npm - @google/gemini-cli-core - Versions diffs - 0.1.12 → 0.1.13-nightly.250727.3e81359c - Mend

@google/gemini-cli-core 0.1.12 → 0.1.13-nightly.250727.3e81359c

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (309) hide show

package/README.md +30 -3
package/dist/google-gemini-cli-core-0.1.13.tgz +0 -0
package/dist/src/code_assist/codeAssist.js +2 -2
package/dist/src/code_assist/codeAssist.js.map +1 -1
package/dist/src/code_assist/oauth2.js +46 -5
package/dist/src/code_assist/oauth2.js.map +1 -1
package/dist/src/code_assist/oauth2.test.js +107 -10
package/dist/src/code_assist/oauth2.test.js.map +1 -1
package/dist/src/code_assist/server.d.ts +4 -6
package/dist/src/code_assist/server.js +4 -69
package/dist/src/code_assist/server.js.map +1 -1
package/dist/src/code_assist/server.test.js +10 -2
package/dist/src/code_assist/server.test.js.map +1 -1
package/dist/src/code_assist/setup.d.ts +6 -1
package/dist/src/code_assist/setup.js +4 -1
package/dist/src/code_assist/setup.js.map +1 -1
package/dist/src/code_assist/setup.test.js +4 -1
package/dist/src/code_assist/setup.test.js.map +1 -1
package/dist/src/code_assist/types.d.ts +2 -2
package/dist/src/config/config.d.ts +55 -11
package/dist/src/config/config.js +85 -33
package/dist/src/config/config.js.map +1 -1
package/dist/src/config/config.test.js +29 -26
package/dist/src/config/config.test.js.map +1 -1
package/dist/src/config/flashFallback.test.js +1 -1
package/dist/src/config/flashFallback.test.js.map +1 -1
package/dist/src/core/client.d.ts +8 -3
package/dist/src/core/client.js +62 -3
package/dist/src/core/client.js.map +1 -1
package/dist/src/core/client.test.js +145 -37
package/dist/src/core/client.test.js.map +1 -1
package/dist/src/core/contentGenerator.d.ts +3 -2
package/dist/src/core/contentGenerator.js +5 -4
package/dist/src/core/contentGenerator.js.map +1 -1
package/dist/src/core/contentGenerator.test.js +12 -5
package/dist/src/core/contentGenerator.test.js.map +1 -1
package/dist/src/core/coreToolScheduler.js +14 -1
package/dist/src/core/coreToolScheduler.js.map +1 -1
package/dist/src/core/coreToolScheduler.test.js +84 -2
package/dist/src/core/coreToolScheduler.test.js.map +1 -1
package/dist/src/core/geminiChat.d.ts +4 -3
package/dist/src/core/geminiChat.js +8 -11
package/dist/src/core/geminiChat.js.map +1 -1
package/dist/src/core/geminiRequest.js +2 -37
package/dist/src/core/geminiRequest.js.map +1 -1
package/dist/src/core/logger.js +6 -0
package/dist/src/core/logger.js.map +1 -1
package/dist/src/core/logger.test.js +1 -1
package/dist/src/core/logger.test.js.map +1 -1
package/dist/src/core/modelCheck.d.ts +1 -1
package/dist/src/core/modelCheck.js +10 -3
package/dist/src/core/modelCheck.js.map +1 -1
package/dist/src/core/nonInteractiveToolExecutor.test.js +8 -5
package/dist/src/core/nonInteractiveToolExecutor.test.js.map +1 -1
package/dist/src/core/prompts.js +42 -18
package/dist/src/core/prompts.js.map +1 -1
package/dist/src/core/prompts.test.js +121 -4
package/dist/src/core/prompts.test.js.map +1 -1
package/dist/src/core/turn.d.ts +12 -3
package/dist/src/core/turn.js +10 -0
package/dist/src/core/turn.js.map +1 -1
package/dist/src/core/turn.test.js +129 -0
package/dist/src/core/turn.test.js.map +1 -1
package/dist/src/ide/ide-client.d.ts +28 -0
package/dist/src/ide/ide-client.js +88 -0
package/dist/src/ide/ide-client.js.map +1 -0
package/dist/src/ide/ideContext.d.ts +174 -0
package/dist/src/ide/ideContext.js +101 -0
package/dist/src/ide/ideContext.js.map +1 -0
package/dist/src/ide/ideContext.test.js +111 -0
package/dist/src/ide/ideContext.test.js.map +1 -0
package/dist/src/index.d.ts +15 -0
package/dist/src/index.js +17 -0
package/dist/src/index.js.map +1 -1
package/dist/src/mcp/google-auth-provider.d.ts +23 -0
package/dist/src/mcp/google-auth-provider.js +63 -0
package/dist/src/mcp/google-auth-provider.js.map +1 -0
package/dist/src/mcp/google-auth-provider.test.d.ts +6 -0
package/dist/src/mcp/google-auth-provider.test.js +54 -0
package/dist/src/mcp/google-auth-provider.test.js.map +1 -0
package/dist/src/mcp/oauth-provider.d.ts +142 -0
package/dist/src/mcp/oauth-provider.js +446 -0
package/dist/src/mcp/oauth-provider.js.map +1 -0
package/dist/src/mcp/oauth-provider.test.d.ts +6 -0
package/dist/src/mcp/oauth-provider.test.js +520 -0
package/dist/src/mcp/oauth-provider.test.js.map +1 -0
package/dist/src/mcp/oauth-token-storage.d.ts +81 -0
package/dist/src/mcp/oauth-token-storage.js +149 -0
package/dist/src/mcp/oauth-token-storage.js.map +1 -0
package/dist/src/mcp/oauth-token-storage.test.d.ts +6 -0
package/dist/src/mcp/oauth-token-storage.test.js +205 -0
package/dist/src/mcp/oauth-token-storage.test.js.map +1 -0
package/dist/src/mcp/oauth-utils.d.ts +109 -0
package/dist/src/mcp/oauth-utils.js +183 -0
package/dist/src/mcp/oauth-utils.js.map +1 -0
package/dist/src/mcp/oauth-utils.test.d.ts +6 -0
package/dist/src/mcp/oauth-utils.test.js +144 -0
package/dist/src/mcp/oauth-utils.test.js.map +1 -0
package/dist/src/prompts/mcp-prompts.d.ts +8 -0
package/dist/src/prompts/mcp-prompts.js +13 -0
package/dist/src/prompts/mcp-prompts.js.map +1 -0
package/dist/src/prompts/prompt-registry.d.ts +26 -0
package/dist/src/prompts/prompt-registry.js +47 -0
package/dist/src/prompts/prompt-registry.js.map +1 -0
package/dist/src/services/fileDiscoveryService.test.js +101 -60
package/dist/src/services/fileDiscoveryService.test.js.map +1 -1
package/dist/src/services/gitService.js +1 -5
package/dist/src/services/gitService.js.map +1 -1
package/dist/src/services/gitService.test.js +68 -92
package/dist/src/services/gitService.test.js.map +1 -1
package/dist/src/services/loopDetectionService.d.ts +94 -0
package/dist/src/services/loopDetectionService.js +318 -0
package/dist/src/services/loopDetectionService.js.map +1 -0
package/dist/src/services/loopDetectionService.test.d.ts +6 -0
package/dist/src/services/loopDetectionService.test.js +266 -0
package/dist/src/services/loopDetectionService.test.js.map +1 -0
package/dist/src/services/shellExecutionService.d.ts +70 -0
package/dist/src/services/shellExecutionService.js +152 -0
package/dist/src/services/shellExecutionService.js.map +1 -0
package/dist/src/services/shellExecutionService.test.d.ts +6 -0
package/dist/src/services/shellExecutionService.test.js +258 -0
