npm - @google/gemini-cli - Versions diffs - 0.36.0-preview.3 → 0.36.0-preview.5 - Mend

@google/gemini-cli 0.36.0-preview.3 → 0.36.0-preview.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (28) hide show

package/bundle/{chunk-FACTELEP.js → chunk-GXKW2PIT.js} RENAMED Viewed

@@ -7643,22 +7643,22 @@ var require_crypto2 = __commonJS({
     "use strict";
     Object.defineProperty(exports2, "__esModule", { value: true });
     exports2.NodeCrypto = void 0;
-    var crypto22 = __require("crypto");
+    var crypto23 = __require("crypto");
     var NodeCrypto = class {
       async sha256DigestBase64(str2) {
-        return crypto22.createHash("sha256").update(str2).digest("base64");
+        return crypto23.createHash("sha256").update(str2).digest("base64");
       }
       randomBytesBase64(count2) {
-        return crypto22.randomBytes(count2).toString("base64");
+        return crypto23.randomBytes(count2).toString("base64");
       }
       async verify(pubkey, data, signature) {
-        const verifier = crypto22.createVerify("RSA-SHA256");
+        const verifier = crypto23.createVerify("RSA-SHA256");
         verifier.update(data);
         verifier.end();
         return verifier.verify(pubkey, signature, "base64");
       }
       async sign(privateKey, data) {
-        const signer = crypto22.createSign("RSA-SHA256");
+        const signer = crypto23.createSign("RSA-SHA256");
         signer.update(data);
         signer.end();
         return signer.sign(privateKey, "base64");
@@ -7676,7 +7676,7 @@ var require_crypto2 = __commonJS({
        *   string in hexadecimal encoding.
        */
       async sha256DigestHex(str2) {
-        return crypto22.createHash("sha256").update(str2).digest("hex");
+        return crypto23.createHash("sha256").update(str2).digest("hex");
       }
       /**
        * Computes the HMAC hash of a message using the provided crypto key and the
@@ -7688,7 +7688,7 @@ var require_crypto2 = __commonJS({
        */
       async signWithHmacSha256(key, msg) {
         const cryptoKey = typeof key === "string" ? key : toBuffer(key);
-        return toArrayBuffer(crypto22.createHmac("sha256", cryptoKey).update(msg).digest());
+        return toArrayBuffer(crypto23.createHmac("sha256", cryptoKey).update(msg).digest());
       }
     };
     exports2.NodeCrypto = NodeCrypto;
@@ -8244,10 +8244,10 @@ var require_oauth2client = __commonJS({
        * https://github.com/googleapis/google-auth-library-nodejs/blob/main/samples/oauth2-codeVerifier.js
        */
       async generateCodeVerifierAsync() {
-        const crypto22 = (0, crypto_1.createCrypto)();
-        const randomString2 = crypto22.randomBytesBase64(96);
+        const crypto23 = (0, crypto_1.createCrypto)();
+        const randomString2 = crypto23.randomBytesBase64(96);
         const codeVerifier = randomString2.replace(/\+/g, "~").replace(/=/g, "_").replace(/\//g, "-");
-        const unencodedCodeChallenge = await crypto22.sha256DigestBase64(codeVerifier);
+        const unencodedCodeChallenge = await crypto23.sha256DigestBase64(codeVerifier);
         const codeChallenge = unencodedCodeChallenge.split("=")[0].replace(/\+/g, "-").replace(/\//g, "_");
         return { codeVerifier, codeChallenge };
       }
@@ -8691,7 +8691,7 @@ var require_oauth2client = __commonJS({
        * @return Returns a promise resolving to LoginTicket on verification.
        */
       async verifySignedJwtWithCertsAsync(jwt2, certs, requiredAudience, issuers, maxExpiry) {
-        const crypto22 = (0, crypto_1.createCrypto)();
+        const crypto23 = (0, crypto_1.createCrypto)();
         if (!maxExpiry) {
           maxExpiry = _OAuth2Client.DEFAULT_MAX_TOKEN_LIFETIME_SECS_;
         }
@@ -8704,7 +8704,7 @@ var require_oauth2client = __commonJS({
         let envelope;
         let payload;
         try {
-          envelope = JSON.parse(crypto22.decodeBase64StringUtf8(segments[0]));
+          envelope = JSON.parse(crypto23.decodeBase64StringUtf8(segments[0]));
         } catch (err2) {
           if (err2 instanceof Error) {
             err2.message = `Can't parse token envelope: ${segments[0]}': ${err2.message}`;
@@ -8715,7 +8715,7 @@ var require_oauth2client = __commonJS({
           throw new Error("Can't parse token envelope: " + segments[0]);
         }
         try {
-          payload = JSON.parse(crypto22.decodeBase64StringUtf8(segments[1]));
+          payload = JSON.parse(crypto23.decodeBase64StringUtf8(segments[1]));
         } catch (err2) {
           if (err2 instanceof Error) {
             err2.message = `Can't parse token payload '${segments[0]}`;
@@ -8732,7 +8732,7 @@ var require_oauth2client = __commonJS({
         if (envelope.alg === "ES256") {
           signature = formatEcdsa.joseToDer(signature, "ES256").toString("base64");
         }
-        const verified = await crypto22.verify(cert, signed, signature);
