@phnx-labs/agents-cli 1.19.0 → 1.19.2

package/README.md

@@ -414,7 +414,7 @@ agents secrets list                              # npm-tokens is already there;
 agents run claude "..." --secrets npm-tokens     # injects NPM_TOKEN automatically
 ```
 
-Under the hood, synced bundles route writes through a notarized helper app (`AgentsKeychain.app`) that holds the entitlement macOS requires for `kSecAttrSynchronizable`. Bundles created with `--no-icloud-sync` stay device-local.
+Under the hood, synced bundles route writes through a notarized helper app (`Agents CLI.app`) that holds the entitlement macOS requires for `kSecAttrSynchronizable`. Bundles created with `--no-icloud-sync` stay device-local.
 
 Bundle definitions sync via iCloud Keychain too — no `agents repo push` needed for secrets, no recreate step on each Mac. Nothing about secrets ever lives in plaintext on disk.
 

package/dist/commands/exec.js

@@ -276,7 +276,7 @@ export function registerRunCommand(program) {
                 }
                 const breakdown = Object.entries(counts).map(([k, v]) => `${v} ${k}`).join(', ');
                 console.log(chalk.gray(`[secrets] Resolved ${bundleName}: ${entries.length} keys (${breakdown})`));
-                secretsEnv = { ...secretsEnv, ...resolveBundleEnv(bundle) };
+                secretsEnv = { ...secretsEnv, ...resolveBundleEnv(bundle, { caller: `agent ${agent}` }) };
             }
             catch (err) {
                 console.error(chalk.red(err.message));

package/dist/commands/mcp.js

@@ -156,11 +156,40 @@ Examples:
   agents mcp add db-server -- uvx postgres-mcp
 `)
         .action(async (name, commandOrUrl, options) => {
+        // Registry resolution: if the user just typed `agents mcp add <name>`,
+        // try looking up `<name>` in any configured MCP registry (by default the
+        // official MCP Registry at registry.modelcontextprotocol.io) and derive
+        // the install spec automatically.
+        if (commandOrUrl.length === 0) {
+            const { getMcpServerInfo, mcpEntryToInstallSpec } = await import('../lib/registry.js');
+            const spinner = ora(`Looking up '${name}' in MCP registries…`).start();
+            try {
+                const entry = await getMcpServerInfo(name);
+                if (entry) {
+                    const spec = mcpEntryToInstallSpec(entry);
+                    if (spec?.command) {
+                        commandOrUrl = spec.command.split(' ');
+                        options.transport = spec.transport;
+                        spinner.succeed(`Resolved '${name}' → ${chalk.gray(spec.command)}`);
+                    }
+                    else {
+                        spinner.warn(`Found '${name}' in registry but could not derive an install command (likely a remote-only server).`);
+                    }
+                }
+                else {
+                    spinner.fail(`'${name}' not found in any configured MCP registry.`);
+                }
+            }
+            catch (err) {
+                spinner.fail(`Registry lookup failed: ${err.message}`);
+            }
+        }
         const transport = options.transport;
         if (commandOrUrl.length === 0) {
             console.error(chalk.red('Error: Command or URL required'));
             console.log(chalk.gray('Stdio: agents mcp add <name> -- <command...>'));
             console.log(chalk.gray('HTTP:  agents mcp add <name> <url> --transport http'));
+            console.log(chalk.gray("Or list what's discoverable: agents mcp list --available"));
             process.exit(1);
         }
         const localPath = getUserAgentsDir();

package/dist/commands/secrets.js

@@ -879,7 +879,7 @@ Examples:
             if (opts.to1password) {
                 assertOpAvailable();
                 const vault = await resolveVault(opts.vault);
-                const env = resolveBundleEnv(bundle);
+                const env = resolveBundleEnv(bundle, { caller: `1Password vault ${vault}` });
                 let created = 0;
                 let overwritten = 0;
                 let skipped = 0;
@@ -913,7 +913,7 @@ Examples:
                 console.error(chalk.red('export to a TTY requires --plaintext (prevents shoulder-surfing).'));
                 process.exit(1);
             }
-            const env = resolveBundleEnv(bundle);
+            const env = resolveBundleEnv(bundle, { caller: `export to shell` });
             const prefix = bundleToEnvPrefix(resolvedBundleName);
             for (const [k, v] of Object.entries(env)) {
                 const exportKey = isReservedEnvName(k) ? `${prefix}_${k}` : k;
@@ -941,9 +941,9 @@ Examples:
             }
             const { resolveBundleEnv } = await import('../lib/secrets/bundles.js');
             const bundle = readBundle(bundleName);
-            const secretEnv = resolveBundleEnv(bundle);
-            const { spawn } = await import('child_process');
             const [cmd, ...args] = commandParts;
+            const secretEnv = resolveBundleEnv(bundle, { caller: `command ${cmd}` });
+            const { spawn } = await import('child_process');
             const proc = spawn(cmd, args, {
                 stdio: 'inherit',
                 env: { ...process.env, ...secretEnv },

package/dist/commands/sessions.d.ts

@@ -3,14 +3,15 @@ import type { SessionMeta } from '../lib/session/types.js';
 /**
  * Build the shell command that resumes a picked session.
