@google/gemini-cli 0.33.0-preview.3 → 0.33.0-preview.5

package/bundle/gemini.js

@@ -105392,10 +105392,36 @@ var init_tools = __esm({
 
 // packages/core/dist/src/tools/mcp-tool.js
 function isMcpToolName(name4) {
-  if (!name4.includes(MCP_QUALIFIED_NAME_SEPARATOR))
-    return false;
-  const parts2 = name4.split(MCP_QUALIFIED_NAME_SEPARATOR);
-  return parts2.length === 2 && parts2[0].length > 0 && parts2[1].length > 0;
+  return name4.startsWith(MCP_TOOL_PREFIX);
+}
+function parseMcpToolName(name4) {
+  if (!isMcpToolName(name4)) {
+    return {};
+  }
+  const withoutPrefix = name4.slice(MCP_TOOL_PREFIX.length);
+  const match2 = withoutPrefix.match(/^([^_]+)_(.+)$/);
+  if (match2) {
+    return {
+      serverName: match2[1],
+      toolName: match2[2]
+    };
+  }
+  return {};
+}
+function formatMcpToolName(serverName, toolName) {
+  if (serverName === "*" && !toolName) {
+    return `${MCP_TOOL_PREFIX}*`;
+  } else if (serverName === "*") {
+    return `${MCP_TOOL_PREFIX}*_${toolName}`;
+  } else if (!toolName) {
+    return `${MCP_TOOL_PREFIX}${serverName}_*`;
+  } else {
+    return `${MCP_TOOL_PREFIX}${serverName}_${toolName}`;
+  }
+}
+function isMcpToolAnnotation(annotation) {
+  return typeof annotation === "object" && annotation !== null && // eslint-disable-next-line @typescript-eslint/no-unsafe-type-assertion
+  typeof annotation["_serverName"] === "string";
 }
 function transformTextBlock(block) {
   return { text: block.text };
@@ -105490,24 +105516,28 @@ function getStringifiedResultForDisplay(rawResponse) {
   return displayParts.join("\n");
 }
 function generateValidName(name4) {
-  let validToolname = name4.replace(/[^a-zA-Z0-9_.:-]/g, "_");
+  let validToolname = name4.startsWith("mcp_") ? name4 : `mcp_${name4}`;
+  validToolname = validToolname.replace(/[^a-zA-Z0-9_\-.:]/g, "_");
   if (/^[^a-zA-Z_]/.test(validToolname)) {
     validToolname = `_${validToolname}`;
   }
   const safeLimit = MAX_FUNCTION_NAME_LENGTH - 1;
   if (validToolname.length > safeLimit) {
+    debugLogger.warn(`Truncating MCP tool name "${validToolname}" to fit within the 64 character limit. This tool may require user approval.`);
     validToolname = validToolname.slice(0, 30) + "..." + validToolname.slice(-30);
   }
   return validToolname;
 }
-var MCP_QUALIFIED_NAME_SEPARATOR, DiscoveredMCPToolInvocation, DiscoveredMCPTool, MAX_FUNCTION_NAME_LENGTH;
+var MCP_QUALIFIED_NAME_SEPARATOR, MCP_TOOL_PREFIX, DiscoveredMCPToolInvocation, DiscoveredMCPTool, MAX_FUNCTION_NAME_LENGTH;
 var init_mcp_tool = __esm({
   "packages/core/dist/src/tools/mcp-tool.js"() {
     "use strict";
     init_safeJsonStringify();
+    init_debugLogger();
     init_tools();
     init_tool_error();
-    MCP_QUALIFIED_NAME_SEPARATOR = "__";
+    MCP_QUALIFIED_NAME_SEPARATOR = "_";
+    MCP_TOOL_PREFIX = "mcp_";
     DiscoveredMCPToolInvocation = class _DiscoveredMCPToolInvocation extends BaseToolInvocation {
       mcpTool;
       serverName;
@@ -105649,7 +105679,7 @@ var init_mcp_tool = __esm({
       _toolAnnotations;
       constructor(mcpTool, serverName, serverToolName, description, parameterSchema, messageBus, trust, isReadOnly, nameOverride, cliConfig, extensionName, extensionId, _toolAnnotations) {
         super(
-          generateValidName(nameOverride ?? serverToolName),
+          nameOverride ?? generateValidName(`${serverName}${MCP_QUALIFIED_NAME_SEPARATOR}${serverToolName}`),
           `${serverToolName} (${serverName} MCP Server)`,
           description,
           Kind.Other,
@@ -105684,7 +105714,7 @@ var init_mcp_tool = __esm({
