docs: tout /pair-agent as headline feature in CHANGELOG + README

Lead with what it does for the user: type /pair-agent, paste into
your other agent, done. First time AI agents from different companies
can coordinate through a shared browser with real security boundaries.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

CHANGELOG.md

@@ -1,18 +1,18 @@
 # Changelog
 
-## [0.15.9.0] - 2026-04-05 — Multi-Agent Browser Platform
+## [0.15.9.0] - 2026-04-05 — `/pair-agent`: Multi-Agent Browser Sharing
 
-Any AI agent can now share your browser. Pair a remote agent with one command (`$B pair-agent`), and it gets its own tab with scoped access. Tab isolation prevents agents from stepping on each other. Tunnel support via ngrok lets agents connect from anywhere.
+Your AI agents can now share a browser. Type `/pair-agent`, paste the output into your other agent (OpenClaw, Hermes, Codex, Cursor, anything), and it can browse the web using your browser. Each agent gets its own tab. They can't mess with each other. You watch everything happen in a visible Chromium window.
+
+This is the first time multiple AI agents from different companies can coordinate through a shared browser with real security boundaries. One command to pair. One paste to connect.
 
 ### Added
 
-- **Token registry for multi-agent access.** Per-agent scoped tokens with read/write/admin/meta scope categories, domain restrictions, rate limiting (10 req/s default), and 24h expiry. Setup keys for secure pairing (5-min TTL, one-time use). Full lifecycle: create, exchange, revoke, rotate.
-- **Tab isolation.** Each agent owns the tabs it creates. Write commands are blocked on tabs you don't own. Read access is always allowed. The user's pre-existing tabs are root-only. `transferTab()` for handoff between agents.
-- **`$B pair-agent` command.** One command generates a copy-pasteable instruction block with curl commands for the remote agent. Smart tunnel fallback: uses tunnel URL if active, warns if ngrok is configured but not running, falls back to localhost. Flags: `--admin`, `--local HOST`, `--client NAME`.
-- **POST /pair endpoint.** Server-side setup key creation for the pairing ceremony. Returns setup key + tunnel URL in one call.
-- **POST /connect endpoint.** Setup key exchange returns a scoped session token. Rate-limited to 3 attempts/minute. Idempotent: if the tunnel drops mid-exchange, the same key can be re-presented.
-- **ngrok tunnel integration.** `BROWSE_TUNNEL=1` opens an ngrok tunnel after server start. Reads auth from `~/.gstack/ngrok.env`. Supports stable domains via `NGROK_DOMAIN`.
-- **Activity attribution.** Every command in the activity stream now includes `clientId` so you can see which agent did what.
+- **`/pair-agent` skill.** Type `/pair-agent` in Claude Code. Pick your agent (OpenClaw, Hermes, Codex, Cursor, generic). If ngrok is installed, the tunnel starts automatically. A visible browser window opens so you can watch. The skill prints a copy-pasteable instruction block the other agent follows to connect. Five minutes to pair, 24 hours of access. Same-machine shortcut: `--local openclaw` writes credentials directly, no copy-paste needed.
+- **Tab isolation.** Each agent owns the tabs it creates. Write commands (click, fill, navigate) are blocked on tabs you don't own. Read commands (snapshot, text, screenshot) work on any tab. The user's pre-existing tabs are root-only. No agent can stomp on another.
+- **Scoped token security.** Per-agent tokens with read/write/admin/meta command scopes, domain glob restrictions (e.g. `*.myapp.com`), rate limiting (10 req/s default), and 24h expiry. Setup keys expire in 5 minutes and can only be used once. Admin scope (JS execution, cookie access) is denied by default. The `chain` command validates every subcommand against the token's scope before executing any of them.
+- **On-demand tunnel.** If ngrok is installed and authed, `/pair-agent` auto-starts a tunnel. No manual setup. The `/health` endpoint strips sensitive data (browsing URLs, user messages) when tunneled so it's safe to expose to the internet.
+- **Activity attribution.** Every command in the activity stream includes `clientId` so you can see which agent did what in the sidebar.
 
