@mmmbuto/gemini-cli-termux 0.42.0-termux → 0.46.0-termux

package/bundle/{gemini-NJWIVDFH.js → gemini-SGAFQX2R.js}

@@ -41,18 +41,18 @@ import {
   updateAllUpdatableExtensions,
   updateExtension,
   validateAuthMethod
-} from "./chunk-SLMD2AMF.js";
+} from "./chunk-YGU42N5I.js";
 import {
   appEvents
 } from "./chunk-5PS3AYFU.js";
 import {
   startCommand,
   startServer
-} from "./chunk-ORXUJRZC.js";
+} from "./chunk-B7I47N5E.js";
 import {
   exitCli,
   require_source
-} from "./chunk-EHTAR2YP.js";
+} from "./chunk-G2G6HEZZ.js";
 import {
   DEFAULT_PORT,
   GEMMA_MODEL_NAME,
@@ -86,11 +86,11 @@ import {
   readServerProcessInfo,
   resolveGemmaConfig,
   saveModelChange
-} from "./chunk-BF6DCDLJ.js";
+} from "./chunk-4TSWR3AN.js";
 import {
   RELAUNCH_EXIT_CODE
-} from "./chunk-A6KCGXPK.js";
-import "./chunk-MP2YMAMR.js";
+} from "./chunk-WUVOS6TV.js";
+import "./chunk-IT3YFQ3I.js";
 import {
   cleanupCheckpoints,
   registerCleanup,
@@ -99,28 +99,57 @@ import {
   runExitCleanup,
   runSyncCleanup,
   setupSignalHandlers
-} from "./chunk-6PXDEURC.js";
+} from "./chunk-7QZTHDKK.js";
 import {
+  ASK_USER_TOOL_NAME,
+  ApprovalMode,
   AuthType,
-  ChatRecordingService,
   Client,
   Config,
+  CoreEvent,
   CoreToolCallStatus,
+  DEFAULT_CONTEXT_FILENAME,
+  DEFAULT_FILE_FILTERING_OPTIONS,
+  DEFAULT_GEMINI_EMBEDDING_MODEL,
+  DEFAULT_GEMINI_FLASH_LITE_MODEL,
+  DEFAULT_GEMINI_FLASH_MODEL,
+  DEFAULT_GEMINI_MODEL,
+  DiscoveredMCPTool,
   ExitCodes,
+  FatalAuthenticationError,
+  FatalCancellationError,
+  FatalConfigError,
+  FatalError,
+  FatalInputError,
+  FatalSandboxError,
+  FatalToolExecutionError,
+  FatalTurnLimitedError,
+  FatalUntrustedWorkspaceError,
   FileDiscoveryService,
   FolderTrustDiscoveryService,
+  GEMINI_DIR,
+  GEMINI_MODEL_ALIAS_AUTO,
   GeminiEventType,
   IdeClient,
   IntegrityStatus,
   InvalidStreamError,
   JsonFormatter,
   JsonStreamEventType,
+  Kind,
   LegacyAgentSession,
   Logger,
   MCPServerConfig,
   MCPServerStatus,
+  MessageBusType,
   OutputFormat,
+  PREVIEW_GEMINI_3_1_CUSTOM_TOOLS_MODEL,
+  PREVIEW_GEMINI_3_1_MODEL,
+  PREVIEW_GEMINI_FLASH_LITE_MODEL,
+  PREVIEW_GEMINI_FLASH_MODEL,
+  PREVIEW_GEMINI_MODEL,
+  PolicyDecision,
   PolicyIntegrityManager,
+  REFERENCE_CONTENT_START,
   ROOT_SCHEDULER_ID,
   ReadManyFilesTool,
   Scheduler,
@@ -128,47 +157,61 @@ import {
   SessionStartSource,
   ShellExecutionService,
   SimpleExtensionLoader,
+  Storage,
   StreamJsonFormatter,
   ToolCallEvent,
+  ToolConfirmationOutcome,
+  ToolErrorType,
   TrustLevel,
   UserAccountManager,
   UserPromptEvent,
   ValidationCancelledError,
   ValidationRequiredError,
   WarningPriority,
-  addMemory,
   applyAdminAllowlist,
   applyRequiredServers,
   clearCachedCredentialFile,
   convertSessionToClientHistory,
   convertToFunctionResponse,
+  coreEvents,
   createPolicyEngineConfig,
   createPolicyUpdater,
   createSessionId,
   createTransport,
   createWorkingStdio,
   createWorktreeService,
+  debugLogger,
+  deleteStoredSession,
   detectIdeFromEnv,
   displayContentToString,
   execa,
-  external_exports as external_exports2,
+  external_exports,
+  external_exports2,
   geminiPartsToContentParts,
   generateSummary,
   getAdminBlockedMcpServersMessage,
   getAdminErrorMessage,
   getAuthTypeFromEnv,
+  getAutoModelDescription,
   getCheckpointInfoList,
   getCompatibilityWarnings,
+  getDisplayString,
+  getErrorMessage,
   getErrorStatus,
+  getErrorType,
   getOauthClient,
   getPackageJson,
+  getProjectHash,
   getProjectRootForWorktree,
   getPty,
   getRealPath,
   getToolCallDataSchema,
   getVersion,
+  homedir,
+  isFatalToolError,
   isGeminiWorktree,
   isHeadlessMode,
+  isNodeError,
   isTextPart,
   isWithinRoot,
   listExtensions,
@@ -176,6 +219,7 @@ import {
   listInboxPatches,
   listInboxSkills,
   listMemoryFiles,
+  loadConversationRecord,
   logToolCall,
   logUserPrompt,
   parseAndFormatApiError,
@@ -190,7 +234,11 @@ import {
   require_command_exists,
   require_shell_quote,
   require_strip_json_comments,
+  resetGeminiMdFilename,
+  resolveAtCommandPath,
   resolveTelemetrySettings,
+  resolveToRealPath,
+  setGeminiMdFilename,
   shouldEnterAlternateScreen,
   showMemory,
   startupProfiler,
@@ -199,57 +247,9 @@ import {
   updatePolicy,
   writeToStderr,
   writeToStdout
-} from "./chunk-LX6GOGBA.js";
-import {
-  ASK_USER_TOOL_NAME,
-  ApprovalMode,
-  CoreEvent,
-  DEFAULT_FILE_FILTERING_OPTIONS,
-  DEFAULT_GEMINI_EMBEDDING_MODEL,
-  DEFAULT_GEMINI_FLASH_LITE_MODEL,
-  DEFAULT_GEMINI_FLASH_MODEL,
-  DEFAULT_GEMINI_MODEL,
-  DEFAULT_GEMINI_MODEL_AUTO,
-  DEFAULT_MEMORY_FILE_FILTERING_OPTIONS,
-  DiscoveredMCPTool,
-  FatalAuthenticationError,
-  FatalCancellationError,
-  FatalConfigError,
-  FatalError,
-  FatalInputError,
-  FatalSandboxError,
-  FatalToolExecutionError,
-  FatalTurnLimitedError,
-  FatalUntrustedWorkspaceError,
-  GEMINI_DIR,
-  GEMINI_MODEL_ALIAS_AUTO,
-  Kind,
-  PREVIEW_GEMINI_3_1_CUSTOM_TOOLS_MODEL,
-  PREVIEW_GEMINI_3_1_FLASH_LITE_MODEL,
-  PREVIEW_GEMINI_3_1_MODEL,
-  PREVIEW_GEMINI_FLASH_MODEL,
-  PREVIEW_GEMINI_MODEL,
-  PREVIEW_GEMINI_MODEL_AUTO,
-  REFERENCE_CONTENT_START,
-  Storage,
-  ToolConfirmationOutcome,
-  ToolErrorType,
-  coreEvents,
-  debugLogger,
-  external_exports,
-  getCurrentGeminiMdFilename,
-  getDisplayString,
-  getErrorMessage,
-  getErrorType,
-  homedir,
-  isFatalToolError,
-  isNodeError,
-  loadServerHierarchicalMemory,
-  resolveToRealPath,
-  setGeminiMdFilename
-} from "./chunk-2X6HJV2G.js";
-import "./chunk-PL5MCDGY.js";
-import "./chunk-RJTRUG2J.js";
+} from "./chunk-IB4Q6NBY.js";
+import "./chunk-6HI7VNOG.js";
+import "./chunk-TUDYL3X4.js";
 import "./chunk-IUUIT4SU.js";
 import {
   __require,
@@ -1532,11 +1532,11 @@ var parser = new YargsParser({
   resolve: resolve2,
   // TODO: figure  out a  way to combine ESM and CJS coverage, such  that
   // we can exercise all the lines below:
-  require: (path15) => {
+  require: (path16) => {
     if (typeof __require !== "undefined") {
-      return __require(path15);
-    } else if (path15.match(/\.json$/)) {
-      return JSON.parse(readFileSync(path15, "utf8"));
+      return __require(path16);
+    } else if (path16.match(/\.json$/)) {
+      return JSON.parse(readFileSync(path16, "utf8"));
     } else {
       throw Error("only .json config files are supported in ESM");
     }
@@ -5433,12 +5433,12 @@ async function testMCPConnection(serverName, config, isTrusted, activeSettings)
     return MCPServerStatus.DISCONNECTED;
   }
 }
-async function getServerStatus(serverName, server, isTrusted, activeSettings) {
+async function getServerStatus(serverName, server, isTrusted, activeSettings, consolidatedExcluded, consolidatedAllowed) {
   const mcpEnablementManager = McpServerEnablementManager.getInstance();