package/dist/src/services/shellExecutionService.test.js.map +1 -0
package/dist/src/telemetry/clearcut-logger/clearcut-logger.d.ts +5 -1
package/dist/src/telemetry/clearcut-logger/clearcut-logger.js +69 -4
package/dist/src/telemetry/clearcut-logger/clearcut-logger.js.map +1 -1
package/dist/src/telemetry/clearcut-logger/event-metadata-key.d.ts +4 -1
package/dist/src/telemetry/clearcut-logger/event-metadata-key.js +9 -0
package/dist/src/telemetry/clearcut-logger/event-metadata-key.js.map +1 -1
package/dist/src/telemetry/constants.d.ts +1 -0
package/dist/src/telemetry/constants.js +1 -0
package/dist/src/telemetry/constants.js.map +1 -1
package/dist/src/telemetry/file-exporters.d.ts +28 -0
package/dist/src/telemetry/file-exporters.js +62 -0
package/dist/src/telemetry/file-exporters.js.map +1 -0
package/dist/src/telemetry/integration.test.circular.d.ts +6 -0
package/dist/src/telemetry/integration.test.circular.js +53 -0
package/dist/src/telemetry/integration.test.circular.js.map +1 -0
package/dist/src/telemetry/loggers.d.ts +3 -1
package/dist/src/telemetry/loggers.js +34 -2
package/dist/src/telemetry/loggers.js.map +1 -1
package/dist/src/telemetry/loggers.test.circular.d.ts +6 -0
package/dist/src/telemetry/loggers.test.circular.js +100 -0
package/dist/src/telemetry/loggers.test.circular.js.map +1 -0
package/dist/src/telemetry/sdk.js +17 -6
package/dist/src/telemetry/sdk.js.map +1 -1
package/dist/src/telemetry/types.d.ts +19 -1
package/dist/src/telemetry/types.js +28 -0
package/dist/src/telemetry/types.js.map +1 -1
package/dist/src/telemetry/uiTelemetry.d.ts +1 -0
package/dist/src/telemetry/uiTelemetry.js +7 -0
package/dist/src/telemetry/uiTelemetry.js.map +1 -1
package/dist/src/telemetry/uiTelemetry.test.js +92 -0
package/dist/src/telemetry/uiTelemetry.test.js.map +1 -1
package/dist/src/tools/edit.d.ts +7 -12
package/dist/src/tools/edit.js +34 -32
package/dist/src/tools/edit.js.map +1 -1
package/dist/src/tools/edit.test.js +12 -0
package/dist/src/tools/edit.test.js.map +1 -1
package/dist/src/tools/glob.d.ts +1 -14
package/dist/src/tools/glob.js +13 -36
package/dist/src/tools/glob.js.map +1 -1
package/dist/src/tools/glob.test.js +11 -7
package/dist/src/tools/glob.test.js.map +1 -1
package/dist/src/tools/grep.d.ts +3 -6
package/dist/src/tools/grep.js +12 -18
package/dist/src/tools/grep.js.map +1 -1
package/dist/src/tools/grep.test.js +9 -6
package/dist/src/tools/grep.test.js.map +1 -1
package/dist/src/tools/ls.d.ts +6 -14
package/dist/src/tools/ls.js +47 -40
package/dist/src/tools/ls.js.map +1 -1
package/dist/src/tools/mcp-client.d.ts +83 -1
package/dist/src/tools/mcp-client.js +613 -148
package/dist/src/tools/mcp-client.js.map +1 -1
package/dist/src/tools/mcp-client.test.js +211 -616
package/dist/src/tools/mcp-client.test.js.map +1 -1
package/dist/src/tools/mcp-tool.d.ts +11 -5
package/dist/src/tools/mcp-tool.js +34 -10
package/dist/src/tools/mcp-tool.js.map +1 -1
package/dist/src/tools/mcp-tool.test.js +74 -24
package/dist/src/tools/mcp-tool.test.js.map +1 -1
package/dist/src/tools/memoryTool.js +2 -2
package/dist/src/tools/memoryTool.js.map +1 -1
package/dist/src/tools/modifiable-tool.test.js +51 -62
package/dist/src/tools/modifiable-tool.test.js.map +1 -1
package/dist/src/tools/read-file.d.ts +3 -3
package/dist/src/tools/read-file.js +10 -10
package/dist/src/tools/read-file.js.map +1 -1
package/dist/src/tools/read-file.test.js +100 -70
package/dist/src/tools/read-file.test.js.map +1 -1
package/dist/src/tools/read-many-files.d.ts +6 -10
package/dist/src/tools/read-many-files.js +74 -43
package/dist/src/tools/read-many-files.js.map +1 -1
package/dist/src/tools/read-many-files.test.js +7 -3
package/dist/src/tools/read-many-files.test.js.map +1 -1
package/dist/src/tools/shell.d.ts +3 -23
package/dist/src/tools/shell.js +169 -293
package/dist/src/tools/shell.js.map +1 -1
package/dist/src/tools/shell.test.js +255 -333
package/dist/src/tools/shell.test.js.map +1 -1
package/dist/src/tools/tool-registry.d.ts +13 -2
package/dist/src/tools/tool-registry.js +57 -10
package/dist/src/tools/tool-registry.js.map +1 -1
package/dist/src/tools/tool-registry.test.js +112 -41
package/dist/src/tools/tool-registry.test.js.map +1 -1
package/dist/src/tools/tools.d.ts +37 -2
package/dist/src/tools/tools.js +25 -2
package/dist/src/tools/tools.js.map +1 -1
package/dist/src/tools/web-fetch.js +7 -2
package/dist/src/tools/web-fetch.js.map +1 -1
package/dist/src/tools/web-fetch.test.js +1 -0
package/dist/src/tools/web-fetch.test.js.map +1 -1
package/dist/src/tools/web-search.js +2 -2
package/dist/src/tools/web-search.js.map +1 -1
package/dist/src/tools/write-file.d.ts +0 -8
package/dist/src/tools/write-file.js +14 -23
package/dist/src/tools/write-file.js.map +1 -1
package/dist/src/utils/bfsFileSearch.d.ts +2 -0
package/dist/src/utils/bfsFileSearch.js +4 -1
package/dist/src/utils/bfsFileSearch.js.map +1 -1
package/dist/src/utils/bfsFileSearch.test.js +108 -105
package/dist/src/utils/bfsFileSearch.test.js.map +1 -1
package/dist/src/utils/browser.d.ts +13 -0
package/dist/src/utils/browser.js +49 -0
package/dist/src/utils/browser.js.map +1 -0
package/dist/src/utils/editCorrector.js +4 -4
package/dist/src/utils/editCorrector.js.map +1 -1
package/dist/src/utils/editCorrector.test.js +1 -1
package/dist/src/utils/editor.js +16 -10
package/dist/src/utils/editor.js.map +1 -1
package/dist/src/utils/editor.test.js +128 -28
package/dist/src/utils/editor.test.js.map +1 -1
package/dist/src/utils/errorReporting.d.ts +1 -1
package/dist/src/utils/errorReporting.js +2 -2
package/dist/src/utils/errorReporting.js.map +1 -1
package/dist/src/utils/errorReporting.test.js +44 -38
package/dist/src/utils/errorReporting.test.js.map +1 -1
package/dist/src/utils/errors.js +4 -4
package/dist/src/utils/errors.js.map +1 -1
package/dist/src/utils/fileUtils.d.ts +4 -4
package/dist/src/utils/fileUtils.js +33 -17
package/dist/src/utils/fileUtils.js.map +1 -1
package/dist/src/utils/fileUtils.test.js +37 -37
package/dist/src/utils/fileUtils.test.js.map +1 -1
package/dist/src/utils/formatters.d.ts +6 -0
package/dist/src/utils/formatters.js +16 -0
package/dist/src/utils/formatters.js.map +1 -0
package/dist/src/utils/getFolderStructure.d.ts +3 -2