+        const verified = await crypto23.verify(cert, signed, signature);
         if (!verified) {
           throw new Error("Invalid token signature: " + jwt2);
         }
@@ -10877,14 +10877,14 @@ var require_awsrequestsigner = __commonJS({
       }
     };
     exports2.AwsRequestSigner = AwsRequestSigner;
-    async function sign(crypto22, key, msg) {
-      return await crypto22.signWithHmacSha256(key, msg);
-    }
-    async function getSigningKey(crypto22, key, dateStamp, region, serviceName) {
-      const kDate = await sign(crypto22, `AWS4${key}`, dateStamp);
-      const kRegion = await sign(crypto22, kDate, region);
-      const kService = await sign(crypto22, kRegion, serviceName);
-      const kSigning = await sign(crypto22, kService, "aws4_request");
+    async function sign(crypto23, key, msg) {
+      return await crypto23.signWithHmacSha256(key, msg);
+    }
+    async function getSigningKey(crypto23, key, dateStamp, region, serviceName) {
+      const kDate = await sign(crypto23, `AWS4${key}`, dateStamp);
+      const kRegion = await sign(crypto23, kDate, region);
+      const kService = await sign(crypto23, kRegion, serviceName);
+      const kSigning = await sign(crypto23, kService, "aws4_request");
       return kSigning;
     }
     async function generateAuthenticationHeaderMap(options) {
@@ -12469,24 +12469,24 @@ var require_googleauth = __commonJS({
           const signed = await client.sign(data);
           return signed.signedBlob;
         }
-        const crypto22 = (0, crypto_1.createCrypto)();
+        const crypto23 = (0, crypto_1.createCrypto)();
         if (client instanceof jwtclient_1.JWT && client.key) {
-          const sign = await crypto22.sign(client.key, data);
+          const sign = await crypto23.sign(client.key, data);
           return sign;
         }
         const creds = await this.getCredentials();
         if (!creds.client_email) {
           throw new Error("Cannot sign data without `client_email`.");
         }
-        return this.signBlob(crypto22, creds.client_email, data, endpoint);
+        return this.signBlob(crypto23, creds.client_email, data, endpoint);
       }
-      async signBlob(crypto22, emailOrUniqueId, data, endpoint) {
+      async signBlob(crypto23, emailOrUniqueId, data, endpoint) {
         const url3 = new URL(endpoint + `${emailOrUniqueId}:signBlob`);
         const res = await this.request({
           method: "POST",
           url: url3.href,
           data: {
-            payload: crypto22.encodeBase64StringUtf8(data)
+            payload: crypto23.encodeBase64StringUtf8(data)
           },
           retry: true,
           retryConfig: {
@@ -108724,7 +108724,7 @@ var require_src48 = __commonJS({
 var require_object_hash = __commonJS({
   "node_modules/object-hash/index.js"(exports2, module2) {
     "use strict";
-    var crypto22 = __require("crypto");
+    var crypto23 = __require("crypto");
     exports2 = module2.exports = objectHash;
     function objectHash(object3, options) {
       options = applyDefaults(object3, options);
@@ -108742,7 +108742,7 @@ var require_object_hash = __commonJS({
     exports2.keysMD5 = function(object3) {
       return objectHash(object3, { algorithm: "md5", encoding: "hex", excludeValues: true });
     };
-    var hashes = crypto22.getHashes ? crypto22.getHashes().slice() : ["sha1", "md5"];
+    var hashes = crypto23.getHashes ? crypto23.getHashes().slice() : ["sha1", "md5"];
     hashes.push("passthrough");
     var encodings = ["buffer", "hex", "binary", "base64"];
     function applyDefaults(object3, sourceOptions) {
@@ -108788,7 +108788,7 @@ var require_object_hash = __commonJS({
     function hash(object3, options) {
       var hashingStream;
       if (options.algorithm !== "passthrough") {
-        hashingStream = crypto22.createHash(options.algorithm);
+        hashingStream = crypto23.createHash(options.algorithm);
       } else {
         hashingStream = new PassThrough3();
       }
@@ -125275,13 +125275,13 @@ var require_context = __commonJS({
     exports2.parseXCloudTraceHeader = parseXCloudTraceHeader;
     exports2.parseTraceParentHeader = parseTraceParentHeader;
     var uuid3 = (init_esm_node(), __toCommonJS(esm_node_exports));
-    var crypto22 = __require("crypto");
+    var crypto23 = __require("crypto");
     var api_1 = (init_esm(), __toCommonJS(esm_exports));
     exports2.X_CLOUD_TRACE_HEADER = "x-cloud-trace-context";
     var SPAN_ID_RANDOM_BYTES = 8;
     var spanIdBuffer = Buffer.alloc(SPAN_ID_RANDOM_BYTES);
-    var randomFillSync2 = crypto22.randomFillSync;
-    var randomBytes7 = crypto22.randomBytes;
+    var randomFillSync2 = crypto23.randomFillSync;
+    var randomBytes7 = crypto23.randomBytes;
     var spanRandomBuffer = randomFillSync2 ? () => randomFillSync2(spanIdBuffer) : () => randomBytes7(SPAN_ID_RANDOM_BYTES);
     exports2.W3C_TRACE_PARENT_HEADER = "traceparent";
     function makeHeaderWrapper(req) {