   const loadResult = await canLoadServer(serverName, {
     adminMcpEnabled: activeSettings.admin?.mcp?.enabled ?? true,
-    allowedList: activeSettings.mcp?.allowed,
-    excludedList: activeSettings.mcp?.excluded,
+    allowedList: consolidatedAllowed,
+    excludedList: consolidatedExcluded.length > 0 ? consolidatedExcluded : void 0,
     enablement: mcpEnablementManager.getEnablementCallbacks()
   });
   if (!loadResult.allowed) {
@@ -5447,12 +5447,16 @@ async function getServerStatus(serverName, server, isTrusted, activeSettings) {
     }
     return MCPServerStatus.DISABLED;
   }
+  if (!isTrusted) {
+    return MCPServerStatus.DISABLED;
+  }
   return testMCPConnection(serverName, server, isTrusted, activeSettings);
 }
 async function listMcpServers(loadedSettingsArg) {
   const loadedSettings = loadedSettingsArg ?? loadSettings();
   const activeSettings = loadedSettings.merged;
-  const { mcpServers, blockedServerNames } = await getMcpServersFromConfig(activeSettings);
+  const allSettings = !loadedSettings.isTrusted ? loadedSettings.getMergedSettingsAsIfTrusted() : activeSettings;
+  const { mcpServers, blockedServerNames } = await getMcpServersFromConfig(allSettings);
   const serverNames = Object.keys(mcpServers);
   if (blockedServerNames.length > 0) {
     const message = getAdminBlockedMcpServersMessage(
@@ -5467,6 +5471,15 @@ async function listMcpServers(loadedSettingsArg) {
     }
     return;
   }
+  if (!loadedSettings.isTrusted) {
+    debugLogger.log(
+      import_chalk.default.yellow(
+        "Warning: MCP servers are configured but disabled because this folder is untrusted.\nUser-level servers are also suppressed in untrusted folders to prevent accidental side-effects.\n"
+      )
+    );
+  }
+  const consolidatedExcluded = loadedSettings.getConsolidatedExcludedMcpServers();
+  const consolidatedAllowed = loadedSettings.getConsolidatedAllowedMcpServers();
   debugLogger.log("Configured MCP servers:\n");
   for (const serverName of serverNames) {
     const server = mcpServers[serverName];
@@ -5474,7 +5487,9 @@ async function listMcpServers(loadedSettingsArg) {
       serverName,
       server,
       loadedSettings.isTrusted,
-      activeSettings
+      activeSettings,
+      consolidatedExcluded,
+      consolidatedAllowed
     );
     let statusIndicator = "";
     let statusText = "";
@@ -6306,27 +6321,27 @@ import { fileURLToPath as fileURLToPath2 } from "node:url";
 var __filename = fileURLToPath2(import.meta.url);
 var __dirname2 = dirname3(__filename);
 var EXAMPLES_PATH = join(__dirname2, "examples");
-async function pathExists(path15) {
+async function pathExists(path16) {
   try {
-    await access(path15);
+    await access(path16);
     return true;
   } catch {
     return false;
   }
 }
-async function createDirectory(path15) {
-  if (await pathExists(path15)) {
-    throw new Error(`Path already exists: ${path15}`);
+async function createDirectory(path16) {
+  if (await pathExists(path16)) {
+    throw new Error(`Path already exists: ${path16}`);
   }
-  await mkdir(path15, { recursive: true });
+  await mkdir(path16, { recursive: true });
 }
-async function copyDirectory(template, path15) {
-  await createDirectory(path15);
+async function copyDirectory(template, path16) {
+  await createDirectory(path16);
   const examplePath = join(EXAMPLES_PATH, template);
   const entries = await readdir(examplePath, { withFileTypes: true });
   for (const entry of entries) {
     const srcPath = join(examplePath, entry.name);
-    const destPath = join(path15, entry.name);
+    const destPath = join(path16, entry.name);
     await cp(srcPath, destPath, { recursive: true });
   }
 }
@@ -6601,7 +6616,7 @@ async function handleEnable3(args) {
   const result = enableSkill(settings, name);
   const feedback = renderSkillActionFeedback(
     result,
-    (label, path15) => `${import_chalk5.default.bold(label)} (${import_chalk5.default.dim(path15)})`
+    (label, path16) => `${import_chalk5.default.bold(label)} (${import_chalk5.default.dim(path16)})`
   );
   debugLogger.log(feedback);
 }
@@ -6631,7 +6646,7 @@ async function handleDisable3(args) {
   const result = disableSkill(settings, name, scope);
   const feedback = renderSkillActionFeedback(
     result,
-    (label, path15) => `${import_chalk6.default.bold(label)} (${import_chalk6.default.dim(path15)})`
+    (label, path16) => `${import_chalk6.default.bold(label)} (${import_chalk6.default.dim(path16)})`
   );
   debugLogger.log(feedback);
 }
@@ -7826,7 +7841,7 @@ async function loadSandboxConfig(settings, argv) {
   }
   const command2 = getSandboxCommand(sandboxValue);
   const packageJson = await getPackageJson(__dirname3);
-  const image = process.env["GEMINI_SANDBOX_IMAGE"] ?? "ghcr.io/mmmbuto/gemini-cli-termux:0.42.0-termux" ?? customImage ?? packageJson?.config?.sandboxImageUri;
+  const image = process.env["GEMINI_SANDBOX_IMAGE"] ?? "ghcr.io/mmmbuto/gemini-cli-termux:0.46.0-termux" ?? customImage ?? packageJson?.config?.sandboxImageUri;
   const isNative = command2 === "windows-native" || command2 === "sandbox-exec" || command2 === "lxc";
   return command2 && (image || isNative) ? { enabled: true, allowedPaths, networkAccess, command: command2, image } : void 0;
 }
@@ -7994,8 +8009,13 @@ async function parseArguments(settings) {
     const queryArg2 = argv["query"];
     const query = typeof queryArg2 === "string" || Array.isArray(queryArg2) ? queryArg2 : void 0;
     const hasPositionalQuery = Array.isArray(query) ? query.length > 0 : !!query;
-    if (argv["resume"] !== void 0 && argv["session-id"] !== void 0) {
-      return "Cannot use both --resume (-r) and --session-id together";
+    const sessionFlags = [
+      argv["resume"] !== void 0,
+      argv["session-id"] !== void 0,
+      argv["session-file"] !== void 0
+    ].filter(Boolean).length;
+    if (sessionFlags > 1) {
+      return "The flags --resume, --session-id, and --session-file are mutually exclusive. Please provide only one.";
     }
     if (argv["prompt"] && hasPositionalQuery) {
       return "Cannot use both a positional prompt and the --prompt (-p) flag together";
@@ -8126,6 +8146,10 @@ async function parseArguments(settings) {
         }
         return trimmed;
       }
+    }).option("session-file", {
+      type: "string",
+      nargs: 1,
+      description: "Load a session from a JSON file"
     }).option("session-id", {
       type: "string",
       nargs: 1,
@@ -8167,6 +8191,10 @@ async function parseArguments(settings) {
       type: "string",
       description: "Path to a file with fake model responses for testing.",
       hidden: true
+    }).option("fake-responses-non-strict", {
+      type: "string",
+      description: "Path to a file with fake model responses for testing (non-strict mode).",
+      hidden: true
