@google/gemini-cli 0.36.0-preview.3 → 0.36.0-preview.4

package/bundle/{chunk-FACTELEP.js → chunk-RCVLWPH6.js}

@@ -7643,22 +7643,22 @@ var require_crypto2 = __commonJS({
     "use strict";
     Object.defineProperty(exports2, "__esModule", { value: true });
     exports2.NodeCrypto = void 0;
-    var crypto22 = __require("crypto");
+    var crypto23 = __require("crypto");
     var NodeCrypto = class {
       async sha256DigestBase64(str2) {
-        return crypto22.createHash("sha256").update(str2).digest("base64");
+        return crypto23.createHash("sha256").update(str2).digest("base64");
       }
       randomBytesBase64(count2) {
-        return crypto22.randomBytes(count2).toString("base64");
+        return crypto23.randomBytes(count2).toString("base64");
       }
       async verify(pubkey, data, signature) {
-        const verifier = crypto22.createVerify("RSA-SHA256");
+        const verifier = crypto23.createVerify("RSA-SHA256");
         verifier.update(data);
         verifier.end();
         return verifier.verify(pubkey, signature, "base64");
       }
       async sign(privateKey, data) {
-        const signer = crypto22.createSign("RSA-SHA256");
+        const signer = crypto23.createSign("RSA-SHA256");
         signer.update(data);
         signer.end();
         return signer.sign(privateKey, "base64");
@@ -7676,7 +7676,7 @@ var require_crypto2 = __commonJS({
        *   string in hexadecimal encoding.
        */
       async sha256DigestHex(str2) {
-        return crypto22.createHash("sha256").update(str2).digest("hex");
+        return crypto23.createHash("sha256").update(str2).digest("hex");
       }
       /**
        * Computes the HMAC hash of a message using the provided crypto key and the
@@ -7688,7 +7688,7 @@ var require_crypto2 = __commonJS({
        */
       async signWithHmacSha256(key, msg) {
         const cryptoKey = typeof key === "string" ? key : toBuffer(key);
-        return toArrayBuffer(crypto22.createHmac("sha256", cryptoKey).update(msg).digest());
+        return toArrayBuffer(crypto23.createHmac("sha256", cryptoKey).update(msg).digest());
       }
     };
     exports2.NodeCrypto = NodeCrypto;
@@ -8244,10 +8244,10 @@ var require_oauth2client = __commonJS({
        * https://github.com/googleapis/google-auth-library-nodejs/blob/main/samples/oauth2-codeVerifier.js
        */
       async generateCodeVerifierAsync() {
-        const crypto22 = (0, crypto_1.createCrypto)();
-        const randomString2 = crypto22.randomBytesBase64(96);
+        const crypto23 = (0, crypto_1.createCrypto)();
+        const randomString2 = crypto23.randomBytesBase64(96);
         const codeVerifier = randomString2.replace(/\+/g, "~").replace(/=/g, "_").replace(/\//g, "-");
-        const unencodedCodeChallenge = await crypto22.sha256DigestBase64(codeVerifier);
+        const unencodedCodeChallenge = await crypto23.sha256DigestBase64(codeVerifier);
         const codeChallenge = unencodedCodeChallenge.split("=")[0].replace(/\+/g, "-").replace(/\//g, "_");
         return { codeVerifier, codeChallenge };
       }
@@ -8691,7 +8691,7 @@ var require_oauth2client = __commonJS({
        * @return Returns a promise resolving to LoginTicket on verification.
        */
       async verifySignedJwtWithCertsAsync(jwt2, certs, requiredAudience, issuers, maxExpiry) {
-        const crypto22 = (0, crypto_1.createCrypto)();
+        const crypto23 = (0, crypto_1.createCrypto)();
         if (!maxExpiry) {
           maxExpiry = _OAuth2Client.DEFAULT_MAX_TOKEN_LIFETIME_SECS_;
         }
@@ -8704,7 +8704,7 @@ var require_oauth2client = __commonJS({
         let envelope;
         let payload;
         try {
-          envelope = JSON.parse(crypto22.decodeBase64StringUtf8(segments[0]));
+          envelope = JSON.parse(crypto23.decodeBase64StringUtf8(segments[0]));
         } catch (err2) {
           if (err2 instanceof Error) {
             err2.message = `Can't parse token envelope: ${segments[0]}': ${err2.message}`;
@@ -8715,7 +8715,7 @@ var require_oauth2client = __commonJS({
           throw new Error("Can't parse token envelope: " + segments[0]);
         }
         try {
-          payload = JSON.parse(crypto22.decodeBase64StringUtf8(segments[1]));
+          payload = JSON.parse(crypto23.decodeBase64StringUtf8(segments[1]));
         } catch (err2) {
           if (err2 instanceof Error) {
             err2.message = `Can't parse token payload '${segments[0]}`;
@@ -8732,7 +8732,7 @@ var require_oauth2client = __commonJS({
         if (envelope.alg === "ES256") {
           signature = formatEcdsa.joseToDer(signature, "ES256").toString("base64");
         }
-        const verified = await crypto22.verify(cert, signed, signature);
+        const verified = await crypto23.verify(cert, signed, signature);
         if (!verified) {
           throw new Error("Invalid token signature: " + jwt2);
         }
