@qwen-code/qwen-code 0.9.0-preview.3 → 0.9.0

package/cli.js

@@ -26270,21 +26270,21 @@ var init_from = __esm({
     init_fetch_blob();
     ({ stat } = fs2);
     blobFromSync = /* @__PURE__ */ __name((path123, type) => fromBlob(statSync(path123), path123, type), "blobFromSync");
-    blobFrom = /* @__PURE__ */ __name((path123, type) => stat(path123).then((stat11) => fromBlob(stat11, path123, type)), "blobFrom");
-    fileFrom = /* @__PURE__ */ __name((path123, type) => stat(path123).then((stat11) => fromFile(stat11, path123, type)), "fileFrom");
+    blobFrom = /* @__PURE__ */ __name((path123, type) => stat(path123).then((stat10) => fromBlob(stat10, path123, type)), "blobFrom");
+    fileFrom = /* @__PURE__ */ __name((path123, type) => stat(path123).then((stat10) => fromFile(stat10, path123, type)), "fileFrom");
     fileFromSync = /* @__PURE__ */ __name((path123, type) => fromFile(statSync(path123), path123, type), "fileFromSync");
-    fromBlob = /* @__PURE__ */ __name((stat11, path123, type = "") => new fetch_blob_default([new BlobDataItem({
+    fromBlob = /* @__PURE__ */ __name((stat10, path123, type = "") => new fetch_blob_default([new BlobDataItem({
       path: path123,
-      size: stat11.size,
-      lastModified: stat11.mtimeMs,
+      size: stat10.size,
+      lastModified: stat10.mtimeMs,
       start: 0
     })], { type }), "fromBlob");
-    fromFile = /* @__PURE__ */ __name((stat11, path123, type = "") => new file_default([new BlobDataItem({
+    fromFile = /* @__PURE__ */ __name((stat10, path123, type = "") => new file_default([new BlobDataItem({
       path: path123,
-      size: stat11.size,
-      lastModified: stat11.mtimeMs,
+      size: stat10.size,
+      lastModified: stat10.mtimeMs,
       start: 0
-    })], basename(path123), { type, lastModified: stat11.mtimeMs }), "fromFile");
+    })], basename(path123), { type, lastModified: stat10.mtimeMs }), "fromFile");
     BlobDataItem = class _BlobDataItem {
       static {
         __name(this, "BlobDataItem");
@@ -123529,18 +123529,18 @@ var require_async = __commonJS({
       ];
     }, "defaultPaths");
     var defaultIsFile = /* @__PURE__ */ __name(function isFile3(file, cb) {
-      fs110.stat(file, function(err, stat11) {
+      fs110.stat(file, function(err, stat10) {
         if (!err) {
-          return cb(null, stat11.isFile() || stat11.isFIFO());
+          return cb(null, stat10.isFile() || stat10.isFIFO());
         }
         if (err.code === "ENOENT" || err.code === "ENOTDIR") return cb(null, false);
         return cb(err);
       });
     }, "isFile");
     var defaultIsDir = /* @__PURE__ */ __name(function isDirectory(dir, cb) {
-      fs110.stat(dir, function(err, stat11) {
+      fs110.stat(dir, function(err, stat10) {
         if (!err) {
-          return cb(null, stat11.isDirectory());
+          return cb(null, stat10.isDirectory());
         }
         if (err.code === "ENOENT" || err.code === "ENOTDIR") return cb(null, false);
         return cb(err);
@@ -124036,21 +124036,21 @@ var require_sync = __commonJS({
     }, "defaultPaths");
     var defaultIsFile = /* @__PURE__ */ __name(function isFile3(file) {
       try {
-        var stat11 = fs110.statSync(file, { throwIfNoEntry: false });
+        var stat10 = fs110.statSync(file, { throwIfNoEntry: false });
       } catch (e4) {
         if (e4 && (e4.code === "ENOENT" || e4.code === "ENOTDIR")) return false;
         throw e4;
       }
-      return !!stat11 && (stat11.isFile() || stat11.isFIFO());
+      return !!stat10 && (stat10.isFile() || stat10.isFIFO());
     }, "isFile");
     var defaultIsDir = /* @__PURE__ */ __name(function isDirectory(dir) {
       try {
-        var stat11 = fs110.statSync(dir, { throwIfNoEntry: false });
+        var stat10 = fs110.statSync(dir, { throwIfNoEntry: false });
       } catch (e4) {
         if (e4 && (e4.code === "ENOENT" || e4.code === "ENOTDIR")) return false;
         throw e4;
       }
-      return !!stat11 && stat11.isDirectory();
+      return !!stat10 && stat10.isDirectory();
     }, "isDirectory");
     var defaultRealpathSync = /* @__PURE__ */ __name(function realpathSync8(x3) {
       try {
@@ -124476,14 +124476,14 @@ var require_require_in_the_middle = __commonJS({
           moduleName2 = parsedPath.name;
           basedir = parsedPath.dir;
         } else {
-          const stat11 = moduleDetailsFromPath(filename);
-          if (stat11 === void 0) {
+          const stat10 = moduleDetailsFromPath(filename);
+          if (stat10 === void 0) {
             debug3("could not parse filename: %s", filename);
             return exports3;
           }
-          moduleName2 = stat11.name;
-          basedir = stat11.basedir;
-          const fullModuleName = resolveModuleName(stat11);
+          moduleName2 = stat10.name;
+          basedir = stat10.basedir;
+          const fullModuleName = resolveModuleName(stat10);
           debug3("resolved filename to module: %s (id: %s, resolved: %s, basedir: %s)", moduleName2, id, fullModuleName, basedir);
           let matchFound = false;
           if (hasWhitelist) {
@@ -124547,9 +124547,9 @@ var require_require_in_the_middle = __commonJS({
         }
       }
     };
-    function resolveModuleName(stat11) {
-      const normalizedPath = path123.sep !== "/" ? stat11.path.split(path123.sep).join("/") : stat11.path;
-      return path123.posix.join(stat11.name, normalizedPath).replace(normalize11, "");
+    function resolveModuleName(stat10) {
+      const normalizedPath = path123.sep !== "/" ? stat10.path.split(path123.sep).join("/") : stat10.path;
+      return path123.posix.join(stat10.name, normalizedPath).replace(normalize11, "");
     }
     __name(resolveModuleName, "resolveModuleName");
   }
@@ -155848,7 +155848,7 @@ __export(geminiContentGenerator_exports, {
   createGeminiContentGenerator: () => createGeminiContentGenerator
 });
 function createGeminiContentGenerator(config2, gcConfig) {
-  const version2 = "0.9.0-preview.3";
+  const version2 = "0.9.0";
   const userAgent2 = config2.userAgent || `QwenCode/${version2} (${process.platform}; ${process.arch})`;
   const baseHeaders = {
     "User-Agent": userAgent2
@@ -187415,12 +187415,12 @@ var require_src36 = __commonJS({
     function check2(path123, isFile3, isDirectory) {
       log(`checking %s`, path123);
       try {
-        const stat11 = fs_1.statSync(path123);
-        if (stat11.isFile() && isFile3) {
+        const stat10 = fs_1.statSync(path123);
+        if (stat10.isFile() && isFile3) {
           log(`[OK] path represents a file`);
           return true;
         }
-        if (stat11.isDirectory() && isDirectory) {
+        if (stat10.isDirectory() && isDirectory) {
           log(`[OK] path represents a directory`);
           return true;
         }
@@ -203472,16 +203472,16 @@ var require_windows = __commonJS({
       return false;
     }
     __name(checkPathExt, "checkPathExt");
-    function checkStat(stat11, path123, options2) {
-      if (!stat11.isSymbolicLink() && !stat11.isFile()) {
+    function checkStat(stat10, path123, options2) {
+      if (!stat10.isSymbolicLink() && !stat10.isFile()) {
         return false;
       }
       return checkPathExt(path123, options2);
     }
     __name(checkStat, "checkStat");
     function isexe(path123, options2, cb) {
-      fs110.stat(path123, function(er2, stat11) {
-        cb(er2, er2 ? false : checkStat(stat11, path123, options2));
+      fs110.stat(path123, function(er2, stat10) {
+        cb(er2, er2 ? false : checkStat(stat10, path123, options2));
       });
     }
     __name(isexe, "isexe");
@@ -203500,8 +203500,8 @@ var require_mode = __commonJS({
     isexe.sync = sync2;
     var fs110 = __require("fs");
     function isexe(path123, options2, cb) {
-      fs110.stat(path123, function(er2, stat11) {
-        cb(er2, er2 ? false : checkStat(stat11, options2));
+      fs110.stat(path123, function(er2, stat10) {
+        cb(er2, er2 ? false : checkStat(stat10, options2));
       });
     }
     __name(isexe, "isexe");
@@ -203509,14 +203509,14 @@ var require_mode = __commonJS({
       return checkStat(fs110.statSync(path123), options2);
     }
     __name(sync2, "sync");
-    function checkStat(stat11, options2) {
