    { startAgentCapture, registerAgentProfileTransferPort },
+    { listAgentCaptureIds },
+    { loadDetectorSettings }
+  ] = await Promise.all([
+    loadTsModule('src/background/agent-bridge-session.ts'),
+    loadTsModule('src/background/agent-capture.ts'),
+    loadTsModule('src/background/agent-capture-state.ts'),
+    loadTsModule('src/background/detector-settings.ts'),
+    loadTsModule('src/background/index.ts')
+  ])
+  await registerBridgeSession({
+    tabId: 1,
+    windowId: 1,
+    bridgeOrigin: 'http://127.0.0.1:17370',
+    sessionId,
+    captureId,
+    nonce
+  })
+  await connectProfileTransferPort(env, registerAgentProfileTransferPort)
+
+  const settings = await loadDetectorSettings()
+  assert.equal(settings.agentBridgeAllowAllNetworkTargets, true)
+
+  const response = await startAgentCapture(
+    {
+      type: 'START_AGENT_CAPTURE',
+      captureId,
+      sessionId,
+      nonce,
+      bridgeOrigin: 'http://127.0.0.1:17370',
+      request: {
+        ...baseRequest,
+        include: ['tech'],
+        options: { ...baseRequest.options, allowPrivateNetworkTarget: true, forceRefresh: false, targetMode: 'new_tab' }
+      },
+      capabilities: { ...fullCapabilities }
+    },
+    { url: `http://127.0.0.1:17370/bridge?session=${sessionId}&capture=${captureId}&nonce=${nonce}`, tab: { id: 1, windowId: 1 } }
+  )
+
+  assert.equal(response.ok, true)
+  await waitForMessage(env.messages, message => message.type === 'AGENT_PROFILE_TRANSFER_COMPLETE')
+  assert.equal(
+    env.messages.some(message => message.type === 'AGENT_CAPTURE_STATUS' && message.payload.error?.code === 'PRIVATE_NETWORK_TARGET_BLOCKED'),
+    false
+  )
+  assert.equal(detectionAttempted, true)
+  assert.deepEqual(await listAgentCaptureIds(), [])
+  delete globalThis.chrome
+  restoreFetch()
+})
+
+test('agent capture reports sanitized target injection failure details', async () => {
+  const env = makeChrome()
+  enableBridgeStatusAck(env)
+  enableFastHeaderFallback()
+  env.chrome.scripting.executeScript = async () => {
+    throw new Error(
+      'Cannot access https://example.com/app?token=secret&nonce=n_SECRETSECRETSECRETSECRET#frag spb_ABCDEFGHIJKLMNOPQRSTUVWxy123456789012345'
+    )
+  }
+  globalThis.chrome = env.chrome
+  const [{ registerBridgeSession }, { startAgentCapture, registerAgentProfileTransferPort }, { listAgentCaptureIds }] = await Promise.all([
+    loadTsModule('src/background/agent-bridge-session.ts'),
+    loadTsModule('src/background/agent-capture.ts'),
+    loadTsModule('src/background/agent-capture-state.ts')
+  ])
+  await registerBridgeSession({
+    tabId: 1,
+    windowId: 1,
+    bridgeOrigin: 'http://127.0.0.1:17370',
+    sessionId,
+    captureId,
+    nonce
+  })
+  await connectProfileTransferPort(env, registerAgentProfileTransferPort)
+
+  const response = await startAgentCapture(
+    {
+      type: 'START_AGENT_CAPTURE',
+      captureId,
+      sessionId,
+      nonce,
+      bridgeOrigin: 'http://127.0.0.1:17370',
+      request: {
+        ...baseRequest,
+        include: ['assets'],
+        options: { ...baseRequest.options, forceRefresh: false }
+      },
+      capabilities: {
+        agentBridge: true,
+        siteExperienceProfileV1: true,
+        profileChunkTransport: true,
+        bridgeContentPost: true,
+        storageSession: true,
+        experienceProfiler: true,
+        rawProfile: true,
+        viewportMetadata: true
+      }
+    },
+    { url: `http://127.0.0.1:17370/bridge?session=${sessionId}&capture=${captureId}&nonce=${nonce}`, tab: { id: 1, windowId: 1 } }
+  )
+
+  assert.equal(response.ok, true)
+  const failed = await waitForMessage(
+    env.messages,
+    message => message.type === 'AGENT_CAPTURE_STATUS' && message.payload.error?.code === 'TARGET_INJECTION_FAILED'
+  )
+  assert.equal(failed.payload.error.details.reason.includes('[redacted'), true)
+  const serialized = JSON.stringify(failed.payload.error.details)
+  assert.equal(serialized.includes('token=secret'), false)
+  assert.equal(serialized.includes('nonce='), false)
+  assert.equal(serialized.includes('#frag'), false)
+  assert.equal(serialized.includes('spb_'), false)
+  assert.deepEqual(await listAgentCaptureIds(), [])
+  delete globalThis.chrome
+  restoreFetch()
+})
+
+test('agent page detection falls back to inline page detector when firefox cannot load script files', async () => {
+  const env = makeChrome()
+  enableFastHeaderFallback()
+  const calls = []
+  env.chrome.scripting.executeScript = async options => {
+    calls.push(options)
+    if (options.files?.[0]?.includes('content-observer')) return [{ result: null }]
+    if (options.files?.[0] === 'injected/page-detector.iife.js') return [{ error: 'Unable to load script: <anonymous code>' }]
+    if (typeof options.func === 'function' && options.world === 'MAIN') {
+      return [{ result: { url: 'https://example.com/app?view=one', technologies: [{ name: 'React', categories: ['frontend'] }] } }]
+    }
+    return [{ result: {} }]
+  }
+  globalThis.chrome = env.chrome
+  const { runAgentPageDetection } = await loadTsModule('src/background/detection.ts')
+
+  const result = await runAgentPageDetection(2, Date.now() + 5000)
+
+  assert.equal(result.url, 'https://example.com/app?view=one')
+  assert.deepEqual(calls.map(call => call.files?.[0]).filter(Boolean), ['assets/content-observer.ts-unit.js', 'injected/page-detector.iife.js'])
+  assert.ok(calls.some(call => typeof call.func === 'function' && call.world === 'MAIN'))
+  delete globalThis.chrome
+  restoreFetch()
+})
+
+test('agent page detection does not use inline fallback for runtime detector errors', async () => {
+  const env = makeChrome()
+  enableBridgeStatusAck(env)
+  enableFastHeaderFallback()
+  const calls = []
+  env.chrome.scripting.executeScript = async options => {
+    calls.push(options)
+    if (options.files?.[0]?.includes('content-observer')) return [{ result: null }]
+    if (options.files?.[0] === 'injected/page-detector.iife.js') return [{ error: 'ReferenceError: detector regression' }]
+    if (options.files?.[0] === 'injected/experience-profiler.iife.js') {
+      return [{ result: { visual: {}, layout: {}, components: {}, interaction: {}, ux: {}, assets: {}, evidence: {} } }]
+    }
+    return [{ result: null }]
+  }
+  globalThis.chrome = env.chrome
+  const [{ registerBridgeSession }, { startAgentCapture, registerAgentProfileTransferPort }, { listAgentCaptureIds }] = await Promise.all([
+    loadTsModule('src/background/agent-bridge-session.ts'),
+    loadTsModule('src/background/agent-capture.ts'),
+    loadTsModule('src/background/agent-capture-state.ts')
+  ])
+  await registerBridgeSession({
+    tabId: 1,
+    windowId: 1,
+    bridgeOrigin: 'http://127.0.0.1:17370',
+    sessionId,
+    captureId,
+    nonce
+  })
+  await connectProfileTransferPort(env, registerAgentProfileTransferPort)
+
+  const response = await startAgentCapture(
+    {
+      type: 'START_AGENT_CAPTURE',
+      captureId,
+      sessionId,
+      nonce,
+      bridgeOrigin: 'http://127.0.0.1:17370',
+      request: {
+        ...baseRequest,
+        options: { ...baseRequest.options, targetMode: 'new_tab', forceRefresh: false }
+      },
+      capabilities: { ...fullCapabilities }
+    },
+    { url: `http://127.0.0.1:17370/bridge?session=${sessionId}&capture=${captureId}&nonce=${nonce}`, tab: { id: 1, windowId: 1 } }
+  )
+
+  assert.equal(response.ok, true)
+  const failed = await waitForMessage(
+    env.messages,
+    message => message.type === 'AGENT_CAPTURE_STATUS' && message.payload.error?.code === 'TARGET_INJECTION_FAILED'
+  )
+  assert.match(failed.payload.error.details.reason, /detector regression/)
+  assert.equal(calls.some(call => call.func?.name === 'detectPageTechnologies'), false)
+  assert.deepEqual(await listAgentCaptureIds(), [])
+  delete globalThis.chrome
+  restoreFetch()
+})
+
+test('agent capture fails when content observer injection fails', async () => {
+  const env = makeChrome()
+  enableBridgeStatusAck(env)
+  enableFastHeaderFallback()
+  env.chrome.scripting.executeScript = async options => {
+    if (options.files?.[0]?.includes('content-observer')) {
+      throw new Error('Cannot inject observer for https://example.com/app?token=secret#frag')
+    }
+    if (typeof options.func === 'function') {
+      throw new Error('Cannot inject observer function for https://example.com/app?token=secret#frag')
+    }
+    if (options.files?.[0] === 'injected/page-detector.iife.js') {
+      return [{ result: { url: 'https://example.com/app?view=one', technologies: [] } }]
+    }
+    if (options.files?.[0] === 'injected/experience-profiler.iife.js') {
+      return [{ result: { visual: {}, layout: {}, components: {}, interaction: {}, ux: {}, assets: {}, evidence: {} } }]
+    }
+    return [{ result: {} }]
+  }
+  globalThis.chrome = env.chrome
+  const [{ registerBridgeSession }, { startAgentCapture, registerAgentProfileTransferPort }, { listAgentCaptureIds }] = await Promise.all([
+    loadTsModule('src/background/agent-bridge-session.ts'),
+    loadTsModule('src/background/agent-capture.ts'),
+    loadTsModule('src/background/agent-capture-state.ts')
+  ])
+  await registerBridgeSession({
+    tabId: 1,
+    windowId: 1,
+    bridgeOrigin: 'http://127.0.0.1:17370',
+    sessionId,
+    captureId,
+    nonce
+  })
+  await connectProfileTransferPort(env, registerAgentProfileTransferPort)
+
+  const response = await startAgentCapture(
+    {
+      type: 'START_AGENT_CAPTURE',
+      captureId,
+      sessionId,
+      nonce,
+      bridgeOrigin: 'http://127.0.0.1:17370',
+      request: baseRequest,
+      capabilities: {
+        agentBridge: true,
+        siteExperienceProfileV1: true,
+        profileChunkTransport: true,
+        bridgeContentPost: true,
+        storageSession: true,
+        experienceProfiler: true,
+        rawProfile: true,
+        viewportMetadata: true
+      }
+    },
+    { url: `http://127.0.0.1:17370/bridge?session=${sessionId}&capture=${captureId}&nonce=${nonce}`, tab: { id: 1, windowId: 1 } }
+  )
+
+  assert.equal(response.ok, true)
+  const failed = await waitForMessage(
+    env.messages,
+    message => message.type === 'AGENT_CAPTURE_STATUS' && message.payload.error?.code === 'TARGET_INJECTION_FAILED',
+    200
+  )
+  assert.equal(JSON.stringify(failed.payload.error.details).includes('token=secret'), false)
+  assert.deepEqual(await listAgentCaptureIds(), [])
+  delete globalThis.chrome
+  restoreFetch()
+})
+
+test('agent capture fails when the observer content script is missing from manifest', async () => {
+  const env = makeChrome()
+  enableBridgeStatusAck(env)
+  enableFastHeaderFallback()
+  env.chrome.runtime.getManifest = () => ({
+    version: '1.3.71',
+    content_scripts: [{ js: ['assets/agent-bridge-client.ts-unit.js'], matches: ['http://127.0.0.1/*'] }]
+  })
+  globalThis.chrome = env.chrome
+  const [{ registerBridgeSession }, { startAgentCapture, registerAgentProfileTransferPort }, { listAgentCaptureIds }] = await Promise.all([
+    loadTsModule('src/background/agent-bridge-session.ts'),
+    loadTsModule('src/background/agent-capture.ts'),
+    loadTsModule('src/background/agent-capture-state.ts')
+  ])
+  await registerBridgeSession({
+    tabId: 1,
+    windowId: 1,
+    bridgeOrigin: 'http://127.0.0.1:17370',
+    sessionId,
+    captureId,
+    nonce
+  })
+  await connectProfileTransferPort(env, registerAgentProfileTransferPort)
+
+  const response = await startAgentCapture(
+    {
+      type: 'START_AGENT_CAPTURE',
+      captureId,
+      sessionId,
+      nonce,
+      bridgeOrigin: 'http://127.0.0.1:17370',
+      request: baseRequest,
+      capabilities: {
+        agentBridge: true,
+        siteExperienceProfileV1: true,
+        profileChunkTransport: true,
+        bridgeContentPost: true,
+        storageSession: true,
+        experienceProfiler: true,
+        rawProfile: true,
+        viewportMetadata: true
+      }
+    },
+    { url: `http://127.0.0.1:17370/bridge?session=${sessionId}&capture=${captureId}&nonce=${nonce}`, tab: { id: 1, windowId: 1 } }
+  )
+
+  assert.equal(response.ok, true)
+  const failed = await waitForMessage(
+    env.messages,
+    message => message.type === 'AGENT_CAPTURE_STATUS' && message.payload.error?.code === 'TARGET_INJECTION_FAILED',
+    200
+  )
+  assert.match(failed.payload.error.details.reason, /CONTENT_OBSERVER_NOT_FOUND/)
+  assert.deepEqual(await listAgentCaptureIds(), [])
+  delete globalThis.chrome
+  restoreFetch()
+})
+
+test('active tab mode and bridge guards fail closed', async () => {
+  const env = makeChrome()
+  globalThis.chrome = env.chrome
+  const [{ clearBridgeSession, registerBridgeSession }, { startAgentCapture }] = await Promise.all([
+    loadTsModule('src/background/agent-bridge-session.ts'),
+    loadTsModule('src/background/agent-capture.ts')
+  ])
+  await clearBridgeSession(1)
+  await registerBridgeSession({
+    tabId: 1,
+    windowId: 1,
+    bridgeOrigin: 'http://127.0.0.1:17370',
+    sessionId,
+    captureId,
+    nonce
+  })
+  const response = await startAgentCapture(
+    {
+      type: 'START_AGENT_CAPTURE',
+      captureId,
+      sessionId,
+      nonce,
+      bridgeOrigin: 'http://127.0.0.1:17370',
+      request: { ...baseRequest, options: { ...baseRequest.options, targetMode: 'active_tab' } },
+      capabilities: { ...fullCapabilities }
+    },
+    { url: `http://127.0.0.1:17370/bridge?session=${sessionId}&capture=${captureId}&nonce=${nonce}`, tab: { id: 1, windowId: 1 } }
+  )
+  assert.equal(response.error.code, 'ACTIVE_TAB_UNAVAILABLE')
+  delete globalThis.chrome
+})
+
+test('target tab resolution keeps query strings in reuse and active-tab matching', async () => {
+  const env = makeChrome()
+  globalThis.chrome = env.chrome
+  const [{ validateAgentCaptureRequest }, { resolveTargetTab }] = await Promise.all([
+    loadTsModule('src/background/agent-capture-request.ts'),
+    loadTsModule('src/background/agent-capture-target.ts')
+  ])
+  const validated = validateAgentCaptureRequest(baseRequest)
+  assert.equal(validated.ok, true)
+  const request = validated.request
+
+  const reused = await resolveTargetTab(request, 1)
+  assert.equal(reused.ok, true)
+  assert.equal(reused.createdByCapture, false)
+  assert.equal(reused.tab.id, 2)
+  assert.equal(reused.tab.url, 'https://example.com/app?view=one')
+
+  env.tabs.find(tab => tab.id === 2).url = 'https://example.com/app?view=two'
+  const newTab = await resolveTargetTab(request, 1)
+  assert.equal(newTab.ok, true)
+  assert.equal(newTab.createdByCapture, true)
+  assert.equal(newTab.tab.url, 'https://example.com/app?view=one')
+
+  env.storage['agent-active-tab:1'] = {
+    tabId: 2,
+    windowId: 1,
+    url: request.url,
+    updatedAt: 1
+  }
+  const active = await resolveTargetTab({ ...request, options: { ...request.options, targetMode: 'active_tab' } }, 1)
+  assert.equal(active.ok, false)
+  assert.equal(active.error.code, 'ACTIVE_TAB_MISMATCH')
+  delete globalThis.chrome
+})
+
+test('active tab mode validates the live tab url even when the tracker snapshot is stale', async () => {
+  const env = makeChrome()
+  globalThis.chrome = env.chrome
+  const [{ validateAgentCaptureRequest }, { resolveTargetTab }] = await Promise.all([
+    loadTsModule('src/background/agent-capture-request.ts'),
+    loadTsModule('src/background/agent-capture-target.ts')
+  ])
+  const validated = validateAgentCaptureRequest(baseRequest)
+  assert.equal(validated.ok, true)
+  const request = validated.request
+
+  env.storage['agent-active-tab:1'] = {
+    tabId: 2,
+    windowId: 1,
+    url: 'https://example.com/app?view=stale',
+    updatedAt: 1
+  }
+  env.tabs.find(tab => tab.id === 2).url = request.url
+
+  const active = await resolveTargetTab({ ...request, options: { ...request.options, targetMode: 'active_tab' } }, 1)
+  assert.equal(active.ok, true)
+  assert.equal(active.createdByCapture, false)
+  assert.equal(active.tab.id, 2)
+  assert.equal(active.tab.url, request.url)
+  delete globalThis.chrome
+})
+
+test('active tab mode returns unavailable when the recorded tab was closed', async () => {
+  const env = makeChrome()
+  env.storage['agent-active-tab:1'] = {
+    tabId: 99,
+    windowId: 1,
+    url: 'https://example.com/app?view=one',
+    updatedAt: 1
+  }
+  env.chrome.tabs.get = async id => {
+    if (id === 99) throw new Error('No tab with id: 99.')
+    return { id, windowId: 1, url: '', incognito: false }
+  }
+  globalThis.chrome = env.chrome
+  const [{ registerBridgeSession }, { startAgentCapture }] = await Promise.all([
+    loadTsModule('src/background/agent-bridge-session.ts'),
+    loadTsModule('src/background/agent-capture.ts')
+  ])
+  await registerBridgeSession({
+    tabId: 1,
+    windowId: 1,
+    bridgeOrigin: 'http://127.0.0.1:17370',
+    sessionId,
+    captureId,
+    nonce
+  })
+
+  const response = await startAgentCapture(
+    {
+      type: 'START_AGENT_CAPTURE',
+      captureId,
+      sessionId,
+      nonce,
+      bridgeOrigin: 'http://127.0.0.1:17370',
+      request: { ...baseRequest, options: { ...baseRequest.options, targetMode: 'active_tab' } },
+      capabilities: { ...fullCapabilities }
+    },
+    { url: `http://127.0.0.1:17370/bridge?session=${sessionId}&capture=${captureId}&nonce=${nonce}`, tab: { id: 1, windowId: 1 } }
+  )
+  assert.equal(response.error.code, 'ACTIVE_TAB_UNAVAILABLE')
+  delete globalThis.chrome
+})
+
+test('new tab mode creates the target in the bridge window and rejects incognito results', async () => {
+  const env = makeChrome()
+  globalThis.chrome = env.chrome
+  const [{ clearBridgeSession, registerBridgeSession }, { startAgentCapture }] = await Promise.all([
+    loadTsModule('src/background/agent-bridge-session.ts'),
+    loadTsModule('src/background/agent-capture.ts')
+  ])
+  await clearBridgeSession(1)
+  await registerBridgeSession({
+    tabId: 1,
+    windowId: 5,
+    bridgeOrigin: 'http://127.0.0.1:17370',
+    sessionId,
+    captureId,
+    nonce
+  })
+  let createArgs
+  env.chrome.tabs.create = async args => {
+    createArgs = args
+    const tab = { id: 4, windowId: args.windowId, url: args.url, incognito: true, status: 'complete' }
+    env.tabs.push(tab)
+    return tab
+  }
+
+  const response = await startAgentCapture(
+    {
+      type: 'START_AGENT_CAPTURE',
+      captureId,
+      sessionId,
+      nonce,
+      bridgeOrigin: 'http://127.0.0.1:17370',
+      request: {
+        ...baseRequest,
+        url: 'https://example.com/new-tab',
+        options: { ...baseRequest.options, targetMode: 'new_tab' }
+      },
+      capabilities: {
+        agentBridge: true,
+        siteExperienceProfileV1: true,
+        profileChunkTransport: true,
+        bridgeContentPost: true,
+        storageSession: true,
+        experienceProfiler: true,
+        rawProfile: true,
+        viewportMetadata: true
+      }
+    },
+    {
+      url: `http://127.0.0.1:17370/bridge?session=${sessionId}&capture=${captureId}&nonce=${nonce}`,
+      tab: { id: 1, windowId: 5, incognito: false }
+    }
+  )
+
+  assert.equal(createArgs.windowId, 5)
+  assert.equal(createArgs.active, false)
+  assert.equal(response.ok, false)
+  assert.equal(response.error.code, 'INCOGNITO_NOT_SUPPORTED')
+  assert.deepEqual(env.removedTabs, [4])
+  await clearBridgeSession(1)
+  delete globalThis.chrome
+})
+
+test('agent capture rejects incognito bridge tabs before resolving a target tab', async () => {
+  const env = makeChrome()
+  let targetResolutionAttempted = false
+  env.chrome.tabs.query = async () => {
+    targetResolutionAttempted = true
+    return env.tabs
+  }
+  env.chrome.tabs.create = async () => {
+    targetResolutionAttempted = true
+    return { id: 4, windowId: 9, url: baseRequest.url, incognito: false, status: 'complete' }
+  }
+  globalThis.chrome = env.chrome
+  const [{ clearBridgeSession, registerBridgeSession }, { startAgentCapture }] = await Promise.all([
+    loadTsModule('src/background/agent-bridge-session.ts'),
+    loadTsModule('src/background/agent-capture.ts')
+  ])
+  await clearBridgeSession(1)
+  await registerBridgeSession({
+    tabId: 1,
+    windowId: 9,
+    bridgeOrigin: 'http://127.0.0.1:17370',
+    sessionId,
+    captureId,
+    nonce
+  })
+
+  const response = await startAgentCapture(
+    {
+      type: 'START_AGENT_CAPTURE',
+      captureId,
+      sessionId,
+      nonce,
+      bridgeOrigin: 'http://127.0.0.1:17370',
+      request: baseRequest,
+      capabilities: {
+        agentBridge: true,
+        siteExperienceProfileV1: true,
+        profileChunkTransport: true,
+        bridgeContentPost: true,
+        storageSession: true,
+        experienceProfiler: true,
+        rawProfile: true,
+        viewportMetadata: true
+      }
+    },
+    {
+      url: `http://127.0.0.1:17370/bridge?session=${sessionId}&capture=${captureId}&nonce=${nonce}`,
+      tab: { id: 1, windowId: 9, incognito: true }
+    }
+  )
+
+  assert.equal(response.ok, false)
+  assert.equal(response.error.code, 'INCOGNITO_NOT_SUPPORTED')
+  assert.equal(targetResolutionAttempted, false)
+  await clearBridgeSession(1)
+  delete globalThis.chrome
+})
+
+test('active tab tracker updates the recorded URL after active tab navigation completes', async () => {
+  const env = makeChrome()
+  globalThis.chrome = env.chrome
+  const { registerActiveTabTracker, getPreviousActiveTab } = await loadTsModule('src/background/active-tab-tracker.ts')
+
+  registerActiveTabTracker()
+  await env.tabEvents.onActivated[0]({ tabId: 2, windowId: 1 })
+  assert.equal((await getPreviousActiveTab(1)).url, 'https://example.com/app?view=one')
+
+  env.tabs.find(tab => tab.id === 2).url = 'https://example.com/app?view=two'
+  for (const listener of env.tabEvents.onUpdated) {
+    await listener(
+      2,
+      { status: 'complete', url: 'https://example.com/app?view=two' },
+      env.tabs.find(tab => tab.id === 2)
+    )
+  }
+
+  assert.equal((await getPreviousActiveTab(1)).url, 'https://example.com/app?view=two')
+  delete globalThis.chrome
+})
+
+test('active tab tracker updates the recorded URL on URL-only tab updates', async () => {
+  const env = makeChrome()
+  globalThis.chrome = env.chrome
+  const { registerActiveTabTracker, getPreviousActiveTab } = await loadTsModule('src/background/active-tab-tracker.ts')
+
+  registerActiveTabTracker()
+  await env.tabEvents.onActivated[0]({ tabId: 2, windowId: 1 })
+  assert.equal((await getPreviousActiveTab(1)).url, 'https://example.com/app?view=one')
+
+  env.tabs.find(tab => tab.id === 2).url = 'https://example.com/app?view=spa'
+  for (const listener of env.tabEvents.onUpdated) {
+    await listener(2, { url: 'https://example.com/app?view=spa' }, env.tabs.find(tab => tab.id === 2))
+  }
+
+  assert.equal((await getPreviousActiveTab(1)).url, 'https://example.com/app?view=spa')
+  delete globalThis.chrome
+})
+
+test('active tab tracker records an active tab that first becomes detectable after navigation', async () => {
+  const env = makeChrome()
+  env.tabs.find(tab => tab.id === 2).url = 'chrome://newtab/'
+  env.tabs.find(tab => tab.id === 2).active = true
+  globalThis.chrome = env.chrome
+  const { registerActiveTabTracker, getPreviousActiveTab } = await loadTsModule('src/background/active-tab-tracker.ts')
+
+  registerActiveTabTracker()
+  await env.tabEvents.onActivated[0]({ tabId: 2, windowId: 1 })
+  assert.equal(await getPreviousActiveTab(1), null)
+
+  env.tabs.find(tab => tab.id === 2).url = 'https://example.com/app?view=later'
+  for (const listener of env.tabEvents.onUpdated) {
+    await listener(
+      2,
+      { status: 'complete', url: 'https://example.com/app?view=later' },
+      env.tabs.find(tab => tab.id === 2)
+    )
+  }
+
+  assert.equal((await getPreviousActiveTab(1)).url, 'https://example.com/app?view=later')
+  delete globalThis.chrome
+})
+
+test('active tab tracker clears stale recorded tab when activation switches to a non-detectable page', async () => {
+  const env = makeChrome()
+  globalThis.chrome = env.chrome
+  const { registerActiveTabTracker, getPreviousActiveTab } = await loadTsModule('src/background/active-tab-tracker.ts')
+
+  registerActiveTabTracker()
+  await env.tabEvents.onActivated[0]({ tabId: 2, windowId: 1 })
+  assert.equal((await getPreviousActiveTab(1)).url, 'https://example.com/app?view=one')
+
+  env.tabs.find(tab => tab.id === 2).url = 'chrome://newtab/'
+  await env.tabEvents.onActivated[0]({ tabId: 2, windowId: 1 })
+
+  assert.equal(await getPreviousActiveTab(1), null)
+  delete globalThis.chrome
+})
+
+test('active tab tracker preserves previous active tab when the bridge page becomes active', async () => {
+  const env = makeChrome()
+  globalThis.chrome = env.chrome
+  const { registerActiveTabTracker, getPreviousActiveTab } = await loadTsModule('src/background/active-tab-tracker.ts')
+
+  registerActiveTabTracker()
+  await env.tabEvents.onActivated[0]({ tabId: 2, windowId: 1 })
+  assert.equal((await getPreviousActiveTab(1)).url, 'https://example.com/app?view=one')
+
+  await env.tabEvents.onActivated[0]({ tabId: 1, windowId: 1 })
+
+  const previous = await getPreviousActiveTab(1)
+  assert.equal(previous.tabId, 2)
+  assert.equal(previous.url, 'https://example.com/app?view=one')
+  delete globalThis.chrome
+})
+
+test('active tab tracker preserves previous active tab while bridge tab is still loading', async () => {
+  const env = makeChrome()
+  env.tabs.find(tab => tab.id === 1).url = ''
+  env.tabs.find(tab => tab.id === 1).pendingUrl = `http://127.0.0.1:17370/bridge?session=${sessionId}&capture=${captureId}&nonce=${nonce}`
+  globalThis.chrome = env.chrome
+  const { registerActiveTabTracker, getPreviousActiveTab } = await loadTsModule('src/background/active-tab-tracker.ts')
+
+  registerActiveTabTracker()
+  await env.tabEvents.onActivated[0]({ tabId: 2, windowId: 1 })
+  assert.equal((await getPreviousActiveTab(1)).url, 'https://example.com/app?view=one')
+
+  await env.tabEvents.onActivated[0]({ tabId: 1, windowId: 1 })
+
+  const previous = await getPreviousActiveTab(1)
+  assert.equal(previous.tabId, 2)
+  assert.equal(previous.url, 'https://example.com/app?view=one')
+  delete globalThis.chrome
+})
+
+test('new tab capture waits for target tab load completion before profiling', async () => {
+  const env = makeChrome()
+  enableBridgeStatusAck(env)
+  let profiledWhileLoading = false
+  env.chrome.tabs.create = async create => {
+    const tab = { id: 3, windowId: 1, url: create.url, title: 'Loading target', incognito: false, status: 'loading' }
+    env.tabs.push(tab)
+    setTimeout(() => {
+      tab.status = 'complete'
+      tab.title = 'Loaded target'
+      for (const listener of env.tabEvents.onUpdated) {
+        listener(3, { status: 'complete', url: tab.url }, tab)
+      }
+    }, 20)
+    return tab
+  }
+  env.chrome.scripting.executeScript = async options => {
+    const profilerCall =
+      options.files?.[0] === 'injected/experience-profiler.iife.js' ||
+      String(options.func || '').includes('__STACKPRISM_EXPERIENCE_OPTIONS__')
+    if (profilerCall && env.tabs.find(tab => tab.id === options.target.tabId)?.status !== 'complete') {
+      profiledWhileLoading = true
+    }
+    return [{ result: { visual: {}, layout: {}, components: {}, interaction: {}, ux: {}, assets: {}, evidence: {} } }]
+  }
+  globalThis.chrome = env.chrome
+  const [{ registerBridgeSession }, { startAgentCapture, registerAgentProfileTransferPort }] = await Promise.all([
+    loadTsModule('src/background/agent-bridge-session.ts'),
+    loadTsModule('src/background/agent-capture.ts')
+  ])
+  await registerBridgeSession({
+    tabId: 1,
+    windowId: 1,
+    bridgeOrigin: 'http://127.0.0.1:17370',
+    sessionId,
+    captureId,
+    nonce
+  })
+  await connectProfileTransferPort(env, registerAgentProfileTransferPort)
+
+  const response = await startAgentCapture(
+    {
+      type: 'START_AGENT_CAPTURE',
+      captureId,
+      sessionId,
+      nonce,
+      bridgeOrigin: 'http://127.0.0.1:17370',
+      request: {
+        ...baseRequest,
+        include: ['assets'],
+        options: { ...baseRequest.options, targetMode: 'new_tab', forceRefresh: false }
+      },
+      capabilities: {
+        agentBridge: true,
+        siteExperienceProfileV1: true,
+        profileChunkTransport: true,
+        bridgeContentPost: true,
+        storageSession: true,
+        experienceProfiler: true,
+        rawProfile: true,
+        viewportMetadata: true
+      }
+    },
+    { url: `http://127.0.0.1:17370/bridge?session=${sessionId}&capture=${captureId}&nonce=${nonce}`, tab: { id: 1, windowId: 1 } }
+  )
+
+  assert.equal(response.ok, true)
+  await waitForMessage(env.messages, message => message.type === 'AGENT_PROFILE_TRANSFER_COMPLETE')
+  assert.equal(profiledWhileLoading, false)
+  delete globalThis.chrome
+})
+
+test('new tab capture fails immediately when target tab is removed while loading', async () => {
+  const env = makeChrome()
+  enableBridgeStatusAck(env)
+  enableFastHeaderFallback()
+  env.chrome.tabs.create = async create => {
+    const tab = { id: 3, windowId: 1, url: create.url, incognito: false, status: 'loading' }
+    env.tabs.push(tab)
+    return tab
+  }
+  globalThis.chrome = env.chrome
+  const [{ registerBridgeSession }, { startAgentCapture, registerAgentProfileTransferPort }, { listAgentCaptureIds }] = await Promise.all([
+    loadTsModule('src/background/agent-bridge-session.ts'),
+    loadTsModule('src/background/agent-capture.ts'),
+    loadTsModule('src/background/agent-capture-state.ts')
+  ])
+  await registerBridgeSession({
+    tabId: 1,
+    windowId: 1,
+    bridgeOrigin: 'http://127.0.0.1:17370',
+    sessionId,
+    captureId,
+    nonce
+  })
+  await connectProfileTransferPort(env, registerAgentProfileTransferPort)
+
+  const response = await startAgentCapture(
+    {
+      type: 'START_AGENT_CAPTURE',
+      captureId,
+      sessionId,
+      nonce,
+      bridgeOrigin: 'http://127.0.0.1:17370',
+      request: {
+        ...baseRequest,
+        include: ['assets'],
+        options: { ...baseRequest.options, targetMode: 'new_tab', forceRefresh: false }
+      },
+      capabilities: {
+        agentBridge: true,
+        siteExperienceProfileV1: true,
+        profileChunkTransport: true,
+        bridgeContentPost: true,
+        storageSession: true,
+        experienceProfiler: true,
+        rawProfile: true,
+        viewportMetadata: true
+      }
+    },
+    { url: `http://127.0.0.1:17370/bridge?session=${sessionId}&capture=${captureId}&nonce=${nonce}`, tab: { id: 1, windowId: 1 } }
+  )
+  assert.equal(response.ok, true)
+  for (const listener of env.tabEvents.onRemoved) listener(3)
+
+  const failed = await waitForMessage(
+    env.messages,
+    message => message.type === 'AGENT_CAPTURE_STATUS' && message.payload.error?.code === 'TARGET_TAB_CLOSED'
+  )
+  assert.equal(failed.payload.status, 'failed')
+  assert.equal(env.tabEvents.onUpdated.length, 0)
+  assert.equal(env.tabEvents.onRemoved.length, 0)
+  assert.deepEqual(await listAgentCaptureIds(), [])
+  delete globalThis.chrome
+  restoreFetch()
+})
+
+test('bridge tab helpers isolate bridge pages and API requests', async () => {
+  const { isAgentBridgeRequestUrl, shouldIgnoreBridgeTabEvent } = await loadTsModule('src/background/agent-bridge-tabs.ts')
+  const bridgeUrl = `http://127.0.0.1:17370/bridge?session=${sessionId}&capture=${captureId}&nonce=${nonce}`
+  const bridgeTab = { url: bridgeUrl, incognito: false }
+  const ordinaryLocalTab = { url: 'http://127.0.0.1:5173/app', incognito: false }
+
+  assert.equal(isAgentBridgeRequestUrl(bridgeUrl), true)
+  assert.equal(isAgentBridgeRequestUrl('http://127.0.0.1:17370/bridge'), false)
+  assert.equal(isAgentBridgeRequestUrl('http://127.0.0.1:17370/v1/captures/cap_x/status?token=secret', bridgeTab), true)
+  assert.equal(isAgentBridgeRequestUrl('http://127.0.0.1:17370/v1/captures/cap_x/status?token=secret'), false)
+  assert.equal(isAgentBridgeRequestUrl('http://127.0.0.1:5173/v1/captures/cap_x/status?token=secret', ordinaryLocalTab), false)
+  assert.equal(shouldIgnoreBridgeTabEvent({ url: bridgeUrl, incognito: false }), true)
+  assert.equal(shouldIgnoreBridgeTabEvent({ url: bridgeUrl, incognito: true }), true)
+  assert.equal(shouldIgnoreBridgeTabEvent({ url: 'http://127.0.0.1:17370/bridge', incognito: false }), false)
+  assert.equal(shouldIgnoreBridgeTabEvent({ url: 'https://example.com/', incognito: false }), false)
+})
+
+test('content injector normalizes firefox manifest script URLs and retries root paths', async () => {
+  resetLoadTsModuleCaches()
+  const env = makeChrome()
+  const calls = []
+  env.chrome.runtime.getManifest = () => ({
+    version: '1.3.71',
+    content_scripts: [
+      { js: ['moz-extension://unit-id/assets/content-observer.ts-unit.js'], matches: ['http://*/*', 'https://*/*'] },
+      { js: ['moz-extension://unit-id/assets/agent-bridge-client.ts-unit.js'], matches: ['http://127.0.0.1/*'] }
+    ]
+  })
+  env.chrome.scripting.executeScript = async options => {
+    calls.push(options)
+    return options.files?.[0]?.startsWith('/') ? [{ result: null }] : [{ error: 'Unable to load script: relative path failed' }]
+  }
+  globalThis.chrome = env.chrome
+
+  try {
+    const { getAgentBridgeClientFile, injectAgentBridgeClient } = await loadTsModule('src/background/content-injector.ts')
+    assert.equal(getAgentBridgeClientFile(), 'assets/agent-bridge-client.ts-unit.js')
+
+    await injectAgentBridgeClient(1, { failOnError: true })
+
+    assert.deepEqual(
+      calls.map(call => call.files?.[0]),
+      ['assets/agent-bridge-client.ts-unit.js', '/assets/agent-bridge-client.ts-unit.js']
+    )
+  } finally {
+    delete globalThis.chrome
+    resetLoadTsModuleCaches()
+  }
+})
+
+test('content injector falls back to inline bridge client when firefox cannot load script files', async () => {
+  resetLoadTsModuleCaches()
+  const env = makeChrome()
+  const calls = []
+  env.chrome.runtime.getManifest = () => ({
+    version: '1.3.71',
+    content_scripts: [
+      { js: ['moz-extension://unit-id/assets/content-observer.ts-unit.js'], matches: ['http://*/*', 'https://*/*'] },
+      { js: ['moz-extension://unit-id/assets/agent-bridge-client.ts-unit.js'], matches: ['http://127.0.0.1/*'] }
+    ]
+  })
+  env.chrome.scripting.executeScript = async options => {
+    calls.push(options)
+    return options.files ? [{ error: `Unable to load script: ${options.files[0]}` }] : [{ result: null }]
+  }
+  globalThis.chrome = env.chrome
+
+  try {
+    const { injectAgentBridgeClient } = await loadTsModule('src/background/content-injector.ts')
+
+    await injectAgentBridgeClient(1, { failOnError: true })
+
+    assert.deepEqual(
+      calls.filter(call => call.files?.[0]?.includes('agent-bridge-client.ts-unit.js')).map(call => call.files?.[0]),
+      ['assets/agent-bridge-client.ts-unit.js', '/assets/agent-bridge-client.ts-unit.js']
+    )
+    assert.equal(calls.filter(call => call.func?.name === 'runAgentBridgeClient').length, 1)
+  } finally {
+    delete globalThis.chrome
+    resetLoadTsModuleCaches()
+  }
+})
+
+test('content injector does not retry or fall back after bridge client runtime error', async () => {
+  resetLoadTsModuleCaches()
+  const env = makeChrome()
+  const calls = []
+  env.chrome.runtime.getManifest = () => ({
+    version: '1.3.71',
+    content_scripts: [
+      { js: ['moz-extension://unit-id/assets/content-observer.ts-unit.js'], matches: ['http://*/*', 'https://*/*'] },
+      { js: ['moz-extension://unit-id/assets/agent-bridge-client.ts-unit.js'], matches: ['http://127.0.0.1/*'] }
+    ]
+  })
+  env.chrome.scripting.executeScript = async options => {
+    calls.push(options)
+    if (options.files?.[0] === 'assets/agent-bridge-client.ts-unit.js') {
+      return [{ error: 'ReferenceError: bridge client regression' }]
+    }
+    if (options.files?.[0] === '/assets/agent-bridge-client.ts-unit.js') {
+      return [{ error: 'Unable to load script: slash path failed' }]
+    }
+    return [{ result: null }]
+  }
+  globalThis.chrome = env.chrome
+
+  try {
+    const { injectAgentBridgeClient } = await loadTsModule('src/background/content-injector.ts')
+
+    await assert.rejects(() => injectAgentBridgeClient(1, { failOnError: true }), /bridge client regression/)
+    assert.deepEqual(
+      calls.filter(call => call.files?.[0]?.includes('agent-bridge-client.ts-unit.js')).map(call => call.files?.[0]),
+      ['assets/agent-bridge-client.ts-unit.js']
+    )
+    assert.equal(calls.some(call => call.func?.name === 'runAgentBridgeClient'), false)
+  } finally {
+    delete globalThis.chrome
+    resetLoadTsModuleCaches()
+  }
+})
+
+test('content injector treats bridge client NotFoundError as a runtime error', async () => {
+  resetLoadTsModuleCaches()
+  const env = makeChrome()
+  const calls = []
+  env.chrome.runtime.getManifest = () => ({
+    version: '1.3.71',
+    content_scripts: [
+      { js: ['moz-extension://unit-id/assets/content-observer.ts-unit.js'], matches: ['http://*/*', 'https://*/*'] },
+      { js: ['moz-extension://unit-id/assets/agent-bridge-client.ts-unit.js'], matches: ['http://127.0.0.1/*'] }
+    ]
+  })
+  env.chrome.scripting.executeScript = async options => {
+    calls.push(options)
+    if (options.files?.[0] === 'assets/agent-bridge-client.ts-unit.js') {
+      return [{ error: "NotFoundError: Failed to execute 'removeChild' on 'Node': node was not found." }]
+    }
+    if (options.files?.[0] === '/assets/agent-bridge-client.ts-unit.js') {
+      return [{ error: 'Unable to load script: slash path failed' }]
+    }
+    return [{ result: null }]
+  }
+  globalThis.chrome = env.chrome
+
+  try {
+    const { injectAgentBridgeClient } = await loadTsModule('src/background/content-injector.ts')
+
+    await assert.rejects(() => injectAgentBridgeClient(1, { failOnError: true }), /NotFoundError/)
+    assert.deepEqual(
+      calls.filter(call => call.files?.[0]?.includes('agent-bridge-client.ts-unit.js')).map(call => call.files?.[0]),
+      ['assets/agent-bridge-client.ts-unit.js']
+    )
+    assert.equal(calls.some(call => call.func?.name === 'runAgentBridgeClient'), false)
+  } finally {
+    delete globalThis.chrome
+    resetLoadTsModuleCaches()
+  }
+})
+
+test('content injector does not fall back for bridge client runtime errors', async () => {
+  resetLoadTsModuleCaches()
+  const env = makeChrome()
+  const calls = []
+  env.chrome.runtime.getManifest = () => ({
+    version: '1.3.71',
+    content_scripts: [
+      { js: ['moz-extension://unit-id/assets/content-observer.ts-unit.js'], matches: ['http://*/*', 'https://*/*'] },
+      { js: ['moz-extension://unit-id/assets/agent-bridge-client.ts-unit.js'], matches: ['http://127.0.0.1/*'] }
+    ]
+  })
+  env.chrome.scripting.executeScript = async options => {
+    calls.push(options)
+    if (options.files) return [{ error: 'ReferenceError: bridge client regression' }]
+    return [{ result: null }]
+  }
+  globalThis.chrome = env.chrome
+
+  try {
+    const { injectAgentBridgeClient } = await loadTsModule('src/background/content-injector.ts')
+
+    await assert.rejects(() => injectAgentBridgeClient(1, { failOnError: true }), /bridge client regression/)
+    assert.equal(calls.some(call => call.func?.name === 'runAgentBridgeClient'), false)
+  } finally {
+    delete globalThis.chrome
+    resetLoadTsModuleCaches()
+  }
+})
+
+test('content injector falls back to inline observer when firefox cannot load script files', async () => {
+  resetLoadTsModuleCaches()
+  const env = makeChrome()
+  const calls = []
+  env.chrome.runtime.getManifest = () => ({
+    version: '1.3.71',
+    content_scripts: [
+      { js: ['moz-extension://unit-id/assets/content-observer.ts-unit.js'], matches: ['http://*/*', 'https://*/*'] },
+      { js: ['moz-extension://unit-id/assets/agent-bridge-client.ts-unit.js'], matches: ['http://127.0.0.1/*'] }
+    ]
+  })
+  env.chrome.scripting.executeScript = async options => {
+    calls.push(options)
+    return options.files ? [{ error: `Unable to load script: ${options.files[0]}` }] : [{ result: null }]
+  }
+  globalThis.chrome = env.chrome
+
+  try {
+    const { injectContentObserver } = await loadTsModule('src/background/content-injector.ts')
+
+    await injectContentObserver(91, { failOnError: true })
+
+    assert.deepEqual(
+      calls
+        .filter(call => call.target?.tabId === 91 && call.files?.[0]?.includes('content-observer.ts-unit.js'))
+        .map(call => call.files?.[0]),
+      ['assets/content-observer.ts-unit.js', '/assets/content-observer.ts-unit.js']
+    )
+    assert.equal(calls.filter(call => call.target?.tabId === 91 && call.func?.name === 'runContentObserver').length, 1)
+  } finally {
+    delete globalThis.chrome
+    resetLoadTsModuleCaches()
+  }
+})
+
+test('content injector does not fall back for observer runtime errors', async () => {
+  resetLoadTsModuleCaches()
+  const env = makeChrome()
+  const calls = []
+  env.chrome.runtime.getManifest = () => ({
+    version: '1.3.71',
+    content_scripts: [
+      { js: ['moz-extension://unit-id/assets/content-observer.ts-unit.js'], matches: ['http://*/*', 'https://*/*'] },
+      { js: ['moz-extension://unit-id/assets/agent-bridge-client.ts-unit.js'], matches: ['http://127.0.0.1/*'] }
+    ]
+  })
+  env.chrome.scripting.executeScript = async options => {
+    calls.push(options)
+    if (options.files) return [{ error: 'ReferenceError: observer regression' }]
+    return [{ result: null }]
+  }
+  globalThis.chrome = env.chrome
+
+  try {
+    const { injectContentObserver } = await loadTsModule('src/background/content-injector.ts')
+
+    await assert.rejects(() => injectContentObserver(2, { failOnError: true }), /observer regression/)
+    assert.equal(calls.some(call => call.func?.name === 'runContentObserver'), false)
+  } finally {
+    delete globalThis.chrome
+    resetLoadTsModuleCaches()
+  }
+})
+
+test('background update handling injects agent bridge client for completed bridge tabs', async () => {
+  resetLoadTsModuleCaches()
+  const env = makeChrome()
+  globalThis.chrome = env.chrome
+
+  try {
+    await loadTsModule('src/background/index.ts')
+    const baseline = env.executedScripts.length
+    for (const listener of env.tabEvents.onUpdated) {
+      await listener(1, { status: 'complete', url: env.tabs[0].url }, env.tabs[0])
+    }
+    await new Promise(resolve => setTimeout(resolve, 0))
+
+    assert.deepEqual(env.executedScripts.slice(baseline).map(call => call.files?.[0]), ['assets/agent-bridge-client.ts-unit.js'])
+  } finally {
+    delete globalThis.chrome
+    resetLoadTsModuleCaches()
+  }
+})
+
+test('background update handling suppresses ordinary detection for active capture target tabs', async () => {
+  resetLoadTsModuleCaches()
+  const env = makeChrome()
+  const scheduledDelays = []
+  const originalSetTimeout = globalThis.setTimeout
+  const originalClearTimeout = globalThis.clearTimeout
+  globalThis.setTimeout = (_callback, delay) => {
+    scheduledDelays.push(Number(delay))
+    return { fakeTimer: true }
+  }
+  globalThis.clearTimeout = () => {}
+  globalThis.chrome = env.chrome
+
+  try {
+    const [{ saveAgentCaptureState }] = await Promise.all([
+      loadTsModule('src/background/agent-capture-state.ts'),
+      loadTsModule('src/background/index.ts')
+    ])
+    await saveAgentCaptureState({
+      captureId,
+      sessionId,
+      nonce,
+      bridgeOrigin: 'http://127.0.0.1:17370',
+      bridgeUrl: `http://127.0.0.1:17370/bridge?session=${sessionId}&capture=${captureId}&nonce=${nonce}`,
+      bridgeTabId: 1,
+      bridgeWindowId: 1,
+      targetTabId: 2,
+      targetWindowId: 1,
+      targetUrl: 'https://example.com/app?view=one',
+      targetMode: 'reuse_or_new_tab',
+      createdByCapture: false,
+      keepTabOpen: false,
+      phase: 'target_opening',
+      status: 'running',
+      startedAt: Date.now(),
+      updatedAt: Date.now(),
+      deadlineAt: Date.now() + 60000
+    })
+
+    const targetTab = env.tabs.find(tab => tab.id === 2)
+    const captureScheduleBaseline = scheduledDelays.length
+    for (const listener of env.tabEvents.onUpdated) {
+      await listener(2, { status: 'complete', url: targetTab.url }, targetTab)
+    }
+    await new Promise(resolve => originalSetTimeout(resolve, 0))
+    assert.deepEqual(scheduledDelays.slice(captureScheduleBaseline), [])
+
+    const ordinaryScheduleBaseline = scheduledDelays.length
+    for (const listener of env.tabEvents.onUpdated) {
+      await listener(4, { status: 'complete', url: 'https://ordinary.example/app' }, { id: 4, windowId: 1, url: 'https://ordinary.example/app' })
+    }
+    await new Promise(resolve => originalSetTimeout(resolve, 0))
+    assert.deepEqual(scheduledDelays.slice(ordinaryScheduleBaseline), [600])
+  } finally {
+    globalThis.setTimeout = originalSetTimeout
+    globalThis.clearTimeout = originalClearTimeout
+    delete globalThis.chrome
+    resetLoadTsModuleCaches()
+  }
+})
+
+test('background update handling suppresses ordinary detection for recently managed capture target tabs', async () => {
+  resetLoadTsModuleCaches()
+  const env = makeChrome()
+  const scheduledDelays = []
+  const originalSetTimeout = globalThis.setTimeout
+  const originalClearTimeout = globalThis.clearTimeout
+  globalThis.setTimeout = (_callback, delay) => {
+    scheduledDelays.push(Number(delay))
+    return { fakeTimer: true }
+  }
+  globalThis.clearTimeout = () => {}
+  globalThis.chrome = env.chrome
+
+  try {
+    const [{ markAgentCaptureTargetTab }] = await Promise.all([
+      loadTsModule('src/background/agent-capture-target-guard.ts'),
+      loadTsModule('src/background/index.ts')
+    ])
+    markAgentCaptureTargetTab(4)
+
+    for (const listener of env.tabEvents.onUpdated) {
+      await listener(
+        4,
+        { status: 'complete', url: 'https://blocked.example/app' },
+        { id: 4, windowId: 1, url: 'https://blocked.example/app' }
+      )
+    }
+    await new Promise(resolve => originalSetTimeout(resolve, 0))
+    assert.deepEqual(scheduledDelays, [])
+
+    for (const listener of env.tabEvents.onUpdated) {
+      await listener(
+        5,
+        { status: 'complete', url: 'https://ordinary.example/app' },
+        { id: 5, windowId: 1, url: 'https://ordinary.example/app' }
+      )
+    }
+    await new Promise(resolve => originalSetTimeout(resolve, 0))
+    assert.deepEqual(scheduledDelays, [600])
+  } finally {
+    globalThis.setTimeout = originalSetTimeout
+    globalThis.clearTimeout = originalClearTimeout
+    delete globalThis.chrome
+    resetLoadTsModuleCaches()
+  }
+})
+
+test('background update handling falls back to ordinary detection when capture-state lookup fails', async () => {
+  resetLoadTsModuleCaches()
+  const env = makeChrome()
+  const scheduledDelays = []
+  const originalSetTimeout = globalThis.setTimeout
+  const originalClearTimeout = globalThis.clearTimeout
+  globalThis.setTimeout = (_callback, delay) => {
+    scheduledDelays.push(Number(delay))
+    return { fakeTimer: true }
+  }
+  globalThis.clearTimeout = () => {}
+  globalThis.chrome = env.chrome
+
+  try {
+    await loadTsModule('src/background/index.ts')
+    const baseGet = env.chrome.storage.session.get
+    env.chrome.storage.session.get = async key => {
+      if (key === 'agent-capture:index') throw new Error('session unavailable')
+      return baseGet(key)
+    }
+
+    const fallbackScheduleBaseline = scheduledDelays.length
+    for (const listener of env.tabEvents.onUpdated) {
+      await listener(4, { status: 'complete', url: 'https://ordinary.example/app' }, { id: 4, windowId: 1, url: 'https://ordinary.example/app' })
+    }
+    await new Promise(resolve => originalSetTimeout(resolve, 0))
+    assert.deepEqual(scheduledDelays.slice(fallbackScheduleBaseline), [600])
+  } finally {
+    globalThis.setTimeout = originalSetTimeout
+    globalThis.clearTimeout = originalClearTimeout
+    delete globalThis.chrome
+    resetLoadTsModuleCaches()
+  }
+})
+
+test('capture cleanup restores ordinary detection for retained target tabs', async () => {
+  resetLoadTsModuleCaches()
+  const env = makeChrome()
+  env.tabs.push({ id: 3, windowId: 1, url: 'https://example.com/kept', title: 'Kept', incognito: false, status: 'complete' })
+  env.tabs.push({ id: 4, windowId: 1, url: 'https://example.com/closed', title: 'Closed', incognito: false, status: 'complete' })
+  const scheduledDelays = []
+  const originalSetTimeout = globalThis.setTimeout
+  const originalClearTimeout = globalThis.clearTimeout
+  globalThis.setTimeout = (_callback, delay) => {
+    scheduledDelays.push(Number(delay))
+    return { fakeTimer: true }
+  }
+  globalThis.clearTimeout = () => {}
+  globalThis.chrome = env.chrome
+
+  try {
+    const { cleanupStoredCaptureAndSession } = await loadTsModule('src/background/agent-capture-lifecycle.ts')
+    const restoreScheduleBaseline = scheduledDelays.length
+    await cleanupStoredCaptureAndSession({
+      captureId,
+      bridgeTabId: 1,
+      targetTabId: 2,
+      createdByCapture: false,
+      keepTabOpen: false,
+      phase: 'cleanup'
+    })
+    await cleanupStoredCaptureAndSession({
+      captureId: secondCaptureId,
+      bridgeTabId: 1,
+      targetTabId: 3,
+      createdByCapture: true,
+      keepTabOpen: true,
+      phase: 'target_opening'
+    })
+    await cleanupStoredCaptureAndSession({
+      captureId: 'cap_cleanup_closed_target',
+      bridgeTabId: 1,
+      targetTabId: 4,
+      createdByCapture: true,
+      keepTabOpen: false,
+      phase: 'cleanup'
+    })
+
+    await new Promise(resolve => originalSetTimeout(resolve, 0))
+    assert.deepEqual(scheduledDelays.slice(restoreScheduleBaseline), [600, 600])
+  } finally {
+    globalThis.setTimeout = originalSetTimeout
+    globalThis.clearTimeout = originalClearTimeout
+    delete globalThis.chrome
+    resetLoadTsModuleCaches()
+  }
+})
+
+test('background webRequest only skips capture API requests from bridge tabs', async () => {
+  resetLoadTsModuleCaches()
+  const env = makeChrome()
+  globalThis.chrome = env.chrome
+  globalThis.fetch = async url => {
+    if (String(url).endsWith('/rules/index.json')) return new Response(JSON.stringify({ schemaVersion: 1, files: [] }), { status: 200 })
+    return new Response('{}', { status: 200 })
+  }
+  env.tabs[1].url = 'http://127.0.0.1:5173/app'
+
+  const [{ registerBridgeSession }] = await Promise.all([
+    loadTsModule('src/background/agent-bridge-session.ts'),
+    loadTsModule('src/background/index.ts')
+  ])
+  await registerBridgeSession({
+    tabId: 1,
+    windowId: 1,
+    bridgeOrigin: 'http://127.0.0.1:17370',
+    sessionId,
+    captureId,
+    nonce
+  })
+  assert.equal(env.webRequestEvents.onHeadersReceived.length, 1)
+  const listener = env.webRequestEvents.onHeadersReceived[0]
+  listener({
+    tabId: 2,
+    requestId: 'ordinary-local-api',
+    url: 'http://127.0.0.1:5173/v1/captures/cap_x/status?token=secret',
+    type: 'fetch',
+    method: 'GET',
+    statusCode: 200,
+    responseHeaders: [{ name: 'x-powered-by', value: 'ordinary-local-api' }]
+  })
+
+  const data = await waitForCondition(() => env.storage['tab:2']?.apis?.[0])
+  assert.equal(data.url, 'http://127.0.0.1:5173/v1/captures/cap_x/status?token=secret')
+  assert.equal(data.allHeaders['x-powered-by'], 'ordinary-local-api')
+
+  listener({
+    tabId: 1,
+    requestId: 'bridge-api',
+    url: 'http://127.0.0.1:17370/v1/captures/cap_x/status?token=secret',
+    type: 'fetch',
+    method: 'GET',
+    statusCode: 200,
+    responseHeaders: [{ name: 'x-powered-by', value: 'bridge-api' }]
+  })
+  await new Promise(resolve => setTimeout(resolve, 0))
+  assert.equal(env.storage['tab:1'], undefined)
+
+  delete globalThis.chrome
+  restoreFetch()
+})
+
+test('background navigation only skips capture API commits from bridge tabs', async () => {
+  resetLoadTsModuleCaches()
+  const env = makeChrome()
+  const logs = []
+  const originalConsoleLog = console.log
+  console.log = (...args) => logs.push(args)
+  globalThis.chrome = env.chrome
+  globalThis.fetch = async url => {
+    if (String(url).endsWith('/rules/index.json')) return new Response(JSON.stringify({ schemaVersion: 1, files: [] }), { status: 200 })
+    return new Response('{}', { status: 200 })
+  }
+  env.tabs[1].url = 'http://127.0.0.1:5173/app'
+
+  try {
+    const [{ registerBridgeSession }] = await Promise.all([
+      loadTsModule('src/background/agent-bridge-session.ts'),
+      loadTsModule('src/background/index.ts')
+    ])
+    await registerBridgeSession({
+      tabId: 1,
+      windowId: 1,
+      bridgeOrigin: 'http://127.0.0.1:17370',
+      sessionId,
+      captureId,
+      nonce
+    })
+    assert.equal(env.webNavigationEvents.onCommitted.length, 1)
+    const listener = env.webNavigationEvents.onCommitted[0]
+
+    env.tabs[0].url = 'http://127.0.0.1:17370/v1/captures/cap_x/status?token=secret'
+    listener({
+      tabId: 1,
+      frameId: 0,
+      url: 'http://127.0.0.1:17370/v1/captures/cap_x/status?token=secret',
+      transitionType: 'typed'
+    })
+    await new Promise(resolve => setTimeout(resolve, 0))
+    assert.equal(
+      logs.some(entry => entry[0] === '[SP detection] webNav committed'),
+      false
+    )
+
+    listener({
+      tabId: 2,
+      frameId: 0,
+      url: 'http://127.0.0.1:5173/v1/captures/cap_x/status?token=secret',
+      transitionType: 'typed'
+    })
+    await waitForCondition(() => logs.some(entry => entry[0] === '[SP detection] webNav committed'))
+  } finally {
+    console.log = originalConsoleLog
+    delete globalThis.chrome
+    restoreFetch()
+  }
+})
+
+test('ordinary runtime messages from incognito bridge tabs cannot read detection caches', async () => {
+  const env = makeChrome()
+  const responses = []
+  env.tabs[0].incognito = true
+  env.chrome.tabs.get = async id => env.tabs.find(tab => tab.id === id) || null
+  env.chrome.runtime.onMessage.addListener = listener => {
+    listener(
+      { type: 'GET_POPUP_RESULT', tabId: 1 },
+      {
+        tab: {
+          id: 1,
+          windowId: 1,
+          incognito: true,
+          url: `http://127.0.0.1:17370/bridge?session=${sessionId}&capture=${captureId}&nonce=${nonce}`
+        }
+      },
+      response => responses.push(response)
+    )
+  }
+  globalThis.chrome = env.chrome
+  const { registerMessageRouter } = await loadTsModule('src/background/message-router.ts')
+
+  registerMessageRouter()
+
+  assert.deepEqual(responses, [{ ok: false, error: 'Agent Bridge 页面不能访问普通检测缓存。' }])
+  delete globalThis.chrome
+})
+
+test('ordinary runtime messages from registered bridge API tabs cannot read detection caches', async () => {
+  resetLoadTsModuleCaches()
+  const env = makeChrome()
+  const responses = []
+  const bridgeApiUrl = 'http://127.0.0.1:17370/v1/captures/cap_x/status?token=secret'
+  env.tabs[0].url = bridgeApiUrl
+  env.storage['tab:1'] = { page: { url: bridgeApiUrl, title: 'Bridge API' }, updatedAt: Date.now() }
+  env.chrome.tabs.get = async id => env.tabs.find(tab => tab.id === id) || null
+  env.chrome.runtime.onMessage.addListener = listener => {
+    listener({ type: 'GET_POPUP_RESULT', tabId: 1 }, { tab: { id: 1, windowId: 1, incognito: false, url: bridgeApiUrl } }, response =>
+      responses.push(response)
+    )
+  }
+  globalThis.chrome = env.chrome
+  const [{ registerBridgeSession }, { registerMessageRouter }] = await Promise.all([
+    loadTsModule('src/background/agent-bridge-session.ts'),
+    loadTsModule('src/background/message-router.ts')
+  ])
+  await registerBridgeSession({
+    tabId: 1,
+    windowId: 1,
+    bridgeOrigin: 'http://127.0.0.1:17370',
+    sessionId,
+    captureId,
+    nonce
+  })
+
+  registerMessageRouter()
+  await waitForCondition(() => responses.length > 0)
+
+  assert.deepEqual(responses, [{ ok: false, error: 'Agent Bridge 页面不能访问普通检测缓存。' }])
+  assert.equal(env.storage['tab:1'].page.title, 'Bridge API')
+  delete globalThis.chrome
+  restoreFetch()
+})
+
+test('popup runtime messages cannot read registered bridge API tabs', async () => {
+  resetLoadTsModuleCaches()
+  const env = makeChrome()
+  const responses = []
+  const bridgeApiUrl = 'http://127.0.0.1:17370/v1/captures/cap_x/profile?token=secret'
+  env.tabs[0].url = bridgeApiUrl
+  env.storage['tab:1'] = { page: { url: bridgeApiUrl, title: 'Bridge API' }, updatedAt: Date.now() }
+  env.chrome.tabs.get = async id => env.tabs.find(tab => tab.id === id) || null
+  env.chrome.runtime.onMessage.addListener = listener => {
+    listener({ type: 'GET_HEADER_DATA', tabId: 1 }, { url: 'chrome-extension://stackprism/src/ui/popup/index.html' }, response =>
+      responses.push(response)
+    )
+  }
+  globalThis.chrome = env.chrome
+  const [{ registerBridgeSession }, { registerMessageRouter }] = await Promise.all([
+    loadTsModule('src/background/agent-bridge-session.ts'),
+    loadTsModule('src/background/message-router.ts')
+  ])
+  await registerBridgeSession({
+    tabId: 1,
+    windowId: 1,
+    bridgeOrigin: 'http://127.0.0.1:17370',
+    sessionId,
+    captureId,
+    nonce
+  })
+
+  registerMessageRouter()
+  await waitForCondition(() => responses.length > 0)
+
+  assert.deepEqual(responses, [{ ok: false, error: 'Error: Agent Bridge 页面不能访问普通检测缓存。' }])
+  assert.equal(env.storage['tab:1'].page.title, 'Bridge API')
+  delete globalThis.chrome
+  restoreFetch()
+})
+
+test('registered bridge API tabs cannot trigger ordinary background detection', async () => {
+  resetLoadTsModuleCaches()
+  const env = makeChrome()
+  const responses = []
+  const bridgeApiUrl = 'http://127.0.0.1:17370/v1/captures/cap_x/status?token=secret'
+  env.tabs[0].url = bridgeApiUrl
+  env.storage['tab:1'] = { page: { url: bridgeApiUrl, title: 'Bridge API' }, updatedAt: Date.now() }
+  env.chrome.tabs.get = async id => env.tabs.find(tab => tab.id === id) || null
+  env.chrome.runtime.onMessage.addListener = listener => {
+    listener(
+      { type: 'START_BACKGROUND_DETECTION', tabId: 1 },
+      { tab: { id: 1, windowId: 1, incognito: false, url: bridgeApiUrl } },
+      response => responses.push(response)
+    )
+  }
+  globalThis.chrome = env.chrome
+  const [{ registerBridgeSession }, { registerMessageRouter }] = await Promise.all([
+    loadTsModule('src/background/agent-bridge-session.ts'),
+    loadTsModule('src/background/message-router.ts')
+  ])
+  await registerBridgeSession({
+    tabId: 1,
+    windowId: 1,
+    bridgeOrigin: 'http://127.0.0.1:17370',
+    sessionId,
+    captureId,
+    nonce
+  })
+
+  registerMessageRouter()
+  await waitForCondition(() => responses.length > 0)
+
+  assert.deepEqual(responses, [{ ok: false, error: 'Agent Bridge 页面不能访问普通检测缓存。' }])
+  assert.equal(env.storage['tab:1'].page.title, 'Bridge API')
+  delete globalThis.chrome
+  restoreFetch()
+})
+
+test('storage session availability and deadline reconciliation are fail closed', async () => {
+  const env = makeChrome()
+  globalThis.chrome = env.chrome
+  const { assertStorageSessionAvailable, reconcileAgentCaptureDeadlines, saveAgentCaptureState, getAgentCaptureState } = await loadTsModule(
+    'src/background/agent-capture-state.ts'
+  )
+
+  assert.equal(assertStorageSessionAvailable().ok, true)
+  await saveAgentCaptureState({
+    captureId,
+    sessionId,
+    nonce,
+    bridgeOrigin: 'http://127.0.0.1:17370',
+    bridgeUrl: 'http://127.0.0.1:17370/bridge',
+    bridgeTabId: 1,
+    bridgeWindowId: 1,
+    targetUrl: 'https://example.com/',
+    targetMode: 'new_tab',
+    createdByCapture: true,
+    keepTabOpen: false,
+    phase: 'target_opening',
+    status: 'running',
+    startedAt: 1,
+    updatedAt: 1,
+    deadlineAt: 2
+  })
+  await reconcileAgentCaptureDeadlines(3)
+  const targetOpeningExpired = await getAgentCaptureState(captureId)
+  assert.equal(targetOpeningExpired.status, 'failed')
+  assert.equal(targetOpeningExpired.error.code, 'TARGET_LOAD_TIMEOUT')
+  await saveAgentCaptureState({
+    captureId: secondCaptureId,
+    sessionId,
+    nonce,
+    bridgeOrigin: 'http://127.0.0.1:17370',
+    bridgeUrl: 'http://127.0.0.1:17370/bridge',
+    bridgeTabId: 1,
+    bridgeWindowId: 1,
+    targetUrl: 'https://example.com/',
+    targetMode: 'new_tab',
+    createdByCapture: true,
+    keepTabOpen: false,
+    phase: 'cleanup',
+    status: 'cancel_requested',
+    startedAt: 1,
+    updatedAt: 1,
+    deadlineAt: 100,
+    cancelDeadlineAt: 4
+  })
+  await reconcileAgentCaptureDeadlines(5)
+  const cancelled = await getAgentCaptureState(secondCaptureId)
+  assert.equal(cancelled.status, 'cancelled')
+  assert.equal(cancelled.error.details.reason, 'cancel_timeout')
+  await saveAgentCaptureState({
+    captureId: 'cap_profileTimeoutState001',
+    sessionId,
+    nonce,
+    bridgeOrigin: 'http://127.0.0.1:17370',
+    bridgeUrl: 'http://127.0.0.1:17370/bridge',
+    bridgeTabId: 1,
+    bridgeWindowId: 1,
+    targetUrl: 'https://example.com/',
+    targetMode: 'new_tab',
+    createdByCapture: true,
+    keepTabOpen: false,
+    phase: 'posting_profile',
+    status: 'running',
+    startedAt: 1,
+    updatedAt: 1,
+    deadlineAt: 100,
+    profileTransferDeadlineAt: 6
+  })
+  await reconcileAgentCaptureDeadlines(7)
+  const profileTransferExpired = await getAgentCaptureState('cap_profileTimeoutState001')
+  assert.equal(profileTransferExpired.status, 'failed')
+  assert.equal(profileTransferExpired.error.code, 'PROFILE_TRANSPORT_FAILED')
+  assert.equal(profileTransferExpired.error.details.reason, 'profile_transfer_timeout')
+  env.storage['agent-capture:index'] = [captureId]
+  env.storage[`agent-capture:${captureId}`] = {
+    captureId,
+    sessionId,
+    nonce,
+    status: 'running',
+    phase: 'target_opening',
+    deadlineAt: 'not-a-number'
+  }
+  assert.equal(await getAgentCaptureState(captureId), null)
+  assert.deepEqual(env.storage['agent-capture:index'], [])
+  assert.equal(env.storage[`agent-capture:${captureId}`], undefined)
+  assert.equal(JSON.stringify(env.storage).includes('bridgeToken'), false)
+  delete globalThis.chrome
+})
+
+test('agent capture control paths check storage session capability before reconciliation', async () => {
+  const env = makeChrome()
+  delete env.chrome.storage.session
+  globalThis.chrome = env.chrome
+  const { startAgentCapture, cancelAgentCapture } = await loadTsModule('src/background/agent-capture.ts')
+
+  const start = await startAgentCapture(
+    {
+      type: 'START_AGENT_CAPTURE',
+      captureId,
+      sessionId,
+      nonce,
+      bridgeOrigin: 'http://127.0.0.1:17370',
+      request: baseRequest,
+      capabilities: { ...fullCapabilities }
+    },
+    { url: `http://127.0.0.1:17370/bridge?session=${sessionId}&capture=${captureId}&nonce=${nonce}`, tab: { id: 1, windowId: 1 } }
+  )
+  const cancel = await cancelAgentCapture(
+    { type: 'AGENT_CAPTURE_CONTROL', captureId, sessionId, nonce, command: 'cancel' },
+    { url: `http://127.0.0.1:17370/bridge?session=${sessionId}&capture=${captureId}&nonce=${nonce}`, tab: { id: 1, windowId: 1 } }
+  )
+
+  assert.equal(start.error.code, 'NOT_SUPPORTED')
+  assert.equal(start.error.details.missingCapability, 'storageSession')
+  assert.equal(cancel.error.code, 'NOT_SUPPORTED')
+  assert.equal(cancel.error.details.missingCapability, 'storageSession')
+  delete globalThis.chrome
+})
+
+test('agent capture reconciles expired captures with bridge notification and owned target cleanup', async () => {
+  const env = makeChrome()
+  enableBridgeStatusAck(env)
+  globalThis.chrome = env.chrome
+  const [{ recoverInterruptedAgentCaptures }, { saveAgentCaptureState, listAgentCaptureIds }] = await Promise.all([
+    loadTsModule('src/background/agent-capture.ts'),
+    loadTsModule('src/background/agent-capture-state.ts')
+  ])
+  await saveAgentCaptureState({
+    captureId,
+    sessionId,
+    nonce,
+    bridgeOrigin: 'http://127.0.0.1:17370',
+    bridgeUrl: `http://127.0.0.1:17370/bridge?session=${sessionId}&capture=${captureId}&nonce=${nonce}`,
+    bridgeTabId: 1,
+    bridgeWindowId: 1,
+    targetTabId: 2,
+    targetWindowId: 1,
+    targetUrl: 'https://example.com/app?view=one',
+    targetMode: 'new_tab',
+    createdByCapture: true,
+    keepTabOpen: false,
+    phase: 'target_loaded',
+    status: 'running',
+    startedAt: 1,
+    updatedAt: 1,
+    deadlineAt: 2
+  })
+
+  await recoverInterruptedAgentCaptures()
+
+  assert.equal(
+    env.messages.some(message => message.type === 'AGENT_CAPTURE_STATUS' && message.payload.error?.code === 'CAPTURE_TIMEOUT'),
+    true
+  )
+  assert.equal(env.removedTabs.includes(2), true)
+  assert.equal((await listAgentCaptureIds()).includes(captureId), false)
+  delete globalThis.chrome
+})
+
+test('agent capture cancel control closes owned target tab and removes state', async () => {
+  const env = makeChrome()
+  enableBridgeStatusAck(env)
+  globalThis.chrome = env.chrome
+  const [{ cancelAgentCapture }, { registerBridgeSession }, { saveAgentCaptureState, listAgentCaptureIds }] = await Promise.all([
+    loadTsModule('src/background/agent-capture.ts'),
+    loadTsModule('src/background/agent-bridge-session.ts'),
+    loadTsModule('src/background/agent-capture-state.ts')
+  ])
+  await registerBridgeSession({
+    tabId: 1,
+    windowId: 1,
+    bridgeOrigin: 'http://127.0.0.1:17370',
+    sessionId,
+    captureId,
+    nonce
+  })
+  await saveAgentCaptureState({
+    captureId,
+    sessionId,
+    nonce,
+    bridgeOrigin: 'http://127.0.0.1:17370',
+    bridgeUrl: `http://127.0.0.1:17370/bridge?session=${sessionId}&capture=${captureId}&nonce=${nonce}`,
+    bridgeTabId: 1,
+    bridgeWindowId: 1,
+    targetTabId: 2,
+    targetWindowId: 1,
+    targetUrl: 'https://example.com/app?view=one',
+    targetMode: 'new_tab',
+    createdByCapture: true,
+    keepTabOpen: false,
+    phase: 'target_opening',
+    status: 'running',
+    startedAt: 1,
+    updatedAt: 1,
+    deadlineAt: Date.now() + 60000
+  })
+
+  const response = await cancelAgentCapture(
+    { type: 'AGENT_CAPTURE_CONTROL', captureId, sessionId, nonce, command: 'cancel' },
+    { url: `http://127.0.0.1:17370/bridge?session=${sessionId}&capture=${captureId}&nonce=${nonce}`, tab: { id: 1, windowId: 1 } }
+  )
+
+  assert.equal(response.ok, true)
+  assert.deepEqual(env.removedTabs, [2])
+  assert.equal((await listAgentCaptureIds()).includes(captureId), false)
+  const cancelled = env.messages.find(message => message.type === 'AGENT_CAPTURE_STATUS' && message.payload.status === 'cancelled')
+  assert.ok(cancelled)
+  assert.equal(cancelled.payload.error, undefined)
+  delete globalThis.chrome
+})
+
+test('agent capture cancel reports owned target cleanup failures without leaving capture state', async () => {
+  const env = makeChrome()
+  enableBridgeStatusAck(env)
+  const warnings = []
+  const originalWarn = console.warn
+  console.warn = (...args) => warnings.push(args)
+  env.chrome.tabs.remove = async () => {
+    throw new Error('remove failed for cancel cleanup')
+  }
+  globalThis.chrome = env.chrome
+  const [{ cancelAgentCapture }, { registerBridgeSession, getBridgeSession }, { saveAgentCaptureState, listAgentCaptureIds }] =
+    await Promise.all([
+      loadTsModule('src/background/agent-capture.ts'),
+      loadTsModule('src/background/agent-bridge-session.ts'),
+      loadTsModule('src/background/agent-capture-state.ts')
+    ])
+  try {
+    await registerBridgeSession({
+      tabId: 1,
+      windowId: 1,
+      bridgeOrigin: 'http://127.0.0.1:17370',
+      sessionId,
+      captureId,
+      nonce
+    })
+    await saveAgentCaptureState({
+      captureId,
+      sessionId,
+      nonce,
+      bridgeOrigin: 'http://127.0.0.1:17370',