package/dist/src/utils/getFolderStructure.js +27 -28
package/dist/src/utils/getFolderStructure.js.map +1 -1
package/dist/src/utils/getFolderStructure.test.js +169 -187
package/dist/src/utils/getFolderStructure.test.js.map +1 -1
package/dist/src/utils/gitIgnoreParser.js +4 -7
package/dist/src/utils/gitIgnoreParser.js.map +1 -1
package/dist/src/utils/gitIgnoreParser.test.js +70 -61
package/dist/src/utils/gitIgnoreParser.test.js.map +1 -1
package/dist/src/utils/memoryDiscovery.d.ts +2 -1
package/dist/src/utils/memoryDiscovery.js +11 -5
package/dist/src/utils/memoryDiscovery.js.map +1 -1
package/dist/src/utils/memoryDiscovery.test.js +160 -371
package/dist/src/utils/memoryDiscovery.test.js.map +1 -1
package/dist/src/utils/partUtils.d.ts +14 -0
package/dist/src/utils/partUtils.js +65 -0
package/dist/src/utils/partUtils.js.map +1 -0
package/dist/src/utils/partUtils.test.d.ts +6 -0
package/dist/src/utils/partUtils.test.js +130 -0
package/dist/src/utils/partUtils.test.js.map +1 -0
package/dist/src/utils/paths.d.ts +11 -0
package/dist/src/utils/paths.js +17 -1
package/dist/src/utils/paths.js.map +1 -1
package/dist/src/utils/quotaErrorDetection.js +2 -11
package/dist/src/utils/quotaErrorDetection.js.map +1 -1
package/dist/src/utils/retry.d.ts +6 -0
package/dist/src/utils/retry.js +2 -2
package/dist/src/utils/retry.js.map +1 -1
package/dist/src/utils/safeJsonStringify.d.ts +13 -0
package/dist/src/utils/safeJsonStringify.js +25 -0
package/dist/src/utils/safeJsonStringify.js.map +1 -0
package/dist/src/utils/safeJsonStringify.test.d.ts +6 -0
package/dist/src/utils/safeJsonStringify.test.js +61 -0
package/dist/src/utils/safeJsonStringify.test.js.map +1 -0
package/dist/src/utils/schemaValidator.d.ts +1 -1
package/dist/src/utils/schemaValidator.js +6 -3
package/dist/src/utils/schemaValidator.js.map +1 -1
package/dist/src/utils/shell-utils.d.ts +44 -0
package/dist/src/utils/shell-utils.js +243 -0
package/dist/src/utils/shell-utils.js.map +1 -0
package/dist/src/utils/shell-utils.test.d.ts +6 -0
package/dist/src/utils/shell-utils.test.js +450 -0
package/dist/src/utils/shell-utils.test.js.map +1 -0
package/dist/src/utils/summarizer.d.ts +1 -1
package/dist/src/utils/summarizer.js +11 -39
package/dist/src/utils/summarizer.js.map +1 -1
package/dist/src/utils/summarizer.test.js +1 -1
package/dist/src/utils/systemEncoding.d.ts +40 -0
package/dist/src/utils/systemEncoding.js +149 -0
package/dist/src/utils/systemEncoding.js.map +1 -0
package/dist/src/utils/systemEncoding.test.d.ts +6 -0
package/dist/src/utils/systemEncoding.test.js +368 -0
package/dist/src/utils/systemEncoding.test.js.map +1 -0
package/dist/src/utils/textUtils.d.ts +13 -0
package/dist/src/utils/textUtils.js +28 -0
package/dist/src/utils/textUtils.js.map +1 -0
package/dist/tsconfig.tsbuildinfo +1 -1
package/package.json +4 -3
package/dist/google-gemini-cli-core-0.1.11.tgz +0 -0
package/dist/src/core/geminiRequest.test.js +0 -72
package/dist/src/core/geminiRequest.test.js.map +0 -1
/package/dist/src/{core/geminiRequest.test.d.ts → ide/ideContext.test.d.ts} +0 -0

package/dist/src/tools/mcp-client.js CHANGED Viewed

@@ -7,10 +7,16 @@ import { Client } from '@modelcontextprotocol/sdk/client/index.js';
 import { StdioClientTransport } from '@modelcontextprotocol/sdk/client/stdio.js';
 import { SSEClientTransport, } from '@modelcontextprotocol/sdk/client/sse.js';
 import { StreamableHTTPClientTransport, } from '@modelcontextprotocol/sdk/client/streamableHttp.js';
+import { ListPromptsResultSchema, GetPromptResultSchema, } from '@modelcontextprotocol/sdk/types.js';
 import { parse } from 'shell-quote';
+import { AuthProviderType } from '../config/config.js';
+import { GoogleCredentialProvider } from '../mcp/google-auth-provider.js';
 import { DiscoveredMCPTool } from './mcp-tool.js';
-import { Type, mcpToTool } from '@google/genai';
-import { sanitizeParameters } from './tool-registry.js';
+import { mcpToTool } from '@google/genai';
+import { MCPOAuthProvider } from '../mcp/oauth-provider.js';
+import { OAuthUtils } from '../mcp/oauth-utils.js';
+import { MCPOAuthTokenStorage } from '../mcp/oauth-token-storage.js';
+import { getErrorMessage } from '../utils/errors.js';
 export const MCP_DEFAULT_TIMEOUT_MSEC = 10 * 60 * 1000; // default to 10 minutes
 /**
  * Enum representing the connection status of an MCP server
@@ -39,11 +45,15 @@ export var MCPDiscoveryState;
 /**
  * Map to track the status of each MCP server within the core package
  */
-const mcpServerStatusesInternal = new Map();
+const serverStatuses = new Map();
 /**
  * Track the overall MCP discovery state
  */
 let mcpDiscoveryState = MCPDiscoveryState.NOT_STARTED;
+/**
+ * Map to track which MCP servers have been discovered to require OAuth
+ */
+export const mcpServerRequiresOAuth = new Map();
 const statusChangeListeners = [];
 /**
  * Add a listener for MCP server status changes
@@ -64,7 +74,7 @@ export function removeMCPStatusChangeListener(listener) {
  * Update the status of an MCP server
  */
 function updateMCPServerStatus(serverName, status) {
-    mcpServerStatusesInternal.set(serverName, status);
+    serverStatuses.set(serverName, status);
     // Notify all listeners
     for (const listener of statusChangeListeners) {
         listener(serverName, status);
@@ -74,13 +84,13 @@ function updateMCPServerStatus(serverName, status) {
  * Get the current status of an MCP server
  */
 export function getMCPServerStatus(serverName) {
-    return (mcpServerStatusesInternal.get(serverName) || MCPServerStatus.DISCONNECTED);
+    return serverStatuses.get(serverName) || MCPServerStatus.DISCONNECTED;
 }
 /**
  * Get all MCP server statuses
  */
 export function getAllMCPServerStatuses() {
-    return new Map(mcpServerStatusesInternal);
+    return new Map(serverStatuses);
 }
 /**
  * Get the current MCP discovery state
@@ -88,33 +98,169 @@ export function getAllMCPServerStatuses() {
 export function getMCPDiscoveryState() {
     return mcpDiscoveryState;
 }
-export async function discoverMcpTools(mcpServers, mcpServerCommand, toolRegistry) {
-    // Set discovery state to in progress
-    mcpDiscoveryState = MCPDiscoveryState.IN_PROGRESS;
+/**
+ * Parse www-authenticate header to extract OAuth metadata URI.