-      return stat11.isFile() && checkMode(stat11, options2);
+    function checkStat(stat10, options2) {
+      return stat10.isFile() && checkMode(stat10, options2);
     }
     __name(checkStat, "checkStat");
-    function checkMode(stat11, options2) {
-      var mod2 = stat11.mode;
-      var uid = stat11.uid;
-      var gid = stat11.gid;
+    function checkMode(stat10, options2) {
+      var mod2 = stat10.mode;
+      var uid = stat10.uid;
+      var gid = stat10.gid;
       var myUid = options2.uid !== void 0 ? options2.uid : process.getuid && process.getuid();
       var myGid = options2.gid !== void 0 ? options2.gid : process.getgid && process.getgid();
       var u2 = parseInt("100", 8);
@@ -204647,14 +204647,14 @@ var init_ide_client = __esm({
         const fileContents = await Promise.all(lockFiles.map(async (file) => {
           const fullPath = path32.join(ideDir, file);
           try {
-            const stat11 = await fs32.promises.stat(fullPath);
+            const stat10 = await fs32.promises.stat(fullPath);
             const content = await fs32.promises.readFile(fullPath, "utf8");
             try {
               const parsed = JSON.parse(content);
-              return { file, mtimeMs: stat11.mtimeMs, parsed };
+              return { file, mtimeMs: stat10.mtimeMs, parsed };
             } catch (e4) {
               logger.debug("Failed to parse JSON from lock file: ", e4);
-              return { file, mtimeMs: stat11.mtimeMs, parsed: void 0 };
+              return { file, mtimeMs: stat10.mtimeMs, parsed: void 0 };
             }
           } catch (e4) {
             logger.debug("Failed to read/stat IDE lock file:", e4);
@@ -210920,6 +210920,82 @@ function getMCPServerStatus(serverName) {
 function getMCPDiscoveryState() {
   return mcpDiscoveryState;
 }
+function extractWWWAuthenticateHeader(errorString) {
+  const patterns = [
+    /www-authenticate:\s*([^\n\r]+)/i,
+    /WWW-Authenticate:\s*([^\n\r]+)/i,
+    /"www-authenticate":\s*"([^"]+)"/i,
+    /'www-authenticate':\s*'([^']+)'/i
+  ];
+  for (const pattern of patterns) {
+    const match2 = errorString.match(pattern);
+    if (match2) {
+      return match2[1].trim();
+    }
+  }
+  return null;
+}
+async function handleAutomaticOAuth(mcpServerName, mcpServerConfig, wwwAuthenticate) {
+  try {
+    console.log(`\u{1F510} '${mcpServerName}' requires OAuth authentication`);
+    let oauthConfig;
+    const resourceMetadataUri = OAuthUtils.parseWWWAuthenticateHeader(wwwAuthenticate);
+    if (resourceMetadataUri) {
+      oauthConfig = await OAuthUtils.discoverOAuthConfig(resourceMetadataUri);
+    } else if (hasNetworkTransport(mcpServerConfig)) {
+      const serverUrl2 = new URL(mcpServerConfig.httpUrl || mcpServerConfig.url);
+      const baseUrl = `${serverUrl2.protocol}//${serverUrl2.host}`;
+      oauthConfig = await OAuthUtils.discoverOAuthConfig(baseUrl);
+    }
+    if (!oauthConfig) {
+      console.error(`\u274C Could not configure OAuth for '${mcpServerName}' - please authenticate manually with /mcp auth ${mcpServerName}`);
+      return false;
+    }
+    const oauthAuthConfig = {
+      enabled: true,
+      authorizationUrl: oauthConfig.authorizationUrl,
+      tokenUrl: oauthConfig.tokenUrl,
+      scopes: oauthConfig.scopes || []
+    };
+    const serverUrl = mcpServerConfig.httpUrl || mcpServerConfig.url;
+    console.log(`Starting OAuth authentication for server '${mcpServerName}'...`);
+    const authProvider = new MCPOAuthProvider(new MCPOAuthTokenStorage());
+    await authProvider.authenticate(mcpServerName, oauthAuthConfig, serverUrl);
+    console.log(`OAuth authentication successful for server '${mcpServerName}'`);
+    return true;
+  } catch (error2) {
+    console.error(`Failed to handle automatic OAuth for server '${mcpServerName}': ${getErrorMessage(error2)}`);
+    return false;
+  }
+}
+async function createTransportWithOAuth(mcpServerName, mcpServerConfig, accessToken) {
+  try {
+    if (mcpServerConfig.httpUrl) {
+      const oauthTransportOptions = {
+        requestInit: {
+          headers: {
+            ...mcpServerConfig.headers,
+            Authorization: `Bearer ${accessToken}`
+          }
+        }
+      };
+      return new StreamableHTTPClientTransport(new URL(mcpServerConfig.httpUrl), oauthTransportOptions);
+    } else if (mcpServerConfig.url) {
+      return new SSEClientTransport(new URL(mcpServerConfig.url), {
+        requestInit: {
+          headers: {
+            ...mcpServerConfig.headers,
+            Authorization: `Bearer ${accessToken}`
+          }
+        }
+      });
+    }
+    return null;
+  } catch (error2) {
+    console.error(`Failed to create OAuth transport for server '${mcpServerName}': ${getErrorMessage(error2)}`);
+    return null;
+  }
+}
 function populateMcpServerCommand(mcpServers, mcpServerCommand) {
   if (mcpServerCommand) {
     const cmd = mcpServerCommand;
@@ -210934,6 +211010,32 @@ function populateMcpServerCommand(mcpServers, mcpServerCommand) {
   }
   return mcpServers;
 }
+async function connectAndDiscover(mcpServerName, mcpServerConfig, toolRegistry, promptRegistry, debugMode, workspaceContext, cliConfig, sendSdkMcpMessage) {
+  updateMCPServerStatus(mcpServerName, MCPServerStatus.CONNECTING);
+  let mcpClient;
+  try {
+    mcpClient = await connectToMcpServer(mcpServerName, mcpServerConfig, debugMode, workspaceContext, sendSdkMcpMessage);
+    mcpClient.onerror = (error2) => {
+      console.error(`MCP ERROR (${mcpServerName}):`, error2.toString());
+      updateMCPServerStatus(mcpServerName, MCPServerStatus.DISCONNECTED);
+    };
+    const prompts3 = await discoverPrompts(mcpServerName, mcpClient, promptRegistry);
+    const tools = await discoverTools(mcpServerName, mcpServerConfig, mcpClient, cliConfig);
+    if (prompts3.length === 0 && tools.length === 0) {
+      throw new Error("No prompts or tools found on the server.");
+    }
+    updateMCPServerStatus(mcpServerName, MCPServerStatus.CONNECTED);
+    for (const tool of tools) {
+      toolRegistry.registerTool(tool);
+    }
+  } catch (error2) {
+    if (mcpClient) {
+      mcpClient.close();
+    }
+    console.error(`Error connecting to MCP server '${mcpServerName}': ${getErrorMessage(error2)}`);
+    updateMCPServerStatus(mcpServerName, MCPServerStatus.DISCONNECTED);
+  }
+}
 async function discoverTools(mcpServerName, mcpServerConfig, mcpClient, cliConfig) {
   try {
     const mcpCallableTool = mcpToTool(mcpClient, {
@@ -210999,6 +211101,241 @@ async function invokeMcpPrompt(mcpServerName, mcpClient, promptName, promptParam
     throw error2;
   }
 }
+function hasNetworkTransport(config2) {
+  return !!(config2.url || config2.httpUrl);
+}
+async function connectToMcpServer(mcpServerName, mcpServerConfig, debugMode, workspaceContext, sendSdkMcpMessage) {
+  const mcpClient = new Client({
+    name: "qwen-code-mcp-client",
+    version: "0.0.1"
+  });
+  mcpClient.registerCapabilities({
+    roots: {
+      listChanged: true
+    }
+  });
+  mcpClient.setRequestHandler(ListRootsRequestSchema, async () => {
+    const roots = [];
+    for (const dir of workspaceContext.getDirectories()) {
+      roots.push({
+        uri: pathToFileURL(dir).toString(),
+        name: basename11(dir)
+      });
+    }
+    return {
+      roots
+    };
+  });
+  let unlistenDirectories = workspaceContext.onDirectoriesChanged(async () => {
+    try {
+      await mcpClient.notification({
+        method: "notifications/roots/list_changed"
+      });
+    } catch (_2) {
+      unlistenDirectories?.();
+      unlistenDirectories = void 0;
+    }
+  });
+  const oldOnClose = mcpClient.onclose;
+  mcpClient.onclose = () => {
+    oldOnClose?.();
+    unlistenDirectories?.();
+    unlistenDirectories = void 0;
+  };
+  try {
+    const transport = await createTransport(mcpServerName, mcpServerConfig, debugMode, sendSdkMcpMessage);
+    try {
+      await mcpClient.connect(transport, {
+        timeout: mcpServerConfig.timeout ?? MCP_DEFAULT_TIMEOUT_MSEC
+      });
+      return mcpClient;
+    } catch (error2) {
+      await transport.close();
+      throw error2;
+    }
+  } catch (error2) {
+    const errorString = String(error2);
+    if (errorString.includes("401") && hasNetworkTransport(mcpServerConfig)) {