+      bridgeUrl: `http://127.0.0.1:17370/bridge?session=${sessionId}&capture=${captureId}&nonce=${nonce}`,
+      bridgeTabId: 1,
+      bridgeWindowId: 1,
+      targetTabId: 2,
+      targetWindowId: 1,
+      targetUrl: 'https://example.com/app?view=one',
+      targetMode: 'new_tab',
+      createdByCapture: true,
+      keepTabOpen: false,
+      phase: 'target_opening',
+      status: 'running',
+      startedAt: 1,
+      updatedAt: 1,
+      deadlineAt: Date.now() + 60000
+    })
+
+    const response = await cancelAgentCapture(
+      { type: 'AGENT_CAPTURE_CONTROL', captureId, sessionId, nonce, command: 'cancel' },
+      { url: `http://127.0.0.1:17370/bridge?session=${sessionId}&capture=${captureId}&nonce=${nonce}`, tab: { id: 1, windowId: 1 } }
+    )
+
+    assert.equal(response.ok, true)
+    assert.equal((await listAgentCaptureIds()).includes(captureId), false)
+    assert.equal(await getBridgeSession(1), null)
+    assert.equal(
+      warnings.some(args => args[0] === 'StackPrism agent capture cleanup failed.' && args[1]?.operation === 'cleanupTarget'),
+      true
+    )
+  } finally {
+    console.warn = originalWarn
+    delete globalThis.chrome
+  }
+})
+
+test('agent capture cancel reports state removal failures and still clears bridge session', async () => {
+  const env = makeChrome()
+  enableBridgeStatusAck(env)
+  const warnings = []
+  const originalWarn = console.warn
+  console.warn = (...args) => warnings.push(args)
+  const baseRemove = env.chrome.storage.session.remove
+  env.chrome.storage.session.remove = async keys => {
+    const keyList = Array.isArray(keys) ? keys : [keys]
+    if (keyList.includes(`agent-capture:${captureId}`)) throw new Error('state remove failed for cancel cleanup')
+    return baseRemove(keys)
+  }
+  globalThis.chrome = env.chrome
+  const [{ cancelAgentCapture }, { registerBridgeSession, getBridgeSession }, { saveAgentCaptureState, getAgentCaptureState }] =
+    await Promise.all([
+      loadTsModule('src/background/agent-capture.ts'),
+      loadTsModule('src/background/agent-bridge-session.ts'),
+      loadTsModule('src/background/agent-capture-state.ts')
+    ])
+  try {
+    await registerBridgeSession({
+      tabId: 1,
+      windowId: 1,
+      bridgeOrigin: 'http://127.0.0.1:17370',
+      sessionId,
+      captureId,
+      nonce
+    })
+    await saveAgentCaptureState({
+      captureId,
+      sessionId,
+      nonce,
+      bridgeOrigin: 'http://127.0.0.1:17370',
+      bridgeUrl: `http://127.0.0.1:17370/bridge?session=${sessionId}&capture=${captureId}&nonce=${nonce}`,
+      bridgeTabId: 1,
+      bridgeWindowId: 1,
+      targetTabId: 2,
+      targetWindowId: 1,
+      targetUrl: 'https://example.com/app?view=one',
+      targetMode: 'new_tab',
+      createdByCapture: true,
+      keepTabOpen: false,
+      phase: 'target_opening',
+      status: 'running',
+      startedAt: 1,
+      updatedAt: 1,
+      deadlineAt: Date.now() + 60000
+    })
+
+    const response = await cancelAgentCapture(
+      { type: 'AGENT_CAPTURE_CONTROL', captureId, sessionId, nonce, command: 'cancel' },
+      { url: `http://127.0.0.1:17370/bridge?session=${sessionId}&capture=${captureId}&nonce=${nonce}`, tab: { id: 1, windowId: 1 } }
+    )
+
+    assert.equal(response.ok, true)
+    assert.equal((await getAgentCaptureState(captureId)).status, 'cancelled')
+    assert.equal(await getBridgeSession(1), null)
+    assert.equal(
+      warnings.some(args => args[0] === 'StackPrism agent capture cleanup failed.' && args[1]?.operation === 'removeAgentCaptureState'),
+      true
+    )
+  } finally {
+    console.warn = originalWarn
+    delete globalThis.chrome
+  }
+})
+
+test('agent capture state removal logs index rollback failures and preserves the original error', async () => {
+  const env = makeChrome()
+  const errors = []
+  const originalError = console.error
+  console.error = (...args) => errors.push(args)
+  globalThis.chrome = env.chrome
+  const { saveAgentCaptureState, removeAgentCaptureState } = await loadTsModule('src/background/agent-capture-state.ts')
+  try {
+    await saveAgentCaptureState({
+      captureId,
+      sessionId,
+      nonce,
+      bridgeOrigin: 'http://127.0.0.1:17370',
+      bridgeUrl: `http://127.0.0.1:17370/bridge?session=${sessionId}&capture=${captureId}&nonce=${nonce}`,
+      bridgeTabId: 1,
+      bridgeWindowId: 1,
+      targetTabId: 2,
+      targetWindowId: 1,
+      targetUrl: 'https://example.com/app?view=one',
+      targetMode: 'new_tab',
+      createdByCapture: true,
+      keepTabOpen: false,
+      phase: 'target_opening',
+      status: 'running',
+      startedAt: 1,
+      updatedAt: 1,
+      deadlineAt: Date.now() + 60000
+    })
+
+    const baseRemove = env.chrome.storage.session.remove
+    const baseSet = env.chrome.storage.session.set
+    env.chrome.storage.session.remove = async keys => {
+      const keyList = Array.isArray(keys) ? keys : [keys]
+      if (keyList.includes(`agent-capture:${captureId}`)) throw new Error('state remove failed for rollback logging')
+      return baseRemove(keys)
+    }
+    env.chrome.storage.session.set = async value => {
+      if (Array.isArray(value['agent-capture:index']) && value['agent-capture:index'].includes(captureId)) {
+        throw new Error('rollback set failed')
+      }
+      return baseSet(value)
+    }
+
+    await assert.rejects(() => removeAgentCaptureState(captureId), /state remove failed for rollback logging/)
+    assert.equal(
+      errors.some(
+        args =>
+          args[0] === '[SP background]' &&
+          args[1] === 'Agent capture state index rollback failed' &&
+          args[2]?.captureId === '[redacted-id]' &&
+          args[2]?.error?.errorName === 'Error'
+      ),
+      true
+    )
+  } finally {
+    console.error = originalError
+    delete globalThis.chrome
+  }
+})
+
+test('agent capture cancel reports bridge status post failures without leaking cleanup state', async () => {
+  const env = makeChrome()
+  const warnings = []
+  const originalWarn = console.warn
+  console.warn = (...args) => warnings.push(args)
+  env.chrome.tabs.sendMessage = async (_tabId, message) => {
+    env.messages.push(message)
+    if (message.type === 'AGENT_CAPTURE_STATUS') {
+      return {
+        ok: false,
+        error: {
+          code: 'BRIDGE_TRANSPORT_DISCONNECTED',
+          message: 'transport failed token=secret',
+          details: { url: 'http://127.0.0.1:17370/bridge?token=secret#frag' }
+        }
+      }
+    }
+    return { ok: true }
+  }
+  globalThis.chrome = env.chrome
+  const [{ cancelAgentCapture }, { registerBridgeSession, getBridgeSession }, { saveAgentCaptureState, listAgentCaptureIds }] =
+    await Promise.all([
+      loadTsModule('src/background/agent-capture.ts'),
+      loadTsModule('src/background/agent-bridge-session.ts'),
+      loadTsModule('src/background/agent-capture-state.ts')
+    ])
+  try {
+    await registerBridgeSession({
+      tabId: 1,
+      windowId: 1,
+      bridgeOrigin: 'http://127.0.0.1:17370',
+      sessionId,
+      captureId,
+      nonce
+    })
+    await saveAgentCaptureState({
+      captureId,
+      sessionId,
+      nonce,
+      bridgeOrigin: 'http://127.0.0.1:17370',
+      bridgeUrl: `http://127.0.0.1:17370/bridge?session=${sessionId}&capture=${captureId}&nonce=${nonce}`,
+      bridgeTabId: 1,
+      bridgeWindowId: 1,
+      targetTabId: 2,
+      targetWindowId: 1,
+      targetUrl: 'https://example.com/app?view=one',
+      targetMode: 'new_tab',
+      createdByCapture: true,
+      keepTabOpen: false,
+      phase: 'target_opening',
+      status: 'running',
+      startedAt: 1,
+      updatedAt: 1,
+      deadlineAt: Date.now() + 60000
+    })
+
+    const response = await cancelAgentCapture(
+      { type: 'AGENT_CAPTURE_CONTROL', captureId, sessionId, nonce, command: 'cancel' },
+      { url: `http://127.0.0.1:17370/bridge?session=${sessionId}&capture=${captureId}&nonce=${nonce}`, tab: { id: 1, windowId: 1 } }
+    )
+
+    assert.equal(response.ok, true)
+    assert.equal(env.removedTabs.includes(2), true)
+    assert.equal((await listAgentCaptureIds()).includes(captureId), false)
+    assert.equal(await getBridgeSession(1), null)
+    assert.equal(
+      warnings.some(args => args[0] === 'StackPrism agent capture cleanup failed.' && args[1]?.operation === 'postCaptureStatusToBridge'),
+      true
+    )
+    assert.equal(JSON.stringify(warnings).includes('token=secret'), false)
+    assert.equal(JSON.stringify(warnings).includes('#frag'), false)
+  } finally {
+    console.warn = originalWarn
+    delete globalThis.chrome
+  }
+})
+
+test('agent capture reports target tab closure and clears capture state', async () => {
+  const env = makeChrome()
+  enableBridgeStatusAck(env)
+  globalThis.chrome = env.chrome
+  const [{ handleAgentCaptureTabRemoved }, { saveAgentCaptureState, listAgentCaptureIds }] = await Promise.all([
+    loadTsModule('src/background/agent-capture.ts'),
+    loadTsModule('src/background/agent-capture-state.ts')
+  ])
+  await saveAgentCaptureState({
+    captureId,
+    sessionId,
+    nonce,
+    bridgeOrigin: 'http://127.0.0.1:17370',
+    bridgeUrl: `http://127.0.0.1:17370/bridge?session=${sessionId}&capture=${captureId}&nonce=${nonce}`,
+    bridgeTabId: 1,
+    bridgeWindowId: 1,
+    targetTabId: 2,
+    targetWindowId: 1,
+    targetUrl: 'https://example.com/app?view=one',
+    targetMode: 'new_tab',
+    createdByCapture: true,
+    keepTabOpen: false,
+    phase: 'target_loaded',
+    status: 'running',
+    startedAt: 1,
+    updatedAt: 1,
+    deadlineAt: Date.now() + 60000
+  })
+
+  await handleAgentCaptureTabRemoved(2)
+
+  assert.equal(
+    env.messages.some(message => message.type === 'AGENT_CAPTURE_STATUS' && message.payload.error?.code === 'TARGET_TAB_CLOSED'),
+    true
+  )
+  assert.equal(env.removedTabs.includes(2), true)
+  assert.deepEqual(await listAgentCaptureIds(), [])
+  delete globalThis.chrome
+})
+
+test('agent capture reports target navigation away before profile delivery', async () => {
+  const env = makeChrome()
+  enableBridgeStatusAck(env)
+  globalThis.chrome = env.chrome
+  const [{ handleAgentCaptureTabNavigation }, { saveAgentCaptureState, listAgentCaptureIds }] = await Promise.all([
+    loadTsModule('src/background/agent-capture.ts'),
+    loadTsModule('src/background/agent-capture-state.ts')
+  ])
+  await saveAgentCaptureState({
+    captureId,
+    sessionId,
+    nonce,
+    bridgeOrigin: 'http://127.0.0.1:17370',
+    bridgeUrl: `http://127.0.0.1:17370/bridge?session=${sessionId}&capture=${captureId}&nonce=${nonce}`,
+    bridgeTabId: 1,
+    bridgeWindowId: 1,
+    targetTabId: 2,
+    targetWindowId: 1,
+    targetUrl: 'https://example.com/app?view=one',
+    finalUrl: 'https://example.com/app?view=one',
+    targetMode: 'new_tab',
+    createdByCapture: true,
+    keepTabOpen: false,
+    phase: 'target_loaded',
+    status: 'running',
+    startedAt: 1,
+    updatedAt: 1,
+    deadlineAt: Date.now() + 60000
+  })
+
+  await handleAgentCaptureTabNavigation(2, 'https://example.com/app?view=two')
+
+  assert.equal(
+    env.messages.some(message => message.type === 'AGENT_CAPTURE_STATUS' && message.payload.error?.code === 'TARGET_NAVIGATED_AWAY'),
+    true
+  )
+  assert.deepEqual(await listAgentCaptureIds(), [])
+  delete globalThis.chrome
+})
+
+test('agent capture reports target main-frame load failure', async () => {
+  const env = makeChrome()
+  enableBridgeStatusAck(env)
+  globalThis.chrome = env.chrome
+  const [{ handleAgentCaptureNavigationError }, { saveAgentCaptureState, listAgentCaptureIds }] = await Promise.all([
+    loadTsModule('src/background/agent-capture.ts'),
+    loadTsModule('src/background/agent-capture-state.ts')
+  ])
+  await saveAgentCaptureState({
+    captureId,
+    sessionId,
+    nonce,
+    bridgeOrigin: 'http://127.0.0.1:17370',
+    bridgeUrl: `http://127.0.0.1:17370/bridge?session=${sessionId}&capture=${captureId}&nonce=${nonce}`,
+    bridgeTabId: 1,
+    bridgeWindowId: 1,
+    targetTabId: 2,
+    targetWindowId: 1,
+    targetUrl: 'https://example.com/app?view=one',
+    targetMode: 'new_tab',
+    createdByCapture: true,
+    keepTabOpen: false,
+    phase: 'target_opening',
+    status: 'running',
+    startedAt: 1,
+    updatedAt: 1,
+    deadlineAt: Date.now() + 60000
+  })
+
+  await handleAgentCaptureNavigationError(2, 0, 'net::ERR_CONNECTION_RESET?token=secret')
+
+  const failureStatus = env.messages.find(
+    message => message.type === 'AGENT_CAPTURE_STATUS' && message.payload.error?.code === 'TARGET_LOAD_FAILED'
+  )
+  assert.ok(failureStatus)
+  assert.equal(failureStatus.payload.error.details.reason, 'navigation_error')
+  assert.equal(JSON.stringify(failureStatus.payload.error).includes('token=secret'), false)
+  assert.equal(env.removedTabs.includes(2), true)
+  assert.deepEqual(await listAgentCaptureIds(), [])
+  delete globalThis.chrome
+})
+
+test('agent capture ignores superseded main-frame aborts and keeps waiting', async () => {
+  const env = makeChrome()
+  enableBridgeStatusAck(env)
+  globalThis.chrome = env.chrome
+  const [{ handleAgentCaptureNavigationError }, { saveAgentCaptureState, listAgentCaptureIds, getAgentCaptureState }] = await Promise.all([
+    loadTsModule('src/background/agent-capture.ts'),
+    loadTsModule('src/background/agent-capture-state.ts')
+  ])
+  await saveAgentCaptureState({
+    captureId,
+    sessionId,
+    nonce,
+    bridgeOrigin: 'http://127.0.0.1:17370',
+    bridgeUrl: `http://127.0.0.1:17370/bridge?session=${sessionId}&capture=${captureId}&nonce=${nonce}`,
+    bridgeTabId: 1,
+    bridgeWindowId: 1,
+    targetTabId: 2,
+    targetWindowId: 1,
+    targetUrl: 'https://example.com/app?view=one',
+    targetMode: 'new_tab',
+    createdByCapture: true,
+    keepTabOpen: false,
+    phase: 'target_opening',
+    status: 'running',
+    startedAt: 1,
+    updatedAt: 1,
+    deadlineAt: Date.now() + 60000
+  })
+
+  await handleAgentCaptureNavigationError(2, 0, 'net::ERR_ABORTED')
+
+  assert.equal(
+    env.messages.some(message => message.type === 'AGENT_CAPTURE_STATUS' && message.payload.error?.code === 'TARGET_LOAD_FAILED'),
+    false
+  )
+  assert.equal(env.removedTabs.includes(2), false)
+  assert.deepEqual(await listAgentCaptureIds(), [captureId])
+  assert.equal((await getAgentCaptureState(captureId))?.status, 'running')
+  delete globalThis.chrome
+})
+
+test('target tab load timeout fires before the global capture deadline', async () => {
+  const env = makeChrome()
+  const targetTab = env.tabs.find(tab => tab.id === 2)
+  targetTab.status = 'loading'
+  globalThis.chrome = env.chrome
+  const originalSetTimeout = globalThis.setTimeout
+  const originalClearTimeout = globalThis.clearTimeout
+  let recordedDelay = -1
+  globalThis.setTimeout = (_callback, delay) => {
+    recordedDelay = Number(delay)
+    return { fakeTimer: true }
+  }
+  globalThis.clearTimeout = () => {}
+  resetLoadTsModuleCaches()
+  try {
+    const { waitForTargetTabLoaded } = await loadTsModule('src/background/agent-capture-target.ts')
+    const waiting = waitForTargetTabLoaded(2, Date.now() + 60000)
+    await Promise.resolve()
+
+    assert(recordedDelay >= 54000, `Target load timeout fired too early: ${recordedDelay}`)
+    assert(recordedDelay <= 55000, `Target load timeout did not leave bridge reporting grace: ${recordedDelay}`)
+
+    env.tabEvents.onRemoved[0](2)
+    await assert.rejects(waiting, /TARGET_TAB_CLOSED/)
+  } finally {
+    globalThis.setTimeout = originalSetTimeout
+    globalThis.clearTimeout = originalClearTimeout
+    delete globalThis.chrome
+    resetLoadTsModuleCaches()
+  }
+})
+
+test('target tab load wait rechecks state after subscribing to tab events', async () => {
+  const env = makeChrome()
+  const targetTab = env.tabs.find(tab => tab.id === 2)
+  targetTab.status = 'loading'
+  let getCalls = 0
+  env.chrome.tabs.get = async id => {
+    assert.equal(id, 2)
+    getCalls += 1
+    if (getCalls === 1) {
+      return { ...targetTab, status: 'loading' }
+    }
+    targetTab.status = 'complete'
+    return { ...targetTab, status: 'complete' }
+  }
+  globalThis.chrome = env.chrome
+  const originalSetTimeout = globalThis.setTimeout
+  const originalClearTimeout = globalThis.clearTimeout
+  let timeoutCallback = null
+  globalThis.setTimeout = callback => {
+    timeoutCallback = callback
+    return { fakeTimer: true }
+  }
+  globalThis.clearTimeout = () => {
+    timeoutCallback = null
+  }
+  resetLoadTsModuleCaches()
+  try {
+    const { waitForTargetTabLoaded } = await loadTsModule('src/background/agent-capture-target.ts')
+    const waiting = waitForTargetTabLoaded(2, Date.now() + 60000)
+    await Promise.resolve()
+    await Promise.resolve()
+    timeoutCallback?.()
+
+    const loaded = await waiting
+    assert.equal(loaded.status, 'complete')
+    assert.ok(getCalls >= 2)
+    assert.equal(env.tabEvents.onUpdated.length, 0)
+    assert.equal(env.tabEvents.onRemoved.length, 0)
+  } finally {
+    globalThis.setTimeout = originalSetTimeout
+    globalThis.clearTimeout = originalClearTimeout
+    delete globalThis.chrome
+    resetLoadTsModuleCaches()
+  }
+})
+
+test('agent capture restart recovery fails closed and notifies bridge tab when possible', async () => {
+  const env = makeChrome()
+  enableBridgeStatusAck(env)
+  globalThis.chrome = env.chrome
+  const [{ recoverInterruptedAgentCaptures }, { saveAgentCaptureState, listAgentCaptureIds }] = await Promise.all([
+    loadTsModule('src/background/agent-capture.ts'),
+    loadTsModule('src/background/agent-capture-state.ts')
+  ])
+  await saveAgentCaptureState({
+    captureId,
+    sessionId,
+    nonce,
+    bridgeOrigin: 'http://127.0.0.1:17370',
+    bridgeUrl: `http://127.0.0.1:17370/bridge?session=${sessionId}&capture=${captureId}&nonce=${nonce}`,
+    bridgeTabId: 1,
+    bridgeWindowId: 1,
+    targetTabId: 2,
+    targetWindowId: 1,
+    targetUrl: 'https://example.com/app?view=one',
+    targetMode: 'new_tab',
+    createdByCapture: true,
+    keepTabOpen: false,
+    phase: 'target_loaded',
+    status: 'running',
+    startedAt: 1,
+    updatedAt: 1,
+    deadlineAt: Date.now() + 60000
+  })
+
+  await recoverInterruptedAgentCaptures()
+
+  assert.equal(
+    env.messages.some(message => message.type === 'AGENT_CAPTURE_STATUS' && message.payload.error?.code === 'SERVICE_WORKER_RESTARTED'),
+    true
+  )
+  assert.equal(env.removedTabs.includes(2), true)
+  assert.deepEqual(await listAgentCaptureIds(), [])
+  delete globalThis.chrome
+})
+
+test('agent capture recovery does not fake restore when storage session was cleared', async () => {
+  const env = makeChrome()
+  enableBridgeStatusAck(env)
+  globalThis.chrome = env.chrome
+  const [{ recoverInterruptedAgentCaptures }, { listAgentCaptureIds }] = await Promise.all([
+    loadTsModule('src/background/agent-capture.ts'),
+    loadTsModule('src/background/agent-capture-state.ts')
+  ])
+
+  env.storage['agent-capture:index'] = []
+
+  await recoverInterruptedAgentCaptures()
+
+  assert.equal(
+    env.messages.some(message => message.type === 'AGENT_CAPTURE_STATUS'),
+    false
+  )
+  assert.deepEqual(env.removedTabs, [])
+  assert.deepEqual(await listAgentCaptureIds(), [])
+  delete globalThis.chrome
+})
+
+test('startup recovery ignores captures created after recovery starts', async () => {
+  resetLoadTsModuleCaches()
+  const env = makeChrome()
+  enableBridgeStatusAck(env)
+  enableFastHeaderFallback()
+  const originalGet = env.chrome.storage.session.get
+  const originalSet = env.chrome.storage.session.set
+  let recoveryReadStarted = false
+  let releaseRecoveryRead
+  let resolveCaptureStateSaved
+  const captureStateSaved = new Promise(resolve => {
+    resolveCaptureStateSaved = resolve
+  })
+  env.chrome.storage.session.get = async key => {
+    if (key === 'agent-capture:index' && !recoveryReadStarted) {
+      recoveryReadStarted = true
+      return new Promise(resolve => {
+        releaseRecoveryRead = () => resolve(originalGet(key))
+      })
+    }
+    return originalGet(key)
+  }
+  env.chrome.storage.session.set = async value => {
+    await originalSet(value)
+    if (Object.keys(value).includes(`agent-capture:${captureId}`)) resolveCaptureStateSaved()
+  }
+  globalThis.chrome = env.chrome
+  const [{ registerBridgeSession }, { startAgentCapture, registerAgentProfileTransferPort }, { getAgentCaptureState }] =
+    await Promise.all([
+      loadTsModule('src/background/agent-bridge-session.ts'),
+      loadTsModule('src/background/agent-capture.ts'),
+      loadTsModule('src/background/agent-capture-state.ts')
+    ])
+  await registerBridgeSession({
+    tabId: 1,
+    windowId: 1,
+    bridgeOrigin: 'http://127.0.0.1:17370',
+    sessionId,
+    captureId,
+    nonce
+  })
+  await connectProfileTransferPort(env, registerAgentProfileTransferPort)
+  const recovery = loadTsModule('src/background/index.ts')
+  await waitForCondition(() => recoveryReadStarted)
+
+  const start = startAgentCapture(
+    {
+      type: 'START_AGENT_CAPTURE',
+      captureId,
+      sessionId,
+      nonce,
+      bridgeOrigin: 'http://127.0.0.1:17370',
+      request: { ...baseRequest, options: { ...baseRequest.options, targetMode: 'new_tab' } },
+      capabilities: { ...fullCapabilities }
+    },
+    { url: `http://127.0.0.1:17370/bridge?session=${sessionId}&capture=${captureId}&nonce=${nonce}`, tab: { id: 1, windowId: 1 } }
+  )
+  await Promise.race([captureStateSaved, new Promise(resolve => setTimeout(resolve, 50))])
+  releaseRecoveryRead()
+  const response = await start
+  assert.equal(response.ok, true)
+  await recovery
+  await new Promise(resolve => setTimeout(resolve, 20))
+  await waitForProfileTransferComplete(env)
+
+  assert.equal(
+    env.messages.some(message => message.type === 'AGENT_CAPTURE_STATUS' && message.payload.error?.code === 'SERVICE_WORKER_RESTARTED'),
+    false
+  )
+  assert.equal(env.messages.some(message => message.type === 'AGENT_CAPTURE_STATUS' && message.payload.error), false)
+  assert.equal((await getAgentCaptureState(captureId))?.error, undefined)
+  delete globalThis.chrome
+  restoreFetch()
+  resetLoadTsModuleCaches()
+})
+
+test('bridge tab closure fails closed and clears owned target tab without fake success', async () => {
+  const env = makeChrome()
+  enableBridgeStatusAck(env)
+  globalThis.chrome = env.chrome
+  const [{ handleAgentCaptureTabRemoved }, { saveAgentCaptureState, listAgentCaptureIds }] = await Promise.all([
+    loadTsModule('src/background/agent-capture.ts'),
+    loadTsModule('src/background/agent-capture-state.ts')
+  ])
+  await saveAgentCaptureState({
+    captureId,
+    sessionId,
+    nonce,
+    bridgeOrigin: 'http://127.0.0.1:17370',
+    bridgeUrl: `http://127.0.0.1:17370/bridge?session=${sessionId}&capture=${captureId}&nonce=${nonce}`,
+    bridgeTabId: 1,
+    bridgeWindowId: 1,
+    targetTabId: 2,
+    targetWindowId: 1,
+    targetUrl: 'https://example.com/app?view=one',
+    targetMode: 'new_tab',
+    createdByCapture: true,
+    keepTabOpen: false,
+    phase: 'target_loaded',
+    status: 'running',
+    startedAt: 1,
+    updatedAt: 1,
+    deadlineAt: Date.now() + 60000
+  })
+
+  await handleAgentCaptureTabRemoved(1)
+
+  assert.equal(
+    env.messages.some(message => message.type === 'AGENT_CAPTURE_STATUS'),
+    false
+  )
+  assert.equal(env.removedTabs.includes(2), true)
+  assert.deepEqual(await listAgentCaptureIds(), [])
+  delete globalThis.chrome
+})
diff --git a/tests/background-logging.test.mjs b/tests/background-logging.test.mjs
new file mode 100644
index 00000000..74f3da1e
--- /dev/null
+++ b/tests/background-logging.test.mjs
@@ -0,0 +1,65 @@
+import assert from 'node:assert/strict'
+import { test } from 'node:test'
+import { loadTsModule } from './helpers/load-ts-module.mjs'
+
+const pollutedErrorName =
+  'BridgeCleanup http://127.0.0.1:17370/bridge?token=secret&nonce=n_SECRETSECRETSECRETSECRET spb_ABCDEFGHIJKLMNOPQRSTUVWxy123456789012345'
+
+test('background error log details redact bridge URLs, tokens, ids, and Error contents', async () => {
+  const { redactLogUrl, sanitizeLogDetails } = await loadTsModule('src/background/logging.ts')
+
+  assert.equal(
+    redactLogUrl('http://127.0.0.1:17370/bridge?session=s_SECRETSECRETSECRETSECRET&nonce=n_SECRETSECRETSECRETSECRET#frag'),
+    'http://127.0.0.1:17370/bridge?[redacted]'
+  )
+
+  const error = new Error('leaked http://127.0.0.1:17370/bridge?token=spb_ABCDEFGHIJKLMNOPQRSTUVWxy123456789012345')
+  const sanitized = sanitizeLogDetails({
+    error,
+    message: 'failed cap_ABCDEFGHIJKLMNOPQRSTUV at http://127.0.0.1:17370/v1/captures/cap_ABCDEFGHIJKLMNOPQRSTUV/profile?token=secret#frag',
+    nested: {
+      authorization: 'Bearer spb_ABCDEFGHIJKLMNOPQRSTUVWxy123456789012345',
+      ids: ['spbt_ABCDEFGHIJKLMNOPQRSTUVWxy123456789012345', 'n_ABCDEFGHIJKLMNOPQRSTUV']
+    }
+  })
+
+  const serialized = JSON.stringify(sanitized)
+  assert.deepEqual(sanitized.error, { errorName: 'Error' })
+  assert.equal(sanitized.nested.authorization, '[redacted]')
+  assert.equal(serialized.includes('token=secret'), false)
+  assert.equal(serialized.includes('#frag'), false)
+  assert.equal(serialized.includes('spb_'), false)
+  assert.equal(serialized.includes('spbt_'), false)
+  assert.equal(serialized.includes('cap_ABCDEFGHIJKLMNOPQRSTUV'), false)
+  assert.equal(serialized.includes('n_ABCDEFGHIJKLMNOPQRSTUV'), false)
+
+  const pollutedName = new Error('not logged')
+  pollutedName.name = pollutedErrorName
+  const pollutedSerialized = JSON.stringify(sanitizeLogDetails({ pollutedName }))
+  assert.equal(pollutedSerialized.includes('token=secret'), false)
+  assert.equal(pollutedSerialized.includes('nonce='), false)
+  assert.equal(pollutedSerialized.includes('spb_'), false)
+  assert.equal(pollutedSerialized.includes('http://127.0.0.1:17370/bridge?token=secret'), false)
+})
+
+test('agent capture cleanup warnings redact polluted Error names', async () => {
+  const { reportCleanupFailure } = await loadTsModule('src/background/agent-capture-failure.ts')
+  const caught = new Error('not logged')
+  caught.name = pollutedErrorName
+  const warnings = []
+  const originalWarn = console.warn
+
+  try {
+    console.warn = (...args) => warnings.push(args)
+    reportCleanupFailure('cleanupTarget', caught)
+  } finally {
+    console.warn = originalWarn
+  }
+
+  assert.equal(warnings.length, 1)
+  const serialized = JSON.stringify(warnings)
+  assert.equal(serialized.includes('token=secret'), false)
+  assert.equal(serialized.includes('nonce='), false)
+  assert.equal(serialized.includes('spb_'), false)
+  assert.equal(serialized.includes('http://127.0.0.1:17370/bridge?token=secret'), false)
+})
diff --git a/tests/experience-profile-format.test.mjs b/tests/experience-profile-format.test.mjs
new file mode 100644
index 00000000..a0e4c4ba
--- /dev/null
+++ b/tests/experience-profile-format.test.mjs
@@ -0,0 +1,153 @@
+import assert from 'node:assert/strict'
+import { spawnSync } from 'node:child_process'
+import { mkdtemp, readFile, rm } from 'node:fs/promises'
+import { tmpdir } from 'node:os'
+import path from 'node:path'
+import { test } from 'node:test'
+import { fileURLToPath } from 'node:url'
+import { loadTsModule } from './helpers/load-ts-module.mjs'
+
+const projectRoot = fileURLToPath(new URL('..', import.meta.url))
+
+test('built experience profiler exposes executeScript result reference', async () => {
+  const outDir = await mkdtemp(path.join(tmpdir(), 'stackprism-injected-'))
+  try {
+    const result = spawnSync(process.execPath, ['build-scripts/build-injected.mjs'], {
+      cwd: projectRoot,
+      encoding: 'utf8',
+      env: { ...process.env, INJECTED_ENTRIES: 'experience-profiler', INJECTED_OUT_DIR: outDir }
+    })
+
+    assert.equal(result.status, 0, result.stderr || result.stdout)
+    const built = await readFile(path.join(outDir, 'experience-profiler.iife.js'), 'utf8')
+    assert.match(built, /__StackPrismInjected_experience_profiler__;\s*$/)
+    await assert.rejects(readFile(path.join(outDir, 'page-detector.iife.js')))
+  } finally {
+    await rm(outDir, { recursive: true, force: true })
+  }
+})
+
+test('experience profiler default export is structured-clone safe', async () => {
+  const { default: result } = await loadTsModule('src/injected/experience-profiler.ts')
+  const clone = structuredClone(result)
+
+  assert.equal(typeof clone, 'object')
+  assert.ok(clone.visual)
+  assert.ok(clone.layout)
+  assert.ok(clone.components)
+  assert.ok(clone.interaction)
+  assert.ok(clone.ux)
+  assert.ok(clone.assets)
+  assert.ok(clone.evidence.truncation)
+  assert.ok(JSON.stringify(clone).length < 2 * 1024 * 1024)
+})
+
+test('experience profiler preserves matched selector metadata for bounding boxes', async () => {
+  const source = await readFile(new URL('../src/injected/experience-profiler-visual-layout.ts', import.meta.url), 'utf8')
+
+  assert.match(source, /map\(element => \(\{ selector, element \}\)\)/)
+  assert.doesNotMatch(source, /selector:\s*element\.tagName/)
+})
+
+test('experience profiler collects language and first-order UX categories', async () => {
+  const [entrySource, uxSource] = await Promise.all([
+    readFile(new URL('../src/injected/experience-profiler.ts', import.meta.url), 'utf8'),
+    readFile(new URL('../src/injected/experience-profiler-ux-assets.ts', import.meta.url), 'utf8')
+  ])
+
+  assert.match(entrySource, /documentElement\.lang/)
+  assert.match(uxSource, /pagePurpose/)
+  assert.match(uxSource, /primaryUserPath/)
+  assert.match(uxSource, /informationHierarchy/)
+  assert.match(uxSource, /ctaStrategy/)
+  assert.match(uxSource, /trustSignals/)
+  assert.match(uxSource, /navigationDepth/)
+  assert.match(uxSource, /contentGrouping/)
+  assert.match(uxSource, /frictionPoints/)
+})
+
+test('experience profiler redacts sensitive URL paths and preserves full component counts', async () => {
+  const [commonSource, componentsSource, entrySource] = await Promise.all([
+    readFile(new URL('../src/injected/experience-profiler-common.ts', import.meta.url), 'utf8'),
+    readFile(new URL('../src/injected/experience-profiler-components.ts', import.meta.url), 'utf8'),
+    readFile(new URL('../src/injected/experience-profiler.ts', import.meta.url), 'utf8')
+  ])
+
+  assert.match(commonSource, /isSensitivePathSegment/)
+  assert.match(commonSource, /url\.pathname = redactPathname\(url\.pathname\)/)
+  assert.match(componentsSource, /counts\[type\] = matches\.length/)
+  assert.match(componentsSource, /matches\.slice\(0, 20\)/)
+  assert.match(entrySource, /for \(const shrink of shrinkSteps\)/)
+  assert.match(entrySource, /byteLengthOf\(profile\)/)
+  assert.match(entrySource, /initialBytes - bytes/)
+})
+
+test('experience profiler keeps executeScriptResult as omitted bytes when final result remains oversized', async () => {
+  const [commonSource, entrySource] = await Promise.all([
+    readFile(new URL('../src/injected/experience-profiler-common.ts', import.meta.url), 'utf8'),
+    readFile(new URL('../src/injected/experience-profiler.ts', import.meta.url), 'utf8')
+  ])
+
+  assert.match(commonSource, /executeScriptResultOverLimit:\s*number/)
+  assert.match(commonSource, /executeScriptResultOverLimit:\s*0/)
+  assert.match(entrySource, /const finalBytes = byteLengthOf\(profile\)/)
+  assert.match(entrySource, /profile\.evidence\.truncation\.executeScriptResult = Math\.max\(0, initialBytes - finalBytes\)/)
+  assert.match(
+    entrySource,
+    /profile\.evidence\.truncation\.executeScriptResultOverLimit = Math\.max\(0, finalBytes - LIMITS\.executeScriptResultBytes\)/
+  )
+  assert.doesNotMatch(
+    entrySource,
+    /profile\.evidence\.truncation\.executeScriptResult = Math\.max\(0, byteLengthOf\(profile\) - LIMITS\.executeScriptResultBytes\)/
+  )
+})
+
+test('experience profiler safeUrl preserves ordinary key substrings and redacts sensitive path tokens', async () => {
+  const { safeUrl } = await loadTsModule('src/injected/experience-profiler-common.ts')
+  const originalLocation = Object.getOwnPropertyDescriptor(globalThis, 'location')
+  Object.defineProperty(globalThis, 'location', {
+    configurable: true,
+    value: { href: 'https://example.com/base/' }
+  })
+
+  try {
+    assert.equal(
+      safeUrl('https://example.com/products/keyboard/turkey/monkey?token=secret#frag'),
+      'https://example.com/products/keyboard/turkey/monkey?token=%5Bredacted%5D'
+    )
+    assert.equal(
+      safeUrl('https://example.com/account/apiKey/privateKey/passcode/sessionId?next=/home'),
+      'https://example.com/account/[redacted]/[redacted]/[redacted]/[redacted]?next=%5Bredacted%5D'
+    )
+    assert.equal(
+      safeUrl('https://vercel.com/dashboard/projects/very-long-project-name-with-token-like-segment-and-many-words'),
+      'https://vercel.com/dashboard/projects/very-long-project-name-with-token-like-segment-and-many-words'
+    )
+    assert.equal(
+      safeUrl('https://example.com/download/Abcd1234EFGH5678ijkl9012?next=/home'),
+      'https://example.com/download/[redacted]?next=%5Bredacted%5D'
+    )
+  } finally {
+    if (originalLocation) Object.defineProperty(globalThis, 'location', originalLocation)
+    else delete globalThis.location
+  }
+})
+
+test('experience profiler cleanText redacts spaced bearer credentials', async () => {
+  const { cleanText } = await loadTsModule('src/injected/experience-profiler-common.ts')
+
+  const cleaned = cleanText('Authorization: Bearer sk_live_abc123; token=secret')
+
+  assert.equal(cleaned, 'Authorization=[redacted]; token=[redacted]')
+  assert.doesNotMatch(cleaned, /Bearer|sk_live_abc123|secret/)
+})
+
+test('site experience fixture covers visual, layout, component and sensitive text cases', async () => {
+  const fixture = await readFile(new URL('./fixtures/site-experience-fixture.html', import.meta.url), 'utf8')
+
+  assert.match(fixture, /transition:/)
+  assert.match(fixture, /<header/)
+  assert.match(fixture, /<button/)
+  assert.match(fixture, /user@example\.com/)
+  assert.match(fixture, /token=secret/)
+})
diff --git a/tests/fixtures/bridge-protocol-identifiers.json b/tests/fixtures/bridge-protocol-identifiers.json
new file mode 100644
index 00000000..cfb20ca5
--- /dev/null
+++ b/tests/fixtures/bridge-protocol-identifiers.json
@@ -0,0 +1,127 @@
+{
+  "apiToken": {
+    "valid": ["spb_AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "spb_0123456789abcdefghijklmnopqrstuvwxyzABCDEFG"],
+    "invalid": [
+      "",
+      "spb_xxx",
+      "spbt_AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
+      "spb_AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
+      "spb_AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
+      "spb_AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+",
+      "spb_AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/",
+      "spb_AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=",
+      "spb_AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA ",
+      "spb_AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA好",
+      "spb_AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA%2F",
+      "../spb_AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
+      "spb_AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA?"
+    ]
+  },
+  "bridgeToken": {
+    "valid": ["spbt_BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB", "spbt_0123456789abcdefghijklmnopqrstuvwxyzABCDEFG"],
+    "invalid": [
+      "",
+      "spbt_xxx",
+      "spb_BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB",
+      "spbt_BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB",
+      "spbt_BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB",
+      "spbt_BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB+",
+      "spbt_BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB/",
+      "spbt_BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB=",
+      "spbt_BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB ",
+      "spbt_BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB好",
+      "spbt_BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB%2F",
+      "../spbt_BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB",
+      "spbt_BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB?"
+    ]
+  },
+  "captureId": {
+    "valid": ["cap_CCCCCCCCCCCCCCCCCCCCCC", "cap_0123456789abcdefghij_-"],
+    "invalid": [
+      "",
+      "cap_20260521_abcdef",
+      "CAP_CCCCCCCCCCCCCCCCCCCCCC",
+      "cap_CCCCCCCCCCCCCCCCCCCCC",
+      "cap_CCCCCCCCCCCCCCCCCCCCCCC",
+      "cap_CCCCCCCCCCCCCCCCCCCCC+",
+      "cap_CCCCCCCCCCCCCCCCCCCCC/",
+      "cap_CCCCCCCCCCCCCCCCCCCCC=",
+      "cap_CCCCCCCCCCCCCCCCCCCCC ",
+      "cap_CCCCCCCCCCCCCCCCCCCCC好",
+      "cap_CCCCCCCCCCCCCCCCCCCCC%2F",
+      "../cap_CCCCCCCCCCCCCCCCCC",
+      "cap_CCCCCCCCCCCCCCCCCCCCC?"
+    ]
+  },
+  "sessionId": {
+    "valid": ["s_DDDDDDDDDDDDDDDDDDDDDD", "s_0123456789abcdefghij_-"],
+    "invalid": [
+      "",
+      "s_xxx",
+      "S_DDDDDDDDDDDDDDDDDDDDDD",
+      "s_DDDDDDDDDDDDDDDDDDDDD",
+      "s_DDDDDDDDDDDDDDDDDDDDDDD",
+      "s_DDDDDDDDDDDDDDDDDDDDD+",
+      "s_DDDDDDDDDDDDDDDDDDDDD/",
+      "s_DDDDDDDDDDDDDDDDDDDDD=",
+      "s_DDDDDDDDDDDDDDDDDDDDD ",
+      "s_DDDDDDDDDDDDDDDDDDDDD好",
+      "s_DDDDDDDDDDDDDDDDDDDDD%2F",
+      "../s_DDDDDDDDDDDDDDDDDDD",
+      "s_DDDDDDDDDDDDDDDDDDDDD?"
+    ]
+  },
+  "nonce": {
+    "valid": ["n_EEEEEEEEEEEEEEEEEEEEEE", "n_0123456789abcdefghij_-"],
+    "invalid": [
+      "",
+      "n_xxx",
+      "N_EEEEEEEEEEEEEEEEEEEEEE",
+      "n_EEEEEEEEEEEEEEEEEEEEE",
+      "n_EEEEEEEEEEEEEEEEEEEEEEE",
+      "n_EEEEEEEEEEEEEEEEEEEEE+",
+      "n_EEEEEEEEEEEEEEEEEEEEE/",
+      "n_EEEEEEEEEEEEEEEEEEEEE=",
+      "n_EEEEEEEEEEEEEEEEEEEEE ",
+      "n_EEEEEEEEEEEEEEEEEEEEE好",
+      "n_EEEEEEEEEEEEEEEEEEEEE%2F",
+      "../n_EEEEEEEEEEEEEEEEEEEE",
+      "n_EEEEEEEEEEEEEEEEEEEEE?"
+    ]
+  },
+  "profileTransferId": {
+    "valid": ["xfer_FFFFFFFFFFFFFFFFFFFFFF", "xfer_0123456789abcdefghij_-"],
+    "invalid": [
+      "",
+      "xfer_xxx",
+      "XFER_FFFFFFFFFFFFFFFFFFFFFF",
+      "xfer_FFFFFFFFFFFFFFFFFFFFF",
+      "xfer_FFFFFFFFFFFFFFFFFFFFFFF",
+      "xfer_FFFFFFFFFFFFFFFFFFFFF+",
+      "xfer_FFFFFFFFFFFFFFFFFFFFF/",
+      "xfer_FFFFFFFFFFFFFFFFFFFFF=",
+      "xfer_FFFFFFFFFFFFFFFFFFFFF ",
+      "xfer_FFFFFFFFFFFFFFFFFFFFF好",
+      "xfer_FFFFFFFFFFFFFFFFFFFFF%2F",
+      "../xfer_FFFFFFFFFFFFFFFFFFFF",
+      "xfer_FFFFFFFFFFFFFFFFFFFFF?"
+    ]
+  },
+  "cspNonce": {
+    "valid": ["GGGGGGGGGGGGGGGGGGGGGG", "0123456789abcdefghij_-"],
+    "invalid": [
+      "",
+      "csp_xxx",
+      "GGGGGGGGGGGGGGGGGGGGG",
+      "GGGGGGGGGGGGGGGGGGGGGGG",
+      "GGGGGGGGGGGGGGGGGGGGG+",
+      "GGGGGGGGGGGGGGGGGGGGG/",
+      "GGGGGGGGGGGGGGGGGGGGG=",
+      "GGGGGGGGGGGGGGGGGGGGG ",
+      "GGGGGGGGGGGGGGGGGGGGG好",
+      "GGGGGGGGGGGGGGGGGGGGG%2F",
+      "../GGGGGGGGGGGGGGGGGGGG",
+      "GGGGGGGGGGGGGGGGGGGGG?"
+    ]
+  }
+}
diff --git a/tests/fixtures/bridge-url-policy-cases.json b/tests/fixtures/bridge-url-policy-cases.json
new file mode 100644
index 00000000..8dbdd989
--- /dev/null
+++ b/tests/fixtures/bridge-url-policy-cases.json
@@ -0,0 +1,63 @@
+{
+  "publicHostname": {
+    "url": "https://Public.Example:443/app?view=one#frag",
+    "resolvedAddresses": ["93.184.216.34"],
+    "normalizedUrl": "https://public.example/app?view=one"
+  },
+  "privateHostname": {
+    "url": "https://dev.internal.example/dashboard",
+    "resolvedAddresses": ["192.168.10.20"],
+    "errorCode": "PRIVATE_NETWORK_TARGET_BLOCKED"
+  },
+  "mixedHostname": {
+    "url": "https://mixed.internal.example/dashboard",
+    "resolvedAddresses": ["93.184.216.34", "10.1.2.3"],
+    "errorCode": "PRIVATE_NETWORK_TARGET_BLOCKED"
+  },
+  "proxyReservedHostname": {
+    "url": "https://proxy-reserved.example/dashboard",
+    "resolvedAddresses": ["198.18.0.12"],
+    "normalizedUrl": "https://proxy-reserved.example/dashboard"
+  },
+  "proxyReservedIpLiteral": {
+    "url": "https://198.18.0.12/dashboard",
+    "errorCode": "PRIVATE_NETWORK_TARGET_BLOCKED"
+  },
+  "specialUseHostname": {
+    "url": "https://special-use.internal.example/dashboard",
+    "resolvedAddresses": [
+      "0.0.0.0",
+      "100.64.0.1",
+      "192.0.2.1",
+      "192.88.99.1",
+      "198.51.100.1",
+      "203.0.113.1",
+      "224.0.0.1",
+      "240.0.0.1",
+      "255.255.255.255"
+    ],
+    "errorCode": "PRIVATE_NETWORK_TARGET_BLOCKED"
+  },
+  "specialUseIpv6Hostname": {
+    "url": "https://special-use-v6.internal.example/dashboard",
+    "resolvedAddresses": ["::", "::ffff:100.64.0.1", "64:ff9b:1::1", "100::1", "2001:2::1", "2001:db8::1", "2002::1", "3fff::1", "ff00::1"],
+    "errorCode": "PRIVATE_NETWORK_TARGET_BLOCKED"
+  },
+  "publicSpecialUseExceptionHostname": {
+    "url": "https://public-special-exception.example/dashboard",
+    "resolvedAddresses": ["192.0.0.9", "192.0.0.10", "64:ff9b::1", "2001:1::1", "2001:3::1", "2001:4:112::1", "2001:20::1", "2001:30::1"],
+    "normalizedUrl": "https://public-special-exception.example/dashboard"
+  },
+  "credentialUrl": {
+    "url": "https://user:pass@example.com/dashboard",
+    "errorCode": "INVALID_REQUEST"
+  },
+  "selfTarget": {
+    "url": "http://127.0.0.1:17370/",
+    "errorCode": "BRIDGE_SELF_TARGET_BLOCKED"
+  },
+  "loopbackTarget": {
+    "url": "http://127.0.0.1:3000/",
+    "errorCode": "PRIVATE_NETWORK_TARGET_BLOCKED"
+  }
+}
diff --git a/tests/fixtures/site-experience-fixture.html b/tests/fixtures/site-experience-fixture.html
new file mode 100644
index 00000000..b5b46094
--- /dev/null
+++ b/tests/fixtures/site-experience-fixture.html
@@ -0,0 +1,72 @@
+<!doctype html>
+<html lang="zh-CN">
+  <head>
+    <meta charset="utf-8" />
+    <title>StackPrism Experience Fixture</title>
+    <style>
+      :root {
+        --brand: #2255ff;
+      }
+
+      body {
+        margin: 0;
+        font-family: Inter, system-ui, sans-serif;
+        color: #101828;
+        background: #f7f9fc;
+      }
+
+      header {
+        position: sticky;
+        top: 0;
+        padding: 16px 24px;
+        background: white;
+        box-shadow: 0 4px 18px rgba(16, 24, 40, 0.12);
+      }
+
+      main {
+        padding: 32px;
+      }
+
+      .hero-card {
+        border-radius: 12px;
+        background: white;
+        padding: 24px;
+        transition:
+          transform 160ms ease,
+          box-shadow 160ms ease;
+      }
+
+      .hero-card:hover,
+      .hero-card:focus-within {
+        transform: translateY(-2px);
+      }
+
+      button {
+        border: 0;
+        border-radius: 8px;
+        padding: 10px 16px;
+        background: var(--brand);
+        color: white;
+      }
+    </style>
+  </head>
+  <body>
+    <header>
+      <nav><a href="/app?token=secret">Dashboard</a></nav>
+    </header>
+    <main>
+      <section class="hero-card">
+        <h1>运营概览</h1>
+        <p>联系 user@example.com 或 13800138000，订单 1234567890123，金额 ￥199。</p>
+        <button type="button">支付 ￥199 给 张三</button>
+      </section>
+      <table>
+        <tr>
+          <td><span class="badge">Live</span></td>
+        </tr>
+      </table>
+      <iframe src="https://example.org/embed"></iframe>
+    </main>
+    <footer>StackPrism</footer>
+  </body>
+</html>
diff --git a/tests/format-tech-stack.test.mjs b/tests/format-tech-stack.test.mjs
index d318fe91..5bcc4ca0 100644
--- a/tests/format-tech-stack.test.mjs
+++ b/tests/format-tech-stack.test.mjs
@@ -94,7 +94,10 @@ test('formats detected technologies for humans and AI agents', async () => {
   assert.equal(structured.technologies.length, 4)
   assert.deepEqual(someTech.sources, ['响应头'])
   assert.equal(Object.hasOwn(someTech, 'source'), false)
-  assert.equal(structured.technologies.some(item => item.category === '应被过滤'), false)
+  assert.equal(
+    structured.technologies.some(item => item.category === '应被过滤'),
+    false
+  )
 })
 
 test('keeps empty detection reports readable and structured', async () => {
diff --git a/tests/helpers/agent-bridge-browser-smoke-harness.mjs b/tests/helpers/agent-bridge-browser-smoke-harness.mjs
new file mode 100644
index 00000000..e896260b
--- /dev/null
+++ b/tests/helpers/agent-bridge-browser-smoke-harness.mjs
@@ -0,0 +1,1169 @@
+import { spawn } from 'node:child_process'
+import dns from 'node:dns/promises'
+import { existsSync, readdirSync } from 'node:fs'
+import { readFile, mkdtemp, rm } from 'node:fs/promises'
+import { createServer } from 'node:http'
+import net from 'node:net'
+import { homedir, tmpdir } from 'node:os'
+import { join, resolve } from 'node:path'
+
+const terminalStatuses = new Set(['completed', 'failed', 'cancelled', 'expired'])
+const bridgeSecretPattern = /spbt?_[A-Za-z0-9_-]{20,}|(?:apiToken|bridgeToken)=/i
+
+export const sleep = ms => new Promise(resolveSleep => setTimeout(resolveSleep, ms))
+export const redactText = value => String(value || '').replace(/[A-Za-z0-9_-]{20,}/g, '[redacted]')
+
+export const assert = (condition, message) => {
+  if (!condition) throw new Error(message)
+}
+
+const getJson = async url => (await fetch(url)).json()
+
+const playwrightChromeCandidates = () => {
+  const roots = [
+    {
+      path: join(homedir(), 'Library/Caches/ms-playwright'),
+      executable: 'chrome-mac-x64/Google Chrome for Testing.app/Contents/MacOS/Google Chrome for Testing'
+    },
+    { path: join(homedir(), '.cache/ms-playwright'), executable: 'chrome-linux/chrome' }
+  ]
+  return roots.flatMap(root => {
+    if (!existsSync(root.path)) return []
+    return readdirSync(root.path)
+      .filter(name => name.startsWith('chromium-'))
+      .sort()
+      .reverse()
+      .map(name => join(root.path, name, root.executable))
+  })
+}
+
+const findBrowser = () => {
+  const browser = [process.env.STACKPRISM_BROWSER_SMOKE_CHROME, ...playwrightChromeCandidates()].filter(Boolean).find(existsSync)
+  if (!browser) throw new Error('Chrome for Testing was not found. Set STACKPRISM_BROWSER_SMOKE_CHROME.')
+  return browser
+}
+
+export const connectTarget = async target => {
+  const socket = new WebSocket(target.webSocketDebuggerUrl)
+  await new Promise((resolveOpen, rejectOpen) => {
+    socket.addEventListener('open', resolveOpen, { once: true })
+    socket.addEventListener('error', rejectOpen, { once: true })
+  })
+  let nextId = 0
+  const pending = new Map()
+  let closed = false
+  const rejectPending = reason => {
+    if (closed) return
+    closed = true
+    const error = reason instanceof Error ? reason : new Error(String(reason || 'WebSocket closed'))
+    for (const callbacks of pending.values()) callbacks.reject(error)
+    pending.clear()
+  }
+  socket.addEventListener('message', event => {
+    if (closed) return
+    const message = JSON.parse(event.data)
+    if (!message.id || !pending.has(message.id)) return
+    const callbacks = pending.get(message.id)
+    pending.delete(message.id)
+    if (message.error) callbacks.reject(new Error(JSON.stringify(message.error)))
+    else callbacks.resolve(message.result)
+  })
+  socket.addEventListener('close', () => rejectPending(new Error('WebSocket closed.')))
+  socket.addEventListener('error', event => rejectPending(new Error(`WebSocket error: ${event?.message || 'unknown'}`)))
+  return {
+    send(method, params = {}) {
+      if (closed) return Promise.reject(new Error('WebSocket closed.'))
+      const id = ++nextId
+      socket.send(JSON.stringify({ id, method, params }))
+      return new Promise((resolveSend, rejectSend) => pending.set(id, { resolve: resolveSend, reject: rejectSend }))
+    },
+    close() {
+      rejectPending(new Error('WebSocket closed by harness.'))
+      socket.close()
+    }
+  }
+}
+
+export const createBrowserSmokeHarness = ({ root, dist, cdpPort }) => {
+  const cdpBaseUrl = `http://127.0.0.1:${cdpPort}`
+
+  const waitForProcessExit = child =>
+    !child || child.exitCode !== null || child.signalCode ? Promise.resolve() : new Promise(resolveExit => child.once('exit', resolveExit))
+
+  const stopProcess = async child => {
+    if (!child) return
+    if (child.exitCode === null && !child.killed) child.kill('SIGTERM')
+    await Promise.race([
+      waitForProcessExit(child),
+      sleep(1000).then(() => {
+        if (child.exitCode === null) child.kill('SIGKILL')
+      })
+    ])
+    await Promise.race([waitForProcessExit(child), sleep(1000)])
+  }
+
+  const waitForCdp = async () => {
+    for (let attempt = 0; attempt < 50; attempt += 1) {
+      try {
+        return await getJson(`${cdpBaseUrl}/json/version`)
+      } catch {
+        await sleep(200)
+      }
+    }
+    throw new Error('Chrome DevTools endpoint did not start.')
+  }
+
+  const stackPrismTargets = async () => {
+    const targets = await getJson(`${cdpBaseUrl}/json/list`)
+    return {
+      page: targets.find(target => target.type === 'page'),
+      worker: targets.find(target => target.type === 'service_worker' && target.url.includes('service-worker-loader.js'))
+    }
+  }
+
+  const listTargets = async () => getJson(`${cdpBaseUrl}/json/list`)
+
+  const closeTarget = async targetId => {
+    await fetch(`${cdpBaseUrl}/json/close/${targetId}`)
+  }
+
+  const closePageTarget = async (target, page) => {
+    try {
+      page?.close()
+    } finally {
+      if (target?.id) await closeTarget(target.id).catch(() => {})
+    }
+  }
+
+  const rawHttp = (port, lines) =>
+    new Promise((resolveRaw, rejectRaw) => {
+      const socket = net.createConnection({ host: '127.0.0.1', port: Number(port) })
+      let data = ''
+      socket.on('connect', () => socket.write(lines.join('\r\n')))
+      socket.on('data', chunk => {
+        data += chunk.toString('utf8')
+      })
+      socket.on('error', rejectRaw)
+      socket.on('end', () => resolveRaw(data))
+    })
+
+  const waitForWorker = async () => {
+    let lastTargets = []
+    for (let attempt = 0; attempt < 20; attempt += 1) {
+      const targets = await getJson(`${cdpBaseUrl}/json/list`)
+      lastTargets = targets.map(target => ({ type: target.type, title: target.title, url: target.url }))
+      const worker = targets.find(target => target.type === 'service_worker' && target.url.includes('service-worker-loader.js'))
+      if (worker) return worker
+      await sleep(250)
+    }
+    throw new Error(`StackPrism service worker target was not found. Last targets: ${redactText(JSON.stringify(lastTargets))}`)
+  }
+
+  const waitForNoWorker = async (attempts = 70) => {
+    let lastTargets = []
+    for (let attempt = 0; attempt < attempts; attempt += 1) {
+      const targets = await getJson(`${cdpBaseUrl}/json/list`)
+      lastTargets = targets.map(target => ({ type: target.type, title: target.title, url: target.url }))
+      const worker = targets.find(target => target.type === 'service_worker' && target.url.includes('service-worker-loader.js'))
+      if (!worker) return { attempts: attempt + 1, elapsedMs: attempt * 1000 }
+      await sleep(1000)
+    }
+    throw new Error(`StackPrism service worker target remained active. Last targets: ${redactText(JSON.stringify(lastTargets))}`)
+  }
+
+  const startChrome = async ({ extraArgs = [], profileDir = null } = {}) => {
+    const resolvedProfileDir = profileDir || (await mkdtemp(join(tmpdir(), 'stackprism-browser-smoke-')))
+    const child = spawn(findBrowser(), [
+      `--user-data-dir=${resolvedProfileDir}`,
+      `--remote-debugging-port=${cdpPort}`,
+      `--load-extension=${dist}`,
+      `--disable-extensions-except=${dist}`,
+      '--no-first-run',
+      '--no-default-browser-check',
+      ...extraArgs,
+      'about:blank'
+    ])
+    return { child, profileDir: resolvedProfileDir }
+  }
+
+  const startChromeWithoutExtension = async ({ extraArgs = [] } = {}) => {
+    const profileDir = await mkdtemp(join(tmpdir(), 'stackprism-browser-smoke-no-extension-'))
+    const child = spawn(findBrowser(), [
+      `--user-data-dir=${profileDir}`,
+      `--remote-debugging-port=${cdpPort}`,
+      '--no-first-run',
+      '--no-default-browser-check',
+      ...extraArgs,
+      'about:blank'
+    ])
+    return { child, profileDir }
+  }
+
+  const startBridge = async (options = {}) => {
+    const suppressBrowserOpen = options.noOpen !== false
+    const child = spawn(process.execPath, ['agent-skill/stackprism-site-experience/scripts/stackprism-bridge.mjs'], {
+      cwd: root,
+      env: { ...process.env, ...(suppressBrowserOpen ? { STACKPRISM_BRIDGE_NO_OPEN: '1' } : {}), ...(options.env || {}) },
+      stdio: ['pipe', 'pipe', 'pipe']
+    })
+    let stdout = ''
+    let stderr = ''
+    child.stdout.on('data', chunk => {
+      stdout += chunk.toString()
+    })
+    child.stderr.on('data', chunk => {
+      stderr += chunk.toString()
+    })
+    const stopChild = async () => {
+      await stopProcess(child)
+    }
+    for (let attempt = 0; attempt < 100 && !stdout.includes('\n'); attempt += 1) await sleep(100)
+    if (!stdout.includes('\n')) {
+      await stopChild()
+      throw new Error(`Bridge ready JSON was not printed. stderr=${redactText(stderr)}`)
+    }
+    try {
+      const ready = JSON.parse(stdout.trim().split('\n')[0])
+      let stopped = false
+      const stop = async () => {
+        if (stopped) return
+        stopped = true
+        await stopChild()
+        for (let attempt = 0; attempt < 20; attempt += 1) {
+          try {
+            await fetch(ready.healthUrl, { signal: AbortSignal.timeout(250) })
+          } catch {
+            return
+          }
+          await sleep(100)
+        }
+        throw new Error(`Bridge health endpoint was still reachable after stop: ${ready.healthUrl}`)
+      }
+      return { child, ready, stderr: () => stderr, stop }
+    } catch (error) {
+      await stopChild()
+      throw new Error(`Bridge ready JSON was invalid. stderr=${redactText(stderr)} error=${redactText(error)}`)
+    }
+  }
+
+  const stopBridge = async bridge => {
+    if (!bridge) return
+    if (typeof bridge.stop === 'function') await bridge.stop()
+    else await stopProcess(bridge.child)
+  }
+
+  const setAgentBridgeEnabled = async (worker, enabled) => {
+    await waitForExtensionRuntime(worker)
+    await worker.send('Runtime.evaluate', {
+      expression: `chrome.storage.local.set({stackPrismSettings:{agentBridgeEnabled:${enabled ? 'true' : 'false'}}})`,
+      awaitPromise: true
+    })
+  }
+
+  const waitForExtensionRuntime = async worker => {
+    for (let attempt = 0; attempt < 30; attempt += 1) {
+      const result = await worker.send('Runtime.evaluate', {
+        expression: 'typeof chrome !== "undefined" && Boolean(chrome.runtime) && Boolean(chrome.storage?.local)',
+        returnByValue: true
+      })
+      if (result.result?.value === true) return
+      await sleep(250)
+    }
+    throw new Error('StackPrism extension runtime APIs were not ready in the service worker target.')
+  }
+
+  const createCapture = async (ready, request) => {
+    const body = JSON.stringify({
+      url: request.url,
+      mode: 'experience',
+      waitMs: request.waitMs ?? 0,
+      include: request.include || ['tech', 'visual', 'layout', 'components', 'interaction', 'ux', 'assets'],
+      options: request.options || { allowPrivateNetworkTarget: false }
+    })
+    const response = await fetch(`${ready.baseUrl}/v1/captures`, {
+      method: 'POST',
+      headers: { authorization: `Bearer ${ready.apiToken}`, 'content-type': 'application/json' },
+      body
+    })
+    return { status: response.status, body: await response.json() }
+  }
+
+  const createPrivateTargetBlockedCapture = async (ready, target) => {
+    const targetUrl = typeof target === 'string' ? target : target.url
+    const blocked = await createCapture(ready, {
+      url: targetUrl,
+      options: { allowPrivateNetworkTarget: false, captureScreenshotMetadata: false, keepTabOpen: false, targetMode: 'new_tab' }
+    })
+    const targets = await listTargets()
+    const targetStillVisible = targets.some(targetItem => targetItem.type === 'page' && String(targetItem.url || '').startsWith(targetUrl))
+    return {
+      blocked,
+      requestCount: typeof target.requestCount === 'function' ? target.requestCount() : null,
+      targetStillVisible
+    }
+  }
+
+  const createDnsNonGlobalBlockedCapture = async ready => {
+    const hostname = 'stackprism-browser-smoke.invalid'
+    const targetUrl = `https://${hostname}/dns-policy?token=secret#frag`
+    let resolvedAddresses = []
+    let dnsError = ''
+    try {
+      resolvedAddresses = (await dns.lookup(hostname, { all: true, verbatim: true })).map(item => item.address)
+    } catch (error) {
+      dnsError = error?.code || (error instanceof Error ? error.message : String(error))
+    }
+    const blocked = await createCapture(ready, {
+      url: targetUrl,
+      options: { allowPrivateNetworkTarget: false, captureScreenshotMetadata: false, keepTabOpen: false, targetMode: 'new_tab' }
+    })
+    const targets = await listTargets()
+    const targetStillVisible = targets.some(target => target.type === 'page' && String(target.url || '').startsWith(targetUrl))
+    return { blocked, dnsError, hostname, resolvedAddresses, targetStillVisible }
+  }
+
+  const pollCapture = async (ready, captureId, attempts = 70) => {
+    let lastStatus = null
+    for (let attempt = 0; attempt < attempts; attempt += 1) {
+      await sleep(1000)
+      const response = await fetch(`${ready.baseUrl}/v1/captures/${captureId}`, {
+        headers: { authorization: `Bearer ${ready.apiToken}` }
+      })
+      lastStatus = await response.json()
+      if (terminalStatuses.has(lastStatus.status)) return lastStatus
+    }
+    throw new Error(`Capture ${captureId} did not reach a terminal status. Last status: ${JSON.stringify(lastStatus)}`)
+  }
+
+  const fetchJson = async (url, init) => {
+    const response = await fetch(url, init)
+    const text = await response.text()
+    return { status: response.status, body: text ? JSON.parse(text) : null, text }
+  }
+
+  const newPageTarget = async () => {
+    const response = await fetch(`${cdpBaseUrl}/json/new?about:blank`, { method: 'PUT' })
+    if (!response.ok) throw new Error(`Failed to create CDP page: ${response.status}`)
+    return response.json()
+  }
+
+  const newIncognitoPageTarget = async (url = 'about:blank') => {
+    const version = await waitForCdp()
+    const browser = await connectTarget({ webSocketDebuggerUrl: version.webSocketDebuggerUrl })
+    try {
+      const { browserContextId } = await browser.send('Target.createBrowserContext')
+      const { targetId } = await browser.send('Target.createTarget', { browserContextId, url })
+      for (let attempt = 0; attempt < 30; attempt += 1) {
+        const target = (await listTargets()).find(item => item.id === targetId)
+        if (target?.webSocketDebuggerUrl) return { browserContextId, target }
+        await sleep(100)
+      }
+      throw new Error(`Incognito CDP target ${targetId} was not visible.`)
+    } finally {
+      browser.close()
+    }
+  }
+
+  const disposeBrowserContext = async browserContextId => {
+    if (!browserContextId) return
+    const version = await waitForCdp()
+    const browser = await connectTarget({ webSocketDebuggerUrl: version.webSocketDebuggerUrl })
+    try {
+      await browser.send('Target.disposeBrowserContext', { browserContextId })
+    } finally {
+      browser.close()
+    }
+  }
+
+  const navigateBridgePage = async (target, bridgeUrl) => {
+    const page = await connectTarget(target)
+    await page.send('Page.enable')
+    await page.send('Runtime.enable')
+    await page.send('Page.navigate', { url: bridgeUrl })
+    let serializedHistory = ''
+    for (let attempt = 0; attempt < 20; attempt += 1) {
+      const currentUrl = await page.send('Runtime.evaluate', { expression: 'location.href', returnByValue: true })
+      const navigationHistory = await page.send('Page.getNavigationHistory')
+      serializedHistory = JSON.stringify({
+        currentUrl: currentUrl.result?.value,
+        navigationHistory
+      })
+      if (serializedHistory.includes('/bridge?')) break
+      await sleep(50)
+    }
+    assert(serializedHistory.includes('/bridge?'), `Bridge navigation history did not include bridge URL: ${redactText(serializedHistory)}`)
+    assert(
+      !bridgeSecretPattern.test(serializedHistory),
+      `Bridge navigation history leaked token material: ${redactText(serializedHistory)}`
+    )
+    return page
+  }
+
+  const openBridgePage = async bridgeUrl => {
+    const target = await newPageTarget()
+    const page = await navigateBridgePage(target, bridgeUrl)
+    return { target, page }
+  }
+
+  const openIncognitoBridgePage = async bridgeUrl => {
+    const { browserContextId, target } = await newIncognitoPageTarget()
+    const page = await navigateBridgePage(target, bridgeUrl)
+    const close = async () => {
+      try {
+        await closePageTarget(target, page)
+      } finally {
+        await disposeBrowserContext(browserContextId).catch(() => {})
+      }
+    }
+    return { browserContextId, close, page, target }
+  }
+
+  const probeBridgeIframeBlocking = async bridgeUrl => {
+    let attackerRequestCount = 0
+    const server = createServer((_req, res) => {
+      attackerRequestCount += 1
+      res.writeHead(200, { 'content-type': 'text/html; charset=utf-8', 'cache-control': 'no-store' })
+      res.end(`<!doctype html><html><body><iframe id="bridge-frame" src="${bridgeUrl}"></iframe></body></html>`)
+    })
+    await new Promise(resolveListen => server.listen(0, '127.0.0.1', resolveListen))
+    const { port } = server.address()
+    const attackerUrl = `http://127.0.0.1:${port}/attacker-frame`
+    const target = await newPageTarget()
+    const page = await connectTarget(target)
+    let probe = null
+    try {
+      await page.send('Page.enable')
+      await page.send('Runtime.enable')
+      await page.send('Page.navigate', { url: attackerUrl })
+      for (let attempt = 0; attempt < 20; attempt += 1) {
+        const result = await page.send('Runtime.evaluate', {
+          expression: `(() => {
+            const frame = document.querySelector('#bridge-frame');
+            let frameAccess = 'missing';
+            let frameBodyText = '';
+            let frameHtmlIncludesBridgeToken = false;
+            try {
+              if (frame?.contentDocument) {
+                frameAccess = 'accessible';
+                frameBodyText = frame.contentDocument.body?.innerText || '';
+                frameHtmlIncludesBridgeToken = frame.contentDocument.documentElement?.outerHTML.includes('spbt_') === true;
+              } else {
+                frameAccess = 'not-accessible';
+              }
+            } catch {
+              frameAccess = 'cross-origin-or-blocked';
+            }
+            return JSON.stringify({
+              bodyText: document.body?.innerText || '',
+              frameAccess,
+              frameBodyText,
+              frameCount: window.frames.length,
+              frameSrc: frame?.getAttribute('src') || '',
+              frameHtmlIncludesBridgeToken,
+              outerHtmlIncludesBridgeToken: document.documentElement.outerHTML.includes('spbt_')
+            });
+          })()`,
+          returnByValue: true
+        })
+        probe = JSON.parse(result.result?.value || '{}')
+        if (probe.frameCount > 0) break
+        await sleep(100)
+      }
+      const firstRender = await fetch(bridgeUrl)
+      const firstRenderText = await firstRender.text()
+      return {
+        attackerRequestCount,
+        attackerUrl,
+        firstRenderContainsBridgeToken: firstRenderText.includes('spbt_'),
+        firstRenderStatus: firstRender.status,
+        probe
+      }
+    } finally {
+      await closePageTarget(target, page)
+      server.close()
+    }
+  }
+
+  const disableExtensionFromExtensionsPage = async extensionId => {
+    const safeExtensionId = String(extensionId || '')
+    if (!/^[a-z]{32}$/.test(safeExtensionId)) throw new Error('Extension id was not a Chrome extension id.')
+    const target = await newPageTarget()
+    const page = await connectTarget(target)
+    let lastResult = null
+    const extensionSelector = `extensions-item#${safeExtensionId}`
+    try {
+      await page.send('Page.enable')
+      await page.send('Runtime.enable')
+      await page.send('Page.navigate', { url: `chrome://extensions/?id=${safeExtensionId}` })
+      for (let attempt = 0; attempt < 20; attempt += 1) {
+        await sleep(250)
+        const result = await page.send('Runtime.evaluate', {
+          expression: `(() => {
+            const manager = document.querySelector('extensions-manager');
+            const itemList = manager?.shadowRoot?.querySelector('extensions-item-list');
+            const item = itemList?.shadowRoot?.querySelector(${JSON.stringify(extensionSelector)});
+            const toggle = item?.shadowRoot?.querySelector('#enableToggle');
+            if (!toggle) return JSON.stringify({ found: false, before: null, after: null });
+            const before = Boolean(toggle.checked);
+            if (before) toggle.click();
+            return JSON.stringify({ found: true, before, after: Boolean(toggle.checked) });
+          })()`,
+          returnByValue: true
+        })
+        lastResult = JSON.parse(result.result?.value || '{}')
+        if (lastResult.found && lastResult.before === true && lastResult.after === false) return lastResult
+        if (lastResult.found && lastResult.before === false) return lastResult
+      }
+      return lastResult || { found: false, before: null, after: null }
+    } finally {
+      await closePageTarget(target, page)
+    }
+  }
+
+  const reloadExtensionFromExtensionsPage = async extensionId => {
+    const safeExtensionId = String(extensionId || '')
+    if (!/^[a-z]{32}$/.test(safeExtensionId)) throw new Error('Extension id was not a Chrome extension id.')
+    const target = await newPageTarget()
+    const page = await connectTarget(target)
+    let lastResult = null
+    const extensionSelector = `extensions-item#${safeExtensionId}`
+    try {
+      await page.send('Page.enable')
+      await page.send('Runtime.enable')
+      await page.send('Page.navigate', { url: `chrome://extensions/?id=${safeExtensionId}` })
+      for (let attempt = 0; attempt < 20; attempt += 1) {
+        await sleep(250)
+        const result = await page.send('Runtime.evaluate', {
+          expression: `(() => {
+            const manager = document.querySelector('extensions-manager');
+            const itemList = manager?.shadowRoot?.querySelector('extensions-item-list');
+            const item = itemList?.shadowRoot?.querySelector(${JSON.stringify(extensionSelector)});
+            const reload = item?.shadowRoot?.querySelector('#dev-reload-button');
+            if (!reload) return JSON.stringify({ found: false, clicked: false, disabled: null });
+            const disabled = reload.disabled === true;
+            if (!disabled) reload.click();
+            return JSON.stringify({ found: true, clicked: !disabled, disabled });
+          })()`,
+          returnByValue: true
+        })
+        lastResult = JSON.parse(result.result?.value || '{}')
+        if (lastResult.found && lastResult.clicked) return lastResult
+        if (lastResult.found && lastResult.disabled) return lastResult
+      }
+      return lastResult || { found: false, clicked: false, disabled: null }
+    } finally {
+      await closePageTarget(target, page)
+    }
+  }
+
+  const enableIncognitoFromExtensionsPage = async extensionId => {
+    const safeExtensionId = String(extensionId || '')
+    if (!/^[a-z]{32}$/.test(safeExtensionId)) throw new Error('Extension id was not a Chrome extension id.')