@@ -187684,8 +187684,8 @@ var require_snapshot_utils = __commonJS({
         match: new Set(matchHeaders.map((header) => caseSensitive ? header : header.toLowerCase()))
       };
     }
-    var crypto22 = runtimeFeatures.has("crypto") ? __require("node:crypto") : null;
-    var hashId = crypto22?.hash ? (value) => crypto22.hash("sha256", value, "base64url") : (value) => Buffer.from(value).toString("base64url");
+    var crypto23 = runtimeFeatures.has("crypto") ? __require("node:crypto") : null;
+    var hashId = crypto23?.hash ? (value) => crypto23.hash("sha256", value, "base64url") : (value) => Buffer.from(value).toString("base64url");
     function isUndiciHeaders(headers) {
       return Array.isArray(headers) && (headers.length & 1) === 0;
     }
@@ -193740,10 +193740,10 @@ var require_subresource_integrity = __commonJS({
     var assert4 = __require("node:assert");
     var { runtimeFeatures } = require_runtime_features();
     var validSRIHashAlgorithmTokenSet = /* @__PURE__ */ new Map([["sha256", 0], ["sha384", 1], ["sha512", 2]]);
-    var crypto22;
+    var crypto23;
     if (runtimeFeatures.has("crypto")) {
-      crypto22 = __require("node:crypto");
-      const cryptoHashes = crypto22.getHashes();
+      crypto23 = __require("node:crypto");
+      const cryptoHashes = crypto23.getHashes();
       if (cryptoHashes.length === 0) {
         validSRIHashAlgorithmTokenSet.clear();
       }
@@ -193833,7 +193833,7 @@ var require_subresource_integrity = __commonJS({
       return result2;
     }
     var applyAlgorithmToBytes = (algorithm, bytes) => {
-      return crypto22.hash(algorithm, bytes, "base64");
+      return crypto23.hash(algorithm, bytes, "base64");
     };
     function caseSensitiveMatch(actualValue, expectedValue) {
       let actualValueLength = actualValue.length;
@@ -196767,7 +196767,7 @@ var require_connection = __commonJS({
     var { WebsocketFrameSend } = require_frame();
     var assert4 = __require("node:assert");
     var { runtimeFeatures } = require_runtime_features();
-    var crypto22 = runtimeFeatures.has("crypto") ? __require("node:crypto") : null;
+    var crypto23 = runtimeFeatures.has("crypto") ? __require("node:crypto") : null;
     var warningEmitted = false;
     function establishWebSocketConnection(url3, protocols, client, handler, options) {
       const requestURL = url3;
@@ -196787,7 +196787,7 @@ var require_connection = __commonJS({
         const headersList = getHeadersList(new Headers2(options.headers));
         request.headersList = headersList;
       }
-      const keyValue = crypto22.randomBytes(16).toString("base64");
+      const keyValue = crypto23.randomBytes(16).toString("base64");
       request.headersList.append("sec-websocket-key", keyValue, true);
       request.headersList.append("sec-websocket-version", "13", true);
       for (const protocol of protocols) {
@@ -196827,7 +196827,7 @@ var require_connection = __commonJS({
             return;
           }
           const secWSAccept = response.headersList.get("Sec-WebSocket-Accept");
-          const digest = crypto22.hash("sha1", keyValue + uid, "base64");
+          const digest = crypto23.hash("sha1", keyValue + uid, "base64");
           if (secWSAccept !== digest) {
             failWebsocketConnection(handler, 1002, "Incorrect hash received in Sec-WebSocket-Accept header.");
             return;
@@ -250034,8 +250034,8 @@ var Float64Vector = import_vector.default.Float64Vector;
 var PointerVector = import_vector.default.PointerVector;
 // packages/core/src/generated/git-commit.ts
-var GIT_COMMIT_INFO = "146442f2a";
-var CLI_VERSION = "0.36.0-preview.0";
+var GIT_COMMIT_INFO = "310db3b82";
+var CLI_VERSION = "0.36.0-preview.4";
 // packages/core/src/ide/detect-ide.ts
 var IDE_DEFINITIONS = {
@@ -276488,7 +276488,7 @@ function getVersion() {
   }
   versionPromise = (async () => {
     const pkgJson = await getPackageJson(__dirname4);
-    return "0.36.0-preview.0";
+    return "0.36.0-preview.4";
   })();
   return versionPromise;
 }
@@ -325542,6 +325542,64 @@ function parseExperiments(response) {
   };
 }
+// packages/core/src/agents/registry.ts
+import * as crypto17 from "node:crypto";
+// packages/core/src/agents/types.ts
+var AgentTerminateMode = /* @__PURE__ */ ((AgentTerminateMode2) => {
+  AgentTerminateMode2["ERROR"] = "ERROR";
+  AgentTerminateMode2["TIMEOUT"] = "TIMEOUT";
+  AgentTerminateMode2["GOAL"] = "GOAL";
+  AgentTerminateMode2["MAX_TURNS"] = "MAX_TURNS";
+  AgentTerminateMode2["ABORTED"] = "ABORTED";
+  AgentTerminateMode2["ERROR_NO_COMPLETE_TASK_CALL"] = "ERROR_NO_COMPLETE_TASK_CALL";
+  return AgentTerminateMode2;
+})(AgentTerminateMode || {});
+var DEFAULT_QUERY_STRING = "Get Started!";
+var DEFAULT_MAX_TURNS = 30;
+var DEFAULT_MAX_TIME_MINUTES = 10;
+var SubagentActivityErrorType = /* @__PURE__ */ ((SubagentActivityErrorType2) => {
+  SubagentActivityErrorType2["REJECTED"] = "REJECTED";