@@ -10877,14 +10877,14 @@ var require_awsrequestsigner = __commonJS({
       }
     };
     exports2.AwsRequestSigner = AwsRequestSigner;
-    async function sign(crypto22, key, msg) {
-      return await crypto22.signWithHmacSha256(key, msg);
-    }
-    async function getSigningKey(crypto22, key, dateStamp, region, serviceName) {
-      const kDate = await sign(crypto22, `AWS4${key}`, dateStamp);
-      const kRegion = await sign(crypto22, kDate, region);
-      const kService = await sign(crypto22, kRegion, serviceName);
-      const kSigning = await sign(crypto22, kService, "aws4_request");
+    async function sign(crypto23, key, msg) {
+      return await crypto23.signWithHmacSha256(key, msg);
+    }
+    async function getSigningKey(crypto23, key, dateStamp, region, serviceName) {
+      const kDate = await sign(crypto23, `AWS4${key}`, dateStamp);
+      const kRegion = await sign(crypto23, kDate, region);
+      const kService = await sign(crypto23, kRegion, serviceName);
+      const kSigning = await sign(crypto23, kService, "aws4_request");
       return kSigning;
     }
     async function generateAuthenticationHeaderMap(options) {
@@ -12469,24 +12469,24 @@ var require_googleauth = __commonJS({
           const signed = await client.sign(data);
           return signed.signedBlob;
         }
-        const crypto22 = (0, crypto_1.createCrypto)();
+        const crypto23 = (0, crypto_1.createCrypto)();
         if (client instanceof jwtclient_1.JWT && client.key) {
-          const sign = await crypto22.sign(client.key, data);
+          const sign = await crypto23.sign(client.key, data);
           return sign;
         }
         const creds = await this.getCredentials();
         if (!creds.client_email) {
           throw new Error("Cannot sign data without `client_email`.");
         }
-        return this.signBlob(crypto22, creds.client_email, data, endpoint);
+        return this.signBlob(crypto23, creds.client_email, data, endpoint);
       }
-      async signBlob(crypto22, emailOrUniqueId, data, endpoint) {
+      async signBlob(crypto23, emailOrUniqueId, data, endpoint) {
         const url3 = new URL(endpoint + `${emailOrUniqueId}:signBlob`);
         const res = await this.request({
           method: "POST",
           url: url3.href,
           data: {
-            payload: crypto22.encodeBase64StringUtf8(data)
+            payload: crypto23.encodeBase64StringUtf8(data)
           },
           retry: true,
           retryConfig: {
@@ -108724,7 +108724,7 @@ var require_src48 = __commonJS({
 var require_object_hash = __commonJS({
   "node_modules/object-hash/index.js"(exports2, module2) {
     "use strict";
-    var crypto22 = __require("crypto");
+    var crypto23 = __require("crypto");
     exports2 = module2.exports = objectHash;
     function objectHash(object3, options) {
       options = applyDefaults(object3, options);
@@ -108742,7 +108742,7 @@ var require_object_hash = __commonJS({
     exports2.keysMD5 = function(object3) {
       return objectHash(object3, { algorithm: "md5", encoding: "hex", excludeValues: true });
     };
-    var hashes = crypto22.getHashes ? crypto22.getHashes().slice() : ["sha1", "md5"];
+    var hashes = crypto23.getHashes ? crypto23.getHashes().slice() : ["sha1", "md5"];
     hashes.push("passthrough");
     var encodings = ["buffer", "hex", "binary", "base64"];
     function applyDefaults(object3, sourceOptions) {
@@ -108788,7 +108788,7 @@ var require_object_hash = __commonJS({
     function hash(object3, options) {
       var hashingStream;
       if (options.algorithm !== "passthrough") {
-        hashingStream = crypto22.createHash(options.algorithm);
+        hashingStream = crypto23.createHash(options.algorithm);
       } else {
         hashingStream = new PassThrough3();
       }
@@ -125275,13 +125275,13 @@ var require_context = __commonJS({
     exports2.parseXCloudTraceHeader = parseXCloudTraceHeader;
     exports2.parseTraceParentHeader = parseTraceParentHeader;
     var uuid3 = (init_esm_node(), __toCommonJS(esm_node_exports));
-    var crypto22 = __require("crypto");
+    var crypto23 = __require("crypto");
     var api_1 = (init_esm(), __toCommonJS(esm_exports));
     exports2.X_CLOUD_TRACE_HEADER = "x-cloud-trace-context";
     var SPAN_ID_RANDOM_BYTES = 8;
     var spanIdBuffer = Buffer.alloc(SPAN_ID_RANDOM_BYTES);
-    var randomFillSync2 = crypto22.randomFillSync;
-    var randomBytes7 = crypto22.randomBytes;
+    var randomFillSync2 = crypto23.randomFillSync;
+    var randomBytes7 = crypto23.randomBytes;
     var spanRandomBuffer = randomFillSync2 ? () => randomFillSync2(spanIdBuffer) : () => randomBytes7(SPAN_ID_RANDOM_BYTES);
     exports2.W3C_TRACE_PARENT_HEADER = "traceparent";
     function makeHeaderWrapper(req) {
@@ -187684,8 +187684,8 @@ var require_snapshot_utils = __commonJS({