+    const target = await newPageTarget()
+    const page = await connectTarget(target)
+    let lastResult = null
+    const extensionSelector = `extensions-item#${safeExtensionId}`
+    try {
+      await page.send('Page.enable')
+      await page.send('Runtime.enable')
+      await page.send('Page.navigate', { url: `chrome://extensions/?id=${safeExtensionId}` })
+      for (let attempt = 0; attempt < 30; attempt += 1) {
+        await sleep(250)
+        const result = await page.send('Runtime.evaluate', {
+          expression: `(() => {
+            const manager = document.querySelector('extensions-manager');
+            const managerRoot = manager?.shadowRoot;
+            const detailView = managerRoot?.querySelector('extensions-detail-view');
+            if (!detailView) {
+              const itemList = managerRoot?.querySelector('extensions-item-list');
+              const item = itemList?.shadowRoot?.querySelector(${JSON.stringify(extensionSelector)});
+              const detailsButton = item?.shadowRoot?.querySelector('#detailsButton');
+              if (detailsButton) detailsButton.click();
+              return JSON.stringify({ found: false, detailView: false, clickedDetails: Boolean(detailsButton), before: null, after: null, disabled: null });
+            }
+            const row = detailView.shadowRoot?.querySelector('#allow-incognito');
+            const toggle = row?.shadowRoot?.querySelector('cr-toggle') || row?.shadowRoot?.querySelector('#crToggle');
+            if (!row && !toggle) {
+              return JSON.stringify({ found: false, detailView: true, clickedDetails: false, before: null, after: null, disabled: null });
+            }
+            const before = Boolean(row?.checked ?? toggle?.checked);
+            const disabled = Boolean(row?.disabled ?? toggle?.disabled);
+            if (!before && !disabled) (toggle || row).click();
+            const after = Boolean(row?.checked ?? toggle?.checked);
+            const restartText = detailView.shadowRoot?.textContent || '';
+            return JSON.stringify({ found: true, detailView: true, clickedDetails: false, before, after, disabled, restartRequired: /restart|重新启动|重启/i.test(restartText) });
+          })()`,
+          returnByValue: true
+        })
+        lastResult = JSON.parse(result.result?.value || '{}')
+        if (lastResult.found && lastResult.after === true) return lastResult
+        if (lastResult.found && lastResult.disabled) return lastResult
+      }
+      return lastResult || { found: false, before: null, after: null, disabled: null }
+    } finally {
+      await closePageTarget(target, page)
+    }
+  }
+
+  const driveCapture = async (ready, capture) => {
+    const opened = await openBridgePage(capture.body.bridgeUrl)
+    const { page } = opened
+    const finalStatus = await pollCapture(ready, capture.body.id)
+    const profile =
+      finalStatus?.status === 'completed'
+        ? await fetchJson(`${ready.baseUrl}/v1/captures/${capture.body.id}/profile`, {
+            headers: { authorization: `Bearer ${ready.apiToken}` }
+          })
+        : null
+    const dom = await page.send('Runtime.evaluate', {
+      expression:
+        '({ready:document.documentElement.dataset.stackprismAgentBridgeClient||"",error:document.documentElement.dataset.stackprismAgentBridgeError||"",title:document.title})',
+      returnByValue: true
+    })
+    await closePageTarget(opened.target, page)
+    return { finalStatus, profile, dom: dom.result.value }
+  }
+
+  const getExtensionCaptureState = async (worker, captureId) => {
+    const result = await worker.send('Runtime.evaluate', {
+      expression: `chrome.storage.session.get('agent-capture:${captureId}').then(value => JSON.stringify(value['agent-capture:${captureId}'] || null))`,
+      awaitPromise: true,
+      returnByValue: true
+    })
+    return JSON.parse(result.result?.value || 'null')
+  }
+
+  const debugExtensionCaptureState = async (worker, captureId) => {
+    const result = await worker.send('Runtime.evaluate', {
+      expression: `Promise.all([
+        chrome.storage.session.get(null),
+        chrome.tabs.query({})
+      ]).then(([storage, tabs]) => JSON.stringify({
+        captureId: ${JSON.stringify(captureId)},
+        storageKeys: Object.keys(storage).filter(key => key.startsWith('agent-capture:') || key.startsWith('agent-bridge-session:')).sort(),
+        tabUrls: tabs.map(tab => ({id: tab.id, windowId: tab.windowId, url: tab.url, status: tab.status, incognito: tab.incognito}))
+      }))`,
+      awaitPromise: true,
+      returnByValue: true
+    })
+    try {
+      return JSON.parse(result.result?.value || '{}')
+    } catch {
+      return { parseError: true, value: result.result?.value || '' }
+    }
+  }
+
+  const waitForExtensionCaptureState = async (worker, captureId, predicate, attempts = 100) => {
+    for (let attempt = 0; attempt < attempts; attempt += 1) {
+      const state = await getExtensionCaptureState(worker, captureId)
+      if (state && predicate(state)) return state
+      await sleep(100)
+    }
+    const debug = await debugExtensionCaptureState(worker, captureId).catch(error => ({
+      error: error instanceof Error ? error.message : String(error)
+    }))
+    throw new Error(`Extension capture state was not observed for ${captureId}. Debug: ${redactText(JSON.stringify(debug))}`)
+  }
+
+  const removeTab = async (worker, tabId) => {
+    await worker.send('Runtime.evaluate', {
+      expression: `chrome.tabs.remove(${Number(tabId)})`,
+      awaitPromise: true
+    })
+  }
+
+  const updateTabUrl = async (worker, tabId, url) => {
+    const result = await worker.send('Runtime.evaluate', {
+      expression: `chrome.tabs.update(${Number(tabId)}, { url: ${JSON.stringify(url)} }).then(tab => JSON.stringify({ id: tab.id, url: tab.url || '', status: tab.status || '' }))`,
+      awaitPromise: true,
+      returnByValue: true
+    })
+    return JSON.parse(result.result?.value || '{}')
+  }
+
+  const createExtensionTab = async (worker, url, { active = true } = {}) => {
+    const result = await worker.send('Runtime.evaluate', {
+      expression: `chrome.tabs.create({ url: ${JSON.stringify(url)}, active: ${active ? 'true' : 'false'} }).then(tab => JSON.stringify({ id: tab.id, windowId: tab.windowId, url: tab.url || '', active: tab.active === true }))`,
+      awaitPromise: true,
+      returnByValue: true
+    })
+    return JSON.parse(result.result?.value || '{}')
+  }
+
+  const listExtensionTabs = async worker => {
+    const result = await worker.send('Runtime.evaluate', {
+      expression: `chrome.tabs.query({}).then(tabs => JSON.stringify(tabs.map(tab => ({ id: tab.id, windowId: tab.windowId, url: tab.url || '', active: tab.active === true, status: tab.status || '' }))))`,
+      awaitPromise: true,
+      returnByValue: true
+    })
+    return JSON.parse(result.result?.value || '[]')
+  }
+
+  const waitForNoPageTarget = async urlPrefix => {
+    let visibleTargets = []
+    for (let attempt = 0; attempt < 30; attempt += 1) {
+      const targets = await listTargets()
+      visibleTargets = targets.filter(target => target.type === 'page' && String(target.url || '').startsWith(urlPrefix))
+      if (visibleTargets.length === 0) return { targetStillVisible: false, visibleTargets: [] }
+      await sleep(100)
+    }
+    return {
+      targetStillVisible: true,
+      visibleTargets: visibleTargets.map(target => ({ id: target.id, url: target.url }))
+    }
+  }
+
+  const tabExists = async (worker, tabId) => {
+    const result = await worker.send('Runtime.evaluate', {
+      expression: `chrome.tabs.get(${Number(tabId)}).then(() => true).catch(() => false)`,
+      awaitPromise: true,
+      returnByValue: true
+    })
+    return result.result?.value === true
+  }
+
+  const driveCaptureWithClosedTarget = async (ready, worker, capture) => {
+    const opened = await openBridgePage(capture.body.bridgeUrl)
+    const state = await waitForExtensionCaptureState(worker, capture.body.id, value => Number.isInteger(value.targetTabId))
+    await removeTab(worker, state.targetTabId)
+    const finalStatus = await pollCapture(ready, capture.body.id, 20)
+    await closePageTarget(opened.target, opened.page)
+    return { finalStatus, closedTabId: state.targetTabId }
+  }
+
+  const driveCaptureWithClosedBridge = async (ready, worker, capture) => {
+    const target = await newPageTarget()
+    const page = await connectTarget(target)
+    await page.send('Page.enable')
+    await page.send('Runtime.enable')
+    await page.send('Page.navigate', { url: capture.body.bridgeUrl })
+    const state = await waitForExtensionCaptureState(worker, capture.body.id, value => Number.isInteger(value.bridgeTabId))
+    await removeTab(worker, state.bridgeTabId)
+    const finalStatus = await pollCapture(ready, capture.body.id, 20)
+    await closePageTarget(target, page)
+    return { finalStatus, closedTabId: state.bridgeTabId }
+  }
+
+  const driveCaptureWithCancel = async (ready, worker, capture) => {
+    const opened = await openBridgePage(capture.body.bridgeUrl)
+    const state = await waitForExtensionCaptureState(worker, capture.body.id, value => Number.isInteger(value.targetTabId))
+    const cancel = await fetchJson(`${ready.baseUrl}/v1/captures/${capture.body.id}`, {
+      method: 'DELETE',
+      headers: { authorization: `Bearer ${ready.apiToken}` }
+    })
+    const finalStatus = await pollCapture(ready, capture.body.id, 20)
+    const targetStillExists = await tabExists(worker, state.targetTabId)
+    await closePageTarget(opened.target, opened.page)
+    return { cancelStatus: cancel.status, finalStatus, closedTabId: state.targetTabId, targetStillExists }
+  }
+
+  const driveCaptureWithLocalOptInDisabled = async (ready, worker, capture, targetUrlPrefix) => {
+    const opened = await openBridgePage(capture.body.bridgeUrl)
+    try {
+      await waitForExtensionRuntime(worker)
+      const state = await waitForExtensionCaptureState(worker, capture.body.id, value => Number.isInteger(value.targetTabId))
+      await setAgentBridgeEnabled(worker, false)
+      const finalStatus = await pollCapture(ready, capture.body.id, 20)
+      const targets = await listTargets()
+      const targetStillVisible = targets.some(target => target.type === 'page' && String(target.url || '').startsWith(targetUrlPrefix))
+      return { finalStatus, targetTabId: state.targetTabId, targetStillVisible }
+    } finally {
+      await closePageTarget(opened.target, opened.page)
+    }
+  }
+
+  const driveCaptureWithExpiredDeadlineReconciliation = async (ready, worker, capture, targetUrlPrefix) => {
+    const opened = await openBridgePage(capture.body.bridgeUrl)
+    try {
+      await waitForExtensionRuntime(worker)
+      const state = await waitForExtensionCaptureState(
+        worker,
+        capture.body.id,
+        value => Number.isInteger(value.targetTabId) && value.phase === 'target_loaded'
+      )
+      const stateKey = `agent-capture:${capture.body.id}`
+      const mutation = await worker.send('Runtime.evaluate', {
+        expression: `chrome.storage.session.get(${JSON.stringify(stateKey)}).then(stored => {
+          const state = stored[${JSON.stringify(stateKey)}];
+          if (!state) return JSON.stringify({ ok: false, reason: 'missing-state' });
+          state.deadlineAt = Date.now() - 1000;
+          state.updatedAt = Date.now() - 1000;
+          return chrome.storage.session.set({ [${JSON.stringify(stateKey)}]: state })
+            .then(() => chrome.tabs.create({ url: 'about:blank', active: false }))
+            .then(tab => JSON.stringify({ ok: true, triggerTabId: tab.id, targetTabId: state.targetTabId, deadlineAt: state.deadlineAt }));
+        })`,
+        awaitPromise: true,
+        returnByValue: true
+      })
+      const mutated = JSON.parse(mutation.result?.value || '{}')
+      if (!mutated.ok) throw new Error(`Failed to force expired deadline: ${JSON.stringify(mutated)}`)
+      const finalStatus = await pollCapture(ready, capture.body.id, 20)
+      const targets = await listTargets()
+      const targetStillVisible = targets.some(target => target.type === 'page' && String(target.url || '').startsWith(targetUrlPrefix))
+      const triggerStillVisible = targets.some(target => target.type === 'page' && target.id === String(mutated.triggerTabId))
+      return {
+        finalStatus,
+        targetTabId: state.targetTabId,
+        triggerTabId: mutated.triggerTabId,
+        targetStillVisible,
+        triggerStillVisible
+      }
+    } finally {
+      await closePageTarget(opened.target, opened.page)
+    }
+  }
+
+  const driveCaptureWithFinalUrlBlocked = async (ready, capture, targetUrlPrefixes) => {
+    const opened = await openBridgePage(capture.body.bridgeUrl)
+    try {
+      const prefixes = Array.isArray(targetUrlPrefixes) ? targetUrlPrefixes : [targetUrlPrefixes]
+      const finalStatus = await pollCapture(ready, capture.body.id, 20)
+      const targets = await listTargets()
+      const targetStillVisible = targets.some(
+        target => target.type === 'page' && prefixes.some(prefix => String(target.url || '').startsWith(String(prefix || '')))
+      )
+      return { finalStatus, targetStillVisible }
+    } finally {
+      await closePageTarget(opened.target, opened.page)
+    }
+  }
+
+  const driveCaptureWithTargetNavigationAway = async (ready, worker, capture, awayUrl, targetUrlPrefix) => {
+    const opened = await openBridgePage(capture.body.bridgeUrl)
+    try {
+      await waitForExtensionRuntime(worker)
+      const state = await waitForExtensionCaptureState(
+        worker,
+        capture.body.id,
+        value => Number.isInteger(value.targetTabId) && typeof value.finalUrl === 'string' && value.finalUrl.length > 0
+      )
+      const navigated = await updateTabUrl(worker, state.targetTabId, awayUrl)
+      const finalStatus = await pollCapture(ready, capture.body.id, 20)
+      const profile = await fetchJson(`${ready.baseUrl}/v1/captures/${capture.body.id}/profile`, {
+        headers: { authorization: `Bearer ${ready.apiToken}` }
+      })
+      const targets = await listTargets()
+      const targetStillVisible = targets.some(target => target.type === 'page' && String(target.url || '').startsWith(targetUrlPrefix))
+      if (targetStillVisible) await removeTab(worker, state.targetTabId).catch(() => {})
+      return {
+        finalStatus,
+        originalFinalUrl: state.finalUrl,
+        profileStatus: profile.status,
+        requestedAwayUrl: awayUrl,
+        targetTabId: state.targetTabId,
+        targetStillVisible,
+        updateResultUrl: navigated.url || ''
+      }
+    } finally {
+      await closePageTarget(opened.target, opened.page)
+    }
+  }
+
+  const driveCaptureWithTargetTerminalFailure = async (ready, worker, capture, attempts = 20) => {
+    const opened = await openBridgePage(capture.body.bridgeUrl)
+    try {
+      await waitForExtensionRuntime(worker)
+      const state = await waitForExtensionCaptureState(worker, capture.body.id, value => Number.isInteger(value.targetTabId))
+      const finalStatus = await pollCapture(ready, capture.body.id, attempts)
+      const profile = await fetchJson(`${ready.baseUrl}/v1/captures/${capture.body.id}/profile`, {
+        headers: { authorization: `Bearer ${ready.apiToken}` }
+      })
+      const targetStillExists = await tabExists(worker, state.targetTabId)
+      if (targetStillExists) await removeTab(worker, state.targetTabId).catch(() => {})
+      return {
+        finalStatus,
+        profileStatus: profile.status,
+        targetTabId: state.targetTabId,
+        targetStillExists
+      }
+    } finally {
+      await closePageTarget(opened.target, opened.page)
+    }
+  }
+
+  const driveCaptureWithTargetLoadFailure = async (ready, worker, capture) =>
+    driveCaptureWithTargetTerminalFailure(ready, worker, capture, 20)
+
+  const driveCaptureWithTargetLoadTimeout = async (ready, worker, capture) =>
+    driveCaptureWithTargetTerminalFailure(ready, worker, capture, 80)
+
+  const driveCaptureWithExtensionReload = async (ready, capture, targetUrlPrefix) => {
+    const opened = await openBridgePage(capture.body.bridgeUrl)
+    let worker
+    try {
+      const workerTarget = await waitForWorker()
+      worker = await connectTarget(workerTarget)
+      await worker.send('Runtime.enable')
+      await waitForExtensionRuntime(worker)
+      const state = await waitForExtensionCaptureState(worker, capture.body.id, value => Number.isInteger(value.targetTabId))
+      let reloadError = null
+      try {
+        await worker.send('Runtime.evaluate', { expression: 'chrome.runtime.reload()', awaitPromise: false })
+      } catch (error) {
+        reloadError = redactText(error?.message || error)
+      }
+      const finalStatus = await pollCapture(ready, capture.body.id, 80)
+      const targets = await listTargets()
+      const targetStillVisible = targets.some(target => target.type === 'page' && String(target.url || '').startsWith(targetUrlPrefix))
+      return { finalStatus, reloadError, targetTabId: state.targetTabId, targetStillVisible }
+    } finally {
+      worker?.close()
+      await closePageTarget(opened.target, opened.page)
+    }
+  }
+
+  const driveCaptureWithClearedStorageSessionAndReload = async (ready, worker, capture, targetUrlPrefix) => {
+    const opened = await openBridgePage(capture.body.bridgeUrl)
+    try {
+      await waitForExtensionRuntime(worker)
+      const state = await waitForExtensionCaptureState(worker, capture.body.id, value => Number.isInteger(value.targetTabId))
+      await worker.send('Runtime.evaluate', {
+        expression: 'chrome.storage.session.clear().then(() => chrome.runtime.reload())',
+        awaitPromise: false
+      })
+      const finalStatus = await pollCapture(ready, capture.body.id, 80)
+      const targets = await listTargets()
+      const targetStillVisible = targets.some(target => target.type === 'page' && String(target.url || '').startsWith(targetUrlPrefix))
+      return { finalStatus, targetTabId: state.targetTabId, targetStillVisible }
+    } finally {
+      await closePageTarget(opened.target, opened.page)
+    }
+  }
+
+  const driveCaptureWithServiceWorkerTargetClose = async (ready, capture, targetUrlPrefix) => {
+    const opened = await openBridgePage(capture.body.bridgeUrl)
+    let worker
+    try {
+      const workerTarget = await waitForWorker()
+      worker = await connectTarget(workerTarget)
+      await worker.send('Runtime.enable')
+      await waitForExtensionRuntime(worker)
+      const state = await waitForExtensionCaptureState(worker, capture.body.id, value => Number.isInteger(value.targetTabId))
+      await closeTarget(workerTarget.id)
+      const finalStatus = await pollCapture(ready, capture.body.id, 80)
+      const targets = await listTargets()
+      const targetStillVisible = targets.some(target => target.type === 'page' && String(target.url || '').startsWith(targetUrlPrefix))
+      return { finalStatus, targetTabId: state.targetTabId, workerTargetId: workerTarget.id, targetStillVisible }
+    } finally {
+      worker?.close()
+      await closePageTarget(opened.target, opened.page)
+    }
+  }
+
+  const startFixtureServer = async () => {
+    const html = await readFile(resolve(root, 'tests/fixtures/site-experience-fixture.html'), 'utf8')
+    const server = createServer((_req, res) => {
+      res.writeHead(200, { 'content-type': 'text/html; charset=utf-8', 'cache-control': 'no-store' })
+      res.end(html)
+    })
+    await new Promise(resolveListen => server.listen(0, '127.0.0.1', resolveListen))
+    const { port } = server.address()
+    return { server, url: `http://127.0.0.1:${port}/fixture?token=secret#frag` }
+  }
+
+  const startProbeServer = async () => {
+    let requestCount = 0
+    const server = createServer((_req, res) => {
+      requestCount += 1
+      res.writeHead(200, { 'content-type': 'text/html; charset=utf-8', 'cache-control': 'no-store' })
+      res.end('<!doctype html><title>StackPrism probe</title><main>probe</main>')
+    })
+    await new Promise(resolveListen => server.listen(0, '127.0.0.1', resolveListen))
+    const { port } = server.address()
+    return { server, url: `http://127.0.0.1:${port}/probe?token=secret#frag`, requestCount: () => requestCount }
+  }
+
+  const startBridgeSelfRedirectServer = async bridgeBaseUrl => {
+    let requestCount = 0
+    const finalUrlPrefix = `${bridgeBaseUrl}/redirected-final-target`
+    const server = createServer((_req, res) => {
+      requestCount += 1
+      res.writeHead(302, { location: `${finalUrlPrefix}?token=secret#frag`, 'cache-control': 'no-store' })
+      res.end()
+    })
+    await new Promise(resolveListen => server.listen(0, '127.0.0.1', resolveListen))
+    const { port } = server.address()
+    return {
+      finalUrlPrefix,
+      requestCount: () => requestCount,
+      server,
+      url: `http://127.0.0.1:${port}/redirect-to-bridge?token=secret#frag`
+    }
+  }
+
+  const startPrivateFinalProxyServer = async () => {
+    let proxyRequestCount = 0
+    let privateRequestCount = 0
+    const privateServer = createServer((_req, res) => {
+      privateRequestCount += 1
+      res.writeHead(200, { 'content-type': 'text/html; charset=utf-8', 'cache-control': 'no-store' })
+      res.end('<!doctype html><title>Private final target</title><main>private final</main>')
+    })
+    await new Promise(resolveListen => privateServer.listen(0, '127.0.0.1', resolveListen))
+    const privatePort = privateServer.address().port
+    const finalUrlPrefix = `http://127.0.0.1:${privatePort}/private-final`
+
+    const proxyServer = createServer((_req, res) => {
+      proxyRequestCount += 1
+      res.writeHead(302, { location: `${finalUrlPrefix}?token=secret#frag`, 'cache-control': 'no-store' })
+      res.end()
+    })
+    await new Promise(resolveListen => proxyServer.listen(0, '127.0.0.1', resolveListen))
+    const proxyPort = proxyServer.address().port
+    return {
+      finalUrlPrefix,
+      privateRequestCount: () => privateRequestCount,
+      privateServer,
+      proxyRequestCount: () => proxyRequestCount,
+      proxyServer,
+      proxyUrl: `http://127.0.0.1:${proxyPort}`,
+      url: 'http://93.184.216.34:18080/redirect-private-final?token=secret#frag'
+    }
+  }
+
+  const startDnsFinalProxyServer = async ({ finalHostname }) => {
+    let proxyRequestCount = 0
+    let finalRequestCount = 0
+    const finalUrlPrefix = `http://${finalHostname}/dns-final`
+    const proxyServer = createServer((req, res) => {
+      proxyRequestCount += 1
+      if (String(req.url || '').includes('/dns-final')) {
+        finalRequestCount += 1
+        res.writeHead(200, { 'content-type': 'text/html; charset=utf-8', 'cache-control': 'no-store' })
+        res.end('<!doctype html><title>DNS final target</title><main>dns final</main>')
+        return
+      }
+      res.writeHead(302, { location: `${finalUrlPrefix}?token=secret#frag`, 'cache-control': 'no-store' })
+      res.end()
+    })
+    await new Promise(resolveListen => proxyServer.listen(0, '127.0.0.1', resolveListen))
+    const proxyPort = proxyServer.address().port
+    return {
+      finalRequestCount: () => finalRequestCount,
+      finalUrlPrefix,
+      hostname: finalHostname,
+      proxyRequestCount: () => proxyRequestCount,
+      proxyServer,
+      proxyUrl: `http://127.0.0.1:${proxyPort}`,
+      url: 'http://93.184.216.34:18081/redirect-dns-final?token=secret#frag'
+    }
+  }
+
+  const startSlowFixtureServer = async (delayMs = 10000) => {
+    const html = await readFile(resolve(root, 'tests/fixtures/site-experience-fixture.html'), 'utf8')
+    const server = createServer((_req, res) => {
+      setTimeout(() => {
+        res.writeHead(200, { 'content-type': 'text/html; charset=utf-8', 'cache-control': 'no-store' })
+        res.end(html)
+      }, delayMs)
+    })
+    await new Promise(resolveListen => server.listen(0, '127.0.0.1', resolveListen))
+    const { port } = server.address()
+    return { server, url: `http://127.0.0.1:${port}/slow-fixture?token=secret#frag` }
+  }
+
+  const startLoadFailureServer = async (delayMs = 1000) => {
+    let requestCount = 0
+    const server = createServer((req, _res) => {
+      requestCount += 1
+      setTimeout(() => {
+        req.socket.destroy()
+      }, delayMs)
+    })
+    await new Promise(resolveListen => server.listen(0, '127.0.0.1', resolveListen))
+    const { port } = server.address()
+    return {
+      requestCount: () => requestCount,
+      server,
+      url: `http://127.0.0.1:${port}/target-load-failed?token=secret#frag`
+    }
+  }
+
+  const startLargeProfileFixtureServer = async () => {
+    const longPath = 'asset-'.repeat(1800)
+    const images = Array.from(
+      { length: 36 },
+      (_item, index) =>
+        `<img loading="lazy" style="display:none" alt="large asset ${index}" src="/large-assets/${index}-${longPath}.png?token=secret#frag" />`
+    ).join('\n')
+    const html = `<!doctype html><html><head><meta charset="utf-8"><title>Large StackPrism Fixture</title></head><body><main><h1>Large profile fixture</h1>${images}</main></body></html>`
+    const server = createServer((req, res) => {
+      if (req.url?.startsWith('/large-assets/')) {
+        res.writeHead(204, { 'cache-control': 'no-store' })
+        res.end()
+        return
+      }
+      res.writeHead(200, { 'content-type': 'text/html; charset=utf-8', 'cache-control': 'no-store' })
+      res.end(html)
+    })
+    await new Promise(resolveListen => server.listen(0, '127.0.0.1', resolveListen))
+    const { port } = server.address()
+    return { server, url: `http://127.0.0.1:${port}/large-fixture?token=secret#frag` }
+  }
+
+  const cleanupChrome = async chrome => {
+    await stopProcess(chrome?.child)
+    await rm(chrome.profileDir, { recursive: true, force: true })
+  }
+
+  const stopChrome = async chrome => {
+    await stopProcess(chrome?.child)
+  }
+
+  return {
+    cleanupChrome,
+    closeTarget,
+    connectTarget,
+    createCapture,
+    createDnsNonGlobalBlockedCapture,
+    createExtensionTab,
+    createPrivateTargetBlockedCapture,
+    disableExtensionFromExtensionsPage,
+    disposeBrowserContext,
+    driveCapture,
+    driveCaptureWithCancel,
+    driveCaptureWithClosedBridge,
+    driveCaptureWithClearedStorageSessionAndReload,
+    driveCaptureWithExtensionReload,
+    driveCaptureWithExpiredDeadlineReconciliation,
+    driveCaptureWithFinalUrlBlocked,
+    driveCaptureWithLocalOptInDisabled,
+    driveCaptureWithTargetLoadFailure,
+    driveCaptureWithTargetLoadTimeout,
+    driveCaptureWithTargetNavigationAway,
+    driveCaptureWithServiceWorkerTargetClose,
+    driveCaptureWithClosedTarget,
+    enableIncognitoFromExtensionsPage,
+    fetchJson,
+    getExtensionCaptureState,
+    listExtensionTabs,
+    listTargets,
+    openBridgePage,
+    openIncognitoBridgePage,
+    pollCapture,
+    probeBridgeIframeBlocking,
+    rawHttp,
+    reloadExtensionFromExtensionsPage,
+    removeTab,
+    setAgentBridgeEnabled,
+    startBridge,
+    startChrome,
+    startDnsFinalProxyServer,
+    startFixtureServer,
+    startBridgeSelfRedirectServer,
+    startPrivateFinalProxyServer,
+    startChromeWithoutExtension,
+    startLargeProfileFixtureServer,
+    startLoadFailureServer,
+    startProbeServer,
+    startSlowFixtureServer,
+    stopChrome,
+    waitForCdp,
+    waitForExtensionCaptureState,
+    waitForExtensionRuntime,
+    waitForNoWorker,
+    waitForNoPageTarget,
+    stopBridge,
+    waitForWorker
+  }
+}
diff --git a/tests/helpers/load-ts-module.mjs b/tests/helpers/load-ts-module.mjs
new file mode 100644
index 00000000..868192ee
--- /dev/null
+++ b/tests/helpers/load-ts-module.mjs
@@ -0,0 +1,97 @@
+import { mkdtemp, readFile } from 'node:fs/promises'
+import { tmpdir } from 'node:os'
+import path from 'node:path'
+import { pathToFileURL } from 'node:url'
+import ts from 'typescript'
+
+const projectRoot = path.resolve(new URL('../..', import.meta.url).pathname)
+let rootPromise = mkdtemp(path.join(tmpdir(), 'stackprism-ts-test-'))
+let compiled = new Map()
+let imported = new Map()
+
+const ensureTsPath = specifierPath => {
+  if (specifierPath.endsWith('.ts')) return specifierPath
+  return `${specifierPath}.ts`
+}
+
+const toRelativeImport = (fromFile, toFile) => {
+  const relative = path.relative(path.dirname(fromFile), toFile).replaceAll(path.sep, '/')
+  return relative.startsWith('.') ? relative : `./${relative}`
+}
+
+export const resetLoadTsModuleCaches = () => {
+  rootPromise = mkdtemp(path.join(tmpdir(), 'stackprism-ts-test-'))
+  compiled = new Map()
+  imported = new Map()
+}
+
+export const loadTsModule = async modulePath => {
+  const root = await rootPromise
+
+  const resolveProjectSpecifier = (specifier, fromSourceFile) => {
+    if (specifier.startsWith('@/')) {
+      return ensureTsPath(path.join(projectRoot, 'src', specifier.slice(2)))
+    }
+    if (specifier.startsWith('.')) {
+      return ensureTsPath(path.resolve(path.dirname(fromSourceFile), specifier))
+    }
+    return null
+  }
+
+  const compileFile = async sourceFile => {
+    const absoluteSource = path.resolve(projectRoot, sourceFile)
+    if (compiled.has(absoluteSource)) return compiled.get(absoluteSource)
+
+    const compilePromise = (async () => {
+      const relativeSource = path.relative(projectRoot, absoluteSource)
+      const outputFile = path.join(root, relativeSource).replace(/\.ts$/, '.mjs')
+
+      const source = await readFile(absoluteSource, 'utf8')
+      const rewriteSpecifier = async specifier => {
+        const dependency = resolveProjectSpecifier(specifier, absoluteSource)
+        if (!dependency) return specifier
+        return toRelativeImport(outputFile, await compileFile(dependency))
+      }
+
+      let rewritten = source
+      const replacements = []
+      const collect = regex => {
+        for (const match of source.matchAll(regex)) {
+          replacements.push({
+            start: match.index + match[1].length,
+            end: match.index + match[0].length - match[3].length,
+            specifier: match[2]
+          })
+        }
+      }
+      collect(/(\bfrom\s+['"])([^'"]+)(['"])/g)
+      collect(/(\bimport\s+['"])([^'"]+)(['"])/g)
+
+      for (const replacement of replacements.reverse()) {
+        const nextSpecifier = await rewriteSpecifier(replacement.specifier)
+        rewritten = `${rewritten.slice(0, replacement.start)}${nextSpecifier}${rewritten.slice(replacement.end)}`
+      }
+
+      const { outputText } = ts.transpileModule(rewritten, {
+        compilerOptions: {
+          module: ts.ModuleKind.ES2022,
+          target: ts.ScriptTarget.ES2022
+        },
+        fileName: absoluteSource
+      })
+
+      await import('node:fs/promises').then(fs => fs.mkdir(path.dirname(outputFile), { recursive: true }))
+      await import('node:fs/promises').then(fs => fs.writeFile(outputFile, outputText, 'utf8'))
+      return outputFile
+    })()
+
+    compiled.set(absoluteSource, compilePromise)
+    return compilePromise
+  }
+
+  const outputFile = await compileFile(modulePath)
+  if (!imported.has(outputFile)) {
+    imported.set(outputFile, import(pathToFileURL(outputFile).href))
+  }
+  return imported.get(outputFile)
+}
diff --git a/tests/release-workflow.test.mjs b/tests/release-workflow.test.mjs
new file mode 100644
index 00000000..ee52a244
--- /dev/null
+++ b/tests/release-workflow.test.mjs
@@ -0,0 +1,448 @@
+import assert from 'node:assert/strict'
+import { spawnSync } from 'node:child_process'
+import { mkdtemp, mkdir, readFile, rm, stat, writeFile } from 'node:fs/promises'
+import { tmpdir } from 'node:os'
+import { join } from 'node:path'
+import { test } from 'node:test'
+import { packageFirefox } from '../build-scripts/package-firefox.mjs'
+
+const workflowSource = await readFile(new URL('../.github/workflows/release-extension.yml', import.meta.url), 'utf8')
+const normalizedWorkflowSource = workflowSource.replaceAll('\\/', '/')
+const hygieneScript = extractReleaseHygieneScript(workflowSource)
+const disclosureGateScript = extractNamedNodeScript(workflowSource, '校验 Agent Bridge 发布披露确认')
+
+function extractReleaseHygieneScript(source) {
+  const match = source.match(/node --input-type=module <<'NODE'\n(?<script>[\s\S]*?)\n\s+NODE/)
+  assert.ok(match?.groups?.script, 'release workflow must contain inline dist hygiene script')
+  return match.groups.script.replace(/^ {10}/gm, '')
+}
+
+function extractNamedNodeScript(source, stepName) {
+  const escapedStepName = stepName.replace(/[.*+?^${}()|[\]\\]/g, '\\$&')
+  const match = source.match(
+    new RegExp(`- name: ${escapedStepName}[\\s\\S]*?node --input-type=module <<'NODE'\\n(?<script>[\\s\\S]*?)\\n\\s+NODE`)
+  )
+  assert.ok(match?.groups?.script, `release workflow must contain ${stepName} inline script`)
+  return match.groups.script.replace(/^ {10}/gm, '')
+}
+
+async function withDist(files, testFn) {
+  const cwd = await mkdtemp(join(tmpdir(), 'stackprism-release-workflow-'))
+
+  try {
+    for (const [file, content] of Object.entries(files)) {
+      const fullPath = join(cwd, file)
+      await mkdir(join(fullPath, '..'), { recursive: true })
+      await writeFile(fullPath, content)
+    }
+
+    return await testFn(cwd)
+  } finally {
+    await rm(cwd, { recursive: true, force: true })
+  }
+}
+
+function runHygieneScript(cwd) {
+  return spawnSync(process.execPath, ['--input-type=module'], {
+    cwd,
+    input: hygieneScript,
+    encoding: 'utf8'
+  })
+}
+
+function runDisclosureGateScript(cwd, env = {}) {
+  return spawnSync(process.execPath, ['--input-type=module'], {
+    cwd,
+    env: { ...process.env, ...env },
+    input: disclosureGateScript,
+    encoding: 'utf8'
+  })
+}
+
+function manifest(overrides = {}) {
+  return JSON.stringify(
+    {
+      manifest_version: 3,
+      name: 'StackPrism',
+      version: '1.3.71',
+      web_accessible_resources: [],
+      ...overrides
+    },
+    null,
+    2
+  )
+}
+
+function agentBridgeManifest(overrides = {}) {
+  return manifest({
+    content_scripts: [
+      {
+        js: ['assets/agent-bridge-client.ts-loader.js'],
+        matches: ['http://127.0.0.1/*'],
+        run_at: 'document_idle'
+      }
+    ],
+    web_accessible_resources: [
+      {
+        resources: ['assets/agent-bridge.js'],
+        matches: ['http://127.0.0.1/*']
+      }
+    ],
+    ...overrides
+  })
+}
+
+async function withFirefoxDist(files, testFn) {
+  const cwd = await mkdtemp(join(tmpdir(), 'stackprism-firefox-package-'))
+
+  try {
+    await withFiles(cwd, files)
+    return await testFn(cwd)
+  } finally {
+    await rm(cwd, { recursive: true, force: true })
+  }
+}
+
+async function withFiles(cwd, files) {
+  for (const [file, content] of Object.entries(files)) {
+    const fullPath = join(cwd, file)
+    await mkdir(join(fullPath, '..'), { recursive: true })
+    await writeFile(fullPath, content)
+  }
+}
+
+test('release workflow rejects agent bridge helper source files from dist artifacts', () => {
+  const requiredArtifacts = [
+    'agent-skill',
+    'docs/superpowers',
+    'tests',
+    '__pycache__',
+    'stackprism-bridge\\.mjs',
+    'stackprism_bridge\\.py',
+    'capture-site\\.mjs',
+    'capture-site-args\\.mjs',
+    'capture-runtime\\.mjs',
+    'capture-screenshot-artifact\\.mjs',
+    'capture-store\\.mjs',
+    'http-handlers\\.mjs',
+    'http-server\\.mjs',
+    'open-browser\\.mjs',
+    'protocol\\.mjs',
+    'security\\.mjs',
+    'url-policy\\.mjs'
+  ]
+
+  for (const artifact of requiredArtifacts) {
+    assert.match(normalizedWorkflowSource, new RegExp(artifact), `missing dist hygiene check for ${artifact}`)
+  }
+})
+
+test('release workflow runs required gates before packaging artifacts', () => {
+  const requiredOrder = [
+    /^ {8}run: pnpm run lint$/m,
+    /^ {8}run: pnpm run build:injected$/m,
+    /^ {8}run: pnpm run test:unit$/m,
+    /^ {8}run: pnpm run typecheck$/m,
+    /^ {8}run: pnpm run docs:build$/m,
+    /^ {8}run: pnpm run build$/m,
+    /^ {6}- name: 校验发布产物边界$/m,
+    /^ {6}- name: 校验 Agent Bridge 发布披露确认$/m,
+    /^ {6}- name: 打包 zip$/m
+  ]
+  let previousIndex = -1
+
+  for (const pattern of requiredOrder) {
+    const match = normalizedWorkflowSource.match(pattern)
+    assert.ok(match, `missing release gate: ${pattern}`)
+    assert.ok(match.index > previousIndex, `release gate out of order: ${pattern}`)
+    previousIndex = match.index
+  }
+})
+
+test('firefox package manifest omits reserved data collection permissions', async () => {
+  await withFirefoxDist(
+    {
+      'dist/manifest.json': manifest({
+        background: { service_worker: 'service-worker-loader.js' },
+        web_accessible_resources: [
+          {
+            resources: ['rules/*', 'tech-links.json'],
+            matches: ['http://*/*', 'https://*/*'],
+            use_dynamic_url: false
+          }
+        ]
+      }),
+      'dist/service-worker-loader.js': "import './assets/background-entry.js'",
+      'dist/assets/background-entry.js': 'chrome.runtime.onInstalled.addListener(() => {})',
+      'dist/assets/my-security.mjs': 'export {}',
+      'dist/injected/experience-profiler.iife.js': 'void 0'
+    },
+    async cwd => {
+      const result = await packageFirefox({ root: cwd, logger: { log() {} } })
+      const manifestJson = JSON.parse(await readFile(result.manifestPath, 'utf8'))
+
+      assert.deepEqual(manifestJson.background, { scripts: ['background.js'] })
+      assert.deepEqual(manifestJson.web_accessible_resources, [
+        {
+          resources: ['rules/*', 'tech-links.json'],
+          matches: ['http://*/*', 'https://*/*']
+        }
+      ])
+      assert.deepEqual(manifestJson.browser_specific_settings, {
+        gecko: {
+          id: 'stackprism@setube.github.io',
+          strict_min_version: '128.0'
+        }
+      })
+      assert.equal('data_collection_permissions' in manifestJson.browser_specific_settings.gecko, false)
+      assert.equal('use_dynamic_url' in manifestJson.web_accessible_resources[0], false)
+      assert.doesNotMatch(JSON.stringify(manifestJson), /data_collection_permissions/)
+      assert.doesNotMatch(JSON.stringify(manifestJson), /use_dynamic_url/)
+      assert.doesNotMatch(JSON.stringify(manifestJson.web_accessible_resources), /experience-profiler/)
+      assert.ok((await stat(join(cwd, 'dist-firefox/background.js'))).isFile())
+      assert.ok((await stat(join(cwd, 'dist-firefox/assets/my-security.mjs'))).isFile())
+      assert.ok((await stat(join(cwd, 'dist-firefox/injected/experience-profiler.iife.js'))).isFile())
+      assert.ok((await stat(join(cwd, 'release/stackprism-v1.3.71.xpi'))).isFile())
+    }
+  )
+})
+
+test('firefox package bundles content script loaders into plain scripts', async () => {
+  await withFirefoxDist(
+    {
+      'dist/manifest.json': manifest({
+        background: { service_worker: 'service-worker-loader.js' },
+        content_scripts: [
+          {
+            js: ['assets/content-observer.ts-loader-unit.js'],
+            matches: ['http://*/*', 'https://*/*'],
+            run_at: 'document_idle'
+          },
+          {
+            js: ['assets/agent-bridge-client.ts-loader-unit.js'],
+            matches: ['http://127.0.0.1/*'],
+            run_at: 'document_idle'
+          }
+        ]
+      }),
+      'dist/service-worker-loader.js': "import './assets/background-entry.js'",
+      'dist/assets/background-entry.js': 'chrome.runtime.onInstalled.addListener(() => {})',
+      'dist/assets/content-observer.ts-loader-unit.js':
+        'const injectTime = performance.now(); (async () => { const { onExecute } = await import(chrome.runtime.getURL("assets/content-observer.ts-unit.js")); onExecute?.({ perf: { injectTime } }); })();',
+      'dist/assets/agent-bridge-client.ts-loader-unit.js':
+        'const injectTime = performance.now(); (async () => { const { onExecute } = await import(chrome.runtime.getURL("assets/agent-bridge-client.ts-unit.js")); onExecute?.({ perf: { injectTime } }); })();',
+      'dist/assets/content-observer.ts-unit.js': 'window.__stackprismObserverLoaded = true; export const onExecute = () => {}',
+      'dist/assets/agent-bridge-client.ts-unit.js': 'window.__stackprismBridgeClientLoaded = true; export const onExecute = () => {}'
+    },
+    async cwd => {
+      const result = await packageFirefox({ root: cwd, logger: { log() {} } })
+      const manifestJson = JSON.parse(await readFile(result.manifestPath, 'utf8'))
+      const scripts = manifestJson.content_scripts.flatMap(script => script.js)
+
+      assert.deepEqual(scripts, ['firefox/content-observer.js', 'firefox/agent-bridge-client.js'])
+      assert.equal(
+        scripts.some(file => /loader/i.test(file)),
+        false
+      )
+
+      for (const file of scripts) {
+        const bundled = await readFile(join(cwd, 'dist-firefox', file), 'utf8')
+        assert.doesNotMatch(bundled, /chrome\.runtime\.getURL/)
+        assert.doesNotMatch(bundled, /await\s+import/)
+      }
+    }
+  )
+})
+
+test('firefox package rejects agent-only files before writing xpi', async () => {
+  await withFirefoxDist(
+    {
+      'dist/manifest.json': manifest({
+        background: { service_worker: 'service-worker-loader.js' }
+      }),
+      'dist/service-worker-loader.js': "import './assets/background-entry.js'",
+      'dist/assets/background-entry.js': 'chrome.runtime.onInstalled.addListener(() => {})',
+      'dist/assets/http-server.mjs': 'export {}'
+    },
+    async cwd => {
+      await assert.rejects(
+        () => packageFirefox({ root: cwd, logger: { log() {} } }),
+        /Firefox artifact hygiene failed:[\s\S]*dist-firefox contains agent-only or test artifact: assets\/http-server\.mjs/
+      )
+      await assert.rejects(stat(join(cwd, 'release/stackprism-v1.3.71.xpi')))
+    }
+  )
+})
+
+test('firefox package rejects web accessible agent-only resources', async () => {
+  await withFirefoxDist(
+    {
+      'dist/manifest.json': manifest({
+        background: { service_worker: 'service-worker-loader.js' },
+        web_accessible_resources: [
+          {
+            resources: ['injected/experience-profiler.iife.js', 'assets/security.mjs'],
+            matches: ['http://127.0.0.1/*']
+          }
+        ]
+      }),
+      'dist/service-worker-loader.js': "import './assets/background-entry.js'",
+      'dist/assets/background-entry.js': 'chrome.runtime.onInstalled.addListener(() => {})'
+    },
+    async cwd => {
+      await assert.rejects(
+        () => packageFirefox({ root: cwd, logger: { log() {} } }),
+        /Firefox artifact hygiene failed:[\s\S]*web_accessible_resources exposes agent-only path: injected\/experience-profiler\.iife\.js[\s\S]*web_accessible_resources exposes agent-only path: assets\/security\.mjs/
+      )
+      await assert.rejects(stat(join(cwd, 'release/stackprism-v1.3.71.xpi')))
+    }
+  )
+})
+
+test('release workflow requires Agent Bridge disclosure confirmation before packaging', () => {
+  assert.match(normalizedWorkflowSource, /agent_bridge_disclosure_confirmed/)
+  assert.match(normalizedWorkflowSource, /Agent Bridge disclosure confirmed/)
+  assert.match(normalizedWorkflowSource, /Chrome Web Store \/ Edge Add-ons \/ Firefox Add-ons privacy disclosure/)
+})
+
+test('release workflow dist hygiene script passes a clean dist artifact', async () => {
+  await withDist(
+    {
+      'dist/manifest.json': manifest(),
+      'dist/assets/agent-bridge-client.ts-DEPRr4GS.js': 'export {}',
+      'dist/assets/my-security.mjs': 'export {}',
+      'dist/injected/page-detector.iife.js': 'void 0'
+    },
+    cwd => {
+      const result = runHygieneScript(cwd)
+      assert.equal(result.status, 0, result.stderr)
+    }
+  )
+})
+
+test('release workflow disclosure gate fails when Agent Bridge ships without confirmation', async () => {
+  await withDist(
+    {
+      'dist/manifest.json': agentBridgeManifest()
+    },
+    cwd => {
+      const result = runDisclosureGateScript(cwd, {
+        AGENT_BRIDGE_DISCLOSURE_CONFIRMED: 'false'
+      })
+      assert.equal(result.status, 1)
+      assert.match(result.stderr, /Agent Bridge is present in dist/)
+    }
+  )
+})
+
+test('release workflow disclosure gate accepts workflow dispatch confirmation', async () => {
+  await withDist(
+    {
+      'dist/manifest.json': agentBridgeManifest()
+    },
+    cwd => {
+      const result = runDisclosureGateScript(cwd, {
+        AGENT_BRIDGE_DISCLOSURE_CONFIRMED: 'true'
+      })
+      assert.equal(result.status, 0, result.stderr)
+    }
+  )
+})
+
+test('release workflow disclosure gate accepts checked release-note confirmation', async () => {
+  await withDist(
+    {
+      'dist/manifest.json': agentBridgeManifest(),
+      'event.json': JSON.stringify({
+        release: {
+          body: '- [x] Agent Bridge disclosure confirmed'
+        }
+      })
+    },
+    cwd => {
+      const result = runDisclosureGateScript(cwd, {
+        GITHUB_EVENT_PATH: join(cwd, 'event.json')
+      })
+      assert.equal(result.status, 0, result.stderr)
+    }
+  )
+})
+
+test('release workflow disclosure gate ignores artifacts without Agent Bridge', async () => {
+  await withDist(
+    {
+      'dist/manifest.json': manifest()
+    },
+    cwd => {
+      const result = runDisclosureGateScript(cwd, {
+        AGENT_BRIDGE_DISCLOSURE_CONFIRMED: 'false'
+      })
+      assert.equal(result.status, 0, result.stderr)
+    }
+  )
+})
+
+test('release workflow dist hygiene script rejects externally connectable manifests', async () => {
+  await withDist(
+    {
+      'dist/manifest.json': manifest({
+        externally_connectable: {
+          matches: ['https://example.com/*']
+        }
+      })
+    },
+    cwd => {
+      const result = runHygieneScript(cwd)
+      assert.equal(result.status, 1)
+      assert.match(result.stderr, /dist\/manifest\.json must not expose externally_connectable/)
+    }
+  )
+})
+
+test('release workflow dist hygiene script rejects agent bridge helper source files', async () => {
+  await withDist(
+    {
+      'dist/manifest.json': manifest(),
+      'dist/assets/capture-store.mjs': 'export {}'
+    },
+    cwd => {
+      const result = runHygieneScript(cwd)
+      assert.equal(result.status, 1)
+      assert.match(result.stderr, /dist contains agent-only or test artifact: assets\/capture-store\.mjs/)
+    }
+  )
+})
+
+test('release workflow dist hygiene script rejects nested agent-only directories', async () => {
+  await withDist(
+    {
+      'dist/manifest.json': manifest(),
+      'dist/assets/agent-skill/README.md': '# should not ship'
+    },
+    cwd => {
+      const result = runHygieneScript(cwd)
+      assert.equal(result.status, 1)
+      assert.match(result.stderr, /dist contains agent-only or test artifact: assets\/agent-skill\/README\.md/)
+    }
+  )
+})
+
+test('release workflow dist hygiene script rejects web accessible agent-only resources', async () => {
+  await withDist(
+    {
+      'dist/manifest.json': manifest({
+        web_accessible_resources: [
+          {
+            resources: ['assets/http-server.mjs'],
+            matches: ['http://127.0.0.1/*']
+          }
+        ]
+      })
+    },
+    cwd => {
+      const result = runHygieneScript(cwd)
+      assert.equal(result.status, 1)
+      assert.match(result.stderr, /web_accessible_resources exposes agent-only path: assets\/http-server\.mjs/)
+    }
+  )
+})
diff --git a/tests/site-experience-profile.test.mjs b/tests/site-experience-profile.test.mjs
new file mode 100644
index 00000000..24fef84a
--- /dev/null
+++ b/tests/site-experience-profile.test.mjs
@@ -0,0 +1,1282 @@
+import assert from 'node:assert/strict'
+import { readFile } from 'node:fs/promises'
+import { test } from 'node:test'
+import { loadTsModule, resetLoadTsModuleCaches } from './helpers/load-ts-module.mjs'
+import identifiers from './fixtures/bridge-protocol-identifiers.json' with { type: 'json' }
+
+test('unit tests run with a 60 second timeout guard', async () => {
+  const pkg = JSON.parse(await readFile(new URL('../package.json', import.meta.url), 'utf8'))
+  assert.match(pkg.scripts['test:unit'], /--test-timeout=60000/)
+})
+
+test('normalizes agent bridge opt-in as a local-only setting', async () => {
+  const { defaultSettings, normalizeSettings, normalizeSettingsWithLocalOptIn } = await loadTsModule('src/utils/normalize-settings.ts')
+
+  assert.equal(defaultSettings().agentBridgeEnabled, false)
+  assert.equal(defaultSettings().agentBridgeAllowAllNetworkTargets, false)
+  assert.equal(normalizeSettings({}).agentBridgeEnabled, false)
+  assert.equal(normalizeSettings({ agentBridgeEnabled: 'true' }, { allowAgentBridge: true }).agentBridgeEnabled, false)
+  assert.equal(normalizeSettings({ agentBridgeEnabled: true }).agentBridgeEnabled, false)
+  assert.equal(normalizeSettings({ agentBridgeEnabled: true }, { allowAgentBridge: true }).agentBridgeEnabled, true)
+  assert.equal(normalizeSettings({ agentBridgeAllowAllNetworkTargets: true }).agentBridgeAllowAllNetworkTargets, false)
+  assert.equal(normalizeSettings({ agentBridgeAllowAllNetworkTargets: true }, { allowAgentBridge: true, allowAgentBridgeNetworkOverride: true }).agentBridgeAllowAllNetworkTargets, false)
+  assert.equal(normalizeSettingsWithLocalOptIn({ agentBridgeEnabled: true }, {}).agentBridgeEnabled, false)
+  assert.equal(normalizeSettingsWithLocalOptIn({}, { agentBridgeEnabled: true }).agentBridgeEnabled, true)
+  assert.equal(
+    normalizeSettingsWithLocalOptIn({ agentBridgeAllowAllNetworkTargets: true }, {}).agentBridgeAllowAllNetworkTargets,
+    false
+  )
+  assert.equal(
+    normalizeSettingsWithLocalOptIn({}, { agentBridgeAllowAllNetworkTargets: true }).agentBridgeAllowAllNetworkTargets,
+    false
+  )
+  assert.equal(
+    normalizeSettingsWithLocalOptIn({}, { agentBridgeEnabled: true, agentBridgeAllowAllNetworkTargets: true })
+      .agentBridgeAllowAllNetworkTargets,
+    true
+  )
+  assert.equal(
+    normalizeSettingsWithLocalOptIn({ disabledTechnologies: ['React'] }, { agentBridgeEnabled: true }).disabledTechnologies[0],
+    'React'
+  )
+})
+
+test('detector settings cache keeps local agent bridge opt-in during sync updates', async () => {
+  const storage = {
+    sync: { stackPrismSettings: { disabledTechnologies: [] } },
+    local: { stackPrismSettings: { agentBridgeEnabled: true, agentBridgeAllowAllNetworkTargets: true } }
+  }
+  globalThis.chrome = {
+    storage: {
+      sync: { get: async () => storage.sync },
+      local: { get: async () => storage.local }
+    }
+  }
+  const { applyDetectorSettingsUpdate, loadDetectorSettings } = await loadTsModule('src/background/detector-settings.ts')
+
+  assert.equal((await loadDetectorSettings()).agentBridgeEnabled, true)
+  assert.equal((await loadDetectorSettings()).agentBridgeAllowAllNetworkTargets, true)
+  const updated = applyDetectorSettingsUpdate(
+    { disabledTechnologies: ['React'] },
+    { agentBridgeEnabled: true, agentBridgeAllowAllNetworkTargets: true }
+  )
+
+  assert.equal(updated.agentBridgeEnabled, true)
+  assert.equal(updated.agentBridgeAllowAllNetworkTargets, true)
+  assert.deepEqual(updated.disabledTechnologies, ['React'])
+  delete globalThis.chrome
+})
+
+test('detector settings preserves sync settings when local opt-in storage is unavailable', async () => {
+  resetLoadTsModuleCaches()
+  globalThis.chrome = {
+    storage: {
+      sync: { get: async () => ({ stackPrismSettings: { disabledTechnologies: ['React'] } }) },
+      local: {
+        get: async () => {
+          const error = new Error('local unavailable token=secret nonce=n_SECRETSECRETSECRETSECRET')
+          error.name = 'LocalSettingsError spb_ABCDEFGHIJKLMNOPQRSTUVWxy123456789012345'
+          throw error
+        }
+      }
+    }
+  }
+  const warnings = []
+  const originalWarn = console.warn
+  console.warn = (...args) => warnings.push(args)
+  const { loadDetectorSettings } = await loadTsModule('src/background/detector-settings.ts')
+
+  try {
+    const settings = await loadDetectorSettings()
+    assert.deepEqual(settings.disabledTechnologies, ['React'])
+    assert.equal(settings.agentBridgeEnabled, false)
+    assert.equal(settings.agentBridgeAllowAllNetworkTargets, false)
+    assert.equal(warnings.length, 1)
+    assert.equal(warnings[0][1], 'stackPrismSettings')
+    assert.notEqual(warnings[0][2] instanceof Error, true)
+    assert.equal(JSON.stringify(warnings).includes('token=secret'), false)
+    assert.equal(JSON.stringify(warnings).includes('nonce='), false)
+    assert.equal(JSON.stringify(warnings).includes('spb_'), false)
+  } finally {
+    console.warn = originalWarn
+  }
+  delete globalThis.chrome
+})
+
+test('firefox data consent helpers request only Agent Bridge optional categories', async () => {
+  const requested = []
+  let getAllCalled = false
+  globalThis.chrome = {
+    runtime: {
+      getManifest: () => ({
+        browser_specific_settings: {
+          gecko: {
+            data_collection_permissions: {
+              optional: ['browsingActivity', 'technicalAndInteraction', 'websiteContent']
+            }
+          }
+        }
+      })
+    },
+    permissions: {
+      getAll: async () => {
+        getAllCalled = true
+        return { data_collection: ['browsingActivity'] }
+      },
+      request: async permissions => {
+        assert.equal(getAllCalled, false)
+        requested.push(permissions)
+        return true
+      }
+    }
+  }
+  const { AGENT_BRIDGE_DATA_COLLECTION_PERMISSIONS, hasAgentBridgeDataConsent, requestAgentBridgeDataConsent } =
+    await loadTsModule('src/utils/firefox-data-consent.ts')
+
+  assert.deepEqual(AGENT_BRIDGE_DATA_COLLECTION_PERMISSIONS, ['browsingActivity', 'technicalAndInteraction', 'websiteContent'])
+  assert.equal(await hasAgentBridgeDataConsent(), false)
+  getAllCalled = false
+  const requestedConsent = requestAgentBridgeDataConsent()
+  assert.deepEqual(requested, [{ data_collection: ['browsingActivity', 'technicalAndInteraction', 'websiteContent'] }])
+  assert.equal(getAllCalled, false)
+  assert.equal(await requestedConsent, true)
+  assert.deepEqual(requested, [{ data_collection: ['browsingActivity', 'technicalAndInteraction', 'websiteContent'] }])
+  delete globalThis.chrome
+})
+
+test('firefox data consent helpers do not block browsers without the data consent API', async () => {
+  globalThis.chrome = { permissions: {} }
+  const { hasAgentBridgeDataConsent, requestAgentBridgeDataConsent } = await loadTsModule('src/utils/firefox-data-consent.ts')
+
+  assert.equal(await hasAgentBridgeDataConsent(), true)
+  assert.equal(await requestAgentBridgeDataConsent(), true)
+  delete globalThis.chrome
+})
+
+test('firefox data consent helpers skip request outside Firefox data collection manifests', async () => {
+  globalThis.chrome = {
+    runtime: { getManifest: () => ({}) },
+    permissions: {
+      request: async () => {
+        throw new Error('request should not be called')
+      }
+    }
+  }
+  const { requestAgentBridgeDataConsent } = await loadTsModule('src/utils/firefox-data-consent.ts')
+
+  assert.equal(await requestAgentBridgeDataConsent(), true)
+  delete globalThis.chrome
+})
+
+test('firefox data consent rollback removes only categories granted by the pending request', async () => {
+  const removed = []
+  globalThis.chrome = {
+    runtime: {
+      getManifest: () => ({
+        browser_specific_settings: {
+          gecko: {
+            data_collection_permissions: {
+              optional: ['browsingActivity', 'technicalAndInteraction', 'websiteContent']
+            }
+          }
+        }
+      })
+    },
+    permissions: {
+      remove: async permissions => {
+        removed.push(permissions)
+        return true
+      }
+    }
+  }
+  const { rollbackAgentBridgeDataConsent } = await loadTsModule('src/utils/firefox-data-consent.ts')
+
+  assert.equal(
+    await rollbackAgentBridgeDataConsent({
+      supported: true,
+      granted: ['browsingActivity'],
+      missing: ['technicalAndInteraction', 'websiteContent']
+    }),
+    true
+  )
+  assert.deepEqual(removed, [{ data_collection: ['technicalAndInteraction', 'websiteContent'] }])
+
+  removed.length = 0
+  assert.equal(
+    await rollbackAgentBridgeDataConsent({
+      supported: true,
+      granted: ['browsingActivity', 'technicalAndInteraction', 'websiteContent'],
+      missing: []
+    }),
+    false
+  )
+  assert.deepEqual(removed, [])
+  delete globalThis.chrome
+})
+
+test('firefox data consent revoke removes currently granted Agent Bridge categories', async () => {
+  const removed = []
+  globalThis.chrome = {
+    runtime: {
+      getManifest: () => ({
+        browser_specific_settings: {
+          gecko: {
+            data_collection_permissions: {
+              optional: ['browsingActivity', 'technicalAndInteraction', 'websiteContent']
+            }
+          }
+        }
+      })
+    },
+    permissions: {
+      getAll: async () => ({ data_collection: ['browsingActivity', 'websiteContent'] }),
+      remove: async permissions => {
+        removed.push(permissions)
+        return true
+      }
+    }
+  }
+  const { revokeAgentBridgeDataConsent } = await loadTsModule('src/utils/firefox-data-consent.ts')
+
+  assert.equal(await revokeAgentBridgeDataConsent(), true)
+  assert.deepEqual(removed, [{ data_collection: ['browsingActivity', 'websiteContent'] }])
+  delete globalThis.chrome
+})
+
+test('firefox data consent removal detection is limited to Agent Bridge categories', async () => {
+  const { includesAgentBridgeDataConsentRemoval } = await loadTsModule('src/utils/firefox-data-consent.ts')
+
+  assert.equal(includesAgentBridgeDataConsentRemoval({ data_collection: ['websiteContent'] }), true)
+  assert.equal(includesAgentBridgeDataConsentRemoval({ data_collection: ['browsingActivity'] }), true)
+  assert.equal(includesAgentBridgeDataConsentRemoval({ data_collection: ['technicalAndInteraction'] }), true)
+  assert.equal(includesAgentBridgeDataConsentRemoval({ data_collection: ['locationInfo'] }), false)
+  assert.equal(includesAgentBridgeDataConsentRemoval({ permissions: ['tabs'] }), false)
+  assert.equal(includesAgentBridgeDataConsentRemoval(null), false)
+})
+
+test('defines the site experience schema and required capabilities', async () => {
+  const contract = await loadTsModule('src/types/agent-bridge.ts')
+
+  assert.equal(contract.bridgeProtocolVersion, 1)
+  assert.equal(contract.SITE_EXPERIENCE_PROFILE_SCHEMA, 'stackprism.site_experience_profile.v1')
+  assert.deepEqual(contract.REQUIRED_AGENT_BRIDGE_CAPABILITIES, [
+    'agentBridge',
+    'siteExperienceProfileV1',
+    'profileChunkTransport',
+    'bridgeContentPost',
+    'storageSession',
+    'experienceProfiler'
+  ])
+  assert.equal(contract.AGENT_BRIDGE_CAPABILITIES.includes('visualScreenshot'), true)
+})
+
+test('validates all protocol identifiers with fixed ascii contracts', async () => {
+  const { validateProtocolIdentifier } = await loadTsModule('src/types/agent-bridge.ts')
+
+  for (const [kind, cases] of Object.entries(identifiers)) {
+    for (const value of cases.valid) {
+      assert.equal(validateProtocolIdentifier(kind, value), true, `${kind} should accept ${value}`)
+    }
+    for (const value of cases.invalid) {
+      assert.equal(validateProtocolIdentifier(kind, value), false, `${kind} should reject ${value}`)
+    }
+  }
+})
+
+test('exports the first-version bridge error code contract', async () => {
+  const { AGENT_BRIDGE_ERROR_CODES } = await loadTsModule('src/types/agent-bridge.ts')
+  const required = [
+    'NOT_FOUND',
+    'METHOD_NOT_ALLOWED',
+    'UNAUTHORIZED',
+    'FORBIDDEN',
+    'ORIGIN_NOT_ALLOWED',
+    'UNSUPPORTED_MEDIA_TYPE',
+    'UNSUPPORTED_TRANSFER_ENCODING',
+    'INVALID_JSON',
+    'INVALID_REQUEST',
+    'REQUEST_TOO_LARGE',
+    'REQUEST_TIMEOUT',
+    'SERVER_BUSY',
+    'STALE_STATUS_UPDATE',
+    'PORT_IN_USE',
+    'BRIDGE_INVALID_ENV',
+    'BRIDGE_START_FAILED',
+    'BRIDGE_START_TIMEOUT',
+    'BRIDGE_READY_PARSE_FAILED',
+    'BRIDGE_PROTOCOL_UNSUPPORTED',
+    'BRIDGE_PAGE_RENDER_FAILED',
+    'BRIDGE_REQUEST_TIMEOUT',
+    'BRIDGE_REQUEST_MISMATCH',
+    'AGENT_BRIDGE_DISABLED',
+    'CAPTURE_BUSY',
+    'CAPTURE_TIMEOUT',
+    'EXTENSION_NOT_CONNECTED',
+    'BROWSER_OPEN_FAILED',
+    'BRIDGE_TOKEN_CANNOT_READ_PROFILE',
+    'PRIVATE_NETWORK_TARGET_BLOCKED',
+    'TARGET_DNS_LOOKUP_FAILED',
+    'BRIDGE_SELF_TARGET_BLOCKED',
+    'FINAL_URL_BLOCKED',
+    'ACTIVE_TAB_UNAVAILABLE',
+    'ACTIVE_TAB_MISMATCH',
+    'INCOGNITO_NOT_SUPPORTED',
+    'TARGET_LOAD_TIMEOUT',
+    'TARGET_LOAD_FAILED',
+    'TARGET_INJECTION_FAILED',
+    'TARGET_TAB_CLOSED',
+    'BRIDGE_TAB_CLOSED',
+    'TARGET_NAVIGATED_AWAY',
+    'SERVICE_WORKER_RESTARTED',
+    'BRIDGE_TRANSPORT_DISCONNECTED',
+    'PROFILE_TRANSPORT_FAILED',
+    'PROFILE_CHUNK_MISSING',
+    'PROFILE_HASH_MISMATCH',
+    'PROFILE_TOO_LARGE',
+    'RATE_LIMITED',
+    'NONCE_REUSED',
+    'CAPTURE_ALREADY_COMPLETED',
+    'CAPTURE_RESULT_EXPIRED',
+    'NOT_SUPPORTED'
+  ]
+
+  for (const code of required) assert.equal(AGENT_BRIDGE_ERROR_CODES.includes(code), true, `${code} missing`)
+  assert.equal(new Set(AGENT_BRIDGE_ERROR_CODES).size, AGENT_BRIDGE_ERROR_CODES.length)
+})
+
+test('message runtime field contracts do not carry bridge tokens or profile wrappers', async () => {
+  const contract = await loadTsModule('src/types/agent-bridge.ts')
+
+  assert.equal(contract.START_AGENT_CAPTURE_MESSAGE_FIELDS.includes('bridgeToken'), false)
+  assert.equal(contract.START_AGENT_CAPTURE_MESSAGE_FIELDS.includes('callbackUrl'), false)
+  assert.equal(contract.PROFILE_TRANSFER_BEGIN_FIELDS.includes('profile'), false)
+  assert.equal(contract.PROFILE_TRANSFER_CHUNK_FIELDS.includes('profile'), false)
+  assert.equal(contract.PROFILE_TRANSFER_COMPLETE_FIELDS.includes('profile'), false)
+})
+
+test('redacts sensitive headers in header records', async () => {
+  const { buildHeaderRecord } = await loadTsModule('src/background/headers.ts')
+  const record = buildHeaderRecord(
+    {
+      requestId: 'req-1',
+      url: 'https://example.com/app?token=secret#hash',
+      type: 'main_frame',
+      method: 'GET',
+      statusCode: 200,
+      statusLine: 'HTTP/2 200',
+      responseHeaders: [
+        { name: 'server', value: 'nginx/1.25.0' },
+        { name: 'set-cookie', value: 'sid=abc; Path=/, theme=dark; Path=/' },
+        { name: 'cookie', value: 'sid=abc' },
+        { name: 'authorization', value: 'Bearer secret' },
+        { name: 'proxy-authorization', value: 'Basic secret' },
+        { name: 'x-api-key', value: 'key-secret' },
+        { name: 'x-session-token', value: 'session-secret' }
+      ]
+    },
+    {
+      interestingHeaders: ['server', 'set-cookie', 'cookie', 'authorization', 'proxy-authorization', 'x-api-key', 'x-session-token']
+    },
+    {}
+  )
+
+  assert.equal(record.headers['set-cookie'], 'sid, theme')
+  assert.equal(record.allHeaders['set-cookie'], 'sid, theme')
+  for (const name of ['cookie', 'authorization', 'proxy-authorization', 'x-api-key', 'x-session-token']) {
+    assert.equal(record.headers[name], '[redacted]')
+    assert.equal(record.allHeaders[name], '[redacted]')
+  }
+})
+
+test('popup results ignore cross-site HTTP protocol observations', async () => {
+  resetLoadTsModuleCaches()
+  const originalChrome = globalThis.chrome
+  const originalFetch = globalThis.fetch
+  globalThis.chrome = {
+    runtime: {
+      getURL: path => `chrome-extension://stackprism/${path}`
+    }
+  }
+  globalThis.fetch = async url => {
+    const text = String(url)
+    if (text.endsWith('/rules/index.json')) return new Response(JSON.stringify({ schemaVersion: 1, files: [] }), { status: 200 })
+    if (text.endsWith('/tech-links.json')) return new Response(JSON.stringify({ links: {} }), { status: 200 })
+    return new Response('{}', { status: 200 })
+  }
+
+  try {
+    const { buildPopupCacheRecord, buildPopupRawResult } = await loadTsModule('src/background/popup-cache.ts')
+    const data = {
+      updatedAt: 1,
+      page: { url: 'https://app.example.com/dashboard', title: 'Dashboard', technologies: [] },
+      main: { url: 'https://app.example.com/dashboard', technologies: [], headers: {}, headerCount: 0 },
+      apis: [
+        { url: 'https://api.example.com/graphql', httpProtocol: '2', technologies: [] },
+        { url: 'https://payments.example-cdn.test/session', httpProtocol: '3', technologies: [] }
+      ],
+      frames: [{ url: 'https://checkout.example-cdn.test/embed', httpProtocol: 'h3', technologies: [] }]
+    }
+    const settings = {}
+    const tab = { url: 'https://app.example.com/dashboard', title: 'Dashboard' }
+
+    const raw = await buildPopupRawResult(data, settings, tab)
+    const popup = await buildPopupCacheRecord(data, settings, tab)
+    const rawNames = raw.technologies.map(tech => tech.name).sort()
+    const popupNames = popup.technologies.map(tech => tech.name).sort()
+
+    assert.deepEqual(rawNames, ['HTTP/2'])
+    assert.deepEqual(popupNames, ['HTTP/2'])
+    assert.match(raw.technologies[0].evidence.join('\n'), /api\.example\.com/)
+    assert.doesNotMatch(JSON.stringify([...raw.technologies, ...popup.technologies]), /example-cdn\.test|HTTP\/3/)
+  } finally {
+    if (originalChrome === undefined) delete globalThis.chrome
+    else globalThis.chrome = originalChrome
+    if (originalFetch === undefined) delete globalThis.fetch
+    else globalThis.fetch = originalFetch
+  }
+})
+
+test('popup same-site filtering uses current tab URL when page detection is stale', async () => {
+  resetLoadTsModuleCaches()
+  const originalChrome = globalThis.chrome
+  const originalFetch = globalThis.fetch
+  globalThis.chrome = {
+    runtime: {
+      getURL: path => `chrome-extension://stackprism/${path}`
+    }
+  }
+  globalThis.fetch = async url => {
+    const text = String(url)
+    if (text.endsWith('/rules/index.json')) return new Response(JSON.stringify({ schemaVersion: 1, files: [] }), { status: 200 })
+    if (text.endsWith('/tech-links.json')) return new Response(JSON.stringify({ links: {} }), { status: 200 })
+    return new Response('{}', { status: 200 })
+  }
+
+  try {
+    const { buildPopupCacheRecord, buildPopupRawResult } = await loadTsModule('src/background/popup-cache.ts')
+    const data = {
+      updatedAt: 1,
+      page: { url: 'https://old.example.test/app', title: 'Old page', technologies: [] },
+      main: {
+        url: 'https://app.example.com/dashboard',
+        technologies: [],
+        headers: {},
+        headerCount: 0,
+        httpProtocol: '2'
+      },
+      apis: [
+        {
+          url: 'https://api.example.com/graphql',
+          httpProtocol: '2',
+          technologies: [
+            { category: 'Web 服务器', name: 'nginx', confidence: '中', evidence: ['server: nginx'], source: '响应头' },
+            { category: 'CDN / 托管', name: 'Cloudflare', confidence: '高', evidence: ['cf-ray'], source: '响应头' },
+            { category: '后端 / 服务器框架', name: 'Express', confidence: '中', evidence: ['x-powered-by'], source: '响应头' }
+          ]
+        },
+        {
+          url: 'https://tracker.third-party.test/pixel',
+          httpProtocol: '3',
+          technologies: [{ category: 'Web 服务器', name: 'third-party-nginx', confidence: '中', evidence: ['server'], source: '响应头' }]
+        }
+      ]
+    }
+    const settings = {}
+    const tab = { url: 'https://app.example.com/dashboard', title: 'Dashboard' }
+
+    const raw = await buildPopupRawResult(data, settings, tab)
+    const popup = await buildPopupCacheRecord(data, settings, tab)
+    const rawNames = raw.technologies.map(tech => tech.name).sort()
+    const popupNames = popup.technologies.map(tech => tech.name).sort()
+
+    assert.deepEqual(rawNames, ['Cloudflare', 'Express', 'HTTP/2', 'nginx'])
+    assert.deepEqual(popupNames, ['Cloudflare', 'Express', 'HTTP/2', 'nginx'])
+    assert.equal(raw.url, 'https://app.example.com/dashboard')
+    assert.equal(popup.url, 'https://app.example.com/dashboard')
+    assert.doesNotMatch(JSON.stringify([...raw.technologies, ...popup.technologies]), /third-party-nginx|HTTP\/3/)
+  } finally {
+    if (originalChrome === undefined) delete globalThis.chrome
+    else globalThis.chrome = originalChrome
+    if (originalFetch === undefined) delete globalThis.fetch
+    else globalThis.fetch = originalFetch
+  }
+})
+
+test('popup results keep intentional cross-site service detections and drop infrastructure detections', async () => {
+  resetLoadTsModuleCaches()
+  const originalChrome = globalThis.chrome
+  const originalFetch = globalThis.fetch
+  globalThis.chrome = {
+    runtime: {
+      getURL: path => `chrome-extension://stackprism/${path}`
+    }
+  }
+  globalThis.fetch = async url => {
+    const text = String(url)
+    if (text.endsWith('/rules/index.json')) return new Response(JSON.stringify({ schemaVersion: 1, files: [] }), { status: 200 })
+    if (text.endsWith('/tech-links.json')) return new Response(JSON.stringify({ links: {} }), { status: 200 })
+    return new Response('{}', { status: 200 })
+  }
+
+  try {
+    const { buildPopupCacheRecord, buildPopupRawResult } = await loadTsModule('src/background/popup-cache.ts')
+    const data = {
+      updatedAt: 1,
+      page: { url: 'https://shop.example.com/checkout', title: 'Checkout', technologies: [] },
+      main: { url: 'https://shop.example.com/checkout', technologies: [], headers: {}, headerCount: 0 },
+      apis: [
+        {
+          url: 'https://api.stripe.com/v1/payment_intents',
+          technologies: [
+            { category: '支付系统', name: 'Stripe', confidence: '高', evidence: ['Stripe API response'], source: '响应头' },
+            { category: 'Headless CMS', name: 'Contentful', confidence: '高', evidence: ['cdn.contentful.com'], source: '响应头' },
+            { category: 'IP 地理位置 / IP 情报', name: 'IPinfo', confidence: '高', evidence: ['ipinfo.io'], source: '响应头' },
+            { category: 'CDN / 托管', name: 'Cloudflare', confidence: '高', evidence: ['cf-ray'], source: '响应头' },
+            { category: 'Web 服务器', name: 'nginx', confidence: '中', evidence: ['server: nginx'], source: '响应头' }
+          ]
+        }
+      ],
+      frames: [
+        {
+          url: 'https://accounts.google.com/o/oauth2/v2/auth',
+          technologies: [
+            { category: '第三方登录 / OAuth', name: 'Google Sign-In', confidence: '高', evidence: ['accounts.google.com'], source: '响应头' }
+          ]
+        }
+      ]
+    }
+    const settings = {}
+    const tab = { url: 'https://shop.example.com/checkout', title: 'Checkout' }
+
+    const raw = await buildPopupRawResult(data, settings, tab)
+    const popup = await buildPopupCacheRecord(data, settings, tab)
+    const rawNames = raw.technologies.map(tech => tech.name).sort()
+    const popupNames = popup.technologies.map(tech => tech.name).sort()
+
+    assert.deepEqual(rawNames, ['Contentful', 'Google Sign-In', 'IPinfo', 'Stripe'])
+    assert.deepEqual(popupNames, ['Contentful', 'Google Sign-In', 'IPinfo', 'Stripe'])
+    assert.match(raw.technologies.find(tech => tech.name === 'Stripe').sources.join('\n'), /API/)
+    assert.match(raw.technologies.find(tech => tech.name === 'Contentful').sources.join('\n'), /API/)
+    assert.match(raw.technologies.find(tech => tech.name === 'IPinfo').sources.join('\n'), /API/)
+    assert.doesNotMatch(JSON.stringify([...raw.technologies, ...popup.technologies]), /Cloudflare|nginx/)
+  } finally {
+    if (originalChrome === undefined) delete globalThis.chrome
+    else globalThis.chrome = originalChrome
+    if (originalFetch === undefined) delete globalThis.fetch
+    else globalThis.fetch = originalFetch
+  }
+})
+
+test('same-site comparison treats common public hosting tenants as separate sites', async () => {
+  const { getRegistrableDomain, isSameSite } = await loadTsModule('src/utils/domain.ts')
+
+  assert.equal(getRegistrableDomain('foo.github.io'), 'foo.github.io')
+  assert.equal(getRegistrableDomain('bar.github.io'), 'bar.github.io')
+  assert.equal(isSameSite('https://bar.github.io/api', 'https://foo.github.io/app'), false)
+  assert.equal(isSameSite('https://assets.foo.github.io/app.js', 'https://foo.github.io/app'), true)
+  assert.equal(isSameSite('https://bar.vercel.app/api', 'https://foo.vercel.app/app'), false)
+  assert.equal(isSameSite('https://bar.netlify.app/api', 'https://foo.netlify.app/app'), false)
+  assert.equal(isSameSite('https://bar.pages.dev/api', 'https://foo.pages.dev/app'), false)
+  assert.equal(getRegistrableDomain('foo.up.railway.app'), 'foo.up.railway.app')
+  assert.equal(getRegistrableDomain('bar.up.railway.app'), 'bar.up.railway.app')
+  assert.equal(isSameSite('https://bar.up.railway.app/api', 'https://foo.up.railway.app/app'), false)
+  assert.equal(isSameSite('https://assets.foo.up.railway.app/app.js', 'https://foo.up.railway.app/app'), true)
+})
+
+test('builds a redacted site experience profile from raw popup data and experience signals', async () => {
+  const { buildSiteExperienceProfile } = await loadTsModule('src/utils/site-experience-profile.ts')
+  const capabilities = {
+    agentBridge: true,
+    siteExperienceProfileV1: true,
+    profileChunkTransport: true,
+    bridgeContentPost: true,
+    storageSession: true,
+    experienceProfiler: true,
+    rawProfile: true,
+    viewportMetadata: true
+  }
+
+  const profile = buildSiteExperienceProfile({
+    captureId: 'cap_CCCCCCCCCCCCCCCCCCCCCC',
+    request: {
+      url: 'https://example.com/account/sessionId/reset-token?token=secret#frag',
+      mode: 'experience',
+      waitMs: 1000,
+      include: ['tech', 'visual', 'layout', 'components', 'interaction', 'ux', 'assets'],
+      viewports: [{ name: 'desktop', width: 1440, height: 900, deviceScaleFactor: 1 }],
+      options: {
+        forceRefresh: false,
+        captureScreenshotMetadata: false,
+        captureScreenshot: false,
+        keepTabOpen: false,
+        allowPrivateNetworkTarget: false,
+        targetMode: 'reuse_or_new_tab',
+        maxResourceUrls: 2
+      },
+      protocolVersion: 1
+    },
+    raw: {
+      url: 'https://example.com/account/sessionId/reset-token?token=secret#frag',
+      title: 'Dashboard',
+      generatedAt: '2026-05-22T06:00:00.000Z',
+      technologies: [
+        {
+          category: '前端框架',
+          name: 'Vue',
+          version: '3.4.0',
+          confidence: '高',
+          sources: ['页面扫描'],
+          evidence: ['window.__VUE__ token=secret'],
+          url: 'https://vuejs.org/apiKey/privateKey?session=abc#docs'
+        },
+        {
+          category: '实验',
+          name: 'GuessLib',
+          confidence: '低',
+          sources: ['启发式']
+        }
+      ],
+      resources: {
+        total: 4,
+        scripts: ['https://cdn.example.com/assets/sessionId/app.js?signature=abc#bundle'],
+        stylesheets: ['https://cdn.example.com/privateKey/app.css?theme=dark'],
+        themeAssetUrls: ['https://cdn.example.com/logo/token-secret.png?auth=secret'],
+        resourceDomains: [{ domain: 'cdn.example.com', count: 3 }],
+        cssVariableCount: 12,
+        metaGenerator: 'AcmeCMS',
+        manifest: 'https://example.com/apiKey/manifest.json?key=secret'
+      },
+      headers: [
+        { name: 'authorization', value: 'Bearer secret' },
+        { name: 'set-cookie', value: 'sid, theme' }
+      ]
+    },
+    experience: {
+      visual: { colors: ['#123456'], aboveFold: { heroText: 'Hi user@example.com' } },
+      layout: { landmarks: ['header', 'main'], boundingBoxes: [{ text: 'secret@example.com', x: 1, y: 2 }] },
+      components: { counts: { button: 2, card: 1 }, samples: [{ type: 'button', text: '支付 ￥199 给 张三 13800138000' }] },
+      interaction: {
+        passive: true,
+        transitions: ['opacity 0.2s'],
+        animations: ['fade'],
+        focusHoverHints: ['.cta:hover{background:url("https://cdn.example.com/hover.png?preview=abc&token=secret#frag")}'],
+        closedShadowRoots: 1
+      },
+      document: { language: 'zh-CN' },
+      ux: {
+        pagePurpose: 'SaaS dashboard token=secret',
+        primaryUserPath: 'Open reports and export data',
+        informationHierarchy: ['Header', 'KPI cards', 'Report table'],
+        ctaStrategy: ['Export report', 'Create task'],
+        trustSignals: ['SOC2 badge'],
+        navigationDepth: 'top-nav + side-nav',
+        contentGrouping: ['summary', 'details'],
