feat: harden remote serve and reuse connections

- Gate TCP serve commands with safe-by-default policies, per-key allow tokens, per-key rate limiting, and audit labels.
- Reuse authenticated encrypted remote sessions and parallelize/caches multi-browser fanout to reduce repeated handshake roundtrips.
- Increase paged native-host batch size with extension-side byte budgeting to speed large tab listings safely.
- Point install output at public Chrome Web Store / Firefox AMO listings by default, with --dev preserving unpacked workflows.
- Share search-engine metadata between CLI and SDK and bump the package/extension version to 0.16.0.
- Cover the new security, pooling, paging, install, and fanout behavior with expanded Python and extension tests.

browser_cli/commands/auth.py

@@ -8,6 +8,8 @@ from pathlib import Path
 import click
 from rich.console import Console
 
+from browser_cli.commands import command_categories_from_options, command_policy_options, handle_errors
+
 console = Console()
 
 @click.group("auth")
@@ -39,9 +41,15 @@ def cmd_auth_keygen(output, force):
 @click.argument("pubkey")
 @click.option("--name", default="", metavar="NAME", help="Human-friendly label for this key.")
 @click.option("--file", "keys_file", default=None, metavar="PATH", help="Authorized keys file (default: ~/.config/browser-cli/authorized_keys).")
+@command_policy_options
 @click.pass_context
-def cmd_auth_trust(ctx, pubkey, name, keys_file):
-  """Add a public key to the authorized keys file (locally or on a remote serve host)."""
+@handle_errors
+def cmd_auth_trust(ctx, pubkey, name, keys_file, allow_read_page, allow_control, allow_dangerous, allow_keys, allow_all):
+  """Add a public key to the authorized keys file (locally or on a remote serve host).
+
+  Pass --allow-read-page/--allow-control/--allow-dangerous/--allow-all to record a
+  per-key policy (an ``allow:`` token); without any, the key uses the server default.
+  """
   from browser_cli.auth import DEFAULT_AUTHORIZED_KEYS_PATH, add_authorized_key
 
   if len(pubkey) != 64:
@@ -53,28 +61,37 @@ def cmd_auth_trust(ctx, pubkey, name, keys_file):
     console.print("[red]Invalid public key:[/red] not valid hex")
     sys.exit(1)
 
+  categories = command_categories_from_options(
+    allow_read_page=allow_read_page, allow_control=allow_control,
+    allow_dangerous=allow_dangerous, allow_keys=allow_keys, allow_all=allow_all,
+  )
+  policy_label = f" [dim]allow:{','.join(categories)}[/dim]" if categories else ""
+
   remote = (ctx.obj or {}).get("remote")
   if remote:
     from browser_cli.client import send_command
+    args = {"pubkey": pubkey, "name": name}
+    if categories is not None:
+      args["allow"] = categories
     result = send_command(
       "browser-cli.auth.trust",
-      args={"pubkey": pubkey, "name": name},
+      args=args,
       remote=remote,
       key=(ctx.obj or {}).get("key"),
     )
     added = (result or {}).get("added", False)
     label = f" ({name})" if name else ""
     if added:
-      console.print(f"[green]✓[/green] Trusted on {remote}{label}: [cyan]{pubkey}[/cyan]")
+      console.print(f"[green]✓[/green] Trusted on {remote}{label}: [cyan]{pubkey}[/cyan]{policy_label}")
     else:
       console.print(f"[yellow]Already trusted on {remote}:[/yellow] {pubkey}")
     return
 
   path = Path(keys_file) if keys_file else DEFAULT_AUTHORIZED_KEYS_PATH
-  added = add_authorized_key(path, pubkey, name)
+  added = add_authorized_key(path, pubkey, name, categories)
   label = f" ({name})" if name else ""
   if added:
-    console.print(f"[green]✓[/green] Trusted{label}: [cyan]{pubkey}[/cyan]")
+    console.print(f"[green]✓[/green] Trusted{label}: [cyan]{pubkey}[/cyan]{policy_label}")
     console.print(f"  File: {path}")
     console.print("\nStart the server with:")
     console.print(f"  [dim]browser-cli serve --authorized-keys {path}[/dim]")
@@ -123,6 +140,7 @@ def cmd_auth_show(key_src):
 @auth_group.command("keys")
 @click.option("--file", "keys_file", default=None, metavar="PATH", help="Authorized keys file (default: ~/.config/browser-cli/authorized_keys).")
 @click.pass_context
+@handle_errors
 def cmd_auth_keys(ctx, keys_file):
   """List trusted public keys (server's authorized_keys). With --remote, queries the remote server."""
   from rich.table import Table
@@ -138,9 +156,9 @@ def cmd_auth_keys(ctx, keys_file):
     entries = result or []
     source_label = remote
   else:
-    from browser_cli.auth import DEFAULT_AUTHORIZED_KEYS_PATH, load_authorized_keys_with_names
+    from browser_cli.auth import DEFAULT_AUTHORIZED_KEYS_PATH, load_authorized_keys_with_policies
     path = Path(keys_file) if keys_file else DEFAULT_AUTHORIZED_KEYS_PATH
-    entries = [{"pubkey": pk, "name": name} for pk, name in load_authorized_keys_with_names(path)]
+    entries = [{"pubkey": pk, "name": name, "allow": cats} for pk, name, cats in load_authorized_keys_with_policies(path)]
     source_label = str(path)
 
   if not entries:
@@ -151,7 +169,16 @@ def cmd_auth_keys(ctx, keys_file):
   table = Table(show_header=True, header_style="bold cyan")
   table.add_column("Name")
   table.add_column("Public Key")
+  table.add_column("Policy")
   for entry in entries:
     name = entry.get("name") or "[dim]—[/dim]"
-    table.add_row(name, entry.get("pubkey", ""))
+    table.add_row(name, entry.get("pubkey", ""), _policy_label(entry.get("allow")))
   console.print(table)
+
+def _policy_label(categories) -> str:
+  """Render an authorized_keys ``allow:`` token for display."""
+  if categories is None:
+    return "[dim]server default[/dim]"
+  if "all" in categories:
+    return "[yellow]all[/yellow]"
+  return ", ".join(categories) if categories else "safe"