@slashfi/agents-sdk 0.74.0 → 0.76.0

package/src/config-store.test.ts

@@ -1,8 +1,9 @@
 import { afterAll, beforeAll, describe, expect, test } from "bun:test";
 import {
+  createAdk,
+  createAdkTools,
   createAgentRegistry,
   createAgentServer,
-  createAdk,
   defineAgent,
   defineTool,
 } from "./index";
@@ -458,3 +459,170 @@ describe("ADK ref.call() full auto-refresh flow", () => {
     expect((result as any)?.result?.token).toBe("refreshed-token");
   });
 });
+
+// ─── ADK Config Store: registry proxy routing ───────────────────
+
+describe("ADK registry proxy routing", () => {
+  let proxyServer: AgentServer;
+  let proxyServerAdk: ReturnType<typeof createAdk>;
+  const PROXY_PORT = 19930;
+
+  beforeAll(async () => {
+    // Real server-side adk that the proxy agent operates on. When the
+    // local adk forwards ref ops, they land on this backing store via
+    // the real @config `ref` tool produced by createAdkTools — no mocks.
+    const proxyServerFs = createMemoryFs();
+    proxyServerAdk = createAdk(proxyServerFs);
+    await proxyServerAdk.writeConfig({
+      refs: [
+        {
+          ref: "@gmail",
+          scheme: "mcp",
+          url: "https://gmail.example.com/mcp",
+        },
+      ],
+    });
+
+    // Expose that adk via the same tool surface production uses.
+    const adkTools = createAdkTools({ resolveScope: () => proxyServerAdk });
+    const configAgent = defineAgent({
+      path: "@config",
+      entrypoint: "@config agent for proxy routing tests",
+      tools: adkTools,
+      visibility: "public",
+    });
+
+    const proxyRegistry = createAgentRegistry();
+    proxyRegistry.register(configAgent);
+    proxyServer = createAgentServer(proxyRegistry, {
+      port: PROXY_PORT,
+      // Advertise proxy mode in the MCP initialize response so the
+      // "registry.add auto-detects proxy" test can verify discovery.
+      registry: { version: "1.0", proxy: { mode: "required" } },
+    });
+    await proxyServer.start();
+  });
+
+  afterAll(async () => {
+    await proxyServer.stop();
+  });
+
+  /**
+   * Seed the local consumer config with a ref sourced from the proxy
+   * registry. We bypass ref.add's reachability check because we're
+   * specifically testing how proxying routes around local state.
+   */
+  async function seedLocalRefFromProxy(fs: FsStore, refName: string) {
+    const raw = (await fs.readFile("consumer-config.json")) ?? "{}";
+    const config = JSON.parse(raw);
+    config.refs = [
+      {
+        ref: refName,
+        scheme: "registry",
+        sourceRegistry: {
+          url: `http://localhost:${PROXY_PORT}`,
+          agentPath: refName,
+        },
+      },
+    ];
+    await fs.writeFile("consumer-config.json", JSON.stringify(config));
+  }
+
+  test("ref.authStatus forwards to the real @config on the proxy registry", async () => {
+    const fs = createMemoryFs();
+    const adk = createAdk(fs);
+
+    await adk.registry.add({
+      url: `http://localhost:${PROXY_PORT}`,
+      name: "cloud",
+      proxy: { mode: "required" },
+    });
+    await seedLocalRefFromProxy(fs, "@gmail");
+
+    // The proxy-side adk owns the @gmail ref (no security declared in
+    // its config above) so authStatus should report { complete: true }
+    // with security: null.
+    const status = await adk.ref.authStatus("@gmail");
+    expect(status).toBeDefined();
+    // The remote @config returned something — local adk never saw the ref,
+    // so this would throw "Ref not found" if proxying wasn't wired.
+    expect((status as { name?: string }).name ?? "@gmail").toBe("@gmail");
+  });
+
+  test("ref.auth forwards and returns the remote auth start result", async () => {
+    const fs = createMemoryFs();
+    const adk = createAdk(fs);
+
+    await adk.registry.add({
+      url: `http://localhost:${PROXY_PORT}`,
+      name: "cloud",
+      proxy: { mode: "required" },
+    });
+    await seedLocalRefFromProxy(fs, "@gmail");
+
+    // @gmail on the proxy side has no security schema, so the real
+    // @config.ref tool returns { type: 'none', complete: true }. The
+    // assertion here is that we got *something* back from the remote,
+    // proving the call made a round trip instead of throwing locally.
+    const result = await adk.ref.auth("@gmail");
+    expect(result).toBeDefined();
+    expect((result as { type?: string }).type).toBeDefined();
+  });
+
+  test("registry.add auto-detects proxy from the server's handshake", async () => {
+    const fs = createMemoryFs();
+    const adk = createAdk(fs);
+
+    // Caller passes NO proxy config. The server advertises
+    // `capabilities.registry.proxy: { mode: 'required' }` in its MCP
+    // initialize response (see beforeAll), so registry.add should
+    // auto-populate the RegistryEntry at probe time.
+    await adk.registry.add({
+      url: `http://localhost:${PROXY_PORT}`,
+      name: "cloud-autodetect",
+    });
+
+    const list = await adk.registry.list();
+    const entry = list.find((r) => r.name === "cloud-autodetect");
+    expect(entry?.proxy?.mode).toBe("required");
+  });
+
+  test("explicit proxy on registry.add is not overwritten by auto-detection", async () => {
+    const fs = createMemoryFs();
+    const adk = createAdk(fs);
+
+    // Server advertises required; caller explicitly sets optional. The
+    // caller's choice wins — discovery only fills in blanks.
+    await adk.registry.add({
+      url: `http://localhost:${PROXY_PORT}`,
+      name: "cloud-explicit",
+      proxy: { mode: "optional", agent: "@custom" },
+    });
+
+    const entry = (await adk.registry.list()).find((r) => r.name === "cloud-explicit");
+    expect(entry?.proxy?.mode).toBe("optional");
+    expect(entry?.proxy?.agent).toBe("@custom");
+  });
+
+  test("optional proxy honors preferLocal and skips forwarding", async () => {
+    const fs = createMemoryFs();
+    const adk = createAdk(fs);
+
+    await adk.registry.add({
+      url: `http://localhost:${PROXY_PORT}`,
+      name: "cloud",
+      proxy: { mode: "optional" },
+    });
+    await seedLocalRefFromProxy(fs, "@gmail");
+
+    // With preferLocal:true we should fall through to the local path.
+    // The local adk has no usable config for @gmail, so this path
+    // throws or returns an empty status — either way, we prove we
+    // stayed local by catching and confirming no exception bubbled
+    // with "authorizeUrl" (which only the proxy path returns).
+    const result = await adk.ref
+      .auth("@gmail", { preferLocal: true })
+      .catch((err: Error) => ({ _error: err.message }));
+    expect((result as { authorizeUrl?: string }).authorizeUrl).toBeUndefined();
+  });
+});