         return this._toolAnnotations;
       }
       getFullyQualifiedPrefix() {
-        return `${this.serverName}${MCP_QUALIFIED_NAME_SEPARATOR}`;
+        return generateValidName(`${this.serverName}${MCP_QUALIFIED_NAME_SEPARATOR}`);
       }
       getFullyQualifiedName() {
         return generateValidName(`${this.serverName}${MCP_QUALIFIED_NAME_SEPARATOR}${this.serverToolName}`);
@@ -196293,8 +196323,8 @@ var GIT_COMMIT_INFO, CLI_VERSION;
 var init_git_commit = __esm({
   "packages/core/dist/src/generated/git-commit.js"() {
     "use strict";
-    GIT_COMMIT_INFO = "03a8fc311";
-    CLI_VERSION = "0.33.0-preview.3";
+    GIT_COMMIT_INFO = "a6256cdab";
+    CLI_VERSION = "0.33.0-preview.5";
   }
 });
 
@@ -292762,7 +292792,7 @@ function getVersion() {
   }
   versionPromise = (async () => {
     const pkgJson = await getPackageJson(__dirname3);
-    return "0.33.0-preview.3";
+    return "0.33.0-preview.5";
   })();
   return versionPromise;
 }
@@ -294201,14 +294231,16 @@ function getAuthTypeFromEnv() {
   }
   return void 0;
 }
-async function createContentGeneratorConfig(config2, authType, apiKey) {
+async function createContentGeneratorConfig(config2, authType, apiKey, baseUrl, customHeaders) {
   const geminiApiKey = apiKey || process.env["GEMINI_API_KEY"] || await loadApiKey() || void 0;
   const googleApiKey = process.env["GOOGLE_API_KEY"] || void 0;
   const googleCloudProject = process.env["GOOGLE_CLOUD_PROJECT"] || process.env["GOOGLE_CLOUD_PROJECT_ID"] || void 0;
   const googleCloudLocation = process.env["GOOGLE_CLOUD_LOCATION"] || void 0;
   const contentGeneratorConfig = {
     authType,
-    proxy: config2?.getProxy()
+    proxy: config2?.getProxy(),
+    baseUrl,
+    customHeaders
   };
   if (authType === AuthType2.LOGIN_WITH_GOOGLE || authType === AuthType2.COMPUTE_ADC) {
     return contentGeneratorConfig;
@@ -294249,8 +294281,11 @@ async function createContentGenerator(config2, gcConfig, sessionId2) {
       const httpOptions = { headers: baseHeaders };
       return new LoggingContentGenerator(await createCodeAssistContentGenerator(httpOptions, config2.authType, gcConfig, sessionId2), gcConfig);
     }
-    if (config2.authType === AuthType2.USE_GEMINI || config2.authType === AuthType2.USE_VERTEX_AI) {
+    if (config2.authType === AuthType2.USE_GEMINI || config2.authType === AuthType2.USE_VERTEX_AI || config2.authType === AuthType2.GATEWAY) {
       let headers = { ...baseHeaders };
+      if (config2.customHeaders) {
+        headers = { ...headers, ...config2.customHeaders };
+      }
       if (gcConfig?.getUsageStatisticsEnabled()) {
         const installationManager2 = new InstallationManager();
         const installationId = installationManager2.getInstallationId();
@@ -294260,6 +294295,9 @@ async function createContentGenerator(config2, gcConfig, sessionId2) {
         };
       }
       const httpOptions = { headers };
+      if (config2.baseUrl) {
+        httpOptions.baseUrl = config2.baseUrl;
+      }
       const googleGenAI = new GoogleGenAI({
         apiKey: config2.apiKey === "" ? void 0 : config2.apiKey,
         vertexai: config2.vertexai,
@@ -294294,6 +294332,7 @@ var init_contentGenerator = __esm({
       AuthType3["USE_VERTEX_AI"] = "vertex-ai";
       AuthType3["LEGACY_CLOUD_SHELL"] = "cloud-shell";
       AuthType3["COMPUTE_ADC"] = "compute-default-credentials";
+      AuthType3["GATEWAY"] = "gateway";
     })(AuthType2 || (AuthType2 = {}));
   }
 });
@@ -294976,11 +295015,11 @@ Signal: Signal number or \`(none)\` if no signal was received.