         match: new Set(matchHeaders.map((header) => caseSensitive ? header : header.toLowerCase()))
       };
     }
-    var crypto22 = runtimeFeatures.has("crypto") ? __require("node:crypto") : null;
-    var hashId = crypto22?.hash ? (value) => crypto22.hash("sha256", value, "base64url") : (value) => Buffer.from(value).toString("base64url");
+    var crypto23 = runtimeFeatures.has("crypto") ? __require("node:crypto") : null;
+    var hashId = crypto23?.hash ? (value) => crypto23.hash("sha256", value, "base64url") : (value) => Buffer.from(value).toString("base64url");
     function isUndiciHeaders(headers) {
       return Array.isArray(headers) && (headers.length & 1) === 0;
     }
@@ -193740,10 +193740,10 @@ var require_subresource_integrity = __commonJS({
     var assert4 = __require("node:assert");
     var { runtimeFeatures } = require_runtime_features();
     var validSRIHashAlgorithmTokenSet = /* @__PURE__ */ new Map([["sha256", 0], ["sha384", 1], ["sha512", 2]]);
-    var crypto22;
+    var crypto23;
     if (runtimeFeatures.has("crypto")) {
-      crypto22 = __require("node:crypto");
-      const cryptoHashes = crypto22.getHashes();
+      crypto23 = __require("node:crypto");
+      const cryptoHashes = crypto23.getHashes();
       if (cryptoHashes.length === 0) {
         validSRIHashAlgorithmTokenSet.clear();
       }
@@ -193833,7 +193833,7 @@ var require_subresource_integrity = __commonJS({
       return result2;
     }
     var applyAlgorithmToBytes = (algorithm, bytes) => {
-      return crypto22.hash(algorithm, bytes, "base64");
+      return crypto23.hash(algorithm, bytes, "base64");
     };
     function caseSensitiveMatch(actualValue, expectedValue) {
       let actualValueLength = actualValue.length;
@@ -196767,7 +196767,7 @@ var require_connection = __commonJS({
     var { WebsocketFrameSend } = require_frame();
     var assert4 = __require("node:assert");
     var { runtimeFeatures } = require_runtime_features();
-    var crypto22 = runtimeFeatures.has("crypto") ? __require("node:crypto") : null;
+    var crypto23 = runtimeFeatures.has("crypto") ? __require("node:crypto") : null;
     var warningEmitted = false;
     function establishWebSocketConnection(url3, protocols, client, handler, options) {
       const requestURL = url3;
@@ -196787,7 +196787,7 @@ var require_connection = __commonJS({
         const headersList = getHeadersList(new Headers2(options.headers));
         request.headersList = headersList;
       }
-      const keyValue = crypto22.randomBytes(16).toString("base64");
+      const keyValue = crypto23.randomBytes(16).toString("base64");
       request.headersList.append("sec-websocket-key", keyValue, true);
       request.headersList.append("sec-websocket-version", "13", true);
       for (const protocol of protocols) {
@@ -196827,7 +196827,7 @@ var require_connection = __commonJS({
             return;
           }
           const secWSAccept = response.headersList.get("Sec-WebSocket-Accept");
-          const digest = crypto22.hash("sha1", keyValue + uid, "base64");
+          const digest = crypto23.hash("sha1", keyValue + uid, "base64");
           if (secWSAccept !== digest) {
             failWebsocketConnection(handler, 1002, "Incorrect hash received in Sec-WebSocket-Accept header.");
             return;
@@ -250034,8 +250034,8 @@ var Float64Vector = import_vector.default.Float64Vector;
 var PointerVector = import_vector.default.PointerVector;
 
 // packages/core/src/generated/git-commit.ts
-var GIT_COMMIT_INFO = "146442f2a";
-var CLI_VERSION = "0.36.0-preview.0";
+var GIT_COMMIT_INFO = "38c706dbb";
+var CLI_VERSION = "0.36.0-preview.3";
 
 // packages/core/src/ide/detect-ide.ts
 var IDE_DEFINITIONS = {
@@ -276488,7 +276488,7 @@ function getVersion() {
   }
   versionPromise = (async () => {
     const pkgJson = await getPackageJson(__dirname4);
-    return "0.36.0-preview.0";
+    return "0.36.0-preview.3";
   })();
   return versionPromise;
 }
@@ -325542,6 +325542,64 @@ function parseExperiments(response) {
   };
 }
 
+// packages/core/src/agents/registry.ts
+import * as crypto17 from "node:crypto";
+
+// packages/core/src/agents/types.ts
+var AgentTerminateMode = /* @__PURE__ */ ((AgentTerminateMode2) => {
+  AgentTerminateMode2["ERROR"] = "ERROR";
+  AgentTerminateMode2["TIMEOUT"] = "TIMEOUT";
+  AgentTerminateMode2["GOAL"] = "GOAL";
+  AgentTerminateMode2["MAX_TURNS"] = "MAX_TURNS";
+  AgentTerminateMode2["ABORTED"] = "ABORTED";
+  AgentTerminateMode2["ERROR_NO_COMPLETE_TASK_CALL"] = "ERROR_NO_COMPLETE_TASK_CALL";
+  return AgentTerminateMode2;
+})(AgentTerminateMode || {});
+var DEFAULT_QUERY_STRING = "Get Started!";
+var DEFAULT_MAX_TURNS = 30;
+var DEFAULT_MAX_TIME_MINUTES = 10;
+var SubagentActivityErrorType = /* @__PURE__ */ ((SubagentActivityErrorType2) => {
+  SubagentActivityErrorType2["REJECTED"] = "REJECTED";
+  SubagentActivityErrorType2["CANCELLED"] = "CANCELLED";