+      mcpServerRequiresOAuth.set(mcpServerName, true);
+      const shouldTriggerOAuth = mcpServerConfig.httpUrl || mcpServerConfig.oauth?.enabled;
+      if (!shouldTriggerOAuth) {
+        const tokenStorage = new MCPOAuthTokenStorage();
+        const credentials = await tokenStorage.getCredentials(mcpServerName);
+        if (credentials) {
+          const authProvider = new MCPOAuthProvider(tokenStorage);
+          const hasStoredTokens = await authProvider.getValidToken(mcpServerName, {
+            // Pass client ID if available
+            clientId: credentials.clientId
+          });
+          if (hasStoredTokens) {
+            console.log(`Stored OAuth token for SSE server '${mcpServerName}' was rejected. Please re-authenticate using: /mcp auth ${mcpServerName}`);
+          } else {
+            console.log(`401 error received for SSE server '${mcpServerName}' without OAuth configuration. Please authenticate using: /mcp auth ${mcpServerName}`);
+          }
+        }
+        throw new Error(`401 error received for SSE server '${mcpServerName}' without OAuth configuration. Please authenticate using: /mcp auth ${mcpServerName}`);
+      }
+      let wwwAuthenticate = extractWWWAuthenticateHeader(errorString);
+      if (!wwwAuthenticate && hasNetworkTransport(mcpServerConfig)) {
+        console.log(`No www-authenticate header in error, trying to fetch it from server...`);
+        try {
+          const urlToFetch = mcpServerConfig.httpUrl || mcpServerConfig.url;
+          const response = await fetch(urlToFetch, {
+            method: "HEAD",
+            headers: {
+              Accept: mcpServerConfig.httpUrl ? "application/json" : "text/event-stream"
+            },
+            signal: AbortSignal.timeout(5e3)
+          });
+          if (response.status === 401) {
+            wwwAuthenticate = response.headers.get("www-authenticate");
+            if (wwwAuthenticate) {
+              console.log(`Found www-authenticate header from server: ${wwwAuthenticate}`);
+            }
+          }
+        } catch (fetchError) {
+          console.debug(`Failed to fetch www-authenticate header: ${getErrorMessage(fetchError)}`);
+        }
+      }
+      if (wwwAuthenticate) {
+        console.log(`Received 401 with www-authenticate header: ${wwwAuthenticate}`);
+        const oauthSuccess = await handleAutomaticOAuth(mcpServerName, mcpServerConfig, wwwAuthenticate);
+        if (oauthSuccess) {
+          console.log(`Retrying connection to '${mcpServerName}' with OAuth token...`);
+          const tokenStorage = new MCPOAuthTokenStorage();
+          const credentials = await tokenStorage.getCredentials(mcpServerName);
+          if (credentials) {
+            const authProvider = new MCPOAuthProvider(tokenStorage);
+            const accessToken = await authProvider.getValidToken(mcpServerName, {
+              // Pass client ID if available
+              clientId: credentials.clientId
+            });
+            if (accessToken) {
+              const oauthTransport = await createTransportWithOAuth(mcpServerName, mcpServerConfig, accessToken);
+              if (oauthTransport) {
+                try {
+                  await mcpClient.connect(oauthTransport, {
+                    timeout: mcpServerConfig.timeout ?? MCP_DEFAULT_TIMEOUT_MSEC
+                  });
+                  return mcpClient;
+                } catch (retryError) {
+                  console.error(`Failed to connect with OAuth token: ${getErrorMessage(retryError)}`);
+                  throw retryError;
+                }
+              } else {
+                console.error(`Failed to create OAuth transport for server '${mcpServerName}'`);
+                throw new Error(`Failed to create OAuth transport for server '${mcpServerName}'`);
+              }
+            } else {
+              console.error(`Failed to get OAuth token for server '${mcpServerName}'`);
+              throw new Error(`Failed to get OAuth token for server '${mcpServerName}'`);
+            }
+          } else {
+            console.error(`Failed to get credentials for server '${mcpServerName}' after successful OAuth authentication`);
+            throw new Error(`Failed to get credentials for server '${mcpServerName}' after successful OAuth authentication`);
+          }
+        } else {
+          console.error(`Failed to handle automatic OAuth for server '${mcpServerName}'`);
+          throw new Error(`Failed to handle automatic OAuth for server '${mcpServerName}'`);
+        }
+      } else {
+        const shouldTryDiscovery = mcpServerConfig.httpUrl || mcpServerConfig.oauth?.enabled;
+        if (!shouldTryDiscovery) {
+          const tokenStorage = new MCPOAuthTokenStorage();
+          const credentials = await tokenStorage.getCredentials(mcpServerName);
+          if (credentials) {
+            const authProvider = new MCPOAuthProvider(tokenStorage);
+            const hasStoredTokens = await authProvider.getValidToken(mcpServerName, {
+              // Pass client ID if available
+              clientId: credentials.clientId
+            });
+            if (hasStoredTokens) {
+              console.log(`Stored OAuth token for SSE server '${mcpServerName}' was rejected. Please re-authenticate using: /mcp auth ${mcpServerName}`);
+            } else {
+              console.log(`401 error received for SSE server '${mcpServerName}' without OAuth configuration. Please authenticate using: /mcp auth ${mcpServerName}`);
+            }
+          }
+          throw new Error(`401 error received for SSE server '${mcpServerName}' without OAuth configuration. Please authenticate using: /mcp auth ${mcpServerName}`);
+        }
+        console.log(`\u{1F50D} Attempting OAuth discovery for '${mcpServerName}'...`);
+        if (hasNetworkTransport(mcpServerConfig)) {
+          const serverUrl = new URL(mcpServerConfig.httpUrl || mcpServerConfig.url);
+          const baseUrl = `${serverUrl.protocol}//${serverUrl.host}`;
+          try {
+            const oauthConfig = await OAuthUtils.discoverOAuthConfig(baseUrl);
+            if (oauthConfig) {
+              console.log(`Discovered OAuth configuration from base URL for server '${mcpServerName}'`);
+              const oauthAuthConfig = {
+                enabled: true,
+                authorizationUrl: oauthConfig.authorizationUrl,
+                tokenUrl: oauthConfig.tokenUrl,
+                scopes: oauthConfig.scopes || []
+              };
+              const authServerUrl = mcpServerConfig.httpUrl || mcpServerConfig.url;
+              console.log(`Starting OAuth authentication for server '${mcpServerName}'...`);
+              const authProvider = new MCPOAuthProvider(new MCPOAuthTokenStorage());
+              await authProvider.authenticate(mcpServerName, oauthAuthConfig, authServerUrl);
+              const tokenStorage = new MCPOAuthTokenStorage();
+              const credentials = await tokenStorage.getCredentials(mcpServerName);
+              if (credentials) {
+                const authProvider2 = new MCPOAuthProvider(tokenStorage);
+                const accessToken = await authProvider2.getValidToken(mcpServerName, {
+                  // Pass client ID if available
+                  clientId: credentials.clientId
+                });
+                if (accessToken) {
+                  const oauthTransport = await createTransportWithOAuth(mcpServerName, mcpServerConfig, accessToken);
+                  if (oauthTransport) {
+                    try {
+                      await mcpClient.connect(oauthTransport, {
+                        timeout: mcpServerConfig.timeout ?? MCP_DEFAULT_TIMEOUT_MSEC
+                      });
+                      return mcpClient;
+                    } catch (retryError) {
+                      console.error(`Failed to connect with OAuth token: ${getErrorMessage(retryError)}`);
+                      throw retryError;
+                    }
+                  } else {
+                    console.error(`Failed to create OAuth transport for server '${mcpServerName}'`);
+                    throw new Error(`Failed to create OAuth transport for server '${mcpServerName}'`);