     }).option("record-responses", {
       type: "string",
       description: "Path to a file to record model responses for testing.",
@@ -8232,14 +8260,13 @@ async function loadCliConfig(settings, sessionId, argv, options = {}) {
     cwd = process3.cwd(),
     projectHooks,
     skipExtensions = false,
-    skipMemoryLoad = false
+    loadedSettings
   } = options;
   const debugMode = isDebugMode(argv);
   const worktreeSettings = options.worktreeSettings ?? await resolveWorktreeSettings(cwd);
   if (argv.sandbox) {
     process3.env["GEMINI_SANDBOX"] = "true";
   }
-  const memoryImportFormat = settings.context?.importFormat || "tree";
   const includeDirectoryTree = settings.context?.includeDirectoryTree ?? true;
   const ideMode = settings.ide?.enabled ?? false;
   const folderTrust = process3.env["GEMINI_CLI_INTEGRATION_TEST"] === "true" || process3.env["VITEST"] === "true" ? false : settings.security?.folderTrust?.enabled ?? false;
@@ -8250,13 +8277,9 @@ async function loadCliConfig(settings, sessionId, argv, options = {}) {
   if (settings.context?.fileName) {
     setGeminiMdFilename(settings.context.fileName);
   } else {
-    setGeminiMdFilename(getCurrentGeminiMdFilename());
+    resetGeminiMdFilename(DEFAULT_CONTEXT_FILENAME);
   }
   const fileService = new FileDiscoveryService(cwd);
-  const memoryFileFiltering = {
-    ...DEFAULT_MEMORY_FILE_FILTERING_OPTIONS,
-    ...settings.context?.fileFiltering
-  };
   const fileFiltering = {
     ...DEFAULT_FILE_FILTERING_OPTIONS,
     ...settings.context?.fileFiltering
@@ -8294,33 +8317,13 @@ async function loadCliConfig(settings, sessionId, argv, options = {}) {
     await extensionManager.loadExtensions();
   }
   const extensionPlanSettings = extensionManager?.getExtensions()?.find((ext) => ext.isActive && ext.plan?.directory)?.plan;
-  const experimentalJitContext = settings.experimental.jitContext ?? true;
   let extensionRegistryURI = process3.env["GEMINI_CLI_EXTENSION_REGISTRY_URI"] ?? (trustedFolder ? settings.experimental?.extensionRegistryURI : void 0);
   if (extensionRegistryURI && !extensionRegistryURI.startsWith("http")) {
     extensionRegistryURI = resolveToRealPath(
       path7.resolve(cwd, resolvePath(extensionRegistryURI))
     );
   }
-  let memoryContent = "";
-  let fileCount = 0;
-  let filePaths = [];
   const finalExtensionLoader = extensionManager ?? new SimpleExtensionLoader([]);
-  if (!experimentalJitContext && !skipMemoryLoad) {
-    const result = await loadServerHierarchicalMemory(
-      cwd,
-      settings.context?.loadMemoryFromIncludeDirectories || false ? includeDirectories : [],
-      fileService,
-      finalExtensionLoader,
-      trustedFolder,
-      memoryImportFormat,
-      memoryFileFiltering,
-      settings.context?.discoveryMaxDirs,
-      settings.context?.memoryBoundaryMarkers
-    );
-    memoryContent = result.memoryContent;
-    fileCount = result.fileCount;
-    filePaths = result.filePaths;
-  }
   const question = argv.promptInteractive || argv.prompt || "";
   let approvalMode;
   const rawApprovalMode = argv.approvalMode || (argv.yolo ? "yolo" : void 0) || (settings.general?.defaultApprovalMode !== "yolo" ? settings.general?.defaultApprovalMode : void 0);
@@ -8435,7 +8438,7 @@ async function loadCliConfig(settings, sessionId, argv, options = {}) {
     workspacePoliciesDir,
     interactive
   );
-  const defaultModel = PREVIEW_GEMINI_MODEL_AUTO;
+  const defaultModel = GEMINI_MODEL_ALIAS_AUTO;
   const rawModel = argv.model || process3.env["GEMINI_MODEL"] || settings.model?.name;
   const specifiedModel = Array.isArray(rawModel) ? String(rawModel.at(-1) ?? "").trim() || "" : rawModel === void 0 ? void 0 : String(rawModel ?? "").trim() || "";
   const resolvedModel = specifiedModel === GEMINI_MODEL_ALIAS_AUTO ? defaultModel : specifiedModel || defaultModel;
@@ -8505,6 +8508,8 @@ async function loadCliConfig(settings, sessionId, argv, options = {}) {
   let profileSelector = void 0;
   if (settings.experimental?.stressTestProfile) {
     profileSelector = "stressTestProfile";
+  } else if (settings.experimental?.powerUserProfile) {
+    profileSelector = "powerUserProfile";
   } else if (settings.experimental?.generalistProfile || settings.experimental?.contextManagement) {
     profileSelector = "generalistProfile";
   }
@@ -8544,14 +8549,11 @@ async function loadCliConfig(settings, sessionId, argv, options = {}) {
     extensionsEnabled,
     agents: settings.agents,
     adminSkillsEnabled,
-    allowedMcpServers: mcpEnabled ? argv.allowedMcpServerNames ?? settings.mcp?.allowed : void 0,
-    blockedMcpServers: mcpEnabled ? argv.allowedMcpServerNames ? void 0 : settings.mcp?.excluded : void 0,
+    allowedMcpServers: mcpEnabled ? argv.allowedMcpServerNames ?? (loadedSettings ? loadedSettings.getConsolidatedAllowedMcpServers() : settings.mcp?.allowed) : void 0,
+    blockedMcpServers: mcpEnabled ? argv.allowedMcpServerNames ? void 0 : loadedSettings ? loadedSettings.getConsolidatedExcludedMcpServers() : settings.mcp?.excluded : void 0,
     blockedEnvironmentVariables: settings.security?.environmentVariableRedaction?.blocked,
     allowedEnvironmentVariables: settings.security?.environmentVariableRedaction?.allowed,
     enableEnvironmentVariableRedaction: settings.security?.environmentVariableRedaction?.enabled,
-    userMemory: memoryContent,
-    geminiMdFileCount: fileCount,
-    geminiMdFilePaths: filePaths,
     approvalMode,
     disableYoloMode: settings.security?.disableYoloMode || settings.admin?.secureModeEnabled,
     disableAlwaysAllow: settings.security?.disableAlwaysAllow || settings.admin?.secureModeEnabled,
@@ -8586,8 +8588,6 @@ async function loadCliConfig(settings, sessionId, argv, options = {}) {
     enableEventDrivenScheduler: true,
     skillsSupport: settings.skills?.enabled ?? true,
     disabledSkills: settings.skills?.disabled,
-    experimentalJitContext,
-    experimentalMemoryV2: settings.experimental?.memoryV2,
     experimentalAutoMemory: settings.experimental?.autoMemory,
     experimentalGemma: settings.experimental?.gemma,
     contextManagement,
@@ -8610,7 +8610,11 @@ async function loadCliConfig(settings, sessionId, argv, options = {}) {
     shellBackgroundCompletionBehavior: settings.tools?.shell?.backgroundCompletionBehavior,
     shellToolInactivityTimeout: settings.tools?.shell?.inactivityTimeout,
     enableShellOutputEfficiency: settings.tools?.shell?.enableShellOutputEfficiency ?? true,
-    skipNextSpeakerCheck: settings.model?.skipNextSpeakerCheck,
+    // In ACP mode, always skip the next-speaker check. This check triggers
+    // recursive continuation turns inside GeminiClient.processTurn() that
+    // conflict with ACP's explicit turn management via session/prompt,
+    // causing infinite agent_thought_chunk loops.