+ *
+ * @param wwwAuthenticate The www-authenticate header value
+ * @returns The resource metadata URI if found, null otherwise
+ */
+function _parseWWWAuthenticate(wwwAuthenticate) {
+    // Parse header like: Bearer realm="MCP Server", resource_metadata_uri="https://..."
+    const resourceMetadataMatch = wwwAuthenticate.match(/resource_metadata_uri="([^"]+)"/);
+    return resourceMetadataMatch ? resourceMetadataMatch[1] : null;
+}
+/**
+ * Extract WWW-Authenticate header from error message string.
+ * This is a more robust approach than regex matching.
+ *
+ * @param errorString The error message string
+ * @returns The www-authenticate header value if found, null otherwise
+ */
+function extractWWWAuthenticateHeader(errorString) {
+    // Try multiple patterns to extract the header
+    const patterns = [
+        /www-authenticate:\s*([^\n\r]+)/i,
+        /WWW-Authenticate:\s*([^\n\r]+)/i,
+        /"www-authenticate":\s*"([^"]+)"/i,
+        /'www-authenticate':\s*'([^']+)'/i,
+    ];
+    for (const pattern of patterns) {
+        const match = errorString.match(pattern);
+        if (match) {
+            return match[1].trim();
+        }
+    }
+    return null;
+}
+/**
+ * Handle automatic OAuth discovery and authentication for a server.
+ *
+ * @param mcpServerName The name of the MCP server
+ * @param mcpServerConfig The MCP server configuration
+ * @param wwwAuthenticate The www-authenticate header value
+ * @returns True if OAuth was successfully configured and authenticated, false otherwise
+ */
+async function handleAutomaticOAuth(mcpServerName, mcpServerConfig, wwwAuthenticate) {
     try {
-        if (mcpServerCommand) {
-            const cmd = mcpServerCommand;
-            const args = parse(cmd, process.env);
-            if (args.some((arg) => typeof arg !== 'string')) {
-                throw new Error('failed to parse mcpServerCommand: ' + cmd);
-            }
-            // use generic server name 'mcp'
-            mcpServers['mcp'] = {
-                command: args[0],
-                args: args.slice(1),
+        console.log(`🔐 '${mcpServerName}' requires OAuth authentication`);
+        // Always try to parse the resource metadata URI from the www-authenticate header
+        let oauthConfig;
+        const resourceMetadataUri = OAuthUtils.parseWWWAuthenticateHeader(wwwAuthenticate);
+        if (resourceMetadataUri) {
+            oauthConfig = await OAuthUtils.discoverOAuthConfig(resourceMetadataUri);
+        }
+        else if (mcpServerConfig.url) {
+            // Fallback: try to discover OAuth config from the base URL for SSE
+            const sseUrl = new URL(mcpServerConfig.url);
+            const baseUrl = `${sseUrl.protocol}//${sseUrl.host}`;
+            oauthConfig = await OAuthUtils.discoverOAuthConfig(baseUrl);
+        }
+        else if (mcpServerConfig.httpUrl) {
+            // Fallback: try to discover OAuth config from the base URL for HTTP
+            const httpUrl = new URL(mcpServerConfig.httpUrl);
+            const baseUrl = `${httpUrl.protocol}//${httpUrl.host}`;
+            oauthConfig = await OAuthUtils.discoverOAuthConfig(baseUrl);
+        }
+        if (!oauthConfig) {
+            console.error(`❌ Could not configure OAuth for '${mcpServerName}' - please authenticate manually with /mcp auth ${mcpServerName}`);
+            return false;
+        }
+        // OAuth configuration discovered - proceed with authentication
+        // Create OAuth configuration for authentication
+        const oauthAuthConfig = {
+            enabled: true,
+            authorizationUrl: oauthConfig.authorizationUrl,
+            tokenUrl: oauthConfig.tokenUrl,
+            scopes: oauthConfig.scopes || [],
+        };
+        // Perform OAuth authentication
+        console.log(`Starting OAuth authentication for server '${mcpServerName}'...`);
+        await MCPOAuthProvider.authenticate(mcpServerName, oauthAuthConfig);
+        console.log(`OAuth authentication successful for server '${mcpServerName}'`);
+        return true;
+    }
+    catch (error) {
+        console.error(`Failed to handle automatic OAuth for server '${mcpServerName}': ${getErrorMessage(error)}`);
+        return false;
+    }
+}
+/**
+ * Create a transport with OAuth token for the given server configuration.
+ *
+ * @param mcpServerName The name of the MCP server
+ * @param mcpServerConfig The MCP server configuration
+ * @param accessToken The OAuth access token
+ * @returns The transport with OAuth token, or null if creation fails
+ */
+async function createTransportWithOAuth(mcpServerName, mcpServerConfig, accessToken) {
+    try {
+        if (mcpServerConfig.httpUrl) {
+            // Create HTTP transport with OAuth token
+            const oauthTransportOptions = {
+                requestInit: {
+                    headers: {
+                        ...mcpServerConfig.headers,
+                        Authorization: `Bearer ${accessToken}`,
+                    },
+                },
             };
+            return new StreamableHTTPClientTransport(new URL(mcpServerConfig.httpUrl), oauthTransportOptions);
         }
-        const discoveryPromises = Object.entries(mcpServers).map(([mcpServerName, mcpServerConfig]) => connectAndDiscover(mcpServerName, mcpServerConfig, toolRegistry));
-        await Promise.all(discoveryPromises);
-        // Mark discovery as completed
-        mcpDiscoveryState = MCPDiscoveryState.COMPLETED;
+        else if (mcpServerConfig.url) {
+            // Create SSE transport with OAuth token in Authorization header
+            return new SSEClientTransport(new URL(mcpServerConfig.url), {
+                requestInit: {
+                    headers: {
+                        ...mcpServerConfig.headers,
+                        Authorization: `Bearer ${accessToken}`,
+                    },
+                },
+            });
+        }
+        return null;
     }
     catch (error) {
-        // Still mark as completed even with errors
+        console.error(`Failed to create OAuth transport for server '${mcpServerName}': ${getErrorMessage(error)}`);
+        return null;
+    }
+}
+/**
+ * Discovers tools from all configured MCP servers and registers them with the tool registry.
+ * It orchestrates the connection and discovery process for each server defined in the
+ * configuration, as well as any server specified via a command-line argument.
+ *
+ * @param mcpServers A record of named MCP server configurations.
+ * @param mcpServerCommand An optional command string for a dynamically specified MCP server.
+ * @param toolRegistry The central registry where discovered tools will be registered.
+ * @returns A promise that resolves when the discovery process has been attempted for all servers.