+                  }
+                } else {
+                  console.error(`Failed to get OAuth token for server '${mcpServerName}'`);
+                  throw new Error(`Failed to get OAuth token for server '${mcpServerName}'`);
+                }
+              } else {
+                console.error(`Failed to get stored credentials for server '${mcpServerName}'`);
+                throw new Error(`Failed to get stored credentials for server '${mcpServerName}'`);
+              }
+            } else {
+              console.error(`\u274C Could not configure OAuth for '${mcpServerName}' - please authenticate manually with /mcp auth ${mcpServerName}`);
+              throw new Error(`OAuth configuration failed for '${mcpServerName}'. Please authenticate manually with /mcp auth ${mcpServerName}`);
+            }
+          } catch (discoveryError) {
+            console.error(`\u274C OAuth discovery failed for '${mcpServerName}' - please authenticate manually with /mcp auth ${mcpServerName}`);
+            throw discoveryError;
+          }
+        } else {
+          console.error(`\u274C '${mcpServerName}' requires authentication but no OAuth configuration found`);
+          throw new Error(`MCP server '${mcpServerName}' requires authentication. Please configure OAuth or check server settings.`);
+        }
+      }
+    } else {
+      const errorMessage = error2.message || String(error2);
+      const isNetworkError = errorMessage.includes("ENOTFOUND") || errorMessage.includes("ECONNREFUSED");
+      let conciseError;
+      if (isNetworkError) {
+        conciseError = `Cannot connect to '${mcpServerName}' - server may be down or URL incorrect`;
+      } else {
+        conciseError = `Connection failed for '${mcpServerName}': ${errorMessage}`;
+      }
+      if (process.env["SANDBOX"]) {
+        conciseError += ` (check sandbox availability)`;
+      }
+      throw new Error(conciseError);
+    }
+  }
+}
 async function createTransport(mcpServerName, mcpServerConfig, debugMode, sendSdkMcpMessage) {
   if (isSdkMcpServerConfig(mcpServerConfig)) {
     if (!sendSdkMcpMessage) {
@@ -211123,7 +211460,7 @@ function isEnabled(funcDecl, mcpServerName, mcpServerConfig) {
   }
   return !includeTools || includeTools.some((tool) => tool === funcDecl.name || tool.startsWith(`${funcDecl.name}(`));
 }
-var import_shell_quote3, MCP_DEFAULT_TIMEOUT_MSEC, MCPServerStatus, MCPDiscoveryState, McpClient, serverStatuses, mcpDiscoveryState, statusChangeListeners;
+var import_shell_quote3, MCP_DEFAULT_TIMEOUT_MSEC, MCPServerStatus, MCPDiscoveryState, McpClient, serverStatuses, mcpDiscoveryState, mcpServerRequiresOAuth, statusChangeListeners;
 var init_mcp_client = __esm({
   "packages/core/dist/src/tools/mcp-client.js"() {
     "use strict";
@@ -211255,15 +211592,6 @@ var init_mcp_client = __esm({
       getStatus() {
         return this.status;
       }
-      async readResource(uri, options2) {
-        if (this.status !== MCPServerStatus.CONNECTED) {
-          throw new Error("Client is not connected.");
-        }
-        if (this.client.getServerCapabilities()?.resources == null) {
-          throw new Error("MCP server does not support resources.");
-        }
-        return this.client.request({ method: "resources/read", params: { uri } }, ReadResourceResultSchema, options2);
-      }
       updateStatus(status) {
         this.status = status;
         updateMCPServerStatus(this.serverName, status);
@@ -211280,14 +211608,21 @@ var init_mcp_client = __esm({
     };
     serverStatuses = /* @__PURE__ */ new Map();
     mcpDiscoveryState = MCPDiscoveryState.NOT_STARTED;
+    mcpServerRequiresOAuth = /* @__PURE__ */ new Map();
     statusChangeListeners = [];
     __name(updateMCPServerStatus, "updateMCPServerStatus");
     __name(getMCPServerStatus, "getMCPServerStatus");
     __name(getMCPDiscoveryState, "getMCPDiscoveryState");
+    __name(extractWWWAuthenticateHeader, "extractWWWAuthenticateHeader");
+    __name(handleAutomaticOAuth, "handleAutomaticOAuth");
+    __name(createTransportWithOAuth, "createTransportWithOAuth");
     __name(populateMcpServerCommand, "populateMcpServerCommand");
+    __name(connectAndDiscover, "connectAndDiscover");
     __name(discoverTools, "discoverTools");
     __name(discoverPrompts, "discoverPrompts");
     __name(invokeMcpPrompt, "invokeMcpPrompt");
+    __name(hasNetworkTransport, "hasNetworkTransport");
+    __name(connectToMcpServer, "connectToMcpServer");
     __name(createTransport, "createTransport");
     __name(isEnabled, "isEnabled");
   }
@@ -211348,42 +211683,6 @@ var init_mcp_client_manager = __esm({
         await Promise.all(discoveryPromises);
         this.discoveryState = MCPDiscoveryState.COMPLETED;
       }
-      /**
-       * Connects to a single MCP server and discovers its tools/prompts.
-       * The connected client is tracked so it can be closed by {@link stop}.
-       *
-       * This is primarily used for on-demand re-discovery flows (e.g. after OAuth).
-       */
-      async discoverMcpToolsForServer(serverName, cliConfig) {
-        const servers = populateMcpServerCommand(this.cliConfig.getMcpServers() || {}, this.cliConfig.getMcpServerCommand());
-        const serverConfig = servers[serverName];
-        if (!serverConfig) {
-          return;
-        }
-        const existingClient = this.clients.get(serverName);
-        if (existingClient) {
-          try {
-            await existingClient.disconnect();
-          } catch (error2) {
-            console.error(`Error stopping client '${serverName}': ${getErrorMessage(error2)}`);
-          } finally {
-            this.clients.delete(serverName);
-            this.eventEmitter?.emit("mcp-client-update", this.clients);
-          }
-        }
-        const sdkCallback = isSdkMcpServerConfig(serverConfig) ? this.sendSdkMcpMessage : void 0;
-        const client = new McpClient(serverName, serverConfig, this.toolRegistry, this.cliConfig.getPromptRegistry(), this.cliConfig.getWorkspaceContext(), this.cliConfig.getDebugMode(), sdkCallback);
-        this.clients.set(serverName, client);
-        this.eventEmitter?.emit("mcp-client-update", this.clients);
-        try {
-          await client.connect();
-          await client.discover(cliConfig);
-        } catch (error2) {
-          console.error(`Error during discovery for server '${serverName}': ${getErrorMessage(error2)}`);
-        } finally {
-          this.eventEmitter?.emit("mcp-client-update", this.clients);
-        }
-      }
       /**
        * Stops all running local MCP servers and closes all client connections.
        * This is the cleanup method to be called on application exit.
@@ -211402,24 +211701,6 @@ var init_mcp_client_manager = __esm({
       getDiscoveryState() {
         return this.discoveryState;
       }
-      async readResource(serverName, uri, options2) {
-        let client = this.clients.get(serverName);
-        if (!client) {
-          const servers = populateMcpServerCommand(this.cliConfig.getMcpServers() || {}, this.cliConfig.getMcpServerCommand());
-          const serverConfig = servers[serverName];
-          if (!serverConfig) {
-            throw new Error(`MCP server '${serverName}' is not configured.`);
-          }
-          const sdkCallback = isSdkMcpServerConfig(serverConfig) ? this.sendSdkMcpMessage : void 0;
-          client = new McpClient(serverName, serverConfig, this.toolRegistry, this.cliConfig.getPromptRegistry(), this.cliConfig.getWorkspaceContext(), this.cliConfig.getDebugMode(), sdkCallback);
-          this.clients.set(serverName, client);
-          this.eventEmitter?.emit("mcp-client-update", this.clients);
-        }
-        if (client.getStatus() !== MCPServerStatus.CONNECTED) {
-          await client.connect();
-        }
-        return client.readResource(uri, options2);
-      }
     };
   }
 });
@@ -211433,6 +211714,7 @@ var init_tool_registry = __esm({
     "use strict";
     init_esbuild_shims();
     init_tools();
+    init_mcp_client();
     init_mcp_client_manager();
     init_mcp_tool();
     import_shell_quote4 = __toESM(require_shell_quote(), 1);
@@ -211641,7 +211923,11 @@ Signal: Signal number or \`(none)\` if no signal was received.