  *
- * Cross-version handoff: when the session was created on a different version
- * than the one the shim will launch (activeVersion), the session file lives in
- * the other version's isolated home and `--resume <id>` would silently fail to
- * find it. Fall back to a fresh session seeded with `/continue <id>`, which is
- * wired (~/.claude/commands/continue.md) to read the prior transcript via
- * `agents sessions <id>` — that reader is version-agnostic.
+ * When the session's originating version is known, uses the version-pinned
+ * binary (e.g. `claude@2.1.138`) so the resume always runs in the same
+ * isolated HOME where the JSONL was written — regardless of which version is
+ * currently the default. Falls back to the bare shim when version is unknown.
+ *
+ * If the versioned binary is missing (version was removed), the ENOENT
+ * handler in handlePickedSession retries via buildFallbackCommand.
  */
-export declare function buildResumeCommand(session: SessionMeta, activeVersion?: string): string[] | null;
+export declare function buildResumeCommand(session: SessionMeta): string[] | null;
 /** Filter and rank sessions by a multi-term search query across metadata and content. */
 export declare function filterSessionsByQuery(sessions: SessionMeta[], query: string | undefined): SessionMeta[];
 /** Register the `agents sessions` command with all its options and help text. */

package/dist/commands/sessions.js

@@ -22,7 +22,7 @@ import { parseSession } from '../lib/session/parse.js';
 import { renderConversationMarkdown, renderSummary, renderSummaryHeader, computeSummaryStats, renderJson, filterEvents, parseRoleList } from '../lib/session/render.js';
 import { renderMarkdown } from '../lib/markdown.js';
 import { colorAgent, resolveAgentName } from '../lib/agents.js';
-import { resolveVersion, resolveVersionAliasLoose } from '../lib/versions.js';
+import { resolveVersionAliasLoose } from '../lib/versions.js';
 import { isInteractiveTerminal, isPromptCancelled } from './utils.js';
 import { sessionPicker } from './sessions-picker.js';
 import { setHelpSections } from '../lib/help.js';
@@ -613,18 +613,12 @@ async function handlePickedSession(picked) {
     const cwd = picked.session.cwd && fs.existsSync(picked.session.cwd)
         ? picked.session.cwd
         : process.cwd();
-    const activeVersion = resolveVersion(picked.session.agent, cwd) ?? undefined;
-    const resume = buildResumeCommand(picked.session, activeVersion);
+    const resume = buildResumeCommand(picked.session);
     if (!resume) {
         console.log(chalk.yellow(`Resume is not supported for ${picked.session.agent} sessions yet. Showing summary instead.`));
         await renderSession(picked.session, 'summary', {});
         return;
     }
-    if (picked.session.version && activeVersion && picked.session.version !== activeVersion) {
-        console.log(chalk.gray(`Cross-version handoff: session is ${picked.session.agent} ${picked.session.version}, ` +
-            `default is ${activeVersion}. Starting fresh and passing /continue so the new agent ` +
-            `reads the prior transcript via 'agents sessions'.`));
-    }
     console.log(chalk.gray(`Resuming: ${resume.join(' ')} (cwd: ${cwd})`));
     await new Promise((resolve) => {
         const child = spawn(resume[0], resume.slice(1), {
@@ -633,6 +627,16 @@ async function handlePickedSession(picked) {
             shell: false,
         });
         child.on('error', (err) => {
+            if (err.code === 'ENOENT' && picked.session.version) {
+                const fallback = buildFallbackCommand(picked.session);
+                if (fallback) {
+                    console.log(chalk.gray(`Version ${picked.session.version} is not installed. Falling back to current version via /continue...`));