+    skipNextSpeakerCheck: isAcpMode || settings.model?.skipNextSpeakerCheck,
     truncateToolOutputThreshold: settings.tools?.truncateToolOutputThreshold,
     eventEmitter: coreEvents,
     useWriteTodos: argv.useWriteTodos ?? settings.useWriteTodos,
@@ -8621,6 +8625,7 @@ async function loadCliConfig(settings, sessionId, argv, options = {}) {
     gemmaModelRouter: settings.experimental?.gemmaModelRouter,
     adk: settings.experimental?.adk,
     fakeResponses: argv.fakeResponses,
+    fakeResponsesNonStrict: argv.fakeResponsesNonStrict,
     recordResponses: argv.recordResponses,
     retryFetchErrors: settings.general?.retryFetchErrors,
     billing: settings.billing,
@@ -8769,6 +8774,8 @@ import { createHash as createHash2 } from "node:crypto";
 import v8 from "node:v8";
 import os6 from "node:os";
 import dns from "node:dns";
+import * as path15 from "node:path";
+import * as fsPromises from "node:fs/promises";
 
 // packages/cli/src/utils/sandbox.ts
 var import_shell_quote2 = __toESM(require_shell_quote(), 1);
@@ -8824,16 +8831,26 @@ async function shouldUseCurrentUserInSandbox() {
   if (os2.platform() === "linux") {
     try {
       const osReleaseContent = await readFile("/etc/os-release", "utf8");
-      if (osReleaseContent.includes("ID=debian") || osReleaseContent.includes("ID=ubuntu") || osReleaseContent.match(/^ID_LIKE=.*debian.*/m) || // Covers derivatives
-      osReleaseContent.match(/^ID_LIKE=.*ubuntu.*/m)) {
+      const isSupportedDistro = osReleaseContent.match(
+        /^ID=["']?(?:debian|ubuntu|nixos|arch|fedora|suse|opensuse)/m
+      ) || osReleaseContent.match(
+        /^ID_LIKE=["']?.*(?:debian|ubuntu|arch|fedora|suse).*/m
+      );
+      if (isSupportedDistro) {
         debugLogger.log(
-          "Defaulting to use current user UID/GID for Debian/Ubuntu-based Linux."
+          "Defaulting to use current user UID/GID for supported Linux distribution."
         );
         return true;
       }
+      const uid = os2.userInfo().uid;
+      if (uid !== 1e3 && uid !== 0) {
+        debugLogger.warn(
+          `Warning: Host UID mismatch detected (current UID: ${uid}). If you encounter permission errors in the sandbox, try setting SANDBOX_SET_UID_GID=true.`
+        );
+      }
     } catch {
       debugLogger.warn(
-        "Warning: Could not read /etc/os-release to auto-detect Debian/Ubuntu for UID/GID default."
+        "Warning: Could not read /etc/os-release to auto-detect Linux distribution for UID/GID default."
       );
     }
   }
@@ -9099,6 +9116,7 @@ async function start_sandbox(config, nodeArgs = [], cliConfig, cliArgs = []) {
       );
     }
     const args = ["run", "-i", "--rm", "--init", "--workdir", containerWorkdir];
+    args.push("--entrypoint", "");
     if (config.command === "runsc") {
       args.push("--runtime=runsc");
     }
@@ -9229,21 +9247,11 @@ async function start_sandbox(config, nodeArgs = [], cliConfig, cliArgs = []) {
     }
     const imageName = parseImageName(image);
     const isIntegrationTest = process.env["GEMINI_CLI_INTEGRATION_TEST"] === "true";
-    let containerName;
-    if (isIntegrationTest) {
-      containerName = `gemini-cli-integration-test-${randomBytes(4).toString(
-        "hex"
-      )}`;
-      debugLogger.log(`ContainerName: ${containerName}`);
-    } else {
-      let index = 0;
-      const containerNameCheck = (await execAsync(`${command2} ps -a --format "{{.Names}}"`)).stdout.trim();
-      while (containerNameCheck.includes(`${imageName}-${index}`)) {
-        index++;
-      }
-      containerName = `${imageName}-${index}`;
-      debugLogger.log(`ContainerName (regular): ${containerName}`);
-    }
+    const containerNamePrefix = isIntegrationTest ? "gemini-cli-integration-test" : imageName;
+    const containerName = `${containerNamePrefix}-${randomBytes(6).toString(
+      "hex"
+    )}`;
+    debugLogger.log(`ContainerName: ${containerName}`);
     args.push("--name", containerName, "--hostname", containerName);
     if (process.env["GEMINI_CLI_TEST_VAR"]) {
       args.push(
@@ -9364,16 +9372,26 @@ async function start_sandbox(config, nodeArgs = [], cliConfig, cliArgs = []) {
       const gid = (await execAsync("id -g")).stdout.trim();
       const username = "gemini";
       const homeDir = getContainerPath(homedir());
-      const setupUserCommands = [
-        // Use -f with groupadd to avoid errors if the group already exists.
-        `groupadd -f -g ${gid} ${username}`,
-        // Create user only if it doesn't exist. Use -o for non-unique UID.