+  SubagentActivityErrorType2["CANCELLED"] = "CANCELLED";
+  SubagentActivityErrorType2["GENERIC"] = "GENERIC";
+  return SubagentActivityErrorType2;
+})(SubagentActivityErrorType || {});
+var SUBAGENT_REJECTED_ERROR_PREFIX = "User rejected this operation.";
+var SUBAGENT_CANCELLED_ERROR_MESSAGE = "Request cancelled.";
+function isSubagentProgress(obj) {
+  return typeof obj === "object" && obj !== null && "isSubagentProgress" in obj && obj.isSubagentProgress === true;
+}
+function isToolActivityError(data) {
+  return data !== null && typeof data === "object" && "isError" in data && data.isError === true;
+}
+function getAgentCardLoadOptions(def) {
+  if (def.agentCardJson) {
+    return { type: "json", json: def.agentCardJson };
+  }
+  if (def.agentCardUrl) {
+    return { type: "url", url: def.agentCardUrl };
+  }
+  throw new Error(
+    `Remote agent '${def.name}' has neither agentCardUrl nor agentCardJson`
+  );
+}
+function getRemoteAgentTargetUrl(def) {
+  if (def.agentCardUrl) {
+    return def.agentCardUrl;
+  }
+  if (def.agentCardJson) {
+    try {
+      const parsed = JSON.parse(def.agentCardJson);
+      const card = parsed;
+      if (card.url) {
+        return card.url;
+      }
+    } catch {
+    }
+  }
+  return void 0;
+}
 // node_modules/js-yaml/dist/js-yaml.mjs
 function isNothing(subject) {
   return typeof subject === "undefined" || subject === null;
@@ -328133,34 +328191,6 @@ import * as fs46 from "node:fs/promises";
 import * as path61 from "node:path";
 import * as crypto16 from "node:crypto";
-// packages/core/src/agents/types.ts
-var AgentTerminateMode = /* @__PURE__ */ ((AgentTerminateMode2) => {
-  AgentTerminateMode2["ERROR"] = "ERROR";
-  AgentTerminateMode2["TIMEOUT"] = "TIMEOUT";
-  AgentTerminateMode2["GOAL"] = "GOAL";
-  AgentTerminateMode2["MAX_TURNS"] = "MAX_TURNS";
-  AgentTerminateMode2["ABORTED"] = "ABORTED";
-  AgentTerminateMode2["ERROR_NO_COMPLETE_TASK_CALL"] = "ERROR_NO_COMPLETE_TASK_CALL";
-  return AgentTerminateMode2;
-})(AgentTerminateMode || {});
-var DEFAULT_QUERY_STRING = "Get Started!";
-var DEFAULT_MAX_TURNS = 30;
-var DEFAULT_MAX_TIME_MINUTES = 10;
-var SubagentActivityErrorType = /* @__PURE__ */ ((SubagentActivityErrorType2) => {
-  SubagentActivityErrorType2["REJECTED"] = "REJECTED";
-  SubagentActivityErrorType2["CANCELLED"] = "CANCELLED";
-  SubagentActivityErrorType2["GENERIC"] = "GENERIC";
-  return SubagentActivityErrorType2;
-})(SubagentActivityErrorType || {});
-var SUBAGENT_REJECTED_ERROR_PREFIX = "User rejected this operation.";
-var SUBAGENT_CANCELLED_ERROR_MESSAGE = "Request cancelled.";
-function isSubagentProgress(obj) {
-  return typeof obj === "object" && obj !== null && "isSubagentProgress" in obj && obj.isSubagentProgress === true;
-}
-function isToolActivityError(data) {
-  return data !== null && typeof data === "object" && "isError" in data && data.isError === true;
-}
 // packages/core/src/skills/skillLoader.ts
 import * as fs45 from "node:fs/promises";
 import * as path60 from "node:path";
@@ -328354,17 +328384,16 @@ var authConfigSchema = external_exports.discriminatedUnion("type", [
   oauth2AuthSchema
 ]).superRefine((data, ctx) => {
   if (data.type === "http") {
-    if (data.value) {
-      return;
-    }
-    if (data.scheme === "Bearer" && !data.token) {
-      ctx.addIssue({
-        code: external_exports.ZodIssueCode.custom,
-        message: 'Bearer scheme requires "token"',
-        path: ["token"]
-      });
-    }
-    if (data.scheme === "Basic") {
+    if (data.value) return;
+    if (data.scheme === "Bearer") {
+      if (!data.token) {
+        ctx.addIssue({
+          code: external_exports.ZodIssueCode.custom,
+          message: 'Bearer scheme requires "token"',
+          path: ["token"]
+        });
+      }
+    } else if (data.scheme === "Basic") {
       if (!data.username) {
         ctx.addIssue({
           code: external_exports.ZodIssueCode.custom,
@@ -328379,39 +328408,84 @@ var authConfigSchema = external_exports.discriminatedUnion("type", [
           path: ["password"]
         });
       }
+    } else {
+      ctx.addIssue({
+        code: external_exports.ZodIssueCode.custom,
+        message: `HTTP scheme "${data.scheme}" requires "value"`,
+        path: ["value"]
+      });
     }
   }
 });
-var remoteAgentSchema = external_exports.object({
+var baseRemoteAgentSchema = external_exports.object({
   kind: external_exports.literal("remote").optional().default("remote"),
   name: nameSchema,
   description: external_exports.string().optional(),
   display_name: external_exports.string().optional(),
-  agent_card_url: external_exports.string().url(),
   auth: authConfigSchema.optional()
+});
+var remoteAgentUrlSchema = baseRemoteAgentSchema.extend({
+  agent_card_url: external_exports.string().url(),
+  agent_card_json: external_exports.undefined().optional()
+}).strict();
+var remoteAgentJsonSchema = baseRemoteAgentSchema.extend({