+ */
+export async function discoverMcpTools(mcpServers, mcpServerCommand, toolRegistry, promptRegistry, debugMode) {
+    mcpDiscoveryState = MCPDiscoveryState.IN_PROGRESS;
+    try {
+        mcpServers = populateMcpServerCommand(mcpServers, mcpServerCommand);
+        const discoveryPromises = Object.entries(mcpServers).map(([mcpServerName, mcpServerConfig]) => connectAndDiscover(mcpServerName, mcpServerConfig, toolRegistry, promptRegistry, debugMode));
+        await Promise.all(discoveryPromises);
+    }
+    finally {
         mcpDiscoveryState = MCPDiscoveryState.COMPLETED;
-        throw error;
     }
 }
+/** Visible for Testing */
+export function populateMcpServerCommand(mcpServers, mcpServerCommand) {
+    if (mcpServerCommand) {
+        const cmd = mcpServerCommand;
+        const args = parse(cmd, process.env);
+        if (args.some((arg) => typeof arg !== 'string')) {
+            throw new Error('failed to parse mcpServerCommand: ' + cmd);
+        }
+        // use generic server name 'mcp'
+        mcpServers['mcp'] = {
+            command: args[0],
+            args: args.slice(1),
+        };
+    }
+    return mcpServers;
+}
 /**
  * Connects to an MCP server and discovers available tools, registering them with the tool registry.
  * This function handles the complete lifecycle of connecting to a server, discovering tools,
@@ -125,46 +271,129 @@ export async function discoverMcpTools(mcpServers, mcpServerCommand, toolRegistr
  * @param toolRegistry The registry to register discovered tools with
  * @returns Promise that resolves when discovery is complete
  */
-async function connectAndDiscover(mcpServerName, mcpServerConfig, toolRegistry) {
-    // Initialize the server status as connecting
+export async function connectAndDiscover(mcpServerName, mcpServerConfig, toolRegistry, promptRegistry, debugMode) {
     updateMCPServerStatus(mcpServerName, MCPServerStatus.CONNECTING);
-    let transport;
-    if (mcpServerConfig.httpUrl) {
-        const transportOptions = {};
-        if (mcpServerConfig.headers) {
-            transportOptions.requestInit = {
-                headers: mcpServerConfig.headers,
+    try {
+        const mcpClient = await connectToMcpServer(mcpServerName, mcpServerConfig, debugMode);
+        try {
+            updateMCPServerStatus(mcpServerName, MCPServerStatus.CONNECTED);
+            mcpClient.onerror = (error) => {
+                console.error(`MCP ERROR (${mcpServerName}):`, error.toString());
+                updateMCPServerStatus(mcpServerName, MCPServerStatus.DISCONNECTED);
             };
+            await discoverPrompts(mcpServerName, mcpClient, promptRegistry);
+            const tools = await discoverTools(mcpServerName, mcpServerConfig, mcpClient);
+            for (const tool of tools) {
+                toolRegistry.registerTool(tool);
+            }
+        }
+        catch (error) {
+            mcpClient.close();
+            throw error;
         }
-        transport = new StreamableHTTPClientTransport(new URL(mcpServerConfig.httpUrl), transportOptions);
     }
-    else if (mcpServerConfig.url) {
-        const transportOptions = {};
-        if (mcpServerConfig.headers) {
-            transportOptions.requestInit = {
-                headers: mcpServerConfig.headers,
-            };
+    catch (error) {
+        console.error(`Error connecting to MCP server '${mcpServerName}': ${getErrorMessage(error)}`);
+        updateMCPServerStatus(mcpServerName, MCPServerStatus.DISCONNECTED);
+    }
+}
+/**
+ * Discovers and sanitizes tools from a connected MCP client.
+ * It retrieves function declarations from the client, filters out disabled tools,
+ * generates valid names for them, and wraps them in `DiscoveredMCPTool` instances.
+ *
+ * @param mcpServerName The name of the MCP server.
+ * @param mcpServerConfig The configuration for the MCP server.
+ * @param mcpClient The active MCP client instance.
+ * @returns A promise that resolves to an array of discovered and enabled tools.
+ * @throws An error if no enabled tools are found or if the server provides invalid function declarations.
+ */
+export async function discoverTools(mcpServerName, mcpServerConfig, mcpClient) {
+    try {
+        const mcpCallableTool = mcpToTool(mcpClient);
+        const tool = await mcpCallableTool.tool();
+        if (!Array.isArray(tool.functionDeclarations)) {
+            throw new Error(`Server did not return valid function declarations.`);
         }
-        transport = new SSEClientTransport(new URL(mcpServerConfig.url), transportOptions);
+        const discoveredTools = [];
+        for (const funcDecl of tool.functionDeclarations) {
+            if (!isEnabled(funcDecl, mcpServerName, mcpServerConfig)) {
+                continue;
+            }
+            discoveredTools.push(new DiscoveredMCPTool(mcpCallableTool, mcpServerName, funcDecl.name, funcDecl.description ?? '', funcDecl.parametersJsonSchema ?? { type: 'object', properties: {} }, mcpServerConfig.timeout ?? MCP_DEFAULT_TIMEOUT_MSEC, mcpServerConfig.trust));
+        }
+        return discoveredTools;
     }
-    else if (mcpServerConfig.command) {
-        transport = new StdioClientTransport({
-            command: mcpServerConfig.command,
-            args: mcpServerConfig.args || [],
-            env: {
-                ...process.env,
-                ...(mcpServerConfig.env || {}),
+    catch (error) {
+        throw new Error(`Error discovering tools: ${error}`);
+    }
+}
+/**
+ * Discovers and logs prompts from a connected MCP client.
+ * It retrieves prompt declarations from the client and logs their names.
+ *
+ * @param mcpServerName The name of the MCP server.
+ * @param mcpClient The active MCP client instance.
+ */
+export async function discoverPrompts(mcpServerName, mcpClient, promptRegistry) {
+    try {
+        const response = await mcpClient.request({ method: 'prompts/list', params: {} }, ListPromptsResultSchema);
+        for (const prompt of response.prompts) {
+            promptRegistry.registerPrompt({
+                ...prompt,
+                serverName: mcpServerName,
+                invoke: (params) => invokeMcpPrompt(mcpServerName, mcpClient, prompt.name, params),
+            });
+        }
+    }
+    catch (error) {
+        // It's okay if this fails, not all servers will have prompts.
+        // Don't log an error if the method is not found, which is a common case.
+        if (error instanceof Error &&
+            !error.message?.includes('Method not found')) {
+            console.error(`Error discovering prompts from ${mcpServerName}: ${getErrorMessage(error)}`);
+        }
+    }
+}
+/**
+ * Invokes a prompt on a connected MCP client.
+ *
+ * @param mcpServerName The name of the MCP server.
+ * @param mcpClient The active MCP client instance.
+ * @param promptName The name of the prompt to invoke.
+ * @param promptParams The parameters to pass to the prompt.
+ * @returns A promise that resolves to the result of the prompt invocation.