+  SubagentActivityErrorType2["GENERIC"] = "GENERIC";
+  return SubagentActivityErrorType2;
+})(SubagentActivityErrorType || {});
+var SUBAGENT_REJECTED_ERROR_PREFIX = "User rejected this operation.";
+var SUBAGENT_CANCELLED_ERROR_MESSAGE = "Request cancelled.";
+function isSubagentProgress(obj) {
+  return typeof obj === "object" && obj !== null && "isSubagentProgress" in obj && obj.isSubagentProgress === true;
+}
+function isToolActivityError(data) {
+  return data !== null && typeof data === "object" && "isError" in data && data.isError === true;
+}
+function getAgentCardLoadOptions(def) {
+  if (def.agentCardJson) {
+    return { type: "json", json: def.agentCardJson };
+  }
+  if (def.agentCardUrl) {
+    return { type: "url", url: def.agentCardUrl };
+  }
+  throw new Error(
+    `Remote agent '${def.name}' has neither agentCardUrl nor agentCardJson`
+  );
+}
+function getRemoteAgentTargetUrl(def) {
+  if (def.agentCardUrl) {
+    return def.agentCardUrl;
+  }
+  if (def.agentCardJson) {
+    try {
+      const parsed = JSON.parse(def.agentCardJson);
+      const card = parsed;
+      if (card.url) {
+        return card.url;
+      }
+    } catch {
+    }
+  }
+  return void 0;
+}
+
 // node_modules/js-yaml/dist/js-yaml.mjs
 function isNothing(subject) {
   return typeof subject === "undefined" || subject === null;
@@ -328133,34 +328191,6 @@ import * as fs46 from "node:fs/promises";
 import * as path61 from "node:path";
 import * as crypto16 from "node:crypto";
 
-// packages/core/src/agents/types.ts
-var AgentTerminateMode = /* @__PURE__ */ ((AgentTerminateMode2) => {
-  AgentTerminateMode2["ERROR"] = "ERROR";
-  AgentTerminateMode2["TIMEOUT"] = "TIMEOUT";
-  AgentTerminateMode2["GOAL"] = "GOAL";
-  AgentTerminateMode2["MAX_TURNS"] = "MAX_TURNS";
-  AgentTerminateMode2["ABORTED"] = "ABORTED";
-  AgentTerminateMode2["ERROR_NO_COMPLETE_TASK_CALL"] = "ERROR_NO_COMPLETE_TASK_CALL";
-  return AgentTerminateMode2;
-})(AgentTerminateMode || {});
-var DEFAULT_QUERY_STRING = "Get Started!";
-var DEFAULT_MAX_TURNS = 30;
-var DEFAULT_MAX_TIME_MINUTES = 10;
-var SubagentActivityErrorType = /* @__PURE__ */ ((SubagentActivityErrorType2) => {
-  SubagentActivityErrorType2["REJECTED"] = "REJECTED";
-  SubagentActivityErrorType2["CANCELLED"] = "CANCELLED";
-  SubagentActivityErrorType2["GENERIC"] = "GENERIC";
-  return SubagentActivityErrorType2;
-})(SubagentActivityErrorType || {});
-var SUBAGENT_REJECTED_ERROR_PREFIX = "User rejected this operation.";
-var SUBAGENT_CANCELLED_ERROR_MESSAGE = "Request cancelled.";
-function isSubagentProgress(obj) {
-  return typeof obj === "object" && obj !== null && "isSubagentProgress" in obj && obj.isSubagentProgress === true;
-}
-function isToolActivityError(data) {
-  return data !== null && typeof data === "object" && "isError" in data && data.isError === true;
-}
-
 // packages/core/src/skills/skillLoader.ts
 import * as fs45 from "node:fs/promises";
 import * as path60 from "node:path";
@@ -328354,17 +328384,16 @@ var authConfigSchema = external_exports.discriminatedUnion("type", [
   oauth2AuthSchema
 ]).superRefine((data, ctx) => {
   if (data.type === "http") {
-    if (data.value) {
-      return;
-    }
-    if (data.scheme === "Bearer" && !data.token) {
-      ctx.addIssue({
-        code: external_exports.ZodIssueCode.custom,
-        message: 'Bearer scheme requires "token"',
-        path: ["token"]
-      });
-    }
-    if (data.scheme === "Basic") {
+    if (data.value) return;
+    if (data.scheme === "Bearer") {
+      if (!data.token) {
+        ctx.addIssue({
+          code: external_exports.ZodIssueCode.custom,
+          message: 'Bearer scheme requires "token"',
+          path: ["token"]
+        });
+      }
+    } else if (data.scheme === "Basic") {
       if (!data.username) {
         ctx.addIssue({
           code: external_exports.ZodIssueCode.custom,
@@ -328379,39 +328408,84 @@ var authConfigSchema = external_exports.discriminatedUnion("type", [
           path: ["password"]
         });
       }
+    } else {
+      ctx.addIssue({
+        code: external_exports.ZodIssueCode.custom,
+        message: `HTTP scheme "${data.scheme}" requires "value"`,
+        path: ["value"]
+      });
     }
   }
 });
-var remoteAgentSchema = external_exports.object({
+var baseRemoteAgentSchema = external_exports.object({
   kind: external_exports.literal("remote").optional().default("remote"),
   name: nameSchema,
   description: external_exports.string().optional(),
   display_name: external_exports.string().optional(),
-  agent_card_url: external_exports.string().url(),
   auth: authConfigSchema.optional()
+});
+var remoteAgentUrlSchema = baseRemoteAgentSchema.extend({
+  agent_card_url: external_exports.string().url(),
+  agent_card_json: external_exports.undefined().optional()
+}).strict();
+var remoteAgentJsonSchema = baseRemoteAgentSchema.extend({
+  agent_card_url: external_exports.undefined().optional(),