-        `id -u ${username} &>/dev/null || useradd -o -u ${uid} -g ${gid} -d ${homeDir} -s /bin/bash ${username}`
-      ].join(" && ");
+      const quotedHomeDir = (0, import_shell_quote2.quote)([homeDir]);
       const originalCommand = finalEntrypoint[2];
       const escapedOriginalCommand = originalCommand.replace(/'/g, "'\\''");
-      const suCommand = `su -p ${username} -c '${escapedOriginalCommand}'`;
-      finalEntrypoint[2] = `${setupUserCommands} && ${suCommand}`;
+      const defensiveEntrypoint = [
+        `if command -v useradd >/dev/null 2>&1; then`,
+        `  (groupadd -g ${gid} -o ${username} 2>/dev/null || true) &&`,
+        `  (id ${uid} >/dev/null 2>&1 || useradd -o -u ${uid} -g ${gid} -d ${quotedHomeDir} -s /bin/bash ${username} 2>/dev/null || true) &&`,
+        `  USER_NAME=$(id -nu ${uid} 2>/dev/null);`,
+        `  if [ -n "$USER_NAME" ]; then`,
+        `    su -p "$USER_NAME" -c '${escapedOriginalCommand}';`,
+        `  else`,
+        `    echo "Error: Failed to map host UID ${uid} to a user in the container." >&2;`,
+        `    exit 1;`,
+        `  fi`,
+        `else`,
+        `  echo "Error: 'useradd' not found in container. UID/GID mapping is required for Linux distros like NixOS/Arch to avoid permission issues. Please use a container image that includes standard user management tools (like 'ubuntu' or 'debian')." >&2;`,
+        `  exit 1;`,
+        `fi`
+      ].join("\n");
+      finalEntrypoint[2] = defensiveEntrypoint;
       userFlag = `--user ${uid}:${gid}`;
       args.push("--env", `HOME=${homedir()}`);
     }
@@ -9386,6 +9404,8 @@ async function start_sandbox(config, nodeArgs = [], cliConfig, cliArgs = []) {
         "run",
         "--rm",
         "--init",
+        "--entrypoint",
+        "",
         ...userFlag ? userFlag.split(" ") : [],
         "--name",
         SANDBOX_PROXY_NAME,
@@ -10229,7 +10249,7 @@ async function runNonInteractive({
       }
     });
     if (process.env["GEMINI_CLI_ACTIVITY_LOG_TARGET"]) {
-      const { setupInitialActivityLogger } = await import("./devtoolsService-SKRXJOXW.js");
+      const { setupInitialActivityLogger } = await import("./devtoolsService-EVM2JJLB.js");
       setupInitialActivityLogger(config);
     }
     const { stdout: workingStdout } = createWorkingStdio();
@@ -10684,6 +10704,9 @@ async function runNonInteractive({
 async function runNonInteractive2(params) {
   const useAgentSession = params.config.getAgentSessionNoninteractiveEnabled();
   if (useAgentSession) {
+    debugLogger.debug(
+      "[ADK] Running non-interactive mode with ADK agent session"
+    );
     return runNonInteractive(params);
   }
   const { config, settings, input, prompt_id, resumedSessionData } = params;
@@ -10697,7 +10720,7 @@ async function runNonInteractive2(params) {
       }
     });
     if (process.env["GEMINI_CLI_ACTIVITY_LOG_TARGET"]) {
-      const { setupInitialActivityLogger } = await import("./devtoolsService-SKRXJOXW.js");
+      const { setupInitialActivityLogger } = await import("./devtoolsService-EVM2JJLB.js");
       setupInitialActivityLogger(config);
     }
     const { stdout: workingStdout } = createWorkingStdio();
@@ -10931,6 +10954,20 @@ async function runNonInteractive2(params) {
                   durationMs
                 )
               });
+            } else if (config.getOutputFormat() === OutputFormat.JSON) {
+              const formatter = new JsonFormatter();
+              const stats = uiTelemetryService.getMetrics();
+              textOutput.write(
+                formatter.format(
+                  config.getSessionId(),
+                  responseText,
+                  stats,
+                  void 0,
+                  [...warnings, stopMessage]
+                )
+              );
+            } else {
+              textOutput.ensureTrailingNewline();
             }
             return;
           } else if (event.type === GeminiEventType.AgentExecutionBlocked) {
@@ -12680,11 +12717,6 @@ var CommandRegistry = class {
 };
 
 // packages/cli/src/acp/commands/memory.ts
-var DEFAULT_SANITIZATION_CONFIG = {
-  allowedEnvironmentVariables: [],
-  blockedEnvironmentVariables: [],
-  enableEnvironmentVariableRedaction: false
-};
 var MemoryCommand = class {
   name = "memory";
   description = "Manage memory.";
@@ -12692,7 +12724,6 @@ var MemoryCommand = class {
     new ShowMemoryCommand(),
     new RefreshMemoryCommand(),
     new ListMemoryCommand(),
-    new AddMemoryCommand(),
     new InboxMemoryCommand()
   ];
   requiresWorkspace = true;
@@ -12725,40 +12756,6 @@ var ListMemoryCommand = class {
     return { name: this.name, data: result.content };
   }
 };
-var AddMemoryCommand = class {
-  name = "memory add";
-  description = "Add content to the memory.";
-  async execute(context, args) {
-    const textToAdd = args.join(" ").trim();
-    const result = addMemory(textToAdd);
-    if (result.type === "message") {
-      return { name: this.name, data: result.content };
-    }
-    const toolRegistry = context.agentContext.toolRegistry;
-    const tool = toolRegistry.getTool(result.toolName);
-    if (tool) {
-      const abortController = new AbortController();
-      const signal = abortController.signal;
-      await context.sendMessage(`Saving memory via ${result.toolName}...`);
-      await tool.buildAndExecute(result.toolArgs, signal, void 0, {
-        shellExecutionConfig: {
-          sanitizationConfig: DEFAULT_SANITIZATION_CONFIG,
-          sandboxManager: context.agentContext.sandboxManager
-        }
-      });
-      await refreshMemory(context.agentContext.config);
-      return {
-        name: this.name,
-        data: `Added memory: "${textToAdd}"`
-      };
-    } else {
-      return {
-        name: this.name,
-        data: `Error: Tool ${result.toolName} not found.`
-      };
-    }
-  }
-};
 var InboxMemoryCommand = class {
   name = "memory inbox";
   description = "Lists memory items extracted from past sessions that are pending review.";
@@ -13664,16 +13661,16 @@ function buildAvailableModes(isPlanEnabled) {
   return modes;
 }
 function buildAvailableModels(config, settings) {
-  const preferredModel = config.getModel() || DEFAULT_GEMINI_MODEL_AUTO;
+  const preferredModel = config.getModel() || GEMINI_MODEL_ALIAS_AUTO;
   const shouldShowPreviewModels = config.getHasAccessToPreviewModel();
   const useGemini31 = config.getGemini31LaunchedSync?.() ?? false;
-  const useGemini31FlashLite = config.getGemini31FlashLiteLaunchedSync?.() ?? false;
+  const useGemini3_5Flash = config.hasGemini35FlashGAAccess?.() ?? false;
   const selectedAuthType = settings.merged.security.auth.selectedType;
   const useCustomToolModel = useGemini31 && selectedAuthType === AuthType.USE_GEMINI;
   if (config.getExperimentalDynamicModelConfiguration?.() === true && config.getModelConfigService) {
     const options = config.getModelConfigService().getAvailableModelOptions({
       useGemini3_1: useGemini31,
-      useGemini3_1FlashLite: useGemini31FlashLite,
+      useGemini3_5Flash,
       useCustomTools: useCustomToolModel,
       hasAccessToPreview: shouldShowPreviewModels
     });
@@ -13684,18 +13681,15 @@ function buildAvailableModels(config, settings) {
   }
   const mainOptions = [
     {
-      value: DEFAULT_GEMINI_MODEL_AUTO,
-      title: getDisplayString(DEFAULT_GEMINI_MODEL_AUTO),
-      description: "Let Gemini CLI decide the best model for the task: gemini-2.5-pro, gemini-2.5-flash"