       buildToolMetadata() {
         const toolMetadata = /* @__PURE__ */ new Map();
         for (const [name4, tool] of this.allKnownTools) {
-          if (tool.toolAnnotations) {
-            const metadata2 = { ...tool.toolAnnotations };
-            if (tool instanceof DiscoveredMCPTool) {
-              metadata2["_serverName"] = tool.serverName;
-            }
+          const metadata2 = tool.toolAnnotations ? { ...tool.toolAnnotations } : {};
+          if (tool instanceof DiscoveredMCPTool) {
+            metadata2["_serverName"] = tool.serverName;
+          }
+          if (Object.keys(metadata2).length > 0) {
             toolMetadata.set(name4, metadata2);
           }
         }
@@ -411943,34 +411982,17 @@ function matchesWildcard(pattern, toolName, serverName) {
   if (pattern === "*") {
     return true;
   }
-  if (pattern.includes("__")) {
-    return matchesCompositePattern(pattern, toolName, serverName);
-  }
-  return toolName === pattern;
-}
-function matchesCompositePattern(pattern, toolName, serverName) {
-  const parts2 = pattern.split("__");
-  if (parts2.length !== 2)
-    return false;
-  const [patternServer, patternTool] = parts2;
-  const { actualServer, actualTool } = getToolMetadata(toolName, serverName);
-  if (actualServer === void 0) {
-    return false;
+  if (pattern === `${MCP_TOOL_PREFIX}*`) {
+    return serverName !== void 0;
   }
-  if (serverName !== void 0 && !toolName.startsWith(serverName + "__")) {
-    return false;
+  if (pattern.startsWith(MCP_TOOL_PREFIX) && pattern.endsWith("_*")) {
+    const expectedServerName = pattern.slice(MCP_TOOL_PREFIX.length, -2);
+    if (serverName === void 0 || serverName !== expectedServerName) {
+      return false;
+    }
+    return toolName.startsWith(`${MCP_TOOL_PREFIX}${expectedServerName}_`);
   }
-  const serverMatch = patternServer === "*" || patternServer === actualServer;
-  const toolMatch = patternTool === "*" || patternTool === actualTool;
-  return serverMatch && toolMatch;
-}
-function getToolMetadata(toolName, serverName) {
-  const sepIndex = toolName.indexOf("__");
-  const isQualified = sepIndex !== -1;
-  return {
-    actualServer: serverName ?? (isQualified ? toolName.substring(0, sepIndex) : void 0),
-    actualTool: isQualified ? toolName.substring(sepIndex + 2) : toolName
-  };
+  return toolName === pattern;
 }
 function ruleMatches(rule, toolCall, stringifiedArgs, serverName, currentApprovalMode, toolAnnotations) {
   if (rule.modes && rule.modes.length > 0) {
@@ -411978,6 +412000,15 @@ function ruleMatches(rule, toolCall, stringifiedArgs, serverName, currentApprova
       return false;
     }
   }
+  if (rule.mcpName) {
+    if (rule.mcpName === "*") {
+      if (serverName === void 0)
+        return false;
+    } else {
+      if (serverName !== rule.mcpName)
+        return false;
+    }
+  }
   if (rule.toolName) {
     if (rule.toolName === "*") {
     } else if (isWildcardPattern(rule.toolName)) {
@@ -412019,6 +412050,7 @@ var init_policy_engine = __esm({
     init_protocol2();
     init_shell_utils();
     init_tool_names();
+    init_mcp_tool();
     PolicyEngine = class {
       rules;
       checkers;
@@ -412147,6 +412179,15 @@ var init_policy_engine = __esm({
        * Returns the decision and the matching rule (if any).