+                    const fb = spawn(fallback[0], fallback.slice(1), { cwd, stdio: 'inherit', shell: false });
+                    fb.on('error', (e) => { console.error(chalk.red(`Failed: ${e.message}`)); resolve(); });
+                    fb.on('close', () => resolve());
+                    return;
+                }
+            }
             console.error(chalk.red(`Failed to launch ${resume[0]}: ${err.message}`));
             if (err.code === 'ENOENT') {
                 console.error(chalk.gray(`Make sure '${resume[0]}' is on your PATH.`));
@@ -645,23 +649,23 @@ async function handlePickedSession(picked) {
 /**
  * Build the shell command that resumes a picked session.
  *
- * Cross-version handoff: when the session was created on a different version
- * than the one the shim will launch (activeVersion), the session file lives in
- * the other version's isolated home and `--resume <id>` would silently fail to
- * find it. Fall back to a fresh session seeded with `/continue <id>`, which is
- * wired (~/.claude/commands/continue.md) to read the prior transcript via
- * `agents sessions <id>` — that reader is version-agnostic.
+ * When the session's originating version is known, uses the version-pinned
+ * binary (e.g. `claude@2.1.138`) so the resume always runs in the same
+ * isolated HOME where the JSONL was written — regardless of which version is
+ * currently the default. Falls back to the bare shim when version is unknown.
+ *
+ * If the versioned binary is missing (version was removed), the ENOENT
+ * handler in handlePickedSession retries via buildFallbackCommand.
  */
-export function buildResumeCommand(session, activeVersion) {
-    const versionMismatch = !!(session.version && activeVersion && session.version !== activeVersion);
+export function buildResumeCommand(session) {
     switch (session.agent) {
         case 'claude':
-            if (versionMismatch)
-                return ['claude', `/continue ${session.id}`];
+            if (session.version)
+                return [`claude@${session.version}`, '--resume', session.id];
             return ['claude', '--resume', session.id];
         case 'codex':
-            if (versionMismatch)
-                return ['codex', `/continue ${session.id}`];
+            if (session.version)
+                return [`codex@${session.version}`, 'resume', session.id];
             return ['codex', 'resume', session.id];
         case 'opencode':
             return ['opencode', '--session', session.id];
@@ -673,6 +677,14 @@ export function buildResumeCommand(session, activeVersion) {
             return null;
     }
 }
+/** Fallback resume command when the versioned binary is unavailable (ENOENT). */
+function buildFallbackCommand(session) {
+    switch (session.agent) {
+        case 'claude': return ['claude', `/continue ${session.id}`];
+        case 'codex': return ['codex', `/continue ${session.id}`];
+        default: return null;
+    }
+}
 // ---------------------------------------------------------------------------
 // Cloud session source (--cloud)
 // ---------------------------------------------------------------------------

package/dist/commands/versions.js

@@ -7,12 +7,27 @@ import { AGENTS, ALL_AGENT_IDS, getAccountEmail, getAccountInfo, agentLabel, } f
 import { formatUsageSummary, getUsageInfoForIdentity, getUsageInfoByIdentity, getUsageLookupKey, } from '../lib/usage.js';
 import { viewAction } from './view.js';
 import { readManifest, writeManifest, createDefaultManifest } from '../lib/manifest.js';