           }
         }
         this.config.getPromptRegistry().removePromptsByServer(serverName);
-        await this.mcpClientManager.discoverMcpToolsForServer(serverName, this.config);
+        const mcpServers = this.config.getMcpServers() ?? {};
+        const serverConfig = mcpServers[serverName];
+        if (serverConfig) {
+          await connectAndDiscover(serverName, serverConfig, this, this.config.getPromptRegistry(), this.config.getDebugMode(), this.config.getWorkspaceContext(), this.config);
+        }
       }
       async discoverAndRegisterToolsFromCommand() {
         const discoveryCmd = this.config.getToolDiscoveryCommand();
@@ -211788,23 +212074,6 @@ Signal: Signal number or \`(none)\` if no signal was received.
       getTool(name3) {
         return this.tools.get(name3);
       }
-      async readMcpResource(serverName, uri, options2) {
-        if (!this.config.isTrustedFolder()) {
-          throw new Error("MCP resources are unavailable in untrusted folders.");
-        }
-        return this.mcpClientManager.readResource(serverName, uri, options2);
-      }
-      /**
-       * Stops all MCP clients and cleans up resources.
-       * This method is idempotent and safe to call multiple times.
-       */
-      async stop() {
-        try {
-          await this.mcpClientManager.stop();
-        } catch (error2) {
-          console.error("Error stopping MCP clients:", error2);
-        }
-      }
     };
   }
 });
@@ -217429,7 +217698,7 @@ ${textContent2}
         return `Fetching content from ${this.params.url} and processing with prompt: "${displayPrompt}"`;
       }
       async shouldConfirmExecute() {
-        if (this.config.getApprovalMode() === ApprovalMode.AUTO_EDIT || this.config.getApprovalMode() === ApprovalMode.PLAN) {
+        if (this.config.getApprovalMode() === ApprovalMode.AUTO_EDIT) {
           return false;
         }
         const confirmationDetails = {
@@ -217820,7 +218089,7 @@ var init_web_search = __esm({
         return ` (Searching the web via ${provider})`;
       }
       async shouldConfirmExecute(_abortSignal) {
-        if (this.config.getApprovalMode() === ApprovalMode.AUTO_EDIT || this.config.getApprovalMode() === ApprovalMode.PLAN) {
+        if (this.config.getApprovalMode() === ApprovalMode.AUTO_EDIT) {
           return false;
         }
         const confirmationDetails = {
@@ -220828,8 +221097,8 @@ var init_esm21 = __esm({
         }
         return this._userIgnored(path123, stats);
       }
-      _isntIgnored(path123, stat11) {
-        return !this._isIgnored(path123, stat11);
+      _isntIgnored(path123, stat10) {
+        return !this._isIgnored(path123, stat10);
       }
       /**
        * Provides a set of common helpers and properties relating to symlink handling.
@@ -221133,15 +221402,9 @@ async function loadSkillsFromDir(baseDir) {
     return [];
   }
 }
-function normalizeSkillFileContent(content) {
-  let normalized2 = content.replace(/^\uFEFF/, "");
-  normalized2 = normalized2.replace(/\r\n/g, "\n").replace(/\r/g, "\n");
-  return normalized2;
-}
 function parseSkillContent(content, filePath) {
-  const normalizedContent = normalizeSkillFileContent(content);
-  const frontmatterRegex = /^---\n([\s\S]*?)\n---(?:\n|$)([\s\S]*)$/;
-  const match2 = normalizedContent.match(frontmatterRegex);
+  const frontmatterRegex = /^---\n([\s\S]*?)\n---\n([\s\S]*)$/;
+  const match2 = content.match(frontmatterRegex);
   if (!match2) {
     throw new Error("Invalid format: missing YAML frontmatter");
   }
@@ -221222,7 +221485,6 @@ var init_skill_load = __esm({
     init_yaml_parser();
     SKILL_MANIFEST_FILE = "SKILL.md";
     __name(loadSkillsFromDir, "loadSkillsFromDir");
-    __name(normalizeSkillFileContent, "normalizeSkillFileContent");
     __name(parseSkillContent, "parseSkillContent");
     __name(validateConfig, "validateConfig");
   }
@@ -221233,7 +221495,7 @@ import * as fs45 from "fs/promises";
 import * as fsSync2 from "fs";
 import * as path49 from "path";
 import * as os19 from "os";
-function normalizeSkillFileContent2(content) {
+function normalizeSkillFileContent(content) {
   let normalized2 = content.replace(/^\uFEFF/, "");
   normalized2 = normalized2.replace(/\r\n/g, "\n").replace(/\r/g, "\n");
   return normalized2;
@@ -221445,7 +221707,7 @@ var init_skill_manager = __esm({
        */
       parseSkillContent(content, filePath, level) {
         try {
-          const normalizedContent = normalizeSkillFileContent2(content);
+          const normalizedContent = normalizeSkillFileContent(content);
           const frontmatterRegex = /^---\n([\s\S]*?)\n---(?:\n|$)([\s\S]*)$/;
           const match2 = normalizedContent.match(frontmatterRegex);
           if (!match2) {
@@ -221533,23 +221795,9 @@ var init_skill_manager = __esm({
           const entries = await fs45.readdir(baseDir, { withFileTypes: true });
           const skills = [];
           for (const entry of entries) {
-            const isDirectory = entry.isDirectory();
-            const isSymlink = entry.isSymbolicLink();
-            if (!isDirectory && !isSymlink)
+            if (!entry.isDirectory())
               continue;
             const skillDir = path49.join(baseDir, entry.name);
-            if (isSymlink) {
-              try {
-                const targetStat = await fs45.stat(skillDir);
-                if (!targetStat.isDirectory()) {
-                  console.warn(`Skipping symlink ${entry.name} that does not point to a directory`);
-                  continue;
-                }
-              } catch (error2) {
-                console.warn(`Skipping invalid symlink ${entry.name}: ${error2 instanceof Error ? error2.message : "Unknown error"}`);
-                continue;
-              }
-            }
             const skillManifest = path49.join(skillDir, SKILL_MANIFEST_FILE2);
             try {
               await fs45.access(skillManifest);
@@ -221637,7 +221885,7 @@ var init_skill_manager = __esm({
         }
       }
     };
-    __name(normalizeSkillFileContent2, "normalizeSkillFileContent");
+    __name(normalizeSkillFileContent, "normalizeSkillFileContent");
   }
 });
 
@@ -224913,16 +225161,16 @@ var init_list = __esm({
       let fd;
       try {
         fd = fs48.openSync(file, "r");
-        const stat11 = fs48.fstatSync(fd);
+        const stat10 = fs48.fstatSync(fd);
         const readSize = opt.maxReadSize || 16 * 1024 * 1024;
-        if (stat11.size < readSize) {
-          const buf = Buffer.allocUnsafe(stat11.size);
-          const read3 = fs48.readSync(fd, buf, 0, stat11.size, 0);
+        if (stat10.size < readSize) {
+          const buf = Buffer.allocUnsafe(stat10.size);
+          const read3 = fs48.readSync(fd, buf, 0, stat10.size, 0);
           p2.end(read3 === buf.byteLength ? buf : buf.subarray(0, read3));
         } else {
           let pos2 = 0;
           const buf = Buffer.allocUnsafe(readSize);
-          while (pos2 < stat11.size) {
+          while (pos2 < stat10.size) {
             const bytesRead = fs48.readSync(fd, buf, 0, readSize, pos2);
             if (bytesRead === 0)
               break;
@@ -224947,13 +225195,13 @@ var init_list = __esm({
       const p2 = new Promise((resolve31, reject) => {
         parse14.on("error", reject);
         parse14.on("end", resolve31);
-        fs48.stat(file, (er2, stat11) => {
+        fs48.stat(file, (er2, stat10) => {
           if (er2) {
             reject(er2);
           } else {
             const stream2 = new ReadStream(file, {
               readSize,
-              size: stat11.size
+              size: stat10.size
             });
             stream2.on("error", reject);
             stream2.pipe(parse14);
@@ -225169,21 +225417,21 @@ var init_write_entry = __esm({
         return super.emit(ev, ...data);
       }
       [LSTAT]() {
-        fs49.lstat(this.absolute, (er2, stat11) => {
+        fs49.lstat(this.absolute, (er2, stat10) => {
           if (er2) {
             return this.emit("error", er2);
           }
-          this[ONLSTAT](stat11);
+          this[ONLSTAT](stat10);
         });
       }