+  agent_card_json: external_exports.string().refine(
+    (val) => {
+      try {
+        JSON.parse(val);
+        return true;
+      } catch {
+        return false;
+      }
+    },
+    { message: "agent_card_json must be valid JSON" }
+  )
 }).strict();
+var remoteAgentSchema = external_exports.union([
+  remoteAgentUrlSchema,
+  remoteAgentJsonSchema
+]);
 var agentUnionOptions = [
-  { schema: localAgentSchema, label: "Local Agent" },
-  { schema: remoteAgentSchema, label: "Remote Agent" }
+  { label: "Local Agent" },
+  { label: "Remote Agent" },
+  { label: "Remote Agent" }
 ];
 var remoteAgentsListSchema = external_exports.array(remoteAgentSchema);
 var markdownFrontmatterSchema = external_exports.union([
-  agentUnionOptions[0].schema,
-  agentUnionOptions[1].schema
+  localAgentSchema,
+  remoteAgentUrlSchema,
+  remoteAgentJsonSchema
 ]);
-function formatZodError(error40, context2) {
-  const issues = error40.issues.map((i3) => {
+function guessIntendedKind(rawInput) {
+  if (typeof rawInput !== "object" || rawInput === null) return void 0;
+  const input = rawInput;
+  if (input.kind === "local") return "local";
+  if (input.kind === "remote") return "remote";
+  const hasLocalKeys = "tools" in input || "mcp_servers" in input || "model" in input || "temperature" in input || "max_turns" in input || "timeout_mins" in input;
+  const hasRemoteKeys = "agent_card_url" in input || "auth" in input || "agent_card_json" in input;
+  if (hasLocalKeys && !hasRemoteKeys) return "local";
+  if (hasRemoteKeys && !hasLocalKeys) return "remote";
+  return void 0;
+}
+function formatZodError(error40, context2, rawInput) {
+  const intendedKind = rawInput ? guessIntendedKind(rawInput) : void 0;
+  const formatIssues = (issues, unionPrefix) => issues.flatMap((i3) => {
     if (i3.code === external_exports.ZodIssueCode.invalid_union) {
-      return i3.unionErrors.map((unionError, index) => {
-        const label = agentUnionOptions[index]?.label ?? `Agent type #${index + 1}`;
-        const unionIssues = unionError.issues.map((u2) => `${u2.path.join(".")}: ${u2.message}`).join(", ");
-        return `(${label}) ${unionIssues}`;
-      }).join("\n");
+      return i3.unionErrors.flatMap((unionError, index) => {
+        const label = unionPrefix ? unionPrefix : agentUnionOptions[index]?.label ?? `Branch #${index + 1}`;
+        if (intendedKind === "local" && label === "Remote Agent") return [];
+        if (intendedKind === "remote" && label === "Local Agent") return [];
+        return formatIssues(unionError.issues, label);
+      });
     }
-    return `${i3.path.join(".")}: ${i3.message}`;
-  }).join("\n");
+    const prefix = unionPrefix ? `(${unionPrefix}) ` : "";
+    const path85 = i3.path.length > 0 ? `${i3.path.join(".")}: ` : "";
+    return `${prefix}${path85}${i3.message}`;
+  });
+  const formatted = Array.from(new Set(formatIssues(error40.issues))).join("\n");
   return `${context2}:
-${issues}`;
+${formatted}`;
 }
 async function parseAgentMarkdown(filePath, content) {
   let fileContent;
@@ -328442,8 +328516,7 @@ async function parseAgentMarkdown(filePath, content) {
   } catch (error40) {
     throw new AgentLoadError(
       filePath,
-      // eslint-disable-next-line @typescript-eslint/no-unsafe-type-assertion
-      `YAML frontmatter parsing failed: ${error40.message}`
+      `YAML frontmatter parsing failed: ${getErrorMessage(error40)}`
     );
   }
   if (Array.isArray(rawFrontmatter)) {
@@ -328463,7 +328536,7 @@ async function parseAgentMarkdown(filePath, content) {
   if (!result2.success) {
     throw new AgentLoadError(
       filePath,
-      `Validation failed: ${formatZodError(result2.error, "Agent Definition")}`
+      `Validation failed: ${formatZodError(result2.error, "Agent Definition", rawFrontmatter)}`
     );
   }
   const frontmatter = result2.data;
@@ -328475,41 +328548,30 @@ async function parseAgentMarkdown(filePath, content) {
       }
     ];
   }
-  const agentDef = {
-    ...frontmatter,
-    kind: "local",
-    system_prompt: body2.trim()
-  };
-  return [agentDef];
+  return [
+    {
+      ...frontmatter,
+      kind: "local",
+      system_prompt: body2.trim()
+    }
+  ];
 }
 function convertFrontmatterAuthToConfig(frontmatter) {
-  const base = {};
   switch (frontmatter.type) {
     case "apiKey":
-      if (!frontmatter.key) {
-        throw new Error("Internal error: API key missing after validation.");
-      }
       return {
-        ...base,
         type: "apiKey",
         key: frontmatter.key,
         name: frontmatter.name
       };
     case "google-credentials":
       return {
-        ...base,
         type: "google-credentials",
         scopes: frontmatter.scopes
       };
-    case "http": {
-      if (!frontmatter.scheme) {
-        throw new Error(
-          "Internal error: HTTP scheme missing after validation."