+  agent_card_url: external_exports.undefined().optional(),
+  agent_card_json: external_exports.string().refine(
+    (val) => {
+      try {
+        JSON.parse(val);
+        return true;
+      } catch {
+        return false;
+      }
+    },
+    { message: "agent_card_json must be valid JSON" }
+  )
 }).strict();
+var remoteAgentSchema = external_exports.union([
+  remoteAgentUrlSchema,
+  remoteAgentJsonSchema
+]);
 var agentUnionOptions = [
-  { schema: localAgentSchema, label: "Local Agent" },
-  { schema: remoteAgentSchema, label: "Remote Agent" }
+  { label: "Local Agent" },
+  { label: "Remote Agent" },
+  { label: "Remote Agent" }
 ];
 var remoteAgentsListSchema = external_exports.array(remoteAgentSchema);
 var markdownFrontmatterSchema = external_exports.union([
-  agentUnionOptions[0].schema,
-  agentUnionOptions[1].schema
+  localAgentSchema,
+  remoteAgentUrlSchema,
+  remoteAgentJsonSchema
 ]);
-function formatZodError(error40, context2) {
-  const issues = error40.issues.map((i3) => {
+function guessIntendedKind(rawInput) {
+  if (typeof rawInput !== "object" || rawInput === null) return void 0;
+  const input = rawInput;
+  if (input.kind === "local") return "local";
+  if (input.kind === "remote") return "remote";
+  const hasLocalKeys = "tools" in input || "mcp_servers" in input || "model" in input || "temperature" in input || "max_turns" in input || "timeout_mins" in input;
+  const hasRemoteKeys = "agent_card_url" in input || "auth" in input || "agent_card_json" in input;
+  if (hasLocalKeys && !hasRemoteKeys) return "local";
+  if (hasRemoteKeys && !hasLocalKeys) return "remote";
+  return void 0;
+}
+function formatZodError(error40, context2, rawInput) {
+  const intendedKind = rawInput ? guessIntendedKind(rawInput) : void 0;
+  const formatIssues = (issues, unionPrefix) => issues.flatMap((i3) => {
     if (i3.code === external_exports.ZodIssueCode.invalid_union) {
-      return i3.unionErrors.map((unionError, index) => {
-        const label = agentUnionOptions[index]?.label ?? `Agent type #${index + 1}`;
-        const unionIssues = unionError.issues.map((u2) => `${u2.path.join(".")}: ${u2.message}`).join(", ");
-        return `(${label}) ${unionIssues}`;
-      }).join("\n");
+      return i3.unionErrors.flatMap((unionError, index) => {
+        const label = unionPrefix ? unionPrefix : agentUnionOptions[index]?.label ?? `Branch #${index + 1}`;
+        if (intendedKind === "local" && label === "Remote Agent") return [];
+        if (intendedKind === "remote" && label === "Local Agent") return [];
+        return formatIssues(unionError.issues, label);
+      });
     }
-    return `${i3.path.join(".")}: ${i3.message}`;
-  }).join("\n");
+    const prefix = unionPrefix ? `(${unionPrefix}) ` : "";
+    const path85 = i3.path.length > 0 ? `${i3.path.join(".")}: ` : "";
+    return `${prefix}${path85}${i3.message}`;
+  });
+  const formatted = Array.from(new Set(formatIssues(error40.issues))).join("\n");
   return `${context2}:
-${issues}`;
+${formatted}`;
 }
 async function parseAgentMarkdown(filePath, content) {
   let fileContent;
@@ -328442,8 +328516,7 @@ async function parseAgentMarkdown(filePath, content) {
   } catch (error40) {
     throw new AgentLoadError(
       filePath,
-      // eslint-disable-next-line @typescript-eslint/no-unsafe-type-assertion
-      `YAML frontmatter parsing failed: ${error40.message}`
+      `YAML frontmatter parsing failed: ${getErrorMessage(error40)}`
     );
   }
   if (Array.isArray(rawFrontmatter)) {
@@ -328463,7 +328536,7 @@ async function parseAgentMarkdown(filePath, content) {
   if (!result2.success) {
     throw new AgentLoadError(
       filePath,
-      `Validation failed: ${formatZodError(result2.error, "Agent Definition")}`
+      `Validation failed: ${formatZodError(result2.error, "Agent Definition", rawFrontmatter)}`
     );
   }
   const frontmatter = result2.data;
@@ -328475,41 +328548,30 @@ async function parseAgentMarkdown(filePath, content) {
       }
     ];
   }
-  const agentDef = {
-    ...frontmatter,
-    kind: "local",
-    system_prompt: body2.trim()
-  };
-  return [agentDef];
+  return [
+    {
+      ...frontmatter,
+      kind: "local",
+      system_prompt: body2.trim()
+    }
+  ];
 }
 function convertFrontmatterAuthToConfig(frontmatter) {
-  const base = {};
   switch (frontmatter.type) {
     case "apiKey":
-      if (!frontmatter.key) {
-        throw new Error("Internal error: API key missing after validation.");
-      }
       return {
-        ...base,
         type: "apiKey",
         key: frontmatter.key,
         name: frontmatter.name
       };
     case "google-credentials":
       return {
-        ...base,
         type: "google-credentials",
         scopes: frontmatter.scopes
       };
-    case "http": {
-      if (!frontmatter.scheme) {
-        throw new Error(
-          "Internal error: HTTP scheme missing after validation."