+        frictionPoints: ['Long table without visible filters'],
+        textSamples: ['联系 user@example.com 或 13800138000，订单 1234567890123，金额 ￥199，联系人 张三']
+      },
+      assets: { urls: ['https://cdn.example.com/secretToken/private.woff2?token=abc#font'] },
+      evidence: {
+        inaccessibleStylesheets: 2,
+        crossOriginIframes: 1,
+        omitted: { resourceUrls: 3, textSamples: 2, componentSamples: 1, cssRules: 4, executeScriptResultOverLimit: 2 }
+      }
+    },
+    capabilities,
+    finalUrl: 'https://example.com/account/sessionId/reset-token?session=abc#final'
+  })
+
+  const serialized = JSON.stringify(profile)
+  assert.equal(profile.schema, 'stackprism.site_experience_profile.v1')
+  assert.equal(profile.captureId, 'cap_CCCCCCCCCCCCCCCCCCCCCC')
+  assert.deepEqual(profile.browserContext.extensionCapabilities, capabilities)
+  assert.equal(profile.browserContext.viewportMode, 'current_viewport')
+  assert.equal(profile.target.language, 'zh-CN')
+  assert.equal(profile.techProfile.technologies.length, 2)
+  assert.equal(profile.assetProfile.resourceUrls.length, 2)
+  assert.equal(profile.uxProfile.pagePurpose, 'SaaS dashboard token=[redacted]')
+  assert.deepEqual(profile.uxProfile.informationHierarchy, ['Header', 'KPI cards', 'Report table'])
+  assert.deepEqual(profile.uxProfile.ctaStrategy, ['Export report', 'Create task'])
+  assert.deepEqual(profile.uxProfile.trustSignals, ['SOC2 badge'])
+  assert.equal(profile.uxProfile.navigationDepth, 'top-nav + side-nav')
+  assert.deepEqual(profile.uxProfile.contentGrouping, ['summary', 'details'])
+  assert.deepEqual(profile.uxProfile.frictionPoints, ['Long table without visible filters'])
+  assert.equal(profile.evidence.truncation.resourceUrls, 3)
+  assert.equal(profile.evidence.truncation.executeScriptResultOverLimit, 2)
+  assert.equal(profile.visualProfile.aboveFold, undefined)
+  assert.equal(profile.layoutProfile.boundingBoxes, undefined)
+  assert.ok(profile.limitations.includes('viewport_emulation_unsupported'))
+  assert.ok(profile.limitations.includes('screenshot_metadata_not_requested'))
+  assert.ok(profile.limitations.includes('screenshot_image_not_requested'))
+  assert.ok(profile.limitations.includes('cross_origin_iframes_limited'))
+  assert.ok(profile.limitations.includes('closed_shadow_roots_limited'))
+  assert.ok(profile.limitations.includes('stylesheet_access_limited'))
+  assert.ok(profile.limitations.includes('resource_urls_truncated'))
+  assert.ok(profile.limitations.includes('text_samples_truncated'))
+  assert.ok(profile.limitations.includes('component_samples_truncated'))
+  assert.ok(profile.limitations.includes('css_rules_truncated'))
+  assert.ok(profile.limitations.includes('execute_script_result_truncated'))
+  assert.match(profile.agentGuidance.summary, /Vue/)
+  assert.doesNotMatch(profile.agentGuidance.summary, /secret|user@example\.com|13800138000|\u0000/)
+  assert.match(profile.agentGuidance.recreationPlan.objective, /Recreate/)
+  assert.deepEqual(profile.agentGuidance.recreationPlan.designTokens.colors, ['#123456'])
+  assert.deepEqual(profile.agentGuidance.recreationPlan.layoutBlueprint.landmarks, ['header', 'main'])
+  assert.deepEqual(profile.agentGuidance.recreationPlan.layoutBlueprint.contentGrouping, ['summary', 'details'])
+  assert.equal(profile.agentGuidance.recreationPlan.layoutBlueprint.viewportMode, 'current_viewport')
+  assert.deepEqual(profile.agentGuidance.recreationPlan.componentInventory.priorityTypes, ['button', 'card'])
+  assert.equal(profile.agentGuidance.recreationPlan.componentInventory.sampleCount, 1)
+  assert.equal(profile.agentGuidance.recreationPlan.componentInventory.geometryIncluded, false)
+  assert.deepEqual(profile.agentGuidance.recreationPlan.interactionChecklist.transitions, ['opacity 0.2s'])
+  assert.deepEqual(profile.agentGuidance.recreationPlan.uxChecklist.ctaStrategy, ['Export report', 'Create task'])
+  assert.equal(profile.agentGuidance.recreationPlan.assetHints.scriptCount, 1)
+  assert.equal(profile.agentGuidance.recreationPlan.assetHints.stylesheetCount, 1)
+  assert.deepEqual(profile.agentGuidance.recreationPlan.assetHints.resourceDomains, ['cdn.example.com:3'])
+  assert.equal(profile.agentGuidance.recreationPlan.assetHints.resourceUrlCount, 2)
+  assert.equal(profile.agentGuidance.recreationPlan.verificationChecklist.length > 0, true)
+  assert.deepEqual(profile.visualProfile.colorTokens, ['#123456'])
+  assert.equal(profile.visualProfile.screenshot, undefined)
+  assert.doesNotMatch(serialized, /secret|Bearer|user@example\.com|13800138000|1234567890123|￥199|张三|preview=abc|sessionId|apiKey|privateKey|reset-token|secretToken|#frag/)
+  for (const url of [
+    profile.target.url,
+    profile.target.finalUrl,
+    profile.techProfile.technologies[0].url,
+    profile.assetProfile.manifest,
+    ...profile.assetProfile.scripts,
+    ...profile.assetProfile.stylesheets,
+    ...profile.assetProfile.themeAssetUrls,
+    ...profile.assetProfile.resourceUrls
+  ]) {
+    assert.equal(new URL(url).hash, '')
+  }
+  assert.match(
+    serialized,
+    /token=\[redacted\]|signature=\[redacted\]|auth=\[redacted\]|session=\[redacted\]|key=\[redacted\]|preview=\[redacted\]/
+  )
+})
+
+test('builds a site experience profile that preserves requested and final urls separately', async () => {
+  const { buildSiteExperienceProfile } = await loadTsModule('src/utils/site-experience-profile.ts')
+
+  const profile = buildSiteExperienceProfile({
+    captureId: 'cap_CCCCCCCCCCCCCCCCCCCCCC',
+    request: {
+      url: 'https://example.com/start',
+      mode: 'experience',
+      waitMs: 0,
+      include: ['tech'],
+      viewports: [],
+      options: {
+        forceRefresh: false,
+        captureScreenshotMetadata: false,
+        captureScreenshot: false,
+        keepTabOpen: false,
+        allowPrivateNetworkTarget: false,
+        targetMode: 'reuse_or_new_tab',
+        maxResourceUrls: 300
+      },
+      protocolVersion: 1
+    },
+    raw: {
+      url: 'https://example.com/final?token=secret#frag',
+      title: 'Redirected',
+      generatedAt: '2026-05-22T06:00:00.000Z',
+      technologies: [],
+      resources: null,
+      headers: []
+    },
+    experience: {},
+    capabilities: {
+      agentBridge: true,
+      siteExperienceProfileV1: true,
+      profileChunkTransport: true,
+      bridgeContentPost: true,
+      storageSession: true,
+      experienceProfiler: true,
+      rawProfile: true,
+      viewportMetadata: true
+    },
+    finalUrl: 'https://example.com/final?token=secret#frag'
+  })
+
+  assert.equal(profile.target.url, 'https://example.com/start')
+  assert.equal(profile.target.finalUrl, 'https://example.com/final?token=[redacted]')
+  assert.equal(profile.target.origin, 'https://example.com')
+})
+
+test('build evidence records header coverage for raw header maps', async () => {
+  const { buildEvidence } = await loadTsModule('src/utils/site-experience-profile-sections.ts')
+  const technologies = [{ category: '前端框架', name: 'Vue', confidence: '高', evidence: [], sources: [] }]
+  const experience = {}
+
+  const fromArray = buildEvidence(
+    { headers: [{ name: 'x-powered-by', value: 'StackPrism' }], technologies: [], resources: null },
+    technologies,
+    { resourceUrls: [] },
+    experience
+  )
+  const fromMap = buildEvidence(
+    { headers: { 'x-powered-by': 'StackPrism' }, technologies: [], resources: null },
+    technologies,
+    { resourceUrls: [] },
+    experience
+  )
+
+  assert.equal(fromArray.sourceCoverage.includes('headers'), true)
+  assert.equal(fromMap.sourceCoverage.includes('headers'), true)
+})
+
+test('builds optional screenshot payload only when explicitly requested', async () => {
+  const { buildSiteExperienceProfile } = await loadTsModule('src/utils/site-experience-profile.ts')
+  const profile = buildSiteExperienceProfile({
+    captureId: 'cap_CCCCCCCCCCCCCCCCCCCCCC',
+    request: {
+      url: 'https://example.com/',
+      mode: 'experience',
+      waitMs: 0,
+      include: ['visual'],
+      viewports: [],
+      options: {
+        forceRefresh: false,
+        captureScreenshotMetadata: true,
+        captureScreenshot: true,
+        keepTabOpen: false,
+        allowPrivateNetworkTarget: false,
+        targetMode: 'new_tab',
+        maxResourceUrls: 300
+      },
+      protocolVersion: 1
+    },
+    raw: null,
+    experience: { visual: { colors: ['#101820'] } },
+    screenshot: {
+      dataUrl: `data:image/jpeg;base64,${Buffer.from('shot').toString('base64')}`,
+      mimeType: 'image/jpeg',
+      byteLength: 31,
+      source: 'chrome.tabs.captureVisibleTab',
+      scope: 'visible_viewport',
+      capturedAt: '2026-05-27T00:00:00.000Z'
+    },
+    capabilities: {
+      agentBridge: true,
+      siteExperienceProfileV1: true,
+      profileChunkTransport: true,
+      bridgeContentPost: true,
+      storageSession: true,
+      experienceProfiler: true,
+      rawProfile: false,
+      viewportMetadata: true,
+      visualScreenshot: true
+    },
+    finalUrl: 'https://example.com/'
+  })
+
+  assert.equal(profile.visualProfile.screenshot.mimeType, 'image/jpeg')
+  assert.match(profile.visualProfile.screenshot.dataUrl, /^data:image\/jpeg;base64,/)
+  assert.equal(profile.visualProfile.screenshot.scope, 'visible_viewport')
+  assert.equal(profile.limitations.includes('screenshot_image_not_requested'), false)
+  assert.equal(profile.agentGuidance.recreationPlan.visualReference.screenshotIncluded, true)
+})
+
+test('agent guidance sanitizes external profile labels before composing summary', async () => {
+  const { buildAgentGuidance } = await loadTsModule('src/utils/site-experience-guidance.ts')
+  const guidance = buildAgentGuidance({ primaryFrontend: 'Vue token=secret user@example.com\u0000'.repeat(8) }, [
+    'session=abc',
+    '联系人 张三',
+    'ok\u0000line',
+    'ignored'
+  ])
+
+  assert.equal(guidance.summary.includes('secret'), false)
+  assert.equal(guidance.summary.includes('user@example.com'), false)
+  assert.equal(guidance.summary.includes('张三'), false)
+  assert.equal(guidance.summary.includes('\u0000'), false)
+  assert.match(guidance.summary, /token=\[redacted\]/)
+  assert.match(guidance.summary, /session=\[redacted\]/)
+  assert.match(guidance.summary, /联系人 \[redacted\]/)
+  assert.doesNotMatch(JSON.stringify(guidance.recreationPlan), /secret|user@example\.com|张三|\u0000/)
+
+  const unsafeGuidance = buildAgentGuidance({}, [], {
+    visualProfile: { colorTokens: ['token=secret'] },
+    uxProfile: { ctaStrategy: ['联系 user@example.com'] },
+    assetProfile: { resourceDomains: [{ domain: 'cdn.example.com?token=secret', count: 2 }] }
+  })
+  assert.match(JSON.stringify(unsafeGuidance.recreationPlan), /token=\[redacted\]/)
+  assert.doesNotMatch(JSON.stringify(unsafeGuidance.recreationPlan), /secret|user@example\.com/)
+})
+
+test('returns empty sections and section limitations when include excludes experience data', async () => {
+  const { buildSiteExperienceProfile } = await loadTsModule('src/utils/site-experience-profile.ts')
+  const profile = buildSiteExperienceProfile({
+    captureId: 'cap_CCCCCCCCCCCCCCCCCCCCCC',
+    request: {
+      url: 'https://example.com/',
+      mode: 'experience',
+      waitMs: 0,
+      include: ['tech'],
+      viewports: [],
+      options: {
+        forceRefresh: false,
+        captureScreenshotMetadata: true,
+        keepTabOpen: false,
+        allowPrivateNetworkTarget: false,
+        targetMode: 'new_tab',
+        maxResourceUrls: 300
+      },
+      protocolVersion: 1
+    },
+    raw: null,
+    experience: null,
+    capabilities: {
+      agentBridge: true,
+      siteExperienceProfileV1: true,
+      profileChunkTransport: true,
+      bridgeContentPost: true,
+      storageSession: true,
+      experienceProfiler: true,
+      rawProfile: false,
+      viewportMetadata: false
+    },
+    finalUrl: 'https://example.com/'
+  })
+
+  assert.deepEqual(profile.visualProfile, {})
+  assert.deepEqual(profile.layoutProfile, {})
+  assert.deepEqual(profile.componentProfile, {})
+  assert.deepEqual(profile.interactionProfile, {})
+  assert.deepEqual(profile.uxProfile, {})
+  assert.deepEqual(profile.assetProfile, {})
+  assert.deepEqual(profile.agentGuidance.recreationPlan.designTokens.colors, [])
+  assert.deepEqual(profile.agentGuidance.recreationPlan.componentInventory.priorityTypes, [])
+  for (const section of ['visual', 'layout', 'components', 'interaction', 'ux', 'assets']) {
+    assert.ok(profile.limitations.includes(`${section}_section_not_requested`))
+  }
+})
+
+test('does not emit unrequested experience sections from collected profiler data', async () => {
+  const { buildSiteExperienceProfile } = await loadTsModule('src/utils/site-experience-profile.ts')
+  const profile = buildSiteExperienceProfile({
+    captureId: 'cap_CCCCCCCCCCCCCCCCCCCCCC',
+    request: {
+      url: 'https://example.com/',
+      mode: 'experience',
+      waitMs: 0,
+      include: ['assets'],
+      viewports: [],
+      options: {
+        forceRefresh: false,
+        captureScreenshotMetadata: true,
+        keepTabOpen: false,
+        allowPrivateNetworkTarget: false,
+        targetMode: 'new_tab',
+        maxResourceUrls: 300
+      },
+      protocolVersion: 1
+    },
+    raw: null,
+    experience: {
+      visual: { colors: ['#123456'] },
+      layout: { landmarks: ['main'] },
+      components: { samples: [{ type: 'button', rect: { x: 1, y: 2, width: 3, height: 4 } }] },
+      interaction: { animations: ['fade'] },
+      ux: { textSamples: ['Sensitive person 13800138000'] },
+      assets: { urls: ['https://cdn.example.com/app.js?token=secret#hash'] },
+      evidence: { truncation: { resourceUrls: 0, textSamples: 0, componentSamples: 0, cssRules: 0 } }
+    },
+    capabilities: {
+      agentBridge: true,
+      siteExperienceProfileV1: true,
+      profileChunkTransport: true,
+      bridgeContentPost: true,
+      storageSession: true,
+      experienceProfiler: true,
+      rawProfile: false,
+      viewportMetadata: false
+    },
+    finalUrl: 'https://example.com/'
+  })
+
+  assert.deepEqual(profile.visualProfile, {})
+  assert.deepEqual(profile.layoutProfile, {})
+  assert.deepEqual(profile.componentProfile, {})
+  assert.deepEqual(profile.interactionProfile, {})
+  assert.deepEqual(profile.uxProfile, {})
+  assert.equal(profile.assetProfile.resourceUrls.length, 1)
+  assert.ok(profile.limitations.includes('visual_section_not_requested'))
+  assert.ok(profile.limitations.includes('components_section_not_requested'))
+  assert.ok(profile.limitations.includes('tech_section_not_requested'))
+  assert.deepEqual(profile.techProfile, {})
+})
+
+test('retains screenshot metadata fields only when explicitly requested', async () => {
+  const { buildSiteExperienceProfile } = await loadTsModule('src/utils/site-experience-profile.ts')
+  const profile = buildSiteExperienceProfile({
+    captureId: 'cap_CCCCCCCCCCCCCCCCCCCCCC',
+    request: {
+      url: 'https://example.com/',
+      mode: 'experience',
+      waitMs: 0,
+      include: ['visual', 'layout', 'components'],
+      viewports: [],
+      options: {
+        forceRefresh: false,
+        captureScreenshotMetadata: true,
+        keepTabOpen: false,
+        allowPrivateNetworkTarget: false,
+        targetMode: 'new_tab',
+        maxResourceUrls: 300
+      },
+      protocolVersion: 1
+    },
+    raw: null,
+    experience: {
+      visual: { colors: ['#123456'], aboveFold: { heroText: 'Lead' } },
+      layout: { landmarks: ['main'], boundingBoxes: [{ selector: 'main', rect: { x: 1, y: 2, width: 3, height: 4 } }] },
+      components: { samples: [{ type: 'button', text: 'Buy', rect: { x: 5, y: 6, width: 7, height: 8 } }] },
+      evidence: { truncation: {} }
+    },
+    capabilities: {
+      agentBridge: true,
+      siteExperienceProfileV1: true,
+      profileChunkTransport: true,
+      bridgeContentPost: true,
+      storageSession: true,
+      experienceProfiler: true,
+      rawProfile: false,
+      viewportMetadata: true
+    },
+    finalUrl: 'https://example.com/'
+  })
+
+  assert.deepEqual(profile.visualProfile.aboveFold, { heroText: 'Lead' })
+  assert.equal(profile.layoutProfile.boundingBoxes[0].selector, 'main')
+  assert.deepEqual(profile.componentProfile.samples[0].rect, { x: 5, y: 6, width: 7, height: 8 })
+  assert.equal(profile.agentGuidance.recreationPlan.componentInventory.geometryIncluded, true)
+  assert.equal(profile.limitations.includes('screenshot_metadata_not_requested'), false)
+  assert.equal(JSON.stringify(profile).includes('imageData'), false)
+})
+
+test('marks component geometry metadata for boundingBox and bounds aliases', async () => {
+  const { buildSiteExperienceProfile } = await loadTsModule('src/utils/site-experience-profile.ts')
+  const baseInput = {
+    captureId: 'cap_CCCCCCCCCCCCCCCCCCCCCC',
+    request: {
+      url: 'https://example.com/',
+      mode: 'experience',
+      waitMs: 0,
+      include: ['components'],
+      viewports: [],
+      options: {
+        forceRefresh: false,
+        captureScreenshotMetadata: true,
+        keepTabOpen: false,
+        allowPrivateNetworkTarget: false,
+        targetMode: 'new_tab',
+        maxResourceUrls: 300
+      },
+      protocolVersion: 1
+    },
+    raw: null,
+    capabilities: {
+      agentBridge: true,
+      siteExperienceProfileV1: true,
+      profileChunkTransport: true,
+      bridgeContentPost: true,
+      storageSession: true,
+      experienceProfiler: true,
+      rawProfile: false,
+      viewportMetadata: true
+    },
+    finalUrl: 'https://example.com/'
+  }
+
+  for (const geometryKey of ['boundingBox', 'bounds']) {
+    const profile = buildSiteExperienceProfile({
+      ...baseInput,
+      experience: {
+        components: { samples: [{ type: 'button', text: 'Buy', [geometryKey]: { x: 1, y: 2, width: 3, height: 4 } }] },
+        evidence: { truncation: {} }
+      }
+    })
+
+    assert.equal(profile.agentGuidance.recreationPlan.componentInventory.geometryIncluded, true)
+  }
+})
+
+test('uses profiler truncation evidence and strips screenshot metadata aliases when screenshots are disabled', async () => {
+  const { buildSiteExperienceProfile } = await loadTsModule('src/utils/site-experience-profile.ts')
+  const profile = buildSiteExperienceProfile({
+    captureId: 'cap_CCCCCCCCCCCCCCCCCCCCCC',
+    request: {
+      url: 'https://example.com/',
+      mode: 'experience',
+      waitMs: 0,
+      include: ['components', 'ux', 'assets'],
+      viewports: [],
+      options: {
+        forceRefresh: false,
+        captureScreenshotMetadata: false,
+        keepTabOpen: false,
+        allowPrivateNetworkTarget: false,
+        targetMode: 'new_tab',
+        maxResourceUrls: 300
+      },
+      protocolVersion: 1
+    },
+    raw: null,
+    experience: {
+      visual: { colors: ['#123456'], bounds: { x: 1, y: 2, width: 3, height: 4 } },
+      layout: {
+        landmarks: ['main'],
+        rect: { x: 4, y: 5, width: 6, height: 7 },
+        bounds: { x: 8, y: 9, width: 10, height: 11 },
+        boundingBox: { x: 12, y: 13, width: 14, height: 15 }
+      },
+      components: {
+        samples: [
+          {
+            type: 'button',
+            text: 'Buy',
+            rect: { x: 1, y: 2, width: 3, height: 4 },
+            boundingBox: { x: 5, y: 6, width: 7, height: 8 },
+            bounds: { x: 9, y: 10, width: 11, height: 12 }
+          }
+        ]
+      },
+      ux: { textSamples: ['Buy now'] },
+      assets: { urls: [] },
+      evidence: {
+        truncation: {
+          resourceUrls: 7,
+          textSamples: 6,
+          componentSamples: 5,
+          cssRules: 4,
+          executeScriptResult: 3,
+          executeScriptResultOverLimit: 2
+        }
+      },
+      limitations: ['passive_interaction_only']
+    },
+    capabilities: {
+      agentBridge: true,
+      siteExperienceProfileV1: true,
+      profileChunkTransport: true,
+      bridgeContentPost: true,
+      storageSession: true,
+      experienceProfiler: true,
+      rawProfile: false,
+      viewportMetadata: false
+    },
+    finalUrl: 'https://example.com/'
+  })
+
+  assert.deepEqual(profile.evidence.truncation, {
+    resourceUrls: 7,
+    textSamples: 6,
+    componentSamples: 5,
+    cssRules: 4,
+    executeScriptResult: 3,
+    executeScriptResultOverLimit: 2
+  })
+  assert.equal(profile.evidence.rawCounts.cssRules, 4)
+  const serialized = JSON.stringify({
+    visualProfile: profile.visualProfile,
+    layoutProfile: profile.layoutProfile,
+    componentProfile: profile.componentProfile
+  })
+  assert.doesNotMatch(serialized, /"rect"|"bounds"|"boundingBox"/)
+  assert.ok(profile.limitations.includes('resource_urls_truncated'))
+  assert.ok(profile.limitations.includes('text_samples_truncated'))
+  assert.ok(profile.limitations.includes('component_samples_truncated'))
+  assert.ok(profile.limitations.includes('css_rules_truncated'))
+  assert.ok(profile.limitations.includes('execute_script_result_truncated'))
+  assert.ok(profile.limitations.includes('passive_interaction_only'))
+})
+
+test('marks executeScript result truncation when final profiler output remains oversized', async () => {
+  const { buildLimitations } = await loadTsModule('src/utils/site-experience-limitations.ts')
+  const limitations = buildLimitations(
+    {
+      viewports: [],
+      include: ['tech', 'visual', 'layout', 'components', 'interaction', 'ux', 'assets'],
+      options: { captureScreenshot: true, captureScreenshotMetadata: true }
+    },
+    {
+      evidence: { truncation: { executeScriptResult: 0, executeScriptResultOverLimit: 2 } },
+      limitations: []
+    }
+  )
+
+  assert.ok(limitations.includes('execute_script_result_truncated'))
+})
+
+test('redacts sensitive profile object keys and externally supplied limitations', async () => {
+  const { buildSiteExperienceProfile } = await loadTsModule('src/utils/site-experience-profile.ts')
+  const capabilities = {
+    agentBridge: true,
+    siteExperienceProfileV1: true,
+    profileChunkTransport: true,
+    bridgeContentPost: true,
+    storageSession: true,
+    experienceProfiler: true,
+    rawProfile: false,
+    viewportMetadata: false
+  }
+
+  const profile = buildSiteExperienceProfile({
+    captureId: 'cap_CCCCCCCCCCCCCCCCCCCCCC',
+    request: {
+      url: 'https://example.com/',
+      mode: 'experience',
+      waitMs: 0,
+      include: ['layout', 'interaction'],
+      viewports: [],
+      options: {
+        forceRefresh: false,
+        captureScreenshotMetadata: true,
+        keepTabOpen: false,
+        allowPrivateNetworkTarget: false,
+        targetMode: 'new_tab',
+        maxResourceUrls: 300
+      },
+      protocolVersion: 1
+    },
+    raw: null,
+    experience: {
+      layout: {
+        'token=secret': 'visible',
+        safe: { 'authorization=Bearer sk_live_abc123': 'https://cdn.example.com/app.js?signature=abc#frag' },
+        'apiToken=spb_secret': 'sessionId=s_secret'
+      },
+      interaction: {
+        'session=abc': 'hover token=secret Authorization: Bearer sk_live_xyz789',
+        'secretKey=abc': 'bridgeToken=spbt_secret'
+      },
+      evidence: { truncation: {} },
+      limitations: ['token=secret', 'apiToken=spb_secret', 'bridgeToken=spbt_secret', '联系人 张三', 'safe']
+    },
+    capabilities,
+    finalUrl: 'https://example.com/'
+  })
+
+  const serialized = JSON.stringify(profile)
+  assert.equal(serialized.includes('token=secret'), false)
+  assert.equal(serialized.includes('authorization=Bearer sk_live_abc123'), false)
+  assert.equal(serialized.includes('sk_live_abc123'), false)
+  assert.equal(serialized.includes('sk_live_xyz789'), false)
+  assert.equal(serialized.includes('apiToken=spb_secret'), false)
+  assert.equal(serialized.includes('sessionId=s_secret'), false)
+  assert.equal(serialized.includes('secretKey=abc'), false)
+  assert.equal(serialized.includes('bridgeToken=spbt_secret'), false)
+  assert.equal(serialized.includes('signature=abc'), false)
+  assert.equal(serialized.includes('#frag'), false)
+  assert.equal(serialized.includes('张三'), false)
+  assert.equal(serialized.includes('token=[redacted]'), true)
+  assert.equal(serialized.includes('apiToken=[redacted]'), true)
+  assert.equal(serialized.includes('sessionId=[redacted]'), true)
+  assert.equal(serialized.includes('secretKey=[redacted]'), true)
+  assert.equal(serialized.includes('bridgeToken=[redacted]'), true)
+  assert.equal(serialized.includes('authorization=[redacted]'), true)
+  assert.ok(profile.limitations.includes('token=[redacted]'))
+  assert.ok(profile.limitations.includes('apiToken=[redacted]'))
+  assert.ok(profile.limitations.includes('bridgeToken=[redacted]'))
+  assert.ok(profile.limitations.includes('联系人 [redacted]'))
+})
diff --git a/tests/stackprism-bridge.test.mjs b/tests/stackprism-bridge.test.mjs
new file mode 100644
index 00000000..f2225044
--- /dev/null
+++ b/tests/stackprism-bridge.test.mjs
@@ -0,0 +1,4147 @@
+import assert from 'node:assert/strict'
+import { spawn } from 'node:child_process'
+import { once } from 'node:events'
+import { existsSync, mkdtempSync, readFileSync, rmSync, writeFileSync } from 'node:fs'
+import net from 'node:net'
+import { tmpdir } from 'node:os'
+import { join } from 'node:path'
+import { pathToFileURL } from 'node:url'
+import { test } from 'node:test'
+import vm from 'node:vm'
+import { bridgePageScript, bridgePageStyle } from '../agent-skill/stackprism-site-experience/scripts/bridge/bridge-page-assets.mjs'
+import { renderBridgePageHtml } from '../agent-skill/stackprism-site-experience/scripts/bridge/bridge-page.mjs'
+import { CaptureStore } from '../agent-skill/stackprism-site-experience/scripts/bridge/capture-store.mjs'
+import { createBridgeServer } from '../agent-skill/stackprism-site-experience/scripts/bridge/http-server.mjs'
+import {
+  openBrowser,
+  parseOpenTimeoutMs,
+  resolveBrowserOpenCommand
+} from '../agent-skill/stackprism-site-experience/scripts/bridge/open-browser.mjs'
+import { htmlEscapeScriptJson, isValidId, safeEqual } from '../agent-skill/stackprism-site-experience/scripts/bridge/protocol.mjs'
+import {
+  readJson as readBridgeRequestJson,
+  rejectBadRequestShell
+} from '../agent-skill/stackprism-site-experience/scripts/bridge/security.mjs'
+import { normalizeCaptureRequest } from '../agent-skill/stackprism-site-experience/scripts/bridge/url-policy.mjs'
+import { parseTerminalSettleMs } from '../agent-skill/stackprism-site-experience/scripts/capture-runtime.mjs'
+import identifiers from './fixtures/bridge-protocol-identifiers.json' with { type: 'json' }
+import urlPolicyCases from './fixtures/bridge-url-policy-cases.json' with { type: 'json' }
+
+const baseCaptureRequest = {
+  url: 'https://93.184.216.34/app?view=one#frag',
+  mode: 'experience',
+  waitMs: 0,
+  include: ['tech', 'visual', 'layout', 'components', 'interaction', 'ux', 'assets'],
+  viewports: [{ name: 'desktop', width: 1440, height: 900, deviceScaleFactor: 1 }],
+  options: {
+    forceRefresh: true,
+    captureScreenshotMetadata: false,
+    keepTabOpen: false,
+    allowPrivateNetworkTarget: false,
+    targetMode: 'reuse_or_new_tab',
+    maxResourceUrls: 300
+  }
+}
+
+const auth = token => ({ Authorization: `Bearer ${token}` })
+
+const readJson = async response => ({ status: response.status, body: await response.json(), headers: response.headers })
+const readBytes = async response => ({
+  status: response.status,
+  body: Buffer.from(await response.arrayBuffer()),
+  headers: response.headers
+})
+
+const waitForFileSync = filePath => {
+  const deadline = Date.now() + 2000
+  const waitBuffer = new Int32Array(new SharedArrayBuffer(4))
+  while (!existsSync(filePath) && Date.now() < deadline) Atomics.wait(waitBuffer, 0, 0, 25)
+  assert.equal(existsSync(filePath), true, `expected file to exist: ${filePath}`)
+}
+
+const createClassList = () => {
+  const values = new Set()
+  return {
+    add: value => values.add(value),
+    remove: value => values.delete(value),
+    contains: value => values.has(value),
+    toggle: (value, force) => {
+      const enabled = force ?? !values.has(value)
+      if (enabled) values.add(value)
+      else values.delete(value)
+      return enabled
+    },
+    toString: () => [...values].join(' ')
+  }
+}
+
+const createFakeBridgeElement = (document, id = '') => ({
+  id,
+  alt: '',
+  children: [],
+  classList: createClassList(),
+  dataset: {},
+  disabled: false,
+  download: '',
+  href: '',
+  listeners: {},
+  removed: false,
+  src: '',
+  style: {},
+  textContent: '',
+  append(...children) {
+    this.children.push(...children)
+  },
+  addEventListener(type, listener) {
+    this.listeners[type] = listener
+  },
+  contains(element) {
+    return element === this || this.children.includes(element)
+  },
+  click() {
+    return this.listeners.click?.({ target: this })
+  },
+  focus() {
+    document.activeElement = this
+  },
+  querySelectorAll(selector) {
+    if (selector.includes('button:not(:disabled)')) return this.children.filter(child => child.tagName === 'button' && !child.disabled)
+    return []
+  },
+  remove() {
+    this.removed = true
+  },
+  removeAttribute(name) {
+    delete this[name]
+  },
+  replaceChildren(...children) {
+    this.children = [...children]
+  },
+  setAttribute(name, value) {
+    this[name] = value
+  }
+})
+
+const createBridgeScriptHarness = async (options = {}) => {
+  const ids = [
+    'status',
+    'stateLabel',
+    'statusBadge',
+    'progressBar',
+    'bridgeCard',
+    'targetUrl',
+    'openTargetUrl',
+    'targetHelper',
+    'screenshotFrame',
+    'targetScreenshot',
+    'screenshotMeta',
+    'screenshotDownload',
+    'copyScreenshot',
+    'copyAllInfo',
+    'downloadProfile',
+    'copyStatus',
+    'modalCopyStatus',
+    'stepSummary',
+    'profileContentSection',
+    'profileContentGrid',
+    'screenshotModal',
+    'modalScreenshot',
+    'modalClose',
+    'modalDownload',
+    'modalCopyScreenshot',
+    'screenshotTileValue',
+    'screenshotEmpty',
+    'screenshotStateBadge',
+    'toggleSteps',
+    'stackprism-agent-bridge-config'
+  ]
+  const document = {
+    activeElement: null,
+    body: {
+      children: [],
+      style: {},
+      append(child) {
+        this.children.push(child)
+      }
+    },
+    listeners: {},
+    addEventListener(type, listener) {
+      this.listeners[type] = listener
+    },
+    createElement(tagName) {
+      if (tagName === 'canvas') {
+        return {
+          height: 0,
+          width: 0,
+          getContext: () => ({ drawImage: () => {} }),
+          toBlob: callback => callback(new Blob(['png'], { type: 'image/png' }))
+        }
+      }
+      const element = createFakeBridgeElement(document)
+      element.tagName = tagName
+      return element
+    },
+    getElementById(id) {
+      return elements[id]
+    },
+    querySelectorAll(selector) {
+      return selector === '[data-phase]' ? steps : []
+    }
+  }
+  const elements = Object.fromEntries(ids.map(id => [id, createFakeBridgeElement(document, id)]))
+  const phases = [
+    'bridge_connected',
+    'request_loaded',
+    'target_opening',
+    'target_loaded',
+    'detecting_tech',
+    'profiling_experience',
+    'posting_profile',
+    'cleanup'
+  ]
+  const steps = phases.map(phase => {
+    const step = createFakeBridgeElement(document)
+    step.dataset.phase = phase
+    return step
+  })
+  const modalButtons = [elements.modalCopyScreenshot, elements.modalDownload, elements.modalClose]
+  for (const button of modalButtons) {
+    button.tagName = 'button'
+    elements.screenshotModal.children.push(button)
+  }
+  elements['stackprism-agent-bridge-config'].textContent = JSON.stringify({
+    bridgeToken: 'spbt_test',
+    captureId: 'cap_test',
+    targetUrl: 'https://example.test'
+  })
+  const writtenItems = []
+  const writtenText = []
+  const objectUrls = []
+  class TestUrl extends URL {
+    static createObjectURL(blob) {
+      objectUrls.push(blob)
+      return `blob:stackprism-${objectUrls.length}`
+    }
+
+    static revokeObjectURL(value) {
+      context.revokedObjectUrl = value
+    }
+  }
+  const context = vm.createContext({
+    Blob,
+    ClipboardItem: class ClipboardItem {
+      constructor(items) {
+        this.items = items
+      }
+    },
+    URL: TestUrl,
+    atob: value => Buffer.from(value, 'base64').toString('binary'),
+    console,
+    createImageBitmap: async blob => {
+      context.convertedBlobType = blob.type
+      return { height: 1, width: 1, close: () => {} }
+    },
+    document,
+    fetch:
+      options.fetch ||
+      (async url => {
+        if (String(url).includes('/profile-download')) {
+          return {
+            ok: true,
+            blob: async () => new Blob(['{"schema":"stackprism.site_experience_profile.v1"}\n'], { type: 'application/json' })
+          }
+        }
+        if (String(url).includes('/screenshot-download/')) {
+          return {
+            ok: true,
+            blob: async () => new Blob(['webp'], { type: 'image/webp' })
+          }
+        }
+        return {
+          ok: true,
+          json: async () => ({
+            status: 'completed',
+            phase: 'cleanup',
+            preview: {
+              contentSummary: { cards: [{ title: '视觉', items: ['清晰的双列布局'] }] },
+              copyText: 'StackPrism profile summary',
+              screenshot: {
+                byteLength: 12,
+                downloadUrl: '/v1/captures/cap_test/screenshot-download/shot_test',
+                mimeType: 'image/webp',
+                scope: 'viewport'
+              },
+              targetUrl: 'https://example.test/page'
+            }
+          })
+        }
+      }),
+    navigator: {
+      clipboard: {
+        write: async items => writtenItems.push(...items),
+        writeText: async value => writtenText.push(value)
+      }
+    },
+    setTimeout: options.setTimeout || (() => 0)
+  })
+  vm.runInContext(`${bridgePageScript}\nthis.__stackprismPollForTest=poll;`, context)
+  const isReady = options.isReady || (status => status === 'completed')
+  for (let attempt = 0; attempt < 5 && !isReady(elements.bridgeCard.dataset.status); attempt += 1) {
+    await new Promise(resolve => setImmediate(resolve))
+  }
+  return { context, document, elements, steps, writtenItems, writtenText, objectUrls }
+}
+
+const sensitiveFailedError = (ready, created, config) => {
+  const sensitiveUrl = `${created.body.bridgeUrl}&token=secret&apiToken=${ready.apiToken}&bridgeToken=${config.bridgeToken}#frag`
+  return {
+    code: 'TARGET_TAB_CLOSED',
+    message: `Target closed while loading ${sensitiveUrl}`,
+    details: {
+      url: sensitiveUrl,
+      token: config.bridgeToken,
+      nonce: config.nonce,
+      nested: {
+        authorization: `Bearer ${ready.apiToken}`,
+        values: [config.bridgeToken, config.nonce, sensitiveUrl]
+      }
+    }
+  }
+}
+
+const assertErrorIsRedacted = (error, blockedValues) => {
+  const serialized = JSON.stringify(error)
+  for (const value of blockedValues) assert.equal(serialized.includes(value), false, value)
+  assert.doesNotMatch(serialized, /spbt?_[A-Za-z0-9_-]{8,}/)
+  assert.doesNotMatch(serialized, /\bn_[A-Za-z0-9_-]{8,}\b/)
+  assert.doesNotMatch(serialized, /token=secret|apiToken=|bridgeToken=|#frag/)
+  assert.match(serialized, /\[redacted/)
+}
+
+const assertJsonSecurityHeaders = (envelope, { referrerPolicy = false } = {}) => {
+  assert.match(envelope.headers.get('content-type') || '', /^application\/json; charset=utf-8\b/)
+  assert.equal(envelope.headers.get('cache-control'), 'no-store')
+  assert.equal(envelope.headers.get('x-content-type-options'), 'nosniff')
+  if (referrerPolicy) assert.equal(envelope.headers.get('referrer-policy'), 'no-referrer')
+}
+
+const withBridge = async (fn, options = {}) => {
+  const bridge = createBridgeServer({ env: { STACKPRISM_BRIDGE_NO_OPEN: '1' }, ...options })
+  const ready = await bridge.listen()
+  try {
+    await fn(ready)
+  } finally {
+    await bridge.close()
+  }
+}
+
+const listenOnLoopback = () =>
+  new Promise((resolve, reject) => {
+    const server = net.createServer()
+    server.once('error', reject)
+    server.listen(0, '127.0.0.1', () => {
+      server.off('error', reject)
+      resolve(server)
+    })
+  })
+
+const createCapture = async ready => {
+  const response = await fetch(`${ready.baseUrl}/v1/captures`, {
+    method: 'POST',
+    headers: { ...auth(ready.apiToken), 'Content-Type': 'application/json' },
+    body: JSON.stringify(baseCaptureRequest)
+  })
+  return readJson(response)
+}
+
+const loadBridgeConfig = async bridgeUrl => {
+  const bridgePage = await fetch(bridgeUrl)
+  const html = await bridgePage.text()
+  return JSON.parse(html.match(/<script id="stackprism-agent-bridge-config" type="application\/json" nonce="[^"]+">([^<]+)/)[1])
+}
+
+test('settings and help pages document mobile and agent bridge UI boundaries', () => {
+  const popup = readFileSync('src/ui/popup/Popup.vue', 'utf8')
+  const settings = readFileSync('src/ui/settings/Settings.vue', 'utf8')
+  const help = readFileSync('src/ui/help/Help.vue', 'utf8')
+
+  assert.match(popup, /class="agent-bridge-badge"/)
+  assert.match(popup, /normalizeSettingsWithLocalOptIn/)
+  assert.match(popup, /chrome\.storage\.local\.get\(SETTINGS_STORAGE_KEY\)/)
+  assert.match(popup, /Agent Bridge 已开启，所有网络目标已放开/)
+  assert.match(popup, /\.agent-bridge-badge \{[\s\S]*border-radius: 999px/)
+  assert.match(settings, /@media \(max-width: 760px\)[\s\S]*padding-top: 0/)
+  assert.match(settings, /@media \(max-width: 760px\)[\s\S]*\.settings-header[\s\S]*position: static/)
+  assert.match(settings, /<main ref="settingsShell" class="settings-shell" tabindex="-1">/)
+  assert.match(settings, /const trapConfirmationFocus = \(event: KeyboardEvent\)/)
+  assert.match(settings, /const onConfirmDialogKeydown = \(event: KeyboardEvent\)/)
+  assert.match(settings, /document\.addEventListener\('keydown', onConfirmDialogKeydown\)/)
+  assert.match(settings, /document\.removeEventListener\('keydown', onConfirmDialogKeydown\)/)
+  assert.match(settings, /const cancelPendingConfirmation = \(\) =>/)
+  assert.match(settings, /resolver\?\.\(false\)/)
+  assert.match(settings, /onUnmounted\(cancelPendingConfirmation\)/)
+  assert.match(settings, /let confirmReturnFocusTarget: HTMLElement \| null = null/)
+  assert.match(settings, /const settingsShell = ref<HTMLElement \| null>\(null\)/)
+  assert.match(settings, /confirmReturnFocusTarget = active instanceof HTMLElement && active !== document\.body \? active : null/)
+  assert.match(settings, /if \(returnTarget\?\.isConnected\) returnTarget\.focus\(\)/)
+  assert.match(settings, /else settingsShell\.value\?\.focus\(\)/)
+  assert.match(settings, /\.agent-bridge-toggle \{[\s\S]*align-items: flex-start/)
+  assert.match(settings, /:global\(:root\[data-theme='dark'\]\) \.agent-bridge-state\.pending/)
+  assert.match(help, /Agent Bridge 是什么/)
+  assert.match(help, /127\.0\.0\.1/)
+  assert.match(help, /只读采集，不读取 Cookie、Authorization、localStorage\/sessionStorage 明文。/)
+  assert.match(help, /网络限制默认收紧；放开所有网络目标会要求二次确认。/)
+  assert.match(help, /@media \(max-width: 760px\)[\s\S]*padding-top: 0/)
+  assert.match(help, /@media \(max-width: 760px\)[\s\S]*\.help-header[\s\S]*position: static/)
+})
+
+test('settings page requests browser data consent before enabling Agent Bridge', () => {
+  const settings = readFileSync('src/ui/settings/Settings.vue', 'utf8')
+  const consentCall = settings.indexOf('requestAgentBridgeDataConsent()')
+  const confirmationCall = settings.indexOf('requestConfirmation({')
+  const syncSave = settings.indexOf('chrome.storage.sync.set')
+  const localSave = settings.indexOf('chrome.storage.local.set')
+
+  assert.match(settings, /requestAgentBridgeDataConsent/)
+  assert.match(settings, /rollbackPendingAgentBridgeDataConsent/)
+  assert.match(settings, /await updateAgentBridgeDataConsentState\(await loadAgentBridgeDataConsentSnapshot\(\), consentSnapshot\)/)
+  assert.match(
+    settings,
+    /try \{\s*agentBridgeDataConsentGranted = await requestAgentBridgeDataConsent\(\)\s*\} catch \(error: any\) \{\s*if \(await rollbackPendingAgentBridgeDataConsent\(consentSnapshot, true\)\) \{\s*showStatus\(`保存失败：/
+  )
+  assert.match(
+    settings,
+    /if \(!confirmed\) \{\s*if \(await rollbackPendingAgentBridgeDataConsent\(consentSnapshot, agentBridgeDataConsentGranted\)\) \{\s*showStatus\('已取消保存。', 'error'\)/
+  )
+  assert.match(
+    settings,
+    /catch \(error: any\) \{\s*if \(await rollbackPendingAgentBridgeDataConsent\(consentSnapshot, agentBridgeDataConsentGranted\)\) \{\s*showStatus\(`保存失败：/
+  )
+  assert.doesNotMatch(settings, /savedAgentBridgeEnabled\.value\s*&&\s*!\(await requestAgentBridgeDataConsent\(\)\)/)
+  assert.doesNotMatch(settings, /Promise\.all\(\[\s*chrome\.storage\.sync\.set[\s\S]*chrome\.storage\.local\.set/)
+  assert.ok(consentCall > 0, 'settings page must request Agent Bridge data consent')
+  assert.ok(consentCall < confirmationCall, 'settings page must request data consent before awaited confirmations')
+  assert.ok(syncSave > consentCall, 'settings page must request data consent before saving sync settings')
+  assert.ok(syncSave < localSave, 'settings page must save sync settings before local Agent Bridge flags')
+  assert.ok(localSave > consentCall, 'settings page must request data consent before saving local Agent Bridge opt-in')
+})
+
+test('settings reset revokes browser data consent before clearing Agent Bridge defaults', () => {
+  const settings = readFileSync('src/ui/settings/Settings.vue', 'utf8')
+  const resetStart = settings.indexOf('const resetSettings = async () => {')
+  const resetSection = settings.slice(resetStart, settings.indexOf('\n\n  const openHelp =', resetStart))
+
+  assert.match(settings, /const agentBridgeDataConsentBaseline = ref<AgentBridgeDataConsentSnapshot \| null>\(null\)/)
+  assert.doesNotMatch(resetSection, /rollbackAgentBridgeDataConsent/)
+  assert.doesNotMatch(resetSection, /agentBridgeDataConsentBaseline\.value/)
+  assert.match(resetSection, /await revokeAgentBridgeDataConsent\(\)/)
+  assert.match(settings, /const updateAgentBridgeDataConsentState = async \(/)
+  assert.match(settings, /await updateAgentBridgeDataConsentState\(await loadAgentBridgeDataConsentSnapshot\(\), consentSnapshot\)/)
+  assert.match(resetSection, /await updateAgentBridgeDataConsentState\(await loadAgentBridgeDataConsentSnapshot\(\)\)/)
+  assert.ok(
+    resetSection.indexOf('await revokeAgentBridgeDataConsent()') < resetSection.indexOf('chrome.storage.sync.set'),
+    'settings reset must revoke current browser data consent before clearing stored settings'
+  )
+})
+
+test('settings page revokes browser data consent before saving Agent Bridge disabled', () => {
+  const settings = readFileSync('src/ui/settings/Settings.vue', 'utf8')
+  const helperStart = settings.indexOf('const revokeDisabledAgentBridgeDataConsent = async')
+  const saveStart = settings.indexOf('const saveSettings = async () => {')
+  const saveSection = settings.slice(saveStart, settings.indexOf('\n\n  const resetSettings =', saveStart))
+
+  assert.match(settings, /revokeAgentBridgeDataConsent/)
+  assert.match(settings.slice(helperStart, saveStart), /if \(agentBridgeEnabled \|\| !savedAgentBridgeEnabled\.value\) return true/)
+  assert.match(settings.slice(helperStart, saveStart), /await revokeAgentBridgeDataConsent\(\)/)
+  assert.match(saveSection, /if \(!\(await revokeDisabledAgentBridgeDataConsent\(settings\.agentBridgeEnabled\)\)\) return/)
+  assert.ok(
+    saveSection.indexOf('await revokeDisabledAgentBridgeDataConsent(settings.agentBridgeEnabled)') <
+      saveSection.indexOf('chrome.storage.sync.set'),
+    'settings save must revoke browser data consent before writing disabled Agent Bridge state'
+  )
+})
+
+test('settings page keeps sync-backed settings when local Agent Bridge flags fail to load', () => {
+  const settings = readFileSync('src/ui/settings/Settings.vue', 'utf8')
+
+  assert.match(settings, /const stored = await chrome\.storage\.sync\.get\(SETTINGS_STORAGE_KEY\)/)
+  assert.match(settings, /let local: Record<string, any> = \{\}/)
+  assert.match(settings, /try \{\s*local = await chrome\.storage\.local\.get\(SETTINGS_STORAGE_KEY\)\s*\} catch \{\s*local = \{\}\s*\}/)
+  assert.doesNotMatch(settings, /const \[stored, local\] = await Promise\.all\(\[/)
+})
+
+test('bridge page script supports profile download, screenshot actions and modal focus loop', async () => {
+  const { context, document, elements, steps, writtenItems, writtenText, objectUrls } = await createBridgeScriptHarness()
+
+  assert.equal(elements.bridgeCard.dataset.status, 'completed')
+  assert.equal(elements.targetUrl.textContent, 'https://example.test/page')
+  assert.equal(elements.targetUrl.title, 'https://example.test/page')
+  assert.equal(elements.targetUrl.href, 'https://example.test/page')
+  assert.equal(elements.targetUrl['aria-disabled'], undefined)
+  assert.equal(elements.openTargetUrl.href, 'https://example.test/page')
+  assert.equal(elements.openTargetUrl['aria-disabled'], undefined)
+  assert.equal(elements.openTargetUrl.tabindex, undefined)
+  assert.equal(elements.targetHelper.textContent, '已生成 Agent 可读摘要，可复制给本机 Coding Agent 使用。')
+  assert.equal(elements.screenshotDownload.disabled, false)
+  assert.equal(elements.copyScreenshot.disabled, false)
+  assert.equal(elements.copyAllInfo.disabled, false)
+  assert.equal(elements.downloadProfile.disabled, false)
+  assert.equal(elements.screenshotTileValue.textContent, '截图可用')
+  assert.equal(elements.screenshotStateBadge.textContent, '截图可用')
+  assert.equal(elements.screenshotStateBadge.dataset.state, 'ready')
+  assert.equal(elements.bridgeCard.dataset.stepsOpen, 'false')
+  assert.equal(elements.toggleSteps.textContent, '展开步骤')
+  assert.equal(elements.toggleSteps['aria-expanded'], 'false')
+  assert.equal(elements.targetScreenshot.alt, '目标页面截图预览')
+  assert.equal(elements.modalScreenshot.alt, '目标页面截图放大预览')
+  assert.equal(elements.profileContentSection.hidden, false)
+  assert.equal(elements.profileContentGrid.children.length, 1)
+  assert.equal(steps.at(-1).classList.contains('done'), true)
+  assert.equal(steps.at(-1)['aria-current'], undefined)
+
+  elements.toggleSteps.click()
+  assert.equal(elements.bridgeCard.dataset.stepsOpen, 'true')
+  assert.equal(elements.toggleSteps.textContent, '收起步骤')
+  assert.equal(elements.toggleSteps['aria-expanded'], 'true')
+
+  await elements.copyAllInfo.click()
+  assert.deepEqual(writtenText, ['StackPrism profile summary'])
+  assert.equal(elements.copyStatus.textContent, '已复制全部信息。')
+  assert.equal(elements.copyAllInfo.textContent, '已复制')
+
+  await elements.downloadProfile.click()
+  const profileLink = document.body.children.at(-1)
+  assert.equal(profileLink.tagName, 'a')
+  assert.equal(profileLink.href, 'blob:stackprism-2')
+  assert.equal(profileLink.download, 'stackprism-cap_test-profile.json')
+  assert.equal(profileLink.removed, true)
+  assert.equal(objectUrls.length, 2)
+  assert.equal(elements.copyStatus.textContent, '已下载 Profile JSON。')
+
+  await elements.screenshotDownload.click()
+  const downloadLink = document.body.children.at(-1)
+  assert.equal(downloadLink.tagName, 'a')
+  assert.equal(downloadLink.href.startsWith('blob:stackprism-'), true)
+  assert.notEqual(downloadLink.href, elements.targetScreenshot.src)
+  assert.equal(objectUrls.at(-1).type, 'image/webp')
+  assert.equal(downloadLink.download, 'stackprism-cap_test-screenshot.webp')
+  assert.equal(downloadLink.removed, true)
+
+  elements.screenshotFrame.click()
+  assert.equal(elements.screenshotModal.dataset.open, 'true')
+  assert.equal(document.activeElement, elements.modalClose)
+
+  await elements.modalCopyScreenshot.click()
+  assert.equal(context.convertedBlobType, 'image/webp')
+  assert.equal(writtenItems.length, 1)
+  assert.equal(Object.keys(writtenItems[0].items)[0], 'image/png')
+  assert.equal(elements.modalCopyStatus.textContent, '已复制截图。')
+
+  document.activeElement = elements.bridgeCard
+  const tabFromOutside = {
+    key: 'Tab',
+    preventDefaultCalled: false,
+    preventDefault() {
+      this.preventDefaultCalled = true
+    }
+  }
+  document.listeners.keydown(tabFromOutside)
+  assert.equal(tabFromOutside.preventDefaultCalled, true)
+  assert.equal(document.activeElement, elements.modalCopyScreenshot)
+
+  document.activeElement = elements.modalClose
+  const tabForward = {
+    key: 'Tab',
+    preventDefaultCalled: false,
+    preventDefault() {
+      this.preventDefaultCalled = true
+    }
+  }
+  document.listeners.keydown(tabForward)
+  assert.equal(tabForward.preventDefaultCalled, true)
+  assert.equal(document.activeElement, elements.modalCopyScreenshot)
+
+  const tabBackward = {
+    key: 'Tab',
+    shiftKey: true,
+    preventDefaultCalled: false,
+    preventDefault() {
+      this.preventDefaultCalled = true
+    }
+  }
+  document.listeners.keydown(tabBackward)
+  assert.equal(tabBackward.preventDefaultCalled, true)
+  assert.equal(document.activeElement, elements.modalClose)
+
+  document.listeners.keydown({ key: 'Escape' })
+  assert.equal(elements.screenshotModal.dataset.open, 'false')
+  assert.equal(document.activeElement, elements.screenshotFrame)
+
+  elements.screenshotFrame.click()
+  assert.equal(elements.screenshotModal.dataset.open, 'true')
+  elements.targetScreenshot.listeners.error()
+  assert.equal(elements.screenshotFrame.disabled, true)
+  assert.equal(elements.targetScreenshot.alt, '')
+  assert.equal(elements.modalScreenshot.alt, '')
+  assert.equal(elements.screenshotTileValue.textContent, '截图失败')
+  assert.equal(elements.screenshotStateBadge.textContent, '截图失败')
+  assert.equal(elements.screenshotStateBadge.dataset.state, 'failed')
+  assert.equal(elements.screenshotEmpty.textContent, '截图预览无法加载')
+  document.listeners.keydown({ key: 'Escape' })
+  assert.equal(elements.screenshotModal.dataset.open, 'false')
+  assert.equal(document.activeElement, elements.bridgeCard)
+})
+
+test('bridge page script downloads cached profile after bridge closes', async () => {
+  const profileBlob = new Blob(['{"schema":"stackprism.site_experience_profile.v1","cached":true}\n'], { type: 'application/json' })
+  let statusReads = 0
+  let profileReads = 0
+  const { document, elements, objectUrls } = await createBridgeScriptHarness({
+    fetch: async url => {
+      if (String(url).includes('/profile-download')) {
+        profileReads += 1
+        return { ok: true, blob: async () => profileBlob }
+      }
+      statusReads += 1
+      return {
+        ok: true,
+        json: async () => ({
+          status: 'completed',
+          phase: 'cleanup',
+          preview: {
+            contentSummary: { cards: [] },
+            copyText: 'StackPrism profile summary',
+            targetUrl: 'https://example.test/page'
+          }
+        })
+      }
+    }
+  })
+
+  for (let attempt = 0; attempt < 5 && profileReads === 0; attempt += 1) {
+    await new Promise(resolve => setImmediate(resolve))
+  }
+  assert.equal(statusReads, 1)
+  assert.equal(profileReads, 1)
+  assert.equal(elements.downloadProfile.disabled, false)
+
+  await elements.downloadProfile.click()
+
+  assert.equal(profileReads, 1)
+  assert.equal(objectUrls[0], profileBlob)
+  const profileLink = document.body.children.at(-1)
+  assert.equal(profileLink.href, 'blob:stackprism-1')
+  assert.equal(profileLink.download, 'stackprism-cap_test-profile.json')
+  assert.equal(elements.copyStatus.textContent, '已下载 Profile JSON。')
+})
+
+test('bridge page script invalidates screenshot controls when image download fails', async () => {
+  let screenshotReads = 0
+  const { elements } = await createBridgeScriptHarness({
+    fetch: async url => {
+      if (String(url).includes('/profile-download')) {
+        return {
+          ok: true,
+          blob: async () => new Blob(['{"schema":"stackprism.site_experience_profile.v1"}\n'], { type: 'application/json' })
+        }
+      }
+      if (String(url).includes('/screenshot-download/')) {
+        screenshotReads += 1
+        return { ok: false, status: 500, blob: async () => new Blob(['server error'], { type: 'text/plain' }) }
+      }
+      return {
+        ok: true,
+        json: async () => ({
+          status: 'completed',
+          phase: 'cleanup',
+          preview: {
+            contentSummary: { cards: [] },
+            copyText: 'StackPrism profile summary',
+            screenshot: {
+              byteLength: 12,
+              downloadUrl: '/v1/captures/cap_test/screenshot-download/shot_test',
+              mimeType: 'image/jpeg',
+              scope: 'viewport'
+            },
+            targetUrl: 'https://example.test/page'
+          }
+        })
+      }
+    }
+  })
+
+  for (let attempt = 0; attempt < 5 && elements.screenshotStateBadge.dataset.state !== 'failed'; attempt += 1) {
+    await new Promise(resolve => setImmediate(resolve))
+  }
+
+  assert.equal(screenshotReads, 1)
+  assert.equal(elements.screenshotStateBadge.dataset.state, 'failed')
+  assert.equal(elements.screenshotTileValue.textContent, '截图失败')
+  assert.equal(elements.screenshotFrame.disabled, true)
+  assert.equal(elements.screenshotDownload.disabled, true)
+  assert.equal(elements.copyScreenshot.disabled, true)
+  assert.equal(elements.modalDownload.disabled, true)
+  assert.equal(elements.modalCopyScreenshot.disabled, true)
+  assert.equal(elements.targetScreenshot.alt, '')
+  assert.equal(elements.modalScreenshot.alt, '')
+  assert.equal(elements.screenshotMeta.textContent, '截图预览无法加载')
+  assert.equal(elements.screenshotEmpty.textContent, '截图预览无法加载')
+  assert.equal(elements.copyStatus.dataset.state, 'error')
+  assert.equal(elements.copyStatus.textContent, '截图预览无法加载，可重新采集或下载 Profile 查看图片链接。')
+})
+
+test('bridge page script keeps terminal failure visible after bridge disconnect', async () => {
+  const responses = [
+    {
+      status: 'failed',
+      phase: 'target_loaded',
+      error: { code: 'PRIVATE_NETWORK_TARGET_BLOCKED' },
+      preview: { targetUrl: 'https://linear.app/' }
+    }
+  ]
+  let fetchCalls = 0
+  const { elements, steps } = await createBridgeScriptHarness({
+    fetch: async () => {
+      fetchCalls += 1
+      if (!responses.length) throw new Error('bridge closed')
+      return { ok: true, json: async () => responses.shift() }
+    },
+    isReady: status => status === 'failed'
+  })
+  assert.equal(fetchCalls, 1)
+
+  await elements.__stackprismPollForTest?.()
+
+  assert.equal(elements.bridgeCard.dataset.status, 'failed')
+  assert.equal(elements.bridgeCard.dataset.phase, 'target_loaded')
+  assert.equal(elements.stateLabel.textContent, '采集失败')
+  assert.equal(elements.status.textContent, 'PRIVATE_NETWORK_TARGET_BLOCKED')
+  assert.equal(elements.targetUrl.href, 'https://linear.app/')
+  assert.equal(elements.targetUrl['aria-disabled'], undefined)
+  assert.equal(elements.openTargetUrl.href, 'https://linear.app/')
+  assert.equal(elements.openTargetUrl['aria-disabled'], undefined)
+  assert.equal(elements.stepSummary.textContent, '结果：采集失败 - 目标页面已加载')
+  assert.equal(steps[3].classList.contains('failed'), true)
+})
+
+test('bridge page script links redacted query target URLs without query parameters', async () => {
+  const { elements } = await createBridgeScriptHarness({
+    fetch: async () => ({
+      ok: true,
+      json: async () => ({
+        status: 'failed',
+        phase: 'target_loaded',
+        preview: { targetUrl: 'https://example.test/app?[redacted]' }
+      })
+    }),
+    isReady: status => status === 'failed'
+  })
+
+  assert.equal(elements.targetUrl.textContent, 'https://example.test/app?[redacted]')
+  assert.equal(elements.targetUrl.title, 'https://example.test/app?[redacted]')
+  assert.equal(elements.targetUrl.href, 'https://example.test/app')
+  assert.equal(elements.targetUrl['aria-disabled'], undefined)
+  assert.equal(elements.openTargetUrl.href, 'https://example.test/app')
+  assert.equal(elements.openTargetUrl['aria-disabled'], undefined)
+})
+
+test('bridge page script links ordinary long project slug target URLs', async () => {
+  const longProjectUrl = 'https://vercel.com/dashboard/projects/very-long-project-name-with-token-like-segment-and-many-words'
+  const { elements } = await createBridgeScriptHarness({
+    fetch: async () => ({
+      ok: true,
+      json: async () => ({
+        status: 'failed',
+        phase: 'target_loaded',
+        preview: { targetUrl: longProjectUrl }
+      })
+    }),
+    isReady: status => status === 'failed'
+  })
+
+  assert.equal(elements.targetUrl.textContent, longProjectUrl)
+  assert.equal(elements.targetUrl.title, longProjectUrl)
+  assert.equal(elements.targetUrl.href, longProjectUrl)
+  assert.equal(elements.targetUrl['aria-disabled'], undefined)
+  assert.equal(elements.openTargetUrl.href, longProjectUrl)
+  assert.equal(elements.openTargetUrl['aria-disabled'], undefined)
+})
+
+test('bridge page script does not link redacted target URL paths', async () => {
+  const { elements } = await createBridgeScriptHarness({
+    fetch: async () => ({
+      ok: true,
+      json: async () => ({
+        status: 'failed',
+        phase: 'target_loaded',
+        preview: { targetUrl: 'https://example.test/[redacted]/app' }
+      })
+    }),
+    isReady: status => status === 'failed'
+  })
+
+  assert.equal(elements.targetUrl.textContent, 'https://example.test/[redacted]/app')
+  assert.equal(elements.targetUrl.title, 'https://example.test/[redacted]/app')
+  assert.equal(elements.targetUrl.href, undefined)
+  assert.equal(elements.targetUrl['aria-disabled'], 'true')
+  assert.equal(elements.openTargetUrl.href, undefined)
+  assert.equal(elements.openTargetUrl['aria-disabled'], 'true')
+  assert.equal(elements.openTargetUrl.tabindex, '-1')
+})
+
+const percentEncodeFirstPayloadChar = value =>
+  `${value.slice(0, 2)}%${value.charCodeAt(2).toString(16).toUpperCase().padStart(2, '0')}${value.slice(3)}`
+
+const percentEncodeBridgeParam = (bridgeUrl, name) => {
+  const url = new URL(bridgeUrl)
+  const value = url.searchParams.get(name)
+  return bridgeUrl.replace(`${name}=${value}`, `${name}=${percentEncodeFirstPayloadChar(value)}`)
+}
+
+const statusBody = (captureId, config, body) => ({
+  captureId,
+  sessionId: config.sessionId,
+  nonce: config.nonce,
+  protocolVersion: 1,
+  ...body
+})
+
+const acceptFinalUrl = async (ready, captureId, bridgeToken, finalUrl = baseCaptureRequest.url) => {
+  const request = await readJson(await fetch(`${ready.baseUrl}/v1/captures/${captureId}/request`, { headers: auth(bridgeToken) }))
+  assert.equal(request.status, 200)
+  assertJsonSecurityHeaders(request)
+  const response = await fetch(`${ready.baseUrl}/v1/captures/${captureId}/status`, {
+    method: 'POST',
+    headers: { ...auth(bridgeToken), 'Content-Type': 'application/json' },
+    body: JSON.stringify(
+      statusBody(captureId, request.body, {
+        status: 'running',
+        phase: 'target_loaded',
+        sequence: 1,
+        finalUrl,
+        targetNetworkAddress: '93.184.216.34'
+      })
+    )
+  })
+  const envelope = await readJson(response)
+  assert.equal(envelope.status, 200)
+  assertJsonSecurityHeaders(envelope)
+  assert.equal(envelope.body.phase, 'target_loaded')
+}
+
+const profileFor = (captureId, overrides = {}) => ({
+  schema: 'stackprism.site_experience_profile.v1',
+  captureId,
+  generatedAt: new Date(0).toISOString(),
+  target: {},
+  browserContext: { extensionCapabilities: {} },
+  techProfile: {},
+  visualProfile: {},
+  layoutProfile: {},
+  componentProfile: {},
+  interactionProfile: {},
+  uxProfile: {},
+  assetProfile: {},
+  evidence: {},
+  limitations: [],
+  agentGuidance: {},
+  ...overrides
+})
+
+test('js bridge protocol helpers use strict token comparison and script-safe JSON', () => {
+  assert.equal(safeEqual('spb_abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNO', 'short'), false)
+  assert.equal(safeEqual('same-token', 'same-token'), true)
+  assert.equal(safeEqual('same-token', 'same-token-extra'), false)
+  assert.equal(safeEqual(`${'a'.repeat(64)}x`, `${'a'.repeat(64)}y`), false)
+  const escaped = htmlEscapeScriptJson({ value: '</script><script>alert(1)</script>&\u2028\u2029' })
+  assert.equal(escaped.includes('</script>'), false)
+  assert.equal(escaped.includes('<script>'), false)
+  assert.equal(escaped.includes('&'), false)
+  assert.match(escaped, /\\u2028/)
+  assert.match(escaped, /\\u2029/)
+})
+
+test('js bridge page renderer validates nonce and script-escapes object config', () => {
+  assert.throws(() => renderBridgePageHtml('bad" nonce', { value: 'https://example.com/' }), /INVALID_CSP_NONCE/)
+
+  const html = renderBridgePageHtml('abcdefghijklmnopqrstuv', {
+    value: '</script><script>alert(1)</script>&\u2028\u2029'
+  })
+  const configText = html.match(/<script id="stackprism-agent-bridge-config" type="application\/json" nonce="[^"]+">([^<]+)/)[1]
+
+  assert.equal(configText.includes('</script>'), false)
+  assert.equal(configText.includes('<script>'), false)
+  assert.equal(configText.includes('&'), false)
+  assert.equal(JSON.parse(configText).value, '</script><script>alert(1)</script>&\u2028\u2029')
+})
+
+test('js bridge protocol helper validates documented identifier fixtures', () => {
+  for (const [kind, examples] of Object.entries(identifiers)) {
+    for (const value of examples.valid) {
+      assert.equal(isValidId(kind, value), true, `${kind} should accept ${value}`)
+    }
+    for (const value of examples.invalid) {
+      assert.equal(isValidId(kind, value), false, `${kind} should reject ${value}`)
+    }
+  }
+})
+
+test('js bridge serves health and creates no-open captures with bearer auth', async () => {
+  await withBridge(async ready => {
+    assert.match(ready.apiToken, /^spb_[A-Za-z0-9_-]{43}$/)
+    assert.equal(ready.server.maxConnections, 20)
+    assert.equal(ready.server.headersTimeout, 5000)
+    assert.equal(ready.server.requestTimeout, 35000)
+    assert.equal(ready.server.keepAliveTimeout, 2000)
+
+    const health = await readJson(await fetch(ready.healthUrl))
+    assert.equal(health.status, 200)
+    assert.equal(health.body.service, 'stackprism-agent-bridge')
+    assert.equal(health.body.protocolVersion, 1)
+
+    const unauthorized = await readJson(
+      await fetch(`${ready.baseUrl}/v1/captures`, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify(baseCaptureRequest)
+      })
+    )
+    assert.equal(unauthorized.status, 401)
+    assert.equal(unauthorized.body.error.code, 'UNAUTHORIZED')
+
+    const created = await createCapture(ready)
+    assert.equal(created.status, 200)
+    assert.match(created.body.id, /^cap_[A-Za-z0-9_-]{22}$/)
+    assert.equal(created.body.status, 'queued')
+    assert.deepEqual([...new URL(created.body.bridgeUrl).searchParams.keys()].sort(), ['capture', 'nonce', 'session'])
+    assert.equal(created.body.bridgeUrl.includes(ready.apiToken), false)
+    assert.equal(created.body.bridgeUrl.includes('apiToken'), false)
+    assert.equal(created.body.bridgeUrl.includes('bridgeToken'), false)
+    assert.doesNotMatch(created.body.bridgeUrl, /spbt?_[A-Za-z0-9_-]{20,}/)
+  })
+})
+
+test('js bridge rate limits capture creation and api status reads', async () => {
+  await withBridge(
+    async ready => {
+      const created = await createCapture(ready)
+      assert.equal(created.status, 200)
+
+      const busy = await createCapture(ready)
+      assert.equal(busy.status, 429)
+      assert.equal(busy.body.error.code, 'RATE_LIMITED')
+
+      const firstStatus = await readJson(await fetch(`${ready.baseUrl}/v1/captures/${created.body.id}`, { headers: auth(ready.apiToken) }))
+      assert.equal(firstStatus.status, 200)
+      const secondStatus = await readJson(await fetch(`${ready.baseUrl}/v1/captures/${created.body.id}`, { headers: auth(ready.apiToken) }))
+      assert.equal(secondStatus.status, 429)
+      assert.equal(secondStatus.body.error.code, 'RATE_LIMITED')
+    },
+    { rateLimits: { createLimitPerMinute: 1, queryLimitPerMinute: 1 } }
+  )
+})
+
+test('js bridge rate limits api profile reads', async () => {
+  await withBridge(
+    async ready => {
+      const created = await createCapture(ready)
+      assert.equal(created.status, 200)
+
+      const firstProfile = await readJson(
+        await fetch(`${ready.baseUrl}/v1/captures/${created.body.id}/profile`, { headers: auth(ready.apiToken) })
+      )
+      assert.equal(firstProfile.status, 409)
+      assert.equal(firstProfile.body.error.code, 'INVALID_REQUEST')
+      assertJsonSecurityHeaders(firstProfile, { referrerPolicy: true })
+
+      const secondProfile = await readJson(
+        await fetch(`${ready.baseUrl}/v1/captures/${created.body.id}/profile`, { headers: auth(ready.apiToken) })
+      )
+      assert.equal(secondProfile.status, 429)
+      assert.equal(secondProfile.body.error.code, 'RATE_LIMITED')
+    },
+    { rateLimits: { queryLimitPerMinute: 1 } }
+  )
+})
+
+test('bridge page renders bridge token once with hardened headers', async () => {
+  await withBridge(async ready => {
+    const created = await createCapture(ready)
+    const first = await fetch(created.body.bridgeUrl)
+    const html = await first.text()
+    const csp = first.headers.get('content-security-policy')
+    const cspNonce = csp.match(/script-src 'nonce-([^']+)'/)?.[1]
+
+    assert.equal(first.status, 200)
+    assert.equal(first.headers.get('cache-control'), 'no-store')
+    assert.equal(first.headers.get('referrer-policy'), 'no-referrer')
+    assert.equal(first.headers.get('x-content-type-options'), 'nosniff')
+    assert.equal(first.headers.get('cross-origin-opener-policy'), 'same-origin')
+    assert.equal(first.headers.get('permissions-policy'), 'camera=(), microphone=(), geolocation=(), payment=(), usb=()')
+    assert.equal(csp.includes('unsafe-inline'), false)
+    assert.match(csp, /default-src 'none'/)
+    assert.match(csp, /connect-src 'self'/)
+    assert.match(csp, /img-src data: blob:/)
+    assert.doesNotMatch(csp, /img-src[^;]*'self'/)
+    assert.match(csp, /frame-ancestors 'none'/)
+    assert.match(csp, /base-uri 'none'/)
+    assert.match(csp, /form-action 'none'/)
+    assert.ok(cspNonce)
+    assert.match(csp, new RegExp(`style-src 'nonce-${cspNonce}'`))
+    assert.equal(first.headers.get('x-frame-options'), 'DENY')
+    assert.match(html, /meta name="stackprism-agent-bridge" content="1"/)
+    assert.match(html, /<link rel="icon" href="data:image\/svg\+xml,%3Csvg/)
+    assert.match(html, /id="bridgeCard" class="bridge-card" data-status="waiting_extension" aria-labelledby="bridge-title" tabindex="-1"/)
+    assert.match(html, /id="progressBar"/)
+    assert.match(html, /id="targetUrl" class="target-url" title="" target="_blank" rel="noopener noreferrer" aria-disabled="true"/)
+    assert.match(
+      html,
+      /id="openTargetUrl" class="preview-button target-open-link" target="_blank" rel="noopener noreferrer" aria-disabled="true" tabindex="-1"/
+    )
+    assert.match(html, /id="targetScreenshot"/)
+    assert.match(html, /id="targetScreenshot" alt=""/)
+    assert.match(html, /id="screenshotMeta"/)
+    assert.match(html, /id="screenshotDownload"/)
+    assert.match(html, /id="copyScreenshot"/)
+    assert.match(html, /id="downloadProfile"/)
+    assert.match(html, /class="preview-button profile-download-button"/)
+    assert.match(html, /id="copyAllInfo"/)
+    assert.match(html, /id="copyStatus"/)
+    assert.match(html, /id="modalCopyStatus"/)
+    assert.match(html, /id="screenshotTileValue"/)
+    assert.match(html, /id="screenshotStateBadge" class="state-chip" data-state="pending"/)
+    assert.match(html, /id="screenshotEmpty"/)
+    assert.match(html, /id="stepSummary" class="step-summary" role="status" aria-live="polite"/)
+    assert.match(html, /id="toggleSteps" class="flow-toggle" type="button" aria-controls="captureSteps" aria-expanded="false"/)
+    assert.match(html, /<ol id="captureSteps" class="steps" aria-label="采集步骤" role="list">/)
+    assert.match(html, /data-phase="bridge_connected" aria-current="step"/)
+    assert.match(html, /id="profileContentSection"/)
+    assert.match(html, /id="profileContentGrid"/)
+    assert.match(html, /id="screenshotModal"/)
+    assert.match(html, /id="modalDownload"/)
+    assert.match(html, /id="modalCopyScreenshot"/)
+    assert.match(html, /id="modalClose"/)
+    assert.match(html, /id="modalScreenshot" class="modal-image" alt=""/)
+    assert.match(html, /addEventListener\('click',openScreenshot\)/)
+    assert.match(html, /navigator\.clipboard\.writeText/)
+    assert.match(html, /new ClipboardItem/)
+    assert.match(html, /showCopyStatus\('已复制全部信息。'\)/)
+    assert.match(html, /flashCopyButton\('已复制'\)/)
+    assert.match(html, /const clipboardScreenshotBlob=async/)
+    assert.match(html, /createImageBitmap\(blob\)/)
+    assert.match(html, /'image\/png':blob/)
+    assert.match(html, /复制截图失败：浏览器未允许写入剪切板，或截图格式无法转换。/)
+    assert.match(html, /截图预览无法加载/)
+    assert.match(html, /downloadBlob\(await fetchScreenshotBlob\(\),screenshotFilename\(\)\)/)
+    assert.match(html, /currentProfileBlob=null,currentProfileFetchPromise=null/)
+    assert.match(html, /const ensureProfileCached=\(\)=>/)
+    assert.match(html, /downloadBlob\(await ensureProfileCached\(\),profileFilename\(\)\)/)
+    assert.match(html, /if\(status==='completed'\)ensureProfileCached\(\)\.catch\(\(\)=>\{\}\)/)
+    assert.match(html, /\/profile-download/)
+    assert.doesNotMatch(html, /config\.captureId\+'\/profile'/)
+    assert.match(html, /currentScreenshot\?\.mimeType==='image\/png'\?'png'/)
+    assert.match(html, /currentScreenshot\?\.mimeType==='image\/webp'\?'webp'/)
+    assert.match(html, /currentScreenshotObjectUrl=URL\.createObjectURL\(blob\)/)
+    assert.match(html, /el\.targetScreenshot\.alt='目标页面截图预览'/)
+    assert.match(html, /el\.targetScreenshot\.alt=''/)
+    assert.match(html, /color-scheme:light dark/)
+    assert.match(html, /@media \(prefers-color-scheme:dark\)/)
+    assert.match(html, /class="result-grid"/)
+    assert.match(html, /class="summary-grid"/)
+    assert.match(html, /class="screenshot-panel"/)
+    assert.match(html, /border-radius:16px/)
+    assert.match(html, /\.summary-grid\{display:grid;grid-template-columns:repeat\(4,minmax\(0,1fr\)\)/)
+    assert.match(html, /grid-template-columns:repeat\(auto-fit,minmax\(min\(100%,300px\),1fr\)\)/)
+    assert.match(html, /\.target-copy\{min-width:0\}/)
+    assert.match(html, /\.target-url\{margin:0;display:-webkit-box;overflow:hidden;overflow-wrap:anywhere;word-break:break-word/)
+    assert.match(html, /\.content-card \*\{min-width:0;max-width:100%;overflow-wrap:anywhere;word-break:break-word\}/)
+    assert.match(html, /\.content-card\{min-width:0;min-height:88px;padding:10px;overflow:hidden/)
+    assert.match(html, /\.content-card ul\{display:grid;min-width:0;gap:3px/)
+    assert.match(html, /\.content-card li\{min-width:0;line-height:1\.38;white-space:normal\}/)
+    assert.doesNotMatch(bridgePageStyle, /@media \(max-width:980px\)\{[^}]*\.content-grid/)
+    assert.doesNotMatch(bridgePageStyle, /@media \(max-width:760px\)\{[^}]*\.content-grid/)
+    assert.match(html, /--sp-neutral-line:#e5e9ee/)
+    assert.match(html, /grid-template-columns:minmax\(0,1\.22fr\) minmax\(320px,\.82fr\)/)
+    assert.match(html, /class="summary-handoff" aria-label="摘要包含"/)
+    assert.match(html, /摘要包含/)
+    assert.match(html, /技术栈/)
+    assert.match(html, /首屏结构/)
+    assert.match(html, /height:clamp\(190px,14vw,230px\)/)
+    assert.match(html, /object-fit:cover/)
+    assert.match(html, /object-position:top center/)
+    assert.match(html, /-webkit-line-clamp:2/)
+    assert.match(html, /\.target-url\[href\]\{cursor:pointer\}/)
+    assert.match(html, /\.target-url\[href\]:hover\{text-decoration:underline/)
+    assert.match(html, /\.target-actions\{display:flex;min-width:0;flex-wrap:wrap;gap:10px;justify-content:flex-end\}/)
+    assert.match(
+      html,
+      /\.target-open-link\{min-width:132px;display:inline-flex;align-items:center;justify-content:center;text-decoration:none\}/
+    )
+    assert.match(html, /\.preview-button:disabled,.modal-close:disabled,.preview-button\[aria-disabled="true"\]\{cursor:not-allowed/)
+    assert.match(html, /targetHrefFor=value=>/)
+    assert.match(html, /url\.pathname\.includes\('\[redacted\]'\)/)
+    assert.match(html, /url\.search\.includes\('\[redacted\]'\)/)
+    assert.match(html, /setTargetUrl\(targetText\)/)
+    assert.match(html, /setTargetLink\(el\.openTargetUrl,targetHref\)/)
+    assert.match(html, /node\.removeAttribute\('aria-disabled'\)/)
+    assert.match(html, /\.bridge-header\{position:relative;display:block/)
+    assert.match(html, /\.summary-handoff\{display:none\}/)
+    assert.match(html, /class="target-actions"/)
+    assert.match(html, /class="preview-button primary target-copy-button"/)
+    assert.match(html, /class="flow-panel"/)
+    assert.match(html, /grid-template-columns:repeat\(8,minmax\(0,1fr\)\)/)
+    assert.match(html, /grid-template-columns:repeat\(2,minmax\(0,1fr\)\)/)
+    assert.match(html, /\.bridge-card\[data-status="completed"\] \.status-panel\{display:none\}/)
+    assert.match(html, /\.bridge-card\[data-status="completed"\]:not\(\[data-steps-open="true"\]\) \.steps\{display:none\}/)
+    assert.match(html, /\.state-chip\[data-state="ready"\]/)
+    assert.match(html, /setScreenshotState\('截图可用','ready'\)/)
+    assert.match(html, /setStepsOpen\(false\)/)
+    assert.match(html, /addEventListener\('click',\(\)=>setStepsOpen\(!stepsOpen,true\)\)/)
+    assert.match(
+      html,
+      /\.preview-button:disabled,.modal-close:disabled,.preview-button\[aria-disabled="true"\]\{cursor:not-allowed;opacity:1;background:#f7fbfa/
+    )
+    assert.match(html, /setCopyStatus\(modalOpen\(\)\?el\.modalCopyStatus:el\.copyStatus,value,type\)/)
+    assert.match(html, /const restore=el\.screenshotFrame\.disabled\?el\.bridgeCard:el\.screenshotFrame/)
+    assert.match(html, /if\(current\|\|failedCurrent\)step\.setAttribute\('aria-current','step'\)/)
+    assert.match(html, /else step\.removeAttribute\('aria-current'\)/)
+    assert.match(html, /step\.classList\.toggle\('failed',failedCurrent\)/)
+    assert.match(html, /\.step\.failed/)
+    assert.match(html, /\.bridge-card\[data-status="failed"\] \.progress span/)
+    assert.match(html, /\.copy-status\[data-state="error"\]\{background:#2a1211;border-color:#7f1d1d;color:#fca5a5\}/)
+    assert.match(html, /color:#fca5a5/)
+    assert.match(html, /color:#fbbf24/)
+    assert.match(html, /disconnected:'连接已关闭'/)
+    assert.match(html, /const targetText=preview\.targetUrl\|\|config\.targetUrl\|\|'等待读取目标网址'/)
+    assert.match(html, /el\.targetUrl\.title=targetText/)
+    assert.match(html, /本机 bridge 服务已关闭，当前页面无法继续读取状态。/)
+    assert.doesNotMatch(html, /Bridge status unavailable/)
+    assert.match(html, /data-phase="profiling_experience"/)
+    assert.match(html, /本机通道/)
+    assert.match(html, /连接本机 Agent 与当前浏览器 profile，展示本次采集结果。/)
+    assert.match(html, /采集目标/)
+    assert.match(html, /id="targetHelper" class="target-helper"/)
+    assert.match(html, /采集完成后可复制给本机 Coding Agent 使用。/)
+    assert.match(html, /已生成 Agent 可读摘要，可复制给本机 Coding Agent 使用。/)
+    assert.match(html, /面向复刻任务整理技术栈、视觉结构、交互路径与资产线索。/)
+    assert.match(html, /复刻重点/)
+    assert.match(html, /先看 Agent 可读内容/)
+    assert.match(html, /本页只服务当前一次采集/)
+    assert.match(html, /摘要不含 token、nonce、raw JSON 或截图 data URL/)
+    assert.match(html, /Agent 可读内容/)
+    assert.match(html, /完整 Profile 可在本页完成后下载/)
+    assert.match(html, new RegExp(`id="stackprism-agent-bridge-config" type="application/json" nonce="${cspNonce}"`))
+    assert.match(html, new RegExp(`<style nonce="${cspNonce}"`))
+    assert.match(html, new RegExp(`<script nonce="${cspNonce}"`))
+    assert.match(html, /fetch\('\/v1\/captures\/'\+config\.captureId/)
+    assert.match(html, /textContent=value/)
+    assert.match(html, /"bridgeToken":"spbt_[A-Za-z0-9_-]{43}"/)
+    assert.match(html, /"targetUrl":"https:\/\/93\.184\.216\.34\/app\?\[redacted\]"/)
+    assert.doesNotMatch(html, /"targetHref":/)
+
+    const second = await readJson(await fetch(created.body.bridgeUrl))
+    assert.equal(second.status, 409)
+    assert.equal(second.body.error.code, 'INVALID_REQUEST')
+    assert.equal(second.body.error.message, 'Bridge token has already been rendered or claimed.')