-        );
-      }
+    case "http":
       if (frontmatter.value) {
         return {
-          ...base,
           type: "http",
           scheme: frontmatter.scheme,
           value: frontmatter.value
@@ -328517,38 +328579,23 @@ function convertFrontmatterAuthToConfig(frontmatter) {
       }
       switch (frontmatter.scheme) {
         case "Bearer":
-          if (!frontmatter.token) {
-            throw new Error(
-              "Internal error: Bearer token missing after validation."
-            );
-          }
           return {
-            ...base,
             type: "http",
             scheme: "Bearer",
             token: frontmatter.token
           };
         case "Basic":
-          if (!frontmatter.username || !frontmatter.password) {
-            throw new Error(
-              "Internal error: Basic auth credentials missing after validation."
-            );
-          }
           return {
-            ...base,
             type: "http",
             scheme: "Basic",
             username: frontmatter.username,
             password: frontmatter.password
           };
-        default: {
+        default:
           throw new Error(`Unknown HTTP scheme: ${frontmatter.scheme}`);
-        }
       }
-    }
     case "oauth":
       return {
-        ...base,
         type: "oauth2",
         client_id: frontmatter.client_id,
         client_secret: frontmatter.client_secret,
@@ -328557,8 +328604,12 @@ function convertFrontmatterAuthToConfig(frontmatter) {
         token_url: frontmatter.token_url
       };
     default: {
-      const exhaustive = frontmatter.type;
-      throw new Error(`Unknown auth type: ${exhaustive}`);
+      const exhaustive = frontmatter;
+      const raw = exhaustive;
+      if (typeof raw === "object" && raw !== null && "type" in raw) {
+        throw new Error(`Unknown auth type: ${String(raw["type"])}`);
+      }
+      throw new Error("Unknown auth type");
     }
   }
 }
@@ -328577,20 +328628,31 @@ function markdownToAgentDefinition(markdown, metadata2) {
     }
   };
   if (markdown.kind === "remote") {
-    return {
+    const base = {
       kind: "remote",
       name: markdown.name,
       description: markdown.description || "",
       displayName: markdown.display_name,
-      agentCardUrl: markdown.agent_card_url,
       auth: markdown.auth ? convertFrontmatterAuthToConfig(markdown.auth) : void 0,
       inputConfig,
       metadata: metadata2
     };
+    if ("agent_card_json" in markdown && markdown.agent_card_json !== void 0) {
+      base.agentCardJson = markdown.agent_card_json;
+      return base;
+    }
+    if ("agent_card_url" in markdown && markdown.agent_card_url !== void 0) {
+      base.agentCardUrl = markdown.agent_card_url;
+      return base;
+    }
+    throw new AgentLoadError(
+      metadata2?.filePath || "unknown",
+      "Unexpected state: neither agent_card_json nor agent_card_url present on remote agent"
+    );
   }
   const modelName = markdown.model || "inherit";
   const mcpServers = {};
-  if (markdown.kind === "local" && markdown.mcp_servers) {
+  if (markdown.mcp_servers) {
     for (const [name3, config2] of Object.entries(markdown.mcp_servers)) {
       mcpServers[name3] = new MCPServerConfig(
         config2.command,
@@ -328647,14 +328709,13 @@ async function loadAgentsFromDirectory(dir) {
   try {
     dirEntries = await fs46.readdir(dir, { withFileTypes: true });
   } catch (error40) {
-    if (error40.code === "ENOENT") {
+    if (error40 instanceof Error && "code" in error40 && error40.code === "ENOENT") {
       return result2;
     }
     result2.errors.push(
       new AgentLoadError(
         dir,
-        // eslint-disable-next-line @typescript-eslint/no-unsafe-type-assertion
-        `Could not list directory: ${error40.message}`
+        `Could not list directory: ${getErrorMessage(error40)}`
       )
     );
     return result2;
@@ -328679,8 +328740,7 @@ async function loadAgentsFromDirectory(dir) {
         result2.errors.push(
           new AgentLoadError(
             filePath,
-            // eslint-disable-next-line @typescript-eslint/no-unsafe-type-assertion
-            `Unexpected error: ${error40.message}`
+            `Unexpected error: ${getErrorMessage(error40)}`
           )
         );
       }
@@ -329820,7 +329880,7 @@ var A2AAuthProviderFactory = class _A2AAuthProviderFactory {
         return provider;
       }
       case "oauth2": {
-        const { OAuth2AuthProvider } = await import("./oauth2-provider-VHUD4ICS.js");
+        const { OAuth2AuthProvider } = await import("./oauth2-provider-NNYNDNHB.js");
         const provider = new OAuth2AuthProvider(
           authConfig,
           options.agentName ?? "unknown",
@@ -330193,7 +330253,7 @@ var AgentRegistry = class {
           if (!agent.metadata) {
             agent.metadata = {};
           }
-          agent.metadata.hash = agent.agentCardUrl;
+          agent.metadata.hash = agent.agentCardUrl ?? (agent.agentCardJson ? crypto17.createHash("sha256").update(agent.agentCardJson).digest("hex") : void 0);
         }
         if (!agent.metadata?.hash) {
           agentsToRegister.push(agent);
@@ -330405,12 +330465,13 @@ var AgentRegistry = class {
         );
         return;
       }
+      const targetUrl = getRemoteAgentTargetUrl(remoteDef);
       let authHandler;
       if (definition.auth) {
         const provider = await A2AAuthProviderFactory.create({
           authConfig: definition.auth,
           agentName: definition.name,