-import { installVersion, removeVersion, listInstalledVersions, isVersionInstalled, isLatestInstalled, getGlobalDefault, setGlobalDefault, getVersionHomePath, syncResourcesToVersion, parseAgentSpec, promptResourceSelection, promptNewResourceSelection, getAvailableResources, getActuallySyncedResources, getNewResources, hasNewResources, } from '../lib/versions.js';
+import { installVersion, removeVersion, listInstalledVersions, isVersionInstalled, isLatestInstalled, getGlobalDefault, setGlobalDefault, getVersionHomePath, getVersionDir, syncResourcesToVersion, parseAgentSpec, promptResourceSelection, promptNewResourceSelection, getAvailableResources, getActuallySyncedResources, getNewResources, hasNewResources, } from '../lib/versions.js';
 import { createShim, createVersionedAlias, removeShim, shimExists, getShimsDir, getShimPath, getPathShadowingExecutable, isShimsInPath, getPathSetupInstructions, addShimsToPath, switchConfigSymlink, switchHomeFileSymlinks, } from '../lib/shims.js';
 import { isInteractiveTerminal, isPromptCancelled, requireInteractiveSelection } from './utils.js';
 import { tryAutoPull } from '../lib/git.js';
-import { getAgentsDir } from '../lib/state.js';
+import { getAgentsDir, getTrashVersionsDir } from '../lib/state.js';
 import { setHelpSections } from '../lib/help.js';
+import { updateSessionFilePaths } from '../lib/session/db.js';
+/**
+ * After removeVersion soft-deletes a version dir to trash, rewrite session
+ * file_path entries in the DB so reads still work from the new trash location.
+ */
+function fixSessionFilePaths(agent, version, oldVersionDir) {
+    const trashAgentDir = path.join(getTrashVersionsDir(), agent, version);
+    if (!fs.existsSync(trashAgentDir))
+        return;
+    const stamps = fs.readdirSync(trashAgentDir).sort().reverse();
+    if (stamps.length === 0)
+        return;
+    const trashPath = path.join(trashAgentDir, stamps[0]);
+    updateSessionFilePaths(oldVersionDir, trashPath);
+}
 /**
  * Helper to get actual installed version for an agent.
  * Returns the latest installed version, or throws if none installed.
@@ -362,7 +377,9 @@ export function registerVersionsCommands(program) {
                         continue;
                     }
                     for (const v of toRemove) {
+                        const versionDir = getVersionDir(agent, v);
                         removeVersion(agent, v);
+                        fixSessionFilePaths(agent, v, versionDir);
                         console.log(chalk.green(`Removed ${agentLabel(agentConfig.id)}@${v}`));
                     }
                     // Check if default was removed
@@ -390,7 +407,9 @@ export function registerVersionsCommands(program) {
                     console.log(chalk.gray(`${agentLabel(agentConfig.id)}@${version} not installed`));
                 }
                 else {
+                    const versionDir = getVersionDir(agent, version);
                     removeVersion(agent, version);
+                    fixSessionFilePaths(agent, version, versionDir);
                     console.log(chalk.green(`Removed ${agentLabel(agentConfig.id)}@${version}`));
                     // Remove shim if no versions left
                     const remaining = listInstalledVersions(agent);

package/dist/lib/agents.js

@@ -335,6 +335,50 @@ export const AGENTS = {
         supportsHooks: false,
         capabilities: { hooks: false, mcp: true, allowlist: false, skills: true, commands: true, plugins: false },
     },
+    // Google Antigravity CLI (`agy`) — official replacement for Gemini CLI as of IO 2026.
+    // configDir nests inside `~/.gemini/` since agy shares the parent dir with the Gemini
+    // CLI but isolates its own state in the `antigravity-cli/` subdir. Per-version HOME
+    // isolation works because the shim's configDirName carries the full nested path.