-        );
-      }
+    case "http":
       if (frontmatter.value) {
         return {
-          ...base,
           type: "http",
           scheme: frontmatter.scheme,
           value: frontmatter.value
@@ -328517,38 +328579,23 @@ function convertFrontmatterAuthToConfig(frontmatter) {
       }
       switch (frontmatter.scheme) {
         case "Bearer":
-          if (!frontmatter.token) {
-            throw new Error(
-              "Internal error: Bearer token missing after validation."
-            );
-          }
           return {
-            ...base,
             type: "http",
             scheme: "Bearer",
             token: frontmatter.token
           };
         case "Basic":
-          if (!frontmatter.username || !frontmatter.password) {
-            throw new Error(
-              "Internal error: Basic auth credentials missing after validation."
-            );
-          }
           return {
-            ...base,
             type: "http",
             scheme: "Basic",
             username: frontmatter.username,
             password: frontmatter.password
           };
-        default: {
+        default:
           throw new Error(`Unknown HTTP scheme: ${frontmatter.scheme}`);
-        }
       }
-    }
     case "oauth":
       return {
-        ...base,
         type: "oauth2",
         client_id: frontmatter.client_id,
         client_secret: frontmatter.client_secret,
@@ -328557,8 +328604,12 @@ function convertFrontmatterAuthToConfig(frontmatter) {
         token_url: frontmatter.token_url
       };
     default: {
-      const exhaustive = frontmatter.type;
-      throw new Error(`Unknown auth type: ${exhaustive}`);
+      const exhaustive = frontmatter;
+      const raw = exhaustive;
+      if (typeof raw === "object" && raw !== null && "type" in raw) {
+        throw new Error(`Unknown auth type: ${String(raw["type"])}`);
+      }
+      throw new Error("Unknown auth type");
     }
   }
 }
@@ -328577,20 +328628,31 @@ function markdownToAgentDefinition(markdown, metadata2) {
     }
   };
   if (markdown.kind === "remote") {
-    return {
+    const base = {
       kind: "remote",
       name: markdown.name,
       description: markdown.description || "",
       displayName: markdown.display_name,
-      agentCardUrl: markdown.agent_card_url,
       auth: markdown.auth ? convertFrontmatterAuthToConfig(markdown.auth) : void 0,
       inputConfig,
       metadata: metadata2
     };
+    if ("agent_card_json" in markdown && markdown.agent_card_json !== void 0) {
+      base.agentCardJson = markdown.agent_card_json;
+      return base;
+    }
+    if ("agent_card_url" in markdown && markdown.agent_card_url !== void 0) {
+      base.agentCardUrl = markdown.agent_card_url;
+      return base;
+    }
+    throw new AgentLoadError(
+      metadata2?.filePath || "unknown",
+      "Unexpected state: neither agent_card_json nor agent_card_url present on remote agent"
+    );
   }
   const modelName = markdown.model || "inherit";
   const mcpServers = {};
-  if (markdown.kind === "local" && markdown.mcp_servers) {
+  if (markdown.mcp_servers) {
     for (const [name3, config2] of Object.entries(markdown.mcp_servers)) {
       mcpServers[name3] = new MCPServerConfig(
         config2.command,
@@ -328647,14 +328709,13 @@ async function loadAgentsFromDirectory(dir) {
   try {
     dirEntries = await fs46.readdir(dir, { withFileTypes: true });
   } catch (error40) {
-    if (error40.code === "ENOENT") {
+    if (error40 instanceof Error && "code" in error40 && error40.code === "ENOENT") {
       return result2;
     }
     result2.errors.push(
       new AgentLoadError(
         dir,
-        // eslint-disable-next-line @typescript-eslint/no-unsafe-type-assertion
-        `Could not list directory: ${error40.message}`
+        `Could not list directory: ${getErrorMessage(error40)}`
       )
     );
     return result2;
@@ -328679,8 +328740,7 @@ async function loadAgentsFromDirectory(dir) {
         result2.errors.push(
           new AgentLoadError(
             filePath,
-            // eslint-disable-next-line @typescript-eslint/no-unsafe-type-assertion
-            `Unexpected error: ${error40.message}`
+            `Unexpected error: ${getErrorMessage(error40)}`
           )
         );
       }
@@ -329820,7 +329880,7 @@ var A2AAuthProviderFactory = class _A2AAuthProviderFactory {
         return provider;
       }
       case "oauth2": {
-        const { OAuth2AuthProvider } = await import("./oauth2-provider-VHUD4ICS.js");
+        const { OAuth2AuthProvider } = await import("./oauth2-provider-GQA3CRCL.js");
         const provider = new OAuth2AuthProvider(
           authConfig,
           options.agentName ?? "unknown",
@@ -330193,7 +330253,7 @@ var AgentRegistry = class {
           if (!agent.metadata) {
             agent.metadata = {};
           }
-          agent.metadata.hash = agent.agentCardUrl;
+          agent.metadata.hash = agent.agentCardUrl ?? (agent.agentCardJson ? crypto17.createHash("sha256").update(agent.agentCardJson).digest("hex") : void 0);
         }
         if (!agent.metadata?.hash) {
           agentsToRegister.push(agent);
@@ -330405,12 +330465,13 @@ var AgentRegistry = class {
         );
         return;
       }
+      const targetUrl = getRemoteAgentTargetUrl(remoteDef);
       let authHandler;
       if (definition.auth) {
         const provider = await A2AAuthProviderFactory.create({
           authConfig: definition.auth,
           agentName: definition.name,