+  })
+})
+
+test('bridge page concurrent requests render only one bridge token', async () => {
+  await withBridge(async ready => {
+    const created = await createCapture(ready)
+    const responses = await Promise.all([fetch(created.body.bridgeUrl), fetch(created.body.bridgeUrl)])
+    const statuses = responses.map(response => response.status).sort((left, right) => left - right)
+    const bodies = await Promise.all(
+      responses.map(async response => ({
+        status: response.status,
+        text: await response.text()
+      }))
+    )
+    assert.deepEqual(statuses, [200, 409])
+    const rejected = bodies.find(body => body.status === 409)
+    assert.match(rejected.text, /Bridge token has already been rendered or claimed/)
+    assert.equal(bodies.filter(body => /spbt_[A-Za-z0-9_-]{43}/.test(body.text)).length, 1)
+  })
+})
+
+test('bridge page rejects cross-site navigation before token render', async () => {
+  await withBridge(async ready => {
+    const created = await createCapture(ready)
+
+    const blockedReferer = await fetch(created.body.bridgeUrl, { headers: { Referer: 'https://attacker.example/page' } })
+    const blockedRefererText = await blockedReferer.text()
+    assert.equal(blockedReferer.status, 403)
+    assert.match(blockedRefererText, /ORIGIN_NOT_ALLOWED/)
+    assert.doesNotMatch(blockedRefererText, /spbt_[A-Za-z0-9_-]{43}/)
+
+    const blockedFetchSite = await fetch(created.body.bridgeUrl, { headers: { 'Sec-Fetch-Site': 'cross-site' } })
+    const blockedFetchSiteText = await blockedFetchSite.text()
+    assert.equal(blockedFetchSite.status, 403)
+    assert.match(blockedFetchSiteText, /ORIGIN_NOT_ALLOWED/)
+    assert.doesNotMatch(blockedFetchSiteText, /spbt_[A-Za-z0-9_-]{43}/)
+
+    const firstAllowed = await fetch(created.body.bridgeUrl)
+    const firstAllowedText = await firstAllowed.text()
+    assert.equal(firstAllowed.status, 200)
+    assert.match(firstAllowedText, /"bridgeToken":"spbt_[A-Za-z0-9_-]{43}"/)
+
+    const secondAllowed = await readJson(await fetch(created.body.bridgeUrl))
+    assert.equal(secondAllowed.status, 409)
+    assert.equal(secondAllowed.body.error.code, 'INVALID_REQUEST')
+  })
+})
+
+test('bridge page does not reflect hostile query fragments or error messages', async () => {
+  await withBridge(async ready => {
+    const hostileMarker = '</script><script>alert(1)</script>#stackprism-fragment'
+    const created = await createCapture(ready)
+    const hostileUrl = `${created.body.bridgeUrl}&unexpected=${encodeURIComponent(hostileMarker)}#${encodeURIComponent(hostileMarker)}`
+    const invalid = await fetch(hostileUrl)
+    const invalidHtml = await invalid.text()
+
+    assert.equal(invalid.status, 400)
+    assert.match(invalidHtml, /INVALID_REQUEST/)
+    assert.doesNotMatch(invalidHtml, /stackprism-fragment/)
+    assert.doesNotMatch(invalidHtml, /<script>alert\(1\)<\/script>/)
+    assert.doesNotMatch(invalidHtml, /spbt_[A-Za-z0-9_-]{43}/)
+
+    const capture = ready.store.get(created.body.id)
+    capture.status = 'failed'
+    capture.phase = 'cleanup'
+    capture.error = { code: 'TARGET_TAB_CLOSED', message: hostileMarker }
+
+    const terminalPage = await fetch(created.body.bridgeUrl)
+    const terminalHtml = await terminalPage.text()
+    assert.equal(terminalPage.status, 409)
+    assert.match(terminalHtml, /TARGET_TAB_CLOSED/)
+    assert.doesNotMatch(terminalHtml, /stackprism-fragment/)
+    assert.doesNotMatch(terminalHtml, /<script>alert\(1\)<\/script>/)
+    assert.doesNotMatch(terminalHtml, /spbt_[A-Za-z0-9_-]{43}/)
+  })
+})
+
+test('bridge page does not render tokens after extension connect timeout or terminal status', async () => {
+  let now = 1000
+  await withBridge(
+    async ready => {
+      const expired = await createCapture(ready)
+      now += 30001
+
+      const expiredPage = await fetch(expired.body.bridgeUrl)
+      const expiredHtml = await expiredPage.text()
+      assert.equal(expiredPage.status, 409)
+      assert.match(expiredHtml, /EXTENSION_NOT_CONNECTED/)
+      assert.doesNotMatch(expiredHtml, /spbt_[A-Za-z0-9_-]{43}/)
+
+      const next = await createCapture(ready)
+      const capture = ready.store.get(next.body.id)
+      capture.status = 'failed'
+      capture.phase = 'cleanup'
+      capture.error = { code: 'TARGET_TAB_CLOSED', message: 'Target tab closed.' }
+
+      const terminalPage = await fetch(next.body.bridgeUrl)
+      const terminalHtml = await terminalPage.text()
+      assert.equal(terminalPage.status, 409)
+      assert.match(terminalHtml, /TARGET_TAB_CLOSED/)
+      assert.doesNotMatch(terminalHtml, /spbt_[A-Za-z0-9_-]{43}/)
+    },
+    { now: () => now }
+  )
+})
+
+test('bridge page and profile endpoint do not render tokens after completed result TTL expiry', async () => {
+  let now = 1000
+  await withBridge(
+    async ready => {
+      const created = await createCapture(ready)
+      const config = await loadBridgeConfig(created.body.bridgeUrl)
+      await acceptFinalUrl(ready, created.body.id, config.bridgeToken)
+
+      const posted = await readJson(
+        await fetch(`${ready.baseUrl}/v1/captures/${created.body.id}/profile`, {
+          method: 'POST',
+          headers: { ...auth(config.bridgeToken), 'Content-Type': 'application/json' },
+          body: JSON.stringify(profileFor(created.body.id))
+        })
+      )
+      assert.equal(posted.status, 200)
+      assert.equal(posted.body.status, 'completed')
+
+      const capture = ready.store.get(created.body.id)
+      now = capture.resultExpiresAt + 1
+
+      const expiredProfile = await readJson(
+        await fetch(`${ready.baseUrl}/v1/captures/${created.body.id}/profile`, {
+          headers: auth(ready.apiToken)
+        })
+      )
+      assert.equal(expiredProfile.status, 410)
+      assert.equal(expiredProfile.body.error.code, 'CAPTURE_RESULT_EXPIRED')
+      assertJsonSecurityHeaders(expiredProfile, { referrerPolicy: true })
+
+      const expiredDownload = await readJson(
+        await fetch(`${ready.baseUrl}/v1/captures/${created.body.id}/profile-download`, {
+          headers: auth(config.bridgeToken)
+        })
+      )
+      assert.equal(expiredDownload.status, 410)
+      assert.equal(expiredDownload.body.error.code, 'CAPTURE_RESULT_EXPIRED')
+      assertJsonSecurityHeaders(expiredDownload, { referrerPolicy: true })
+      assert.equal(expiredDownload.headers.get('content-disposition'), `attachment; filename="stackprism-${created.body.id}-profile.json"`)
+
+      const expiredPage = await fetch(created.body.bridgeUrl)
+      const expiredHtml = await expiredPage.text()
+      assert.equal(expiredPage.status, 410)
+      assert.match(expiredHtml, /CAPTURE_RESULT_EXPIRED/)
+      assert.doesNotMatch(expiredHtml, /spbt_[A-Za-z0-9_-]{43}/)
+    },
+    { now: () => now }
+  )
+})
+
+test('bridge token can fetch request and post profile but cannot read profile', async () => {
+  await withBridge(async ready => {
+    const created = await createCapture(ready)
+    const config = await loadBridgeConfig(created.body.bridgeUrl)
+
+    const status = await readJson(await fetch(`${ready.baseUrl}/v1/captures/${created.body.id}`, { headers: auth(ready.apiToken) }))
+    assert.equal(status.status, 200)
+    assertJsonSecurityHeaders(status)
+
+    const request = await readJson(
+      await fetch(`${ready.baseUrl}/v1/captures/${created.body.id}/request`, { headers: auth(config.bridgeToken) })
+    )
+    assert.equal(request.status, 200)
+    assertJsonSecurityHeaders(request)
+    assert.equal(request.body.captureId, created.body.id)
+    assert.equal(request.body.request.url, 'https://93.184.216.34/app?view=one')
+    assert.equal(JSON.stringify(request.body).includes('apiToken'), false)
+    assert.deepEqual(Object.keys(request.body).sort(), ['captureId', 'nonce', 'protocolVersion', 'request', 'sessionId'])
+
+    const control = await readJson(
+      await fetch(`${ready.baseUrl}/v1/captures/${created.body.id}/control`, { headers: auth(config.bridgeToken) })
+    )
+    assert.equal(control.status, 200)
+    assertJsonSecurityHeaders(control)
+
+    await acceptFinalUrl(ready, created.body.id, config.bridgeToken)
+
+    const profile = profileFor(created.body.id, {
+      target: { language: 'zh-CN', pagePurpose: 'Landing page token=secret' },
+      techProfile: {
+        technologies: [
+          { name: 'Vue', category: '前端框架' },
+          { name: 'Tailwind CSS', category: 'UI / CSS 框架' }
+        ],
+        primaryFrontend: 'Vue',
+        uiFramework: 'Tailwind CSS',
+        buildRuntime: 'Vite',
+        thirdPartyServices: ['Stripe token=secret', 'Authorization: Bearer secret-token-123']
+      },
+      visualProfile: {
+        colorTokens: ['#0f766e'],
+        fonts: ['Inter'],
+        screenshot: {
+          dataUrl: 'data:image/jpeg;base64,ZmFrZS1qcGVn',
+          mimeType: 'image/jpeg',
+          byteLength: 9,
+          scope: 'visible_viewport'
+        }
+      },
+      layoutProfile: { landmarks: ['header', 'main'] },
+      componentProfile: { counts: { button: 3, card: 2 }, samples: [{ name: 'Hero card' }] },
+      interactionProfile: { transitions: ['opacity 0.2s'], stickyOrFixed: ['header'] },
+      uxProfile: {
+        pagePurpose: 'Product signup',
+        primaryUserPath: ['Open pricing'],
+        informationHierarchy: ['Hero', 'Features'],
+        contentGrouping: ['summary', 'pricing'],
+        navigationDepth: 'nav_links:4',
+        ctaStrategy: ['Start free'],
+        trustSignals: ['Customer logos'],
+        frictionPoints: ['Long form user@example.com']
+      },
+      assetProfile: {
+        scripts: ['https://cdn.example.com/app.js?token=secret'],
+        stylesheets: ['https://cdn.example.com/app.css?token=secret'],
+        cdnHints: ['cdn.example.com']
+      },
+      evidence: {
+        privateText: 'not for bridge status',
+        token: config.bridgeToken
+      },
+      limitations: ['screenshot_metadata_not_requested'],
+      agentGuidance: {
+        summary: '优先复刻视觉层级和交互反馈。',
+        recreationPlan: {
+          implementationOrder: ['Define tokens', 'Build layout'],
+          designTokens: { colors: ['#0f766e'], fontFamilies: ['Inter'] },
+          layoutBlueprint: { informationHierarchy: ['Hero', 'Features'], contentGrouping: ['summary', 'pricing'] },
+          componentInventory: { counts: { button: 3 }, priorityTypes: ['button', 'card'], geometryIncluded: false },
+          interactionChecklist: { transitions: ['opacity 0.2s'] },
+          assetHints: { scriptCount: 1, stylesheetCount: 1, resourceDomains: ['cdn.example.com:2'] },
+          verificationChecklist: ['Compare screenshot', 'Smoke test interactions']
+        }
+      }
+    })
+    const posted = await readJson(
+      await fetch(`${ready.baseUrl}/v1/captures/${created.body.id}/profile`, {
+        method: 'POST',
+        headers: { ...auth(config.bridgeToken), 'Content-Type': 'application/json' },
+        body: JSON.stringify(profile)
+      })
+    )
+    assert.equal(posted.status, 200)
+    const captureRecord = ready.store.get(created.body.id)
+    assert.equal(captureRecord.profile.visualProfile.screenshot.dataUrl, undefined)
+    assert.equal(captureRecord.screenshotAsset.bytes.toString('utf8'), 'fake-jpeg')
+    assert.equal(captureRecord.screenshotAsset.metadata.scope, 'visible_viewport')
+    assertJsonSecurityHeaders(posted)
+    assert.equal(posted.body.status, 'completed')
+    assert.equal(posted.body.preview.targetUrl, 'https://93.184.216.34/app?[redacted]')
+    assert.equal(posted.body.preview.screenshot.dataUrl, undefined)
+    assert.match(
+      posted.body.preview.screenshot.downloadUrl,
+      new RegExp(`^${ready.baseUrl}/v1/captures/${created.body.id}/screenshot-download/shot_[A-Za-z0-9_-]{43}$`)
+    )
+    assert.equal(posted.body.preview.screenshot.scope, 'visible_viewport')
+    assert.equal(posted.body.preview.contentSummary.cards[0].title, '复刻建议')
+    assert.equal(
+      posted.body.preview.contentSummary.cards.some(card => card.title === '技术栈'),
+      true
+    )
+    assert.equal(
+      posted.body.preview.contentSummary.cards.some(card => card.title === '复刻建议'),
+      true
+    )
+    assert.match(posted.body.preview.copyText, /# StackPrism Site Experience/)
+    assert.ok(posted.body.preview.copyText.indexOf('## 复刻建议') < posted.body.preview.copyText.indexOf('## 技术栈'))
+    assert.match(posted.body.preview.copyText, /## 技术栈/)
+    assert.match(posted.body.preview.copyText, /Vue/)
+    assert.match(posted.body.preview.copyText, /主要路径: Open pricing/)
+    assert.match(posted.body.preview.copyText, /信任信号: Customer logos/)
+    assert.match(posted.body.preview.copyText, /token=\[redacted\]/)
+    assert.match(posted.body.preview.copyText, /Authorization=\[redacted\]/)
+    assert.doesNotMatch(posted.body.preview.copyText, /data:image\/jpeg;base64/)
+    assert.doesNotMatch(posted.body.preview.copyText, /spbt_[A-Za-z0-9_-]{43}/)
+    assert.doesNotMatch(posted.body.preview.copyText, /not for bridge status|user@example\.com|token=secret|secret-token-123/)
+    assert.equal(JSON.stringify(posted.body).includes('not for bridge status'), false)
+
+    const completedControl = await readJson(
+      await fetch(`${ready.baseUrl}/v1/captures/${created.body.id}/control`, { headers: auth(config.bridgeToken) })
+    )
+    assert.equal(completedControl.status, 200)
+    assert.equal(completedControl.body.command, 'cancel')
+    assert.equal(completedControl.body.status, 'completed')
+
+    const completedStatus = await readJson(
+      await fetch(`${ready.baseUrl}/v1/captures/${created.body.id}`, { headers: auth(config.bridgeToken) })
+    )
+    assert.equal(completedStatus.status, 200)
+    assert.equal(completedStatus.body.preview.targetUrl, 'https://93.184.216.34/app?[redacted]')
+    assert.equal(completedStatus.body.preview.screenshot.mimeType, 'image/jpeg')
+    assert.equal(completedStatus.body.preview.screenshot.downloadUrl, posted.body.preview.screenshot.downloadUrl)
+    assert.equal(completedStatus.body.preview.copyText, posted.body.preview.copyText)
+    assert.equal(JSON.stringify(completedStatus.body).includes('not for bridge status'), false)
+
+    const downloaded = await readJson(
+      await fetch(`${ready.baseUrl}/v1/captures/${created.body.id}/profile-download`, { headers: auth(config.bridgeToken) })
+    )
+    assert.equal(downloaded.status, 200)
+    assertJsonSecurityHeaders(downloaded, { referrerPolicy: true })
+    assert.equal(downloaded.headers.get('content-disposition'), `attachment; filename="stackprism-${created.body.id}-profile.json"`)
+    assert.equal(downloaded.body.schema, 'stackprism.site_experience_profile.v1')
+    assert.equal(downloaded.body.captureId, created.body.id)
+    assert.equal(downloaded.body.visualProfile.screenshot.dataUrl, undefined)
+    assert.equal(downloaded.body.visualProfile.screenshot.downloadUrl, posted.body.preview.screenshot.downloadUrl)
+    assert.equal(downloaded.body.visualProfile.screenshot.downloadMethod, 'GET')
+    assert.equal(downloaded.body.visualProfile.screenshot.lifecycle.requiresLocalBridge, true)
+    assert.match(downloaded.body.visualProfile.screenshot.lifecycle.availableUntil, /^\d{4}-\d{2}-\d{2}T/)
+    assert.match(downloaded.body.visualProfile.screenshot.lifecycle.note, /before the local bridge process exits/)
+    assert.match(downloaded.body.visualProfile.screenshot.note, /base64 is intentionally omitted/)
+    assert.match(downloaded.body.visualProfile.screenshot.profileJsonNote, /standard JSON and cannot contain comments/)
+    assert.equal(downloaded.body.agentGuidance.recreationPlan.visualReference.screenshotBase64Included, false)
+    assert.equal(downloaded.body.agentGuidance.recreationPlan.visualReference.screenshotIncluded, true)
+    assert.match(
+      downloaded.body.agentGuidance.recreationPlan.visualReference.screenshotProfileJsonNote,
+      /standard JSON and cannot contain comments/
+    )
+    assert.equal(
+      downloaded.body.agentGuidance.recreationPlan.visualReference.screenshotDownloadUrl,
+      posted.body.preview.screenshot.downloadUrl
+    )
+
+    const unauthenticatedScreenshotDownload = await readBytes(await fetch(downloaded.body.visualProfile.screenshot.downloadUrl))
+    assert.equal(unauthenticatedScreenshotDownload.status, 200)
+    assert.equal(unauthenticatedScreenshotDownload.headers.get('content-type'), 'image/jpeg')
+    assert.equal(unauthenticatedScreenshotDownload.body.toString('utf8'), 'fake-jpeg')
+
+    const screenshotDownload = await readBytes(
+      await fetch(downloaded.body.visualProfile.screenshot.downloadUrl, { headers: auth(config.bridgeToken) })
+    )
+    assert.equal(screenshotDownload.status, 200)
+    assert.equal(screenshotDownload.headers.get('content-type'), 'image/jpeg')
+    assert.equal(
+      screenshotDownload.headers.get('content-disposition'),
+      `attachment; filename="stackprism-${created.body.id}-screenshot.jpg"`
+    )
+    assert.equal(screenshotDownload.body.toString('utf8'), 'fake-jpeg')
+
+    const apiScreenshotDownload = await readBytes(
+      await fetch(downloaded.body.visualProfile.screenshot.downloadUrl, { headers: auth(ready.apiToken) })
+    )
+    assert.equal(apiScreenshotDownload.status, 200)
+    assert.equal(apiScreenshotDownload.headers.get('content-type'), 'image/jpeg')
+    assert.equal(apiScreenshotDownload.body.toString('utf8'), 'fake-jpeg')
+
+    const badScreenshotUrl = `${ready.baseUrl}/v1/captures/${created.body.id}/screenshot-download/shot_${'x'.repeat(43)}`
+    const missingScreenshotAuth = await readJson(await fetch(badScreenshotUrl))
+    assert.equal(missingScreenshotAuth.status, 403)
+    assert.equal(missingScreenshotAuth.body.error.code, 'FORBIDDEN')
+    const badScreenshotDownload = await readJson(await fetch(badScreenshotUrl, { headers: auth(config.bridgeToken) }))
+    assert.equal(badScreenshotDownload.status, 403)
+    assert.equal(badScreenshotDownload.body.error.code, 'FORBIDDEN')
+
+    const downloadReadyStatus = await readJson(
+      await fetch(`${ready.baseUrl}/v1/captures/${created.body.id}`, { headers: auth(ready.apiToken) })
+    )
+    assert.equal(downloadReadyStatus.status, 200)
+    assert.equal(downloadReadyStatus.body.profileDownloadReady, true)
+
+    const forbidden = await readJson(
+      await fetch(`${ready.baseUrl}/v1/captures/${created.body.id}/profile`, { headers: auth(config.bridgeToken) })
+    )
+    assert.equal(forbidden.status, 403)
+    assertJsonSecurityHeaders(forbidden, { referrerPolicy: true })
+    assert.equal(forbidden.body.error.code, 'BRIDGE_TOKEN_CANNOT_READ_PROFILE')
+
+    const fetched = await readJson(
+      await fetch(`${ready.baseUrl}/v1/captures/${created.body.id}/profile`, { headers: auth(ready.apiToken) })
+    )
+    assert.equal(fetched.status, 200)
+    assertJsonSecurityHeaders(fetched, { referrerPolicy: true })
+    assert.equal(fetched.body.schema, 'stackprism.site_experience_profile.v1')
+    assert.equal(fetched.body.visualProfile.screenshot.dataUrl, undefined)
+  })
+})
+
+test('bridge status preview derives screenshot mime type from the data URL', async () => {
+  await withBridge(async ready => {
+    const created = await createCapture(ready)
+    const config = await loadBridgeConfig(created.body.bridgeUrl)
+    await acceptFinalUrl(ready, created.body.id, config.bridgeToken)
+
+    const profile = profileFor(created.body.id, {
+      visualProfile: {
+        screenshot: {
+          dataUrl: 'data:image/png;base64,ZmFrZS1wbmc=',
+          mimeType: 'image/jpeg',
+          byteLength: 8,
+          scope: 'visible_viewport'
+        }
+      }
+    })
+    const posted = await readJson(
+      await fetch(`${ready.baseUrl}/v1/captures/${created.body.id}/profile`, {
+        method: 'POST',
+        headers: { Authorization: `Bearer ${config.bridgeToken}`, 'Content-Type': 'application/json' },
+        body: JSON.stringify(profile)
+      })
+    )
+
+    assert.equal(posted.status, 200)
+    assert.equal(posted.body.preview.screenshot.mimeType, 'image/png')
+  })
+})
+
+test('profile reads and authenticated screenshot downloads refresh result TTL', async () => {
+  let now = 1000
+  await withBridge(
+    async ready => {
+      const created = await createCapture(ready)
+      const config = await loadBridgeConfig(created.body.bridgeUrl)
+      await acceptFinalUrl(ready, created.body.id, config.bridgeToken)
+      const profile = profileFor(created.body.id, {
+        visualProfile: {
+          screenshot: {
+            dataUrl: 'data:image/png;base64,ZmFrZS1wbmc=',
+            mimeType: 'image/png',
+            byteLength: 8,
+            scope: 'visible_viewport'
+          }
+        },
+        agentGuidance: { recreationPlan: { visualReference: {} } }
+      })
+      const posted = await readJson(
+        await fetch(`${ready.baseUrl}/v1/captures/${created.body.id}/profile`, {
+          method: 'POST',
+          headers: { ...auth(config.bridgeToken), 'Content-Type': 'application/json' },
+          body: JSON.stringify(profile)
+        })
+      )
+      assert.equal(posted.status, 200)
+      const capture = ready.store.get(created.body.id)
+      const firstExpiry = capture.resultExpiresAt
+
+      now = firstExpiry - 1
+      const profileRead = await readJson(
+        await fetch(`${ready.baseUrl}/v1/captures/${created.body.id}/profile`, { headers: auth(ready.apiToken) })
+      )
+      assert.equal(profileRead.status, 200)
+      assert.equal(profileRead.body.visualProfile.screenshot.dataUrl, undefined)
+      assert.equal(capture.resultExpiresAt, now + 100)
+      assert.ok(capture.resultExpiresAt > firstExpiry)
+
+      now = firstExpiry + 1
+      const screenshot = await readBytes(
+        await fetch(profileRead.body.visualProfile.screenshot.downloadUrl, { headers: auth(config.bridgeToken) })
+      )
+      assert.equal(screenshot.status, 200)
+      assert.equal(screenshot.headers.get('content-type'), 'image/png')
+      assert.equal(screenshot.body.toString('utf8'), 'fake-png')
+      assert.equal(capture.profile.visualProfile.screenshot.dataUrl, undefined)
+      assert.equal(capture.screenshotAsset.bytes.toString('utf8'), 'fake-png')
+      assert.equal(capture.resultExpiresAt, now + 100)
+      assert.ok(capture.resultExpiresAt > firstExpiry + 99)
+
+      now = capture.resultExpiresAt + 1
+      const expiredScreenshot = await readJson(
+        await fetch(profileRead.body.visualProfile.screenshot.downloadUrl, { headers: auth(config.bridgeToken) })
+      )
+      assert.equal(expiredScreenshot.status, 410)
+      assert.equal(expiredScreenshot.body.error.code, 'CAPTURE_RESULT_EXPIRED')
+      assert.equal(capture.profile, null)
+      assert.equal(capture.screenshotAsset, null)
+    },
+    { now: () => now, resultTtlMs: 100 }
+  )
+})
+
+test('js bridge rejects repeated and oversized profile submissions', async () => {
+  await withBridge(async ready => {
+    const created = await createCapture(ready)
+    const config = await loadBridgeConfig(created.body.bridgeUrl)
+    const profile = profileFor(created.body.id)
+    await acceptFinalUrl(ready, created.body.id, config.bridgeToken)
+
+    const posted = await readJson(
+      await fetch(`${ready.baseUrl}/v1/captures/${created.body.id}/profile`, {
+        method: 'POST',
+        headers: { ...auth(config.bridgeToken), 'Content-Type': 'application/json' },
+        body: JSON.stringify(profile)
+      })
+    )
+    assert.equal(posted.status, 200)
+
+    const repeated = await readJson(
+      await fetch(`${ready.baseUrl}/v1/captures/${created.body.id}/profile`, {
+        method: 'POST',
+        headers: { ...auth(config.bridgeToken), 'Content-Type': 'application/json' },
+        body: JSON.stringify(profile)
+      })
+    )
+    assert.equal(repeated.status, 409)
+    assert.equal(repeated.body.error.code, 'CAPTURE_ALREADY_COMPLETED')
+
+    const url = new URL(ready.baseUrl)
+    const repeatedOversized = await rawHttp(url.port, [
+      `POST /v1/captures/${created.body.id}/profile HTTP/1.1`,
+      `Host: ${url.host}`,
+      `Authorization: Bearer ${config.bridgeToken}`,
+      'Content-Type: application/json',
+      `Content-Length: ${8 * 1024 * 1024 + 1}`,
+      'Connection: close',
+      '',
+      ''
+    ])
+    assert.match(repeatedOversized, /409/)
+    assert.match(repeatedOversized, /CAPTURE_ALREADY_COMPLETED/)
+
+    const oversized = await createCapture(ready)
+    assert.equal(oversized.status, 200)
+    const oversizedConfig = await loadBridgeConfig(oversized.body.bridgeUrl)
+    await acceptFinalUrl(ready, oversized.body.id, oversizedConfig.bridgeToken)
+    const tooLargeProfile = { ...profileFor(oversized.body.id), evidence: { blob: 'x'.repeat(8 * 1024 * 1024) } }
+    const rejected = await readJson(
+      await fetch(`${ready.baseUrl}/v1/captures/${oversized.body.id}/profile`, {
+        method: 'POST',
+        headers: { ...auth(oversizedConfig.bridgeToken), 'Content-Type': 'application/json' },
+        body: JSON.stringify(tooLargeProfile)
+      })
+    )
+    assert.equal(rejected.status, 413)
+    assert.equal(rejected.body.error.code, 'PROFILE_TOO_LARGE')
+  })
+})
+
+test('js bridge serializes concurrent profile submissions for one capture', async () => {
+  await withBridge(async ready => {
+    const created = await createCapture(ready)
+    const config = await loadBridgeConfig(created.body.bridgeUrl)
+    const profile = profileFor(created.body.id)
+    const profileUrl = `${ready.baseUrl}/v1/captures/${created.body.id}/profile`
+    const profileText = JSON.stringify(profile)
+    const url = new URL(ready.baseUrl)
+    await acceptFinalUrl(ready, created.body.id, config.bridgeToken)
+
+    const slowPost = rawHttpSplitBody(
+      url.port,
+      [
+        `POST /v1/captures/${created.body.id}/profile HTTP/1.1`,
+        `Host: ${url.host}`,
+        `Authorization: Bearer ${config.bridgeToken}`,
+        'Content-Type: application/json',
+        `Content-Length: ${Buffer.byteLength(profileText)}`,
+        'Connection: close',
+        '',
+        ''
+      ],
+      profileText,
+      64,
+      150
+    ).then(parseRawJsonResponse)
+
+    await new Promise(resolve => setTimeout(resolve, 30))
+
+    const fastPost = fetch(profileUrl, {
+      method: 'POST',
+      headers: { ...auth(config.bridgeToken), 'Content-Type': 'application/json' },
+      body: JSON.stringify(profile)
+    })
+
+    const results = await Promise.all([slowPost, fastPost.then(response => readJson(response))])
+    const statuses = results.map(result => result.status).sort()
+    assert.deepEqual(statuses, [200, 409])
+    assert.equal(results.find(result => result.status === 409).body.error.code, 'CAPTURE_ALREADY_COMPLETED')
+  })
+})
+
+test('js bridge body reader stops consuming after request body exceeds limit', async () => {
+  let yieldedChunks = 0
+  const request = {
+    headers: { 'content-type': 'application/json' },
+    async *[Symbol.asyncIterator]() {
+      yieldedChunks += 1
+      yield Buffer.alloc(8)
+      yieldedChunks += 1
+      yield Buffer.alloc(8)
+      yieldedChunks += 1
+      yield Buffer.alloc(8)
+    }
+  }
+
+  const result = await readBridgeRequestJson(request, 10)
+  assert.equal(result.ok, false)
+  assert.equal(result.status, 413)
+  assert.equal(result.code, 'REQUEST_TOO_LARGE')
+  assert.equal(result.close, true)
+  assert.equal(yieldedChunks, 2)
+})
+
+test('js bridge request shell validation rejects invalid content length before routing', () => {
+  let response
+  const rejected = rejectBadRequestShell(
+    {
+      headers: {
+        host: '127.0.0.1:17370',
+        'content-length': 'nope'
+      },
+      rawHeaders: ['Host', '127.0.0.1:17370', 'Content-Length', 'nope'],
+      url: '/v1/captures'
+    },
+    {
+      writeHead(status, headers) {
+        response = { status, headers }
+      },
+      end(body) {
+        response.body = body
+      }
+    },
+    'http://127.0.0.1:17370'
+  )
+
+  assert.equal(rejected, true)
+  assert.equal(response.status, 400)
+  assert.match(response.body, /Content-Length is invalid\./)
+})
+
+test('js bridge closes slow request bodies within configured resource timeout', async () => {
+  await withBridge(
+    async ready => {
+      const url = new URL(ready.baseUrl)
+      const response = await rawHttpPartial(url.port, [
+        'POST /v1/captures HTTP/1.1',
+        `Host: ${url.host}`,
+        `Authorization: Bearer ${ready.apiToken}`,
+        'Content-Type: application/json',
+        'Content-Length: 64',
+        'Connection: close',
+        '',
+        '{"url"'
+      ])
+
+      assert.equal(response.closed, true)
+      assert.ok(response.elapsedMs < 1000, `slow body stayed open for ${response.elapsedMs}ms`)
+      assert.match(response.data, /408|400|INVALID_JSON/)
+    },
+    { resourcePolicy: { requestTimeoutMs: 50 } }
+  )
+})
+
+test('js bridge closes slow request headers within configured resource timeout', async () => {
+  await withBridge(
+    async ready => {
+      const url = new URL(ready.baseUrl)
+      const response = await rawHttpPartial(url.port, [`GET /health HTTP/1.1`, `Host: ${url.host}`])
+
+      assert.equal(response.closed, true)
+      assert.ok(response.elapsedMs < 1000, `slow headers stayed open for ${response.elapsedMs}ms`)
+      assert.doesNotMatch(response.data, /"ok":true/)
+    },
+    { resourcePolicy: { headersTimeoutMs: 50, requestTimeoutMs: 1000 } }
+  )
+})
+
+test('js bridge rejects connections beyond the configured active connection limit', async () => {
+  await withBridge(
+    async ready => {
+      const url = new URL(ready.baseUrl)
+      const first = await openHoldingSocket(url.port)
+      const second = await openHoldingSocket(url.port)
+      try {
+        const excess = await rawHttpPartialAllowReset(url.port, [`GET /health HTTP/1.1`, `Host: ${url.host}`, '', ''], 1000)
+
+        assert.equal(excess.closed, true)
+        assert.doesNotMatch(excess.data, /"ok":true/)
+        assert.ok(excess.reset || excess.data.length === 0 || /^HTTP\/1\.1 (4|5)/.test(excess.data))
+      } finally {
+        first.destroy()
+        second.destroy()
+      }
+    },
+    { resourcePolicy: { maxOpenConnections: 2, headersTimeoutMs: 1000 } }
+  )
+})
+
+test('capture store can actively prune expired completed profiles', async () => {
+  let now = 1000
+  const store = new CaptureStore({
+    baseUrl: 'http://127.0.0.1:17370',
+    openBrowser: () => ({ ok: true }),
+    now: () => now
+  })
+  const created = await store.create(baseCaptureRequest)
+  assert.equal(created.ok, true)
+  store.markProfile(created.capture, profileFor(created.capture.id))
+  assert.equal(created.capture.status, 'completed')
+  assert.ok(created.capture.profile)
+
+  now = created.capture.resultExpiresAt + 1
+  store.pruneExpiredResults()
+  assert.equal(created.capture.status, 'expired')
+  assert.equal(created.capture.profile, null)
+  assert.equal(created.capture.error.code, 'CAPTURE_RESULT_EXPIRED')
+})
+
+test('capture store actively expires completed profiles without a later request', async () => {
+  let now = 1000
+  const scheduled = []
+  const store = new CaptureStore({
+    baseUrl: 'http://127.0.0.1:17370',
+    openBrowser: () => ({ ok: true }),
+    now: () => now,
+    resultTtlMs: 25,
+    setTimeoutFn: (callback, delay) => {
+      scheduled.push({ callback, delay, cleared: false })
+      return scheduled.at(-1)
+    },
+    clearTimeoutFn: timer => {
+      timer.cleared = true
+    }
+  })
+  const created = await store.create(baseCaptureRequest)
+  assert.equal(created.ok, true)
+  store.markProfile(created.capture, profileFor(created.capture.id))
+  assert.equal(scheduled.length, 1)
+  assert.equal(scheduled[0].delay, 25)
+  assert.ok(created.capture.profile)
+
+  now = created.capture.resultExpiresAt + 1
+  scheduled[0].callback()
+  assert.equal(created.capture.status, 'expired')
+  assert.equal(created.capture.profile, null)
+  assert.equal(created.capture.error.code, 'CAPTURE_RESULT_EXPIRED')
+})
+
+test('capture store distinguishes extension, target load, and running timeouts', async () => {
+  let now = 1000
+  const store = new CaptureStore({
+    baseUrl: 'http://127.0.0.1:17370',
+    openBrowser: () => ({ ok: true }),
+    now: () => now
+  })
+  const queued = (await store.create(baseCaptureRequest)).capture
+  now = queued.extensionDeadlineAt + 1
+  store.pruneExpiredResults()
+  assert.equal(queued.status, 'failed')
+  assert.equal(queued.error.code, 'EXTENSION_NOT_CONNECTED')
+
+  now = 2000
+  const targetOpening = (await store.create(baseCaptureRequest)).capture
+  targetOpening.status = 'running'
+  targetOpening.phase = 'target_opening'
+  assert.equal(targetOpening.deadlineAt - targetOpening.createdAt, 95000)
+  now = targetOpening.deadlineAt + 1
+  store.pruneExpiredResults()
+  assert.equal(targetOpening.status, 'failed')
+  assert.equal(targetOpening.error.code, 'TARGET_LOAD_TIMEOUT')
+
+  now = 3000
+  const running = (await store.create(baseCaptureRequest)).capture
+  running.status = 'running'
+  running.phase = 'profiling_experience'
+  now = running.deadlineAt + 1
+  store.pruneExpiredResults()
+  assert.equal(running.status, 'failed')
+  assert.equal(running.error.code, 'CAPTURE_TIMEOUT')
+})
+
+test('js bridge reports browser open failure during capture creation', async () => {
+  await withBridge(
+    async ready => {
+      const response = await fetch(`${ready.baseUrl}/v1/captures`, {
+        method: 'POST',
+        headers: { ...auth(ready.apiToken), 'Content-Type': 'application/json' },
+        body: JSON.stringify(baseCaptureRequest)
+      })
+      const rejected = await readJson(response)
+      assert.equal(rejected.status, 500)
+      assert.equal(rejected.body.error.code, 'BROWSER_OPEN_FAILED')
+    },
+    { env: { STACKPRISM_BROWSER_OPEN_COMMAND: '/definitely/missing/stackprism-browser' } }
+  )
+})
+
+test('js bridge reports invalid browser open args during capture creation', async t => {
+  const cases = [
+    ['invalid_json', '{'],
+    ['non_array', JSON.stringify({ profile: 'Default' })],
+    ['non_string_arg', JSON.stringify(['--profile-directory=Default', 42])]
+  ]
+
+  for (const [name, argsJson] of cases) {
+    await t.test(name, async () => {
+      await withBridge(
+        async ready => {
+          const response = await fetch(`${ready.baseUrl}/v1/captures`, {
+            method: 'POST',
+            headers: { ...auth(ready.apiToken), 'Content-Type': 'application/json' },
+            body: JSON.stringify(baseCaptureRequest)
+          })
+          const rejected = await readJson(response)
+          assert.equal(rejected.status, 500)
+          assert.equal(rejected.body.error.code, 'BROWSER_OPEN_FAILED')
+          assert.deepEqual(rejected.body.error.details, { reason: 'invalid_open_args' })
+        },
+        {
+          env: {
+            STACKPRISM_BRIDGE_NO_OPEN: '0',
+            STACKPRISM_BROWSER_OPEN_COMMAND: process.execPath,
+            STACKPRISM_BROWSER_OPEN_ARGS_JSON: argsJson
+          }
+        }
+      )
+    })
+  }
+})
+
+test('js bridge factory validates browser open environment before server bind', () => {
+  assert.throws(
+    () => createBridgeServer({ env: { STACKPRISM_BROWSER_OPEN_COMMAND: 'bad\0cmd' } }),
+    error => error?.code === 'BRIDGE_INVALID_ENV'
+  )
+  assert.throws(
+    () =>
+      createBridgeServer({
+        env: { STACKPRISM_BROWSER_OPEN_COMMAND: process.execPath, STACKPRISM_BROWSER_OPEN_ARGS_JSON: JSON.stringify(['bad\0arg']) }
+      }),
+    error => error?.code === 'BRIDGE_INVALID_ENV'
+  )
+})
+
+test('js bridge open-browser helper validates parsed env before spawning', async () => {
+  assert.deepEqual(parseOpenTimeoutMs({}), { ok: true, timeoutMs: 5000 })
+  assert.deepEqual(parseOpenTimeoutMs({ STACKPRISM_BROWSER_OPEN_TIMEOUT_MS: '250' }), { ok: true, timeoutMs: 250 })
+  assert.deepEqual(parseOpenTimeoutMs({ STACKPRISM_BROWSER_OPEN_TIMEOUT_MS: '99' }), {
+    ok: false,
+    details: { reason: 'invalid_open_timeout' }
+  })
+
+  const result = await openBrowser('http://127.0.0.1:1/bridge', {
+    STACKPRISM_BROWSER_OPEN_COMMAND: process.execPath,
+    STACKPRISM_BROWSER_OPEN_ARGS_JSON: JSON.stringify(['bad\0arg'])
+  })
+
+  assert.deepEqual(result, { ok: false, details: { reason: 'BRIDGE_INVALID_ENV', message: 'Browser open environment contains NUL.' } })
+
+  const invalidTimeout = await openBrowser('http://127.0.0.1:1/bridge', {
+    STACKPRISM_BROWSER_OPEN_COMMAND: process.execPath,
+    STACKPRISM_BROWSER_OPEN_TIMEOUT_MS: '30001'
+  })
+  assert.deepEqual(invalidTimeout, { ok: false, details: { reason: 'invalid_open_timeout' } })
+
+  const invalidUrl = await openBrowser('http://127.0.0.1:1/bridge\nnext', { STACKPRISM_BRIDGE_NO_OPEN: '1' })
+  assert.deepEqual(invalidUrl, { ok: false, details: { reason: 'invalid_url' } })
+
+  const credentialUrl = await openBrowser('http://user:pass@127.0.0.1:1/bridge', { STACKPRISM_BRIDGE_NO_OPEN: '1' })
+  assert.deepEqual(credentialUrl, { ok: false, details: { reason: 'invalid_url' } })
+
+  const invalidScheme = await openBrowser('file:///tmp/stackprism.html', { STACKPRISM_BRIDGE_NO_OPEN: '1' })
+  assert.deepEqual(invalidScheme, { ok: false, details: { reason: 'invalid_scheme', allowed: ['http', 'https'] } })
+
+  const missingCommand = await openBrowser('http://127.0.0.1:1/bridge', {
+    STACKPRISM_BROWSER_OPEN_COMMAND: '/definitely/missing/stackprism-browser'
+  })
+  assert.deepEqual(missingCommand, { ok: false, details: { reason: 'command_not_found' } })
+
+  const openFailed = await openBrowser('http://127.0.0.1:1/bridge', {
+    STACKPRISM_BROWSER_OPEN_COMMAND: process.execPath,
+    STACKPRISM_BROWSER_OPEN_ARGS_JSON: JSON.stringify(['--input-type=module', '-e', 'process.exit(7)']),
+    STACKPRISM_BROWSER_OPEN_TIMEOUT_MS: '1000'
+  })
+  assert.deepEqual(openFailed, { ok: false, details: { reason: 'open_failed', exitCode: 7 } })
+})
+
+test('js bridge open-browser helper appends bridge URL as one argv', async () => {
+  const tempDir = mkdtempSync(join(tmpdir(), 'stackprism-open-'))
+  const argvPath = join(tempDir, 'argv.json')
+  const bridgeUrl = 'http://127.0.0.1:17370/bridge?session=s&capture=c&nonce=n value"quote;&cmd=$(echo bad)'
+  const script = "import { writeFileSync } from 'node:fs'; writeFileSync(process.argv[1], JSON.stringify(process.argv.slice(2)))"
+
+  try {
+    const result = await openBrowser(bridgeUrl, {
+      STACKPRISM_BROWSER_OPEN_COMMAND: process.execPath,
+      STACKPRISM_BROWSER_OPEN_ARGS_JSON: JSON.stringify(['--input-type=module', '-e', script, argvPath])
+    })
+
+    assert.deepEqual(result, { ok: true })
+    waitForFileSync(argvPath)
+    assert.deepEqual(JSON.parse(readFileSync(argvPath, 'utf8')), [bridgeUrl])
+  } finally {
+    rmSync(tempDir, { recursive: true, force: true })
+  }
+})
+
+test('js bridge open-browser helper selects platform default opener without shell parsing', () => {
+  assert.deepEqual(resolveBrowserOpenCommand({}, 'darwin'), { ok: true, command: 'open', args: [] })
+  assert.deepEqual(resolveBrowserOpenCommand({}, 'win32'), {
+    ok: true,
+    command: 'rundll32.exe',
+    args: ['url.dll,FileProtocolHandler']
+  })
+  assert.deepEqual(resolveBrowserOpenCommand({}, 'linux'), { ok: true, command: 'xdg-open', args: [] })
+  assert.deepEqual(
+    resolveBrowserOpenCommand(
+      {
+        STACKPRISM_BROWSER_OPEN_COMMAND: '/Applications/Google Chrome.app/Contents/MacOS/Google Chrome',
+        STACKPRISM_BROWSER_OPEN_ARGS_JSON: JSON.stringify(['--profile-directory=Default'])
+      },
+      'darwin'
+    ),
+    {
+      ok: true,
+      command: '/Applications/Google Chrome.app/Contents/MacOS/Google Chrome',
+      args: ['--profile-directory=Default']
+    }
+  )
+  assert.deepEqual(
+    resolveBrowserOpenCommand(
+      {
+        STACKPRISM_BROWSER_OPEN_COMMAND: 'C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe',
+        STACKPRISM_BROWSER_OPEN_ARGS_JSON: JSON.stringify(['--profile-directory=Profile 2'])
+      },
+      'win32'
+    ),
+    {
+      ok: true,
+      command: 'C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe',
+      args: ['--profile-directory=Profile 2']
+    }
+  )
+  assert.deepEqual(
+    resolveBrowserOpenCommand(
+      {
+        STACKPRISM_BROWSER_OPEN_COMMAND: 'firefox',
+        STACKPRISM_BROWSER_OPEN_ARGS_JSON: JSON.stringify(['-P', 'stackprism-dev'])
+      },
+      'linux'
+    ),
+    {
+      ok: true,
+      command: 'firefox',
+      args: ['-P', 'stackprism-dev']
+    }
+  )
+})
+
+test('bridge cli rejects invalid configured port before ready output', async () => {
+  const child = spawn(process.execPath, ['agent-skill/stackprism-site-experience/scripts/stackprism-bridge.mjs'], {
+    cwd: new URL('..', import.meta.url),
+    env: { ...process.env, STACKPRISM_BRIDGE_NO_OPEN: '1', STACKPRISM_BRIDGE_PORT: '' },
+    stdio: ['pipe', 'pipe', 'pipe']
+  })
+  child.stdin.end()
+
+  let stdout = ''
+  let stderr = ''
+  child.stdout.on('data', chunk => {
+    stdout += String(chunk)
+  })
+  child.stderr.on('data', chunk => {
+    stderr += String(chunk)
+  })
+  const [code] = await once(child, 'exit')
+  const parsed = JSON.parse(stderr.trim())
+
+  assert.notEqual(code, 0)
+  assert.equal(parsed.error.code, 'BRIDGE_INVALID_ENV')
+  assert.equal(stdout, '')
+  assert.equal(stderr.includes('spb_'), false)
+})
+
+test('bridge cli rejects occupied configured port before ready output', async () => {
+  const occupiedServer = await listenOnLoopback()
+  const address = occupiedServer.address()
+  assert.ok(address && typeof address === 'object')
+
+  const child = spawn(process.execPath, ['agent-skill/stackprism-site-experience/scripts/stackprism-bridge.mjs'], {
+    cwd: new URL('..', import.meta.url),
+    env: { ...process.env, STACKPRISM_BRIDGE_NO_OPEN: '1', STACKPRISM_BRIDGE_PORT: String(address.port) },
+    stdio: ['pipe', 'pipe', 'pipe']
+  })
+  child.stdin.end()
+
+  let stdout = ''
+  let stderr = ''
+  child.stdout.on('data', chunk => {
+    stdout += String(chunk)
+  })
+  child.stderr.on('data', chunk => {
+    stderr += String(chunk)
+  })
+
+  try {
+    const [code] = await once(child, 'exit')
+    const parsed = JSON.parse(stderr.trim())
+
+    assert.notEqual(code, 0)
+    assert.equal(parsed.error.code, 'PORT_IN_USE')
+    assert.equal(stdout, '')
+    assert.equal(stderr.includes('spb_'), false)
+  } finally {
+    await new Promise(resolve => occupiedServer.close(resolve))
+  }
+})
+
+test('bridge cli startup failure code is part of the bridge error contract', async () => {
+  const { isKnownBridgeErrorCode, sanitizeBridgeError } =
+    await import('../agent-skill/stackprism-site-experience/scripts/bridge/protocol.mjs')
+
+  assert.equal(isKnownBridgeErrorCode('BRIDGE_START_FAILED'), true)
+  assert.equal(isKnownBridgeErrorCode('BRIDGE_PAGE_RENDER_FAILED'), true)
+  assert.equal(sanitizeBridgeError({ code: 'BRIDGE_START_FAILED', message: 'Bridge server startup failed.' }).code, 'BRIDGE_START_FAILED')
+  assert.equal(
+    sanitizeBridgeError({ code: 'BRIDGE_PAGE_RENDER_FAILED', message: 'Bridge page render failed.' }).code,
+    'BRIDGE_PAGE_RENDER_FAILED'
+  )
+  const sanitized = sanitizeBridgeError({
+    code: 'INVALID_REQUEST',
+    message: `screenshot shot_${'a'.repeat(43)} failed`,
+    details: {
+      url: `http://127.0.0.1:17370/v1/captures/cap_1234567890123456789012/screenshot-download/shot_${'b'.repeat(43)}`
+    }
+  })
+  assert.equal(sanitized.message, 'screenshot [redacted-id] failed')
+  assert.equal(JSON.stringify(sanitized).includes('shot_'), false)
+})
+
+test('bridge cli prints exactly one ready json line after server bind', async () => {
+  const child = spawn(process.execPath, ['agent-skill/stackprism-site-experience/scripts/stackprism-bridge.mjs'], {
+    cwd: new URL('..', import.meta.url),
+    env: { ...process.env, STACKPRISM_BRIDGE_NO_OPEN: '1' },
+    stdio: ['pipe', 'pipe', 'pipe']
+  })
+  const [chunk] = await once(child.stdout, 'data')
+  const ready = JSON.parse(String(chunk).trim())
+  assert.equal(ready.event, 'stackprism-bridge-ready')
+  assert.match(ready.apiToken, /^spb_[A-Za-z0-9_-]{43}$/)
+  const health = await readJson(await fetch(ready.healthUrl))
+  assert.equal(health.status, 200)
+  child.kill('SIGTERM')
+  await once(child, 'exit')
+})
+
+test('bridge cli exits and clears server when stdin closes', async () => {
+  const child = spawn(process.execPath, ['agent-skill/stackprism-site-experience/scripts/stackprism-bridge.mjs'], {
+    cwd: new URL('..', import.meta.url),
+    env: { ...process.env, STACKPRISM_BRIDGE_NO_OPEN: '1' },
+    stdio: ['pipe', 'pipe', 'pipe']
+  })
+  const [chunk] = await once(child.stdout, 'data')
+  const ready = JSON.parse(String(chunk).trim())
+  const health = await readJson(await fetch(ready.healthUrl))
+  assert.equal(health.status, 200)
+
+  child.stdin.end()
+  const exited = await Promise.race([
+    once(child, 'exit').then(([code]) => ({ exited: true, code })),
+    new Promise(resolve => setTimeout(() => resolve({ exited: false }), 2500))
+  ])
+  if (!exited.exited) child.kill('SIGTERM')
+  assert.equal(exited.exited, true)
+  assert.equal(exited.code, 0)
+})
+
+test('bridge cli exits and closes listener on SIGTERM', async () => {
+  const child = spawn(process.execPath, ['agent-skill/stackprism-site-experience/scripts/stackprism-bridge.mjs'], {
+    cwd: new URL('..', import.meta.url),
+    env: { ...process.env, STACKPRISM_BRIDGE_NO_OPEN: '1' },
+    stdio: ['pipe', 'pipe', 'pipe']
+  })
+  const [chunk] = await once(child.stdout, 'data')
+  const ready = JSON.parse(String(chunk).trim())
+  const health = await readJson(await fetch(ready.healthUrl))
+  assert.equal(health.status, 200)
+
+  child.kill('SIGTERM')
+  const [code] = await once(child, 'exit')
+
+  assert.equal(code, 0)
+  await assert.rejects(() => fetch(ready.healthUrl), /fetch failed/)
+})
+
+test('capture-site helper terminal settle parser defaults invalid nullable values', () => {
+  assert.equal(parseTerminalSettleMs(undefined), 3000)
+  assert.equal(parseTerminalSettleMs(null), 3000)
+  assert.equal(parseTerminalSettleMs(''), 3000)
+  assert.equal(parseTerminalSettleMs('0'), 0)
+  assert.equal(parseTerminalSettleMs('5000'), 5000)
+  assert.equal(parseTerminalSettleMs('5001'), 3000)
+  assert.equal(parseTerminalSettleMs('invalid'), 3000)
+})
+
+test('capture-site helper emits one machine-readable argument error', async () => {
+  const tempDir = mkdtempSync(join(tmpdir(), 'stackprism-capture-site-args-'))
+  const profilePath = join(tempDir, 'profile.json')
+
+  try {
+    const child = spawn(
+      process.execPath,
+      [
+        'agent-skill/stackprism-site-experience/scripts/capture-site.mjs',
+        '--url',
+        'https://example.test/',
+        '--out',
+        profilePath,
+        '--include',
+        'tech,unknown'
+      ],
+      {
+        cwd: new URL('..', import.meta.url),
+        stdio: ['ignore', 'pipe', 'pipe']
+      }
+    )
+    let stdout = ''
+    let stderr = ''
+    child.stdout.on('data', chunk => {
+      stdout += String(chunk)
+    })
+    child.stderr.on('data', chunk => {
+      stderr += String(chunk)
+    })
+    const [code] = await once(child, 'exit')
+    const lines = stderr.trim().split('\n')
+    const parsed = JSON.parse(stderr.trim())
+
+    assert.notEqual(code, 0)
+    assert.equal(stdout.trim(), '')
+    assert.equal(lines.length, 1)
+    assert.equal(parsed.ok, false)
+    assert.equal(parsed.error.code, 'INVALID_REQUEST')
+    assert.match(parsed.error.message, /--include/)
+    assert.match(parsed.error.details.usage, /Usage: node agent-skill\/stackprism-site-experience\/scripts\/capture-site\.mjs/)
+    assert.match(parsed.error.details.usage, /--no-screenshot/)
+    assert.doesNotMatch(stderr, /^Usage:/)
+    assert.equal(existsSync(profilePath), false)
+  } finally {
+    rmSync(tempDir, { recursive: true, force: true })
+  }
+})
+
+test('capture-site helper preserves PORT_IN_USE startup errors', async () => {
+  const tempDir = mkdtempSync(join(tmpdir(), 'stackprism-capture-site-port-'))
+  const profilePath = join(tempDir, 'profile.json')
+  const occupied = net.createServer()
+  occupied.listen(0, '127.0.0.1')
+  await once(occupied, 'listening')
+  const { port } = occupied.address()
+
+  try {
+    const child = spawn(
+      process.execPath,
+      ['agent-skill/stackprism-site-experience/scripts/capture-site.mjs', '--url', 'https://example.test/', '--out', profilePath],
+      {
+        cwd: new URL('..', import.meta.url),
+        env: { ...process.env, STACKPRISM_BRIDGE_PORT: String(port) },
+        stdio: ['ignore', 'pipe', 'pipe']
+      }
+    )
+    let stdout = ''
+    let stderr = ''
+    child.stdout.on('data', chunk => {
+      stdout += String(chunk)
+    })
+    child.stderr.on('data', chunk => {
+      stderr += String(chunk)
+    })
+    const [code] = await once(child, 'exit')
+    const parsed = JSON.parse(stderr.trim())
+
+    assert.notEqual(code, 0)
+    assert.equal(stdout.trim(), '')
+    assert.equal(parsed.error.code, 'PORT_IN_USE')
+    assert.match(parsed.error.message, /port is already in use/i)
+    assert.equal(existsSync(profilePath), false)
+  } finally {
+    await new Promise(resolve => occupied.close(resolve))
+    rmSync(tempDir, { recursive: true, force: true })
+  }
+})
+
+test('capture-site helper keeps bridge stdin open and writes profile artifacts', async () => {
+  const tempDir = mkdtempSync(join(tmpdir(), 'stackprism-capture-site-'))
+  const fakeBridgePath = join(tempDir, 'fake-bridge.mjs')
+  const profilePath = join(tempDir, 'profile.json')
+  const resultPath = join(tempDir, 'result.json')
+  const screenshotPath = join(tempDir, 'screenshot.jpg')
+  const logPath = join(tempDir, 'fake-bridge-log.json')
+  const fakeProfile = profileFor('pending', {
+    target: { url: 'https://example.test/', finalUrl: 'https://example.test/final', language: 'en' },
+    techProfile: { technologies: [{ name: 'Vue' }, { name: 'Vite' }] },
+    visualProfile: {
+      screenshot: {
+        downloadUrl: 'pending',
+        mimeType: 'image/jpeg',
+        byteLength: 9,
+        scope: 'visible_viewport',
+        note: 'Screenshot image base64 is intentionally omitted from this Profile JSON.'
+      }
+    },
+    agentGuidance: { recreationPlan: { implementationOrder: ['layout'], visualReference: {} } }
+  })
+
+  writeFileSync(
+    fakeBridgePath,
+    `
+import http from 'node:http'
+import { writeFileSync } from 'node:fs'
+const logPath = ${JSON.stringify(logPath)}
+let captureId = 'cap_1234567890123456789012'
+let requestBody = null
+let profile = ${JSON.stringify(fakeProfile)}
+let statusReads = 0
+const downloadableProfile = () => ({
+  ...profile,
+  captureId,
+  visualProfile: {
+    screenshot: {
+      ...profile.visualProfile.screenshot,
+      downloadUrl: 'http://127.0.0.1:' + server.address().port + '/v1/captures/' + captureId + '/screenshot-download'
+    }
+  }
+})
+let stdinEnded = false
+let completedAt = 0
+let profileDownloadedAt = 0
+let screenshotDownloadedAt = 0
+let stdinEndedAt = 0
+const token = 'spb_${'a'.repeat(43)}'
+const server = http.createServer((req, res) => {
+  const chunks = []
+  req.on('data', chunk => chunks.push(chunk))
+  req.on('end', () => {
+    const send = (status, body) => {
+      res.writeHead(status, { 'Content-Type': 'application/json; charset=utf-8' })
+      res.end(JSON.stringify(body))
+    }
+    if (req.url === '/health') return send(200, { ok: true })
+    if (req.method === 'POST' && req.url === '/v1/captures') {
+      requestBody = JSON.parse(Buffer.concat(chunks).toString('utf8'))
+      return send(200, { id: captureId, status: 'queued', bridgeUrl: 'http://127.0.0.1/bridge', profileUrl: '/profile' })
+    }
+    if (req.url === '/v1/captures/' + captureId) {
+      statusReads += 1
+      if (statusReads >= 2 && !completedAt) completedAt = Date.now()
+      return send(200, {
+        id: captureId,
+        status: statusReads < 2 ? 'running' : 'completed',
+        phase: statusReads < 2 ? 'target_loaded' : 'cleanup',
+        profileDownloadReady: profileDownloadedAt > 0
+      })
+    }
+    if (req.url === '/v1/captures/' + captureId + '/profile') {
+      return send(200, downloadableProfile())
+    }
+    if (req.url === '/v1/captures/' + captureId + '/profile-download') {
+      profileDownloadedAt = Date.now()
+      return send(200, downloadableProfile())
+    }
+    if (req.url === '/v1/captures/' + captureId + '/screenshot-download') {
+      screenshotDownloadedAt = Date.now()
+      res.writeHead(200, { 'Content-Type': 'image/jpeg', 'Content-Length': '9' })
+      res.end('fake jpeg')
+      return
+    }
+    return send(404, { error: { code: 'NOT_FOUND' } })
+  })
+})
+server.listen(0, '127.0.0.1', () => {
+  const port = server.address().port
+  process.stdout.write(JSON.stringify({
+    event: 'stackprism-bridge-ready',
+    service: 'stackprism-agent-bridge',
+    version: '0.1.0',
+    protocolVersion: 1,
+    baseUrl: 'http://127.0.0.1:' + port,
+    healthUrl: 'http://127.0.0.1:' + port + '/health',
+    apiToken: token
+  }) + '\\n')
+})
+process.stdin.on('end', () => {
+  stdinEnded = true
+  stdinEndedAt = Date.now()
+  writeFileSync(logPath, JSON.stringify({ stdinEnded, requestBody, statusReads, completedAt, profileDownloadedAt, screenshotDownloadedAt, stdinEndedAt }))
+  server.close(() => process.exit(0))
+})
+process.stdin.resume()
+`,
+    'utf8'
+  )
+
+  try {
+    const child = spawn(
+      process.execPath,
+      [
+        'agent-skill/stackprism-site-experience/scripts/capture-site.mjs',
+        '--url',
+        'https://example.test/',
+        '--out',
+        profilePath,
+        '--result-out',
+        resultPath,
+        '--screenshot-out',
+        screenshotPath
+      ],
+      {
+        cwd: new URL('..', import.meta.url),
+        env: { ...process.env, STACKPRISM_CAPTURE_BRIDGE_SCRIPT: fakeBridgePath, STACKPRISM_CAPTURE_TERMINAL_SETTLE_MS: '50' },
+        stdio: ['ignore', 'pipe', 'pipe']
+      }
+    )
+    let stdout = ''
+    let stderr = ''
+    child.stdout.on('data', chunk => {
+      stdout += String(chunk)
+    })
+    child.stderr.on('data', chunk => {
+      stderr += String(chunk)
+    })
+    const exited = await Promise.race([
+      once(child, 'exit').then(([code]) => ({ exited: true, code })),
+      new Promise(resolve => setTimeout(() => resolve({ exited: false, code: null }), 2500))
+    ])
+    if (!exited.exited) child.kill('SIGTERM')
+    assert.equal(exited.exited, true)
+    const { code } = exited
+    assert.equal(code, 0, stderr)
+    const summary = JSON.parse(stdout.trim())
+    const result = JSON.parse(readFileSync(resultPath, 'utf8'))
+    const writtenProfile = JSON.parse(readFileSync(profilePath, 'utf8'))
+    const fakeBridgeLog = JSON.parse(readFileSync(logPath, 'utf8'))
+
+    assert.equal(summary.ok, true)
+    assert.equal(summary.finalUrl, 'https://example.test/final')
+    assert.equal(summary.screenshotPresent, true)
+    assert.equal(summary.screenshotWritten, true)
+    assert.equal(summary.profileDownloadReady, true)
+    assert.equal(summary.captureScreenshot, true)
+    assert.equal(result.techCount, 2)
+    assert.equal(result.screenshotWritten, true)
+    assert.equal(result.captureScreenshot, true)
+    assert.equal(result.screenshotPath, screenshotPath)
+    assert.equal(result.screenshotDownloadUrl, pathToFileURL(screenshotPath).href)
+    assert.equal(result.profileDownloadReady, true)
+    assert.equal(writtenProfile.captureId, 'cap_1234567890123456789012')
+    assert.equal(writtenProfile.visualProfile.screenshot.downloadUrl, pathToFileURL(screenshotPath).href)
+    assert.equal(writtenProfile.visualProfile.screenshot.downloadMethod, 'file')
+    assert.equal(writtenProfile.visualProfile.screenshot.localPath, screenshotPath)
+    assert.equal(writtenProfile.visualProfile.screenshot.lifecycle.requiresLocalBridge, false)
+    assert.equal(writtenProfile.visualProfile.screenshot.lifecycle.availableUntil, '')
+    assert.match(writtenProfile.visualProfile.screenshot.lifecycle.note, /localPath/)
+    assert.doesNotMatch(JSON.stringify(writtenProfile), /127\.0\.0\.1/)
+    assert.doesNotMatch(JSON.stringify(writtenProfile), /data:image\/[a-z]+;base64/)
+    assert.equal(writtenProfile.agentGuidance.recreationPlan.visualReference.screenshotDownloadUrl, pathToFileURL(screenshotPath).href)
+    assert.equal(writtenProfile.agentGuidance.recreationPlan.visualReference.screenshotLocalPath, screenshotPath)
+    assert.equal(readFileSync(screenshotPath, 'utf8'), 'fake jpeg')
+    assert.equal(fakeBridgeLog.stdinEnded, true)
+    assert.equal(fakeBridgeLog.requestBody.options.targetMode, 'new_tab')
+    assert.equal(fakeBridgeLog.requestBody.options.forceRefresh, false)
+    assert.equal(fakeBridgeLog.requestBody.options.captureScreenshot, true)
+    assert.equal(fakeBridgeLog.requestBody.options.allowPrivateNetworkTarget, false)
+    assert.deepEqual(fakeBridgeLog.requestBody.include, ['tech', 'visual', 'layout', 'components', 'interaction', 'ux', 'assets'])
+    assert.equal(fakeBridgeLog.statusReads >= 2, true)
+    assert.equal(fakeBridgeLog.profileDownloadedAt > 0, true)
+    assert.equal(fakeBridgeLog.screenshotDownloadedAt > 0, true)
+    assert.equal(fakeBridgeLog.screenshotDownloadedAt >= fakeBridgeLog.profileDownloadedAt, true)
+    assert.equal(fakeBridgeLog.stdinEndedAt >= fakeBridgeLog.screenshotDownloadedAt, true)
+    assert.equal(fakeBridgeLog.stdinEndedAt - fakeBridgeLog.completedAt >= 40, true)
+  } finally {
+    rmSync(tempDir, { recursive: true, force: true })
+  }
+})
+
+test('capture-site helper accepts a reduced include set for retry captures', async () => {
+  const tempDir = mkdtempSync(join(tmpdir(), 'stackprism-capture-site-include-'))
+  const fakeBridgePath = join(tempDir, 'fake-bridge-include.mjs')
+  const profilePath = join(tempDir, 'profile.json')
+  const logPath = join(tempDir, 'fake-bridge-log.json')
+  const fakeProfile = profileFor('pending', {
+    target: { url: 'https://example.test/', finalUrl: 'https://example.test/final', language: 'en' },
+    techProfile: { technologies: [] },
+    agentGuidance: { recreationPlan: { implementationOrder: ['layout'] } }
+  })
+
+  writeFileSync(
+    fakeBridgePath,
+    `
+import http from 'node:http'
+import { writeFileSync } from 'node:fs'
+const logPath = ${JSON.stringify(logPath)}
+const captureId = 'cap_1234567890123456789012'
+const profile = ${JSON.stringify(fakeProfile)}
+let requestBody = null
+const token = 'spb_${'f'.repeat(43)}'
+const server = http.createServer((req, res) => {
+  const chunks = []
+  req.on('data', chunk => chunks.push(chunk))
+  req.on('end', () => {
+    const send = (status, body) => {
+      res.writeHead(status, { 'Content-Type': 'application/json; charset=utf-8' })
+      res.end(JSON.stringify(body))
+    }
+    if (req.method === 'POST' && req.url === '/v1/captures') {
+      requestBody = JSON.parse(Buffer.concat(chunks).toString('utf8'))
+      return send(200, { id: captureId, status: 'queued' })
+    }
+    if (req.url === '/v1/captures/' + captureId) return send(200, { id: captureId, status: 'completed', phase: 'cleanup' })
+    if (req.url === '/v1/captures/' + captureId + '/profile-download') return send(200, { ...profile, captureId })
+    return send(404, { error: { code: 'NOT_FOUND' } })
+  })
+})
+server.listen(0, '127.0.0.1', () => {
+  const port = server.address().port
+  process.stdout.write(JSON.stringify({
+    event: 'stackprism-bridge-ready',
+    protocolVersion: 1,
+    baseUrl: 'http://127.0.0.1:' + port,
+    healthUrl: 'http://127.0.0.1:' + port + '/health',
+    apiToken: token
+  }) + '\\n')
+})
+process.stdin.on('end', () => {
+  writeFileSync(logPath, JSON.stringify({ requestBody }))
+  server.close(() => process.exit(0))
+})
+process.stdin.resume()
+`,
+    'utf8'
+  )
+
+  try {
+    const child = spawn(
+      process.execPath,
+      [
+        'agent-skill/stackprism-site-experience/scripts/capture-site.mjs',
+        '--url',
+        'https://example.test/',
+        '--out',
+        profilePath,
+        '--include',
+        'tech,visual,ux',
+        '--no-screenshot'
+      ],
+      {
+        cwd: new URL('..', import.meta.url),
+        env: { ...process.env, STACKPRISM_CAPTURE_BRIDGE_SCRIPT: fakeBridgePath, STACKPRISM_CAPTURE_TERMINAL_SETTLE_MS: '50' },
+        stdio: ['ignore', 'pipe', 'pipe']
+      }
+    )
+    let stdout = ''
+    let stderr = ''
+    child.stdout.on('data', chunk => {
+      stdout += String(chunk)
+    })
+    child.stderr.on('data', chunk => {
+      stderr += String(chunk)
+    })
+    const [code] = await once(child, 'exit')
+    assert.equal(code, 0, stderr)
+    const summary = JSON.parse(stdout.trim())
+    const fakeBridgeLog = JSON.parse(readFileSync(logPath, 'utf8'))
+    assert.deepEqual(fakeBridgeLog.requestBody.include, ['tech', 'visual', 'ux'])
+    assert.equal(fakeBridgeLog.requestBody.options.captureScreenshot, false)
+    assert.equal(summary.include.includes('components'), false)
+    assert.deepEqual(summary.include, ['tech', 'visual', 'ux'])
+    assert.equal(summary.captureScreenshot, false)
+  } finally {
+    rmSync(tempDir, { recursive: true, force: true })
+  }
+})
+
+test('capture-site helper can explicitly force-refresh the fresh target tab', async () => {
+  const tempDir = mkdtempSync(join(tmpdir(), 'stackprism-capture-site-force-refresh-'))
+  const fakeBridgePath = join(tempDir, 'fake-bridge-force-refresh.mjs')
+  const profilePath = join(tempDir, 'profile.json')
+  const logPath = join(tempDir, 'fake-bridge-log.json')
+  const fakeProfile = profileFor('pending', {
+    target: { url: 'https://example.test/', finalUrl: 'https://example.test/final', language: 'en' },
+    techProfile: { technologies: [] },
+    agentGuidance: { recreationPlan: { implementationOrder: ['layout'] } }
+  })
+
+  writeFileSync(
+    fakeBridgePath,
+    `
+import http from 'node:http'
+import { writeFileSync } from 'node:fs'
+const logPath = ${JSON.stringify(logPath)}
+const captureId = 'cap_1234567890123456789012'
+const profile = ${JSON.stringify(fakeProfile)}
+let requestBody = null
+const token = 'spb_${'d'.repeat(43)}'
+const server = http.createServer((req, res) => {
+  const chunks = []
+  req.on('data', chunk => chunks.push(chunk))
+  req.on('end', () => {
+    const send = (status, body) => {
+      res.writeHead(status, { 'Content-Type': 'application/json; charset=utf-8' })
+      res.end(JSON.stringify(body))
+    }
+    if (req.method === 'POST' && req.url === '/v1/captures') {
+      requestBody = JSON.parse(Buffer.concat(chunks).toString('utf8'))
+      return send(200, { id: captureId, status: 'queued' })
+    }
+    if (req.url === '/v1/captures/' + captureId) return send(200, { id: captureId, status: 'completed', phase: 'cleanup' })
+    if (req.url === '/v1/captures/' + captureId + '/profile') return send(200, { ...profile, captureId })
+    if (req.url === '/v1/captures/' + captureId + '/profile-download') return send(200, { ...profile, captureId })
+    return send(404, { error: { code: 'NOT_FOUND' } })
+  })
+})
+server.listen(0, '127.0.0.1', () => {
+  const port = server.address().port
+  process.stdout.write(JSON.stringify({
+    event: 'stackprism-bridge-ready',
+    protocolVersion: 1,
+    baseUrl: 'http://127.0.0.1:' + port,
+    healthUrl: 'http://127.0.0.1:' + port + '/health',
+    apiToken: token
+  }) + '\\n')
+})
+process.stdin.on('end', () => {
+  writeFileSync(logPath, JSON.stringify({ requestBody }))
+  server.close(() => process.exit(0))
+})
+process.stdin.resume()
+`,
+    'utf8'
+  )
+
+  try {
+    const child = spawn(
+      process.execPath,
+      [
+        'agent-skill/stackprism-site-experience/scripts/capture-site.mjs',
+        '--url',
+        'https://example.test/',
+        '--out',
+        profilePath,
+        '--force-refresh'
+      ],
+      {
+        cwd: new URL('..', import.meta.url),
+        env: { ...process.env, STACKPRISM_CAPTURE_BRIDGE_SCRIPT: fakeBridgePath, STACKPRISM_CAPTURE_TERMINAL_SETTLE_MS: '50' },
+        stdio: ['ignore', 'pipe', 'pipe']
+      }
+    )
+    let stderr = ''
+    child.stderr.on('data', chunk => {
+      stderr += String(chunk)
+    })
+    const [code] = await once(child, 'exit')
+    assert.equal(code, 0, stderr)
+    const fakeBridgeLog = JSON.parse(readFileSync(logPath, 'utf8'))
+    assert.equal(fakeBridgeLog.requestBody.options.targetMode, 'new_tab')
+    assert.equal(fakeBridgeLog.requestBody.options.forceRefresh, true)
+  } finally {
+    rmSync(tempDir, { recursive: true, force: true })
+  }
+})
+
+test('capture-site helper exits nonzero without writing profile on capture failure', async () => {
+  const tempDir = mkdtempSync(join(tmpdir(), 'stackprism-capture-site-fail-'))
+  const fakeBridgePath = join(tempDir, 'fake-bridge-fail.mjs')
+  const profilePath = join(tempDir, 'profile.json')
+  writeFileSync(
+    fakeBridgePath,
+    `
+import http from 'node:http'
+const token = 'spb_${'b'.repeat(43)}'
+const captureId = 'cap_abcdefghijklmnopqrstuv'
+const server = http.createServer((req, res) => {
+  const send = (status, body) => {
+    res.writeHead(status, { 'Content-Type': 'application/json; charset=utf-8' })
+    res.end(JSON.stringify(body))
+  }
+  if (req.method === 'POST' && req.url === '/v1/captures') return send(200, { id: captureId, status: 'queued' })
+  if (req.url === '/v1/captures/' + captureId) return send(200, {
+    id: captureId,
+    status: 'failed',
+    phase: 'cleanup',
+    error: {
+      code: 'TARGET_LOAD_FAILED',
+      message: 'Target failed while loading https://example.test/app?token=secret&apiToken=spb_${'d'.repeat(43)}#frag.',
+      details: {
+        url: 'https://example.test/app?token=secret&apiToken=spb_${'d'.repeat(43)}#frag',
+        authorization: 'Bearer spb_${'d'.repeat(43)}'
+      }
+    }
+  })
+  return send(404, { error: { code: 'NOT_FOUND' } })
+})
+server.listen(0, '127.0.0.1', () => {
+  const port = server.address().port
+  process.stdout.write(JSON.stringify({ event: 'stackprism-bridge-ready', protocolVersion: 1, baseUrl: 'http://127.0.0.1:' + port, healthUrl: 'http://127.0.0.1:' + port + '/health', apiToken: token }) + '\\n')
+})
+process.stdin.on('end', () => server.close(() => process.exit(0)))
+process.stdin.resume()
+`,
+    'utf8'
+  )
+
+  try {
+    const child = spawn(
+      process.execPath,
+      ['agent-skill/stackprism-site-experience/scripts/capture-site.mjs', '--url', 'https://example.test/', '--out', profilePath],
+      {
+        cwd: new URL('..', import.meta.url),
+        env: { ...process.env, STACKPRISM_CAPTURE_BRIDGE_SCRIPT: fakeBridgePath },
+        stdio: ['ignore', 'pipe', 'pipe']
+      }
+    )
+    let stderr = ''
+    child.stderr.on('data', chunk => {
+      stderr += String(chunk)
+    })
+    const [code] = await once(child, 'exit')
+    const error = JSON.parse(stderr.trim())
+    assert.notEqual(code, 0)
+    assert.equal(error.error.code, 'TARGET_LOAD_FAILED')
+    assert.doesNotMatch(stderr, /token=secret|apiToken=|Bearer spb_|#frag/)
+    assert.match(stderr, /\[redacted/)
+    assert.equal(existsSync(profilePath), false)
+  } finally {
+    rmSync(tempDir, { recursive: true, force: true })
+  }
+})
+
+test('capture-site helper exits with CAPTURE_BUSY without writing profile', async () => {
+  const tempDir = mkdtempSync(join(tmpdir(), 'stackprism-capture-site-busy-'))
+  const fakeBridgePath = join(tempDir, 'fake-bridge-busy.mjs')
+  const profilePath = join(tempDir, 'profile.json')
+  writeFileSync(
+    fakeBridgePath,
+    `
+import http from 'node:http'
+const token = 'spb_${'g'.repeat(43)}'
+const server = http.createServer((req, res) => {
+  const send = (status, body) => {
+    res.writeHead(status, { 'Content-Type': 'application/json; charset=utf-8' })
+    res.end(JSON.stringify(body))
+  }
+  if (req.method === 'POST' && req.url === '/v1/captures') {
+    return send(409, {
+      error: {
+        code: 'CAPTURE_BUSY',
+        message: 'Capture already active.',
+        details: { captureId: 'cap_abcdefghijklmnopqrstuv' }
+      }
+    })
+  }
+  return send(404, { error: { code: 'NOT_FOUND' } })
+})
+server.listen(0, '127.0.0.1', () => {
+  const port = server.address().port
+  process.stdout.write(JSON.stringify({ event: 'stackprism-bridge-ready', protocolVersion: 1, baseUrl: 'http://127.0.0.1:' + port, healthUrl: 'http://127.0.0.1:' + port + '/health', apiToken: token }) + '\\n')
+})
+process.stdin.on('end', () => server.close(() => process.exit(0)))
+process.stdin.resume()
+`,
+    'utf8'
+  )
+
+  try {
+    const child = spawn(
+      process.execPath,
+      ['agent-skill/stackprism-site-experience/scripts/capture-site.mjs', '--url', 'https://example.test/', '--out', profilePath],
+      {
+        cwd: new URL('..', import.meta.url),
+        env: { ...process.env, STACKPRISM_CAPTURE_BRIDGE_SCRIPT: fakeBridgePath },
+        stdio: ['ignore', 'pipe', 'pipe']
+      }
+    )
+    let stdout = ''
+    let stderr = ''
+    child.stdout.on('data', chunk => {
+      stdout += String(chunk)
+    })
+    child.stderr.on('data', chunk => {
+      stderr += String(chunk)
+    })
+    const [code] = await once(child, 'exit')
+    const error = JSON.parse(stderr.trim())
+
+    assert.notEqual(code, 0)
+    assert.equal(stdout.trim(), '')
+    assert.equal(error.error.code, 'CAPTURE_BUSY')
+    assert.match(error.error.message, /Capture already active/)
+    assert.equal(existsSync(profilePath), false)
+  } finally {
+    rmSync(tempDir, { recursive: true, force: true })
+  }
+})
+
+test('capture-site helper does not use nonstandard error bodies as stderr codes', async () => {
+  const tempDir = mkdtempSync(join(tmpdir(), 'stackprism-capture-site-nonstandard-error-'))
+  const fakeBridgePath = join(tempDir, 'fake-bridge-nonstandard-error.mjs')
+  const profilePath = join(tempDir, 'profile.json')
+  writeFileSync(
+    fakeBridgePath,
+    `
+import http from 'node:http'
+const token = 'spb_${'e'.repeat(43)}'
+const server = http.createServer((req, res) => {
+  res.writeHead(502, { 'Content-Type': 'application/json; charset=utf-8' })
+  res.end(JSON.stringify({
+    error: {
+      message: 'Proxy failed https://example.test/app?token=secret&apiToken=spb_${'e'.repeat(43)}#frag',
+      details: {
+        url: 'https://example.test/app?token=secret&apiToken=spb_${'e'.repeat(43)}#frag',
+        authorization: 'Bearer spb_${'e'.repeat(43)}'
+      }
+    }
+  }))
+})
+server.listen(0, '127.0.0.1', () => {
+  const port = server.address().port
+  process.stdout.write(JSON.stringify({ event: 'stackprism-bridge-ready', protocolVersion: 1, baseUrl: 'http://127.0.0.1:' + port, healthUrl: 'http://127.0.0.1:' + port + '/health', apiToken: token }) + '\\n')
+})
+process.stdin.on('end', () => server.close(() => process.exit(0)))
+process.stdin.resume()
+`,
+    'utf8'
+  )
+
+  try {
+    const child = spawn(
+      process.execPath,
+      ['agent-skill/stackprism-site-experience/scripts/capture-site.mjs', '--url', 'https://example.test/', '--out', profilePath],
+      {
+        cwd: new URL('..', import.meta.url),
+        env: { ...process.env, STACKPRISM_CAPTURE_BRIDGE_SCRIPT: fakeBridgePath },
+        stdio: ['ignore', 'pipe', 'pipe']
+      }
+    )
+    let stderr = ''
+    child.stderr.on('data', chunk => {
+      stderr += String(chunk)
+    })
+    const [code] = await once(child, 'exit')
+    const error = JSON.parse(stderr.trim())
+
+    assert.notEqual(code, 0)
+    assert.equal(error.error.code, 'CAPTURE_FAILED')
+    assert.doesNotMatch(stderr, /token=secret|apiToken=|Bearer spb_|#frag/)
+    assert.match(stderr, /\[redacted/)
+    assert.equal(existsSync(profilePath), false)
+  } finally {
+    rmSync(tempDir, { recursive: true, force: true })
+  }
+})
+
+test('capture-site helper aborts stalled bridge API requests', async () => {
+  const tempDir = mkdtempSync(join(tmpdir(), 'stackprism-capture-site-stall-'))
+  const fakeBridgePath = join(tempDir, 'fake-bridge-stall.mjs')
+  const profilePath = join(tempDir, 'profile.json')
+  writeFileSync(
+    fakeBridgePath,
+    `
+import http from 'node:http'
+const token = 'spb_${'c'.repeat(43)}'
+const server = http.createServer((req, res) => {
+  if (req.method === 'POST' && req.url === '/v1/captures') return
+  res.writeHead(404, { 'Content-Type': 'application/json; charset=utf-8' })
+  res.end(JSON.stringify({ error: { code: 'NOT_FOUND' } }))
+})
+server.listen(0, '127.0.0.1', () => {
+  const port = server.address().port
+  process.stdout.write(JSON.stringify({ event: 'stackprism-bridge-ready', protocolVersion: 1, baseUrl: 'http://127.0.0.1:' + port, healthUrl: 'http://127.0.0.1:' + port + '/health', apiToken: token }) + '\\n')
+})
+process.stdin.on('end', () => server.close(() => process.exit(0)))
+process.stdin.resume()
+`,
+    'utf8'
+  )
+
+  try {
+    const child = spawn(
+      process.execPath,
+      [
+        'agent-skill/stackprism-site-experience/scripts/capture-site.mjs',
+        '--url',
+        'https://example.test/',
+        '--out',
+        profilePath,
+        '--request-timeout-ms',
+        '200'
+      ],
+      {
+        cwd: new URL('..', import.meta.url),
+        env: { ...process.env, STACKPRISM_CAPTURE_BRIDGE_SCRIPT: fakeBridgePath },
+        stdio: ['ignore', 'pipe', 'pipe']
+      }
+    )
+    let stderr = ''
+    child.stderr.on('data', chunk => {
+      stderr += String(chunk)
+    })
+    const exited = await Promise.race([
+      once(child, 'exit').then(([code]) => ({ exited: true, code })),
+      new Promise(resolve => setTimeout(() => resolve({ exited: false, code: null }), 3000))
+    ])
+    if (!exited.exited) child.kill('SIGTERM')
+    assert.equal(exited.exited, true)
+    const error = JSON.parse(stderr.trim())
+    assert.notEqual(exited.code, 0)
+    assert.equal(error.error.code, 'BRIDGE_REQUEST_TIMEOUT')
+    assert.equal(existsSync(profilePath), false)
+  } finally {
+    rmSync(tempDir, { recursive: true, force: true })
+  }
+})
+
+test('js bridge rejects cross-origin, private target, and self-target requests', async () => {
+  await withBridge(async ready => {
+    const privateTarget = await readJson(
+      await fetch(`${ready.baseUrl}/v1/captures`, {
+        method: 'POST',
+        headers: { ...auth(ready.apiToken), 'Content-Type': 'application/json' },
+        body: JSON.stringify({ ...baseCaptureRequest, url: 'http://127.0.0.1:3000/' })
+      })
+    )
+    assert.equal(privateTarget.status, 400)
+    assert.equal(privateTarget.body.error.code, 'PRIVATE_NETWORK_TARGET_BLOCKED')
+
+    const compatibleIpv6PrivateTarget = await readJson(
+      await fetch(`${ready.baseUrl}/v1/captures`, {
+        method: 'POST',
+        headers: { ...auth(ready.apiToken), 'Content-Type': 'application/json' },
+        body: JSON.stringify({ ...baseCaptureRequest, url: 'http://[::7f00:1]:3000/' })
+      })
+    )
+    assert.equal(compatibleIpv6PrivateTarget.status, 400)
+    assert.equal(compatibleIpv6PrivateTarget.body.error.code, 'PRIVATE_NETWORK_TARGET_BLOCKED')
+
+    const selfTarget = await readJson(
+      await fetch(`${ready.baseUrl}/v1/captures`, {
+        method: 'POST',
+        headers: { ...auth(ready.apiToken), 'Content-Type': 'application/json' },
+        body: JSON.stringify({
+          ...baseCaptureRequest,
+          url: ready.baseUrl,
+          options: { ...baseCaptureRequest.options, allowPrivateNetworkTarget: true }
+        })
+      })
+    )
+    assert.equal(selfTarget.status, 400)
+    assert.equal(selfTarget.body.error.code, 'BRIDGE_SELF_TARGET_BLOCKED')
+
+    const localhostSelfTarget = await readJson(
+      await fetch(`${ready.baseUrl}/v1/captures`, {
+        method: 'POST',
+        headers: { ...auth(ready.apiToken), 'Content-Type': 'application/json' },
+        body: JSON.stringify({
+          ...baseCaptureRequest,
+          url: ready.baseUrl.replace('127.0.0.1', 'localhost'),
+          options: { ...baseCaptureRequest.options, allowPrivateNetworkTarget: true }
+        })
+      })
+    )
+    assert.equal(localhostSelfTarget.status, 400)
+    assert.equal(localhostSelfTarget.body.error.code, 'BRIDGE_SELF_TARGET_BLOCKED')
+
+    for (const alias of ['2130706433', '127.1', '0x7f000001', '[::ffff:127.0.0.1]', '[::7f00:1]']) {
+      const aliasSelfTarget = await readJson(
+        await fetch(`${ready.baseUrl}/v1/captures`, {
+          method: 'POST',
+          headers: { ...auth(ready.apiToken), 'Content-Type': 'application/json' },
+          body: JSON.stringify({
+            ...baseCaptureRequest,
+            url: ready.baseUrl.replace('127.0.0.1', alias),
+            options: { ...baseCaptureRequest.options, allowPrivateNetworkTarget: true }
+          })
+        })
+      )
+      assert.equal(aliasSelfTarget.status, 400, alias)
+      assert.equal(aliasSelfTarget.body.error.code, 'BRIDGE_SELF_TARGET_BLOCKED', alias)
+    }
+
+    const crossOrigin = await readJson(
+      await fetch(`${ready.baseUrl}/v1/captures`, {
+        method: 'POST',
+        headers: { ...auth(ready.apiToken), 'Content-Type': 'application/json', Origin: 'https://attacker.example' },
+        body: JSON.stringify(baseCaptureRequest)
+      })
+    )
+    assert.equal(crossOrigin.status, 403)
+    assert.equal(crossOrigin.body.error.code, 'ORIGIN_NOT_ALLOWED')
+  })
+})
+
+test('url policy rejects fixture-resolved private hostnames without real DNS', async () => {
+  const publicResult = await normalizeCaptureRequest(
+    { ...baseCaptureRequest, url: urlPolicyCases.publicHostname.url },
+    'http://127.0.0.1:17370',
+    { resolveHostname: async () => urlPolicyCases.publicHostname.resolvedAddresses.map(address => ({ address, family: 4 })) }
+  )
+  assert.equal(publicResult.ok, true)
+  assert.equal(publicResult.request.url, urlPolicyCases.publicHostname.normalizedUrl)
+
+  const credentialTarget = await normalizeCaptureRequest(
+    { ...baseCaptureRequest, url: urlPolicyCases.credentialUrl.url },
+    'http://127.0.0.1:17370'
+  )
+  assert.equal(credentialTarget.ok, false)
+  assert.equal(credentialTarget.code, urlPolicyCases.credentialUrl.errorCode)
+
+  const invalidBooleanOption = await normalizeCaptureRequest(