-      [ONLSTAT](stat11) {
-        this.statCache.set(this.absolute, stat11);
-        this.stat = stat11;
-        if (!stat11.isFile()) {
-          stat11.size = 0;
+      [ONLSTAT](stat10) {
+        this.statCache.set(this.absolute, stat10);
+        this.stat = stat10;
+        if (!stat10.isFile()) {
+          stat10.size = 0;
         }
-        this.type = getType3(stat11);
-        this.emit("stat", stat11);
+        this.type = getType3(stat10);
+        this.emit("stat", stat10);
         this[PROCESS2]();
       }
       [PROCESS2]() {
@@ -225633,7 +225881,7 @@ var init_write_entry = __esm({
         return this;
       }
     };
-    getType3 = /* @__PURE__ */ __name((stat11) => stat11.isFile() ? "File" : stat11.isDirectory() ? "Directory" : stat11.isSymbolicLink() ? "SymbolicLink" : "Unsupported", "getType");
+    getType3 = /* @__PURE__ */ __name((stat10) => stat10.isFile() ? "File" : stat10.isDirectory() ? "Directory" : stat10.isSymbolicLink() ? "SymbolicLink" : "Unsupported", "getType");
   }
 });
 
@@ -226233,21 +226481,21 @@ var init_pack = __esm({
       [STAT](job) {
         job.pending = true;
         this[JOBS] += 1;
-        const stat11 = this.follow ? "stat" : "lstat";
-        fs50[stat11](job.absolute, (er2, stat12) => {
+        const stat10 = this.follow ? "stat" : "lstat";
+        fs50[stat10](job.absolute, (er2, stat11) => {
           job.pending = false;
           this[JOBS] -= 1;
           if (er2) {
             this.emit("error", er2);
           } else {
-            this[ONSTAT](job, stat12);
+            this[ONSTAT](job, stat11);
           }
         });
       }
-      [ONSTAT](job, stat11) {
-        this.statCache.set(job.absolute, stat11);
-        job.stat = stat11;
-        if (!this.filter(job.path, stat11)) {
+      [ONSTAT](job, stat10) {
+        this.statCache.set(job.absolute, stat10);
+        job.stat = stat10;
+        if (!this.filter(job.path, stat10)) {
           job.ignore = true;
         }
         this[PROCESS3]();
@@ -226429,8 +226677,8 @@ var init_pack = __esm({
       resume() {
       }
       [STAT](job) {
-        const stat11 = this.follow ? "statSync" : "lstatSync";
-        this[ONSTAT](job, fs50[stat11](job.absolute));
+        const stat10 = this.follow ? "statSync" : "lstatSync";
+        this[ONSTAT](job, fs50[stat10](job.absolute));
       }
       [READDIR](job) {
         this[ONREADDIR](job, fs50.readdirSync(job.absolute));
@@ -227730,11 +227978,11 @@ var init_extract = __esm({
     extractFileSync = /* @__PURE__ */ __name((opt) => {
       const u2 = new UnpackSync(opt);
       const file = opt.file;
-      const stat11 = fs55.statSync(file);
+      const stat10 = fs55.statSync(file);
       const readSize = opt.maxReadSize || 16 * 1024 * 1024;
       const stream2 = new ReadStreamSync(file, {
         readSize,
-        size: stat11.size
+        size: stat10.size
       });
       stream2.pipe(u2);
     }, "extractFileSync");
@@ -227745,13 +227993,13 @@ var init_extract = __esm({
       const p2 = new Promise((resolve31, reject) => {
         u2.on("error", reject);
         u2.on("close", resolve31);
-        fs55.stat(file, (er2, stat11) => {
+        fs55.stat(file, (er2, stat10) => {
           if (er2) {
             reject(er2);
           } else {
             const stream2 = new ReadStream(file, {
               readSize,
-              size: stat11.size
+              size: stat10.size
             });
             stream2.on("error", reject);
             stream2.pipe(u2);
@@ -227996,9 +228244,9 @@ var init_update = __esm({
       if (!opt.mtimeCache) {
         opt.mtimeCache = /* @__PURE__ */ new Map();
       }
-      opt.filter = filter4 ? (path123, stat11) => filter4(path123, stat11) && !/* c8 ignore start */
-      ((opt.mtimeCache?.get(path123) ?? stat11.mtime ?? 0) > (stat11.mtime ?? 0)) : (path123, stat11) => !/* c8 ignore start */
-      ((opt.mtimeCache?.get(path123) ?? stat11.mtime ?? 0) > (stat11.mtime ?? 0));
+      opt.filter = filter4 ? (path123, stat10) => filter4(path123, stat10) && !/* c8 ignore start */
+      ((opt.mtimeCache?.get(path123) ?? stat10.mtime ?? 0) > (stat10.mtime ?? 0)) : (path123, stat10) => !/* c8 ignore start */
+      ((opt.mtimeCache?.get(path123) ?? stat10.mtime ?? 0) > (stat10.mtime ?? 0));
     }, "mtimeFilter");
   }
 });
@@ -232675,8 +232923,8 @@ async function collectResources(resourcePaths, pluginRoot, destDir) {
       console.warn(`Resource path not found: ${resolvedPath}`);
       continue;
     }
-    const stat11 = fs60.statSync(resolvedPath);
-    if (stat11.isDirectory()) {
+    const stat10 = fs60.statSync(resolvedPath);
+    if (stat10.isDirectory()) {
       const dirName = path62.basename(resolvedPath);
       const parentDir = path62.dirname(resolvedPath);
       if (dirName === destFolderName && parentDir === pluginRoot) {
@@ -242784,6 +243032,12 @@ var init_config3 = __esm({
       getSessionId() {
         return this.sessionId;
       }
+      /**
+       * Releases resources owned by the config instance.
+       */
+      async shutdown() {
+        this.skillManager?.stopWatching();
+      }
       /**
        * Starts a new session and resets session-scoped services.
        */
@@ -242918,24 +243172,6 @@ var init_config3 = __esm({
       getToolRegistry() {
         return this.toolRegistry;
       }
-      /**
-       * Shuts down the Config and releases all resources.
-       * This method is idempotent and safe to call multiple times.
-       * It handles the case where initialization was not completed.
-       */
-      async shutdown() {
-        if (!this.initialized) {
-          return;
-        }
-        try {
-          this.skillManager?.stopWatching();
-          if (this.toolRegistry) {
-            await this.toolRegistry.stop();
-          }
-        } catch (error2) {
-          console.error("Error during Config shutdown:", error2);
-        }
-      }
       getPromptRegistry() {
         return this.promptRegistry;
       }
@@ -245681,12 +245917,12 @@ var require_resolve_symlink = __commonJS({
       fs_1.default.realpath(path123, (error2, resolvedPath) => {
         if (error2)
           return queue.dequeue(suppressErrors ? null : error2, state);
-        fs_1.default.stat(resolvedPath, (error3, stat11) => {
+        fs_1.default.stat(resolvedPath, (error3, stat10) => {
           if (error3)
             return queue.dequeue(suppressErrors ? null : error3, state);
-          if (stat11.isDirectory() && isRecursive(path123, resolvedPath, state))
+          if (stat10.isDirectory() && isRecursive(path123, resolvedPath, state))
             return queue.dequeue(null, state);
-          callback(stat11, resolvedPath);
+          callback(stat10, resolvedPath);
           queue.dequeue(null, state);
         });
       });
@@ -245696,10 +245932,10 @@ var require_resolve_symlink = __commonJS({
       queue.enqueue();
       try {
         const resolvedPath = fs_1.default.realpathSync(path123);
-        const stat11 = fs_1.default.statSync(resolvedPath);
-        if (stat11.isDirectory() && isRecursive(path123, resolvedPath, state))
+        const stat10 = fs_1.default.statSync(resolvedPath);
+        if (stat10.isDirectory() && isRecursive(path123, resolvedPath, state))
           return;
-        callback(stat11, resolvedPath);
+        callback(stat10, resolvedPath);
       } catch (e4) {
         if (!suppressErrors)
           throw e4;
@@ -246018,8 +246254,8 @@ var require_walker = __commonJS({
             this.walkDirectory(this.state, path123, path123, depth - 1, this.walk);
           } else if (this.resolveSymlink && entry.isSymbolicLink()) {
             let path123 = joinPath.joinPathWithBasePath(entry.name, directoryPath);
-            this.resolveSymlink(path123, this.state, (stat11, resolvedPath) => {
-              if (stat11.isDirectory()) {
+            this.resolveSymlink(path123, this.state, (stat10, resolvedPath) => {
+              if (stat10.isDirectory()) {
                 resolvedPath = (0, utils_1.normalizePath)(resolvedPath, this.state.options);