        */
       async check(toolCall, serverName, toolAnnotations) {
+        if (!serverName && isMcpToolAnnotation(toolAnnotations)) {
+          serverName = toolAnnotations._serverName;
+        }
+        if (!serverName && toolCall.name) {
+          const parsed = parseMcpToolName(toolCall.name);
+          if (parsed.serverName) {
+            serverName = parsed.serverName;
+          }
+        }
         let stringifiedArgs;
         if (toolCall.args && (this.rules.some((rule) => rule.argsPattern) || this.checkers.some((checker) => checker.argsPattern))) {
           stringifiedArgs = stableStringify(toolCall.args);
@@ -412168,12 +412209,6 @@ var init_policy_engine = __esm({
         const toolCallsToTry = [];
         for (const name4 of toolNamesToTry) {
           toolCallsToTry.push({ ...toolCall, name: name4 });
-          if (serverName && !name4.includes("__")) {
-            toolCallsToTry.push({
-              ...toolCall,
-              name: `${serverName}__${name4}`
-            });
-          }
         }
         for (const rule of this.rules) {
           const match2 = toolCallsToTry.some((tc) => ruleMatches(rule, tc, stringifiedArgs, serverName, this.approvalMode, toolAnnotations));
@@ -412319,107 +412354,52 @@ var init_policy_engine = __esm({
        */
       getExcludedTools(toolMetadata, allToolNames) {
         const excludedTools = /* @__PURE__ */ new Set();
-        const processedTools = /* @__PURE__ */ new Set();
-        let globalVerdict;
-        for (const rule of this.rules) {
-          if (rule.argsPattern) {
-            if (rule.toolName && rule.decision !== PolicyDecision.DENY) {
-              processedTools.add(rule.toolName);
-            }
-            continue;
-          }
-          if (rule.modes && rule.modes.length > 0) {
-            if (!rule.modes.includes(this.approvalMode)) {
-              continue;
-            }
-          }
-          if (rule.toolAnnotations) {
-            if (!toolMetadata) {
-              continue;
-            }
-            for (const [toolName2, annotations] of toolMetadata) {
-              if (processedTools.has(toolName2)) {
-                continue;
-              }
-              let annotationsMatch = true;
-              for (const [key, value] of Object.entries(rule.toolAnnotations)) {
-                if (annotations[key] !== value) {
-                  annotationsMatch = false;
+        if (!allToolNames) {
+          return excludedTools;
+        }
+        for (const toolName of allToolNames) {
+          const annotations = toolMetadata?.get(toolName);
+          const serverName = isMcpToolAnnotation(annotations) ? annotations._serverName : void 0;
+          let staticallyExcluded = false;
+          let matchFound = false;
+          for (const rule of this.rules) {
+            const ruleWithoutArgs = { ...rule, argsPattern: void 0 };
+            const toolCall = { name: toolName, args: {} };
+            const appliesToTool = ruleMatches(
+              ruleWithoutArgs,
+              toolCall,
+              void 0,
+              // stringifiedArgs
+              serverName,
+              this.approvalMode,
+              annotations
+            );
+            if (appliesToTool) {
+              if (rule.argsPattern) {
+                if (rule.decision !== PolicyDecision.DENY) {
+                  staticallyExcluded = false;
+                  matchFound = true;
                   break;
                 }
-              }
-              if (!annotationsMatch) {
                 continue;
-              }
-              if (rule.toolName) {
-                if (isWildcardPattern(rule.toolName)) {
-                  const rawServerName = annotations["_serverName"];
-                  const serverName = typeof rawServerName === "string" ? rawServerName : void 0;
-                  const qualifiedName = serverName && !toolName2.includes("__") ? `${serverName}__${toolName2}` : toolName2;