+    { ...baseCaptureRequest, options: { ...baseCaptureRequest.options, forceRefresh: 'true' } },
+    'http://127.0.0.1:17370'
+  )
+  assert.equal(invalidBooleanOption.ok, false)
+  assert.equal(invalidBooleanOption.code, 'INVALID_REQUEST')
+
+  const screenshotOption = await normalizeCaptureRequest(
+    { ...baseCaptureRequest, options: { ...baseCaptureRequest.options, captureScreenshot: true } },
+    'http://127.0.0.1:17370',
+    { resolveHostname: async () => [{ address: '93.184.216.34', family: 4 }] }
+  )
+  assert.equal(screenshotOption.ok, true)
+  assert.equal(screenshotOption.request.options.captureScreenshot, true)
+
+  const invalidScreenshotOption = await normalizeCaptureRequest(
+    { ...baseCaptureRequest, options: { ...baseCaptureRequest.options, captureScreenshot: 'true' } },
+    'http://127.0.0.1:17370'
+  )
+  assert.equal(invalidScreenshotOption.ok, false)
+  assert.equal(invalidScreenshotOption.code, 'INVALID_REQUEST')
+
+  for (const item of [
+    { request: { ...baseCaptureRequest, waitMs: null }, field: 'waitMs null' },
+    { request: { ...baseCaptureRequest, viewports: null }, field: 'viewports null' },
+    {
+      request: { ...baseCaptureRequest, viewports: [{ name: 123, width: 1440, height: 900, deviceScaleFactor: 1 }] },
+      field: 'viewport name'
+    },
+    { request: { ...baseCaptureRequest, options: null }, field: 'options null' },
+    { request: { ...baseCaptureRequest, options: true }, field: 'options boolean' },
+    { request: { ...baseCaptureRequest, options: { ...baseCaptureRequest.options, targetMode: '' } }, field: 'targetMode empty' }
+  ]) {
+    const rejected = await normalizeCaptureRequest(item.request, 'http://127.0.0.1:17370')
+    assert.equal(rejected.ok, false, item.field)
+    assert.equal(rejected.code, 'INVALID_REQUEST', item.field)
+  }
+
+  const resolvedPrivate = await normalizeCaptureRequest(
+    { ...baseCaptureRequest, url: urlPolicyCases.privateHostname.url },
+    'http://127.0.0.1:17370',
+    {
+      resolveHostname: async hostname => {
+        assert.equal(hostname, 'dev.internal.example')
+        return urlPolicyCases.privateHostname.resolvedAddresses.map(address => ({ address, family: 4 }))
+      }
+    }
+  )
+  assert.equal(resolvedPrivate.ok, false)
+  assert.equal(resolvedPrivate.code, urlPolicyCases.privateHostname.errorCode)
+  assert.equal(resolvedPrivate.details.reason, 'private_network_address')
+
+  const mixedResult = await normalizeCaptureRequest(
+    { ...baseCaptureRequest, url: urlPolicyCases.mixedHostname.url },
+    'http://127.0.0.1:17370',
+    {
+      resolveHostname: async () => urlPolicyCases.mixedHostname.resolvedAddresses.map(address => ({ address, family: 4 }))
+    }
+  )
+  assert.equal(mixedResult.ok, false)
+  assert.equal(mixedResult.code, urlPolicyCases.mixedHostname.errorCode)
+
+  const proxyReservedResult = await normalizeCaptureRequest(
+    { ...baseCaptureRequest, url: urlPolicyCases.proxyReservedHostname.url },
+    'http://127.0.0.1:17370',
+    {
+      resolveHostname: async () => urlPolicyCases.proxyReservedHostname.resolvedAddresses.map(address => ({ address, family: 4 }))
+    }
+  )
+  assert.equal(proxyReservedResult.ok, true)
+  assert.equal(proxyReservedResult.request.url, urlPolicyCases.proxyReservedHostname.normalizedUrl)
+
+  const proxyReservedIpLiteralResult = await normalizeCaptureRequest(
+    { ...baseCaptureRequest, url: urlPolicyCases.proxyReservedIpLiteral.url },
+    'http://127.0.0.1:17370'
+  )
+  assert.equal(proxyReservedIpLiteralResult.ok, false)
+  assert.equal(proxyReservedIpLiteralResult.code, urlPolicyCases.proxyReservedIpLiteral.errorCode)
+  assert.equal(proxyReservedIpLiteralResult.details.reason, 'private_network_address')
+
+  for (const policyCase of [urlPolicyCases.specialUseHostname, urlPolicyCases.specialUseIpv6Hostname]) {
+    for (const address of policyCase.resolvedAddresses) {
+      const specialUseResult = await normalizeCaptureRequest({ ...baseCaptureRequest, url: policyCase.url }, 'http://127.0.0.1:17370', {
+        resolveHostname: async () => [{ address, family: address.includes(':') ? 6 : 4 }]
+      })
+      assert.equal(specialUseResult.ok, false, address)
+      assert.equal(specialUseResult.code, policyCase.errorCode, address)
+      assert.equal(specialUseResult.details.reason, 'private_network_address', address)
+    }
+  }
+
+  for (const address of urlPolicyCases.publicSpecialUseExceptionHostname.resolvedAddresses) {
+    const exceptionResult = await normalizeCaptureRequest(
+      { ...baseCaptureRequest, url: urlPolicyCases.publicSpecialUseExceptionHostname.url },
+      'http://127.0.0.1:17370',
+      {
+        resolveHostname: async () => [{ address, family: address.includes(':') ? 6 : 4 }]
+      }
+    )
+    assert.equal(exceptionResult.ok, true, address)
+    assert.equal(exceptionResult.request.url, urlPolicyCases.publicSpecialUseExceptionHostname.normalizedUrl, address)
+  }
+})
+
+test('url policy fails closed when DNS fixture cannot prove a public target', async () => {
+  const failedLookup = await normalizeCaptureRequest(
+    { ...baseCaptureRequest, url: 'https://missing.internal.example/dashboard' },
+    'http://127.0.0.1:17370',
+    {
+      resolveHostname: async () => {
+        const error = new Error('fixture NXDOMAIN')
+        error.code = 'ENOTFOUND'
+        throw error
+      }
+    }
+  )
+  assert.equal(failedLookup.ok, false)
+  assert.equal(failedLookup.code, 'TARGET_DNS_LOOKUP_FAILED')
+  assert.equal(failedLookup.details.reason, 'dns_lookup_failed')
+
+  const emptyLookup = await normalizeCaptureRequest(
+    { ...baseCaptureRequest, url: 'https://empty.internal.example/dashboard' },
+    'http://127.0.0.1:17370',
+    { resolveHostname: async () => [] }
+  )
+  assert.equal(emptyLookup.ok, false)
+  assert.equal(emptyLookup.code, 'TARGET_DNS_LOOKUP_FAILED')
+})
+
+test('js bridge capture creation uses injected DNS policy fixture', async () => {
+  await withBridge(
+    async ready => {
+      const resolvedPrivate = await readJson(
+        await fetch(`${ready.baseUrl}/v1/captures`, {
+          method: 'POST',
+          headers: { ...auth(ready.apiToken), 'Content-Type': 'application/json' },
+          body: JSON.stringify({ ...baseCaptureRequest, url: 'https://dev.internal.example/dashboard' })
+        })
+      )
+      assert.equal(resolvedPrivate.status, 400)
+      assert.equal(resolvedPrivate.body.error.code, 'PRIVATE_NETWORK_TARGET_BLOCKED')
+      assert.equal(resolvedPrivate.body.error.details.reason, 'private_network_address')
+    },
+    {
+      resolveHostname: async () => [{ address: '172.20.1.2', family: 4 }]
+    }
+  )
+})
+
+test('js bridge rejects private final URLs before profile creation', async () => {
+  await withBridge(
+    async ready => {
+      const created = await createCapture(ready)
+      const config = await loadBridgeConfig(created.body.bridgeUrl)
+
+      const finalUrlStatus = await readJson(
+        await fetch(`${ready.baseUrl}/v1/captures/${created.body.id}/status`, {
+          method: 'POST',
+          headers: { ...auth(config.bridgeToken), 'Content-Type': 'application/json' },
+          body: JSON.stringify({
+            captureId: created.body.id,
+            sessionId: config.sessionId,
+            nonce: config.nonce,
+            protocolVersion: 1,
+            status: 'running',
+            phase: 'target_loaded',
+            sequence: 1,
+            finalUrl: 'https://redirect.internal.example/dashboard'
+          })
+        })
+      )
+      assert.equal(finalUrlStatus.status, 409)
+      assert.equal(finalUrlStatus.body.error.code, 'FINAL_URL_BLOCKED')
+      assert.equal(finalUrlStatus.body.error.details.reason, 'private_network_address')
+
+      const status = await readJson(await fetch(`${ready.baseUrl}/v1/captures/${created.body.id}`, { headers: auth(ready.apiToken) }))
+      assert.equal(status.body.status, 'failed')
+      assert.equal(status.body.phase, 'target_loaded')
+      assert.equal(status.body.error.code, 'FINAL_URL_BLOCKED')
+
+      const lateProfile = await readJson(
+        await fetch(`${ready.baseUrl}/v1/captures/${created.body.id}/profile`, {
+          method: 'POST',
+          headers: { ...auth(config.bridgeToken), 'Content-Type': 'application/json' },
+          body: JSON.stringify(profileFor(created.body.id))
+        })
+      )
+      assert.equal(lateProfile.status, 409)
+      assert.equal(lateProfile.body.error.code, 'STALE_STATUS_UPDATE')
+    },
+    {
+      resolveHostname: async hostname => {
+        if (hostname === 'redirect.internal.example') return [{ address: '10.20.30.40', family: 4 }]
+        return [{ address: '93.184.216.34', family: 4 }]
+      }
+    }
+  )
+})
+
+test('js bridge rejects private browser-observed target addresses', async () => {
+  await withBridge(
+    async ready => {
+      for (const [label, extra] of [
+        ['direct private address', {}],
+        ['cached private address', { targetNetworkFromCache: true }]
+      ]) {
+        const created = await createCapture(ready)
+        const config = await loadBridgeConfig(created.body.bridgeUrl)
+        const status = await readJson(
+          await fetch(`${ready.baseUrl}/v1/captures/${created.body.id}/status`, {
+            method: 'POST',
+            headers: { ...auth(config.bridgeToken), 'Content-Type': 'application/json' },
+            body: JSON.stringify(
+              statusBody(created.body.id, config, {
+                status: 'running',
+                phase: 'target_loaded',
+                sequence: 1,
+                finalUrl: baseCaptureRequest.url,
+                targetNetworkAddress: '127.0.0.1',
+                ...extra
+              })
+            )
+          })
+        )
+        assert.equal(status.status, 409, label)
+        assert.equal(status.body.error.code, 'FINAL_URL_BLOCKED', label)
+        assert.equal(status.body.error.details.reason, 'private_network_address', label)
+      }
+    },
+    {
+      resolveHostname: async () => [{ address: '93.184.216.34', family: 4 }]
+    }
+  )
+})
+
+test('js bridge accepts proxy-reserved browser-observed addresses for public hostnames', async () => {
+  await withBridge(
+    async ready => {
+      const created = await createCapture(ready)
+      const config = await loadBridgeConfig(created.body.bridgeUrl)
+      const status = await readJson(
+        await fetch(`${ready.baseUrl}/v1/captures/${created.body.id}/status`, {
+          method: 'POST',
+          headers: { ...auth(config.bridgeToken), 'Content-Type': 'application/json' },
+          body: JSON.stringify(
+            statusBody(created.body.id, config, {
+              status: 'running',
+              phase: 'target_loaded',
+              sequence: 1,
+              finalUrl: 'https://proxy-reserved.example/dashboard',
+              targetNetworkAddress: '198.18.0.12'
+            })
+          )
+        })
+      )
+      assert.equal(status.status, 200)
+      assert.equal(status.body.phase, 'target_loaded')
+    },
+    {
+      resolveHostname: async hostname => {
+        assert.equal(hostname, 'proxy-reserved.example')
+        return [{ address: '198.18.0.12', family: 4 }]
+      }
+    }
+  )
+})
+
+test('js bridge accepts public final URLs when browser network address is unavailable', async () => {
+  for (const [label, extra] of [
+    ['missing address', {}],
+    ['cached response', { targetNetworkFromCache: true }]
+  ]) {
+    await withBridge(
+      async ready => {
+        const created = await createCapture(ready)
+        const config = await loadBridgeConfig(created.body.bridgeUrl)
+        const status = await readJson(
+          await fetch(`${ready.baseUrl}/v1/captures/${created.body.id}/status`, {
+            method: 'POST',
+            headers: { ...auth(config.bridgeToken), 'Content-Type': 'application/json' },
+            body: JSON.stringify(
+              statusBody(created.body.id, config, {
+                status: 'running',
+                phase: 'target_loaded',
+                sequence: 1,
+                finalUrl: baseCaptureRequest.url,
+                ...extra
+              })
+            )
+          })
+        )
+        assert.equal(status.status, 200, label)
+        assert.equal(status.body.phase, 'target_loaded', label)
+      },
+      {
+        resolveHostname: async () => [{ address: '93.184.216.34', family: 4 }]
+      }
+    )
+  }
+})
+
+test('js bridge rejects non-ip browser-observed target addresses', async () => {
+  await withBridge(
+    async ready => {
+      const created = await createCapture(ready)
+      const config = await loadBridgeConfig(created.body.bridgeUrl)
+      const status = await readJson(
+        await fetch(`${ready.baseUrl}/v1/captures/${created.body.id}/status`, {
+          method: 'POST',
+          headers: { ...auth(config.bridgeToken), 'Content-Type': 'application/json' },
+          body: JSON.stringify(
+            statusBody(created.body.id, config, {
+              status: 'running',
+              phase: 'target_loaded',
+              sequence: 1,
+              finalUrl: baseCaptureRequest.url,
+              targetNetworkAddress: 'example.com'
+            })
+          )
+        })
+      )
+      assert.equal(status.status, 400)
+      assert.equal(status.body.error.code, 'INVALID_REQUEST')
+      assert.equal(status.body.error.details.reason, 'invalid_network_address')
+    },
+    {
+      resolveHostname: async () => [{ address: '93.184.216.34', family: 4 }]
+    }
+  )
+})
+
+test('js bridge requires accepted final URL before profile submission', async () => {
+  await withBridge(async ready => {
+    const created = await createCapture(ready)
+    const config = await loadBridgeConfig(created.body.bridgeUrl)
+    const missingFinalUrl = await readJson(
+      await fetch(`${ready.baseUrl}/v1/captures/${created.body.id}/status`, {
+        method: 'POST',
+        headers: { ...auth(config.bridgeToken), 'Content-Type': 'application/json' },
+        body: JSON.stringify(statusBody(created.body.id, config, { status: 'running', phase: 'target_loaded', sequence: 1 }))
+      })
+    )
+    assert.equal(missingFinalUrl.status, 400)
+    assert.equal(missingFinalUrl.body.error.code, 'INVALID_REQUEST')
+
+    const earlyProfile = await readJson(
+      await fetch(`${ready.baseUrl}/v1/captures/${created.body.id}/profile`, {
+        method: 'POST',
+        headers: { ...auth(config.bridgeToken), 'Content-Type': 'application/json' },
+        body: JSON.stringify(profileFor(created.body.id))
+      })
+    )
+    assert.equal(earlyProfile.status, 409)
+    assert.equal(earlyProfile.body.error.code, 'INVALID_REQUEST')
+  })
+})
+
+test('js bridge rejects stale status sequences and phase regressions', async () => {
+  await withBridge(async ready => {
+    const created = await createCapture(ready)
+    const config = await loadBridgeConfig(created.body.bridgeUrl)
+    const statusUrl = `${ready.baseUrl}/v1/captures/${created.body.id}/status`
+
+    const wrongIdentity = await readJson(
+      await fetch(statusUrl, {
+        method: 'POST',
+        headers: { ...auth(config.bridgeToken), 'Content-Type': 'application/json' },
+        body: JSON.stringify(
+          statusBody(
+            created.body.id,
+            { ...config, nonce: identifiers.nonce.valid[1] },
+            {
+              status: 'waiting_extension',
+              phase: 'bridge_connected',
+              sequence: 1
+            }
+          )
+        )
+      })
+    )
+    assert.equal(wrongIdentity.status, 400)
+    assert.equal(wrongIdentity.body.error.code, 'INVALID_REQUEST')
+
+    const connected = await readJson(
+      await fetch(statusUrl, {
+        method: 'POST',
+        headers: { ...auth(config.bridgeToken), 'Content-Type': 'application/json' },
+        body: JSON.stringify(statusBody(created.body.id, config, { status: 'waiting_extension', phase: 'bridge_connected', sequence: 1 }))
+      })
+    )
+    assert.equal(connected.status, 200)
+    assert.equal(connected.body.status, 'waiting_extension')
+    assert.equal(connected.body.phase, 'bridge_connected')
+
+    const running = await readJson(
+      await fetch(statusUrl, {
+        method: 'POST',
+        headers: { ...auth(config.bridgeToken), 'Content-Type': 'application/json' },
+        body: JSON.stringify(statusBody(created.body.id, config, { status: 'running', phase: 'request_loaded', sequence: 2 }))
+      })
+    )
+    assert.equal(running.status, 200)
+    assert.equal(running.body.status, 'running')
+    assert.equal(running.body.phase, 'request_loaded')
+
+    const staleSequence = await readJson(
+      await fetch(statusUrl, {
+        method: 'POST',
+        headers: { ...auth(config.bridgeToken), 'Content-Type': 'application/json' },
+        body: JSON.stringify(statusBody(created.body.id, config, { status: 'running', phase: 'target_opening', sequence: 2 }))
+      })
+    )
+    assert.equal(staleSequence.status, 409)
+    assert.equal(staleSequence.body.error.code, 'STALE_STATUS_UPDATE')
+
+    const phaseRegression = await readJson(
+      await fetch(statusUrl, {
+        method: 'POST',
+        headers: { ...auth(config.bridgeToken), 'Content-Type': 'application/json' },
+        body: JSON.stringify(statusBody(created.body.id, config, { status: 'running', phase: 'bridge_connected', sequence: 3 }))
+      })
+    )
+    assert.equal(phaseRegression.status, 409)
+    assert.equal(phaseRegression.body.error.code, 'STALE_STATUS_UPDATE')
+
+    const nonRunningPhaseRegression = await readJson(
+      await fetch(statusUrl, {
+        method: 'POST',
+        headers: { ...auth(config.bridgeToken), 'Content-Type': 'application/json' },
+        body: JSON.stringify(statusBody(created.body.id, config, { status: 'waiting_extension', phase: 'bridge_connected', sequence: 3 }))
+      })
+    )
+    assert.equal(nonRunningPhaseRegression.status, 409)
+    assert.equal(nonRunningPhaseRegression.body.error.code, 'STALE_STATUS_UPDATE')
+
+    const status = await readJson(await fetch(`${ready.baseUrl}/v1/captures/${created.body.id}`, { headers: auth(ready.apiToken) }))
+    assert.equal(status.body.status, 'running')
+    assert.equal(status.body.phase, 'request_loaded')
+  })
+})
+
+test('js bridge serializes concurrent status updates for one capture', async () => {
+  await withBridge(async ready => {
+    const created = await createCapture(ready)
+    const config = await loadBridgeConfig(created.body.bridgeUrl)
+    const statusUrl = `${ready.baseUrl}/v1/captures/${created.body.id}/status`
+    const body = JSON.stringify(
+      statusBody(created.body.id, config, {
+        status: 'running',
+        phase: 'target_loaded',
+        sequence: 1,
+        finalUrl: 'https://93.184.216.34/app?view=one',
+        targetNetworkAddress: '93.184.216.34'
+      })
+    )
+
+    const results = await Promise.all(
+      [0, 1].map(() =>
+        fetch(statusUrl, {
+          method: 'POST',
+          headers: { ...auth(config.bridgeToken), 'Content-Type': 'application/json' },
+          body
+        }).then(readJson)
+      )
+    )
+
+    assert.equal(results.filter(result => result.status === 200).length, 1)
+    assert.equal(results.filter(result => result.status === 409 && result.body.error.code === 'STALE_STATUS_UPDATE').length, 1)
+  })
+})
+
+test('js bridge restricts bridge-token terminal status updates', async () => {
+  await withBridge(async ready => {
+    const created = await createCapture(ready)
+    const config = await loadBridgeConfig(created.body.bridgeUrl)
+    const statusUrl = `${ready.baseUrl}/v1/captures/${created.body.id}/status`
+
+    const cancelledWithoutDelete = await readJson(
+      await fetch(statusUrl, {
+        method: 'POST',
+        headers: { ...auth(config.bridgeToken), 'Content-Type': 'application/json' },
+        body: JSON.stringify(statusBody(created.body.id, config, { status: 'cancelled', phase: 'cleanup', sequence: 1 }))
+      })
+    )
+    assert.equal(cancelledWithoutDelete.status, 409)
+    assert.equal(cancelledWithoutDelete.body.error.code, 'STALE_STATUS_UPDATE')
+
+    const failedWithoutError = await readJson(
+      await fetch(statusUrl, {
+        method: 'POST',
+        headers: { ...auth(config.bridgeToken), 'Content-Type': 'application/json' },
+        body: JSON.stringify(statusBody(created.body.id, config, { status: 'failed', phase: 'cleanup', sequence: 1 }))
+      })
+    )
+    assert.equal(failedWithoutError.status, 400)
+    assert.equal(failedWithoutError.body.error.code, 'INVALID_REQUEST')
+
+    const failedWithNullError = await readJson(
+      await fetch(statusUrl, {
+        method: 'POST',
+        headers: { ...auth(config.bridgeToken), 'Content-Type': 'application/json' },
+        body: JSON.stringify(statusBody(created.body.id, config, { status: 'failed', phase: 'cleanup', sequence: 1, error: null }))
+      })
+    )
+    assert.equal(failedWithNullError.status, 400)
+    assert.equal(failedWithNullError.body.error.code, 'INVALID_REQUEST')
+
+    const failedUnknownCode = await readJson(
+      await fetch(statusUrl, {
+        method: 'POST',
+        headers: { ...auth(config.bridgeToken), 'Content-Type': 'application/json' },
+        body: JSON.stringify(
+          statusBody(created.body.id, config, {
+            status: 'failed',
+            phase: 'cleanup',
+            sequence: 1,
+            error: { code: 'MADE_UP_ERROR', message: 'Unknown bridge error.' }
+          })
+        )
+      })
+    )
+    assert.equal(failedUnknownCode.status, 400)
+    assert.equal(failedUnknownCode.body.error.code, 'INVALID_REQUEST')
+
+    const failedError = sensitiveFailedError(ready, created, config)
+    const failedAtTargetOpening = await readJson(
+      await fetch(statusUrl, {
+        method: 'POST',
+        headers: { ...auth(config.bridgeToken), 'Content-Type': 'application/json' },
+        body: JSON.stringify(
+          statusBody(created.body.id, config, {
+            status: 'failed',
+            phase: 'target_opening',
+            sequence: 1,
+            error: failedError
+          })
+        )
+      })
+    )
+    assert.equal(failedAtTargetOpening.status, 200)
+    assert.equal(failedAtTargetOpening.body.status, 'failed')
+    assert.equal(failedAtTargetOpening.body.phase, 'target_opening')
+    assert.equal(failedAtTargetOpening.body.error.code, 'TARGET_TAB_CLOSED')
+    assertErrorIsRedacted(failedAtTargetOpening.body.error, [ready.apiToken, config.bridgeToken, config.nonce])
+  })
+})
+
+test('js bridge requires api token to cancel captures', async () => {
+  await withBridge(async ready => {
+    const created = await createCapture(ready)
+    const config = await loadBridgeConfig(created.body.bridgeUrl)
+
+    const forbidden = await readJson(
+      await fetch(`${ready.baseUrl}/v1/captures/${created.body.id}`, {
+        method: 'DELETE',
+        headers: auth(config.bridgeToken)
+      })
+    )
+    assert.equal(forbidden.status, 403)
+    assert.equal(forbidden.body.error.code, 'FORBIDDEN')
+
+    const status = await readJson(await fetch(`${ready.baseUrl}/v1/captures/${created.body.id}`, { headers: auth(ready.apiToken) }))
+    assert.equal(status.status, 200)
+    assert.equal(status.body.status, 'queued')
+    assert.equal(status.body.phase, undefined)
+  })
+})
+
+test('js bridge rejects DELETE for every terminal capture state', async () => {
+  let now = 1000
+  await withBridge(
+    async ready => {
+      const makeCompleted = async () => {
+        const created = await createCapture(ready)
+        const config = await loadBridgeConfig(created.body.bridgeUrl)
+        await acceptFinalUrl(ready, created.body.id, config.bridgeToken)
+        const posted = await readJson(
+          await fetch(`${ready.baseUrl}/v1/captures/${created.body.id}/profile`, {
+            method: 'POST',
+            headers: { ...auth(config.bridgeToken), 'Content-Type': 'application/json' },
+            body: JSON.stringify(profileFor(created.body.id))
+          })
+        )
+        assert.equal(posted.status, 200)
+        assert.equal(posted.body.status, 'completed')
+        return created.body.id
+      }
+
+      const makeFailed = async () => {
+        const created = await createCapture(ready)
+        const config = await loadBridgeConfig(created.body.bridgeUrl)
+        const failed = await readJson(
+          await fetch(`${ready.baseUrl}/v1/captures/${created.body.id}/status`, {
+            method: 'POST',
+            headers: { ...auth(config.bridgeToken), 'Content-Type': 'application/json' },
+            body: JSON.stringify(
+              statusBody(created.body.id, config, {
+                status: 'failed',
+                phase: 'cleanup',
+                sequence: 1,
+                error: { code: 'TARGET_TAB_CLOSED', message: 'Target closed.' }
+              })
+            )
+          })
+        )
+        assert.equal(failed.status, 200)
+        assert.equal(failed.body.status, 'failed')
+        return created.body.id
+      }
+
+      const makeCancelled = async () => {
+        const created = await createCapture(ready)
+        const cancelled = await readJson(
+          await fetch(`${ready.baseUrl}/v1/captures/${created.body.id}`, {
+            method: 'DELETE',
+            headers: auth(ready.apiToken)
+          })
+        )
+        assert.equal(cancelled.status, 200)
+        now += 10001
+        const status = await readJson(await fetch(`${ready.baseUrl}/v1/captures/${created.body.id}`, { headers: auth(ready.apiToken) }))
+        assert.equal(status.body.status, 'cancelled')
+        return created.body.id
+      }
+
+      const makeExpired = async () => {
+        const captureId = await makeCompleted()
+        now += 10 * 60 * 1000 + 1
+        const status = await readJson(await fetch(`${ready.baseUrl}/v1/captures/${captureId}`, { headers: auth(ready.apiToken) }))
+        assert.equal(status.body.status, 'expired')
+        return captureId
+      }
+
+      const assertTerminalDelete = async (captureId, expectedStatus) => {
+        const deleted = await readJson(
+          await fetch(`${ready.baseUrl}/v1/captures/${captureId}`, {
+            method: 'DELETE',
+            headers: auth(ready.apiToken)
+          })
+        )
+        assert.equal(deleted.status, 409)
+        assert.equal(deleted.body.error.code, 'INVALID_REQUEST')
+        assert.equal(deleted.body.error.details.status, expectedStatus)
+
+        const after = await readJson(await fetch(`${ready.baseUrl}/v1/captures/${captureId}`, { headers: auth(ready.apiToken) }))
+        assert.equal(after.status, 200)
+        assert.equal(after.body.status, expectedStatus)
+      }
+
+      await assertTerminalDelete(await makeCompleted(), 'completed')
+      await assertTerminalDelete(await makeFailed(), 'failed')
+      await assertTerminalDelete(await makeCancelled(), 'cancelled')
+      await assertTerminalDelete(await makeExpired(), 'expired')
+    },
+    { now: () => now }
+  )
+})
+
+test('js bridge converts unconfirmed cancellation to terminal cancelled state', async () => {
+  let now = 1000
+  await withBridge(
+    async ready => {
+      const created = await createCapture(ready)
+      const config = await loadBridgeConfig(created.body.bridgeUrl)
+
+      const cancel = await readJson(
+        await fetch(`${ready.baseUrl}/v1/captures/${created.body.id}`, {
+          method: 'DELETE',
+          headers: auth(ready.apiToken)
+        })
+      )
+      assert.equal(cancel.status, 200)
+      assert.equal(cancel.body.status, 'cancel_requested')
+
+      const repeatedCancel = await readJson(
+        await fetch(`${ready.baseUrl}/v1/captures/${created.body.id}`, {
+          method: 'DELETE',
+          headers: auth(ready.apiToken)
+        })
+      )
+      assert.equal(repeatedCancel.status, 409)
+      assert.equal(repeatedCancel.body.error.code, 'STALE_STATUS_UPDATE')
+      assert.equal(repeatedCancel.body.error.details.status, 'cancel_requested')
+
+      const runningAfterCancel = await readJson(
+        await fetch(`${ready.baseUrl}/v1/captures/${created.body.id}/status`, {
+          method: 'POST',
+          headers: { ...auth(config.bridgeToken), 'Content-Type': 'application/json' },
+          body: JSON.stringify(statusBody(created.body.id, config, { status: 'running', phase: 'target_opening', sequence: 1 }))
+        })
+      )
+      assert.equal(runningAfterCancel.status, 409)
+      assert.equal(runningAfterCancel.body.error.code, 'STALE_STATUS_UPDATE')
+
+      now += 10001
+
+      const status = await readJson(await fetch(`${ready.baseUrl}/v1/captures/${created.body.id}`, { headers: auth(ready.apiToken) }))
+      assert.equal(status.status, 200)
+      assert.equal(status.body.status, 'cancelled')
+      assert.equal(status.body.error.code, 'CAPTURE_TIMEOUT')
+      assert.equal(status.body.error.details.reason, 'cancel_timeout')
+
+      const control = await readJson(
+        await fetch(`${ready.baseUrl}/v1/captures/${created.body.id}/control`, {
+          headers: auth(config.bridgeToken)
+        })
+      )
+      assert.equal(control.status, 200)
+      assert.equal(control.body.command, 'cancel')
+      assert.equal(control.body.status, 'cancelled')
+
+      const lateStatus = await readJson(
+        await fetch(`${ready.baseUrl}/v1/captures/${created.body.id}/status`, {
+          method: 'POST',
+          headers: { ...auth(config.bridgeToken), 'Content-Type': 'application/json' },
+          body: JSON.stringify(
+            statusBody(created.body.id, config, {
+              status: 'running',
+              phase: 'target_loaded',
+              sequence: 1,
+              finalUrl: baseCaptureRequest.url
+            })
+          )
+        })
+      )
+      assert.equal(lateStatus.status, 409)
+      assert.equal(lateStatus.body.error.code, 'STALE_STATUS_UPDATE')
+    },
+    { now: () => now }
+  )
+})
+
+test('js bridge rejects preflight and ambiguous raw request shell', async () => {
+  await withBridge(async ready => {
+    const options = await readJson(await fetch(`${ready.baseUrl}/v1/captures`, { method: 'OPTIONS' }))
+    assert.equal(options.status, 405)
+    assert.equal(options.headers.get('allow'), 'GET, POST, DELETE')
+    assert.equal(options.headers.has('access-control-allow-origin'), false)
+
+    const getCollection = await readJson(await fetch(`${ready.baseUrl}/v1/captures`, { headers: auth(ready.apiToken) }))
+    assert.equal(getCollection.status, 405)
+    assert.equal(getCollection.headers.get('allow'), 'POST')
+
+    const postHealth = await readJson(await fetch(`${ready.baseUrl}/health`, { method: 'POST' }))
+    assert.equal(postHealth.status, 405)
+    assert.equal(postHealth.headers.get('allow'), 'GET')
+
+    const url = new URL(ready.baseUrl)
+    const optionsWrongHost = await rawHttp(url.port, [
+      'OPTIONS /v1/captures HTTP/1.1',
+      `Host: localhost:${url.port}`,
+      'Connection: close',
+      '',
+      ''
+    ])
+    assert.match(optionsWrongHost, /400/)
+    assert.match(optionsWrongHost, /INVALID_REQUEST/)
+
+    const wrongPortHost = await rawHttp(url.port, [
+      'GET /health HTTP/1.1',
+      `Host: 127.0.0.1:${Number(url.port) + 1}`,
+      'Connection: close',
+      '',
+      ''
+    ])
+    assert.match(wrongPortHost, /400/)
+    assert.match(wrongPortHost, /INVALID_REQUEST/)
+
+    const missingHost = await rawHttp(url.port, ['GET /health HTTP/1.1', 'Connection: close', '', ''])
+    assert.match(missingHost, /400/)
+    assert.match(missingHost, /INVALID_REQUEST/)
+
+    const ipv6Host = await rawHttp(url.port, ['GET /health HTTP/1.1', `Host: [::1]:${url.port}`, 'Connection: close', '', ''])
+    assert.match(ipv6Host, /400/)
+    assert.match(ipv6Host, /INVALID_REQUEST/)
+
+    const duplicateHost = await rawHttp(url.port, [
+      'GET /health HTTP/1.1',
+      `Host: ${url.host}`,
+      `Host: ${url.host}`,
+      'Connection: close',
+      '',
+      ''
+    ])
+    assert.match(duplicateHost, /400/)
+    assert.match(duplicateHost, /INVALID_REQUEST/)
+
+    const absoluteForm = await rawHttp(url.port, [
+      `GET http://127.0.0.1:${url.port}/health HTTP/1.1`,
+      `Host: ${url.host}`,
+      'Connection: close',
+      '',
+      ''
+    ])
+    assert.match(absoluteForm, /400/)
+    assert.match(absoluteForm, /INVALID_REQUEST/)
+
+    const authorityForm = await rawHttp(url.port, [
+      `CONNECT 127.0.0.1:${url.port} HTTP/1.1`,
+      `Host: ${url.host}`,
+      'Connection: close',
+      '',
+      ''
+    ])
+    assert.match(authorityForm, /400/)
+    assert.match(authorityForm, /INVALID_REQUEST/)
+
+    const encodedSlashPath = await rawHttp(url.port, ['GET /v1%2fcaptures HTTP/1.1', `Host: ${url.host}`, 'Connection: close', '', ''])
+    assert.match(encodedSlashPath, /400/)
+    assert.match(encodedSlashPath, /INVALID_REQUEST/)
+
+    const encodedBackslashPath = await rawHttp(url.port, ['GET /v1%5ccaptures HTTP/1.1', `Host: ${url.host}`, 'Connection: close', '', ''])
+    assert.match(encodedBackslashPath, /400/)
+    assert.match(encodedBackslashPath, /INVALID_REQUEST/)
+
+    const rawBackslashPath = await rawHttp(url.port, ['GET /v1\\captures HTTP/1.1', `Host: ${url.host}`, 'Connection: close', '', ''])
+    assert.match(rawBackslashPath, /400/)
+    assert.match(rawBackslashPath, /INVALID_REQUEST/)
+
+    const dotSegmentPath = await rawHttp(url.port, ['GET /v1/../health HTTP/1.1', `Host: ${url.host}`, 'Connection: close', '', ''])
+    assert.match(dotSegmentPath, /400/)
+    assert.match(dotSegmentPath, /INVALID_REQUEST/)
+
+    const emptySegmentPath = await rawHttp(url.port, ['GET /v1//captures HTTP/1.1', `Host: ${url.host}`, 'Connection: close', '', ''])
+    assert.match(emptySegmentPath, /400/)
+    assert.match(emptySegmentPath, /INVALID_REQUEST/)
+
+    const unexpectedQuery = await rawHttp(url.port, ['GET /health?x=1 HTTP/1.1', `Host: ${url.host}`, 'Connection: close', '', ''])
+    assert.match(unexpectedQuery, /400/)
+    assert.match(unexpectedQuery, /INVALID_REQUEST/)
+
+    const created = await createCapture(ready)
+    const percentEncodedSession = await readJson(await fetch(percentEncodeBridgeParam(created.body.bridgeUrl, 'session')))
+    assert.equal(percentEncodedSession.status, 400)
+    assert.equal(percentEncodedSession.body.error.code, 'INVALID_REQUEST')
+
+    const duplicateBridgeQuery = await readJson(
+      await fetch(`${created.body.bridgeUrl}&session=${new URL(created.body.bridgeUrl).searchParams.get('session')}`)
+    )
+    assert.equal(duplicateBridgeQuery.status, 400)
+    assert.equal(duplicateBridgeQuery.body.error.code, 'INVALID_REQUEST')
+    assert.equal(JSON.stringify(duplicateBridgeQuery.body).includes('spbt_'), false)
+
+    const duplicateAuthorization = await rawHttp(url.port, [
+      'GET /health HTTP/1.1',
+      `Host: ${url.host}`,
+      'Authorization: Bearer one',
+      'Authorization: Bearer two',
+      'Connection: close',
+      '',
+      ''
+    ])
+    assert.match(duplicateAuthorization, /400/)
+    assert.match(duplicateAuthorization, /INVALID_REQUEST/)
+
+    const duplicateContentType = await rawHttp(url.port, [
+      'POST /v1/captures HTTP/1.1',
+      `Host: ${url.host}`,
+      `Authorization: Bearer ${ready.apiToken}`,
+      'Content-Type: application/json',
+      'Content-Type: application/json',
+      'Content-Length: 2',
+      'Connection: close',
+      '',
+      '{}'
+    ])
+    assert.match(duplicateContentType, /400/)
+    assert.match(duplicateContentType, /INVALID_REQUEST/)
+
+    const contentLengthAndTransferEncoding = await rawHttp(url.port, [
+      'POST /v1/captures HTTP/1.1',
+      `Host: ${url.host}`,
+      `Authorization: Bearer ${ready.apiToken}`,
+      'Content-Type: application/json',
+      'Content-Length: 2',
+      'Transfer-Encoding: chunked',
+      'Connection: close',
+      '',
+      '{}'
+    ])
+    assert.match(contentLengthAndTransferEncoding, /400/)
+    assert.match(contentLengthAndTransferEncoding, /INVALID_REQUEST/)
+
+    const duplicateContentLength = await rawHttp(url.port, [
+      'POST /v1/captures HTTP/1.1',
+      `Host: ${url.host}`,
+      `Authorization: Bearer ${ready.apiToken}`,
+      'Content-Type: application/json',
+      'Content-Length: 2',
+      'Content-Length: 2',
+      'Connection: close',
+      '',
+      '{}'
+    ])
+    assert.match(duplicateContentLength, /400/)
+    assert.match(duplicateContentLength, /INVALID_REQUEST/)
+
+    const invalidContentLength = await rawHttp(url.port, [
+      'POST /v1/captures HTTP/1.1',
+      `Host: ${url.host}`,
+      `Authorization: Bearer ${ready.apiToken}`,
+      'Content-Type: application/json',
+      'Content-Length: nope',
+      'Connection: close',
+      '',
+      '{}'
+    ])
+    assert.match(invalidContentLength, /400/)
+    assert.match(invalidContentLength, /INVALID_REQUEST/)
+
+    const identityContentEncoding = await rawHttp(url.port, [
+      'GET /health HTTP/1.1',
+      `Host: ${url.host}`,
+      'Content-Encoding: Identity',
+      'Connection: close',
+      '',
+      ''
+    ])
+    assert.match(identityContentEncoding, /200 OK/)
+
+    const chunkedBody = await rawHttp(url.port, [
+      'POST /v1/captures HTTP/1.1',
+      `Host: ${url.host}`,
+      `Authorization: Bearer ${ready.apiToken}`,
+      'Content-Type: application/json',
+      'Transfer-Encoding: chunked',
+      'Connection: close',
+      '',
+      '2',
+      '{}',
+      '0',
+      '',
+      ''
+    ])
+    assert.match(chunkedBody, /400/)
+    assert.match(chunkedBody, /UNSUPPORTED_TRANSFER_ENCODING/)
+
+    const unsupportedTransferEncoding = await rawHttp(url.port, [
+      'POST /v1/captures HTTP/1.1',
+      `Host: ${url.host}`,
+      `Authorization: Bearer ${ready.apiToken}`,
+      'Content-Type: application/json',
+      'Transfer-Encoding: gzip',
+      'Connection: close',
+      '',
+      ''
+    ])
+    assert.match(unsupportedTransferEncoding, /400/)
+    assert.match(unsupportedTransferEncoding, /UNSUPPORTED_TRANSFER_ENCODING/)
+
+    const unsupportedContentEncoding = await rawHttp(url.port, [
+      'POST /v1/captures HTTP/1.1',
+      `Host: ${url.host}`,
+      `Authorization: Bearer ${ready.apiToken}`,
+      'Content-Type: application/json',
+      'Content-Encoding: gzip',
+      'Content-Length: 2',
+      'Connection: close',
+      '',
+      '{}'
+    ])
+    assert.match(unsupportedContentEncoding, /415/)
+    assert.match(unsupportedContentEncoding, /UNSUPPORTED_MEDIA_TYPE/)
+
+    const unsupportedCharset = await rawHttp(url.port, [
+      'POST /v1/captures HTTP/1.1',
+      `Host: ${url.host}`,
+      `Authorization: Bearer ${ready.apiToken}`,
+      'Content-Type: application/json; charset=latin1',
+      'Content-Length: 2',
+      'Connection: close',
+      '',
+      '{}'
+    ])
+    assert.match(unsupportedCharset, /415/)
+    assert.match(unsupportedCharset, /UNSUPPORTED_MEDIA_TYPE/)
+  })
+})
+
+const rawHttp = (port, lines) =>
+  new Promise((resolve, reject) => {
+    const socket = net.createConnection({ host: '127.0.0.1', port: Number(port) })
+    let data = ''
+    socket.on('connect', () => socket.write(lines.join('\r\n')))
+    socket.on('data', chunk => {
+      data += chunk.toString('utf8')
+    })
+    socket.on('error', reject)
+    socket.on('end', () => resolve(data))
+  })
+
+const rawHttpSplitBody = (port, lines, body, splitAt, delayMs) =>
+  new Promise((resolve, reject) => {
+    const socket = net.createConnection({ host: '127.0.0.1', port: Number(port) })
+    let data = ''
+    const finish = () => resolve(data)
+    socket.on('connect', () => {
+      socket.write(lines.join('\r\n'))
+      socket.write(body.slice(0, splitAt))
+      setTimeout(() => socket.write(body.slice(splitAt)), delayMs)
+    })
+    socket.on('data', chunk => {
+      data += chunk.toString('utf8')
+    })
+    socket.on('error', reject)
+    socket.on('end', finish)
+  })
+
+const parseRawJsonResponse = raw => {
+  const [head, body = '{}'] = raw.split('\r\n\r\n')
+  const status = Number(/^HTTP\/1\.1\s+(\d+)/.exec(head)?.[1])
+  const isChunked = /\r\ntransfer-encoding:\s*chunked\r\n/i.test(`\r\n${head}\r\n`)
+  return { status, body: JSON.parse(isChunked ? decodeChunkedBody(body) : body) }
+}
+
+const decodeChunkedBody = body => {
+  let offset = 0
+  let decoded = ''
+  while (offset < body.length) {
+    const sizeEnd = body.indexOf('\r\n', offset)
+    if (sizeEnd < 0) break
+    const size = Number.parseInt(body.slice(offset, sizeEnd), 16)
+    if (!Number.isFinite(size) || size < 0) break
+    offset = sizeEnd + 2
+    if (size === 0) break
+    decoded += body.slice(offset, offset + size)
+    offset += size + 2
+  }
+  return decoded
+}
+
+const rawHttpPartial = (port, lines, deadlineMs = 1500) =>
+  new Promise((resolve, reject) => {
+    const started = Date.now()
+    const socket = net.createConnection({ host: '127.0.0.1', port: Number(port) })
+    let settled = false
+    let data = ''
+    const finish = () => {
+      if (settled) return
+      settled = true
+      clearTimeout(timeout)
+      resolve({ closed: true, data, elapsedMs: Date.now() - started })
+    }
+    const timeout = setTimeout(() => {
+      if (settled) return
+      settled = true
+      socket.destroy()
+      reject(new Error(`slow request was not closed within ${deadlineMs}ms; partial data: ${data}`))
+    }, deadlineMs)
+    socket.on('connect', () => socket.write(lines.join('\r\n')))
+    socket.on('data', chunk => {
+      data += chunk.toString('utf8')
+    })
+    socket.on('error', error => {
+      if (settled) return
+      settled = true
+      clearTimeout(timeout)
+      reject(error)
+    })
+    socket.on('end', finish)
+    socket.on('close', finish)
+  })
+
+const rawHttpPartialAllowReset = (port, lines, deadlineMs = 1500) =>
+  new Promise((resolve, reject) => {
+    const started = Date.now()
+    const socket = net.createConnection({ host: '127.0.0.1', port: Number(port) })
+    let settled = false
+    let data = ''
+    const resolveClosed = reset => {
+      if (settled) return
+      settled = true
+      clearTimeout(timeout)
+      resolve({ closed: true, data, elapsedMs: Date.now() - started, reset })
+    }
+    const timeout = setTimeout(() => {
+      if (settled) return
+      settled = true
+      socket.destroy()
+      reject(new Error(`slow request was not closed within ${deadlineMs}ms; partial data: ${data}`))
+    }, deadlineMs)
+    socket.on('connect', () => socket.write(lines.join('\r\n')))
+    socket.on('data', chunk => {
+      data += chunk.toString('utf8')
+    })
+    socket.on('error', error => {
+      if (error?.code === 'ECONNRESET') return resolveClosed(true)
+      if (settled) return
+      settled = true
+      clearTimeout(timeout)
+      reject(error)
+    })
+    socket.on('end', () => resolveClosed(false))
+    socket.on('close', () => resolveClosed(false))
+  })
+
+const openHoldingSocket = port =>
+  new Promise((resolve, reject) => {
+    const socket = net.createConnection({ host: '127.0.0.1', port: Number(port) })
+    socket.once('connect', () => resolve(socket))
+    socket.once('error', reject)
+  })
diff --git a/tests/stackprism-skill.test.mjs b/tests/stackprism-skill.test.mjs
new file mode 100644
index 00000000..4014878f
--- /dev/null
+++ b/tests/stackprism-skill.test.mjs
@@ -0,0 +1,276 @@
+import assert from 'node:assert/strict'
+import { readFile } from 'node:fs/promises'
+import { test } from 'node:test'
+
+const skillSource = await readFile(new URL('../agent-skill/stackprism-site-experience/SKILL.md', import.meta.url), 'utf8')
+const agentsSource = await readFile(new URL('../AGENTS.md', import.meta.url), 'utf8')
+const readmeSource = await readFile(new URL('../agent-skill/stackprism-site-experience/README.md', import.meta.url), 'utf8')
+const openaiYamlSource = await readFile(new URL('../agent-skill/stackprism-site-experience/agents/openai.yaml', import.meta.url), 'utf8')
+const consumptionGuideSource = await readFile(
+  new URL('../agent-skill/stackprism-site-experience/references/agent-consumption-guide.md', import.meta.url),
+  'utf8'
+)
+const profileSchemaSource = await readFile(
+  new URL('../agent-skill/stackprism-site-experience/references/site-experience-profile-schema.md', import.meta.url),
+  'utf8'
+)
+
+const frontmatter = source => {
+  const match = source.match(/^---\n(?<body>[\s\S]*?)\n---/)
+  assert.ok(match?.groups?.body, 'skill must have YAML frontmatter')
+  return Object.fromEntries(
+    match.groups.body.split('\n').map(line => {
+      const separatorIndex = line.indexOf(':')
+      assert.ok(separatorIndex > 0, `invalid frontmatter line: ${line}`)
+      return [line.slice(0, separatorIndex).trim(), line.slice(separatorIndex + 1).trim()]
+    })
+  )
+}
+
+const yamlValue = (source, key) => {
+  const match = source.match(new RegExp(`^\\s*${key}:\\s*'(?<value>[^']+)'`, 'm'))
+  assert.ok(match?.groups?.value, `missing ${key} in openai.yaml`)
+  return match.groups.value
+}
+
+const fencedBlocks = source => [...source.matchAll(/```(?<lang>\w+)?\n(?<body>[\s\S]*?)```/g)].map(match => match.groups)
+
+const assertBefore = (source, first, second) => {
+  const firstIndex = source.indexOf(first)
+  const secondIndex = source.indexOf(second)
+  assert.notEqual(firstIndex, -1, `missing ${first}`)
+  assert.notEqual(secondIndex, -1, `missing ${second}`)
+  assert.ok(firstIndex < secondIndex, `${first} must appear before ${second}`)
+}
+
+test('stackprism site experience skill advertises the current bridge workflow', () => {
+  const metadata = frontmatter(skillSource)
+  const bashBlocks = fencedBlocks(skillSource)
+    .filter(block => block.lang === 'bash')
+    .map(block => block.body)
+
+  assert.equal(metadata.name, 'stackprism-site-experience')
+  assert.match(metadata.description, /StackPrism Agent Bridge profile/)
+  assert.match(metadata.description, /specific http\(s\) URL/)
+  assert.match(metadata.description, /Agent Bridge E2E verification/)
+  assert.match(metadata.description, /Do not use for generic UI edits/)
+  assert.match(metadata.description, /backend-only work/)
+  assert.match(metadata.description, /StackPrism internal code review/)
+  assert.match(skillSource, /StackPrism internal source review, refactor, or maintenance/)
+  assert.ok(
+    bashBlocks.some(block => block.includes('scripts/capture-site.mjs')),
+    'skill must show preferred capture helper'
+  )
+  assert.ok(
+    bashBlocks.some(block => block.includes('scripts/stackprism-bridge.mjs')),
+    'skill must show JS bridge'
+  )
+  assert.ok(
+    bashBlocks.some(block => block.includes('scripts/stackprism_bridge.py')),
+    'skill must show Python fallback'
+  )
+  assert.match(skillSource, /scripts\/capture-site\.mjs/)
+  assert.match(skillSource, /scripts\/stackprism-bridge\.mjs/)
+  assert.match(skillSource, /scripts\/stackprism_bridge\.py/)
+  assert.match(skillSource, /STACKPRISM_BROWSER_OPEN_COMMAND/)
+  assert.match(skillSource, /STACKPRISM_BROWSER_OPEN_ARGS_JSON/)
+  assert.match(skillSource, /--allow-private-network/)
+  assert.match(skillSource, /confirm the dev server is running and the URL is reachable/)
+  assert.match(skillSource, /Localhost support is only for public, demo, or explicitly desensitized development pages/)
+  assert.match(skillSource, /local, intranet, or internal pages that contain login state/)
+  assert.match(skillSource, /--include tech,visual,layout,components,interaction,ux,assets/)
+  assert.match(skillSource, /--max-resource-urls/)
+  assert.match(skillSource, /one JSON summary on stdout/)
+  assert.match(skillSource, /one JSON error object to stderr/)
+  assert.match(skillSource, /`error\.code`, `error\.message`, and sanitized `error\.details`/)
+  assert.match(skillSource, /PRIVATE_NETWORK_TARGET_BLOCKED/)
+  assert.match(skillSource, /CAPTURE_BUSY/)
+  assert.match(skillSource, /AGENT_BRIDGE_DISABLED/)
+  assert.match(skillSource, /EXTENSION_NOT_CONNECTED/)
+  assert.match(skillSource, /Firefox profiles/)
+  assert.match(skillSource, /"--profile","\/absolute\/path\/to\/profile"/)
+  assert.match(skillSource, /correct Chrome, Edge, or Firefox profile/)
+  assert.match(skillSource, /Cross-platform explicit profile examples/)
+  assert.match(skillSource, /Set environment variables with the syntax of the current shell/)
+  assert.match(skillSource, /examples below describe the values/)
+  assert.match(skillSource, /Windows Chrome/)
+  assert.match(skillSource, /C:\\Program Files\\Google\\Chrome\\Application\\chrome\.exe/)
+  assert.match(skillSource, /Windows Edge/)
+  assert.match(skillSource, /Linux Chrome\/Chromium/)
+  assert.match(skillSource, /STACKPRISM_BROWSER_OPEN_COMMAND=firefox/)
+  assert.match(skillSource, /\["-P","<firefox-profile-with-stackprism>"\]/)
+  assert.match(skillSource, /## Private Page Boundary/)
+  assert.match(skillSource, /even when the user says they own the account/)
+  assert.match(skillSource, /I cannot automatically capture that private or logged-in page with StackPrism/)
+  assert.match(skillSource, /public demo URL, a desensitized test-environment URL/)
+  assert.match(skillSource, /current browser page/)
+  assert.match(skillSource, /do not use `active_tab`/)
+  assert.match(skillSource, /If you already have a redacted screenshot or recording with private content removed/)
+  assert.match(skillSource, /do not create a new screenshot of the private page for this request/)
+  assert.match(skillSource, /do not ask the user to create screenshots for private pages/)
+  assert.match(skillSource, /Accept a user-provided redacted screenshot or recording only if the user already has one/)
+  assert.match(skillSource, /http:\/\/127\.0\.0\.1:5173\//)
+  assert.match(skillSource, /\/Applications\/Google Chrome\.app\/Contents\/MacOS\/Google Chrome/)
+  assert.match(skillSource, /<profile-directory-with-stackprism>/)
+  assert.match(skillSource, /do not use `Default` unless the user confirms StackPrism is installed and enabled there/)
+  assert.match(skillSource, /--include tech,visual,layout,components,ux/)
+  assert.match(skillSource, /--max-resource-urls 150/)
+  assert.match(skillSource, /--include tech,layout,components,ux/)
+  assert.match(skillSource, /--max-resource-urls 50/)
+  assert.match(skillSource, /--no-screenshot/)
+  assert.match(skillSource, /Retry attempts must preserve the original capture context exactly/)
+  assert.match(skillSource, /same `STACKPRISM_BROWSER_OPEN_COMMAND`/)
+  assert.match(skillSource, /same target policy flags such as `--allow-private-network`/)
+  assert.match(skillSource, /add that flag directly after `--url "\$TARGET_URL"`/)
+  assert.match(skillSource, /For an original local\/private attempt, add/)
+  assert.doesNotMatch(skillSource, /STACKPRISM_CAPTURE_TARGET_FLAGS/)
+  assert.match(skillSource, /Before the final non-visual attempt/)
+  assert.match(skillSource, /Do not run the final `--no-screenshot` retry until the user confirms/)
+  assert.match(skillSource, /the result can only support structural, technology, component, and limited UX findings/)
+  assert.match(skillSource, /The current experience profile is passive/)
+  assert.match(skillSource, /does not click, type, submit forms, or exercise workflows/)
+  assert.match(skillSource, /"captureScreenshot": true/)
+  assert.match(skillSource, /## E2E Evidence Manifest/)
+  assert.match(skillSource, /browserName/)
+  assert.match(skillSource, /profileIdentifier/)
+  assert.match(skillSource, /extensionVersion/)
+  assert.match(skillSource, /privateNetworkOverrideUsed/)
+  assert.match(skillSource, /Safe to report/)
+  assert.match(skillSource, /Never paste or commit/)
+  assert.match(skillSource, /`apiToken`/)
+  assert.match(skillSource, /token-bearing bridge URLs/)
+  assert.match(skillSource, /`captureId` may appear in local result artifacts/)
+  assert.match(skillSource, /shasum -a 256/)
+  assert.match(skillSource, /stat -f '%N %z bytes'/)
+  assert.match(skillSource, /Use this public report template instead of pasting raw stdout/)
+  assert.match(skillSource, /"captureId": "\[redacted\]"/)
+  assert.match(skillSource, /"browserName": "<Chrome\|Edge\|Firefox>"/)
+  assert.match(skillSource, /"profileIdentifier": "<profile-label-used-for-this-run>"/)
+  assert.match(skillSource, /extension details page/)
+  assert.match(skillSource, /Do not include extension internal UUIDs/)
+  assert.match(skillSource, /## Firefox E2E Validation/)
+  assert.match(skillSource, /exact safe public `http:` or `https:` smoke URL/)
+  assert.match(skillSource, /do not choose an arbitrary public page/)
+  assert.match(skillSource, /\/Applications\/Firefox\.app\/Contents\/MacOS\/firefox/)
+  assert.match(skillSource, /<firefox-profile-with-stackprism>/)
+  assert.match(skillSource, /browserName` to `Firefox/)
+  assert.match(skillSource, /exact `-P` profile name or `--profile` path label/)
+  assert.match(skillSource, /When the user asks for a recreation brief/)
+  assert.match(skillSource, /Record the captured viewport names and dimensions/)
+  assert.match(skillSource, /Do not infer mobile or responsive breakpoint behavior/)
+})
+
+test('stackprism site experience skill points agents to repo-local references', () => {
+  assert.match(skillSource, /references\/site-experience-profile-schema\.md/)
+  assert.match(skillSource, /references\/agent-consumption-guide\.md/)
+  assert.match(profileSchemaSource, /Schema id: `stackprism\.site_experience_profile\.v1`/)
+  assert.match(profileSchemaSource, /agentGuidance/)
+  assert.match(profileSchemaSource, /recreationPlan/)
+  assert.match(profileSchemaSource, /Screenshot image base64 is intentionally omitted/)
+  assert.match(consumptionGuideSource, /Start from `agentGuidance\.recreationPlan`/)
+  assert.match(consumptionGuideSource, /Read `limitations`/)
+  assertBefore(consumptionGuideSource, 'Read `limitations` first', 'Start from `agentGuidance.recreationPlan`')
+  assertBefore(skillSource, 'Read `limitations` first', 'Start from `agentGuidance.recreationPlan`')
+  assert.match(consumptionGuideSource, /verificationChecklist/)
+  assert.match(consumptionGuideSource, /Raw `\/profile` access still requires the API token/)
+  assert.match(consumptionGuideSource, /Never copy `apiToken`, `bridgeToken`, nonce/)
+  assert.match(consumptionGuideSource, /raw profile JSON containing private content/)
+  assert.match(consumptionGuideSource, /screenshot data URLs/)
+  assert.match(consumptionGuideSource, /If `visualProfile` or screenshot evidence is missing, do not claim visual parity/)
+  assert.match(consumptionGuideSource, /A tech-only profile supports technology, dependency, and runtime observations only/)
+  assert.match(consumptionGuideSource, /not sufficient for UI implementation, visual comparison, or visual verification/)
+  assert.match(consumptionGuideSource, /A reduced non-visual retry supports structural, technology, and limited UX findings only/)
+  assert.match(consumptionGuideSource, /A reduced retry is valid only if it preserved the original capture context/)
+  assert.match(consumptionGuideSource, /target policy flags such as `--allow-private-network`/)
+  assert.match(consumptionGuideSource, /Destination project conventions override the source page's stack/)
+  assert.match(consumptionGuideSource, /component library, routing, state, CSS architecture, test framework/)
+  assert.match(consumptionGuideSource, /Interaction smoke tests should cover viewport, key path, hover and focus states/)
+  assert.match(consumptionGuideSource, /responsive breakpoint, screenshot or DOM geometry evidence, and explicit limitations/)
+  assert.match(consumptionGuideSource, /StackPrism experience capture is passive/)
+  assert.match(consumptionGuideSource, /does not click, type, submit forms, or exercise workflows/)
+  assert.match(consumptionGuideSource, /For recreation briefs, structure the brief from `agentGuidance\.recreationPlan`/)
+  assert.match(consumptionGuideSource, /Recreation brief structure/)
+  assert.match(consumptionGuideSource, /Evidence and limitations/)
+  assert.match(consumptionGuideSource, /captured viewport names and dimensions/)
+  assert.match(consumptionGuideSource, /Technical direction/)
+  assert.match(consumptionGuideSource, /Visual direction/)
+  assert.match(consumptionGuideSource, /Layout and components/)
+  assert.match(consumptionGuideSource, /Interaction and UX/)
+  assert.match(consumptionGuideSource, /Assets and verification/)
+  assert.match(consumptionGuideSource, /Safe report fields/)
+  assert.match(consumptionGuideSource, /unredacted `captureId`/)
+  assert.match(consumptionGuideSource, /Screenshots are not pixel-redacted/)
+  assert.match(consumptionGuideSource, /login-protected, account-specific, billing/)
+  assert.match(consumptionGuideSource, /billing, admin, inbox, dashboard, internal/)
+  assert.match(consumptionGuideSource, /I cannot automatically capture that private or logged-in page with StackPrism/)
+  assert.match(consumptionGuideSource, /public demo URL, a desensitized test-environment URL/)
+  assert.match(consumptionGuideSource, /If you already have a redacted screenshot or recording with private content removed/)
+  assert.match(consumptionGuideSource, /do not create a new screenshot of the private page for this request/)
+  assert.match(consumptionGuideSource, /Localhost or intranet targets are acceptable only when they are public, demo, or explicitly desensitized development pages/)
+  assert.match(consumptionGuideSource, /current browser page/)
+  assert.match(consumptionGuideSource, /Accept redacted screenshots or recordings only when the user already has them/)
+  assert.match(consumptionGuideSource, /do not ask the user to create new screenshots of private pages/)
+  assert.match(profileSchemaSource, /`visualReference` for optional screenshot handling/)
+  assert.match(profileSchemaSource, /`verificationChecklist` for destination-app acceptance checks/)
+})
+
+test('stackprism site experience skill UI metadata remains aligned with global discovery', () => {
+  const shortDescription = yamlValue(openaiYamlSource, 'short_description')
+  const defaultPrompt = yamlValue(openaiYamlSource, 'default_prompt')
+
+  assert.equal(yamlValue(openaiYamlSource, 'display_name'), 'StackPrism Site Experience')
+  assert.equal(shortDescription, 'Capture StackPrism Agent Bridge URL profiles')
+  assert.ok(shortDescription.length >= 25 && shortDescription.length <= 64)
+  assert.match(defaultPrompt, /\$stackprism-site-experience/)
+  assert.match(defaultPrompt, /StackPrism Agent Bridge profile/)
+  assert.match(defaultPrompt, /website recreation/)
+  assert.match(defaultPrompt, /UX comparison/)
+  assert.match(defaultPrompt, /live browser evidence/)
+  assert.match(defaultPrompt, /Agent Bridge E2E validation/)
+  assert.match(defaultPrompt, /extension/)
+  assert.match(defaultPrompt, /not private login\/account/)
+  assert.ok(defaultPrompt.length <= 260)
+  assert.equal(defaultPrompt.split(/[.!?]\s+/).filter(Boolean).length, 1)
+  assert.match(openaiYamlSource, /display_name: 'StackPrism Site Experience'/)
+  assert.match(openaiYamlSource, /allow_implicit_invocation: true/)
+})
+
+test('repo-local skill documents bridge asset parity and local installation boundary', () => {
+  assert.match(readmeSource, /not automatically installed into Codex or any global skill registry/)
+  assert.match(readmeSource, /JavaScript bridge and Python fallback intentionally share the same bridge page CSS and client script text/)
+  assert.match(readmeSource, /--include tech,visual,layout,components,interaction,ux,assets/)
+  assert.match(readmeSource, /--max-resource-urls <n>/)
+  assert.match(readmeSource, /The direct bridge scripts print a single ready JSON line/)
+  assert.match(readmeSource, /one JSON summary to stdout/)
+  assert.match(readmeSource, /one JSON error object to stderr/)
+  assert.match(readmeSource, /Local development targets such as `localhost`/)
+  assert.match(readmeSource, /--allow-private-network/)
+  assert.match(readmeSource, /Localhost support is only for public, demo, or explicitly desensitized development pages/)
+  assert.match(readmeSource, /http:\/\/127\.0\.0\.1:5173\//)
+  assert.match(readmeSource, /<profile-directory-with-stackprism>/)
+  assert.match(readmeSource, /use `Default` only if StackPrism is really enabled there/)
+  assert.match(readmeSource, /Do not capture private or logged-in pages/)
+  assert.match(readmeSource, /already-redacted screenshot\/recording/)
+  assert.match(readmeSource, /Do not ask users to create new screenshots of private pages/)
+  assert.match(readmeSource, /current browser page/)
+  assert.match(readmeSource, /retry with less data, not partial results/)
+  assert.match(readmeSource, /Keep the same URL, browser\/profile env, and private-network flag on every retry/)
+  assert.match(readmeSource, /--max-resource-urls 150/)
+  assert.match(readmeSource, /--max-resource-urls 50 --no-screenshot/)
+  assert.match(readmeSource, /only if the user accepts losing screenshot evidence/)
+  assert.match(readmeSource, /For Firefox E2E, use an exact safe public URL/)
+  assert.match(readmeSource, /if the URL is missing, ask for one/)
+  assert.match(readmeSource, /do not choose an arbitrary public page or `example\.com`/)
+  assert.match(readmeSource, /explicit Firefox profile/)
+  assert.match(readmeSource, /<firefox-profile-with-stackprism>/)
+  assert.match(readmeSource, /browserName: "Firefox"/)
+  assert.match(readmeSource, /evidence manifest outside the repository/)
+  assert.match(readmeSource, /Never paste or commit `apiToken`/)
+  assert.match(readmeSource, /shasum -a 256/)
+  assert.match(readmeSource, /redact `captureId`/)
+  assert.match(readmeSource, /tests\/stackprism_bridge_py\.test\.mjs/)
+  assert.match(agentsSource, /repo-local skill/)
+  assert.match(agentsSource, /JavaScript bridge 优先/)
+  assert.match(agentsSource, /Python fallback/)
+  assert.match(agentsSource, /ready JSON/)
+})
diff --git a/tests/stackprism_bridge_py.test.mjs b/tests/stackprism_bridge_py.test.mjs
new file mode 100644
index 00000000..7effabf0
--- /dev/null
+++ b/tests/stackprism_bridge_py.test.mjs
@@ -0,0 +1,3697 @@
+import assert from 'node:assert/strict'
+import { spawn, spawnSync } from 'node:child_process'
+import { once } from 'node:events'
+import { existsSync, mkdtempSync, readFileSync, rmSync } from 'node:fs'
+import net from 'node:net'
+import { tmpdir } from 'node:os'
+import { join } from 'node:path'
+import { test } from 'node:test'
+import { bridgePageScript, bridgePageStyle } from '../agent-skill/stackprism-site-experience/scripts/bridge/bridge-page-assets.mjs'
+import identifiers from './fixtures/bridge-protocol-identifiers.json' with { type: 'json' }
+import urlPolicyCases from './fixtures/bridge-url-policy-cases.json' with { type: 'json' }
+
+const request = {
+  url: 'https://93.184.216.34/app?view=one#frag',
+  mode: 'experience',
+  waitMs: 0,
+  include: ['tech'],
+  viewports: [],
+  options: { targetMode: 'reuse_or_new_tab' }
+}
+
+const readJson = async response => ({ status: response.status, body: await response.json(), headers: response.headers })
+const readBytes = async response => ({
+  status: response.status,
+  body: Buffer.from(await response.arrayBuffer()),
+  headers: response.headers
+})
+
+const waitForFileSync = filePath => {
+  const deadline = Date.now() + 2000
+  const waitBuffer = new Int32Array(new SharedArrayBuffer(4))
+  while (!existsSync(filePath) && Date.now() < deadline) Atomics.wait(waitBuffer, 0, 0, 25)
+  assert.equal(existsSync(filePath), true, `expected file to exist: ${filePath}`)
+}
+
+const sensitiveFailedError = (ready, created, config) => {
+  const sensitiveUrl = `${created.body.bridgeUrl}&token=secret&apiToken=${ready.apiToken}&bridgeToken=${config.bridgeToken}#frag`
+  return {
+    code: 'TARGET_TAB_CLOSED',
+    message: `Target closed while loading ${sensitiveUrl}`,
+    details: {
+      url: sensitiveUrl,
+      token: config.bridgeToken,
+      nonce: config.nonce,
+      nested: {
+        authorization: `Bearer ${ready.apiToken}`,
+        values: [config.bridgeToken, config.nonce, sensitiveUrl]
+      }
+    }
+  }
+}
+
+const assertErrorIsRedacted = (error, blockedValues) => {
+  const serialized = JSON.stringify(error)
+  for (const value of blockedValues) assert.equal(serialized.includes(value), false, value)
+  assert.doesNotMatch(serialized, /spbt?_[A-Za-z0-9_-]{8,}/)
+  assert.doesNotMatch(serialized, /\bn_[A-Za-z0-9_-]{8,}\b/)
+  assert.doesNotMatch(serialized, /token=secret|apiToken=|bridgeToken=|#frag/)
+  assert.match(serialized, /\[redacted/)
+}
+
+const assertJsonSecurityHeaders = (envelope, { referrerPolicy = false } = {}) => {
+  assert.match(envelope.headers.get('content-type') || '', /^application\/json; charset=utf-8\b/)
+  assert.equal(envelope.headers.get('cache-control'), 'no-store')
+  assert.equal(envelope.headers.get('x-content-type-options'), 'nosniff')
+  if (referrerPolicy) assert.equal(envelope.headers.get('referrer-policy'), 'no-referrer')
+}
+
+const createCapture = async ready =>
+  readJson(
+    await fetch(`${ready.baseUrl}/v1/captures`, {
+      method: 'POST',
+      headers: { Authorization: `Bearer ${ready.apiToken}`, 'Content-Type': 'application/json' },
+      body: JSON.stringify(request)
+    })
+  )
+
+const loadBridgeConfig = async bridgeUrl => {
+  const bridgePage = await fetch(bridgeUrl)
+  const html = await bridgePage.text()
+  return JSON.parse(html.match(/<script id="stackprism-agent-bridge-config" type="application\/json" nonce="[^"]+">([^<]+)/)[1])
+}
+
+const loadBridgePage = async bridgeUrl => {
+  const response = await fetch(bridgeUrl)
+  return { response, html: await response.text() }
+}
+
+const statusBody = (captureId, config, body) => ({
+  captureId,
+  sessionId: config.sessionId,
+  nonce: config.nonce,
+  protocolVersion: 1,
+  ...body
+})
+
+const percentEncodeFirstPayloadChar = value =>
+  `${value.slice(0, 2)}%${value.charCodeAt(2).toString(16).toUpperCase().padStart(2, '0')}${value.slice(3)}`
+
+const percentEncodeBridgeParam = (bridgeUrl, name) => {
+  const url = new URL(bridgeUrl)
+  const value = url.searchParams.get(name)
+  return bridgeUrl.replace(`${name}=${value}`, `${name}=${percentEncodeFirstPayloadChar(value)}`)
+}
+
+const acceptFinalUrl = async (ready, captureId, bridgeToken, finalUrl = request.url) => {
+  const requestEnvelope = await readJson(
+    await fetch(`${ready.baseUrl}/v1/captures/${captureId}/request`, { headers: { Authorization: `Bearer ${bridgeToken}` } })
+  )
+  assert.equal(requestEnvelope.status, 200)
+  assertJsonSecurityHeaders(requestEnvelope)
+  const response = await fetch(`${ready.baseUrl}/v1/captures/${captureId}/status`, {
+    method: 'POST',
+    headers: { Authorization: `Bearer ${bridgeToken}`, 'Content-Type': 'application/json' },
+    body: JSON.stringify(
+      statusBody(captureId, requestEnvelope.body, {
+        status: 'running',
+        phase: 'target_loaded',
+        sequence: 1,
+        finalUrl,
+        targetNetworkAddress: '93.184.216.34'
+      })
+    )
+  })
+  const envelope = await readJson(response)
+  assert.equal(envelope.status, 200)
+  assertJsonSecurityHeaders(envelope)
+  assert.equal(envelope.body.phase, 'target_loaded')
+}
+
+const profileFor = (captureId, overrides = {}) => ({
+  schema: 'stackprism.site_experience_profile.v1',
+  captureId,
+  generatedAt: new Date(0).toISOString(),
+  target: {},
+  browserContext: { extensionCapabilities: {} },
+  techProfile: {},
+  visualProfile: {},
+  layoutProfile: {},
+  componentProfile: {},
+  interactionProfile: {},
+  uxProfile: {},
+  assetProfile: {},
+  evidence: {},
+  limitations: [],
+  agentGuidance: {},
+  ...overrides
+})
+
+const startPythonBridge = async () => {
+  const child = spawn('python3', ['agent-skill/stackprism-site-experience/scripts/stackprism_bridge.py'], {
+    cwd: new URL('..', import.meta.url),
+    env: { ...process.env, STACKPRISM_BRIDGE_NO_OPEN: '1' },
+    stdio: ['pipe', 'pipe', 'pipe']
+  })
+  const ready = await readFirstStdoutJson(child)
+  return { child, ready }
+}
+
+const startPythonBridgeWithEnv = env =>
+  spawn('python3', ['agent-skill/stackprism-site-experience/scripts/stackprism_bridge.py'], {
+    cwd: new URL('..', import.meta.url),
+    env: { ...process.env, STACKPRISM_BRIDGE_NO_OPEN: '1', ...env },
+    stdio: ['pipe', 'pipe', 'pipe']
+  })
+
+const readFirstStdoutJson = async child => {
+  let stdout = ''
+  return new Promise((resolve, reject) => {
+    const cleanup = () => {
+      child.stdout.off('data', onData)
+      child.off('exit', onExit)
+    }
+    const onData = chunk => {
+      stdout += String(chunk)
+      const newline = stdout.indexOf('\n')
+      if (newline < 0) return
+      cleanup()
+      const line = stdout.slice(0, newline)
+      try {
+        resolve(JSON.parse(line))
+      } catch (error) {
+        reject(Object.assign(new Error('PYTHON_BRIDGE_READY_PARSE_FAILED'), { cause: error, stdout }))
+      }
+    }
+    const onExit = code => {
+      cleanup()
+      reject(Object.assign(new Error('PYTHON_BRIDGE_EXITED_BEFORE_READY'), { code, stdout }))
+    }
+    child.stdout.on('data', onData)
+    child.once('exit', onExit)
+  })
+}
+
+const listenOnLoopback = () =>
+  new Promise((resolve, reject) => {
+    const server = net.createServer()
+    server.once('error', reject)
+    server.listen(0, '127.0.0.1', () => resolve(server))
+  })
+
+const pythonOneShot = script => {
+  const result = spawnSync('python3', ['-c', `import json\n${script}`], {
+    cwd: new URL('..', import.meta.url),
+    env: {
+      ...process.env,
+      STACKPRISM_BRIDGE_NO_OPEN: '1',
+      PYTHONPATH: 'agent-skill/stackprism-site-experience/scripts',
+      PYTHONWARNINGS: 'ignore'
+    },
+    encoding: 'utf8'
+  })
+  assert.equal(result.status, 0, result.stderr)
+  return JSON.parse(result.stdout)
+}
+
+test('python fallback prints ready json and serves health', async () => {
+  const { child, ready } = await startPythonBridge()
+  try {
+    assert.equal(ready.event, 'stackprism-bridge-ready')
+    assert.match(ready.apiToken, /^spb_[A-Za-z0-9_-]{43}$/)
+    const health = await readJson(await fetch(ready.healthUrl))
+    assert.equal(health.status, 200)
+    assert.equal(health.body.service, 'stackprism-agent-bridge')
+    assert.equal(health.body.protocolVersion, 1)
+    const resourcePolicy = await pythonOneShot(`
+from stackprism_bridge_lib.server_factory import create_server
+server, _ready = create_server(0)
+print(json.dumps({
+    "request_queue_size": server.request_queue_size,
+    "timeout": server.timeout,
+    "create_limit": server.rate_limits["create"],
+    "query_limit": server.rate_limits["query"],
+}, sort_keys=True))
+server.server_close()
+`)
+    assert.equal(resourcePolicy.request_queue_size, 20)
+    assert.equal(resourcePolicy.timeout, 35)
+    assert.equal(resourcePolicy.create_limit, 10)
+    assert.equal(resourcePolicy.query_limit, 120)
+  } finally {
+    child.kill('SIGTERM')
+    await once(child, 'exit')
+  }
+})
+
+test('python fallback exits when stdin closes', async () => {
+  const { child } = await startPythonBridge()
+  child.stdin.end()
+  const [code] = await once(child, 'exit')
+  assert.equal(code, 0)
+})
+
+test('python fallback exits and closes listener on SIGTERM', async () => {
+  const { child, ready } = await startPythonBridge()
+  const health = await readJson(await fetch(ready.healthUrl))
+  assert.equal(health.status, 200)
+
+  child.kill('SIGTERM')
+  const [code] = await once(child, 'exit')
+
+  assert.equal(code, 0)
+  await assert.rejects(() => fetch(ready.healthUrl), /fetch failed/)
+})
+
+test('python fallback rate limits capture creation and api status reads', () => {
+  const parsed = pythonOneShot(`
+from stackprism_bridge_lib.server_factory import create_server
+import json
+import threading
+import urllib.error
+import urllib.request
+
+server, ready = create_server(0, rate_limits={"createLimitPerMinute": 1, "queryLimitPerMinute": 1})
+thread = threading.Thread(target=server.serve_forever, daemon=True)
+thread.start()
+
+request_body = json.dumps(${JSON.stringify(request)}).encode("utf-8")
+
+def call(method, path, token, body=None):
+    req = urllib.request.Request(
+        ready["baseUrl"] + path,
+        data=body,
+        method=method,
+        headers={"Authorization": f"Bearer {token}", "Content-Type": "application/json"},
+    )
+    try:
+        with urllib.request.urlopen(req, timeout=3) as response:
+            return response.status, json.loads(response.read().decode("utf-8"))
+    except urllib.error.HTTPError as exc:
+        return exc.code, json.loads(exc.read().decode("utf-8"))
+
+try:
+    first_status, first = call("POST", "/v1/captures", ready["apiToken"], request_body)
+    second_status, second = call("POST", "/v1/captures", ready["apiToken"])
+    query1_status, query1 = call("GET", "/v1/captures/" + first["id"], ready["apiToken"])
+    query2_status, query2 = call("GET", "/v1/captures/" + first["id"], ready["apiToken"])
+    print(json.dumps({
+        "first_status": first_status,
+        "second_status": second_status,
+        "second_code": second["error"]["code"],
+        "query1_status": query1_status,
+        "query2_status": query2_status,
+        "query2_code": query2["error"]["code"],
+    }, sort_keys=True))
+finally:
+    server.shutdown()
+    server.server_close()
+`)
+  assert.equal(parsed.first_status, 200)
+  assert.equal(parsed.second_status, 429)
+  assert.equal(parsed.second_code, 'RATE_LIMITED')
+  assert.equal(parsed.query1_status, 200)
+  assert.equal(parsed.query2_status, 429)
+  assert.equal(parsed.query2_code, 'RATE_LIMITED')
+})
+
+test('python fallback rate limits api profile reads', () => {
+  const parsed = pythonOneShot(`
+from stackprism_bridge_lib.server_factory import create_server
+import json
+import threading
+import urllib.error
+import urllib.request
+
+server, ready = create_server(0, rate_limits={"queryLimitPerMinute": 1})
+thread = threading.Thread(target=server.serve_forever, daemon=True)
+thread.start()
+
+request_body = json.dumps(${JSON.stringify(request)}).encode("utf-8")
+
+def call(method, path, token, body=None):
+    req = urllib.request.Request(
+        ready["baseUrl"] + path,
+        data=body,
+        method=method,
+        headers={"Authorization": f"Bearer {token}", "Content-Type": "application/json"},
+    )
+    try:
+        with urllib.request.urlopen(req, timeout=3) as response:
+            return response.status, json.loads(response.read().decode("utf-8")), dict(response.headers)
+    except urllib.error.HTTPError as exc:
+        return exc.code, json.loads(exc.read().decode("utf-8")), dict(exc.headers)
+
+try:
+    create_status, created, _create_headers = call("POST", "/v1/captures", ready["apiToken"], request_body)
+    profile1_status, profile1, profile1_headers = call("GET", "/v1/captures/" + created["id"] + "/profile", ready["apiToken"])
+    profile2_status, profile2, _profile2_headers = call("GET", "/v1/captures/" + created["id"] + "/profile", ready["apiToken"])
+    print(json.dumps({
+        "create_status": create_status,
+        "profile1_status": profile1_status,
+        "profile1_code": profile1["error"]["code"],
+        "profile1_referrer_policy": profile1_headers.get("Referrer-Policy"),
+        "profile2_status": profile2_status,
+        "profile2_code": profile2["error"]["code"],
+    }, sort_keys=True))
+finally:
+    server.shutdown()
+    server.server_close()
+`)
+  assert.equal(parsed.create_status, 200)
+  assert.equal(parsed.profile1_status, 409)
+  assert.equal(parsed.profile1_code, 'INVALID_REQUEST')
+  assert.equal(parsed.profile1_referrer_policy, 'no-referrer')
+  assert.equal(parsed.profile2_status, 429)
+  assert.equal(parsed.profile2_code, 'RATE_LIMITED')
+})
+
+test('python fallback uses random port only when unset and reports occupied port portably', async () => {
+  const child = startPythonBridgeWithEnv({})
+  try {
+    const ready = await readFirstStdoutJson(child)
+    assert.equal(ready.event, 'stackprism-bridge-ready')
+    assert.match(ready.baseUrl, /^http:\/\/127\.0\.0\.1:\d+$/)
+  } finally {
+    child.kill('SIGTERM')
+    await once(child, 'exit')
+  }
+
+  const invalid = startPythonBridgeWithEnv({ STACKPRISM_BRIDGE_PORT: '' })
+  let invalidStdout = ''
+  invalid.stdout.on('data', chunk => {
+    invalidStdout += String(chunk)
+  })
+  const [invalidStderr] = await once(invalid.stderr, 'data')
+  const invalidParsed = JSON.parse(String(invalidStderr).trim())
+  assert.equal(invalidParsed.error.code, 'BRIDGE_INVALID_ENV')
+  assert.equal(invalidStdout, '')
+  assert.equal(String(invalidStderr).includes('spb_'), false)
+  const [invalidCode] = await once(invalid, 'exit')
+  assert.notEqual(invalidCode, 0)
+
+  const occupied = await listenOnLoopback()
+  const { port } = occupied.address()
+  const blocked = startPythonBridgeWithEnv({ STACKPRISM_BRIDGE_PORT: String(port) })
+  let blockedStdout = ''
+  blocked.stdout.on('data', chunk => {
+    blockedStdout += String(chunk)
+  })
+  try {
+    const [stderr] = await once(blocked.stderr, 'data')
+    const parsed = JSON.parse(String(stderr).trim())
+    assert.equal(parsed.error.code, 'PORT_IN_USE')
+    assert.equal(blockedStdout, '')
+    assert.equal(String(stderr).includes('spb_'), false)
+    const [code] = await once(blocked, 'exit')
+    assert.notEqual(code, 0)
+  } finally {
+    await new Promise(resolve => occupied.close(resolve))
+  }
+})
+
+test('python fallback reports non-port startup failures with bridge start code', () => {
+  const parsed = pythonOneShot(`
+import stackprism_bridge
+
+def fail_create_server(_port):
+    raise OSError("cannot bind")
+
+errors = []
+def capture_fail_start(code, message):
+    errors.append({"code": code, "message": message})
+    return 1
+
+stackprism_bridge.create_server = fail_create_server
+stackprism_bridge.fail_start = capture_fail_start
+print(json.dumps({"exit": stackprism_bridge.main(), "error": errors[0]}))
+`)
+  assert.equal(parsed.exit, 1)
+  assert.equal(parsed.error.code, 'BRIDGE_START_FAILED')
+  assert.equal(parsed.error.message, 'Failed to start bridge server.')