                 if (exclude && exclude(entry.name, useRealPaths ? resolvedPath : path123 + pathSeparator))
                   return;
@@ -247947,7 +248183,7 @@ var init_skills = __esm({
 import * as fs70 from "node:fs";
 import * as path75 from "node:path";
 import * as https5 from "node:https";
-import { stat as stat7 } from "node:fs/promises";
+import { stat as stat6 } from "node:fs/promises";
 function parseSourceAndPluginName(source2) {
   const urlSchemes = ["http://", "https://", "git@", "sso://"];
   let repoEndIndex = source2.length;
@@ -248072,7 +248308,7 @@ async function parseInstallSource(source2) {
     }
   } else {
     try {
-      await stat7(repo);
+      await stat6(repo);
       installMetadata = {
         source: repo,
         type: "local",
@@ -373092,7 +373328,7 @@ __name(getPackageJson, "getPackageJson");
 // packages/cli/src/utils/version.ts
 async function getCliVersion() {
   const pkgJson = await getPackageJson();
-  return "0.9.0-preview.3";
+  return "0.9.0";
 }
 __name(getCliVersion, "getCliVersion");
 
@@ -380628,7 +380864,7 @@ var formatDuration = /* @__PURE__ */ __name((milliseconds) => {
 
 // packages/cli/src/generated/git-commit.ts
 init_esbuild_shims();
-var GIT_COMMIT_INFO2 = "365cfbdd";
+var GIT_COMMIT_INFO2 = "91997c79";
 
 // packages/cli/src/utils/systemInfo.ts
 async function getNpmVersion() {
@@ -387071,161 +387307,6 @@ function parseAllAtCommands(query) {
   );
 }
 __name(parseAllAtCommands, "parseAllAtCommands");
-function getConfiguredMcpServerNames(config2) {
-  const names = new Set(Object.keys(config2.getMcpServers() ?? {}));
-  if (config2.getMcpServerCommand()) {
-    names.add("mcp");
-  }
-  return names;
-}
-__name(getConfiguredMcpServerNames, "getConfiguredMcpServerNames");
-function normalizeMcpResourceUri(serverName, resource) {
-  if (resource.includes("://")) {
-    return resource;
-  }
-  const cleaned = resource.startsWith("/") ? resource.slice(1) : resource;
-  return `${serverName}://${cleaned}`;
-}
-__name(normalizeMcpResourceUri, "normalizeMcpResourceUri");
-function splitLeadingToken(text) {
-  let i3 = 0;
-  while (i3 < text.length && /\s/.test(text[i3])) {
-    i3++;
-  }
-  if (i3 >= text.length) {
-    return null;
-  }
-  let token2 = "";
-  let inEscape = false;
-  while (i3 < text.length) {
-    const char = text[i3];
-    if (inEscape) {
-      token2 += char;
-      inEscape = false;
-      i3++;
-      continue;
-    }
-    if (char === "\\") {
-      inEscape = true;
-      i3++;
-      continue;
-    }
-    if (/[,\s;!?()[\]{}]/.test(char)) {
-      break;
-    }
-    if (char === ".") {
-      const nextChar = i3 + 1 < text.length ? text[i3 + 1] : "";
-      if (nextChar === "" || /\s/.test(nextChar)) {
-        break;
-      }
-    }
-    token2 += char;
-    i3++;
-  }
-  if (!token2) {
-    return null;
-  }
-  return { token: token2, rest: text.slice(i3) };
-}
-__name(splitLeadingToken, "splitLeadingToken");
-function extractMcpResourceAtReferences(parts, config2) {
-  const configuredServers = getConfiguredMcpServerNames(config2);
-  const refs = [];
-  const merged = [];
-  for (let i3 = 0; i3 < parts.length; i3++) {
-    const part = parts[i3];
-    if (part.type !== "atPath") {
-      merged.push(part);
-      continue;
-    }
-    const atText = part.content;
-    const colonIndex = atText.indexOf(":");
-    if (!atText.startsWith("@") || colonIndex <= 1) {
-      merged.push(part);
-      continue;
-    }
-    const serverName = atText.slice(1, colonIndex);
-    if (!configuredServers.has(serverName)) {
-      merged.push(part);
-      continue;
-    }
-    let resource = atText.slice(colonIndex + 1);
-    if (!resource) {
-      const next = parts[i3 + 1];
-      if (next?.type === "text") {
-        const tokenInfo = splitLeadingToken(next.content);
-        if (tokenInfo) {
-          resource = tokenInfo.token;
-          const remainingText = tokenInfo.rest;
-          parts[i3 + 1] = { type: "text", content: remainingText };
-        }
-      }
-    }
-    if (!resource) {
-      merged.push({ type: "text", content: atText });
-      continue;
-    }
-    const normalizedResource = resource.includes("://") ? resource : resource.startsWith("/") ? resource.slice(1) : resource;
-    const normalizedAtCommand = `@${serverName}:${normalizedResource}`;
-    refs.push({
-      atCommand: normalizedAtCommand,
-      serverName,
-      uri: normalizeMcpResourceUri(serverName, normalizedResource)
-    });
-    merged.push({ type: "atPath", content: normalizedAtCommand });
-  }
-  return {
-    parts: merged.filter(
-      (p2) => !(p2.type === "text" && p2.content.trim() === "")
-    ),
-    refs
-  };
-}
-__name(extractMcpResourceAtReferences, "extractMcpResourceAtReferences");
-function formatMcpResourceContents(raw2, limits) {
-  if (!raw2 || typeof raw2 !== "object") {
-    return "[Error: Invalid MCP resource response]";
-  }
-  const contents = raw2.contents;
-  if (!Array.isArray(contents)) {
-    return "[Error: Invalid MCP resource response]";
-  }
-  const parts = [];
-  for (const item of contents) {
-    if (!item || typeof item !== "object") {
-      continue;
-    }
-    const text = item.text;
-    const blob = item.blob;
-    const mimeType = item.mimeType;
-    if (typeof text === "string") {
-      parts.push(text);
-      continue;
-    }
-    if (typeof blob === "string") {
-      const mimeTypeLabel = typeof mimeType === "string" ? mimeType : "application/octet-stream";
-      parts.push(
-        `[Binary MCP resource omitted (mimeType: ${mimeTypeLabel}, bytes: ${blob.length})]`
-      );
-    }
-  }
-  let combined = parts.join("\n\n");
-  const maxLines = limits.maxLinesPerResource;
-  if (Number.isFinite(maxLines)) {
-    const lines = combined.split("\n");
-    if (lines.length > maxLines) {
-      combined = `${lines.slice(0, maxLines).join("\n")}
-[truncated]`;
-    }
-  }
-  const maxChars = limits.maxCharsPerResource;
-  if (Number.isFinite(maxChars) && combined.length > maxChars) {
-    combined = `${combined.slice(0, maxChars)}
-[truncated]`;
-  }
-  return combined;
-}
-__name(formatMcpResourceContents, "formatMcpResourceContents");
 async function handleAtCommand({
   query,
   config: config2,
@@ -387234,15 +387315,10 @@ async function handleAtCommand({
   messageId: userMessageTimestamp,
   signal
 }) {
-  const parsedParts = parseAllAtCommands(query);
-  const { parts: commandParts, refs: mcpResourceRefs } = extractMcpResourceAtReferences(parsedParts, config2);
-  const mcpAtCommands = new Set(mcpResourceRefs.map((r5) => r5.atCommand));
+  const commandParts = parseAllAtCommands(query);
   const atPathCommandParts = commandParts.filter(
     (part) => part.type === "atPath"
   );
-  const fileAtPathCommandParts = atPathCommandParts.filter(
-    (part) => !mcpAtCommands.has(part.content)
-  );
   if (atPathCommandParts.length === 0) {
     return { processedQuery: [{ text: query }], shouldProceed: true };
   }
@@ -387259,7 +387335,14 @@ async function handleAtCommand({
   const toolRegistry = config2.getToolRegistry();
   const readManyFilesTool = toolRegistry.getTool("read_many_files");
   const globTool = toolRegistry.getTool("glob");
-  for (const atPathPart of fileAtPathCommandParts) {
+  if (!readManyFilesTool) {
+    addItem(
+      { type: "error", text: "Error: read_many_files tool not found." },
+      userMessageTimestamp
+    );
+    return { processedQuery: null, shouldProceed: false };
+  }
+  for (const atPathPart of atPathCommandParts) {
     const originalAtPath = atPathPart.content;
     if (originalAtPath === "@") {
       onDebugMessage(
@@ -387419,7 +387502,7 @@ ${messages.join("\n")}`;
     console.log(message);
     onDebugMessage(message);
   }
-  if (pathSpecsToRead.length === 0 && mcpResourceRefs.length === 0) {
+  if (pathSpecsToRead.length === 0) {
     onDebugMessage("No valid file paths found in @ commands to read.");
     if (initialQueryText === "@" && query.trim() === "@") {
       return { processedQuery: [{ text: query }], shouldProceed: true };
@@ -387432,146 +387515,76 @@ ${messages.join("\n")}`;
     };
   }
   const processedQueryParts = [{ text: initialQueryText }];