+    antigravity: {
+        id: 'antigravity',
+        name: 'Antigravity',
+        color: 'blueBright',
+        cliCommand: 'agy',
+        npmPackage: '',
+        installScript: 'curl -fsSL https://antigravity.google/cli/install.sh | bash',
+        configDir: path.join(HOME, '.gemini', 'antigravity-cli'),
+        commandsDir: path.join(HOME, '.gemini', 'antigravity-cli', 'commands'),
+        commandsSubdir: 'commands',
+        skillsDir: path.join(HOME, '.gemini', 'antigravity-cli', 'skills'),
+        hooksDir: 'hooks',
+        instructionsFile: 'AGENTS.md',
+        format: 'markdown',
+        variableSyntax: '{{args}}',
+        supportsHooks: false,
+        nativeAgentsSkillsDir: true,
+        capabilities: { hooks: false, mcp: true, allowlist: false, skills: true, commands: true, plugins: false, rulesImports: false },
+    },
+    // xAI Grok Build CLI (`grok`) — early beta, SuperGrok Heavy. Auth via OAuth on
+    // first launch, or GROK_CODE_XAI_API_KEY env var for headless. MCP supported
+    // out of the box; exact config file path verified at first install.
+    grok: {
+        id: 'grok',
+        name: 'Grok',
+        color: 'whiteBright',
+        cliCommand: 'grok',
+        npmPackage: '',
+        installScript: 'curl -fsSL https://x.ai/cli/install.sh | bash',
+        configDir: path.join(HOME, '.grok'),
+        commandsDir: path.join(HOME, '.grok', 'commands'),
+        commandsSubdir: 'commands',
+        skillsDir: path.join(HOME, '.grok', 'skills'),
+        hooksDir: 'hooks',
+        instructionsFile: 'AGENTS.md',
+        format: 'markdown',
+        variableSyntax: '$ARGUMENTS',
+        supportsHooks: false,
+        capabilities: { hooks: false, mcp: true, allowlist: false, skills: true, commands: true, plugins: false },
+    },
 };
 /** All registered agent IDs derived from the AGENTS registry. */
 export const ALL_AGENT_IDS = Object.keys(AGENTS);
@@ -1084,6 +1128,12 @@ function getUserMcpConfigPath(agentId) {
         case 'openclaw':
             // OpenClaw uses openclaw.json
             return path.join(agent.configDir, 'openclaw.json');
+        case 'antigravity':
+            // agy uses mcp_config.json inside its nested config dir (~/.gemini/antigravity-cli/)
+            return path.join(agent.configDir, 'mcp_config.json');
+        case 'grok':
+            // grok mcp.json — exact field schema verified at first install
+            return path.join(agent.configDir, 'mcp.json');
         default:
             // Gemini and others use settings.json
             return path.join(agent.configDir, 'settings.json');
@@ -1114,6 +1164,10 @@ export function getMcpConfigPathForHome(agentId, home) {
             return path.join(home, '.config', 'goose', 'config.yaml');
         case 'roo':
             return path.join(home, '.roo', 'mcp.json');
+        case 'antigravity':
+            return path.join(home, '.gemini', 'antigravity-cli', 'mcp_config.json');
+        case 'grok':
+            return path.join(home, '.grok', 'mcp.json');
         default:
             return path.join(home, `.${agentId}`, 'settings.json');
     }
@@ -1146,6 +1200,10 @@ function getProjectMcpConfigPath(agentId, cwd = process.cwd()) {
             return path.join(cwd, '.goose', 'config.yaml');
         case 'roo':
             return path.join(cwd, '.roo', 'mcp.json');
+        case 'antigravity':
+            return path.join(cwd, '.gemini', 'antigravity-cli', 'mcp_config.json');
+        case 'grok':
+            return path.join(cwd, '.grok', 'mcp.json');
         default:
             return path.join(cwd, `.${agentId}`, 'settings.json');
     }
@@ -1275,6 +1333,14 @@ export const AGENT_NAME_ALIASES = {
     roo: 'roo',
     'roo-code': 'roo',
     roocode: 'roo',
+    antigravity: 'antigravity',
+    'google-antigravity': 'antigravity',
+    agy: 'antigravity',
+    ag: 'antigravity',
+    grok: 'grok',
+    'grok-build': 'grok',
+    'xai-grok': 'grok',
+    gk: 'grok',
 };
 /** Resolve a user-provided agent name (alias, shorthand, or canonical) to its AgentId. */
 export function resolveAgentName(input) {

package/dist/lib/browser/chrome.js

@@ -110,7 +110,7 @@ isElectron = false) {
     if (secrets && bundleExists(secrets)) {