+})
+
+test('python fallback sanitizer redacts screenshot download ids', () => {
+  const parsed = pythonOneShot(`
+from stackprism_bridge_lib.protocol import sanitize_bridge_error
+
+sanitized = sanitize_bridge_error({
+    "code": "INVALID_REQUEST",
+    "message": "screenshot shot_${'a'.repeat(43)} failed",
+    "details": {
+        "url": "http://127.0.0.1:17370/v1/captures/cap_1234567890123456789012/screenshot-download/shot_${'b'.repeat(43)}",
+    },
+})
+print(json.dumps(sanitized, sort_keys=True))
+`)
+
+  assert.equal(parsed.message, 'screenshot [redacted-id] failed')
+  assert.equal(JSON.stringify(parsed).includes('shot_'), false)
+})
+
+test('python fallback server factory validates browser open environment before binding', () => {
+  const parsed = pythonOneShot(`
+import json as json_module
+from stackprism_bridge_lib.server_factory import create_server
+results = []
+for env in (
+    {"STACKPRISM_BROWSER_OPEN_COMMAND": "bad\\0cmd"},
+    {"STACKPRISM_BROWSER_OPEN_COMMAND": "python3", "STACKPRISM_BROWSER_OPEN_ARGS_JSON": json_module.dumps(["bad\\0arg"])},
+):
+    try:
+        server, _ready = create_server(0, env=env)
+    except ValueError as exc:
+        results.append({"code": getattr(exc, "code", None), "message": str(exc)})
+    else:
+        server.server_close()
+        raise AssertionError("create_server accepted invalid browser open environment")
+print(json.dumps(results))
+`)
+  assert.deepEqual(
+    parsed.map(item => item.code),
+    ['BRIDGE_INVALID_ENV', 'BRIDGE_INVALID_ENV']
+  )
+  assert.equal(
+    parsed.every(item => /Browser open environment contains NUL/.test(item.message)),
+    true
+  )
+})
+
+test('python fallback creates captures with same basic error envelope', async () => {
+  const { child, ready } = await startPythonBridge()
+  try {
+    const unauthorized = await readJson(
+      await fetch(`${ready.baseUrl}/v1/captures`, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify(request)
+      })
+    )
+    assert.equal(unauthorized.status, 401)
+    assert.equal(unauthorized.body.error.code, 'UNAUTHORIZED')
+
+    const created = await createCapture(ready)
+    assert.equal(created.status, 200)
+    assert.match(created.body.id, /^cap_[A-Za-z0-9_-]{22}$/)
+    assert.equal(created.body.status, 'queued')
+    assert.deepEqual([...new URL(created.body.bridgeUrl).searchParams.keys()].sort(), ['capture', 'nonce', 'session'])
+    assert.equal(created.body.bridgeUrl.includes(ready.apiToken), false)
+    assert.equal(created.body.bridgeUrl.includes('apiToken'), false)
+    assert.equal(created.body.bridgeUrl.includes('bridgeToken'), false)
+    assert.doesNotMatch(created.body.bridgeUrl, /spbt?_[A-Za-z0-9_-]{20,}/)
+    const status = await readJson(
+      await fetch(`${ready.baseUrl}/v1/captures/${created.body.id}`, {
+        headers: { Authorization: `Bearer ${ready.apiToken}` }
+      })
+    )
+    assert.equal(status.status, 200)
+    assert.equal('error' in status.body, false)
+  } finally {
+    child.kill('SIGTERM')
+    await once(child, 'exit')
+  }
+})
+
+test('python fallback protocol helpers cover all bridge identifier kinds', () => {
+  const parsed = pythonOneShot(`
+from stackprism_bridge_lib.protocol import html_escape_script_json, is_known_bridge_error_code, new_csp_nonce, random_id, redact_url, safe_equal, valid_id
+from stackprism_bridge_lib.status import validate_status_update
+values = {
+    "apiToken": random_id("spb_", 32),
+    "bridgeToken": random_id("spbt_", 32),
+    "captureId": random_id("cap_", 16),
+    "sessionId": random_id("s_", 16),
+    "nonce": random_id("n_", 16),
+    "profileTransferId": random_id("xfer_", 16),
+    "cspNonce": new_csp_nonce(),
+}
+print(json.dumps({
+    "valid": {kind: valid_id(kind, value) for kind, value in values.items()},
+    "unknown": valid_id("unknown", values["apiToken"]),
+    "redacted": redact_url("https://example.com/app?token=secret#frag"),
+    "credential_redacted": redact_url("https://user:pass@example.com:8443/app?token=secret#frag"),
+    "render_error_code": is_known_bridge_error_code("BRIDGE_PAGE_RENDER_FAILED"),
+    "safe_equal_same": safe_equal("same-token", "same-token"),
+    "safe_equal_short": safe_equal("same-token", "same"),
+    "safe_equal_long_tail": safe_equal("aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaax", "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaay"),
+    "missing_phase_validation": validate_status_update(
+        {"id": values["captureId"], "sessionId": values["sessionId"], "nonce": values["nonce"], "status": "running", "sequence": 1},
+        {
+            "captureId": values["captureId"],
+            "sessionId": values["sessionId"],
+            "nonce": values["nonce"],
+            "protocolVersion": 1,
+            "status": "running",
+            "phase": "request_loaded",
+            "sequence": 2,
+        },
+    )[0],
+    "escaped": html_escape_script_json({"value": "</script><script>alert(1)</script>&\\u2028\\u2029"}),
+}, sort_keys=True))
+`)
+  assert.deepEqual(parsed.valid, {
+    apiToken: true,
+    bridgeToken: true,
+    captureId: true,
+    sessionId: true,
+    nonce: true,
+    profileTransferId: true,
+    cspNonce: true
+  })
+  assert.equal(parsed.unknown, false)
+  assert.equal(parsed.redacted, 'https://example.com/app?[redacted]')
+  assert.equal(parsed.credential_redacted, 'https://example.com:8443/app?[redacted]')
+  assert.equal(parsed.render_error_code, true)
+  assert.equal(parsed.safe_equal_same, true)
+  assert.equal(parsed.safe_equal_short, false)
+  assert.equal(parsed.safe_equal_long_tail, false)
+  assert.equal(parsed.missing_phase_validation, true)
+  assert.equal(parsed.escaped.includes('</script>'), false)
+  assert.equal(parsed.escaped.includes('<script>'), false)
+  assert.equal(parsed.escaped.includes('&'), false)
+  assert.match(parsed.escaped, /\\u2028/)
+  assert.match(parsed.escaped, /\\u2029/)
+})
+
+test('python fallback bridge page renderer validates CSP nonce', () => {
+  const parsed = pythonOneShot(`
+from stackprism_bridge_lib.bridge_page import render_bridge_page_html
+try:
+    render_bridge_page_html('bad" nonce', {"value": "https://example.com/"})
+    result = {"raised": False}
+except ValueError as error:
+    result = {"raised": True, "message": str(error)}
+print(json.dumps(result, sort_keys=True))
+`)
+
+  assert.equal(parsed.raised, true)
+  assert.equal(parsed.message, 'INVALID_CSP_NONCE')
+})
+
+test('python fallback bridge page assets match javascript bridge assets', () => {
+  const parsed = pythonOneShot(`
+from stackprism_bridge_lib.bridge_page_assets import BRIDGE_PAGE_SCRIPT, BRIDGE_PAGE_STYLE
+print(json.dumps({
+    "script": BRIDGE_PAGE_SCRIPT,
+    "style": BRIDGE_PAGE_STYLE,
+}, sort_keys=True))
+`)
+
+  assert.equal(parsed.style, bridgePageStyle)
+  assert.equal(parsed.script, bridgePageScript)
+})
+
+test('python fallback bridge page reports renderer nonce failures over HTTP', () => {
+  const parsed = pythonOneShot(`
+from stackprism_bridge_lib.server_factory import create_server
+import stackprism_bridge_lib.bridge_page as bridge_page
+import stackprism_bridge_lib.protocol as protocol
+import threading
+import urllib.error
+import urllib.request
+
+server, ready = create_server(0, env={"STACKPRISM_BRIDGE_NO_OPEN": "1"})
+thread = threading.Thread(target=server.serve_forever, daemon=True)
+thread.start()
+try:
+    payload = json.dumps(${JSON.stringify(request)}).encode("utf-8")
+    create_request = urllib.request.Request(
+        ready["baseUrl"] + "/v1/captures",
+        data=payload,
+        headers={"Authorization": "Bearer " + ready["apiToken"], "Content-Type": "application/json"},
+        method="POST",
+    )
+    created = json.loads(urllib.request.urlopen(create_request, timeout=5).read().decode("utf-8"))
+    bridge_page.new_csp_nonce = lambda: 'bad" nonce'
+    try:
+        urllib.request.urlopen(created["bridgeUrl"], timeout=5)
+        first = {"status": 200}
+    except urllib.error.HTTPError as error:
+        first = {"status": error.code, "body": json.loads(error.read().decode("utf-8"))}
+    bridge_page.new_csp_nonce = protocol.new_csp_nonce
+    retry = urllib.request.urlopen(created["bridgeUrl"], timeout=5)
+    result = {"first": first, "retry": {"status": retry.status, "content_type": retry.headers.get("content-type"), "body_prefix": retry.read(32).decode("utf-8")}}
+finally:
+    server.shutdown()
+    server.server_close()
+print(json.dumps(result, sort_keys=True))
+`)
+
+  assert.equal(parsed.first.status, 500)
+  assert.equal(parsed.first.body.error.code, 'BRIDGE_PAGE_RENDER_FAILED')
+  assert.equal(parsed.retry.status, 200)
+  assert.match(parsed.retry.content_type, /^text\/html; charset=utf-8\b/)
+  assert.match(parsed.retry.body_prefix, /^<!doctype html>/)
+})
+
+test('python fallback validates documented identifier fixtures', () => {
+  const parsed = pythonOneShot(`
+from stackprism_bridge_lib.protocol import valid_id
+identifiers = ${JSON.stringify(identifiers)}
+results = {}
+for kind, examples in identifiers.items():
+    results[kind] = {
+        "valid": [valid_id(kind, value) for value in examples["valid"]],
+        "invalid": [valid_id(kind, value) for value in examples["invalid"]],
+    }
+print(json.dumps(results, sort_keys=True))
+`)
+
+  for (const [kind, results] of Object.entries(parsed)) {
+    assert.deepEqual(
+      results.valid,
+      identifiers[kind].valid.map(() => true),
+      `${kind} valid fixtures should pass`
+    )
+    assert.deepEqual(
+      results.invalid,
+      identifiers[kind].invalid.map(() => false),
+      `${kind} invalid fixtures should fail`
+    )
+  }
+})
+
+test('python fallback open-browser helper validates env and URL before spawning', () => {
+  const parsed = pythonOneShot(`
+import stackprism_bridge_lib.open_browser as open_browser_module
+from stackprism_bridge_lib.open_browser import open_browser, windows_command_candidates
+
+def exploding_popen(*_args, **_kwargs):
+    raise RuntimeError("/Users/example/secret-browser failed")
+
+checks = {
+    "nul_env": open_browser("http://127.0.0.1:1/bridge", {"STACKPRISM_BROWSER_OPEN_COMMAND": "bad\\0cmd"}),
+    "nul_json_args": open_browser(
+        "http://127.0.0.1:1/bridge",
+        {"STACKPRISM_BROWSER_OPEN_COMMAND": "python3", "STACKPRISM_BROWSER_OPEN_ARGS_JSON": json.dumps(["bad\\0arg"])},
+    ),
+    "invalid_url": open_browser("http://127.0.0.1:1/bridge\\nnext", {"STACKPRISM_BRIDGE_NO_OPEN": "1"}),
+    "credential_url": open_browser("http://user:pass@127.0.0.1:1/bridge", {"STACKPRISM_BRIDGE_NO_OPEN": "1"}),
+    "invalid_scheme": open_browser("file:///tmp/stackprism.html", {"STACKPRISM_BRIDGE_NO_OPEN": "1"}),
+    "missing_command": open_browser("http://127.0.0.1:1/bridge", {"STACKPRISM_BROWSER_OPEN_COMMAND": "/definitely/missing/stackprism-browser"}),
+    "invalid_timeout": open_browser("http://127.0.0.1:1/bridge", {"STACKPRISM_BROWSER_OPEN_COMMAND": "python3", "STACKPRISM_BROWSER_OPEN_TIMEOUT_MS": "30001"}),
+    "open_failed": open_browser(
+        "http://127.0.0.1:1/bridge",
+        {"STACKPRISM_BROWSER_OPEN_COMMAND": "python3", "STACKPRISM_BROWSER_OPEN_ARGS_JSON": json.dumps(["-c", "import sys; sys.exit(7)"]), "STACKPRISM_BROWSER_OPEN_TIMEOUT_MS": "1000"},
+    ),
+    "windows_candidates": windows_command_candidates(r"C:\\Program Files\\Browser\\browser", {"PATHEXT": ".EXE;.CMD"}),
+}
+open_browser_module.subprocess.Popen = exploding_popen
+checks["spawn_failed"] = open_browser("http://127.0.0.1:1/bridge", {"STACKPRISM_BROWSER_OPEN_COMMAND": "python3"})
+print(json.dumps({name: result for name, result in checks.items()}, sort_keys=True))
+`)
+  assert.deepEqual(parsed.nul_env, [false, { reason: 'BRIDGE_INVALID_ENV', message: 'Browser open environment contains NUL.' }])
+  assert.deepEqual(parsed.nul_json_args, [false, { reason: 'BRIDGE_INVALID_ENV', message: 'Browser open environment contains NUL.' }])
+  assert.deepEqual(parsed.invalid_url, [false, { reason: 'invalid_url' }])
+  assert.deepEqual(parsed.credential_url, [false, { reason: 'invalid_url' }])
+  assert.deepEqual(parsed.invalid_scheme, [false, { reason: 'invalid_scheme', allowed: ['http', 'https'] }])
+  assert.deepEqual(parsed.missing_command, [false, { reason: 'command_not_found' }])
+  assert.deepEqual(parsed.invalid_timeout, [false, { reason: 'invalid_open_timeout' }])
+  assert.deepEqual(parsed.windows_candidates, ['C:\\Program Files\\Browser\\browser.EXE', 'C:\\Program Files\\Browser\\browser.CMD'])
+  assert.deepEqual(parsed.open_failed, [false, { reason: 'open_failed', exitCode: 7 }])
+  assert.deepEqual(parsed.spawn_failed, [false, { reason: 'spawn_failed' }])
+})
+
+test('python fallback open-browser helper appends bridge URL as one argv', () => {
+  const tempDir = mkdtempSync(join(tmpdir(), 'stackprism-open-'))
+  const argvPath = join(tempDir, 'argv.json')
+  const bridgeUrl = 'http://127.0.0.1:17370/bridge?session=s&capture=c&nonce=n value"quote;&cmd=$(echo bad)'
+  const script = 'import json, sys; open(sys.argv[1], "w").write(json.dumps(sys.argv[2:]))'
+
+  try {
+    const parsed = pythonOneShot(`
+from stackprism_bridge_lib.open_browser import open_browser
+print(json.dumps(open_browser(${JSON.stringify(bridgeUrl)}, {
+    "STACKPRISM_BROWSER_OPEN_COMMAND": "python3",
+    "STACKPRISM_BROWSER_OPEN_ARGS_JSON": json.dumps(["-c", ${JSON.stringify(script)}, ${JSON.stringify(argvPath)}]),
+})))
+`)
+
+    assert.deepEqual(parsed, [true, {}])
+    waitForFileSync(argvPath)
+    assert.deepEqual(JSON.parse(readFileSync(argvPath, 'utf8')), [bridgeUrl])
+  } finally {
+    rmSync(tempDir, { recursive: true, force: true })
+  }
+})
+
+test('python fallback open-browser helper selects platform default opener without shell parsing', () => {
+  const parsed = pythonOneShot(`
+from stackprism_bridge_lib.open_browser import resolve_browser_open_command
+
+checks = {
+    "darwin": resolve_browser_open_command({}, "Darwin"),
+    "windows": resolve_browser_open_command({}, "Windows"),
+    "linux": resolve_browser_open_command({}, "Linux"),
+    "custom": resolve_browser_open_command({
+        "STACKPRISM_BROWSER_OPEN_COMMAND": "/usr/bin/google-chrome",
+        "STACKPRISM_BROWSER_OPEN_ARGS_JSON": json.dumps(["--profile-directory=Default"]),
+    }, "Linux"),
+    "windows_custom": resolve_browser_open_command({
+        "STACKPRISM_BROWSER_OPEN_COMMAND": r"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe",
+        "STACKPRISM_BROWSER_OPEN_ARGS_JSON": json.dumps(["--profile-directory=Profile 2"]),
+    }, "Windows"),
+    "linux_firefox": resolve_browser_open_command({
+        "STACKPRISM_BROWSER_OPEN_COMMAND": "firefox",
+        "STACKPRISM_BROWSER_OPEN_ARGS_JSON": json.dumps(["-P", "stackprism-dev"]),
+    }, "Linux"),
+}
+print(json.dumps(checks, sort_keys=True))
+`)
+
+  assert.deepEqual(parsed.darwin, [true, { command: 'open', args: [] }])
+  assert.deepEqual(parsed.windows, [true, { command: 'rundll32.exe', args: ['url.dll,FileProtocolHandler'] }])
+  assert.deepEqual(parsed.linux, [true, { command: 'xdg-open', args: [] }])
+  assert.deepEqual(parsed.custom, [true, { command: '/usr/bin/google-chrome', args: ['--profile-directory=Default'] }])
+  assert.deepEqual(parsed.windows_custom, [
+    true,
+    { command: 'C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe', args: ['--profile-directory=Profile 2'] }
+  ])
+  assert.deepEqual(parsed.linux_firefox, [true, { command: 'firefox', args: ['-P', 'stackprism-dev'] }])
+})
+
+test('python fallback bridge page has CSP nonce and script-safe config', async () => {
+  const { child, ready } = await startPythonBridge()
+  try {
+    const created = await createCapture(ready)
+    const { response, html } = await loadBridgePage(created.body.bridgeUrl)
+    const csp = response.headers.get('content-security-policy')
+    const cspNonce = csp.match(/script-src 'nonce-([^']+)'/)?.[1]
+
+    assert.equal(response.status, 200)
+    assert.equal(response.headers.get('cache-control'), 'no-store')
+    assert.equal(response.headers.get('referrer-policy'), 'no-referrer')
+    assert.equal(response.headers.get('x-content-type-options'), 'nosniff')
+    assert.equal(response.headers.get('cross-origin-opener-policy'), 'same-origin')
+    assert.equal(response.headers.get('permissions-policy'), 'camera=(), microphone=(), geolocation=(), payment=(), usb=()')
+    assert.equal(csp.includes('unsafe-inline'), false)
+    assert.match(csp, /default-src 'none'/)
+    assert.match(csp, /frame-ancestors 'none'/)
+    assert.match(csp, /connect-src 'self'/)
+    assert.match(csp, /img-src data: blob:/)
+    assert.doesNotMatch(csp, /img-src[^;]*'self'/)
+    assert.match(csp, /base-uri 'none'/)
+    assert.match(csp, /form-action 'none'/)
+    assert.ok(cspNonce)
+    assert.match(csp, new RegExp(`style-src 'nonce-${cspNonce}'`))
+    assert.equal(response.headers.get('x-frame-options'), 'DENY')
+    assert.match(html, /meta name="stackprism-agent-bridge" content="1"/)
+    assert.match(html, /<link rel="icon" href="data:image\/svg\+xml,%3Csvg/)
+    assert.match(html, /id="bridgeCard" class="bridge-card" data-status="waiting_extension" aria-labelledby="bridge-title" tabindex="-1"/)
+    assert.match(html, /id="progressBar"/)
+    assert.match(html, /id="targetUrl" class="target-url" title="" target="_blank" rel="noopener noreferrer" aria-disabled="true"/)
+    assert.match(
+      html,
+      /id="openTargetUrl" class="preview-button target-open-link" target="_blank" rel="noopener noreferrer" aria-disabled="true" tabindex="-1"/
+    )
+    assert.match(html, /id="targetScreenshot"/)
+    assert.match(html, /id="targetScreenshot" alt=""/)
+    assert.match(html, /id="screenshotMeta"/)
+    assert.match(html, /id="screenshotDownload"/)
+    assert.match(html, /id="copyScreenshot"/)
+    assert.match(html, /id="downloadProfile"/)
+    assert.match(html, /class="preview-button profile-download-button"/)
+    assert.match(html, /id="copyAllInfo"/)
+    assert.match(html, /id="copyStatus"/)
+    assert.match(html, /id="modalCopyStatus"/)
+    assert.match(html, /id="screenshotTileValue"/)
+    assert.match(html, /id="screenshotStateBadge" class="state-chip" data-state="pending"/)
+    assert.match(html, /id="screenshotEmpty"/)
+    assert.match(html, /id="stepSummary" class="step-summary" role="status" aria-live="polite"/)
+    assert.match(html, /id="toggleSteps" class="flow-toggle" type="button" aria-controls="captureSteps" aria-expanded="false"/)
+    assert.match(html, /<ol id="captureSteps" class="steps" aria-label="采集步骤" role="list">/)
+    assert.match(html, /data-phase="bridge_connected" aria-current="step"/)
+    assert.match(html, /id="profileContentSection"/)
+    assert.match(html, /id="profileContentGrid"/)
+    assert.match(html, /id="screenshotModal"/)
+    assert.match(html, /id="modalDownload"/)
+    assert.match(html, /id="modalCopyScreenshot"/)
+    assert.match(html, /id="modalClose"/)
+    assert.match(html, /id="modalScreenshot" class="modal-image" alt=""/)
+    assert.match(html, /addEventListener\('click',openScreenshot\)/)
+    assert.match(html, /navigator\.clipboard\.writeText/)
+    assert.match(html, /new ClipboardItem/)
+    assert.match(html, /showCopyStatus\('已复制全部信息。'\)/)
+    assert.match(html, /flashCopyButton\('已复制'\)/)
+    assert.match(html, /const clipboardScreenshotBlob=async/)
+    assert.match(html, /createImageBitmap\(blob\)/)
+    assert.match(html, /'image\/png':blob/)
+    assert.match(html, /复制截图失败：浏览器未允许写入剪切板，或截图格式无法转换。/)
+    assert.match(html, /截图预览无法加载/)
+    assert.match(html, /截图预览无法加载，可重新采集或下载 Profile 查看图片链接。/)
+    assert.match(html, /downloadBlob\(await fetchScreenshotBlob\(\),screenshotFilename\(\)\)/)
+    assert.match(html, /currentProfileBlob=null,currentProfileFetchPromise=null/)
+    assert.match(html, /const ensureProfileCached=\(\)=>/)
+    assert.match(html, /downloadBlob\(await ensureProfileCached\(\),profileFilename\(\)\)/)
+    assert.match(html, /if\(status==='completed'\)ensureProfileCached\(\)\.catch\(\(\)=>\{\}\)/)
+    assert.match(html, /\/profile-download/)
+    assert.doesNotMatch(html, /config\.captureId\+'\/profile'/)
+    assert.match(
+      html,
+      /button:not\(:disabled\),a\[href\],input:not\(:disabled\),select:not\(:disabled\),textarea:not\(:disabled\),\[tabindex\]:not\(\[tabindex="-1"\]\)/
+    )
+    assert.match(html, /currentScreenshot\?\.mimeType==='image\/png'\?'png'/)
+    assert.match(html, /currentScreenshot\?\.mimeType==='image\/webp'\?'webp'/)
+    assert.match(html, /currentScreenshotObjectUrl=URL\.createObjectURL\(blob\)/)
+    assert.match(html, /el\.targetScreenshot\.alt='目标页面截图预览'/)
+    assert.match(html, /el\.targetScreenshot\.alt=''/)
+    assert.match(html, /color-scheme:light dark/)
+    assert.match(html, /@media \(prefers-color-scheme:dark\)/)
+    assert.match(html, /class="result-grid"/)
+    assert.match(html, /class="summary-grid"/)
+    assert.match(html, /class="screenshot-panel"/)
+    assert.match(html, /border-radius:16px/)
+    assert.match(html, /\.summary-grid\{display:grid;grid-template-columns:repeat\(4,minmax\(0,1fr\)\)/)
+    assert.match(html, /grid-template-columns:repeat\(auto-fit,minmax\(min\(100%,300px\),1fr\)\)/)
+    assert.match(html, /\.target-copy\{min-width:0\}/)
+    assert.match(html, /\.target-url\{margin:0;display:-webkit-box;overflow:hidden;overflow-wrap:anywhere;word-break:break-word/)
+    assert.match(html, /\.target-actions\{display:flex;min-width:0;flex-wrap:wrap;gap:10px;justify-content:flex-end\}/)
+    assert.match(
+      html,
+      /\.target-open-link\{min-width:132px;display:inline-flex;align-items:center;justify-content:center;text-decoration:none\}/
+    )
+    assert.match(html, /\.content-card \*\{min-width:0;max-width:100%;overflow-wrap:anywhere;word-break:break-word\}/)
+    assert.match(html, /\.content-card\{min-width:0;min-height:88px;padding:10px;overflow:hidden/)
+    assert.match(html, /\.content-card ul\{display:grid;min-width:0;gap:3px/)
+    assert.match(html, /\.content-card li\{min-width:0;line-height:1\.38;white-space:normal\}/)
+    assert.doesNotMatch(html, /@media \(max-width:980px\)\{[^}]*\.content-grid/)
+    assert.doesNotMatch(html, /@media \(max-width:760px\)\{[^}]*\.content-grid/)
+    assert.match(html, /--sp-neutral-line:#e5e9ee/)
+    assert.match(html, /grid-template-columns:minmax\(0,1\.22fr\) minmax\(320px,\.82fr\)/)
+    assert.match(html, /class="summary-handoff" aria-label="摘要包含"/)
+    assert.match(html, /摘要包含/)
+    assert.match(html, /技术栈/)
+    assert.match(html, /首屏结构/)
+    assert.match(html, /height:clamp\(190px,14vw,230px\)/)
+    assert.match(html, /object-fit:cover/)
+    assert.match(html, /object-position:top center/)
+    assert.match(html, /-webkit-line-clamp:2/)
+    assert.match(html, /\.target-url\[href\]\{cursor:pointer\}/)
+    assert.match(html, /\.target-url\[href\]:hover\{text-decoration:underline/)
+    assert.match(html, /targetHrefFor=value=>/)
+    assert.match(html, /url\.pathname\.includes\('\[redacted\]'\)/)
+    assert.match(html, /url\.search\.includes\('\[redacted\]'\)/)
+    assert.match(html, /setTargetUrl\(targetText\)/)
+    assert.match(html, /setTargetLink\(el\.openTargetUrl,targetHref\)/)
+    assert.match(html, /node\.removeAttribute\('aria-disabled'\)/)
+    assert.match(html, /\.bridge-header\{position:relative;display:block/)
+    assert.match(html, /\.summary-handoff\{display:none\}/)
+    assert.match(html, /class="target-actions"/)
+    assert.match(html, /class="preview-button primary target-copy-button"/)
+    assert.match(html, /class="flow-panel"/)
+    assert.match(html, /grid-template-columns:repeat\(8,minmax\(0,1fr\)\)/)
+    assert.match(html, /grid-template-columns:repeat\(2,minmax\(0,1fr\)\)/)
+    assert.match(html, /\.bridge-card\[data-status="completed"\] \.status-panel\{display:none\}/)
+    assert.match(html, /\.bridge-card\[data-status="completed"\]:not\(\[data-steps-open="true"\]\) \.steps\{display:none\}/)
+    assert.match(html, /\.state-chip\[data-state="ready"\]/)
+    assert.match(html, /setScreenshotState\('截图可用','ready'\)/)
+    assert.match(html, /setStepsOpen\(false\)/)
+    assert.match(html, /addEventListener\('click',\(\)=>setStepsOpen\(!stepsOpen,true\)\)/)
+    assert.match(
+      html,
+      /\.preview-button:disabled,.modal-close:disabled,.preview-button\[aria-disabled="true"\]\{cursor:not-allowed;opacity:1;background:#f7fbfa/
+    )
+    assert.match(html, /setCopyStatus\(modalOpen\(\)\?el\.modalCopyStatus:el\.copyStatus,value,type\)/)
+    assert.match(html, /const restore=el\.screenshotFrame\.disabled\?el\.bridgeCard:el\.screenshotFrame/)
+    assert.match(html, /if\(current\|\|failedCurrent\)step\.setAttribute\('aria-current','step'\)/)
+    assert.match(html, /else step\.removeAttribute\('aria-current'\)/)
+    assert.match(html, /!el\.screenshotModal\.contains\(document\.activeElement\)/)
+    assert.match(html, /step\.classList\.toggle\('failed',failedCurrent\)/)
+    assert.match(html, /\.step\.failed/)
+    assert.match(html, /\.bridge-card\[data-status="failed"\] \.progress span/)
+    assert.match(html, /\.copy-status\[data-state="error"\]\{background:#2a1211;border-color:#7f1d1d;color:#fca5a5\}/)
+    assert.match(html, /color:#fca5a5/)
+    assert.match(html, /color:#fbbf24/)
+    assert.match(html, /disconnected:'连接已关闭'/)
+    assert.match(html, /const targetText=preview\.targetUrl\|\|config\.targetUrl\|\|'等待读取目标网址'/)
+    assert.match(html, /el\.targetUrl\.title=targetText/)
+    assert.match(html, /本机 bridge 服务已关闭，当前页面无法继续读取状态。/)
+    assert.doesNotMatch(html, /Bridge status unavailable/)
+    assert.match(html, /data-phase="profiling_experience"/)
+    assert.match(html, /本机通道/)
+    assert.match(html, /连接本机 Agent 与当前浏览器 profile，展示本次采集结果。/)
+    assert.match(html, /采集目标/)
+    assert.match(html, /id="targetHelper" class="target-helper"/)
+    assert.match(html, /采集完成后可复制给本机 Coding Agent 使用。/)
+    assert.match(html, /已生成 Agent 可读摘要，可复制给本机 Coding Agent 使用。/)
+    assert.match(html, /面向复刻任务整理技术栈、视觉结构、交互路径与资产线索。/)
+    assert.match(html, /复刻重点/)
+    assert.match(html, /先看 Agent 可读内容/)
+    assert.match(html, /本页只服务当前一次采集/)
+    assert.match(html, /摘要不含 token、nonce、raw JSON 或截图 data URL/)
+    assert.match(html, /Agent 可读内容/)
+    assert.match(html, /完整 Profile 可在本页完成后下载/)
+    assert.match(html, new RegExp(`id="stackprism-agent-bridge-config" type="application/json" nonce="${cspNonce}"`))
+    assert.match(html, new RegExp(`<style nonce="${cspNonce}"`))
+    assert.match(html, new RegExp(`<script nonce="${cspNonce}"`))
+    assert.match(html, /fetch\('\/v1\/captures\/'\+config\.captureId/)
+    assert.match(html, /textContent=value/)
+    assert.match(html, /"bridgeToken":"spbt_[A-Za-z0-9_-]{43}"/)
+    assert.match(html, /"targetUrl":"https:\/\/93\.184\.216\.34\/app\?\[redacted\]"/)
+    assert.doesNotMatch(html, /"targetHref":/)
+
+    const second = await readJson(await fetch(created.body.bridgeUrl))
+    assert.equal(second.status, 409)
+    assert.equal(second.body.error.code, 'INVALID_REQUEST')
+    assert.doesNotMatch(JSON.stringify(second.body), /spbt_[A-Za-z0-9_-]{43}/)
+  } finally {
+    child.kill('SIGTERM')
+    await once(child, 'exit')
+  }
+})
+
+test('python fallback bridge page rejects cross-site navigation before token render', async () => {
+  const { child, ready } = await startPythonBridge()
+  try {
+    const created = await createCapture(ready)
+
+    const blockedReferer = await fetch(created.body.bridgeUrl, { headers: { Referer: 'https://attacker.example/page' } })
+    const blockedRefererText = await blockedReferer.text()
+    assert.equal(blockedReferer.status, 403)
+    assert.match(blockedRefererText, /ORIGIN_NOT_ALLOWED/)
+    assert.doesNotMatch(blockedRefererText, /spbt_[A-Za-z0-9_-]{43}/)
+
+    const blockedFetchSite = await fetch(created.body.bridgeUrl, { headers: { 'Sec-Fetch-Site': 'cross-site' } })
+    const blockedFetchSiteText = await blockedFetchSite.text()
+    assert.equal(blockedFetchSite.status, 403)
+    assert.match(blockedFetchSiteText, /ORIGIN_NOT_ALLOWED/)
+    assert.doesNotMatch(blockedFetchSiteText, /spbt_[A-Za-z0-9_-]{43}/)
+
+    const firstAllowed = await fetch(created.body.bridgeUrl)
+    const firstAllowedText = await firstAllowed.text()
+    assert.equal(firstAllowed.status, 200)
+    assert.match(firstAllowedText, /"bridgeToken":"spbt_[A-Za-z0-9_-]{43}"/)
+
+    const secondAllowed = await readJson(await fetch(created.body.bridgeUrl))
+    assert.equal(secondAllowed.status, 409)
+    assert.equal(secondAllowed.body.error.code, 'INVALID_REQUEST')
+    assert.doesNotMatch(JSON.stringify(secondAllowed.body), /spbt_[A-Za-z0-9_-]{43}/)
+  } finally {
+    child.kill('SIGTERM')
+    await once(child, 'exit')
+  }
+})
+
+test('python fallback bridge page does not reflect hostile query fragments or error messages', () => {
+  const parsed = pythonOneShot(`
+import re
+import threading
+import urllib.error
+import urllib.parse
+import urllib.request
+
+from stackprism_bridge_lib.server_factory import create_server
+
+hostile = "</script><script>alert(1)</script>#stackprism-fragment"
+
+def request_text(url):
+    try:
+        with urllib.request.urlopen(url, timeout=3) as response:
+            return response.status, response.read().decode("utf-8")
+    except urllib.error.HTTPError as error:
+        return error.code, error.read().decode("utf-8")
+
+def request_json(method, url, token=None, body=None):
+    headers = {}
+    data = None
+    if token:
+        headers["Authorization"] = f"Bearer {token}"
+    if body is not None:
+        headers["Content-Type"] = "application/json"
+        data = json.dumps(body).encode("utf-8")
+    req = urllib.request.Request(url, data=data, headers=headers, method=method)
+    try:
+        with urllib.request.urlopen(req, timeout=3) as response:
+            return response.status, json.loads(response.read().decode("utf-8"))
+    except urllib.error.HTTPError as error:
+        return error.code, json.loads(error.read().decode("utf-8"))
+
+def make_capture(ready):
+    capture_request = {
+        "url": "https://93.184.216.34/app?view=one#frag",
+        "mode": "experience",
+        "waitMs": 0,
+        "include": ["tech"],
+        "viewports": [],
+        "options": {"targetMode": "reuse_or_new_tab"},
+    }
+    _, created = request_json("POST", f"{ready['baseUrl']}/v1/captures", ready["apiToken"], capture_request)
+    return created
+
+server, ready = create_server(0)
+thread = threading.Thread(target=server.serve_forever, daemon=True)
+thread.start()
+try:
+    created = make_capture(ready)
+    hostile_url = created["bridgeUrl"] + "&unexpected=" + urllib.parse.quote(hostile) + "#" + urllib.parse.quote(hostile)
+    invalid_status, invalid_html = request_text(hostile_url)
+
+    capture = server.store.get(created["id"])
+    capture["status"] = "failed"
+    capture["phase"] = "cleanup"
+    capture["error"] = {"code": "TARGET_TAB_CLOSED", "message": hostile}
+    terminal_status, terminal_html = request_text(created["bridgeUrl"])
+
+    print(json.dumps({
+        "invalidStatus": invalid_status,
+        "invalidHasCode": "INVALID_REQUEST" in invalid_html,
+        "invalidHasFragment": "stackprism-fragment" in invalid_html,
+        "invalidHasScript": "<script>alert(1)</script>" in invalid_html,
+        "invalidHasToken": bool(re.search(r"spbt_[A-Za-z0-9_-]{43}", invalid_html)),
+        "terminalStatus": terminal_status,
+        "terminalHasCode": "TARGET_TAB_CLOSED" in terminal_html,
+        "terminalHasFragment": "stackprism-fragment" in terminal_html,
+        "terminalHasScript": "<script>alert(1)</script>" in terminal_html,
+        "terminalHasToken": bool(re.search(r"spbt_[A-Za-z0-9_-]{43}", terminal_html)),
+    }, sort_keys=True))
+finally:
+    server.shutdown()
+    server.server_close()
+`)
+  assert.equal(parsed.invalidStatus, 400)
+  assert.equal(parsed.invalidHasCode, true)
+  assert.equal(parsed.invalidHasFragment, false)
+  assert.equal(parsed.invalidHasScript, false)
+  assert.equal(parsed.invalidHasToken, false)
+  assert.equal(parsed.terminalStatus, 409)
+  assert.equal(parsed.terminalHasCode, true)
+  assert.equal(parsed.terminalHasFragment, false)
+  assert.equal(parsed.terminalHasScript, false)
+  assert.equal(parsed.terminalHasToken, false)
+})
+
+test('python fallback reports browser open failure during capture creation', async () => {
+  const child = startPythonBridgeWithEnv({
+    STACKPRISM_BRIDGE_NO_OPEN: '0',
+    STACKPRISM_BROWSER_OPEN_COMMAND: '/definitely/missing/stackprism-browser'
+  })
+  try {
+    const ready = await readFirstStdoutJson(child)
+    const rejected = await createCapture(ready)
+    assert.equal(rejected.status, 500)
+    assert.equal(rejected.body.error.code, 'BROWSER_OPEN_FAILED')
+  } finally {
+    child.kill('SIGTERM')
+    await once(child, 'exit')
+  }
+})
+
+test('python fallback reports invalid browser open args during capture creation', async t => {
+  const cases = [
+    ['invalid_json', '{'],
+    ['non_array', JSON.stringify({ profile: 'Default' })],
+    ['non_string_arg', JSON.stringify(['--profile-directory=Default', 42])]
+  ]
+
+  for (const [name, argsJson] of cases) {
+    await t.test(name, async () => {
+      const child = startPythonBridgeWithEnv({
+        STACKPRISM_BRIDGE_NO_OPEN: '0',
+        STACKPRISM_BROWSER_OPEN_COMMAND: 'python3',
+        STACKPRISM_BROWSER_OPEN_ARGS_JSON: argsJson
+      })
+      try {
+        const ready = await readFirstStdoutJson(child)
+        const rejected = await createCapture(ready)
+        assert.equal(rejected.status, 500)
+        assert.equal(rejected.body.error.code, 'BROWSER_OPEN_FAILED')
+        assert.deepEqual(rejected.body.error.details, { reason: 'invalid_open_args' })
+      } finally {
+        child.kill('SIGTERM')
+        await once(child, 'exit')
+      }
+    })
+  }
+})
+
+test('python fallback bridge token can fetch request and post profile', async () => {
+  const { child, ready } = await startPythonBridge()
+  try {
+    const created = await createCapture(ready)
+    const config = await loadBridgeConfig(created.body.bridgeUrl)
+
+    const status = await readJson(
+      await fetch(`${ready.baseUrl}/v1/captures/${created.body.id}`, {
+        headers: { Authorization: `Bearer ${ready.apiToken}` }
+      })
+    )
+    assert.equal(status.status, 200)
+    assertJsonSecurityHeaders(status)
+
+    const requestEnvelope = await readJson(
+      await fetch(`${ready.baseUrl}/v1/captures/${created.body.id}/request`, {
+        headers: { Authorization: `Bearer ${config.bridgeToken}` }
+      })
+    )
+    assert.equal(requestEnvelope.status, 200)
+    assertJsonSecurityHeaders(requestEnvelope)
+    assert.equal(requestEnvelope.body.captureId, created.body.id)
+    assert.equal(requestEnvelope.body.request.url, 'https://93.184.216.34/app?view=one')
+    assert.deepEqual(Object.keys(requestEnvelope.body).sort(), ['captureId', 'nonce', 'protocolVersion', 'request', 'sessionId'])
+
+    const control = await readJson(
+      await fetch(`${ready.baseUrl}/v1/captures/${created.body.id}/control`, {
+        headers: { Authorization: `Bearer ${config.bridgeToken}` }
+      })
+    )
+    assert.equal(control.status, 200)
+    assertJsonSecurityHeaders(control)
+
+    await acceptFinalUrl(ready, created.body.id, config.bridgeToken)
+
+    const profile = profileFor(created.body.id, {
+      target: { language: 'zh-CN', pagePurpose: 'Landing page token=secret' },
+      techProfile: {
+        technologies: [
+          { name: 'Vue', category: '前端框架' },
+          { name: 'Tailwind CSS', category: 'UI / CSS 框架' }
+        ],
+        primaryFrontend: 'Vue',
+        uiFramework: 'Tailwind CSS',
+        buildRuntime: 'Vite',
+        thirdPartyServices: ['Stripe token=secret', 'Authorization: Bearer secret-token-123']
+      },
+      visualProfile: {
+        colorTokens: ['#0f766e'],
+        fonts: ['Inter'],
+        screenshot: {
+          dataUrl: 'data:image/jpeg;base64,ZmFrZS1qcGVn',
+          mimeType: 'image/jpeg',
+          byteLength: 9,
+          scope: 'visible_viewport'
+        }
+      },
+      layoutProfile: { landmarks: ['header', 'main'] },
+      componentProfile: { counts: { button: 3, card: 2 }, samples: [{ name: 'Hero card' }] },
+      interactionProfile: { transitions: ['opacity 0.2s'], stickyOrFixed: ['header'] },
+      uxProfile: {
+        pagePurpose: 'Product signup',
+        primaryUserPath: ['Open pricing'],
+        informationHierarchy: ['Hero', 'Features'],
+        contentGrouping: ['summary', 'pricing'],
+        navigationDepth: 'nav_links:4',
+        ctaStrategy: ['Start free'],
+        trustSignals: ['Customer logos'],
+        frictionPoints: ['Long form user@example.com']
+      },
+      assetProfile: {
+        scripts: ['https://cdn.example.com/app.js?token=secret'],
+        stylesheets: ['https://cdn.example.com/app.css?token=secret'],
+        cdnHints: ['cdn.example.com']
+      },
+      evidence: {
+        privateText: 'not for bridge status',
+        token: config.bridgeToken
+      },
+      limitations: ['screenshot_metadata_not_requested'],
+      agentGuidance: {
+        summary: '优先复刻视觉层级和交互反馈。',
+        recreationPlan: {
+          implementationOrder: ['Define tokens', 'Build layout'],
+          designTokens: { colors: ['#0f766e'], fontFamilies: ['Inter'] },
+          layoutBlueprint: { informationHierarchy: ['Hero', 'Features'], contentGrouping: ['summary', 'pricing'] },
+          componentInventory: { counts: { button: 3 }, priorityTypes: ['button', 'card'], geometryIncluded: false },
+          interactionChecklist: { transitions: ['opacity 0.2s'] },
+          assetHints: { scriptCount: 1, stylesheetCount: 1, resourceDomains: ['cdn.example.com:2'] },
+          verificationChecklist: ['Compare screenshot', 'Smoke test interactions']
+        }
+      }
+    })
+    const posted = await readJson(
+      await fetch(`${ready.baseUrl}/v1/captures/${created.body.id}/profile`, {
+        method: 'POST',
+        headers: { Authorization: `Bearer ${config.bridgeToken}`, 'Content-Type': 'application/json' },
+        body: JSON.stringify(profile)
+      })
+    )
+    assert.equal(posted.status, 200)
+    assertJsonSecurityHeaders(posted)
+    assert.equal(posted.body.status, 'completed')
+    assert.equal(posted.body.preview.targetUrl, 'https://93.184.216.34/app?[redacted]')
+    assert.equal(posted.body.preview.screenshot.dataUrl, undefined)
+    assert.match(
+      posted.body.preview.screenshot.downloadUrl,
+      new RegExp(`^${ready.baseUrl}/v1/captures/${created.body.id}/screenshot-download/shot_[A-Za-z0-9_-]{43}$`)
+    )
+    assert.equal(posted.body.preview.screenshot.scope, 'visible_viewport')
+    assert.equal(posted.body.preview.contentSummary.cards[0].title, '复刻建议')
+    assert.equal(
+      posted.body.preview.contentSummary.cards.some(card => card.title === '技术栈'),
+      true
+    )
+    assert.equal(
+      posted.body.preview.contentSummary.cards.some(card => card.title === '复刻建议'),
+      true
+    )
+    assert.match(posted.body.preview.copyText, /# StackPrism Site Experience/)
+    assert.ok(posted.body.preview.copyText.indexOf('## 复刻建议') < posted.body.preview.copyText.indexOf('## 技术栈'))
+    assert.match(posted.body.preview.copyText, /## 技术栈/)
+    assert.match(posted.body.preview.copyText, /Vue/)
+    assert.match(posted.body.preview.copyText, /主要路径: Open pricing/)
+    assert.match(posted.body.preview.copyText, /信任信号: Customer logos/)
+    assert.match(posted.body.preview.copyText, /token=\[redacted\]/)
+    assert.match(posted.body.preview.copyText, /Authorization=\[redacted\]/)
+    assert.doesNotMatch(posted.body.preview.copyText, /data:image\/jpeg;base64/)
+    assert.doesNotMatch(posted.body.preview.copyText, /spbt_[A-Za-z0-9_-]{43}/)
+    assert.doesNotMatch(posted.body.preview.copyText, /not for bridge status|user@example\.com|token=secret|secret-token-123/)
+    assert.equal(JSON.stringify(posted.body).includes('not for bridge status'), false)
+
+    const completedControl = await readJson(
+      await fetch(`${ready.baseUrl}/v1/captures/${created.body.id}/control`, {
+        headers: { Authorization: `Bearer ${config.bridgeToken}` }
+      })
+    )
+    assert.equal(completedControl.status, 200)
+    assert.equal(completedControl.body.command, 'cancel')
+    assert.equal(completedControl.body.status, 'completed')
+
+    const completedStatus = await readJson(
+      await fetch(`${ready.baseUrl}/v1/captures/${created.body.id}`, {
+        headers: { Authorization: `Bearer ${config.bridgeToken}` }
+      })
+    )
+    assert.equal(completedStatus.status, 200)
+    assert.equal(completedStatus.body.preview.targetUrl, 'https://93.184.216.34/app?[redacted]')
+    assert.equal(completedStatus.body.preview.screenshot.mimeType, 'image/jpeg')
+    assert.equal(completedStatus.body.preview.screenshot.downloadUrl, posted.body.preview.screenshot.downloadUrl)
+    assert.equal(completedStatus.body.preview.copyText, posted.body.preview.copyText)
+    assert.equal(JSON.stringify(completedStatus.body).includes('not for bridge status'), false)
+
+    const downloaded = await readJson(
+      await fetch(`${ready.baseUrl}/v1/captures/${created.body.id}/profile-download`, {
+        headers: { Authorization: `Bearer ${config.bridgeToken}` }
+      })
+    )
+    assert.equal(downloaded.status, 200)
+    assertJsonSecurityHeaders(downloaded, { referrerPolicy: true })
+    assert.equal(downloaded.headers.get('content-disposition'), `attachment; filename="stackprism-${created.body.id}-profile.json"`)
+    assert.equal(downloaded.body.schema, 'stackprism.site_experience_profile.v1')
+    assert.equal(downloaded.body.captureId, created.body.id)
+    assert.equal(downloaded.body.visualProfile.screenshot.dataUrl, undefined)
+    assert.equal(downloaded.body.visualProfile.screenshot.downloadUrl, posted.body.preview.screenshot.downloadUrl)
+    assert.equal(downloaded.body.visualProfile.screenshot.downloadMethod, 'GET')
+    assert.equal(downloaded.body.visualProfile.screenshot.lifecycle.requiresLocalBridge, true)
+    assert.match(downloaded.body.visualProfile.screenshot.lifecycle.availableUntil, /^\d{4}-\d{2}-\d{2}T/)
+    assert.match(downloaded.body.visualProfile.screenshot.lifecycle.note, /before the local bridge process exits/)
+    assert.match(downloaded.body.visualProfile.screenshot.note, /base64 is intentionally omitted/)
+    assert.match(downloaded.body.visualProfile.screenshot.profileJsonNote, /standard JSON and cannot contain comments/)
+    assert.equal(downloaded.body.agentGuidance.recreationPlan.visualReference.screenshotBase64Included, false)
+    assert.equal(downloaded.body.agentGuidance.recreationPlan.visualReference.screenshotIncluded, true)
+    assert.match(
+      downloaded.body.agentGuidance.recreationPlan.visualReference.screenshotProfileJsonNote,
+      /standard JSON and cannot contain comments/
+    )
+    assert.equal(
+      downloaded.body.agentGuidance.recreationPlan.visualReference.screenshotDownloadUrl,
+      posted.body.preview.screenshot.downloadUrl
+    )
+
+    const unauthenticatedScreenshotDownload = await readBytes(await fetch(downloaded.body.visualProfile.screenshot.downloadUrl))
+    assert.equal(unauthenticatedScreenshotDownload.status, 200)
+    assert.equal(unauthenticatedScreenshotDownload.headers.get('content-type'), 'image/jpeg')
+    assert.equal(unauthenticatedScreenshotDownload.body.toString('utf8'), 'fake-jpeg')
+
+    const screenshotDownload = await readBytes(
+      await fetch(downloaded.body.visualProfile.screenshot.downloadUrl, {
+        headers: { Authorization: `Bearer ${config.bridgeToken}` }
+      })
+    )
+    assert.equal(screenshotDownload.status, 200)
+    assert.equal(screenshotDownload.headers.get('content-type'), 'image/jpeg')
+    assert.equal(
+      screenshotDownload.headers.get('content-disposition'),
+      `attachment; filename="stackprism-${created.body.id}-screenshot.jpg"`
+    )
+    assert.equal(screenshotDownload.body.toString('utf8'), 'fake-jpeg')
+
+    const apiScreenshotDownload = await readBytes(
+      await fetch(downloaded.body.visualProfile.screenshot.downloadUrl, {
+        headers: { Authorization: `Bearer ${ready.apiToken}` }
+      })
+    )
+    assert.equal(apiScreenshotDownload.status, 200)
+    assert.equal(apiScreenshotDownload.headers.get('content-type'), 'image/jpeg')
+    assert.equal(apiScreenshotDownload.body.toString('utf8'), 'fake-jpeg')
+
+    const badScreenshotUrl = `${ready.baseUrl}/v1/captures/${created.body.id}/screenshot-download/shot_${'x'.repeat(43)}`
+    const missingScreenshotAuth = await readJson(await fetch(badScreenshotUrl))
+    assert.equal(missingScreenshotAuth.status, 403)
+    assert.equal(missingScreenshotAuth.body.error.code, 'FORBIDDEN')
+    const badScreenshotDownload = await readJson(
+      await fetch(badScreenshotUrl, {
+        headers: { Authorization: `Bearer ${config.bridgeToken}` }
+      })
+    )
+    assert.equal(badScreenshotDownload.status, 403)
+    assert.equal(badScreenshotDownload.body.error.code, 'FORBIDDEN')
+
+    const downloadReadyStatus = await readJson(
+      await fetch(`${ready.baseUrl}/v1/captures/${created.body.id}`, {
+        headers: { Authorization: `Bearer ${ready.apiToken}` }
+      })
+    )
+    assert.equal(downloadReadyStatus.status, 200)
+    assert.equal(downloadReadyStatus.body.profileDownloadReady, true)
+
+    const forbidden = await readJson(
+      await fetch(`${ready.baseUrl}/v1/captures/${created.body.id}/profile`, {
+        headers: { Authorization: `Bearer ${config.bridgeToken}` }
+      })
+    )
+    assert.equal(forbidden.status, 403)
+    assert.equal(forbidden.body.error.code, 'BRIDGE_TOKEN_CANNOT_READ_PROFILE')
+    assertJsonSecurityHeaders(forbidden, { referrerPolicy: true })
+
+    const fetched = await readJson(
+      await fetch(`${ready.baseUrl}/v1/captures/${created.body.id}/profile`, {
+        headers: { Authorization: `Bearer ${ready.apiToken}` }
+      })
+    )
+    assert.equal(fetched.status, 200)
+    assertJsonSecurityHeaders(fetched, { referrerPolicy: true })
+    assert.equal(fetched.body.schema, 'stackprism.site_experience_profile.v1')
+    assert.equal(fetched.body.visualProfile.screenshot.dataUrl, undefined)
+  } finally {
+    child.kill('SIGTERM')
+    await once(child, 'exit')
+  }
+})
+
+test('python fallback status preview derives screenshot mime type from the data URL', async () => {
+  const { child, ready } = await startPythonBridge()
+  try {
+    const created = await createCapture(ready)
+    const config = await loadBridgeConfig(created.body.bridgeUrl)
+    await acceptFinalUrl(ready, created.body.id, config.bridgeToken)
+
+    const profile = profileFor(created.body.id, {
+      visualProfile: {
+        screenshot: {
+          dataUrl: 'data:image/webp;base64,ZmFrZS13ZWJw',
+          mimeType: 'image/jpeg',
+          byteLength: 9,
+          scope: 'visible_viewport'
+        }
+      }
+    })
+    const posted = await readJson(
+      await fetch(`${ready.baseUrl}/v1/captures/${created.body.id}/profile`, {
+        method: 'POST',
+        headers: { Authorization: `Bearer ${config.bridgeToken}`, 'Content-Type': 'application/json' },
+        body: JSON.stringify(profile)
+      })
+    )
+
+    assert.equal(posted.status, 200)
+    assert.equal(posted.body.preview.screenshot.mimeType, 'image/webp')
+  } finally {
+    child.kill('SIGTERM')
+    await once(child, 'exit')
+  }
+})
+
+test('python fallback profile reads and authenticated screenshot downloads refresh result TTL', () => {
+  const parsed = pythonOneShot(`
+from stackprism_bridge_lib.server_factory import create_server
+import base64
+import json
+import re
+import threading
+import urllib.error
+import urllib.request
+from html import unescape
+
+clock = {"now": 1000.0}
+
+def now():
+    return clock["now"]
+
+def request(method, url, token=None, body=None):
+    headers = {}
+    data = None
+    if token:
+        headers["Authorization"] = f"Bearer {token}"
+    if body is not None:
+        headers["Content-Type"] = "application/json"
+        data = json.dumps(body).encode("utf-8")
+    req = urllib.request.Request(url, data=data, headers=headers, method=method)
+    try:
+        with urllib.request.urlopen(req, timeout=3) as response:
+            body_bytes = response.read()
+            content_type = response.headers.get("content-type", "")
+            parsed = json.loads(body_bytes.decode("utf-8")) if content_type.startswith("application/json") else None
+            return {"status": response.status, "body": parsed, "text": body_bytes.decode("utf-8", "replace"), "content_type": content_type}
+    except urllib.error.HTTPError as error:
+        body_bytes = error.read()
+        try:
+            parsed = json.loads(body_bytes.decode("utf-8"))
+        except json.JSONDecodeError:
+            parsed = None
+        return {"status": error.code, "body": parsed, "text": body_bytes.decode("utf-8", "replace"), "content_type": error.headers.get("content-type", "")}
+
+def bridge_config(html):
+    match = re.search(r'<script id="stackprism-agent-bridge-config" type="application/json" nonce="[^"]+">([^<]+)</script>', html)
+    return json.loads(unescape(match.group(1)))
+
+def status_body(created, config, body):
+    return {
+        "captureId": created["id"],
+        "sessionId": config["sessionId"],
+        "nonce": config["nonce"],
+        "protocolVersion": 1,
+        **body,
+    }
+
+server, ready = create_server(0, now=now, result_ttl_seconds=0.1)
+thread = threading.Thread(target=server.serve_forever, daemon=True)
+thread.start()
+try:
+    created = request("POST", f"{ready['baseUrl']}/v1/captures", ready["apiToken"], ${JSON.stringify(request)})["body"]
+    config = bridge_config(request("GET", created["bridgeUrl"])["text"])
+    request("GET", f"{ready['baseUrl']}/v1/captures/{created['id']}/request", config["bridgeToken"])
+    request(
+        "POST",
+        f"{ready['baseUrl']}/v1/captures/{created['id']}/status",
+        config["bridgeToken"],
+        status_body(created, config, {"status": "running", "phase": "target_loaded", "sequence": 1, "finalUrl": ${JSON.stringify(request.url)}, "targetNetworkAddress": "93.184.216.34"}),
+    )
+    profile = ${JSON.stringify(profileFor('__CAPTURE_ID__'))}
+    profile["captureId"] = created["id"]
+    profile["visualProfile"] = {
+        "screenshot": {
+            "dataUrl": "data:image/png;base64," + base64.b64encode(b"fake-png").decode("ascii"),
+            "mimeType": "image/png",
+            "byteLength": 8,
+            "scope": "visible_viewport",
+        }
+    }
+    profile["agentGuidance"] = {"recreationPlan": {"visualReference": {}}}
+    request("POST", f"{ready['baseUrl']}/v1/captures/{created['id']}/profile", config["bridgeToken"], profile)
+    capture = server.store.get(created["id"])
+    stored_data_url_present = "dataUrl" in capture["profile"]["visualProfile"]["screenshot"]
+    stored_screenshot_body = capture["screenshotAsset"]["data"].decode("utf-8")
+    first_expiry = capture["resultExpiresAt"]
+    clock["now"] = first_expiry - 0.001
+    profile_read = request("GET", f"{ready['baseUrl']}/v1/captures/{created['id']}/profile", ready["apiToken"])
+    refreshed_expiry = capture["resultExpiresAt"]
+    clock["now"] = first_expiry + 0.001
+    screenshot_read = request("GET", profile_read["body"]["visualProfile"]["screenshot"]["downloadUrl"], config["bridgeToken"])
+    after_screenshot_expiry = capture["resultExpiresAt"]
+    clock["now"] = after_screenshot_expiry + 0.001
+    expired_screenshot = request("GET", profile_read["body"]["visualProfile"]["screenshot"]["downloadUrl"], config["bridgeToken"])
+    screenshot = profile_read["body"]["visualProfile"]["screenshot"]
+    visual_reference = profile_read["body"]["agentGuidance"]["recreationPlan"]["visualReference"]
+    print(json.dumps({
+        "profileStatus": profile_read["status"],
+        "dataUrlPresent": "dataUrl" in profile_read["body"]["visualProfile"]["screenshot"],
+        "storedDataUrlPresent": stored_data_url_present,
+        "storedScreenshotBody": stored_screenshot_body,
+        "refreshed": refreshed_expiry > first_expiry,
+        "screenshotStatus": screenshot_read["status"],
+        "screenshotType": screenshot_read["content_type"],
+        "screenshotBody": screenshot_read["text"],
+        "afterScreenshotExpiry": after_screenshot_expiry,
+        "refreshedExpiry": refreshed_expiry,
+        "availableUntil": screenshot["lifecycle"]["availableUntil"],
+        "visualReferenceAvailableUntil": visual_reference["screenshotAvailableUntil"],
+        "expiredStatus": expired_screenshot["status"],
+        "expiredCode": expired_screenshot["body"]["error"]["code"],
+    }, sort_keys=True))
+finally:
+    server.shutdown()
+    server.server_close()
+`)
+
+  assert.equal(parsed.profileStatus, 200)
+  assert.equal(parsed.dataUrlPresent, false)
+  assert.equal(parsed.storedDataUrlPresent, false)
+  assert.equal(parsed.storedScreenshotBody, 'fake-png')
+  assert.equal(parsed.refreshed, true)
+  assert.equal(parsed.screenshotStatus, 200)
+  assert.equal(parsed.screenshotType, 'image/png')
+  assert.equal(parsed.screenshotBody, 'fake-png')
+  assert.ok(parsed.afterScreenshotExpiry > parsed.refreshedExpiry)
+  assert.match(parsed.availableUntil, /^\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}\.\d{3}Z$/)
+  assert.equal(parsed.availableUntil, parsed.visualReferenceAvailableUntil)
+  assert.equal(parsed.expiredStatus, 410)
+  assert.equal(parsed.expiredCode, 'CAPTURE_RESULT_EXPIRED')
+})
+
+test('python fallback rejects repeated and oversized profile submissions', async () => {
+  const { child, ready } = await startPythonBridge()
+  try {
+    const created = await createCapture(ready)
+    const config = await loadBridgeConfig(created.body.bridgeUrl)
+    const profile = profileFor(created.body.id)
+    await acceptFinalUrl(ready, created.body.id, config.bridgeToken)
+
+    const posted = await readJson(
+      await fetch(`${ready.baseUrl}/v1/captures/${created.body.id}/profile`, {
+        method: 'POST',
+        headers: { Authorization: `Bearer ${config.bridgeToken}`, 'Content-Type': 'application/json' },
+        body: JSON.stringify(profile)
+      })
+    )
+    assert.equal(posted.status, 200)
+
+    const repeated = await readJson(
+      await fetch(`${ready.baseUrl}/v1/captures/${created.body.id}/profile`, {
+        method: 'POST',
+        headers: { Authorization: `Bearer ${config.bridgeToken}`, 'Content-Type': 'application/json' },
+        body: JSON.stringify(profile)
+      })
+    )
+    assert.equal(repeated.status, 409)
+    assert.equal(repeated.body.error.code, 'CAPTURE_ALREADY_COMPLETED')
+
+    const url = new URL(ready.baseUrl)
+    const repeatedOversized = await rawHttp(url.port, [
+      `POST /v1/captures/${created.body.id}/profile HTTP/1.1`,
+      `Host: ${url.host}`,
+      `Authorization: Bearer ${config.bridgeToken}`,
+      'Content-Type: application/json',
+      `Content-Length: ${8 * 1024 * 1024 + 1}`,
+      'Connection: close',
+      '',
+      ''
+    ])
+    assert.match(repeatedOversized, /409/)
+    assert.match(repeatedOversized, /CAPTURE_ALREADY_COMPLETED/)
+
+    const oversized = await createCapture(ready)
+    assert.equal(oversized.status, 200)
+    const oversizedConfig = await loadBridgeConfig(oversized.body.bridgeUrl)
+    await acceptFinalUrl(ready, oversized.body.id, oversizedConfig.bridgeToken)
+    const rejected = await rawHttp(url.port, [
+      `POST /v1/captures/${oversized.body.id}/profile HTTP/1.1`,
+      `Host: ${url.host}`,
+      `Authorization: Bearer ${oversizedConfig.bridgeToken}`,
+      'Content-Type: application/json',
+      `Content-Length: ${8 * 1024 * 1024 + 1}`,
+      'Connection: close',
+      '',
+      '{}'
+    ])
+    assert.match(rejected, /413/)
+    assert.match(rejected, /PROFILE_TOO_LARGE/)
+  } finally {
+    child.kill('SIGTERM')
+    await once(child, 'exit')
+  }
+})
+
+test('python fallback serializes concurrent profile submissions for one capture', async () => {
+  const { child, ready } = await startPythonBridge()
+  try {
+    const created = await createCapture(ready)
+    const config = await loadBridgeConfig(created.body.bridgeUrl)
+    const profile = profileFor(created.body.id)
+    const profileText = JSON.stringify(profile)
+    const url = new URL(ready.baseUrl)
+    await acceptFinalUrl(ready, created.body.id, config.bridgeToken)
+
+    const slowPost = rawHttpSplitBody(
+      url.port,
+      [
+        `POST /v1/captures/${created.body.id}/profile HTTP/1.1`,
+        `Host: ${url.host}`,
+        `Authorization: Bearer ${config.bridgeToken}`,
+        'Content-Type: application/json',
+        `Content-Length: ${Buffer.byteLength(profileText)}`,
+        'Connection: close',
+        '',
+        ''
+      ],
+      profileText,
+      64,
+      150
+    ).then(parseRawJsonResponse)
+
+    await new Promise(resolve => setTimeout(resolve, 30))
+
+    const fastPost = fetch(`${ready.baseUrl}/v1/captures/${created.body.id}/profile`, {
+      method: 'POST',
+      headers: { Authorization: `Bearer ${config.bridgeToken}`, 'Content-Type': 'application/json' },
+      body: JSON.stringify(profile)
+    })
+
+    const results = await Promise.all([slowPost, fastPost.then(response => readJson(response))])
+    const statuses = results.map(result => result.status).sort()
+    assert.deepEqual(statuses, [200, 409])
+    assert.equal(results.find(result => result.status === 409).body.error.code, 'CAPTURE_ALREADY_COMPLETED')
+  } finally {
+    child.kill('SIGTERM')
+    await once(child, 'exit')
+  }
+})
+
+test('python fallback bridge token can read capture control', async () => {
+  const { child, ready } = await startPythonBridge()
+  try {
+    const created = await createCapture(ready)
+    const config = await loadBridgeConfig(created.body.bridgeUrl)
+
+    const control = await readJson(
+      await fetch(`${ready.baseUrl}/v1/captures/${created.body.id}/control`, {
+        headers: { Authorization: `Bearer ${config.bridgeToken}` }
+      })
+    )
+    assert.equal(control.status, 200)
+    assert.equal(control.body.id, created.body.id)
+    assert.equal(control.body.command, 'continue')
+    assert.equal(control.body.status, 'queued')
+
+    const cancel = await readJson(
+      await fetch(`${ready.baseUrl}/v1/captures/${created.body.id}`, {
+        method: 'DELETE',
+        headers: { Authorization: `Bearer ${ready.apiToken}` }
+      })
+    )
+    assert.equal(cancel.status, 200)
+    assert.equal(cancel.body.status, 'cancel_requested')
+
+    const missingCancel = await readJson(
+      await fetch(`${ready.baseUrl}/v1/captures/cap_AAAAAAAAAAAAAAAAAAAAAA`, {
+        method: 'DELETE',
+        headers: { Authorization: `Bearer ${ready.apiToken}` }
+      })
+    )
+    assert.equal(missingCancel.status, 404)
+    assert.equal(missingCancel.body.error.code, 'NOT_FOUND')
+
+    const cancelControl = await readJson(
+      await fetch(`${ready.baseUrl}/v1/captures/${created.body.id}/control`, {
+        headers: { Authorization: `Bearer ${config.bridgeToken}` }
+      })
+    )
+    assert.equal(cancelControl.status, 200)
+    assert.equal(cancelControl.body.command, 'cancel')
+  } finally {
+    child.kill('SIGTERM')
+    await once(child, 'exit')
+  }
+})
+
+test('python fallback bridge page does not render tokens after extension connect timeout', () => {
+  const parsed = pythonOneShot(`
+from stackprism_bridge_lib.server_factory import create_server
+import json
+import re
+import threading
+import urllib.error
+import urllib.request
+
+clock = {"now": 1000.0}
+
+def now():
+    return clock["now"]
+
+def request_json(method, url, token=None, body=None):
+    headers = {}
+    data = None
+    if token:
+        headers["Authorization"] = f"Bearer {token}"
+    if body is not None:
+        headers["Content-Type"] = "application/json"
+        data = json.dumps(body).encode("utf-8")
+    req = urllib.request.Request(url, data=data, headers=headers, method=method)
+    try:
+        with urllib.request.urlopen(req, timeout=3) as response:
+            return response.status, response.read().decode("utf-8")
+    except urllib.error.HTTPError as error:
+        return error.code, error.read().decode("utf-8")
+
+server, ready = create_server(0, now=now)
+thread = threading.Thread(target=server.serve_forever, daemon=True)
+thread.start()
+try:
+    _, created_body = request_json("POST", f"{ready['baseUrl']}/v1/captures", ready["apiToken"], ${JSON.stringify(request)})
+    created = json.loads(created_body)
+    clock["now"] = 1000.0 + 31
+    expired_status, expired_html = request_json("GET", created["bridgeUrl"])
+    print(json.dumps({
+        "status": expired_status,
+        "has_token": bool(re.search(r"spbt_[A-Za-z0-9_-]{43}", expired_html)),
+        "body": expired_html,
+    }, sort_keys=True))
+finally:
+    server.shutdown()
+    server.server_close()
+`)
+  assert.equal(parsed.status, 409)
+  assert.equal(parsed.has_token, false)
+  assert.match(parsed.body, /EXTENSION_NOT_CONNECTED/)
+})
+
+test('python fallback bridge page and profile endpoint do not render tokens after completed result TTL expiry', () => {
+  const parsed = pythonOneShot(`
+from stackprism_bridge_lib.server_factory import create_server
+import json
+import re
+import threading
+import urllib.error
+import urllib.request
+from html import unescape
+
+clock = {"now": 1000.0}
+
+def now():
+    return clock["now"]
+
+def request_json(method, url, token=None, body=None):
+    headers = {}
+    data = None
+    if token:
+        headers["Authorization"] = f"Bearer {token}"
+    if body is not None:
+        headers["Content-Type"] = "application/json"
+        data = json.dumps(body).encode("utf-8")
+    req = urllib.request.Request(url, data=data, headers=headers, method=method)
+    try:
+        with urllib.request.urlopen(req, timeout=3) as response:
+            text = response.read().decode("utf-8")
+            parsed = json.loads(text) if text and response.headers.get("content-type", "").startswith("application/json") else None
+            return response.status, parsed, text
+    except urllib.error.HTTPError as error:
+        text = error.read().decode("utf-8")
+        try:
+            parsed = json.loads(text)
+        except json.JSONDecodeError:
+            parsed = None
+        return error.code, parsed, text
+
+def bridge_config(html):
+    match = re.search(r'<script id="stackprism-agent-bridge-config" type="application/json" nonce="[^"]+">([^<]+)</script>', html)
+    if not match:
+        raise AssertionError("missing bridge config")
+    return json.loads(unescape(match.group(1)))
+
+def status_body(created, config, body):
+    return {
+        "captureId": created["id"],
+        "sessionId": config["sessionId"],
+        "nonce": config["nonce"],
+        "protocolVersion": 1,
+        **body,
+    }
+
+server, ready = create_server(0, now=now)
+thread = threading.Thread(target=server.serve_forever, daemon=True)
+thread.start()
+try:
+    _status, created, _text = request_json("POST", f"{ready['baseUrl']}/v1/captures", ready["apiToken"], ${JSON.stringify(request)})
+    _bridge_status, _bridge_body, bridge_text = request_json("GET", created["bridgeUrl"])
+    config = bridge_config(bridge_text)
+    request_status, _request_envelope, _request_text = request_json("GET", f"{ready['baseUrl']}/v1/captures/{created['id']}/request", config["bridgeToken"])
+    final_status, _final_body, _final_text = request_json(
+        "POST",
+        f"{ready['baseUrl']}/v1/captures/{created['id']}/status",
+        config["bridgeToken"],
+        status_body(created, config, {"status": "running", "phase": "target_loaded", "sequence": 1, "finalUrl": ${JSON.stringify(request.url)}, "targetNetworkAddress": "93.184.216.34"}),
+    )
+    profile = ${JSON.stringify(profileFor('__CAPTURE_ID__'))}
+    profile["captureId"] = created["id"]
+    posted_status, posted_body, _posted_text = request_json(
+        "POST",
+        f"{ready['baseUrl']}/v1/captures/{created['id']}/profile",
+        config["bridgeToken"],
+        profile,
+    )
+    capture = server.store.get(created["id"])
+    clock["now"] = capture["resultExpiresAt"] + 1
+    expired_profile_status, expired_profile_body, _expired_profile_text = request_json(
+        "GET",
+        f"{ready['baseUrl']}/v1/captures/{created['id']}/profile",
+        ready["apiToken"],
+    )
+    expired_download_status, expired_download_body, _expired_download_text = request_json(
+        "GET",
+        f"{ready['baseUrl']}/v1/captures/{created['id']}/profile-download",
+        config["bridgeToken"],
+    )
+    expired_page_status, _expired_page_body, expired_page_text = request_json("GET", created["bridgeUrl"])
+    print(json.dumps({
+        "request_status": request_status,
+        "final_status": final_status,
+        "posted_status": posted_status,
+        "posted_capture_status": posted_body.get("status"),
+        "expired_profile_status": expired_profile_status,
+        "expired_profile_code": expired_profile_body["error"]["code"],
+        "expired_download_status": expired_download_status,
+        "expired_download_code": expired_download_body["error"]["code"],
+        "expired_page_status": expired_page_status,
+        "expired_page_has_code": "CAPTURE_RESULT_EXPIRED" in expired_page_text,
+        "expired_page_has_token": bool(re.search(r"spbt_[A-Za-z0-9_-]{43}", expired_page_text)),
+    }, sort_keys=True))
+finally:
+    server.shutdown()
+    server.server_close()
+`)
+  assert.equal(parsed.request_status, 200)
+  assert.equal(parsed.final_status, 200)
+  assert.equal(parsed.posted_status, 200)
+  assert.equal(parsed.posted_capture_status, 'completed')
+  assert.equal(parsed.expired_profile_status, 410)
+  assert.equal(parsed.expired_profile_code, 'CAPTURE_RESULT_EXPIRED')
+  assert.equal(parsed.expired_download_status, 410)
+  assert.equal(parsed.expired_download_code, 'CAPTURE_RESULT_EXPIRED')
+  assert.equal(parsed.expired_page_status, 410)
+  assert.equal(parsed.expired_page_has_code, true)
+  assert.equal(parsed.expired_page_has_token, false)
+})
+
+test('python fallback requires api token to cancel captures', async () => {
+  const { child, ready } = await startPythonBridge()
+  try {
+    const created = await createCapture(ready)
+    const config = await loadBridgeConfig(created.body.bridgeUrl)
+
+    const forbidden = await readJson(
+      await fetch(`${ready.baseUrl}/v1/captures/${created.body.id}`, {
+        method: 'DELETE',
+        headers: { Authorization: `Bearer ${config.bridgeToken}` }
+      })
+    )
+    assert.equal(forbidden.status, 403)
+    assert.equal(forbidden.body.error.code, 'FORBIDDEN')
+
+    const status = await readJson(
+      await fetch(`${ready.baseUrl}/v1/captures/${created.body.id}`, {
+        headers: { Authorization: `Bearer ${ready.apiToken}` }
+      })
+    )
+    assert.equal(status.status, 200)
+    assert.equal(status.body.status, 'queued')
+    assert.equal(status.body.phase, undefined)
+  } finally {
+    child.kill('SIGTERM')
+    await once(child, 'exit')
+  }
+})
+
+test('python fallback rejects stale status sequences and phase regressions', async () => {
+  const { child, ready } = await startPythonBridge()
+  try {
+    const created = await createCapture(ready)
+    const config = await loadBridgeConfig(created.body.bridgeUrl)
+    const statusUrl = `${ready.baseUrl}/v1/captures/${created.body.id}/status`
+
+    const wrongIdentity = await readJson(
+      await fetch(statusUrl, {
+        method: 'POST',
+        headers: { Authorization: `Bearer ${config.bridgeToken}`, 'Content-Type': 'application/json' },
+        body: JSON.stringify(
+          statusBody(
+            created.body.id,
+            { ...config, nonce: `n_${'A'.repeat(22)}` },
+            {
+              status: 'waiting_extension',
+              phase: 'bridge_connected',
+              sequence: 1
+            }
+          )
+        )
+      })
+    )
+    assert.equal(wrongIdentity.status, 400)
+    assert.equal(wrongIdentity.body.error.code, 'INVALID_REQUEST')
+
+    const connected = await readJson(
+      await fetch(statusUrl, {
+        method: 'POST',
+        headers: { Authorization: `Bearer ${config.bridgeToken}`, 'Content-Type': 'application/json' },
+        body: JSON.stringify(statusBody(created.body.id, config, { status: 'waiting_extension', phase: 'bridge_connected', sequence: 1 }))
+      })
+    )
+    assert.equal(connected.status, 200)
+    assert.equal(connected.body.status, 'waiting_extension')
+    assert.equal(connected.body.phase, 'bridge_connected')
+
+    const running = await readJson(
+      await fetch(statusUrl, {
+        method: 'POST',
+        headers: { Authorization: `Bearer ${config.bridgeToken}`, 'Content-Type': 'application/json' },
+        body: JSON.stringify(statusBody(created.body.id, config, { status: 'running', phase: 'request_loaded', sequence: 2 }))
+      })
+    )
+    assert.equal(running.status, 200)
+    assert.equal(running.body.status, 'running')
+    assert.equal(running.body.phase, 'request_loaded')
+
+    const staleSequence = await readJson(
+      await fetch(statusUrl, {
+        method: 'POST',
+        headers: { Authorization: `Bearer ${config.bridgeToken}`, 'Content-Type': 'application/json' },
+        body: JSON.stringify(statusBody(created.body.id, config, { status: 'running', phase: 'target_opening', sequence: 2 }))
+      })
+    )
+    assert.equal(staleSequence.status, 409)
+    assert.equal(staleSequence.body.error.code, 'STALE_STATUS_UPDATE')
+
+    const phaseRegression = await readJson(
+      await fetch(statusUrl, {
+        method: 'POST',
+        headers: { Authorization: `Bearer ${config.bridgeToken}`, 'Content-Type': 'application/json' },
+        body: JSON.stringify(statusBody(created.body.id, config, { status: 'running', phase: 'bridge_connected', sequence: 3 }))
+      })
+    )
+    assert.equal(phaseRegression.status, 409)
+    assert.equal(phaseRegression.body.error.code, 'STALE_STATUS_UPDATE')
+
+    const nonRunningPhaseRegression = await readJson(