+      value: GEMINI_MODEL_ALIAS_AUTO,
+      title: getDisplayString(GEMINI_MODEL_ALIAS_AUTO),
+      description: getAutoModelDescription(
+        shouldShowPreviewModels,
+        useGemini31,
+        useGemini3_5Flash
+      )
     }
   ];
-  if (shouldShowPreviewModels) {
-    mainOptions.unshift({
-      value: PREVIEW_GEMINI_MODEL_AUTO,
-      title: getDisplayString(PREVIEW_GEMINI_MODEL_AUTO),
-      description: useGemini31 ? "Let Gemini CLI decide the best model for the task: gemini-3.1-pro, gemini-3-flash" : "Let Gemini CLI decide the best model for the task: gemini-3-pro, gemini-3-flash"
-    });
-  }
   const manualOptions = [
     {
       value: DEFAULT_GEMINI_MODEL,
@@ -13723,10 +13717,10 @@ function buildAvailableModels(config, settings) {
         title: getDisplayString(PREVIEW_GEMINI_FLASH_MODEL)
       }
     ];
-    if (useGemini31FlashLite) {
+    if (PREVIEW_GEMINI_FLASH_LITE_MODEL !== "none") {
       previewOptions.push({
-        value: PREVIEW_GEMINI_3_1_FLASH_LITE_MODEL,
-        title: getDisplayString(PREVIEW_GEMINI_3_1_FLASH_LITE_MODEL)
+        value: PREVIEW_GEMINI_FLASH_LITE_MODEL,
+        title: getDisplayString(PREVIEW_GEMINI_FLASH_LITE_MODEL)
       });
     }
     manualOptions.unshift(...previewOptions);
@@ -13761,13 +13755,88 @@ var Session = class {
       CoreEvent.ApprovalModeChanged,
       this.handleApprovalModeChanged
     );
+    this.context.config.getMessageBus()?.subscribe(
+      MessageBusType.TOOL_CONFIRMATION_REQUEST,
+      this.handleToolConfirmationRequest,
+      { signal: this.disposeController.signal }
+    );
   }
   pendingPrompt = null;
   commandHandler = new CommandHandler();
   callIdCounter = 0;
+  disposeController = new AbortController();
   generateCallId(name) {
     return `${name}-${Date.now()}-${++this.callIdCounter}`;
   }
+  handleToolConfirmationRequest = async (request) => {
+    try {
+      const policyEngine = this.context.config.getPolicyEngine?.();
+      const messageBus = this.context.config.getMessageBus();
+      if (!messageBus) {
+        return;
+      }
+      if (!policyEngine) {
+        debugLogger.warn(
+          "Policy engine missing. Denying tool confirmation request."
+        );
+        await messageBus.publish({
+          type: MessageBusType.TOOL_CONFIRMATION_RESPONSE,
+          correlationId: request.correlationId,
+          confirmed: false,
+          requiresUserConfirmation: false
+        });
+        return;
+      }
+      const toolName = request.toolCall.name?.trim();
+      if (!toolName) {
+        debugLogger.warn(
+          "Tool confirmation request missing tool name. Denying."
+        );
+        await messageBus.publish({
+          type: MessageBusType.TOOL_CONFIRMATION_RESPONSE,
+          correlationId: request.correlationId,
+          confirmed: false,
+          requiresUserConfirmation: false
+        });
+        return;
+      }
+      const tool = this.context.toolRegistry.getTool(toolName);
+      if (!tool) {
+        debugLogger.warn(
+          `Tool confirmation request for unknown tool: ${toolName}. Denying.`
+        );
+        await messageBus.publish({
+          type: MessageBusType.TOOL_CONFIRMATION_RESPONSE,
+          correlationId: request.correlationId,
+          confirmed: false,
+          requiresUserConfirmation: false
+        });
+        return;
+      }
+      const serverName = tool instanceof DiscoveredMCPTool ? tool.serverName : void 0;
+      const toolAnnotations = tool.toolAnnotations;
+      const result = await policyEngine.check(
+        request.toolCall,
+        serverName,
+        toolAnnotations,
+        request.subagent
+      );
+      await messageBus.publish({
+        type: MessageBusType.TOOL_CONFIRMATION_RESPONSE,
+        correlationId: request.correlationId,
+        confirmed: result.decision === PolicyDecision.ALLOW,
+        requiresUserConfirmation: result.decision === PolicyDecision.ASK_USER
+      });
+    } catch (error) {
+      debugLogger.error("Error handling tool confirmation request:", error);
+      await this.context.config.getMessageBus()?.publish({
+        type: MessageBusType.TOOL_CONFIRMATION_RESPONSE,
+        correlationId: request.correlationId,
+        confirmed: false,
+        requiresUserConfirmation: false
+      });
+    }
+  };
   handleApprovalModeChanged = (payload) => {
     if (payload.sessionId === this.id) {
       void this.sendUpdate({
@@ -13784,6 +13853,7 @@ var Session = class {
       CoreEvent.ApprovalModeChanged,
       this.handleApprovalModeChanged
     );
+    this.disposeController.abort();
   }
   async cancelPendingPrompt() {
     if (!this.pendingPrompt) {
@@ -14193,12 +14263,6 @@ ${event.value.description}`;
       const invocation = tool.build(args);
       const displayTitle = typeof invocation.getDisplayTitle === "function" ? invocation.getDisplayTitle() : invocation.getDescription();
       const explanation = typeof invocation.getExplanation === "function" ? invocation.getExplanation() : "";
-      if (explanation) {
-        await this.sendUpdate({
-          sessionUpdate: "agent_thought_chunk",
-          content: { type: "text", text: explanation }
-        });
-      }
       const confirmationDetails = await invocation.shouldConfirmExecute(abortSignal);
       if (confirmationDetails) {
         const content2 = [];
@@ -14213,6 +14277,12 @@ ${event.value.description}`;
             }
           });
         }
+        if (content2.length === 0 && explanation) {
+          content2.push({
+            type: "content",
+            content: { type: "text", text: explanation }
+          });
+        }
         const params = {
           sessionId: this.id,
           options: toPermissionOptions(
@@ -14261,6 +14331,12 @@ ${event.value.description}`;
         }
       } else {
         const content2 = [];
+        if (explanation) {
+          content2.push({
+            type: "content",
+            content: { type: "text", text: explanation }
+          });
+        }
         await this.sendUpdate({
           sessionUpdate: "tool_call",
           toolCallId: callId,
@@ -14442,89 +14518,103 @@ ${event.value.description}`;
       let currentPathSpec = pathName;
       let resolvedSuccessfully = false;
       let readDirectly = false;
-      try {
-        const absolutePath = path12.resolve(
+      const result = await resolveAtCommandPath(
+        pathName,
+        this.context.config,
+        (msg) => this.debug(msg)
+      );
+      let validationError = null;
+      let absolutePath;
+      let resolved;
+      if (result.status === "resolved") {
+        resolved = result.resolved;
+        absolutePath = resolved.absolutePath;
+      } else if (result.status === "unauthorized") {
+        absolutePath = result.absolutePath;
+        validationError = result.error;
+      } else if (result.status === "invalid") {
+        continue;
+      } else {
+        absolutePath = path12.resolve(
           this.context.config.getTargetDir(),
           pathName
         );
-        let validationError = this.context.config.validatePathAccess(
-          absolutePath,
-          "read"
-        );
-        if (validationError && !isWithinRoot(absolutePath, this.context.config.getTargetDir())) {
-          try {
-            const stats = await fs12.stat(absolutePath);
-            if (stats.isFile()) {
-              const syntheticCallId = `resolve-prompt-${pathName}-${randomUUID()}`;