+ */
+export async function invokeMcpPrompt(mcpServerName, mcpClient, promptName, promptParams) {
+    try {
+        const response = await mcpClient.request({
+            method: 'prompts/get',
+            params: {
+                name: promptName,
+                arguments: promptParams,
             },
-            cwd: mcpServerConfig.cwd,
-            stderr: 'pipe',
-        });
+        }, GetPromptResultSchema);
+        return response;
     }
-    else {
-        console.error(`MCP server '${mcpServerName}' has invalid configuration: missing httpUrl (for Streamable HTTP), url (for SSE), and command (for stdio). Skipping.`);
-        // Update status to disconnected
-        updateMCPServerStatus(mcpServerName, MCPServerStatus.DISCONNECTED);
-        return;
+    catch (error) {
+        if (error instanceof Error &&
+            !error.message?.includes('Method not found')) {
+            console.error(`Error invoking prompt '${promptName}' from ${mcpServerName} ${promptParams}: ${getErrorMessage(error)}`);
+        }
+        throw error;
     }
+}
+/**
+ * Creates and connects an MCP client to a server based on the provided configuration.
+ * It determines the appropriate transport (Stdio, SSE, or Streamable HTTP) and
+ * establishes a connection. It also applies a patch to handle request timeouts.
+ *
+ * @param mcpServerName The name of the MCP server, used for logging and identification.
+ * @param mcpServerConfig The configuration specifying how to connect to the server.
+ * @returns A promise that resolves to a connected MCP `Client` instance.
+ * @throws An error if the connection fails or the configuration is invalid.
+ */
+export async function connectToMcpServer(mcpServerName, mcpServerConfig, debugMode) {
     const mcpClient = new Client({
         name: 'gemini-cli-mcp-client',
         version: '0.0.1',
@@ -181,114 +410,350 @@ async function connectAndDiscover(mcpServerName, mcpServerConfig, toolRegistry)
         };
     }
     try {
-        await mcpClient.connect(transport, {
-            timeout: mcpServerConfig.timeout ?? MCP_DEFAULT_TIMEOUT_MSEC,
-        });
-        // Connection successful
-        updateMCPServerStatus(mcpServerName, MCPServerStatus.CONNECTED);
-    }
-    catch (error) {
-        // Create a safe config object that excludes sensitive information
-        const safeConfig = {
-            command: mcpServerConfig.command,
-            url: mcpServerConfig.url,
-            httpUrl: mcpServerConfig.httpUrl,
-            cwd: mcpServerConfig.cwd,
-            timeout: mcpServerConfig.timeout,
-            trust: mcpServerConfig.trust,
-            // Exclude args, env, and headers which may contain sensitive data
-        };
-        let errorString = `failed to start or connect to MCP server '${mcpServerName}' ` +
-            `${JSON.stringify(safeConfig)}; \n${error}`;
-        if (process.env.SANDBOX) {
-            errorString += `\nMake sure it is available in the sandbox`;
+        const transport = await createTransport(mcpServerName, mcpServerConfig, debugMode);
+        try {
+            await mcpClient.connect(transport, {
+                timeout: mcpServerConfig.timeout ?? MCP_DEFAULT_TIMEOUT_MSEC,
+            });
+            return mcpClient;
+        }
+        catch (error) {
+            await transport.close();
+            throw error;
         }
-        console.error(errorString);
-        // Update status to disconnected
-        updateMCPServerStatus(mcpServerName, MCPServerStatus.DISCONNECTED);
-        return;
     }
-    mcpClient.onerror = (error) => {
-        console.error(`MCP ERROR (${mcpServerName}):`, error.toString());
-        // Update status to disconnected on error
-        updateMCPServerStatus(mcpServerName, MCPServerStatus.DISCONNECTED);
-    };
-    try {
-        const mcpCallableTool = mcpToTool(mcpClient);
-        const tool = await mcpCallableTool.tool();
-        if (!tool || !Array.isArray(tool.functionDeclarations)) {
-            console.error(`MCP server '${mcpServerName}' did not return valid tool function declarations. Skipping.`);
-            if (transport instanceof StdioClientTransport ||
-                transport instanceof SSEClientTransport ||
-                transport instanceof StreamableHTTPClientTransport) {
-                await transport.close();
+    catch (error) {
+        // Check if this is a 401 error that might indicate OAuth is required
+        const errorString = String(error);
+        if (errorString.includes('401') &&
+            (mcpServerConfig.httpUrl || mcpServerConfig.url)) {
+            mcpServerRequiresOAuth.set(mcpServerName, true);
+            // Only trigger automatic OAuth discovery for HTTP servers or when OAuth is explicitly configured
+            // For SSE servers, we should not trigger new OAuth flows automatically
+            const shouldTriggerOAuth = mcpServerConfig.httpUrl || mcpServerConfig.oauth?.enabled;
+            if (!shouldTriggerOAuth) {
+                // For SSE servers without explicit OAuth config, if a token was found but rejected, report it accurately.
+                const credentials = await MCPOAuthTokenStorage.getToken(mcpServerName);
+                if (credentials) {
+                    const hasStoredTokens = await MCPOAuthProvider.getValidToken(mcpServerName, {
+                        // Pass client ID if available
+                        clientId: credentials.clientId,
+                    });
+                    if (hasStoredTokens) {
+                        console.log(`Stored OAuth token for SSE server '${mcpServerName}' was rejected. ` +
+                            `Please re-authenticate using: /mcp auth ${mcpServerName}`);
+                    }
+                    else {
+                        console.log(`401 error received for SSE server '${mcpServerName}' without OAuth configuration. ` +
+                            `Please authenticate using: /mcp auth ${mcpServerName}`);
+                    }
+                }
+                throw new Error(`401 error received for SSE server '${mcpServerName}' without OAuth configuration. ` +
+                    `Please authenticate using: /mcp auth ${mcpServerName}`);
             }
-            // Update status to disconnected
-            updateMCPServerStatus(mcpServerName, MCPServerStatus.DISCONNECTED);
-            return;
-        }
-        for (const funcDecl of tool.functionDeclarations) {
-            if (!funcDecl.name) {
-                console.warn(`Discovered a function declaration without a name from MCP server '${mcpServerName}'. Skipping.`);
-                continue;
+            // Try to extract www-authenticate header from the error
+            let wwwAuthenticate = extractWWWAuthenticateHeader(errorString);
+            // If we didn't get the header from the error string, try to get it from the server
+            if (!wwwAuthenticate && mcpServerConfig.url) {
+                console.log(`No www-authenticate header in error, trying to fetch it from server...`);
+                try {
+                    const response = await fetch(mcpServerConfig.url, {
+                        method: 'HEAD',
+                        headers: {
+                            Accept: 'text/event-stream',
+                        },
+                        signal: AbortSignal.timeout(5000),
+                    });
+                    if (response.status === 401) {
+                        wwwAuthenticate = response.headers.get('www-authenticate');
+                        if (wwwAuthenticate) {
+                            console.log(`Found www-authenticate header from server: ${wwwAuthenticate}`);
+                        }
+                    }
+                }
+                catch (fetchError) {
+                    console.debug(`Failed to fetch www-authenticate header: ${getErrorMessage(fetchError)}`);
+                }
             }
-            const { includeTools, excludeTools } = mcpServerConfig;
-            const toolName = funcDecl.name;
-            let isEnabled = false;
-            if (includeTools === undefined) {
-                isEnabled = true;
+            if (wwwAuthenticate) {
+                console.log(`Received 401 with www-authenticate header: ${wwwAuthenticate}`);
+                // Try automatic OAuth discovery and authentication
+                const oauthSuccess = await handleAutomaticOAuth(mcpServerName, mcpServerConfig, wwwAuthenticate);
+                if (oauthSuccess) {
+                    // Retry connection with OAuth token
+                    console.log(`Retrying connection to '${mcpServerName}' with OAuth token...`);
+                    // Get the valid token - we need to create a proper OAuth config
+                    // The token should already be available from the authentication process