+      await fetch(statusUrl, {
+        method: 'POST',
+        headers: { Authorization: `Bearer ${config.bridgeToken}`, 'Content-Type': 'application/json' },
+        body: JSON.stringify(statusBody(created.body.id, config, { status: 'waiting_extension', phase: 'bridge_connected', sequence: 3 }))
+      })
+    )
+    assert.equal(nonRunningPhaseRegression.status, 409)
+    assert.equal(nonRunningPhaseRegression.body.error.code, 'STALE_STATUS_UPDATE')
+  } finally {
+    child.kill('SIGTERM')
+    await once(child, 'exit')
+  }
+})
+
+test('python fallback restricts bridge-token terminal status updates', async () => {
+  const { child, ready } = await startPythonBridge()
+  try {
+    const created = await createCapture(ready)
+    const config = await loadBridgeConfig(created.body.bridgeUrl)
+    const statusUrl = `${ready.baseUrl}/v1/captures/${created.body.id}/status`
+
+    const cancelledWithoutDelete = await readJson(
+      await fetch(statusUrl, {
+        method: 'POST',
+        headers: { Authorization: `Bearer ${config.bridgeToken}`, 'Content-Type': 'application/json' },
+        body: JSON.stringify(statusBody(created.body.id, config, { status: 'cancelled', phase: 'cleanup', sequence: 1 }))
+      })
+    )
+    assert.equal(cancelledWithoutDelete.status, 409)
+    assert.equal(cancelledWithoutDelete.body.error.code, 'STALE_STATUS_UPDATE')
+
+    const failedWithoutError = await readJson(
+      await fetch(statusUrl, {
+        method: 'POST',
+        headers: { Authorization: `Bearer ${config.bridgeToken}`, 'Content-Type': 'application/json' },
+        body: JSON.stringify(statusBody(created.body.id, config, { status: 'failed', phase: 'cleanup', sequence: 1 }))
+      })
+    )
+    assert.equal(failedWithoutError.status, 400)
+    assert.equal(failedWithoutError.body.error.code, 'INVALID_REQUEST')
+
+    const failedWithNullError = await readJson(
+      await fetch(statusUrl, {
+        method: 'POST',
+        headers: { Authorization: `Bearer ${config.bridgeToken}`, 'Content-Type': 'application/json' },
+        body: JSON.stringify(statusBody(created.body.id, config, { status: 'failed', phase: 'cleanup', sequence: 1, error: null }))
+      })
+    )
+    assert.equal(failedWithNullError.status, 400)
+    assert.equal(failedWithNullError.body.error.code, 'INVALID_REQUEST')
+
+    const boolSequence = await readJson(
+      await fetch(statusUrl, {
+        method: 'POST',
+        headers: { Authorization: `Bearer ${config.bridgeToken}`, 'Content-Type': 'application/json' },
+        body: JSON.stringify(
+          statusBody(created.body.id, config, {
+            status: 'failed',
+            phase: 'cleanup',
+            sequence: true,
+            error: { code: 'TARGET_TAB_CLOSED', message: 'Target closed.' }
+          })
+        )
+      })
+    )
+    assert.equal(boolSequence.status, 409)
+    assert.equal(boolSequence.body.error.code, 'STALE_STATUS_UPDATE')
+
+    const failedUnknownCode = await readJson(
+      await fetch(statusUrl, {
+        method: 'POST',
+        headers: { Authorization: `Bearer ${config.bridgeToken}`, 'Content-Type': 'application/json' },
+        body: JSON.stringify(
+          statusBody(created.body.id, config, {
+            status: 'failed',
+            phase: 'cleanup',
+            sequence: 1,
+            error: { code: 'MADE_UP_ERROR', message: 'Unknown bridge error.' }
+          })
+        )
+      })
+    )
+    assert.equal(failedUnknownCode.status, 400)
+    assert.equal(failedUnknownCode.body.error.code, 'INVALID_REQUEST')
+
+    const failedError = sensitiveFailedError(ready, created, config)
+    const failedAtTargetOpening = await readJson(
+      await fetch(statusUrl, {
+        method: 'POST',
+        headers: { Authorization: `Bearer ${config.bridgeToken}`, 'Content-Type': 'application/json' },
+        body: JSON.stringify(
+          statusBody(created.body.id, config, {
+            status: 'failed',
+            phase: 'target_opening',
+            sequence: 1,
+            error: failedError
+          })
+        )
+      })
+    )
+    assert.equal(failedAtTargetOpening.status, 200)
+    assert.equal(failedAtTargetOpening.body.status, 'failed')
+    assert.equal(failedAtTargetOpening.body.phase, 'target_opening')
+    assert.equal(failedAtTargetOpening.body.error.code, 'TARGET_TAB_CLOSED')
+    assertErrorIsRedacted(failedAtTargetOpening.body.error, [ready.apiToken, config.bridgeToken, config.nonce])
+  } finally {
+    child.kill('SIGTERM')
+    await once(child, 'exit')
+  }
+})
+
+test('python fallback rejects DELETE for every terminal capture state', () => {
+  const parsed = pythonOneShot(`
+import re
+import threading
+import urllib.error
+import urllib.request
+
+from stackprism_bridge_lib.server_factory import create_server
+
+clock = {"now": 1000.0}
+
+def now():
+    return clock["now"]
+
+def request_json(method, url, token=None, body=None):
+    headers = {}
+    data = None
+    if token:
+        headers["Authorization"] = f"Bearer {token}"
+    if body is not None:
+        headers["Content-Type"] = "application/json"
+        data = json.dumps(body).encode("utf-8")
+    req = urllib.request.Request(url, data=data, headers=headers, method=method)
+    try:
+        with urllib.request.urlopen(req, timeout=3) as response:
+            return response.status, json.loads(response.read().decode("utf-8"))
+    except urllib.error.HTTPError as error:
+        return error.code, json.loads(error.read().decode("utf-8"))
+
+def bridge_config(bridge_url):
+    with urllib.request.urlopen(bridge_url, timeout=3) as response:
+        html = response.read().decode("utf-8")
+    match = re.search(r'<script id="stackprism-agent-bridge-config" type="application/json" nonce="[^"]+">([^<]+)', html)
+    return json.loads(match.group(1))
+
+def status_body(capture_id, config, **values):
+    body = {
+        "captureId": capture_id,
+        "sessionId": config["sessionId"],
+        "nonce": config["nonce"],
+        "protocolVersion": 1,
+    }
+    body.update(values)
+    return body
+
+def make_capture(ready):
+    capture_request = {
+        "url": "https://93.184.216.34/app?view=one#frag",
+        "mode": "experience",
+        "waitMs": 0,
+        "include": ["tech"],
+        "viewports": [],
+        "options": {"targetMode": "reuse_or_new_tab"},
+    }
+    _, created = request_json("POST", f"{ready['baseUrl']}/v1/captures", ready["apiToken"], capture_request)
+    return created
+
+def accept_final_url(ready, capture_id, config):
+    request_json("GET", f"{ready['baseUrl']}/v1/captures/{capture_id}/request", config["bridgeToken"])
+    request_json(
+        "POST",
+        f"{ready['baseUrl']}/v1/captures/{capture_id}/status",
+        config["bridgeToken"],
+        status_body(capture_id, config, status="running", phase="target_loaded", sequence=1, finalUrl="https://93.184.216.34/app?view=one#frag", targetNetworkAddress="93.184.216.34"),
+    )
+
+def profile_for(capture_id):
+    return {
+        "schema": "stackprism.site_experience_profile.v1",
+        "captureId": capture_id,
+        "generatedAt": "1970-01-01T00:00:00.000Z",
+        "target": {},
+        "browserContext": {"extensionCapabilities": {}},
+        "techProfile": {},
+        "visualProfile": {},
+        "layoutProfile": {},
+        "componentProfile": {},
+        "interactionProfile": {},
+        "uxProfile": {},
+        "assetProfile": {},
+        "evidence": {},
+        "limitations": [],
+        "agentGuidance": {},
+    }
+
+def make_completed(ready):
+    created = make_capture(ready)
+    config = bridge_config(created["bridgeUrl"])
+    accept_final_url(ready, created["id"], config)
+    _, posted = request_json("POST", f"{ready['baseUrl']}/v1/captures/{created['id']}/profile", config["bridgeToken"], profile_for(created["id"]))
+    assert posted["status"] == "completed"
+    return created["id"]
+
+def make_failed(ready):
+    created = make_capture(ready)
+    config = bridge_config(created["bridgeUrl"])
+    _, failed = request_json(
+        "POST",
+        f"{ready['baseUrl']}/v1/captures/{created['id']}/status",
+        config["bridgeToken"],
+        status_body(
+            created["id"],
+            config,
+            status="failed",
+            phase="cleanup",
+            sequence=1,
+            error={"code": "TARGET_TAB_CLOSED", "message": "Target closed."},
+        ),
+    )
+    assert failed["status"] == "failed"
+    return created["id"]
+
+def make_cancelled(ready):
+    created = make_capture(ready)
+    request_json("DELETE", f"{ready['baseUrl']}/v1/captures/{created['id']}", ready["apiToken"])
+    clock["now"] += 11
+    _, status = request_json("GET", f"{ready['baseUrl']}/v1/captures/{created['id']}", ready["apiToken"])
+    assert status["status"] == "cancelled"
+    return created["id"]
+
+def make_expired(ready):
+    capture_id = make_completed(ready)
+    clock["now"] += 10 * 60 + 1
+    _, status = request_json("GET", f"{ready['baseUrl']}/v1/captures/{capture_id}", ready["apiToken"])
+    assert status["status"] == "expired"
+    return capture_id
+
+def assert_terminal_delete(ready, capture_id, expected_status):
+    delete_status, deleted = request_json("DELETE", f"{ready['baseUrl']}/v1/captures/{capture_id}", ready["apiToken"])
+    _, after = request_json("GET", f"{ready['baseUrl']}/v1/captures/{capture_id}", ready["apiToken"])
+    return {
+        "deleteStatus": delete_status,
+        "errorCode": deleted["error"]["code"],
+        "errorStatus": deleted["error"]["details"]["status"],
+        "afterStatus": after["status"],
+        "expectedStatus": expected_status,
+    }
+
+server, ready = create_server(0, now=now)
+thread = threading.Thread(target=server.serve_forever, daemon=True)
+thread.start()
+try:
+    results = [
+        assert_terminal_delete(ready, make_completed(ready), "completed"),
+        assert_terminal_delete(ready, make_failed(ready), "failed"),
+        assert_terminal_delete(ready, make_cancelled(ready), "cancelled"),
+        assert_terminal_delete(ready, make_expired(ready), "expired"),
+    ]
+    print(json.dumps(results, sort_keys=True))
+finally:
+    server.shutdown()
+    server.server_close()
+`)
+  for (const result of parsed) {
+    assert.equal(result.deleteStatus, 409)
+    assert.equal(result.errorCode, 'INVALID_REQUEST')
+    assert.equal(result.errorStatus, result.expectedStatus)
+    assert.equal(result.afterStatus, result.expectedStatus)
+  }
+})
+
+test('python fallback converts unconfirmed cancellation to terminal cancelled state', async () => {
+  const script = `
+import json
+import re
+import threading
+import urllib.error
+import urllib.request
+
+from stackprism_bridge_lib.server_factory import create_server
+
+clock = {"now": 1000.0}
+
+def now():
+    return clock["now"]
+
+def request_json(method, url, token=None, body=None):
+    headers = {}
+    data = None
+    if token:
+        headers["Authorization"] = f"Bearer {token}"
+    if body is not None:
+        headers["Content-Type"] = "application/json"
+        data = json.dumps(body).encode("utf-8")
+    req = urllib.request.Request(url, data=data, headers=headers, method=method)
+    try:
+        with urllib.request.urlopen(req, timeout=3) as response:
+            return response.status, json.loads(response.read().decode("utf-8"))
+    except urllib.error.HTTPError as error:
+        return error.code, json.loads(error.read().decode("utf-8"))
+
+server, ready = create_server(0, now=now)
+thread = threading.Thread(target=server.serve_forever, daemon=True)
+thread.start()
+try:
+    capture_request = {
+        "url": "https://93.184.216.34/app?view=one#frag",
+        "mode": "experience",
+        "waitMs": 0,
+        "include": ["tech"],
+        "viewports": [],
+        "options": {"targetMode": "reuse_or_new_tab"},
+    }
+    _, created = request_json("POST", f"{ready['baseUrl']}/v1/captures", ready["apiToken"], capture_request)
+    with urllib.request.urlopen(created["bridgeUrl"], timeout=3) as response:
+        html = response.read().decode("utf-8")
+    config = json.loads(re.search(r'<script id="stackprism-agent-bridge-config" type="application/json" nonce="[^"]+">([^<]+)', html).group(1))
+    _, cancel = request_json("DELETE", f"{ready['baseUrl']}/v1/captures/{created['id']}", ready["apiToken"])
+    repeated_cancel_status, repeated_cancel = request_json("DELETE", f"{ready['baseUrl']}/v1/captures/{created['id']}", ready["apiToken"])
+    running_after_cancel_status, running_after_cancel = request_json(
+        "POST",
+        f"{ready['baseUrl']}/v1/captures/{created['id']}/status",
+        config["bridgeToken"],
+        {
+            "captureId": created["id"],
+            "sessionId": config["sessionId"],
+            "nonce": config["nonce"],
+            "protocolVersion": 1,
+            "status": "running",
+            "phase": "target_opening",
+            "sequence": 1,
+        },
+    )
+    clock["now"] += 11
+    _, status = request_json("GET", f"{ready['baseUrl']}/v1/captures/{created['id']}", ready["apiToken"])
+    _, control = request_json("GET", f"{ready['baseUrl']}/v1/captures/{created['id']}/control", config["bridgeToken"])
+    print(json.dumps({
+        "cancel": cancel,
+        "repeatedCancelStatus": repeated_cancel_status,
+        "repeatedCancel": repeated_cancel,
+        "runningAfterCancelStatus": running_after_cancel_status,
+        "runningAfterCancel": running_after_cancel,
+        "status": status,
+        "control": control,
+    }, sort_keys=True))
+finally:
+    server.shutdown()
+    server.server_close()
+`
+  const result = spawnSync('python3', ['-c', script], {
+    cwd: new URL('..', import.meta.url),
+    env: {
+      ...process.env,
+      STACKPRISM_BRIDGE_NO_OPEN: '1',
+      PYTHONPATH: 'agent-skill/stackprism-site-experience/scripts',
+      PYTHONWARNINGS: 'ignore'
+    },
+    encoding: 'utf8'
+  })
+  assert.equal(result.status, 0, result.stderr)
+  const parsed = JSON.parse(result.stdout)
+  assert.equal(parsed.cancel.status, 'cancel_requested')
+  assert.equal(parsed.repeatedCancelStatus, 409)
+  assert.equal(parsed.repeatedCancel.error.code, 'STALE_STATUS_UPDATE')
+  assert.equal(parsed.repeatedCancel.error.details.status, 'cancel_requested')
+  assert.equal(parsed.runningAfterCancelStatus, 409)
+  assert.equal(parsed.runningAfterCancel.error.code, 'STALE_STATUS_UPDATE')
+  assert.equal(parsed.status.status, 'cancelled')
+  assert.equal(parsed.status.error.code, 'CAPTURE_TIMEOUT')
+  assert.equal(parsed.status.error.details.reason, 'cancel_timeout')
+  assert.equal(parsed.control.command, 'cancel')
+  assert.equal(parsed.control.status, 'cancelled')
+})
+
+test('python fallback distinguishes extension, target load, and running timeouts', () => {
+  const parsed = pythonOneShot(`
+from stackprism_bridge_lib.capture_store import CaptureStore
+request = ${JSON.stringify(request)}
+clock = {"now": 1000}
+store = CaptureStore("http://127.0.0.1:17370", now=lambda: clock["now"], open_browser_fn=lambda _url: (True, {}))
+queued, _status, _err = store.create(request)
+clock["now"] = queued["extensionDeadlineAt"] + 1
+store.active_count()
+clock["now"] = 2000
+target_opening, _status, _err = store.create(request)
+target_opening["status"] = "running"
+target_opening["phase"] = "target_opening"
+target_deadline_ms = int((target_opening["deadlineAt"] - target_opening["createdAt"]) * 1000)
+clock["now"] = target_opening["deadlineAt"] + 1
+store.active_count()
+clock["now"] = 3000
+running, _status, _err = store.create(request)
+running["status"] = "running"
+running["phase"] = "profiling_experience"
+clock["now"] = running["deadlineAt"] + 1
+store.active_count()
+print(json.dumps({"queued": queued["error"]["code"], "target_opening": target_opening["error"]["code"], "running": running["error"]["code"], "target_deadline_ms": target_deadline_ms}, sort_keys=True))
+`)
+  assert.equal(parsed.queued, 'EXTENSION_NOT_CONNECTED')
+  assert.equal(parsed.target_opening, 'TARGET_LOAD_TIMEOUT')
+  assert.equal(parsed.running, 'CAPTURE_TIMEOUT')
+  assert.equal(parsed.target_deadline_ms, 95000)
+})
+
+test('python fallback actively expires completed profiles without a later request', () => {
+  const parsed = pythonOneShot(`
+from stackprism_bridge_lib.capture_store import CaptureStore
+request = ${JSON.stringify(request)}
+clock = {"now": 1000}
+scheduled = []
+class FakeTimer:
+    def __init__(self, delay, callback):
+        self.delay = delay
+        self.callback = callback
+        self.daemon = False
+        self.started = False
+        self.cancelled = False
+        scheduled.append(self)
+    def start(self):
+        self.started = True
+    def cancel(self):
+        self.cancelled = True
+store = CaptureStore("http://127.0.0.1:17370", now=lambda: clock["now"], open_browser_fn=lambda _url: (True, {}), result_ttl_seconds=0.25, timer_factory=FakeTimer)
+capture, _status, _err = store.create(request)
+store.mark_profile(capture, {"schema": "stackprism.site_experience_profile.v1", "captureId": capture["id"]})
+before = {"status": capture["status"], "hasProfile": capture["profile"] is not None, "delay": scheduled[0].delay, "started": scheduled[0].started}
+clock["now"] = capture["resultExpiresAt"] + 0.01
+scheduled[0].callback()
+after = {"status": capture["status"], "profile": capture["profile"], "error": capture["error"]["code"]}
+print(json.dumps({"before": before, "after": after}, sort_keys=True))
+`)
+  assert.equal(parsed.before.status, 'completed')
+  assert.equal(parsed.before.hasProfile, true)
+  assert.equal(parsed.before.delay, 0.25)
+  assert.equal(parsed.before.started, true)
+  assert.equal(parsed.after.status, 'expired')
+  assert.equal(parsed.after.profile, null)
+  assert.equal(parsed.after.error, 'CAPTURE_RESULT_EXPIRED')
+})
+
+test('python fallback does not timeout captures with missing optional deadlines', () => {
+  const parsed = pythonOneShot(`
+from stackprism_bridge_lib.capture_store import CaptureStore
+clock = {"now": 1000}
+store = CaptureStore("http://127.0.0.1:17370", now=lambda: clock["now"], open_browser_fn=lambda _url: (True, {}))
+queued = {"id": "cap_missing_deadlines", "status": "queued"}
+running = {"id": "cap_missing_deadlines_2", "status": "running"}
+store.expire_if_needed(queued)
+store.expire_if_needed(running)
+print(json.dumps({"queued": queued["status"], "running": running["status"]}, sort_keys=True))
+`)
+  assert.equal(parsed.queued, 'queued')
+  assert.equal(parsed.running, 'running')
+})
+
+test('python fallback closes slow request bodies within the configured request timeout', () => {
+  const parsed = pythonOneShot(`
+import json
+import socket
+import threading
+import time
+import stackprism_bridge_lib.http_server as http_server
+from stackprism_bridge_lib.server_factory import create_server
+
+http_server.DEFAULT_REQUEST_TIMEOUT_SECONDS = 0.05
+server, ready = create_server(0)
+thread = threading.Thread(target=server.serve_forever, daemon=True)
+thread.start()
+
+started = time.monotonic()
+received = b""
+sock = socket.create_connection(("127.0.0.1", server.server_address[1]), timeout=1)
+sock.settimeout(1)
+try:
+    request = "\\r\\n".join([
+        "POST /v1/captures HTTP/1.1",
+        f"Host: 127.0.0.1:{server.server_address[1]}",
+        f"Authorization: Bearer {ready['apiToken']}",
+        "Content-Type: application/json",
+        "Content-Length: 64",
+        "Connection: close",
+        "",
+        "{\\"url\\"",
+    ]).encode("utf-8")
+    sock.sendall(request)
+    while True:
+        chunk = sock.recv(4096)
+        if not chunk:
+            break
+        received += chunk
+finally:
+    elapsed = time.monotonic() - started
+    sock.close()
+    server.shutdown()
+    server.server_close()
+
+print(json.dumps({"elapsed": elapsed, "response": received.decode("utf-8", "replace")}, sort_keys=True))
+`)
+  assert.ok(parsed.elapsed < 1, `slow body stayed open for ${parsed.elapsed}s`)
+  assert.match(parsed.response, /400/)
+  assert.match(parsed.response, /INVALID_JSON/)
+})
+
+test('python fallback returns invalid json for non-utf8 request bodies', () => {
+  const parsed = pythonOneShot(`
+import json
+import socket
+import threading
+from stackprism_bridge_lib.server_factory import create_server
+
+server, ready = create_server(0)
+thread = threading.Thread(target=server.serve_forever, daemon=True)
+thread.start()
+
+body = b'{\"url\":\"\\xff\"}'
+received = b""
+sock = socket.create_connection(("127.0.0.1", server.server_address[1]), timeout=1)
+sock.settimeout(1)
+try:
+    header = "\\r\\n".join([
+        "POST /v1/captures HTTP/1.1",
+        f"Host: 127.0.0.1:{server.server_address[1]}",
+        f"Authorization: Bearer {ready['apiToken']}",
+        "Content-Type: application/json",
+        f"Content-Length: {len(body)}",
+        "Connection: close",
+        "",
+        "",
+    ]).encode("ascii")
+    sock.sendall(header + body)
+    while True:
+        chunk = sock.recv(4096)
+        if not chunk:
+            break
+        received += chunk
+finally:
+    sock.close()
+    server.shutdown()
+    server.server_close()
+
+print(json.dumps({"response": received.decode("utf-8", "replace")}, sort_keys=True))
+`)
+  assert.match(parsed.response, /400/)
+  assert.match(parsed.response, /INVALID_JSON/)
+})
+
+test('python fallback closes slow request headers within the configured request timeout', () => {
+  const parsed = pythonOneShot(`
+import json
+import socket
+import threading
+import time
+import stackprism_bridge_lib.http_server as http_server
+from stackprism_bridge_lib.server_factory import create_server
+
+http_server.DEFAULT_REQUEST_TIMEOUT_SECONDS = 0.05
+server, _ready = create_server(0)
+thread = threading.Thread(target=server.serve_forever, daemon=True)
+thread.start()
+
+started = time.monotonic()
+received = b""
+sock = socket.create_connection(("127.0.0.1", server.server_address[1]), timeout=1)
+sock.settimeout(1)
+try:
+    sock.sendall(f"GET /health HTTP/1.1\\r\\nHost: 127.0.0.1:{server.server_address[1]}".encode("utf-8"))
+    while True:
+        chunk = sock.recv(4096)
+        if not chunk:
+            break
+        received += chunk
+finally:
+    elapsed = time.monotonic() - started
+    sock.close()
+    server.shutdown()
+    server.server_close()
+
+print(json.dumps({"elapsed": elapsed, "response": received.decode("utf-8", "replace")}, sort_keys=True))
+`)
+  assert.ok(parsed.elapsed < 1, `slow headers stayed open for ${parsed.elapsed}s`)
+  assert.doesNotMatch(parsed.response, /"ok": true/)
+})
+
+test('python fallback rejects connections beyond the configured active connection limit', () => {
+  const parsed = pythonOneShot(`
+import json
+import socket
+import threading
+from stackprism_bridge_lib.server_factory import create_server
+
+server, _ready = create_server(0, max_open_connections=2)
+thread = threading.Thread(target=server.serve_forever, daemon=True)
+thread.start()
+
+first = socket.create_connection(("127.0.0.1", server.server_address[1]), timeout=1)
+second = socket.create_connection(("127.0.0.1", server.server_address[1]), timeout=1)
+third = socket.create_connection(("127.0.0.1", server.server_address[1]), timeout=1)
+third.settimeout(1)
+received = b""
+try:
+    third.sendall(f"GET /health HTTP/1.1\\r\\nHost: 127.0.0.1:{server.server_address[1]}\\r\\nConnection: close\\r\\n\\r\\n".encode("utf-8"))
+    while True:
+        chunk = third.recv(4096)
+        if not chunk:
+            break
+        received += chunk
+finally:
+    first.close()
+    second.close()
+    third.close()
+    server.shutdown()
+    server.server_close()
+
+print(json.dumps({"response": received.decode("utf-8", "replace")}, sort_keys=True))
+`)
+  assert.doesNotMatch(parsed.response, /"ok": true/)
+})
+
+test('python fallback body reader does not swallow unexpected programming errors', () => {
+  const parsed = pythonOneShot(`
+from stackprism_bridge_lib.body import read_json_body
+
+class Headers:
+    def get(self, name, default=None):
+        values = {
+            "Content-Type": "application/json",
+            "Content-Length": "2",
+        }
+        return values.get(name, default)
+
+class Body:
+    def read(self, _size):
+        raise RuntimeError("unexpected test failure")
+
+class Handler:
+    headers = Headers()
+    rfile = Body()
+    failed = None
+    def fail(self, status, code, message):
+        self.failed = {"status": status, "code": code, "message": message}
+
+handler = Handler()
+try:
+    read_json_body(handler, 1024, "REQUEST_TOO_LARGE")
+    propagated = False
+except RuntimeError:
+    propagated = True
+print(json.dumps({"propagated": propagated, "failed": handler.failed}, sort_keys=True))
+`)
+  assert.equal(parsed.propagated, true)
+  assert.equal(parsed.failed, null)
+})
+
+test('python fallback body reader fails fast when content length exceeds limit', () => {
+  const parsed = pythonOneShot(`
+from stackprism_bridge_lib.body import read_json_body
+
+class Headers:
+    def get(self, name, default=None):
+        values = {
+            "Content-Type": "application/json",
+            "Content-Length": "2048",
+        }
+        return values.get(name, default)
+
+class Body:
+    read_calls = 0
+    def read(self, _size):
+        self.read_calls += 1
+        return b"x" * 16
+
+class Handler:
+    headers = Headers()
+    rfile = Body()
+    failed = None
+    close_connection = False
+    def fail(self, status, code, message):
+        self.failed = {"status": status, "code": code, "message": message}
+
+handler = Handler()
+result = read_json_body(handler, 1024, "REQUEST_TOO_LARGE")
+print(json.dumps({
+    "result": result,
+    "failed": handler.failed,
+    "readCalls": handler.rfile.read_calls,
+    "closeConnection": handler.close_connection,
+}, sort_keys=True))
+`)
+  assert.equal(parsed.result, null)
+  assert.deepEqual(parsed.failed, { status: 413, code: 'REQUEST_TOO_LARGE', message: 'Request body is too large.' })
+  assert.equal(parsed.readCalls, 0)
+  assert.equal(parsed.closeConnection, true)
+})
+
+test('python fallback body reader closes connection when request body cannot be consumed', () => {
+  const parsed = pythonOneShot(`
+from stackprism_bridge_lib.body import read_json_body
+
+class Headers:
+    def __init__(self, values):
+        self.values = values
+    def get(self, name, default=None):
+        return self.values.get(name, default)
+
+class Body:
+    def __init__(self, chunks=None):
+        self.chunks = list(chunks or [])
+    def read(self, _size):
+        return self.chunks.pop(0) if self.chunks else b""
+
+class Handler:
+    def __init__(self, headers, body=None):
+        self.headers = Headers(headers)
+        self.rfile = body or Body()
+        self.failed = None
+        self.close_connection = False
+    def fail(self, status, code, message):
+        self.failed = {"status": status, "code": code, "message": message}
+
+unsupported = Handler({"Content-Type": "text/plain", "Content-Length": "2"}, Body([b"{}"]))
+invalid_length = Handler({"Content-Type": "application/json", "Content-Length": "nope"}, Body([b"{}"]))
+short_body = Handler({"Content-Type": "application/json", "Content-Length": "4"}, Body([b"{}"]))
+invalid_json = Handler({"Content-Type": "application/json", "Content-Length": "1"}, Body([b"{"]))
+
+for handler in (unsupported, invalid_length, short_body, invalid_json):
+    read_json_body(handler, 1024, "REQUEST_TOO_LARGE")
+
+print(json.dumps({
+    "unsupported": unsupported.close_connection,
+    "invalidLength": invalid_length.close_connection,
+    "shortBody": short_body.close_connection,
+    "invalidJson": invalid_json.close_connection,
+    "unsupportedStatus": unsupported.failed["status"],
+    "invalidLengthStatus": invalid_length.failed["status"],
+}, sort_keys=True))
+`)
+
+  assert.equal(parsed.unsupported, true)
+  assert.equal(parsed.invalidLength, true)
+  assert.equal(parsed.shortBody, true)
+  assert.equal(parsed.invalidJson, true)
+  assert.equal(parsed.unsupportedStatus, 415)
+  assert.equal(parsed.invalidLengthStatus, 400)
+})
+
+test('python fallback rejects private, self-target, and cross-origin capture requests', async () => {
+  const { child, ready } = await startPythonBridge()
+  try {
+    const credentialTarget = await readJson(
+      await fetch(`${ready.baseUrl}/v1/captures`, {
+        method: 'POST',
+        headers: { Authorization: `Bearer ${ready.apiToken}`, 'Content-Type': 'application/json' },
+        body: JSON.stringify({ ...request, url: 'https://user:pass@example.com/app' })
+      })
+    )
+    assert.equal(credentialTarget.status, 400)
+    assert.equal(credentialTarget.body.error.code, 'INVALID_REQUEST')
+
+    const invalidBooleanOption = await readJson(
+      await fetch(`${ready.baseUrl}/v1/captures`, {
+        method: 'POST',
+        headers: { Authorization: `Bearer ${ready.apiToken}`, 'Content-Type': 'application/json' },
+        body: JSON.stringify({ ...request, options: { forceRefresh: 'true' } })
+      })
+    )
+    assert.equal(invalidBooleanOption.status, 400)
+    assert.equal(invalidBooleanOption.body.error.code, 'INVALID_REQUEST')
+
+    const invalidScreenshotOption = await readJson(
+      await fetch(`${ready.baseUrl}/v1/captures`, {
+        method: 'POST',
+        headers: { Authorization: `Bearer ${ready.apiToken}`, 'Content-Type': 'application/json' },
+        body: JSON.stringify({ ...request, options: { captureScreenshot: 'true', targetMode: 'reuse_or_new_tab' } })
+      })
+    )
+    assert.equal(invalidScreenshotOption.status, 400)
+    assert.equal(invalidScreenshotOption.body.error.code, 'INVALID_REQUEST')
+
+    const privateTarget = await readJson(
+      await fetch(`${ready.baseUrl}/v1/captures`, {
+        method: 'POST',
+        headers: { Authorization: `Bearer ${ready.apiToken}`, 'Content-Type': 'application/json' },
+        body: JSON.stringify({ ...request, url: 'http://127.0.0.1:3000/' })
+      })
+    )
+    assert.equal(privateTarget.status, 400)
+    assert.equal(privateTarget.body.error.code, 'PRIVATE_NETWORK_TARGET_BLOCKED')
+
+    const selfTarget = await readJson(
+      await fetch(`${ready.baseUrl}/v1/captures`, {
+        method: 'POST',
+        headers: { Authorization: `Bearer ${ready.apiToken}`, 'Content-Type': 'application/json' },
+        body: JSON.stringify({ ...request, url: ready.baseUrl, options: { allowPrivateNetworkTarget: true } })
+      })
+    )
+    assert.equal(selfTarget.status, 400)
+    assert.equal(selfTarget.body.error.code, 'BRIDGE_SELF_TARGET_BLOCKED')
+
+    const localhostSelfTarget = await readJson(
+      await fetch(`${ready.baseUrl}/v1/captures`, {
+        method: 'POST',
+        headers: { Authorization: `Bearer ${ready.apiToken}`, 'Content-Type': 'application/json' },
+        body: JSON.stringify({
+          ...request,
+          url: ready.baseUrl.replace('127.0.0.1', 'localhost'),
+          options: { allowPrivateNetworkTarget: true }
+        })
+      })
+    )
+    assert.equal(localhostSelfTarget.status, 400)
+    assert.equal(localhostSelfTarget.body.error.code, 'BRIDGE_SELF_TARGET_BLOCKED')
+
+    for (const alias of ['2130706433', '127.1', '0x7f000001']) {
+      const aliasSelfTarget = await readJson(
+        await fetch(`${ready.baseUrl}/v1/captures`, {
+          method: 'POST',
+          headers: { Authorization: `Bearer ${ready.apiToken}`, 'Content-Type': 'application/json' },
+          body: JSON.stringify({
+            ...request,
+            url: ready.baseUrl.replace('127.0.0.1', alias),
+            options: { allowPrivateNetworkTarget: true }
+          })
+        })
+      )
+      assert.equal(aliasSelfTarget.status, 400, alias)
+      assert.equal(aliasSelfTarget.body.error.code, 'BRIDGE_SELF_TARGET_BLOCKED', alias)
+    }
+
+    const selfTargetPath = await readJson(
+      await fetch(`${ready.baseUrl}/v1/captures`, {
+        method: 'POST',
+        headers: { Authorization: `Bearer ${ready.apiToken}`, 'Content-Type': 'application/json' },
+        body: JSON.stringify({ ...request, url: `${ready.baseUrl}/v1/captures`, options: { allowPrivateNetworkTarget: true } })
+      })
+    )
+    assert.equal(selfTargetPath.status, 400)
+    assert.equal(selfTargetPath.body.error.code, 'BRIDGE_SELF_TARGET_BLOCKED')
+
+    const crossOrigin = await readJson(
+      await fetch(`${ready.baseUrl}/v1/captures`, {
+        method: 'POST',
+        headers: { Authorization: `Bearer ${ready.apiToken}`, 'Content-Type': 'application/json', Origin: 'https://attacker.example' },
+        body: JSON.stringify(request)
+      })
+    )
+    assert.equal(crossOrigin.status, 403)
+    assert.equal(crossOrigin.body.error.code, 'ORIGIN_NOT_ALLOWED')
+  } finally {
+    child.kill('SIGTERM')
+    await once(child, 'exit')
+  }
+})
+
+test('python fallback normalizes optional screenshot requests', async () => {
+  const { child, ready } = await startPythonBridge()
+  try {
+    const created = await readJson(
+      await fetch(`${ready.baseUrl}/v1/captures`, {
+        method: 'POST',
+        headers: { Authorization: `Bearer ${ready.apiToken}`, 'Content-Type': 'application/json' },
+        body: JSON.stringify({ ...request, include: ['visual'], options: { captureScreenshot: true, targetMode: 'reuse_or_new_tab' } })
+      })
+    )
+    assert.equal(created.status, 200)
+    const config = await loadBridgeConfig(created.body.bridgeUrl)
+    const requestEnvelope = await readJson(
+      await fetch(`${ready.baseUrl}/v1/captures/${created.body.id}/request`, {
+        headers: { Authorization: `Bearer ${config.bridgeToken}` }
+      })
+    )
+    assert.equal(requestEnvelope.status, 200)
+    assert.equal(requestEnvelope.body.request.options.captureScreenshot, true)
+  } finally {
+    child.kill('SIGTERM')
+    await once(child, 'exit')
+  }
+})
+
+test('python fallback rejects boolean numeric fields and overlong capture URLs', async () => {
+  const { child, ready } = await startPythonBridge()
+  try {
+    const cases = [
+      { body: { ...request, waitMs: true }, field: 'waitMs' },
+      { body: { ...request, waitMs: null }, field: 'waitMs null' },
+      { body: { ...request, viewports: null }, field: 'viewports null' },
+      { body: { ...request, options: null }, field: 'options null' },
+      { body: { ...request, options: false }, field: 'options boolean' },
+      { body: { ...request, options: { targetMode: '' } }, field: 'targetMode empty' },
+      { body: { ...request, options: { targetMode: 'reuse_or_new_tab', maxResourceUrls: true } }, field: 'maxResourceUrls' },
+      { body: { ...request, viewports: [{ width: true, height: 900, deviceScaleFactor: 1 }] }, field: 'viewport width' },
+      { body: { ...request, viewports: [{ name: 123, width: 1440, height: 900, deviceScaleFactor: 1 }] }, field: 'viewport name' },
+      { body: { ...request, url: `https://example.com/${'a'.repeat(4100)}` }, field: 'url' }
+    ]
+
+    for (const item of cases) {
+      const rejected = await readJson(
+        await fetch(`${ready.baseUrl}/v1/captures`, {
+          method: 'POST',
+          headers: { Authorization: `Bearer ${ready.apiToken}`, 'Content-Type': 'application/json' },
+          body: JSON.stringify(item.body)
+        })
+      )
+      assert.equal(rejected.status, 400, item.field)
+      assert.equal(rejected.body.error.code, 'INVALID_REQUEST', item.field)
+    }
+  } finally {
+    child.kill('SIGTERM')
+    await once(child, 'exit')
+  }
+})
+
+test('python fallback rejects cross-origin referer and fetch metadata', async () => {
+  const { child, ready } = await startPythonBridge()
+  try {
+    const created = await createCapture(ready)
+    const blockedBridge = await fetch(created.body.bridgeUrl, { headers: { Referer: 'https://attacker.example/page' } })
+    const blockedBridgeText = await blockedBridge.text()
+    assert.equal(blockedBridge.status, 403)
+    assert.match(blockedBridgeText, /ORIGIN_NOT_ALLOWED/)
+    assert.equal(blockedBridgeText.includes('spbt_'), false)
+
+    const crossSiteCreate = await readJson(
+      await fetch(`${ready.baseUrl}/v1/captures`, {
+        method: 'POST',
+        headers: {
+          Authorization: `Bearer ${ready.apiToken}`,
+          'Content-Type': 'application/json',
+          'Sec-Fetch-Site': 'cross-site'
+        },
+        body: JSON.stringify(request)
+      })
+    )
+    assert.equal(crossSiteCreate.status, 403)
+    assert.equal(crossSiteCreate.body.error.code, 'ORIGIN_NOT_ALLOWED')
+
+    const crossSiteCancel = await readJson(
+      await fetch(`${ready.baseUrl}/v1/captures/${created.body.id}`, {
+        method: 'DELETE',
+        headers: { Authorization: `Bearer ${ready.apiToken}`, Referer: 'https://attacker.example/page' }
+      })
+    )
+    assert.equal(crossSiteCancel.status, 403)
+    assert.equal(crossSiteCancel.body.error.code, 'ORIGIN_NOT_ALLOWED')
+
+    const config = await loadBridgeConfig(created.body.bridgeUrl)
+    assert.match(config.bridgeToken, /^spbt_[A-Za-z0-9_-]{43}$/)
+  } finally {
+    child.kill('SIGTERM')
+    await once(child, 'exit')
+  }
+})
+
+test('python fallback rejects private final URLs before profile creation', async () => {
+  const { child, ready } = await startPythonBridge()
+  try {
+    const created = await createCapture(ready)
+    const config = await loadBridgeConfig(created.body.bridgeUrl)
+
+    const finalUrlStatus = await readJson(
+      await fetch(`${ready.baseUrl}/v1/captures/${created.body.id}/status`, {
+        method: 'POST',
+        headers: { Authorization: `Bearer ${config.bridgeToken}`, 'Content-Type': 'application/json' },
+        body: JSON.stringify({
+          captureId: created.body.id,
+          sessionId: config.sessionId,
+          nonce: config.nonce,
+          protocolVersion: 1,
+          status: 'running',
+          phase: 'target_loaded',
+          sequence: 1,
+          finalUrl: 'https://10.20.30.40/dashboard'
+        })
+      })
+    )
+    assert.equal(finalUrlStatus.status, 409)
+    assert.equal(finalUrlStatus.body.error.code, 'FINAL_URL_BLOCKED')
+    assert.equal(finalUrlStatus.body.error.details.reason, 'private_network_address')
+
+    const status = await readJson(
+      await fetch(`${ready.baseUrl}/v1/captures/${created.body.id}`, {
+        headers: { Authorization: `Bearer ${ready.apiToken}` }
+      })
+    )
+    assert.equal(status.body.status, 'failed')
+    assert.equal(status.body.phase, 'target_loaded')
+    assert.equal(status.body.error.code, 'FINAL_URL_BLOCKED')
+
+    const lateProfile = await readJson(
+      await fetch(`${ready.baseUrl}/v1/captures/${created.body.id}/profile`, {
+        method: 'POST',
+        headers: { Authorization: `Bearer ${config.bridgeToken}`, 'Content-Type': 'application/json' },
+        body: JSON.stringify(profileFor(created.body.id))
+      })
+    )
+    assert.equal(lateProfile.status, 409)
+    assert.equal(lateProfile.body.error.code, 'STALE_STATUS_UPDATE')
+  } finally {
+    child.kill('SIGTERM')
+    await once(child, 'exit')
+  }
+})
+
+test('python fallback rejects private browser-observed target addresses', async () => {
+  const { child, ready } = await startPythonBridge()
+  try {
+    for (const [label, extra] of [
+      ['direct private address', {}],
+      ['cached private address', { targetNetworkFromCache: true }]
+    ]) {
+      const created = await createCapture(ready)
+      const config = await loadBridgeConfig(created.body.bridgeUrl)
+      const status = await readJson(
+        await fetch(`${ready.baseUrl}/v1/captures/${created.body.id}/status`, {
+          method: 'POST',
+          headers: { Authorization: `Bearer ${config.bridgeToken}`, 'Content-Type': 'application/json' },
+          body: JSON.stringify(
+            statusBody(created.body.id, config, {
+              status: 'running',
+              phase: 'target_loaded',
+              sequence: 1,
+              finalUrl: request.url,
+              targetNetworkAddress: '127.0.0.1',
+              ...extra
+            })
+          )
+        })
+      )
+      assert.equal(status.status, 409, label)
+      assert.equal(status.body.error.code, 'FINAL_URL_BLOCKED', label)
+      assert.equal(status.body.error.details.reason, 'private_network_address', label)
+    }
+  } finally {
+    child.kill('SIGTERM')
+    await once(child, 'exit')
+  }
+})
+
+test('python fallback accepts proxy-reserved browser-observed addresses for public hostnames', async () => {
+  const { child, ready } = await startPythonBridge()
+  try {
+    const created = await createCapture(ready)
+    const config = await loadBridgeConfig(created.body.bridgeUrl)
+    const status = await readJson(
+      await fetch(`${ready.baseUrl}/v1/captures/${created.body.id}/status`, {
+        method: 'POST',
+        headers: { Authorization: `Bearer ${config.bridgeToken}`, 'Content-Type': 'application/json' },
+        body: JSON.stringify(
+          statusBody(created.body.id, config, {
+            status: 'running',
+            phase: 'target_loaded',
+            sequence: 1,
+            finalUrl: 'https://proxy-reserved.example/dashboard',
+            targetNetworkAddress: '198.18.0.12'
+          })
+        )
+      })
+    )
+    assert.equal(status.status, 200)
+    assert.equal(status.body.phase, 'target_loaded')
+  } finally {
+    child.kill('SIGTERM')
+    await once(child, 'exit')
+  }
+})
+
+test('python fallback accepts public final URLs when browser network address is unavailable', async () => {
+  for (const [label, extra] of [
+    ['missing address', {}],
+    ['cached response', { targetNetworkFromCache: true }]
+  ]) {
+    const { child, ready } = await startPythonBridge()
+    try {
+      const created = await createCapture(ready)
+      const config = await loadBridgeConfig(created.body.bridgeUrl)
+      const status = await readJson(
+        await fetch(`${ready.baseUrl}/v1/captures/${created.body.id}/status`, {
+          method: 'POST',
+          headers: { Authorization: `Bearer ${config.bridgeToken}`, 'Content-Type': 'application/json' },
+          body: JSON.stringify(
+            statusBody(created.body.id, config, {
+              status: 'running',
+              phase: 'target_loaded',
+              sequence: 1,
+              finalUrl: request.url,
+              ...extra
+            })
+          )
+        })
+      )
+      assert.equal(status.status, 200, label)
+      assert.equal(status.body.phase, 'target_loaded', label)
+    } finally {
+      child.kill('SIGTERM')
+      await once(child, 'exit')
+    }
+  }
+})
+
+test('python fallback rejects non-ip browser-observed target addresses', async () => {
+  const { child, ready } = await startPythonBridge()
+  try {
+    const created = await createCapture(ready)
+    const config = await loadBridgeConfig(created.body.bridgeUrl)
+    const status = await readJson(
+      await fetch(`${ready.baseUrl}/v1/captures/${created.body.id}/status`, {
+        method: 'POST',
+        headers: { Authorization: `Bearer ${config.bridgeToken}`, 'Content-Type': 'application/json' },
+        body: JSON.stringify(
+          statusBody(created.body.id, config, {
+            status: 'running',
+            phase: 'target_loaded',
+            sequence: 1,
+            finalUrl: request.url,
+            targetNetworkAddress: 'example.com'
+          })
+        )
+      })
+    )
+    assert.equal(status.status, 400)
+    assert.equal(status.body.error.code, 'INVALID_REQUEST')
+    assert.equal(status.body.error.details.reason, 'invalid_network_address')
+  } finally {
+    child.kill('SIGTERM')
+    await once(child, 'exit')
+  }
+})
+
+test('python fallback requires accepted final URL before profile submission', async () => {
+  const { child, ready } = await startPythonBridge()
+  try {
+    const created = await createCapture(ready)
+    const config = await loadBridgeConfig(created.body.bridgeUrl)
+
+    const missingFinalUrl = await readJson(
+      await fetch(`${ready.baseUrl}/v1/captures/${created.body.id}/status`, {
+        method: 'POST',
+        headers: { Authorization: `Bearer ${config.bridgeToken}`, 'Content-Type': 'application/json' },
+        body: JSON.stringify(statusBody(created.body.id, config, { status: 'running', phase: 'target_loaded', sequence: 1 }))
+      })
+    )
+    assert.equal(missingFinalUrl.status, 400)
+    assert.equal(missingFinalUrl.body.error.code, 'INVALID_REQUEST')
+
+    const earlyProfile = await readJson(
+      await fetch(`${ready.baseUrl}/v1/captures/${created.body.id}/profile`, {
+        method: 'POST',
+        headers: { Authorization: `Bearer ${config.bridgeToken}`, 'Content-Type': 'application/json' },
+        body: JSON.stringify(profileFor(created.body.id))
+      })
+    )
+    assert.equal(earlyProfile.status, 409)
+    assert.equal(earlyProfile.body.error.code, 'INVALID_REQUEST')
+  } finally {
+    child.kill('SIGTERM')
+    await once(child, 'exit')
+  }
+})
+
+test('python fallback rejects preflight and ambiguous raw request shell', async () => {
+  const { child, ready } = await startPythonBridge()
+  try {
+    const options = await fetch(`${ready.baseUrl}/v1/captures`, { method: 'OPTIONS' })
+    assert.equal(options.status, 405)
+    assert.equal(options.headers.get('allow'), 'GET, POST, DELETE')
+    assert.equal(options.headers.has('access-control-allow-origin'), false)
+
+    const url = new URL(ready.baseUrl)
+    const optionsWrongHost = await rawHttp(url.port, [
+      'OPTIONS /v1/captures HTTP/1.1',
+      `Host: localhost:${url.port}`,
+      'Connection: close',
+      '',
+      ''
+    ])
+    assert.match(optionsWrongHost, /400/)
+    assert.match(optionsWrongHost, /INVALID_REQUEST/)
+
+    const wrongPortHost = await rawHttp(url.port, [
+      'GET /health HTTP/1.1',
+      `Host: 127.0.0.1:${Number(url.port) + 1}`,
+      'Connection: close',
+      '',
+      ''
+    ])
+    assert.match(wrongPortHost, /400/)
+    assert.match(wrongPortHost, /INVALID_REQUEST/)
+
+    const missingHost = await rawHttp(url.port, ['GET /health HTTP/1.1', 'Connection: close', '', ''])
+    assert.match(missingHost, /400/)
+    assert.match(missingHost, /INVALID_REQUEST/)
+
+    const ipv6Host = await rawHttp(url.port, ['GET /health HTTP/1.1', `Host: [::1]:${url.port}`, 'Connection: close', '', ''])
+    assert.match(ipv6Host, /400/)
+    assert.match(ipv6Host, /INVALID_REQUEST/)
+
+    const duplicateHost = await rawHttp(url.port, [
+      'GET /health HTTP/1.1',
+      `Host: ${url.host}`,
+      `Host: ${url.host}`,
+      'Connection: close',
+      '',
+      ''
+    ])
+    assert.match(duplicateHost, /400/)
+    assert.match(duplicateHost, /INVALID_REQUEST/)
+
+    const absoluteForm = await rawHttp(url.port, [
+      `GET http://127.0.0.1:${url.port}/health HTTP/1.1`,
+      `Host: ${url.host}`,
+      'Connection: close',
+      '',
+      ''
+    ])
+    assert.match(absoluteForm, /400/)
+    assert.match(absoluteForm, /INVALID_REQUEST/)
+
+    const authorityForm = await rawHttp(url.port, [
+      `CONNECT 127.0.0.1:${url.port} HTTP/1.1`,
+      `Host: ${url.host}`,
+      'Connection: close',
+      '',
+      ''
+    ])
+    assert.match(authorityForm, /400/)
+    assert.match(authorityForm, /INVALID_REQUEST/)
+
+    const encodedSlashPath = await rawHttp(url.port, ['GET /v1%2fcaptures HTTP/1.1', `Host: ${url.host}`, 'Connection: close', '', ''])
+    assert.match(encodedSlashPath, /400/)
+    assert.match(encodedSlashPath, /Encoded path separators or dot segments are not allowed\./)
+
+    const encodedBackslashPath = await rawHttp(url.port, ['GET /v1%5ccaptures HTTP/1.1', `Host: ${url.host}`, 'Connection: close', '', ''])
+    assert.match(encodedBackslashPath, /400/)
+    assert.match(encodedBackslashPath, /Encoded path separators or dot segments are not allowed\./)
+
+    const rawBackslashPath = await rawHttp(url.port, ['GET /v1\\captures HTTP/1.1', `Host: ${url.host}`, 'Connection: close', '', ''])
+    assert.match(rawBackslashPath, /400/)
+    assert.match(rawBackslashPath, /Encoded path separators or dot segments are not allowed\./)
+
+    const dotSegmentPath = await rawHttp(url.port, ['GET /v1/../health HTTP/1.1', `Host: ${url.host}`, 'Connection: close', '', ''])
+    assert.match(dotSegmentPath, /400/)
+    assert.match(dotSegmentPath, /INVALID_REQUEST/)
+
+    const emptySegmentPath = await rawHttp(url.port, ['GET /v1//captures HTTP/1.1', `Host: ${url.host}`, 'Connection: close', '', ''])
+    assert.match(emptySegmentPath, /400/)
+    assert.match(emptySegmentPath, /INVALID_REQUEST/)
+
+    const unexpectedQuery = await rawHttp(url.port, ['GET /health?x=1 HTTP/1.1', `Host: ${url.host}`, 'Connection: close', '', ''])
+    assert.match(unexpectedQuery, /400/)
+    assert.match(unexpectedQuery, /INVALID_REQUEST/)
+
+    const created = await createCapture(ready)
+    const percentEncodedSession = await readJson(await fetch(percentEncodeBridgeParam(created.body.bridgeUrl, 'session')))
+    assert.equal(percentEncodedSession.status, 400)
+    assert.equal(percentEncodedSession.body.error.code, 'INVALID_REQUEST')
+    assert.equal(JSON.stringify(percentEncodedSession.body).includes('spbt_'), false)
+
+    const duplicateBridgeQuery = await readJson(
+      await fetch(`${created.body.bridgeUrl}&session=${new URL(created.body.bridgeUrl).searchParams.get('session')}`)
+    )
+    assert.equal(duplicateBridgeQuery.status, 400)
+    assert.equal(duplicateBridgeQuery.body.error.code, 'INVALID_REQUEST')
+    assert.equal(JSON.stringify(duplicateBridgeQuery.body).includes('spbt_'), false)
+
+    const duplicateAuthorization = await rawHttp(url.port, [
+      'GET /health HTTP/1.1',
+      `Host: ${url.host}`,
+      'Authorization: Bearer one',
+      'Authorization: Bearer two',
+      'Connection: close',
+      '',
+      ''
+    ])
+    assert.match(duplicateAuthorization, /400/)
+    assert.match(duplicateAuthorization, /INVALID_REQUEST/)
+
+    const duplicateContentType = await rawHttp(url.port, [
+      'POST /v1/captures HTTP/1.1',
+      `Host: ${url.host}`,
+      `Authorization: Bearer ${ready.apiToken}`,
+      'Content-Type: application/json',
+      'Content-Type: application/json',
+      'Content-Length: 2',
+      'Connection: close',
+      '',
+      '{}'
+    ])
+    assert.match(duplicateContentType, /400/)
+    assert.match(duplicateContentType, /INVALID_REQUEST/)
+
+    const contentLengthAndTransferEncoding = await rawHttp(url.port, [
+      'POST /v1/captures HTTP/1.1',
+      `Host: ${url.host}`,
+      `Authorization: Bearer ${ready.apiToken}`,
+      'Content-Type: application/json',
+      'Content-Length: 2',
+      'Transfer-Encoding: chunked',
+      'Connection: close',
+      '',
+      '{}'
+    ])
+    assert.match(contentLengthAndTransferEncoding, /400/)
+    assert.match(contentLengthAndTransferEncoding, /INVALID_REQUEST/)
+
+    const duplicateContentLength = await rawHttp(url.port, [
+      'POST /v1/captures HTTP/1.1',
+      `Host: ${url.host}`,
+      `Authorization: Bearer ${ready.apiToken}`,
+      'Content-Type: application/json',
+      'Content-Length: 2',
+      'Content-Length: 2',
+      'Connection: close',
+      '',
+      '{}'
+    ])
+    assert.match(duplicateContentLength, /400/)
+    assert.match(duplicateContentLength, /INVALID_REQUEST/)
+
+    const invalidContentLength = await rawHttp(url.port, [
+      'POST /v1/captures HTTP/1.1',
+      `Host: ${url.host}`,
+      `Authorization: Bearer ${ready.apiToken}`,
+      'Content-Type: application/json',
+      'Content-Length: nope',
+      'Connection: close',
+      '',
+      '{}'
+    ])
+    assert.match(invalidContentLength, /400/)
+    assert.match(invalidContentLength, /INVALID_REQUEST/)
+
+    const getCollection = await readJson(
+      await fetch(`${ready.baseUrl}/v1/captures`, { headers: { Authorization: `Bearer ${ready.apiToken}` } })
+    )
+    assert.equal(getCollection.status, 405)
+    assert.equal(getCollection.headers.get('allow'), 'POST')
+
+    const postHealth = await readJson(await fetch(`${ready.baseUrl}/health`, { method: 'POST' }))
+    assert.equal(postHealth.status, 405)
+    assert.equal(postHealth.headers.get('allow'), 'GET')
+
+    const chunkedBody = await rawHttp(url.port, [
+      'POST /v1/captures HTTP/1.1',
+      `Host: ${url.host}`,
+      `Authorization: Bearer ${ready.apiToken}`,
+      'Content-Type: application/json',
+      'Transfer-Encoding: chunked',
+      'Connection: close',
+      '',
+      '2',
+      '{}',
+      '0',
+      '',
+      ''
+    ])
+    assert.match(chunkedBody, /400/)
+    assert.match(chunkedBody, /UNSUPPORTED_TRANSFER_ENCODING/)
+
+    const unsupportedTransferEncoding = await rawHttp(url.port, [
+      'POST /v1/captures HTTP/1.1',
+      `Host: ${url.host}`,
+      `Authorization: Bearer ${ready.apiToken}`,
+      'Content-Type: application/json',
+      'Transfer-Encoding: gzip',
+      'Connection: close',
+      '',
+      ''
+    ])
+    assert.match(unsupportedTransferEncoding, /400/)
+    assert.match(unsupportedTransferEncoding, /UNSUPPORTED_TRANSFER_ENCODING/)
+
+    const unsupportedContentEncoding = await rawHttp(url.port, [
+      'POST /v1/captures HTTP/1.1',
+      `Host: ${url.host}`,
+      `Authorization: Bearer ${ready.apiToken}`,
+      'Content-Type: application/json',
+      'Content-Encoding: gzip',
+      'Content-Length: 2',
+      'Connection: close',
+      '',
+      '{}'
+    ])
+    assert.match(unsupportedContentEncoding, /415/)
+    assert.match(unsupportedContentEncoding, /UNSUPPORTED_MEDIA_TYPE/)
+
+    const unsupportedCharset = await rawHttp(url.port, [
+      'POST /v1/captures HTTP/1.1',
+      `Host: ${url.host}`,
+      `Authorization: Bearer ${ready.apiToken}`,
+      'Content-Type: application/json; charset=latin1',
+      'Content-Length: 2',
+      'Connection: close',
+      '',
+      '{}'
+    ])
+    assert.match(unsupportedCharset, /415/)
+    assert.match(unsupportedCharset, /UNSUPPORTED_MEDIA_TYPE/)
+
+    const shortJsonBody = await rawHttp(url.port, [
+      'POST /v1/captures HTTP/1.1',
+      `Host: ${url.host}`,
+      `Authorization: Bearer ${ready.apiToken}`,
+      'Content-Type: application/json',
+      'Content-Length: 4',
+      'Connection: close',
+      '',
+      '{}'
+    ])
+    assert.match(shortJsonBody, /400/)
+    assert.match(shortJsonBody, /INVALID_JSON/)
+  } finally {
+    child.kill('SIGTERM')
+    await once(child, 'exit')
+  }
+})
+
+test('python fallback url policy normalizes public URLs and rejects fixture-resolved private hostnames', () => {
+  const script = `
+import json
+from stackprism_bridge_lib.url_policy import normalize_capture_request
+
+public_request = {
+    "url": ${JSON.stringify(urlPolicyCases.publicHostname.url)},
+    "mode": "experience",
+    "waitMs": 0,
+    "include": ["tech"],
+    "viewports": [],
+    "options": {"targetMode": "reuse_or_new_tab"},
+}
+private_request = {
+    "url": ${JSON.stringify(urlPolicyCases.privateHostname.url)},
+    "mode": "experience",
+    "waitMs": 0,
+    "include": ["tech"],
+    "viewports": [],
+    "options": {"targetMode": "reuse_or_new_tab"},
+}
+mixed_request = {
+    "url": ${JSON.stringify(urlPolicyCases.mixedHostname.url)},
+    "mode": "experience",
+    "waitMs": 0,
+    "include": ["tech"],
+    "viewports": [],
+    "options": {"targetMode": "reuse_or_new_tab"},
+}
+proxy_reserved_request = {
+    "url": ${JSON.stringify(urlPolicyCases.proxyReservedHostname.url)},
+    "mode": "experience",
+    "waitMs": 0,
+    "include": ["tech"],
+    "viewports": [],
+    "options": {"targetMode": "reuse_or_new_tab"},
+}
+proxy_reserved_ip_literal_request = {
+    "url": ${JSON.stringify(urlPolicyCases.proxyReservedIpLiteral.url)},
+    "mode": "experience",
+    "waitMs": 0,
+    "include": ["tech"],
+    "viewports": [],
+    "options": {"targetMode": "reuse_or_new_tab"},
+}
+special_use_request = {
+    "url": ${JSON.stringify(urlPolicyCases.specialUseHostname.url)},
+    "mode": "experience",
+    "waitMs": 0,
+    "include": ["tech"],
+    "viewports": [],
+    "options": {"targetMode": "reuse_or_new_tab"},
+}
+special_use_v6_request = {
+    "url": ${JSON.stringify(urlPolicyCases.specialUseIpv6Hostname.url)},
+    "mode": "experience",
+    "waitMs": 0,
+    "include": ["tech"],
+    "viewports": [],
+    "options": {"targetMode": "reuse_or_new_tab"},
+}
+public_exception_request = {
+    "url": ${JSON.stringify(urlPolicyCases.publicSpecialUseExceptionHostname.url)},
+    "mode": "experience",
+    "waitMs": 0,
+    "include": ["tech"],
+    "viewports": [],
+    "options": {"targetMode": "reuse_or_new_tab"},
+}
+failed_lookup_request = {
+    "url": "https://missing.internal.example/dashboard",
+    "mode": "experience",
+    "waitMs": 0,
+    "include": ["tech"],
+    "viewports": [],
+    "options": {"targetMode": "reuse_or_new_tab"},
+}
+empty_lookup_request = {
+    "url": "https://empty.internal.example/dashboard",
+    "mode": "experience",
+    "waitMs": 0,
+    "include": ["tech"],
+    "viewports": [],
+    "options": {"targetMode": "reuse_or_new_tab"},
+}
+compatible_ipv6_private_request = {
+    "url": "http://[::7f00:1]:3000/",
+    "mode": "experience",
+    "waitMs": 0,
+    "include": ["tech"],
+    "viewports": [],
+    "options": {"targetMode": "reuse_or_new_tab"},
+}
+compatible_ipv6_self_request = {
+    "url": "http://[::7f00:1]:17370/bridge",
+    "mode": "experience",
+    "waitMs": 0,
+    "include": ["tech"],
+    "viewports": [],
+    "options": {"targetMode": "reuse_or_new_tab", "allowPrivateNetworkTarget": True},
+}
+
+def resolver(hostname):
+    if hostname == "public.example":
+        return ${JSON.stringify(urlPolicyCases.publicHostname.resolvedAddresses)}
+    if hostname == "mixed.internal.example":
+        return ${JSON.stringify(urlPolicyCases.mixedHostname.resolvedAddresses)}
+    if hostname == "proxy-reserved.example":
+        return ${JSON.stringify(urlPolicyCases.proxyReservedHostname.resolvedAddresses)}
+    if hostname == "special-use.internal.example":
+        return ${JSON.stringify(urlPolicyCases.specialUseHostname.resolvedAddresses)}
+    if hostname == "special-use-v6.internal.example":
+        return ${JSON.stringify(urlPolicyCases.specialUseIpv6Hostname.resolvedAddresses)}
+    if hostname == "public-special-exception.example":
+        return ${JSON.stringify(urlPolicyCases.publicSpecialUseExceptionHostname.resolvedAddresses)}
+    return ${JSON.stringify(urlPolicyCases.privateHostname.resolvedAddresses)}
+
+def failed_resolver(_hostname):
+    raise OSError("fixture NXDOMAIN")
+
+def empty_resolver(_hostname):
+    return []
+
+def normalize_with_single_address(request, address):
+    def single_resolver(_hostname):
+        return [address]
+    normalized, code, details, message = normalize_capture_request(request, "http://127.0.0.1:17370", single_resolver)
+    return {
+        "address": address,
+        "normalizedUrl": normalized["url"] if normalized else None,
+        "code": code,
+        "details": details,
+        "message": message,
+    }
+
+public_normalized, public_code, _public_details, _public_message = normalize_capture_request(public_request, "http://127.0.0.1:17370", resolver)
+private_normalized, private_code, private_details, private_message = normalize_capture_request(private_request, "http://127.0.0.1:17370", resolver)
+mixed_normalized, mixed_code, mixed_details, mixed_message = normalize_capture_request(mixed_request, "http://127.0.0.1:17370", resolver)
+proxy_reserved_normalized, proxy_reserved_code, proxy_reserved_details, proxy_reserved_message = normalize_capture_request(proxy_reserved_request, "http://127.0.0.1:17370", resolver)
+proxy_reserved_ip_literal_normalized, proxy_reserved_ip_literal_code, proxy_reserved_ip_literal_details, proxy_reserved_ip_literal_message = normalize_capture_request(proxy_reserved_ip_literal_request, "http://127.0.0.1:17370", resolver)
+special_use_normalized, special_use_code, special_use_details, special_use_message = normalize_capture_request(special_use_request, "http://127.0.0.1:17370", resolver)
+failed_lookup_normalized, failed_lookup_code, failed_lookup_details, failed_lookup_message = normalize_capture_request(failed_lookup_request, "http://127.0.0.1:17370", failed_resolver)
+empty_lookup_normalized, empty_lookup_code, empty_lookup_details, empty_lookup_message = normalize_capture_request(empty_lookup_request, "http://127.0.0.1:17370", empty_resolver)
+compatible_ipv6_private_normalized, compatible_ipv6_private_code, compatible_ipv6_private_details, compatible_ipv6_private_message = normalize_capture_request(compatible_ipv6_private_request, "http://127.0.0.1:17370", resolver)
+compatible_ipv6_self_normalized, compatible_ipv6_self_code, compatible_ipv6_self_details, compatible_ipv6_self_message = normalize_capture_request(compatible_ipv6_self_request, "http://127.0.0.1:17370", resolver)
+special_use_results = [
+    normalize_with_single_address(special_use_request, address)
+    for address in ${JSON.stringify(urlPolicyCases.specialUseHostname.resolvedAddresses)}
+] + [
+    normalize_with_single_address(special_use_v6_request, address)
+    for address in ${JSON.stringify(urlPolicyCases.specialUseIpv6Hostname.resolvedAddresses)}
+]
+public_exception_results = [
+    normalize_with_single_address(public_exception_request, address)
+    for address in ${JSON.stringify(urlPolicyCases.publicSpecialUseExceptionHostname.resolvedAddresses)}
+]
+print(json.dumps({
+    "publicUrl": public_normalized["url"] if public_normalized else None,
+    "publicCode": public_code,
+    "privateNormalized": private_normalized,
+    "privateCode": private_code,
+    "privateDetails": private_details,
+    "privateMessage": private_message,
+    "mixedNormalized": mixed_normalized,
+    "mixedCode": mixed_code,
+    "mixedDetails": mixed_details,
+    "mixedMessage": mixed_message,
+    "proxyReservedUrl": proxy_reserved_normalized["url"] if proxy_reserved_normalized else None,
+    "proxyReservedCode": proxy_reserved_code,
+    "proxyReservedDetails": proxy_reserved_details,
+    "proxyReservedMessage": proxy_reserved_message,
+    "proxyReservedIpLiteralNormalized": proxy_reserved_ip_literal_normalized,
+    "proxyReservedIpLiteralCode": proxy_reserved_ip_literal_code,
+    "proxyReservedIpLiteralDetails": proxy_reserved_ip_literal_details,
+    "proxyReservedIpLiteralMessage": proxy_reserved_ip_literal_message,
+    "specialUseNormalized": special_use_normalized,
+    "specialUseCode": special_use_code,
+    "specialUseDetails": special_use_details,
+    "specialUseMessage": special_use_message,
+    "failedLookupNormalized": failed_lookup_normalized,
+    "failedLookupCode": failed_lookup_code,
+    "failedLookupDetails": failed_lookup_details,
+    "failedLookupMessage": failed_lookup_message,
+    "emptyLookupNormalized": empty_lookup_normalized,
+    "emptyLookupCode": empty_lookup_code,
+    "emptyLookupDetails": empty_lookup_details,
+    "emptyLookupMessage": empty_lookup_message,
+    "compatibleIpv6PrivateNormalized": compatible_ipv6_private_normalized,
+    "compatibleIpv6PrivateCode": compatible_ipv6_private_code,
+    "compatibleIpv6PrivateDetails": compatible_ipv6_private_details,
+    "compatibleIpv6PrivateMessage": compatible_ipv6_private_message,
+    "compatibleIpv6SelfNormalized": compatible_ipv6_self_normalized,
+    "compatibleIpv6SelfCode": compatible_ipv6_self_code,
+    "compatibleIpv6SelfDetails": compatible_ipv6_self_details,
+    "compatibleIpv6SelfMessage": compatible_ipv6_self_message,
+    "specialUseResults": special_use_results,
+    "publicExceptionResults": public_exception_results,
+}, sort_keys=True))
+`
+  const result = spawnSync('python3', ['-c', script], {
+    cwd: new URL('..', import.meta.url),
+    env: {
+      ...process.env,
+      PYTHONPATH: 'agent-skill/stackprism-site-experience/scripts',
+      PYTHONWARNINGS: 'ignore'
+    },
+    encoding: 'utf8'
+  })
+  assert.equal(result.status, 0, result.stderr)
+  const parsed = JSON.parse(result.stdout)
+  assert.equal(parsed.publicUrl, urlPolicyCases.publicHostname.normalizedUrl)
+  assert.equal(parsed.publicCode, null)
+  assert.equal(parsed.privateNormalized, null)
+  assert.equal(parsed.privateCode, urlPolicyCases.privateHostname.errorCode)
+  assert.equal(parsed.privateDetails.reason, 'private_network_address')
+  assert.equal(parsed.mixedNormalized, null)
+  assert.equal(parsed.mixedCode, urlPolicyCases.mixedHostname.errorCode)
+  assert.equal(parsed.mixedDetails.reason, 'private_network_address')
+  assert.equal(parsed.proxyReservedUrl, urlPolicyCases.proxyReservedHostname.normalizedUrl)
+  assert.equal(parsed.proxyReservedCode, null)
+  assert.equal(parsed.proxyReservedIpLiteralNormalized, null)
+  assert.equal(parsed.proxyReservedIpLiteralCode, urlPolicyCases.proxyReservedIpLiteral.errorCode)
+  assert.equal(parsed.proxyReservedIpLiteralDetails.reason, 'private_network_address')
+  assert.equal(parsed.specialUseNormalized, null)
+  assert.equal(parsed.specialUseCode, urlPolicyCases.specialUseHostname.errorCode)
+  assert.equal(parsed.specialUseDetails.reason, 'private_network_address')
+  assert.equal(parsed.failedLookupNormalized, null)
+  assert.equal(parsed.failedLookupCode, 'TARGET_DNS_LOOKUP_FAILED')
+  assert.equal(parsed.failedLookupDetails.reason, 'dns_lookup_failed')
+  assert.equal(parsed.emptyLookupNormalized, null)
+  assert.equal(parsed.emptyLookupCode, 'TARGET_DNS_LOOKUP_FAILED')
+  assert.equal(parsed.emptyLookupDetails.reason, 'dns_lookup_failed')
+  assert.equal(parsed.compatibleIpv6PrivateNormalized, null)
+  assert.equal(parsed.compatibleIpv6PrivateCode, 'PRIVATE_NETWORK_TARGET_BLOCKED')
+  assert.equal(parsed.compatibleIpv6PrivateDetails.reason, 'private_network_address')
+  assert.equal(parsed.compatibleIpv6SelfNormalized, null)
+  assert.equal(parsed.compatibleIpv6SelfCode, 'BRIDGE_SELF_TARGET_BLOCKED')
+  for (const result of parsed.specialUseResults) {
+    assert.equal(result.normalizedUrl, null, result.address)
+    assert.equal(result.code, urlPolicyCases.specialUseHostname.errorCode, result.address)
+    assert.equal(result.details.reason, 'private_network_address', result.address)
+  }
+  for (const result of parsed.publicExceptionResults) {
+    assert.equal(result.normalizedUrl, urlPolicyCases.publicSpecialUseExceptionHostname.normalizedUrl, result.address)
+    assert.equal(result.code, null, result.address)
+  }
+})
+
+test('python fallback default DNS lookup has a bounded timeout', () => {
+  const script = `
+import json
+import time
+import stackprism_bridge_lib.url_policy as url_policy
+
+url_policy.DNS_LOOKUP_TIMEOUT_SECONDS = 0.01
+
+def slow_getaddrinfo(*_args, **_kwargs):
+    time.sleep(0.2)
+    return []
+
+url_policy.socket.getaddrinfo = slow_getaddrinfo
+started = time.monotonic()
+try:
+    url_policy.default_resolve_hostname("slow.example")
+    result = {"timedOut": False}
+except Exception as exc:
+    result = {"timedOut": True, "type": type(exc).__name__, "elapsed": time.monotonic() - started}
+
+print(json.dumps(result, sort_keys=True))
+`
+  const result = spawnSync('python3', ['-c', script], {
+    cwd: new URL('..', import.meta.url),
+    env: {
+      ...process.env,
+      PYTHONPATH: 'agent-skill/stackprism-site-experience/scripts',
+      PYTHONWARNINGS: 'ignore'
+    },
+    encoding: 'utf8'
+  })
+  assert.equal(result.status, 0, result.stderr)
+  const parsed = JSON.parse(result.stdout)
+  assert.equal(parsed.timedOut, true)
+  assert.equal(parsed.type, 'TimeoutError')
+  assert.ok(parsed.elapsed < 0.1)
+})
+
+const rawHttp = (port, lines) =>
+  new Promise((resolve, reject) => {
+    const socket = net.createConnection({ host: '127.0.0.1', port: Number(port) })
+    let data = ''
+    socket.on('connect', () => socket.write(lines.join('\r\n')))
+    socket.on('data', chunk => {
+      data += chunk.toString('utf8')
+    })
+    socket.on('error', reject)
+    socket.on('end', () => resolve(data))
+  })
+
+const rawHttpSplitBody = (port, lines, body, splitAt, delayMs) =>
+  new Promise((resolve, reject) => {
+    const socket = net.createConnection({ host: '127.0.0.1', port: Number(port) })
+    let data = ''
+    socket.on('connect', () => {
+      socket.write(lines.join('\r\n'))
+      socket.write(body.slice(0, splitAt))
+      setTimeout(() => socket.write(body.slice(splitAt)), delayMs)
+    })
+    socket.on('data', chunk => {
+      data += chunk.toString('utf8')
+    })
+    socket.on('error', reject)
+    socket.on('end', () => resolve(data))
+  })
+
+const parseRawJsonResponse = raw => {
+  const [head, body = '{}'] = raw.split('\r\n\r\n')
+  const status = Number(/^HTTP\/1\.[01]\s+(\d+)/.exec(head)?.[1])
+  const contentLength = Number(/\r\ncontent-length:\s*(\d+)\r\n/i.exec(`\r\n${head}\r\n`)?.[1])
+  return { status, body: JSON.parse(Number.isFinite(contentLength) ? body.slice(0, contentLength) : body) }
+}
diff --git a/vite.config.ts b/vite.config.ts
index aba706d6..7b067598 100644
--- a/vite.config.ts
+++ b/vite.config.ts
@@ -138,6 +138,13 @@ const minifyJsonAssets = (): Plugin => ({
 
 export default defineConfig({
   plugins: [vue(), crx({ manifest }), tsconfigPaths(), precompileRulesPlugin(), minifyJsonAssets()],
+  css: {
+    preprocessorOptions: {
+      scss: {
+        api: 'modern-compiler'
+      }
+    }
+  },
   resolve: {
     alias: {
       '@': path.resolve(__dirname, 'src'),
diff --git a/vite.injected.config.ts b/vite.injected.config.ts
index 96e1138b..6ebb9294 100644
--- a/vite.injected.config.ts
+++ b/vite.injected.config.ts
@@ -3,7 +3,8 @@ import path from 'node:path'
 
 const ENTRIES = {
   'page-detector': 'src/injected/page-detector.ts',
-  'page-source-search': 'src/injected/page-source-search.ts'
+  'page-source-search': 'src/injected/page-source-search.ts',
+  'experience-profiler': 'src/injected/experience-profiler.ts'
 } as const
 
 type EntryName = keyof typeof ENTRIES
@@ -16,7 +17,7 @@ if (!ENTRIES[entryName]) {
 export default defineConfig({
   publicDir: false,
   build: {
-    outDir: 'public/injected',
+    outDir: process.env.INJECTED_OUT_DIR || 'public/injected',
     emptyOutDir: false,
     minify: 'esbuild',
     target: 'chrome120',