-              const params = {
-                sessionId: this.id,
-                options: [
-                  {
-                    optionId: ToolConfirmationOutcome.ProceedOnce,
-                    name: "Allow once",
-                    kind: "allow_once"
-                  },
+      }
+      if (!resolved && validationError && !isWithinRoot(absolutePath, this.context.config.getTargetDir())) {
+        try {
+          const stats = await fs12.stat(absolutePath);
+          if (stats.isFile()) {
+            const syntheticCallId = `resolve-prompt-${pathName}-${randomUUID()}`;
+            const params = {
+              sessionId: this.id,
+              options: [
+                {
+                  optionId: ToolConfirmationOutcome.ProceedOnce,
+                  name: "Allow once",
+                  kind: "allow_once"
+                },
+                {
+                  optionId: ToolConfirmationOutcome.Cancel,
+                  name: "Deny",
+                  kind: "reject_once"
+                }
+              ],
+              toolCall: {
+                toolCallId: syntheticCallId,
+                status: "pending",
+                title: `Allow access to absolute path: ${pathName}`,
+                content: [
                   {
-                    optionId: ToolConfirmationOutcome.Cancel,
-                    name: "Deny",
-                    kind: "reject_once"
+                    type: "content",
+                    content: {
+                      type: "text",
+                      text: `The Agent needs access to read an attached file outside your workspace: ${pathName}`
+                    }
                   }
                 ],
-                toolCall: {
-                  toolCallId: syntheticCallId,
-                  status: "pending",
-                  title: `Allow access to absolute path: ${pathName}`,
-                  content: [
-                    {
-                      type: "content",
-                      content: {
-                        type: "text",
-                        text: `The Agent needs access to read an attached file outside your workspace: ${pathName}`
-                      }
-                    }
-                  ],
-                  locations: [],
-                  kind: "read"
-                }
-              };
-              const output = RequestPermissionResponseSchema.parse(
-                await this.connection.requestPermission(params)
-              );
-              const outcome = output.outcome.outcome === "cancelled" ? ToolConfirmationOutcome.Cancel : external_exports.nativeEnum(ToolConfirmationOutcome).parse(output.outcome.optionId);
-              if (outcome === ToolConfirmationOutcome.ProceedOnce) {
-                this.context.config.getWorkspaceContext().addReadOnlyPath(absolutePath);
-                validationError = null;
-              } else {
-                this.debug(
-                  `Direct read authorization denied for absolute path ${pathName}`
-                );
-                directContents.push({
-                  spec: pathName,
-                  content: `[Warning: Access to absolute path \`${pathName}\` denied by user.]`
-                });
-                continue;
+                locations: [],
+                kind: "read"
               }
-            }
-          } catch (error) {
-            this.debug(
-              `Failed to request permission for absolute attachment ${pathName}: ${getErrorMessage(error)}`
+            };
+            const output = RequestPermissionResponseSchema.parse(
+              await this.connection.requestPermission(params)
             );
-            await this.sendUpdate({
-              sessionUpdate: "agent_thought_chunk",
-              content: {
-                type: "text",
-                text: `Warning: Failed to display permission dialog for \`${absolutePath}\`. Error: ${getErrorMessage(error)}`
-              }
-            });
+            const outcome = output.outcome.outcome === "cancelled" ? ToolConfirmationOutcome.Cancel : external_exports.nativeEnum(ToolConfirmationOutcome).parse(output.outcome.optionId);
+            if (outcome === ToolConfirmationOutcome.ProceedOnce) {
+              this.context.config.getWorkspaceContext().addReadOnlyPath(absolutePath);
+              validationError = null;
+            } else {
+              this.debug(
+                `Direct read authorization denied for absolute path ${pathName}`
+              );
+              directContents.push({
+                spec: pathName,
+                content: `[Warning: Access to absolute path \`${pathName}\` denied by user.]`
+              });
+              continue;
+            }
           }
+        } catch (error) {
+          this.debug(
+            `Failed to request permission for absolute attachment ${pathName}: ${getErrorMessage(error)}`
+          );
+          await this.sendUpdate({
+            sessionUpdate: "agent_thought_chunk",
+            content: {
+              type: "text",
+              text: `Warning: Failed to display permission dialog for \`${absolutePath}\`. Error: ${getErrorMessage(error)}`
+            }
+          });
         }
+      }
+      try {
         if (!validationError) {
           if ((path12.isAbsolute(pathName) || !isWithinRoot(
             absolutePath,
             this.context.config.getTargetDir()
           )) && !readDirectly) {
             try {
-              const stats = await fs12.stat(absolutePath);
+              const stats = resolved ? resolved.stats : await fs12.stat(absolutePath);
               if (stats.isFile()) {
                 const fileReadResult = await processSingleFileContent(
                   absolutePath,
@@ -14580,7 +14670,7 @@ ${contentToPush}`;
             }
           }
           if (!readDirectly) {
-            const stats = await fs12.stat(absolutePath);
+            const stats = resolved ? resolved.stats : await fs12.stat(absolutePath);
             if (stats.isDirectory()) {
               currentPathSpec = pathName.endsWith("/") ? `${pathName}**` : `${pathName}/**`;
               this.debug(
@@ -14872,7 +14962,11 @@ var AcpFileSystemService = class {
         path: filePath,
         sessionId: this.sessionId
       });
-      return response.content;
+      const content = response.content;
+      if (typeof content !== "string") {
+        throw new Error("content must be a string");
+      }
+      return content;
     } catch (err) {
       this.normalizeFileSystemError(err);
     }
@@ -14923,7 +15017,7 @@ var AcpSessionManager = class {
       mcpServers,
       loadedSettings
     );
-    const authType = loadedSettings.merged.security.auth.selectedType || AuthType.USE_GEMINI;
+    const authType = loadedSettings.merged.security.auth.selectedType || (authDetails.baseUrl || process.env["GOOGLE_GEMINI_BASE_URL"] ? AuthType.GATEWAY : AuthType.USE_GEMINI);
     let isAuthenticated = false;
     let authErrorMessage = "";
     try {
@@ -15044,7 +15138,7 @@ var AcpSessionManager = class {
     return response;
   }
   async initializeSessionConfig(sessionId, cwd, mcpServers, authDetails) {
-    const selectedAuthType = this.settings.merged.security.auth.selectedType;
+    const selectedAuthType = this.settings.merged.security.auth.selectedType || (authDetails.baseUrl || process.env["GOOGLE_GEMINI_BASE_URL"] ? AuthType.GATEWAY : void 0);