         try {
             const bundle = readBundle(secrets);
-            const bundleEnv = resolveBundleEnv(bundle);
+            const bundleEnv = resolveBundleEnv(bundle, { caller: 'browser profile' });
             env = { ...env, ...bundleEnv };
         }
         catch {

package/dist/lib/exec.js

@@ -197,6 +197,27 @@ export const AGENT_COMMANDS = {
         },
         modelFlag: '--model',
     },
+    antigravity: {
+        base: ['agy'],
+        promptFlag: 'positional',
+        modeFlags: {
+            plan: [],
+            edit: [],
+            full: [],
+        },
+        modelFlag: '--model',
+    },
+    grok: {
+        base: ['grok'],
+        promptFlag: '-p',
+        modeFlags: {
+            plan: [],
+            edit: [],
+            full: [],
+        },
+        jsonFlags: ['--output-format', 'streaming-json'],
+        modelFlag: '--model',
+    },
 };
 /** Assemble the full CLI argument array for an agent invocation. */
 export function buildExecCommand(options) {

package/dist/lib/registry.d.ts

@@ -24,6 +24,24 @@ export declare function searchMcpRegistries(query: string, options?: {
     registry?: string;
     limit?: number;
 }): Promise<RegistrySearchResult[]>;
+/**
+ * Convert an MCP server registry entry into an install spec suitable for
+ * writing into `manifest.mcp`. Returns `null` if the entry has no package we
+ * know how to launch (e.g. only remote endpoints, which the current manifest
+ * shape supports via `url`+`transport: 'http'` but isn't yet wired to the
+ * registry's `remotes` field).
+ *
+ * Supported package shapes:
+ *   - npm / runtime=node      → `npx -y <name>`
+ *   - pypi / runtime=python   → `uvx <name>`
+ *   - runtime=docker          → `docker run --rm -i <name>`
+ *   - runtime=binary          → `<name>` (assumed to be on PATH)
+ */
+export declare function mcpEntryToInstallSpec(entry: McpServerEntry): {
+    command?: string;
+    url?: string;
+    transport: 'stdio' | 'http';
+} | null;
 /** Look up detailed info for an MCP server by exact name. */
 export declare function getMcpServerInfo(serverName: string, registryName?: string): Promise<McpServerEntry | null>;
 /** Search skill registries for entries matching a query string. */

package/dist/lib/registry.js

@@ -113,6 +113,50 @@ export async function searchMcpRegistries(query, options) {
     }
     return results;
 }
+/**
+ * Convert an MCP server registry entry into an install spec suitable for
+ * writing into `manifest.mcp`. Returns `null` if the entry has no package we
+ * know how to launch (e.g. only remote endpoints, which the current manifest
+ * shape supports via `url`+`transport: 'http'` but isn't yet wired to the
+ * registry's `remotes` field).
+ *
+ * Supported package shapes:
+ *   - npm / runtime=node      → `npx -y <name>`
+ *   - pypi / runtime=python   → `uvx <name>`
+ *   - runtime=docker          → `docker run --rm -i <name>`
+ *   - runtime=binary          → `<name>` (assumed to be on PATH)
+ */
+export function mcpEntryToInstallSpec(entry) {
+    const pkg = entry.packages?.[0];
+    if (!pkg)
+        return null;
+    // Remote transports (sse / streamable-http) need a URL the registry doesn't
+    // currently expose in this client's type. Skip for now; caller can fall back
+    // to manual --transport http with an explicit URL.
+    if (pkg.transport === 'sse' || pkg.transport === 'streamable-http') {
+        return null;
+    }
+    const reg = pkg.registry_name?.toLowerCase();
+    const runtime = pkg.runtime;
+    const name = pkg.name;
+    if (!name)
+        return null;
+    if (reg === 'npm' || runtime === 'node') {
+        return { command: `npx -y ${name}`, transport: 'stdio' };
+    }
+    if (reg === 'pypi' || runtime === 'python') {
+        return { command: `uvx ${name}`, transport: 'stdio' };
+    }
+    if (runtime === 'docker') {
+        return { command: `docker run --rm -i ${name}`, transport: 'stdio' };
+    }
+    if (runtime === 'binary') {
+        return { command: name, transport: 'stdio' };
+    }
+    // Unknown registry/runtime — fall back to bare name so the user gets *something*
+    // to inspect via `agents mcp view`, rather than a silent miss.
