Site Audit — full HTTP intelligence for a public URL in one call. Security grade A–F (headers, SSL/TLS, cookies, redirects, CORS, CDN), health verdict ALIVE/DEGRADED/BROKEN + trust score, tech stack (framework/hosting/CDN/third-party), secret scan (scan_depth=quick: light HTML/3 bundles; scan_depth=deep: full supply URL phase with JWT decode, source maps, path probes, live verification), and HTTP request timing. Default probe_engine=fetch (HTTP, 1–3s quick / 8–12s deep secrets). Optional probe_engine=browser runs headless Chrome on Zephex servers (AWS worker when SITE_SQS_QUEUE_URL is set, else in-process Chromium) for real JS console errors and browser network capture — security headers still use raw HTTP fetch. CALL when: user pastes a URL; post-deploy security check; cert expiry or HSTS/CSP questions; cookie flag audit; redirect chain; is the site up; what framework; exposed secrets on a live page; JS console errors (probe_engine=browser). RETURNS: product (site_audit), duration_ms, plain_summary, fix_first, summary (security_grade, site_verdict, trust_score, load_ms, secrets_critical, secrets_verified, supply_paths_probed, supply_headers_grade), health (probe_engine, console_errors when browser), tech, secrets (findings, scan_meta, scan_depth), network, issues[], ssl, security_headers, cookie_flags, redirect_chain, infra, dns (security_depth=full only). LIMITS: Public hostnames on ports 80/443 only. Blocks localhost, private IPs, and URLs with embedded credentials. probe_engine=browser requires server-side Chromium or cloud worker — gracefully falls back to fetch with probe_fallback_warning if unavailable. Rate limit: one scan per hostname per 5 seconds.