-                  if (!matchesWildcard(rule.toolName, qualifiedName, void 0)) {
-                    continue;
-                  }
-                } else if (toolName2 !== rule.toolName) {
-                  continue;
-                }
-              }
-              let decision2;
-              if (globalVerdict !== void 0) {
-                decision2 = globalVerdict;
               } else {
-                decision2 = rule.decision;
-              }
-              if (decision2 === PolicyDecision.DENY) {
-                excludedTools.add(toolName2);
-              }
-              processedTools.add(toolName2);
-            }
-            continue;
-          }
-          if (!rule.toolName) {
-            if (globalVerdict === void 0) {
-              globalVerdict = rule.decision;
-              if (globalVerdict !== PolicyDecision.DENY) {
+                const decision = this.applyNonInteractiveMode(rule.decision);
+                staticallyExcluded = decision === PolicyDecision.DENY;
+                matchFound = true;
                 break;
               }
             }
-            continue;
-          }
-          const toolName = rule.toolName;
-          if (processedTools.has(toolName)) {
-            continue;
           }
-          let coveredByWildcard = false;
-          for (const processed of processedTools) {
-            if (isWildcardPattern(processed) && matchesWildcard(processed, toolName, void 0)) {
-              if (excludedTools.has(processed)) {
-                excludedTools.add(toolName);
-              }
-              coveredByWildcard = true;
-              break;
+          if (!matchFound) {
+            const defaultDec = this.applyNonInteractiveMode(this.defaultDecision);
+            if (defaultDec === PolicyDecision.DENY) {
+              staticallyExcluded = true;
             }
           }
-          if (coveredByWildcard) {
-            continue;
-          }
-          processedTools.add(toolName);
-          let decision;
-          if (globalVerdict !== void 0) {
-            decision = globalVerdict;
-          } else {
-            decision = rule.decision;
-          }
-          if (decision === PolicyDecision.DENY) {
+          if (staticallyExcluded) {
             excludedTools.add(toolName);
           }
         }
-        if (globalVerdict === PolicyDecision.DENY && allToolNames) {
-          for (const name4 of allToolNames) {
-            if (!processedTools.has(name4)) {
-              excludedTools.add(name4);
-            }
-          }
-        }
         return excludedTools;
       }
       applyNonInteractiveMode(decision) {
@@ -427972,7 +427952,10 @@ function validateShellCommandSyntax(rule, ruleIndex) {
   return null;
 }
 function validateToolName(name4, ruleIndex) {
-  if (isValidToolName(name4, { allowWildcards: true }) && !name4.includes("__")) {
+  if (name4.includes("__")) {
+    return `Rule #${ruleIndex + 1}: The "__" syntax for MCP tools is strictly deprecated. Please use the 'mcpName = "..."' property or the 'mcp_server_tool' format instead.`;
+  }
+  if (isValidToolName(name4, { allowWildcards: true })) {
     return null;
   }
   const allNames = [...ALL_BUILTIN_TOOL_NAMES];
@@ -428057,8 +428040,6 @@ async function loadPoliciesFromToml(policyPaths, getPolicyTier2) {
         }
         for (let i4 = 0; i4 < tomlRules.length; i4++) {
           const rule = tomlRules[i4];
-          if (rule.mcpName)
-            continue;
           const toolNames = rule.toolName ? Array.isArray(rule.toolName) ? rule.toolName : [rule.toolName] : [];
           for (const name4 of toolNames) {
             const warning = validateToolName(name4, i4);
@@ -428081,16 +428062,14 @@ async function loadPoliciesFromToml(policyPaths, getPolicyTier2) {
           return argsPatterns.flatMap((argsPattern) => {
             const toolNames = rule.toolName ? Array.isArray(rule.toolName) ? rule.toolName : [rule.toolName] : [void 0];