+    return { command: name, transport: 'stdio' };
+}
 /** Look up detailed info for an MCP server by exact name. */
 export async function getMcpServerInfo(serverName, registryName) {
     const registries = getEnabledRegistries('mcp');

package/dist/lib/resources/mcp.js

@@ -15,7 +15,7 @@ import * as yaml from 'yaml';
 import * as TOML from 'smol-toml';
 import { getSystemMcpDir, getUserMcpDir, getProjectAgentsDir, getEnabledExtraRepos, } from '../state.js';
 /** Agents from resources/types.ts that support MCP. */
-const MCP_CAPABLE_AGENTS = ['claude', 'codex', 'gemini', 'cursor', 'opencode', 'openclaw'];
+const MCP_CAPABLE_AGENTS = ['claude', 'codex', 'gemini', 'cursor', 'opencode', 'openclaw', 'antigravity', 'grok'];
 /**
  * Parse an MCP YAML file into an McpItem.
  */
@@ -119,6 +119,11 @@ export function getMcpConfigPath(agent, versionHome) {
             return path.join(versionHome, '.gemini', 'settings.json');
         case 'openclaw':
             return path.join(versionHome, '.openclaw', 'openclaw.json');
+        case 'antigravity':
+            // agy nests under ~/.gemini/antigravity-cli/ (shared parent with Gemini, distinct subdir).
+            return path.join(versionHome, '.gemini', 'antigravity-cli', 'mcp_config.json');
+        case 'grok':
+            return path.join(versionHome, '.grok', 'mcp.json');
         default:
             return null;
     }

package/dist/lib/resources/types.d.ts

@@ -5,7 +5,7 @@
  * - Union: All resources from all layers are combined
  * - Override on name conflict: Higher layer wins (project > user > system)
  */
-export type AgentId = 'claude' | 'codex' | 'gemini' | 'cursor' | 'opencode' | 'openclaw';
+export type AgentId = 'claude' | 'codex' | 'gemini' | 'cursor' | 'opencode' | 'openclaw' | 'antigravity' | 'grok';
 export type Layer = 'system' | 'user' | 'project';
 export type ResourceKind = 'command' | 'hook' | 'skill' | 'rule' | 'mcp' | 'permission' | 'subagent' | 'workflow';
 /** A resolved resource with its origin layer. */

package/dist/lib/secrets/{AgentsKeychain.app/Contents/Info.plist → Agents CLI.app/Contents/Info.plist }

@@ -5,9 +5,11 @@
   <key>CFBundleIdentifier</key>
   <string>com.phnx-labs.agents-keychain</string>
   <key>CFBundleName</key>
-  <string>AgentsKeychain</string>
+  <string>Agents CLI</string>
+  <key>CFBundleDisplayName</key>
+  <string>Agents CLI</string>
   <key>CFBundleExecutable</key>
-  <string>AgentsKeychain</string>
+  <string>Agents CLI</string>
   <key>CFBundlePackageType</key>
   <string>APPL</string>
   <key>CFBundleVersion</key>

package/dist/lib/secrets/bundles.d.ts

@@ -71,7 +71,17 @@ export interface BundleEntryInfo {
     detail: string;
 }
 export declare function describeBundle(bundle: SecretsBundle): BundleEntryInfo[];
-export declare function resolveBundleEnv(bundle: SecretsBundle): Record<string, string>;
+/** Options for resolveBundleEnv. */
+export interface ResolveBundleOptions {
+    /**
+     * Human-readable label for who is requesting the secrets. Shown to the
+     * user under the Touch ID prompt so they know what's about to read.
+     * Example: "agent claude", "command curl", "browser profile".
+     * When omitted the prompt only names the bundle.