     if (!selectedAuthType) {
       throw RequestError.authRequired();
     }
@@ -15331,7 +15425,7 @@ async function validateNonInteractiveAuth(configuredAuthType, useExternalAuth, n
     }
     const authType = effectiveAuthType;
     if (!useExternalAuth) {
-      const err = validateAuthMethod(String(authType));
+      const err = await validateAuthMethod(String(authType));
       if (err != null) {
         throw new Error(err);
       }
@@ -15357,7 +15451,7 @@ async function relaunchOnExitCode(runner) {
   while (true) {
     try {
       const exitCode = await runner();
-      if (exitCode !== RELAUNCH_EXIT_CODE) {
+      if (process.platform === "android" || exitCode !== RELAUNCH_EXIT_CODE) {
         process.exit(exitCode);
       }
     } catch (error) {
@@ -15430,8 +15524,7 @@ async function deleteSession(config, sessionIndex) {
     return;
   }
   try {
-    const chatRecordingService = new ChatRecordingService(config);
-    await chatRecordingService.deleteSession(sessionToDelete.file);
+    await deleteStoredSession(config, sessionToDelete.file);
     const time = formatRelativeTime(sessionToDelete.lastUpdated);
     writeToStdout(
       `Deleted session ${sessionToDelete.index}: ${sessionToDelete.firstUserMessage} (${time})`
@@ -15720,13 +15813,69 @@ ${reason.stack}` : ""}`;
     }
   });
 }
-async function resolveSessionId(resumeArg, sessionIdArg) {
-  if (!resumeArg && !sessionIdArg) {
+async function resolveSessionId(resumeArg, sessionIdArg, sessionFileArg) {
+  if (!resumeArg && !sessionIdArg && !sessionFileArg) {
     return { sessionId: createSessionId() };
   }
   const storage = new Storage(process.cwd());
   await storage.initialize();
   const sessionSelector = new SessionSelector(storage);
+  if (sessionFileArg) {
+    try {
+      const sessionData = await loadConversationRecord(sessionFileArg);
+      if (!sessionData) {
+        throw new Error(`File not found or invalid format: ${sessionFileArg}`);
+      }
+      const now = Date.now();
+      const isoNow = new Date(now).toISOString();
+      sessionData.messages = (sessionData.messages || []).filter(
+        (m) => typeof m === "object" && m !== null && (m.type === "user" || m.type === "gemini") && m.content !== void 0
+      );
+      sessionData.messages.unshift({
+        id: `import-${now}`,
+        type: "info",
+        content: `Imported session from ${sessionFileArg}`,
+        timestamp: isoNow
+      });
+      const newSessionId = createSessionId();
+      sessionData.sessionId = newSessionId;
+      sessionData.projectHash = getProjectHash(storage.getProjectRoot());
+      sessionData.startTime = isoNow;
+      sessionData.lastUpdated = isoNow;
+      const chatsDir = path15.join(storage.getProjectTempDir(), "chats");
+      const newSessionPath = path15.join(
+        chatsDir,
+        `session-${now}-${newSessionId.slice(0, 8)}.jsonl`
+      );
+      const { messages: _messages, ...initialMetadata } = sessionData;
+      const lines = [JSON.stringify(initialMetadata)];
+      if (sessionData.messages) {
+        for (const msg of sessionData.messages) {
+          lines.push(JSON.stringify(msg));
+        }
+      }
+      await fsPromises.mkdir(chatsDir, { recursive: true });
+      await fsPromises.writeFile(
+        newSessionPath,
+        lines.join("\n") + "\n",
+        "utf-8"
+      );
+      return {
+        sessionId: newSessionId,
+        resumedSessionData: {
+          conversation: sessionData,
+          filePath: newSessionPath
+        }
+      };
+    } catch (error) {
+      coreEvents.emitFeedback(
+        "error",
+        `Error importing session from file: ${error instanceof Error ? error.message : "Unknown error"}`
+      );
+      await runExitCleanup();
+      process.exit(ExitCodes.FATAL_INPUT_ERROR);
+    }
+  }
   if (sessionIdArg) {
     if (await sessionSelector.sessionExists(sessionIdArg)) {
       coreEvents.emitFeedback(
@@ -15748,8 +15897,10 @@ async function resolveSessionId(resumeArg, sessionIdArg) {
     };
   } catch (error) {
     if (error instanceof SessionError && error.code === "NO_SESSIONS_FOUND") {
-      coreEvents.emitFeedback("warning", error.message);
-      return { sessionId: createSessionId() };
+      if (resumeArg === RESUME_LATEST) {
+        coreEvents.emitFeedback("warning", error.message);
+        return { sessionId: createSessionId() };
+      }
     }
     coreEvents.emitFeedback(
       "error",
@@ -15760,7 +15911,7 @@ async function resolveSessionId(resumeArg, sessionIdArg) {
   }
 }
 async function startInteractiveUI(config, settings, startupWarnings, workspaceRoot = process.cwd(), resumedSessionData, initializationResult) {
-  const { startInteractiveUI: doStartUI } = await import("./interactiveCli-QHKQZZJU.js");
+  const { startInteractiveUI: doStartUI } = await import("./interactiveCli-MEEXSI2X.js");
   await doStartUI(
     config,
     settings,
@@ -15823,7 +15974,8 @@ async function main() {
   const argv = await argvPromise;
   const { sessionId, resumedSessionData } = await resolveSessionId(
     argv.resume,
-    argv.sessionId
+    argv.sessionId,
+    argv.sessionFile
   );
   if (argv.allowedTools && argv.allowedTools.length > 0 || settings.merged.tools?.allowed && settings.merged.tools.allowed.length > 0) {
     coreEvents.emitFeedback(
@@ -15874,14 +16026,14 @@ async function main() {
   const partialConfig = await loadCliConfig(settings.merged, sessionId, argv, {
     projectHooks: settings.workspace.settings.hooks,
     skipExtensions: true,
-    skipMemoryLoad: true
+    loadedSettings: settings
   });
   adminControlsListner.setConfig(partialConfig);
   let initialAuthFailed = false;
   if (!settings.merged.security.auth.useExternal && !argv.isCommand) {
     try {
       if (partialConfig.isInteractive() && settings.merged.security.auth.selectedType) {
-        const err = validateAuthMethod(
+        const err = await validateAuthMethod(
           settings.merged.security.auth.selectedType
         );
         if (err) {
@@ -15961,13 +16113,14 @@ ${finalArgs[promptIndex + 1]}`;
     const loadConfigHandle = startupProfiler.start("load_cli_config");
     config = await loadCliConfig(settings.merged, sessionId, argv, {
       projectHooks: settings.workspace.settings.hooks,
-      worktreeSettings: worktreeInfo
+      worktreeSettings: worktreeInfo,
+      loadedSettings: settings
     });
     loadConfigHandle?.end();
     await config.storage.initialize();
     adminControlsListner.setConfig(config);
     if (config.isInteractive() && settings.merged.general.devtools) {
-      const { setupInitialActivityLogger } = await import("./devtoolsService-SKRXJOXW.js");
+      const { setupInitialActivityLogger } = await import("./devtoolsService-EVM2JJLB.js");
       setupInitialActivityLogger(config);
     }
     registerTelemetryConfig(config);
@@ -16026,7 +16179,7 @@ ${finalArgs[promptIndex + 1]}`;
     const initAppHandle = startupProfiler.start("initialize_app");
     const initializationResult = await initializeApp(config, settings);
     initAppHandle?.end();
-    import("./liteRtServerManager-USDJEPCM.js").then(({ LiteRtServerManager }) => {
+    import("./liteRtServerManager-3EZO3JZ5.js").then(({ LiteRtServerManager }) => {
       const mergedGemma = settings.merged.experimental?.gemmaModelRouter;
       if (!mergedGemma) return;
       const userGemma = settings.forScope("User" /* User */).settings.experimental?.gemmaModelRouter;