             return toolNames.map((toolName) => {
-              let effectiveToolName;
-              if (rule.mcpName && toolName) {
-                effectiveToolName = `${rule.mcpName}__${toolName}`;
-              } else if (rule.mcpName) {
-                effectiveToolName = `${rule.mcpName}__*`;
-              } else {
-                effectiveToolName = toolName;
+              let effectiveToolName = toolName;
+              const mcpName = rule.mcpName;
+              if (mcpName) {
+                effectiveToolName = formatMcpToolName(mcpName, effectiveToolName);
               }
               const policyRule = {
                 toolName: effectiveToolName,
+                mcpName: rule.mcpName,
                 decision: rule.decision,
                 priority: transformPriority(rule.priority, tier),
                 modes: rule.modes,
@@ -428164,14 +428143,15 @@ Error: ${error40.message}`,
             return toolNames.map((toolName) => {
               let effectiveToolName;
               if (checker.mcpName && toolName) {
-                effectiveToolName = `${checker.mcpName}__${toolName}`;
+                effectiveToolName = `${MCP_TOOL_PREFIX}${checker.mcpName}_${toolName}`;
               } else if (checker.mcpName) {
-                effectiveToolName = `${checker.mcpName}__*`;
+                effectiveToolName = `${MCP_TOOL_PREFIX}${checker.mcpName}_*`;
               } else {
                 effectiveToolName = toolName;
               }
               const safetyCheckerRule = {
                 toolName: effectiveToolName,
+                mcpName: checker.mcpName,
                 priority: transformPriority(checker.priority, tier),
                 // eslint-disable-next-line @typescript-eslint/no-unsafe-type-assertion
                 checker: checker.checker,
@@ -428230,14 +428210,19 @@ Error: ${error40.message}`
   return { rules, checkers, errors };
 }
 function validateMcpPolicyToolNames(serverName, discoveredToolNames, policyRules) {
-  const prefix = `${serverName}__`;
+  const prefix = `${MCP_TOOL_PREFIX}${serverName}_`;
   const warnings = [];
   for (const rule of policyRules) {
     if (!rule.toolName)
       continue;
-    if (!rule.toolName.startsWith(prefix))
+    let toolPart;
+    if (rule.mcpName === serverName && rule.toolName.startsWith(prefix)) {
+      toolPart = rule.toolName.slice(prefix.length);
+    } else if (rule.toolName.startsWith(prefix)) {
+      toolPart = rule.toolName.slice(prefix.length);
+    } else {
       continue;
-    const toolPart = rule.toolName.slice(prefix.length);
+    }
     if (toolPart === "*")
       continue;
     if (discoveredToolNames.includes(toolPart))
@@ -428265,6 +428250,7 @@ var init_toml_loader = __esm({
     import_toml = __toESM(require_toml(), 1);
     init_zod();
     init_errors();
+    init_mcp_tool();
     MAX_TYPO_DISTANCE = 3;
     PolicyRuleSchema = external_exports.object({
       toolName: external_exports.union([external_exports.string(), external_exports.array(external_exports.string())]).optional(),
@@ -428520,7 +428506,8 @@ async function createPolicyEngineConfig(settings, approvalMode, defaultPoliciesD
   if (settings.mcp?.excluded) {
     for (const serverName of settings.mcp.excluded) {
       rules.push({
-        toolName: `${serverName}__*`,
+        toolName: serverName === "*" ? `${MCP_TOOL_PREFIX}*` : `${MCP_TOOL_PREFIX}${serverName}_*`,
+        mcpName: serverName,
         decision: PolicyDecision.DENY,
         priority: MCP_EXCLUDED_PRIORITY,
         source: "Settings (MCP Excluded)"
@@ -428579,7 +428566,8 @@ async function createPolicyEngineConfig(settings, approvalMode, defaultPoliciesD
     for (const [serverName, serverConfig] of Object.entries(settings.mcpServers)) {
       if (serverConfig.trust) {
         rules.push({
-          toolName: `${serverName}__*`,
+          toolName: `${MCP_TOOL_PREFIX}${serverName}_*`,
+          mcpName: serverName,
           decision: PolicyDecision.ALLOW,