-          targetUrl: definition.agentCardUrl,
+          targetUrl,
           agentCardUrl: remoteDef.agentCardUrl
         });
         if (!provider) {
@@ -330422,7 +330483,7 @@ var AgentRegistry = class {
       }
       const agentCard = await clientManager.loadAgent(
         remoteDef.name,
-        remoteDef.agentCardUrl,
+        getAgentCardLoadOptions(remoteDef),
         authHandler
       );
       if (agentCard.securitySchemes) {
@@ -330467,7 +330528,7 @@ ${skillsList}`);
       }
       if (this.config.getDebugMode()) {
         debugLogger.log(
-          `[AgentRegistry] Registered remote agent '${definition.name}' with card: ${definition.agentCardUrl}`
+          `[AgentRegistry] Registered remote agent '${definition.name}' with card: ${definition.agentCardUrl ?? "inline JSON"}`
         );
       }
       this.agents.set(definition.name, definition);
@@ -334621,10 +334682,11 @@ var RemoteAgentInvocation = class _RemoteAgentInvocation extends BaseToolInvocat
       return this.authHandler;
     }
     if (this.definition.auth) {
+      const targetUrl = getRemoteAgentTargetUrl(this.definition);
       const provider = await A2AAuthProviderFactory.create({
         authConfig: this.definition.auth,
         agentName: this.definition.name,
-        targetUrl: this.definition.agentCardUrl,
+        targetUrl,
         agentCardUrl: this.definition.agentCardUrl
       });
       if (!provider) {
@@ -334675,7 +334737,7 @@ var RemoteAgentInvocation = class _RemoteAgentInvocation extends BaseToolInvocat
       if (!this.clientManager.getClient(this.definition.name)) {
         await this.clientManager.loadAgent(
           this.definition.name,
-          this.definition.agentCardUrl,
+          getAgentCardLoadOptions(this.definition),
           authHandler
         );
       }
@@ -336951,7 +337013,7 @@ var InjectionService = class {
 // packages/core/src/policy/config.ts
 import * as fs53 from "node:fs/promises";
 import * as path68 from "node:path";
-import * as crypto17 from "node:crypto";
+import * as crypto18 from "node:crypto";
 import { fileURLToPath as fileURLToPath17 } from "node:url";
 
 // packages/core/src/policy/toml-loader.ts
@@ -337883,7 +337945,7 @@ function createPolicyUpdater(policyEngine, messageBus, storage2) {
             }
             existingData.rule.push(newRule);
             const newContent = import_toml3.default.stringify(existingData);
-            const tmpSuffix = crypto17.randomBytes(8).toString("hex");
+            const tmpSuffix = crypto18.randomBytes(8).toString("hex");
             const tmpFile = `${policyFile}.${tmpSuffix}.tmp`;
             let handle2;
             try {
@@ -339711,7 +339773,7 @@ import { pathToFileURL } from "node:url";
 import { randomUUID as randomUUID8 } from "node:crypto";
 
 // packages/core/src/mcp/oauth-provider.ts
-import * as crypto19 from "node:crypto";
+import * as crypto20 from "node:crypto";
 import { URL as URL7 } from "node:url";
 
 // packages/core/src/mcp/oauth-token-storage.ts
@@ -339903,14 +339965,14 @@ var MCPOAuthTokenStorage = class {
 
 // packages/core/src/utils/oauth-flow.ts
 import * as http4 from "node:http";
-import * as crypto18 from "node:crypto";
+import * as crypto19 from "node:crypto";
 import { URL as URL6 } from "node:url";
 var REDIRECT_PATH = "/oauth/callback";
 var HTTP_OK = 200;
 function generatePKCEParams() {
-  const codeVerifier = crypto18.randomBytes(64).toString("base64url");
-  const codeChallenge = crypto18.createHash("sha256").update(codeVerifier).digest("base64url");
-  const state = crypto18.randomBytes(16).toString("base64url");
+  const codeVerifier = crypto19.randomBytes(64).toString("base64url");
+  const codeChallenge = crypto19.createHash("sha256").update(codeVerifier).digest("base64url");
+  const state = crypto19.randomBytes(16).toString("base64url");
   return { codeVerifier, codeChallenge, state };
 }
 function startCallbackServer(expectedState, port) {
@@ -340516,7 +340578,7 @@ ${authUrl}
       debugLogger.debug("\u2713 Authentication successful! Token saved.");
       const savedToken = await this.tokenStorage.getCredentials(serverName);
       if (savedToken && savedToken.token && savedToken.token.accessToken) {
-        const tokenFingerprint = crypto19.createHash("sha256").update(savedToken.token.accessToken).digest("hex").slice(0, 8);
+        const tokenFingerprint = crypto20.createHash("sha256").update(savedToken.token.accessToken).digest("hex").slice(0, 8);
         debugLogger.debug(
           `\u2713 Token verification successful (fingerprint: ${tokenFingerprint})`
         );
@@ -342149,7 +342211,7 @@ function isEnabled(funcDecl, mcpServerName, mcpServerConfig) {
 }
 
 // packages/core/src/tools/mcp-client-manager.ts
-import { createHash as createHash8 } from "node:crypto";
+import { createHash as createHash9 } from "node:crypto";
 var McpClientManager = class {
   clients = /* @__PURE__ */ new Map();
   // Track all configured servers (including disabled ones) for UI display
@@ -342352,7 +342414,7 @@ var McpClientManager = class {
       config: rest,
       extensionId: extension?.id
     };
-    return createHash8("sha256").update(stableStringify(keyData)).digest("hex");
+    return createHash9("sha256").update(stableStringify(keyData)).digest("hex");
   }
   /**
    * Merges two MCP configurations. The second configuration (override)
@@ -350277,7 +350339,7 @@ var A2AClientManager = class {
    * @param authHandler Optional authentication handler to use for this agent.