+     */
+    caller?: string;
+}
+export declare function resolveBundleEnv(bundle: SecretsBundle, opts?: ResolveBundleOptions): Record<string, string>;
 export declare function keychainRef(key: string): string;
 /** Options for rotateBundleSecret. */
 export interface RotateOptions {

package/dist/lib/secrets/bundles.js

@@ -15,7 +15,7 @@ import * as fs from 'fs';
 import * as os from 'os';
 import * as path from 'path';
 import * as yaml from 'yaml';
-import { deleteKeychainToken, getKeychainToken, hasKeychainToken, listKeychainItems, parseBundleValue, resolveRef, secretsKeychainItem, setKeychainToken, } from './index.js';
+import { deleteKeychainToken, getKeychainToken, getKeychainTokensBatch, hasKeychainToken, listKeychainItems, parseBundleValue, resolveRef, secretsKeychainItem, setKeychainToken, } from './index.js';
 import { emit } from '../events.js';
 /** Allowed values for a secret's `type` metadata field. */
 export const SECRET_TYPES = [
@@ -253,19 +253,48 @@ function stampLastUsed(bundle) {
         // Swallow — telemetry must never block secret resolution.
     }
 }
-// Walk the bundle and produce a flat env map. Keychain refs are translated via
-// the bundle-scoped naming scheme so two bundles with the same short ID never
-// collide. Throws on the first missing secret so `agents run` fails loudly
-// rather than silently injecting empty strings.
-export function resolveBundleEnv(bundle) {
+export function resolveBundleEnv(bundle, opts = {}) {
     stampLastUsed(bundle);
-    const env = {};
+    const parsedByKey = new Map();
+    const keychainItemsToFetch = [];
+    const keychainItemToKey = new Map();
     for (const [key, raw] of Object.entries(bundle.vars)) {
         const parsed = parseBundleValue(raw);
+        parsedByKey.set(key, parsed);
+        if ('ref' in parsed && parsed.ref.provider === 'keychain') {
+            const item = secretsKeychainItem(bundle.name, parsed.ref.value);
+            keychainItemsToFetch.push(item);
+            keychainItemToKey.set(item, key);
+        }
+    }
+    // Build the localizedReason shown under the Touch ID prompt. Lowercase verb
+    // phrase per Apple HIG — the system prepends "<App> is required to ".
+    const reason = opts.caller
+        ? `read ${bundle.name} secrets (for ${opts.caller})`
+        : `read ${bundle.name} secrets`;
+    // Single helper invocation, one biometric prompt.
+    const fetched = keychainItemsToFetch.length > 0
+        ? getKeychainTokensBatch(keychainItemsToFetch, bundle.icloud_sync, reason)
+        : new Map();
+    // Second pass: assemble env. Keychain values come from the batch; everything
+    // else is resolved inline (literals and env/file/exec refs don't prompt).
+    const env = {};
+    for (const [key, raw] of Object.entries(bundle.vars)) {
+        const parsed = parsedByKey.get(key);
         if ('literal' in parsed) {
             env[key] = parsed.literal;
             continue;
         }
+        if (parsed.ref.provider === 'keychain') {
+            const item = secretsKeychainItem(bundle.name, parsed.ref.value);
+            const value = fetched.get(item);
+            if (value === undefined) {
+                throw new Error(`Bundle '${bundle.name}' key '${key}': keychain item '${item}' not found. ` +
+                    `Run: agents secrets add ${bundle.name} ${key}`);
+            }
+            env[key] = value;
+            continue;
+        }
         try {
             env[key] = resolveRef(parsed.ref, {
                 allowExec: bundle.allow_exec,
@@ -274,11 +303,7 @@ export function resolveBundleEnv(bundle) {
             });
         }
         catch (err) {
-            const msg = err.message;
-            if (parsed.ref.provider === 'keychain' && /not found/.test(msg)) {
-                throw new Error(`${msg} Run: agents secrets add ${bundle.name} ${key}`);
-            }
-            throw new Error(`Bundle '${bundle.name}' key '${key}': ${msg}`);
+            throw new Error(`Bundle '${bundle.name}' key '${key}': ${err.message}`);
         }
     }
     return env;