           priority: TRUSTED_MCP_SERVER_PRIORITY,
           source: "Settings (MCP Trusted)"
@@ -428590,7 +428578,8 @@ async function createPolicyEngineConfig(settings, approvalMode, defaultPoliciesD
   if (settings.mcp?.allowed) {
     for (const serverName of settings.mcp.allowed) {
       rules.push({
-        toolName: `${serverName}__*`,
+        toolName: serverName === "*" ? `${MCP_TOOL_PREFIX}*` : `${MCP_TOOL_PREFIX}${serverName}_*`,
+        mcpName: serverName,
         decision: PolicyDecision.ALLOW,
         priority: ALLOWED_MCP_SERVER_PRIORITY,
         source: "Settings (MCP Allowed)"
@@ -428707,6 +428696,7 @@ var init_config3 = __esm({
     init_shell_utils();
     init_tool_names();
     init_errors();
+    init_mcp_tool();
     init_security();
     __filename3 = fileURLToPath15(import.meta.url);
     __dirname7 = path69.dirname(__filename3);
@@ -433764,7 +433754,7 @@ var init_config4 = __esm({
       getContentGenerator() {
         return this.contentGenerator;
       }
-      async refreshAuth(authMethod, apiKey) {
+      async refreshAuth(authMethod, apiKey, baseUrl, customHeaders) {
         this.modelAvailabilityService.reset();
         if (this.contentGeneratorConfig?.authType === AuthType2.USE_GEMINI && authMethod !== AuthType2.USE_GEMINI) {
           this.geminiClient.stripThoughtsFromHistory();
@@ -433773,7 +433763,7 @@ var init_config4 = __esm({
         if (this.contentGeneratorConfig) {
           this.contentGeneratorConfig.authType = void 0;
         }
-        const newContentGeneratorConfig = await createContentGeneratorConfig(this, authMethod, apiKey);
+        const newContentGeneratorConfig = await createContentGeneratorConfig(this, authMethod, apiKey, baseUrl, customHeaders);
         this.contentGenerator = await createContentGenerator(newContentGeneratorConfig, this, this.getSessionId());
         this.contentGeneratorConfig = newContentGeneratorConfig;
         this.baseLlmClient = new BaseLlmClient(this.contentGenerator, this);
@@ -441105,6 +441095,7 @@ __export(dist_exports, {
   MCP_DEFAULT_TIMEOUT_MSEC: () => MCP_DEFAULT_TIMEOUT_MSEC,
   MCP_EXCLUDED_PRIORITY: () => MCP_EXCLUDED_PRIORITY,
   MCP_QUALIFIED_NAME_SEPARATOR: () => MCP_QUALIFIED_NAME_SEPARATOR,
+  MCP_TOOL_PREFIX: () => MCP_TOOL_PREFIX,
   MEDIA_FILE_PATTERNS: () => MEDIA_FILE_PATTERNS,
   MEMORY_PARAM_FACT: () => MEMORY_PARAM_FACT,
   MEMORY_SECTION_HEADER: () => MEMORY_SECTION_HEADER,
@@ -441334,6 +441325,7 @@ __export(dist_exports, {
   flushTelemetry: () => flushTelemetry,
   formatBytes: () => formatBytes,
   formatCheckpointDisplayList: () => formatCheckpointDisplayList,
+  formatMcpToolName: () => formatMcpToolName,
   formatPolicyError: () => formatPolicyError,
   formatProtoJsonDuration: () => formatProtoJsonDuration,
   formatTruncatedToolOutput: () => formatTruncatedToolOutput,
@@ -441453,6 +441445,7 @@ __export(dist_exports, {
   isHeadlessMode: () => isHeadlessMode,
   isInvalidArgumentError: () => isInvalidArgumentError,
   isJetBrainsTerminal: () => isJetBrainsTerminal,
+  isMcpToolAnnotation: () => isMcpToolAnnotation,
   isMcpToolName: () => isMcpToolName,
   isNightly: () => isNightly,
   isNodeError: () => isNodeError,
@@ -441527,6 +441520,7 @@ __export(dist_exports, {
   parseBooleanEnvFlag: () => parseBooleanEnvFlag,
   parseCommandDetails: () => parseCommandDetails,
   parseGoogleApiError: () => parseGoogleApiError,
+  parseMcpToolName: () => parseMcpToolName,
   parsePrompt: () => parsePrompt,
   parseTelemetryTargetValue: () => parseTelemetryTargetValue,
   parseThought: () => parseThought,
@@ -515083,7 +515077,7 @@ var WarningMessage = ({ text }) => {
 };
 
 // packages/cli/src/generated/git-commit.ts
-var GIT_COMMIT_INFO2 = "b25c8137f";
+var GIT_COMMIT_INFO2 = "508aaeda8";
 
 // packages/cli/src/ui/components/AboutBox.tsx
 init_dist8();
@@ -563500,7 +563494,7 @@ async function loadSandboxConfig(settings, argv) {
   const sandboxOption = argv.sandbox ?? settings.tools?.sandbox;