 ## [0.15.8.0] - 2026-04-04 — Smarter Reviews
 

README.md

@@ -206,6 +206,7 @@ Each skill feeds into the next. `/office-hours` writes a design doc that `/plan-
 | `/design-html` | **Design Engineer** | Generates production-quality HTML with Pretext for computed text layout. Works with approved mockups, CEO plans, design reviews, or from scratch. Text reflows on resize, heights adjust to content. Smart API routing picks the right Pretext patterns per design type. Framework detection for React/Svelte/Vue. |
 | `/qa` | **QA Lead** | Test your app, find bugs, fix them with atomic commits, re-verify. Auto-generates regression tests for every fix. |
 | `/qa-only` | **QA Reporter** | Same methodology as /qa but report only. Pure bug report without code changes. |
+| `/pair-agent` | **Multi-Agent Coordinator** | Share your browser with any AI agent. One command to pair, one paste to connect. OpenClaw, Hermes, Codex, Cursor, or anything that can curl. Tab isolation, scoped tokens, auto-tunnel via ngrok. |
 | `/cso` | **Chief Security Officer** | OWASP Top 10 + STRIDE threat model. Zero-noise: 17 false positive exclusions, 8/10+ confidence gate, independent finding verification. Each finding includes a concrete exploit scenario. |
 | `/ship` | **Release Engineer** | Sync main, run tests, audit coverage, push, open PR. Bootstraps test frameworks if you don't have one. |
 | `/land-and-deploy` | **Release Engineer** | Merge the PR, wait for CI and deploy, verify production health. One command from "approved" to "verified in production." |
@@ -264,6 +265,8 @@ gstack works well with one sprint. It gets interesting with ten running at once.
 
 **Browser handoff when the AI gets stuck.** Hit a CAPTCHA, auth wall, or MFA prompt? `$B handoff` opens a visible Chrome at the exact same page with all your cookies and tabs intact. Solve the problem, tell Claude you're done, `$B resume` picks up right where it left off. The agent even suggests it automatically after 3 consecutive failures.
 
+**Multi-agent browser sharing.** `/pair-agent` lets any AI agent share your browser. Type the command, pick your agent (OpenClaw, Hermes, Codex, Cursor), paste the instruction block into the other agent's chat, done. The other agent gets its own isolated tab with scoped access. You watch everything in a visible Chromium window. If ngrok is installed, the tunnel starts automatically so remote agents on other machines can connect too. Each agent's commands show up with attribution in the activity stream. This is the first time AI agents from different companies can coordinate through a shared browser with real security boundaries.
+
 **Multi-AI second opinion.** `/codex` gets an independent review from OpenAI's Codex CLI — a completely different AI looking at the same diff. Three modes: code review with a pass/fail gate, adversarial challenge that actively tries to break your code, and open consultation with session continuity. When both `/review` (Claude) and `/codex` (OpenAI) have reviewed the same branch, you get a cross-model analysis showing which findings overlap and which are unique to each.
 
 **Safety guardrails on demand.** Say "be careful" and `/careful` warns before any destructive command — rm -rf, DROP TABLE, force-push, git reset --hard. `/freeze` locks edits to one directory while debugging so Claude can't accidentally "fix" unrelated code. `/guard` activates both. `/investigate` auto-freezes to the module being investigated.
@@ -338,7 +341,7 @@ Available skills: /office-hours, /plan-ceo-review, /plan-eng-review, /plan-desig
 /design-consultation, /design-shotgun, /design-html, /review, /ship, /land-and-deploy,
 /canary, /benchmark, /browse, /open-gstack-browser, /qa, /qa-only, /design-review,
 /setup-browser-cookies, /setup-deploy, /retro, /investigate, /document-release, /codex,
-/cso, /autoplan, /careful, /freeze, /guard, /unfreeze, /gstack-upgrade, /learn.
+/cso, /autoplan, /pair-agent, /careful, /freeze, /guard, /unfreeze, /gstack-upgrade, /learn.
 ```
 
 ## License