    * @returns The loaded AgentCard.
    */
-  async loadAgent(name3, agentCardUrl, authHandler) {
+  async loadAgent(name3, options, authHandler) {
     if (this.clients.has(name3) && this.agentCards.has(name3)) {
       throw new Error(`Agent with name '${name3}' is already loaded.`);
     }
@@ -350296,7 +350358,21 @@ var A2AClientManager = class {
       return response;
     };
     const resolver = new DefaultAgentCardResolver({ fetchImpl: cardFetch });
-    const rawCard = await resolver.resolve(agentCardUrl, "");
+    let rawCard;
+    let urlIdentifier = "inline JSON";
+    if (options.type === "json") {
+      try {
+        rawCard = JSON.parse(options.json);
+      } catch (error40) {
+        const msg = error40 instanceof Error ? error40.message : String(error40);
+        throw new Error(
+          `Failed to parse inline agent card JSON for agent '${name3}': ${msg}`
+        );
+      }
+    } else {
+      urlIdentifier = options.url;
+      rawCard = await resolver.resolve(options.url, "");
+    }
     const agentCard = normalizeAgentCard(rawCard);
     const grpcUrl = agentCard.additionalInterfaces?.find((i3) => i3.transport === "GRPC")?.url ?? agentCard.url;
     const clientOptions = ClientFactoryOptions.createFrom(
@@ -350318,11 +350394,11 @@ var A2AClientManager = class {
       this.clients.set(name3, client);
       this.agentCards.set(name3, agentCard);
       debugLogger.debug(
-        `[A2AClientManager] Loaded agent '${name3}' from ${agentCardUrl}`
+        `[A2AClientManager] Loaded agent '${name3}' from ${urlIdentifier}`
       );
       return agentCard;
     } catch (error40) {
-      throw classifyAgentError(name3, agentCardUrl, error40);
+      throw classifyAgentError(name3, urlIdentifier, error40);
     }
   }
   /**
@@ -352779,7 +352855,7 @@ var StreamJsonFormatter = class {
 };
 
 // packages/core/src/policy/integrity.ts
-import * as crypto20 from "node:crypto";
+import * as crypto21 from "node:crypto";
 import * as fs58 from "node:fs/promises";
 import * as path73 from "node:path";
 var IntegrityStatus = /* @__PURE__ */ ((IntegrityStatus2) => {
@@ -352834,7 +352910,7 @@ var PolicyIntegrityManager = class _PolicyIntegrityManager {
     try {
       const files = await readPolicyFiles(policyDir);
       files.sort((a2, b) => a2.path.localeCompare(b.path));
-      const hash = crypto20.createHash("sha256");
+      const hash = crypto21.createHash("sha256");
       for (const file2 of files) {
         const relativePath = path73.relative(policyDir, file2.path);
         hash.update(relativePath);
@@ -352885,7 +352961,7 @@ var PolicyIntegrityManager = class _PolicyIntegrityManager {
 import * as fs59 from "node:fs";
 import * as path74 from "node:path";
 import {
-  createHash as createHash10,
+  createHash as createHash11,
   createHmac,
   randomBytes as randomBytes6,
   timingSafeEqual
@@ -353028,7 +353104,7 @@ var ExtensionIntegrityStore = class {
    */
   generateHash(metadata2) {
     const content = (0, import_json_stable_stringify.default)(metadata2) ?? "";
-    return createHash10("sha256").update(content).digest("hex");
+    return createHash11("sha256").update(content).digest("hex");
   }
   /**
    * Generates an HMAC-SHA256 signature using the master secret key.
@@ -354012,11 +354088,11 @@ var import_fdir = __toESM(require_dist9(), 1);
 import path77 from "node:path";
 
 // packages/core/src/utils/filesearch/crawlCache.ts
-import crypto21 from "node:crypto";
+import crypto22 from "node:crypto";
 var crawlCache = /* @__PURE__ */ new Map();
 var cacheTimers = /* @__PURE__ */ new Map();
 var getCacheKey = (directory, ignoreContent, maxDepth) => {
-  const hash = crypto21.createHash("sha256");
+  const hash = crypto22.createHash("sha256");
   hash.update(directory);
   hash.update(ignoreContent);
   if (maxDepth !== void 0) {
@@ -358335,6 +358411,8 @@ export {
   SUBAGENT_CANCELLED_ERROR_MESSAGE,
   isSubagentProgress,
   isToolActivityError,
+  getAgentCardLoadOptions,
+  getRemoteAgentTargetUrl,
   FRONTMATTER_REGEX,
   loadSkillsFromDir,
   loadSkillFromFile,