+                    const credentials = await MCPOAuthTokenStorage.getToken(mcpServerName);
+                    if (credentials) {
+                        const accessToken = await MCPOAuthProvider.getValidToken(mcpServerName, {
+                            // Pass client ID if available
+                            clientId: credentials.clientId,
+                        });
+                        if (accessToken) {
+                            // Create transport with OAuth token
+                            const oauthTransport = await createTransportWithOAuth(mcpServerName, mcpServerConfig, accessToken);
+                            if (oauthTransport) {
+                                try {
+                                    await mcpClient.connect(oauthTransport, {
+                                        timeout: mcpServerConfig.timeout ?? MCP_DEFAULT_TIMEOUT_MSEC,
+                                    });
+                                    // Connection successful with OAuth
+                                    return mcpClient;
+                                }
+                                catch (retryError) {
+                                    console.error(`Failed to connect with OAuth token: ${getErrorMessage(retryError)}`);
+                                    throw retryError;
+                                }
+                            }
+                            else {
+                                console.error(`Failed to create OAuth transport for server '${mcpServerName}'`);
+                                throw new Error(`Failed to create OAuth transport for server '${mcpServerName}'`);
+                            }
+                        }
+                        else {
+                            console.error(`Failed to get OAuth token for server '${mcpServerName}'`);
+                            throw new Error(`Failed to get OAuth token for server '${mcpServerName}'`);
+                        }
+                    }
+                    else {
+                        console.error(`Failed to get credentials for server '${mcpServerName}' after successful OAuth authentication`);
+                        throw new Error(`Failed to get credentials for server '${mcpServerName}' after successful OAuth authentication`);
+                    }
+                }
+                else {
+                    console.error(`Failed to handle automatic OAuth for server '${mcpServerName}'`);
+                    throw new Error(`Failed to handle automatic OAuth for server '${mcpServerName}'`);
+                }
             }
             else {
-                isEnabled = includeTools.some((tool) => tool === toolName || tool.startsWith(`${toolName}(`));
+                // No www-authenticate header found, but we got a 401
+                // Only try OAuth discovery for HTTP servers or when OAuth is explicitly configured
+                // For SSE servers, we should not trigger new OAuth flows automatically
+                const shouldTryDiscovery = mcpServerConfig.httpUrl || mcpServerConfig.oauth?.enabled;
+                if (!shouldTryDiscovery) {
+                    const credentials = await MCPOAuthTokenStorage.getToken(mcpServerName);
+                    if (credentials) {
+                        const hasStoredTokens = await MCPOAuthProvider.getValidToken(mcpServerName, {
+                            // Pass client ID if available
+                            clientId: credentials.clientId,
+                        });
+                        if (hasStoredTokens) {
+                            console.log(`Stored OAuth token for SSE server '${mcpServerName}' was rejected. ` +
+                                `Please re-authenticate using: /mcp auth ${mcpServerName}`);
+                        }
+                        else {
+                            console.log(`401 error received for SSE server '${mcpServerName}' without OAuth configuration. ` +
+                                `Please authenticate using: /mcp auth ${mcpServerName}`);
+                        }
+                    }
+                    throw new Error(`401 error received for SSE server '${mcpServerName}' without OAuth configuration. ` +
+                        `Please authenticate using: /mcp auth ${mcpServerName}`);
+                }
+                // For SSE servers, try to discover OAuth configuration from the base URL
+                console.log(`🔍 Attempting OAuth discovery for '${mcpServerName}'...`);
+                if (mcpServerConfig.url) {
+                    const sseUrl = new URL(mcpServerConfig.url);
+                    const baseUrl = `${sseUrl.protocol}//${sseUrl.host}`;
+                    try {
+                        // Try to discover OAuth configuration from the base URL
+                        const oauthConfig = await OAuthUtils.discoverOAuthConfig(baseUrl);
+                        if (oauthConfig) {
+                            console.log(`Discovered OAuth configuration from base URL for server '${mcpServerName}'`);
+                            // Create OAuth configuration for authentication
+                            const oauthAuthConfig = {
+                                enabled: true,
+                                authorizationUrl: oauthConfig.authorizationUrl,
+                                tokenUrl: oauthConfig.tokenUrl,
+                                scopes: oauthConfig.scopes || [],
+                            };
+                            // Perform OAuth authentication
+                            console.log(`Starting OAuth authentication for server '${mcpServerName}'...`);
+                            await MCPOAuthProvider.authenticate(mcpServerName, oauthAuthConfig);
+                            // Retry connection with OAuth token
+                            const credentials = await MCPOAuthTokenStorage.getToken(mcpServerName);
+                            if (credentials) {
+                                const accessToken = await MCPOAuthProvider.getValidToken(mcpServerName, {
+                                    // Pass client ID if available
+                                    clientId: credentials.clientId,
+                                });
+                                if (accessToken) {
+                                    // Create transport with OAuth token
+                                    const oauthTransport = await createTransportWithOAuth(mcpServerName, mcpServerConfig, accessToken);
+                                    if (oauthTransport) {
+                                        try {
+                                            await mcpClient.connect(oauthTransport, {
+                                                timeout: mcpServerConfig.timeout ?? MCP_DEFAULT_TIMEOUT_MSEC,
+                                            });
+                                            // Connection successful with OAuth
+                                            return mcpClient;
+                                        }
+                                        catch (retryError) {
+                                            console.error(`Failed to connect with OAuth token: ${getErrorMessage(retryError)}`);
+                                            throw retryError;
+                                        }
+                                    }
+                                    else {
+                                        console.error(`Failed to create OAuth transport for server '${mcpServerName}'`);
+                                        throw new Error(`Failed to create OAuth transport for server '${mcpServerName}'`);
+                                    }
+                                }
+                                else {
+                                    console.error(`Failed to get OAuth token for server '${mcpServerName}'`);
+                                    throw new Error(`Failed to get OAuth token for server '${mcpServerName}'`);
+                                }
+                            }
+                            else {
+                                console.error(`Failed to get stored credentials for server '${mcpServerName}'`);
+                                throw new Error(`Failed to get stored credentials for server '${mcpServerName}'`);
+                            }
+                        }
+                        else {
+                            console.error(`❌ Could not configure OAuth for '${mcpServerName}' - please authenticate manually with /mcp auth ${mcpServerName}`);
+                            throw new Error(`OAuth configuration failed for '${mcpServerName}'. Please authenticate manually with /mcp auth ${mcpServerName}`);
+                        }
+                    }
+                    catch (discoveryError) {