-          targetUrl: definition.agentCardUrl,
+          targetUrl,
           agentCardUrl: remoteDef.agentCardUrl
         });
         if (!provider) {
@@ -330422,7 +330483,7 @@ var AgentRegistry = class {
       }
       const agentCard = await clientManager.loadAgent(
         remoteDef.name,
-        remoteDef.agentCardUrl,
+        getAgentCardLoadOptions(remoteDef),
         authHandler
       );
       if (agentCard.securitySchemes) {
@@ -330467,7 +330528,7 @@ ${skillsList}`);
       }
       if (this.config.getDebugMode()) {
         debugLogger.log(
-          `[AgentRegistry] Registered remote agent '${definition.name}' with card: ${definition.agentCardUrl}`
+          `[AgentRegistry] Registered remote agent '${definition.name}' with card: ${definition.agentCardUrl ?? "inline JSON"}`
         );
       }
       this.agents.set(definition.name, definition);
@@ -334621,10 +334682,11 @@ var RemoteAgentInvocation = class _RemoteAgentInvocation extends BaseToolInvocat
       return this.authHandler;
     }
     if (this.definition.auth) {
+      const targetUrl = getRemoteAgentTargetUrl(this.definition);
       const provider = await A2AAuthProviderFactory.create({
         authConfig: this.definition.auth,
         agentName: this.definition.name,
-        targetUrl: this.definition.agentCardUrl,
+        targetUrl,
         agentCardUrl: this.definition.agentCardUrl
       });
       if (!provider) {
@@ -334675,7 +334737,7 @@ var RemoteAgentInvocation = class _RemoteAgentInvocation extends BaseToolInvocat
       if (!this.clientManager.getClient(this.definition.name)) {
         await this.clientManager.loadAgent(
           this.definition.name,
-          this.definition.agentCardUrl,
+          getAgentCardLoadOptions(this.definition),
           authHandler
         );
       }
@@ -336951,7 +337013,7 @@ var InjectionService = class {
 // packages/core/src/policy/config.ts
 import * as fs53 from "node:fs/promises";
 import * as path68 from "node:path";
-import * as crypto17 from "node:crypto";
+import * as crypto18 from "node:crypto";
 import { fileURLToPath as fileURLToPath17 } from "node:url";
 // packages/core/src/policy/toml-loader.ts
@@ -337883,7 +337945,7 @@ function createPolicyUpdater(policyEngine, messageBus, storage2) {
             }
             existingData.rule.push(newRule);
             const newContent = import_toml3.default.stringify(existingData);
-            const tmpSuffix = crypto17.randomBytes(8).toString("hex");
+            const tmpSuffix = crypto18.randomBytes(8).toString("hex");
             const tmpFile = `${policyFile}.${tmpSuffix}.tmp`;
             let handle2;
             try {
@@ -339711,7 +339773,7 @@ import { pathToFileURL } from "node:url";
 import { randomUUID as randomUUID8 } from "node:crypto";
 // packages/core/src/mcp/oauth-provider.ts
-import * as crypto19 from "node:crypto";
+import * as crypto20 from "node:crypto";
 import { URL as URL7 } from "node:url";
 // packages/core/src/mcp/oauth-token-storage.ts
@@ -339903,14 +339965,14 @@ var MCPOAuthTokenStorage = class {
 // packages/core/src/utils/oauth-flow.ts
 import * as http4 from "node:http";
-import * as crypto18 from "node:crypto";
+import * as crypto19 from "node:crypto";
 import { URL as URL6 } from "node:url";
 var REDIRECT_PATH = "/oauth/callback";
 var HTTP_OK = 200;
 function generatePKCEParams() {
-  const codeVerifier = crypto18.randomBytes(64).toString("base64url");
-  const codeChallenge = crypto18.createHash("sha256").update(codeVerifier).digest("base64url");
-  const state = crypto18.randomBytes(16).toString("base64url");
+  const codeVerifier = crypto19.randomBytes(64).toString("base64url");
+  const codeChallenge = crypto19.createHash("sha256").update(codeVerifier).digest("base64url");
+  const state = crypto19.randomBytes(16).toString("base64url");
   return { codeVerifier, codeChallenge, state };
 }
 function startCallbackServer(expectedState, port) {
@@ -340516,7 +340578,7 @@ ${authUrl}
       debugLogger.debug("\u2713 Authentication successful! Token saved.");
       const savedToken = await this.tokenStorage.getCredentials(serverName);
       if (savedToken && savedToken.token && savedToken.token.accessToken) {
-        const tokenFingerprint = crypto19.createHash("sha256").update(savedToken.token.accessToken).digest("hex").slice(0, 8);
+        const tokenFingerprint = crypto20.createHash("sha256").update(savedToken.token.accessToken).digest("hex").slice(0, 8);
         debugLogger.debug(
           `\u2713 Token verification successful (fingerprint: ${tokenFingerprint})`
         );
@@ -342149,7 +342211,7 @@ function isEnabled(funcDecl, mcpServerName, mcpServerConfig) {
 }
 // packages/core/src/tools/mcp-client-manager.ts
-import { createHash as createHash8 } from "node:crypto";
+import { createHash as createHash9 } from "node:crypto";
 var McpClientManager = class {
   clients = /* @__PURE__ */ new Map();
   // Track all configured servers (including disabled ones) for UI display
@@ -342352,7 +342414,7 @@ var McpClientManager = class {
       config: rest,
       extensionId: extension?.id
     };
-    return createHash8("sha256").update(stableStringify(keyData)).digest("hex");
+    return createHash9("sha256").update(stableStringify(keyData)).digest("hex");
   }
   /**
    * Merges two MCP configurations. The second configuration (override)
@@ -350277,7 +350339,7 @@ var A2AClientManager = class {
    * @param authHandler Optional authentication handler to use for this agent.
