From 52226dafe273954b7f45651b19fae214cf218a8e Mon Sep 17 00:00:00 2001
From: Garry Tan <garrytan@gmail.com>
Date: Sun, 5 Apr 2026 17:58:24 -0700
Subject: [PATCH] fix: restore token in /health for localhost extension auth

The CSO security fix stripped the token from /health to prevent leaking
when tunneled. But the extension needs it to authenticate on localhost.
Now returns token only when not tunneled (safe: localhost-only path).

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 browse/src/server.ts | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/browse/src/server.ts b/browse/src/server.ts
index 17eb1ba1..048ea7ca 100644
--- a/browse/src/server.ts
+++ b/browse/src/server.ts
@@ -1290,7 +1290,9 @@ async function start() {
         };
         // Sensitive fields only served on localhost (not through tunnel).
         // currentUrl reveals internal URLs, currentMessage reveals user intent.
+        // token needed by extension to authenticate subsequent requests.
         if (!tunnelActive) {
+          healthResponse.token = AUTH_TOKEN;
           healthResponse.currentUrl = browserManager.getCurrentUrl();
           healthResponse.chatEnabled = true;
           healthResponse.agent = {