+                        console.error(`❌ OAuth discovery failed for '${mcpServerName}' - please authenticate manually with /mcp auth ${mcpServerName}`);
+                        throw discoveryError;
+                    }
+                }
+                else {
+                    console.error(`❌ '${mcpServerName}' requires authentication but no OAuth configuration found`);
+                    throw new Error(`MCP server '${mcpServerName}' requires authentication. Please configure OAuth or check server settings.`);
+                }
             }
-            if (excludeTools?.includes(toolName)) {
-                isEnabled = false;
+        }
+        else {
+            // Handle other connection errors
+            // Create a concise error message
+            const errorMessage = error.message || String(error);
+            const isNetworkError = errorMessage.includes('ENOTFOUND') ||
+                errorMessage.includes('ECONNREFUSED');
+            let conciseError;
+            if (isNetworkError) {
+                conciseError = `Cannot connect to '${mcpServerName}' - server may be down or URL incorrect`;
             }
-            if (!isEnabled) {
-                continue;
+            else {
+                conciseError = `Connection failed for '${mcpServerName}': ${errorMessage}`;
             }
-            let toolNameForModel = funcDecl.name;
-            // Replace invalid characters (based on 400 error message from Gemini API) with underscores
-            toolNameForModel = toolNameForModel.replace(/[^a-zA-Z0-9_.-]/g, '_');
-            const existingTool = toolRegistry.getTool(toolNameForModel);
-            if (existingTool) {
-                toolNameForModel = mcpServerName + '__' + toolNameForModel;
+            if (process.env.SANDBOX) {
+                conciseError += ` (check sandbox availability)`;
             }
-            // If longer than 63 characters, replace middle with '___'
-            // (Gemini API says max length 64, but actual limit seems to be 63)
-            if (toolNameForModel.length > 63) {
-                toolNameForModel =
-                    toolNameForModel.slice(0, 28) + '___' + toolNameForModel.slice(-32);
+            throw new Error(conciseError);
+        }
+    }
+}
+/** Visible for Testing */
+export async function createTransport(mcpServerName, mcpServerConfig, debugMode) {
+    if (mcpServerConfig.authProviderType === AuthProviderType.GOOGLE_CREDENTIALS) {
+        const provider = new GoogleCredentialProvider(mcpServerConfig);
+        const transportOptions = {
+            authProvider: provider,
+        };
+        if (mcpServerConfig.httpUrl) {
+            return new StreamableHTTPClientTransport(new URL(mcpServerConfig.httpUrl), transportOptions);
+        }
+        else if (mcpServerConfig.url) {
+            return new SSEClientTransport(new URL(mcpServerConfig.url), transportOptions);
+        }
+        throw new Error('No URL configured for Google Credentials MCP server');
+    }
+    // Check if we have OAuth configuration or stored tokens
+    let accessToken = null;
+    let hasOAuthConfig = mcpServerConfig.oauth?.enabled;
+    if (hasOAuthConfig && mcpServerConfig.oauth) {
+        accessToken = await MCPOAuthProvider.getValidToken(mcpServerName, mcpServerConfig.oauth);
+        if (!accessToken) {
+            console.error(`MCP server '${mcpServerName}' requires OAuth authentication. ` +
+                `Please authenticate using the /mcp auth command.`);
+            throw new Error(`MCP server '${mcpServerName}' requires OAuth authentication. ` +
+                `Please authenticate using the /mcp auth command.`);
+        }
+    }
+    else {
+        // Check if we have stored OAuth tokens for this server (from previous authentication)
+        const credentials = await MCPOAuthTokenStorage.getToken(mcpServerName);
+        if (credentials) {
+            accessToken = await MCPOAuthProvider.getValidToken(mcpServerName, {
+                // Pass client ID if available
+                clientId: credentials.clientId,
+            });
+            if (accessToken) {
+                hasOAuthConfig = true;
+                console.log(`Found stored OAuth token for server '${mcpServerName}'`);
             }
-            sanitizeParameters(funcDecl.parameters);
-            toolRegistry.registerTool(new DiscoveredMCPTool(mcpCallableTool, mcpServerName, toolNameForModel, funcDecl.description ?? '', funcDecl.parameters ?? { type: Type.OBJECT, properties: {} }, funcDecl.name, mcpServerConfig.timeout ?? MCP_DEFAULT_TIMEOUT_MSEC, mcpServerConfig.trust));
         }
     }
-    catch (error) {
-        console.error(`Failed to list or register tools for MCP server '${mcpServerName}': ${error}`);
-        // Ensure transport is cleaned up on error too
-        if (transport instanceof StdioClientTransport ||
-            transport instanceof SSEClientTransport ||
-            transport instanceof StreamableHTTPClientTransport) {
-            await transport.close();
+    if (mcpServerConfig.httpUrl) {
+        const transportOptions = {};
+        // Set up headers with OAuth token if available
+        if (hasOAuthConfig && accessToken) {
+            transportOptions.requestInit = {
+                headers: {
+                    ...mcpServerConfig.headers,
+                    Authorization: `Bearer ${accessToken}`,
+                },
+            };
         }
-        // Update status to disconnected
-        updateMCPServerStatus(mcpServerName, MCPServerStatus.DISCONNECTED);
+        else if (mcpServerConfig.headers) {
+            transportOptions.requestInit = {
+                headers: mcpServerConfig.headers,
+            };
+        }
+        return new StreamableHTTPClientTransport(new URL(mcpServerConfig.httpUrl), transportOptions);
     }
-    // If no tools were registered from this MCP server, the following 'if' block
-    // will close the connection. This is done to conserve resources and prevent
-    // an orphaned connection to a server that isn't providing any usable
-    // functionality. Connections to servers that did provide tools are kept
-    // open, as those tools will require the connection to function.
-    if (toolRegistry.getToolsByServer(mcpServerName).length === 0) {
-        console.log(`No tools registered from MCP server '${mcpServerName}'. Closing connection.`);
-        if (transport instanceof StdioClientTransport ||
-            transport instanceof SSEClientTransport ||
-            transport instanceof StreamableHTTPClientTransport) {
-            await transport.close();
-            // Update status to disconnected
-            updateMCPServerStatus(mcpServerName, MCPServerStatus.DISCONNECTED);
+    if (mcpServerConfig.url) {
+        const transportOptions = {};
+        // Set up headers with OAuth token if available
+        if (hasOAuthConfig && accessToken) {
+            transportOptions.requestInit = {
+                headers: {
+                    ...mcpServerConfig.headers,
+                    Authorization: `Bearer ${accessToken}`,
+                },
+            };
+        }
+        else if (mcpServerConfig.headers) {
+            transportOptions.requestInit = {
+                headers: mcpServerConfig.headers,
+            };
         }
+        return new SSEClientTransport(new URL(mcpServerConfig.url), transportOptions);
+    }
+    if (mcpServerConfig.command) {
+        const transport = new StdioClientTransport({
+            command: mcpServerConfig.command,
+            args: mcpServerConfig.args || [],
+            env: {
+                ...process.env,
+                ...(mcpServerConfig.env || {}),
+            },
+            cwd: mcpServerConfig.cwd,
+            stderr: 'pipe',
+        });
+        if (debugMode) {
+            transport.stderr.on('data', (data) => {
+                const stderrStr = data.toString().trim();
+                console.debug(`[DEBUG] [MCP STDERR (${mcpServerName})]: `, stderrStr);
+            });
+        }
+        return transport;
+    }
+    throw new Error(`Invalid configuration: missing httpUrl (for Streamable HTTP), url (for SSE), and command (for stdio).`);
+}
+/** Visible for testing */
+export function isEnabled(funcDecl, mcpServerName, mcpServerConfig) {
+    if (!funcDecl.name) {
+        console.warn(`Discovered a function declaration without a name from MCP server '${mcpServerName}'. Skipping.`);
+        return false;
+    }
+    const { includeTools, excludeTools } = mcpServerConfig;
+    // excludeTools takes precedence over includeTools
+    if (excludeTools && excludeTools.includes(funcDecl.name)) {
+        return false;
     }
+    return (!includeTools ||
+        includeTools.some((tool) => tool === funcDecl.name || tool.startsWith(`${funcDecl.name}(`)));
 }
 //# sourceMappingURL=mcp-client.js.map