-  const toolDisplays = [];
-  if (pathSpecsToRead.length > 0) {
-    if (!readManyFilesTool) {
-      addItem(
-        { type: "error", text: "Error: read_many_files tool not found." },
-        userMessageTimestamp
-      );
-      return { processedQuery: null, shouldProceed: false };
+  const toolArgs = {
+    paths: pathSpecsToRead,
+    file_filtering_options: {
+      respect_git_ignore: respectFileIgnore.respectGitIgnore,
+      respect_qwen_ignore: respectFileIgnore.respectQwenIgnore
     }
-    const toolArgs = {
-      paths: pathSpecsToRead,
-      file_filtering_options: {
-        respect_git_ignore: respectFileIgnore.respectGitIgnore,
-        respect_qwen_ignore: respectFileIgnore.respectQwenIgnore
-      }
-      // Use configuration setting
-    };
-    let invocation = void 0;
-    try {
-      invocation = readManyFilesTool.build(toolArgs);
-      const result = await invocation.execute(signal);
-      toolDisplays.push({
-        callId: `client-read-${userMessageTimestamp}`,
-        name: readManyFilesTool.displayName,
-        description: invocation.getDescription(),
-        status: "Success" /* Success */,
-        resultDisplay: result.returnDisplay || `Successfully read: ${contentLabelsForDisplay.join(", ")}`,
-        confirmationDetails: void 0
+    // Use configuration setting
+  };
+  let toolCallDisplay;
+  let invocation = void 0;
+  try {
+    invocation = readManyFilesTool.build(toolArgs);
+    const result = await invocation.execute(signal);
+    toolCallDisplay = {
+      callId: `client-read-${userMessageTimestamp}`,
+      name: readManyFilesTool.displayName,
+      description: invocation.getDescription(),
+      status: "Success" /* Success */,
+      resultDisplay: result.returnDisplay || `Successfully read: ${contentLabelsForDisplay.join(", ")}`,
+      confirmationDetails: void 0
+    };
+    if (Array.isArray(result.llmContent)) {
+      const fileContentRegex = /^--- (.*?) ---\n\n([\s\S]*?)\n\n$/;
+      processedQueryParts.push({
+        text: "\n--- Content from referenced files ---"
       });
-      if (Array.isArray(result.llmContent)) {
-        const fileContentRegex = /^--- (.*?) ---\n\n([\s\S]*?)\n\n$/;
-        processedQueryParts.push({
-          text: "\n--- Content from referenced files ---"
-        });
-        for (const part of result.llmContent) {
-          if (typeof part === "string") {
-            const match2 = fileContentRegex.exec(part);
-            if (match2) {
-              const filePathSpecInContent = match2[1];
-              const fileActualContent = match2[2].trim();
-              processedQueryParts.push({
-                text: `
+      for (const part of result.llmContent) {
+        if (typeof part === "string") {
+          const match2 = fileContentRegex.exec(part);
+          if (match2) {
+            const filePathSpecInContent = match2[1];
+            const fileActualContent = match2[2].trim();
+            processedQueryParts.push({
+              text: `
 Content from @${filePathSpecInContent}:
 `
-              });
-              processedQueryParts.push({ text: fileActualContent });
-            } else {
-              processedQueryParts.push({ text: part });
-            }
+            });
+            processedQueryParts.push({ text: fileActualContent });
           } else {
-            processedQueryParts.push(part);
+            processedQueryParts.push({ text: part });
           }
+        } else {
+          processedQueryParts.push(part);
         }
-      } else {
-        onDebugMessage(
-          "read_many_files tool returned no content or empty content."
-        );
       }
-    } catch (error2) {
-      toolDisplays.push({
-        callId: `client-read-${userMessageTimestamp}`,
-        name: readManyFilesTool.displayName,
-        description: invocation?.getDescription() ?? "Error attempting to execute tool to read files",
-        status: "Error" /* Error */,
-        resultDisplay: `Error reading files (${contentLabelsForDisplay.join(", ")}): ${getErrorMessage(error2)}`,
-        confirmationDetails: void 0
-      });
-      addItem(
-        { type: "tool_group", tools: toolDisplays },
-        userMessageTimestamp
+    } else {
+      onDebugMessage(
+        "read_many_files tool returned no content or empty content."
       );
-      return { processedQuery: null, shouldProceed: false };
     }
-  }
-  if (mcpResourceRefs.length > 0) {
-    const totalCharLimit = config2.getTruncateToolOutputThreshold();
-    const totalLineLimit = config2.getTruncateToolOutputLines();
-    const maxCharsPerResource = Number.isFinite(totalCharLimit) ? Math.floor(totalCharLimit / Math.max(1, mcpResourceRefs.length)) : Number.POSITIVE_INFINITY;
-    const maxLinesPerResource = Number.isFinite(totalLineLimit) ? Math.floor(totalLineLimit / Math.max(1, mcpResourceRefs.length)) : Number.POSITIVE_INFINITY;
-    processedQueryParts.push({
-      text: "\n--- Content from referenced MCP resources ---"
-    });
-    for (let i3 = 0; i3 < mcpResourceRefs.length; i3++) {
-      const ref = mcpResourceRefs[i3];
-      let resourceResult;
-      try {
-        if (signal.aborted) {
-          const error2 = new Error("MCP resource read aborted");
-          error2.name = "AbortError";
-          throw error2;
-        }
-        resourceResult = await toolRegistry.readMcpResource(
-          ref.serverName,
-          ref.uri,
-          { signal }
-        );
-        toolDisplays.push({
-          callId: `client-mcp-resource-${userMessageTimestamp}-${i3}`,
-          name: "McpResourceRead",
-          description: `Read MCP resource ${ref.uri} (server: ${ref.serverName})`,
-          status: "Success" /* Success */,
-          resultDisplay: `Read: ${ref.uri}`,
-          confirmationDetails: void 0
-        });
-      } catch (error2) {
-        toolDisplays.push({
-          callId: `client-mcp-resource-${userMessageTimestamp}-${i3}`,
-          name: "McpResourceRead",
-          description: `Read MCP resource ${ref.uri} (server: ${ref.serverName})`,
-          status: "Error" /* Error */,
-          resultDisplay: `Error reading MCP resource (${ref.uri}): ${getErrorMessage(error2)}`,
-          confirmationDetails: void 0
-        });
-        addItem(
-          { type: "tool_group", tools: toolDisplays },
-          userMessageTimestamp
-        );
-        return { processedQuery: null, shouldProceed: false };
-      }
-      processedQueryParts.push({
-        text: `
-Content from ${ref.atCommand}:
-`
-      });
-      processedQueryParts.push({
-        text: formatMcpResourceContents(resourceResult, {
-          maxCharsPerResource,
-          maxLinesPerResource
-        })
-      });
-    }
-    processedQueryParts.push({ text: "\n--- End of MCP resource content ---" });
-  }
-  if (toolDisplays.length > 0) {
     addItem(
-      { type: "tool_group", tools: toolDisplays },
+      { type: "tool_group", tools: [toolCallDisplay] },
+      userMessageTimestamp
+    );
+    return { processedQuery: processedQueryParts, shouldProceed: true };
+  } catch (error2) {
+    toolCallDisplay = {
+      callId: `client-read-${userMessageTimestamp}`,
+      name: readManyFilesTool.displayName,
+      description: invocation?.getDescription() ?? "Error attempting to execute tool to read files",
+      status: "Error" /* Error */,
+      resultDisplay: `Error reading files (${contentLabelsForDisplay.join(", ")}): ${getErrorMessage(error2)}`,
+      confirmationDetails: void 0
+    };
+    addItem(
+      { type: "tool_group", tools: [toolCallDisplay] },
       userMessageTimestamp
     );
+    return { processedQuery: null, shouldProceed: false };
   }
-  return { processedQuery: processedQueryParts, shouldProceed: true };
 }
 __name(handleAtCommand, "handleAtCommand");
 
@@ -434273,7 +434286,7 @@ var GeminiAgent = class {
       name: APPROVAL_MODE_INFO[mode].name,
       description: APPROVAL_MODE_INFO[mode].description
     }));
-    const version2 = "0.9.0-preview.3";
+    const version2 = "0.9.0";
     return {
       protocolVersion: PROTOCOL_VERSION,
       agentInfo: {