   const command2 = getSandboxCommand(sandboxOption);
   const packageJson2 = await getPackageJson(__dirname13);
-  const image2 = process.env["GEMINI_SANDBOX_IMAGE"] ?? "us-docker.pkg.dev/gemini-code-dev/gemini-cli/sandbox:0.33.0-preview.3" ?? packageJson2?.config?.sandboxImageUri;
+  const image2 = process.env["GEMINI_SANDBOX_IMAGE"] ?? "us-docker.pkg.dev/gemini-code-dev/gemini-cli/sandbox:0.33.0-preview.5" ?? packageJson2?.config?.sandboxImageUri;
   return command2 && image2 ? { command: command2, image: image2 } : void 0;
 }
 
@@ -567814,6 +567808,8 @@ var GeminiAgent = class {
   sessions = /* @__PURE__ */ new Map();
   clientCapabilities;
   apiKey;
+  baseUrl;
+  customHeaders;
   async initialize(args2) {
     this.clientCapabilities = args2.clientCapabilities;
     const authMethods = [
@@ -567836,6 +567832,17 @@ var GeminiAgent = class {
         id: AuthType2.USE_VERTEX_AI,
         name: "Vertex AI",
         description: "Use an API key with Vertex AI GenAI API"
+      },
+      {
+        id: AuthType2.GATEWAY,
+        name: "AI API Gateway",
+        description: "Use a custom AI API Gateway",
+        _meta: {
+          gateway: {
+            protocol: "google",
+            restartRequired: "false"
+          }
+        }
       }
     ];
     await this.config.initialize();
@@ -567875,7 +567882,32 @@ var GeminiAgent = class {
       if (apiKey) {
         this.apiKey = apiKey;
       }
-      await this.config.refreshAuth(method, apiKey ?? this.apiKey);
+      const gatewaySchema = external_exports.object({
+        baseUrl: external_exports.string().optional(),
+        headers: external_exports.record(external_exports.string()).optional()
+      });
+      let baseUrl;
+      let headers;
+      if (meta?.["gateway"]) {
+        const result2 = gatewaySchema.safeParse(meta["gateway"]);
+        if (result2.success) {
+          baseUrl = result2.data.baseUrl;
+          headers = result2.data.headers;
+        } else {
+          throw new RequestError3(
+            -32602,
+            `Malformed gateway payload: ${result2.error.message}`
+          );
+        }
+      }
+      this.baseUrl = baseUrl;
+      this.customHeaders = headers;
+      await this.config.refreshAuth(
+        method,
+        apiKey ?? this.apiKey,
+        baseUrl,
+        headers
+      );
     } catch (e3) {
       throw new RequestError3(-32e3, getAcpErrorMessage(e3));
     }
@@ -567901,7 +567933,12 @@ var GeminiAgent = class {
     let isAuthenticated = false;
     let authErrorMessage = "";
     try {
-      await config2.refreshAuth(authType, this.apiKey);
+      await config2.refreshAuth(
+        authType,
+        this.apiKey,
+        this.baseUrl,
+        this.customHeaders
+      );
       isAuthenticated = true;
       const contentGeneratorConfig = config2.getContentGeneratorConfig();
       if (authType === AuthType2.USE_GEMINI && (!contentGeneratorConfig || !contentGeneratorConfig.apiKey)) {
@@ -568025,7 +568062,12 @@ var GeminiAgent = class {
     }
     const config2 = await this.newSessionConfig(sessionId2, cwd7, mcpServers);
     try {
-      await config2.refreshAuth(selectedAuthType, this.apiKey);
+      await config2.refreshAuth(
+        selectedAuthType,
+        this.apiKey,
+        this.baseUrl,
+        this.customHeaders
+      );
     } catch (e3) {
       debugLogger.error(`Authentication failed: ${e3}`);
       throw RequestError3.authRequired();

package/bundle/node_modules/@google/gemini-cli-devtools/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@google/gemini-cli-devtools",
-  "version": "0.33.0-preview.3",
+  "version": "0.33.0-preview.5",
   "license": "Apache-2.0",
   "type": "module",
   "main": "dist/src/index.js",

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@google/gemini-cli",
-  "version": "0.33.0-preview.3",
+  "version": "0.33.0-preview.5",
   "description": "Gemini CLI",
   "license": "Apache-2.0",
   "repository": {