    * @returns The loaded AgentCard.
    */
-  async loadAgent(name3, agentCardUrl, authHandler) {
+  async loadAgent(name3, options, authHandler) {
     if (this.clients.has(name3) && this.agentCards.has(name3)) {
       throw new Error(`Agent with name '${name3}' is already loaded.`);
     }
@@ -350296,7 +350358,21 @@ var A2AClientManager = class {
       return response;
     };
     const resolver = new DefaultAgentCardResolver({ fetchImpl: cardFetch });
-    const rawCard = await resolver.resolve(agentCardUrl, "");
+    let rawCard;
+    let urlIdentifier = "inline JSON";
+    if (options.type === "json") {
+      try {
+        rawCard = JSON.parse(options.json);
+      } catch (error40) {
+        const msg = error40 instanceof Error ? error40.message : String(error40);
+        throw new Error(
+          `Failed to parse inline agent card JSON for agent '${name3}': ${msg}`
+        );
+      }
+    } else {
+      urlIdentifier = options.url;
+      rawCard = await resolver.resolve(options.url, "");
+    }
     const agentCard = normalizeAgentCard(rawCard);
     const grpcUrl = agentCard.additionalInterfaces?.find((i3) => i3.transport === "GRPC")?.url ?? agentCard.url;
     const clientOptions = ClientFactoryOptions.createFrom(
@@ -350318,11 +350394,11 @@ var A2AClientManager = class {
       this.clients.set(name3, client);
       this.agentCards.set(name3, agentCard);
       debugLogger.debug(
-        `[A2AClientManager] Loaded agent '${name3}' from ${agentCardUrl}`
+        `[A2AClientManager] Loaded agent '${name3}' from ${urlIdentifier}`
       );
       return agentCard;
     } catch (error40) {
-      throw classifyAgentError(name3, agentCardUrl, error40);
+      throw classifyAgentError(name3, urlIdentifier, error40);
     }
   }
   /**
@@ -352779,7 +352855,7 @@ var StreamJsonFormatter = class {
 };
 // packages/core/src/policy/integrity.ts
-import * as crypto20 from "node:crypto";
+import * as crypto21 from "node:crypto";
 import * as fs58 from "node:fs/promises";
 import * as path73 from "node:path";
 var IntegrityStatus = /* @__PURE__ */ ((IntegrityStatus2) => {
@@ -352834,7 +352910,7 @@ var PolicyIntegrityManager = class _PolicyIntegrityManager {
     try {
       const files = await readPolicyFiles(policyDir);
       files.sort((a2, b) => a2.path.localeCompare(b.path));
-      const hash = crypto20.createHash("sha256");
+      const hash = crypto21.createHash("sha256");
       for (const file2 of files) {
         const relativePath = path73.relative(policyDir, file2.path);
         hash.update(relativePath);
@@ -352885,7 +352961,7 @@ var PolicyIntegrityManager = class _PolicyIntegrityManager {
 import * as fs59 from "node:fs";
 import * as path74 from "node:path";
 import {
-  createHash as createHash10,
+  createHash as createHash11,
   createHmac,
   randomBytes as randomBytes6,
   timingSafeEqual
@@ -353028,7 +353104,7 @@ var ExtensionIntegrityStore = class {
    */
   generateHash(metadata2) {
     const content = (0, import_json_stable_stringify.default)(metadata2) ?? "";
-    return createHash10("sha256").update(content).digest("hex");
+    return createHash11("sha256").update(content).digest("hex");
   }
   /**
    * Generates an HMAC-SHA256 signature using the master secret key.
@@ -354012,11 +354088,11 @@ var import_fdir = __toESM(require_dist9(), 1);
 import path77 from "node:path";
 // packages/core/src/utils/filesearch/crawlCache.ts
-import crypto21 from "node:crypto";
+import crypto22 from "node:crypto";
 var crawlCache = /* @__PURE__ */ new Map();
 var cacheTimers = /* @__PURE__ */ new Map();
 var getCacheKey = (directory, ignoreContent, maxDepth) => {
-  const hash = crypto21.createHash("sha256");
+  const hash = crypto22.createHash("sha256");
   hash.update(directory);
   hash.update(ignoreContent);
   if (maxDepth !== void 0) {
@@ -358335,6 +358411,8 @@ export {
   SUBAGENT_CANCELLED_ERROR_MESSAGE,
   isSubagentProgress,
   isToolActivityError,
+  getAgentCardLoadOptions,
+  getRemoteAgentTargetUrl,
   FRONTMATTER_REGEX,
   loadSkillsFromDir,
   loadSkillFromFile,