package/src/config-store.ts

@@ -20,7 +20,6 @@
 import type { FsStore } from "./agent-definitions/config.js";
 import type {
   ConsumerConfig,
-  ProxyEntry,
   RefEntry,
   RegistryEntry,
   ResolvedRef,
@@ -31,7 +30,8 @@ import type { FetchFn } from "./fetch-types.js";
 import type { Logger } from "./logger.js";
 import { createRegistryConsumer } from "./registry-consumer.js";
 import type {
-  AgentListing,
+  AgentListEntry,
+  AgentInspection,
   RegistryConfiguration,
   RegistryConsumer,
 } from "./registry-consumer.js";
@@ -129,7 +129,7 @@ export interface AdkRegistryApi {
   list(): Promise<RegistryEntry[]>;
   get(name: string): Promise<RegistryEntry | null>;
   update(name: string, updates: Partial<RegistryEntry>): Promise<boolean>;
-  browse(name: string, query?: string): Promise<AgentListing[]>;
+  browse(name: string, query?: string): Promise<AgentListEntry[]>;
   inspect(name: string): Promise<RegistryConfiguration>;
   test(name?: string): Promise<RegistryTestResult[]>;
 }
@@ -217,7 +217,7 @@ export interface AdkRefApi {
   list(): Promise<ResolvedRef[]>;
   get(name: string): Promise<RefEntry | null>;
   update(name: string, updates: Partial<RefEntry>): Promise<boolean>;
-  inspect(name: string, options?: { full?: boolean }): Promise<AgentListing | null>;
+  inspect(name: string, options?: { full?: boolean }): Promise<AgentInspection | null>;
   call: AdkRefCallFn;
   resources(name: string): Promise<CallAgentResponse>;
   read(name: string, uris: string[]): Promise<CallAgentResponse>;
@@ -241,6 +241,12 @@ export interface AdkRefApi {
     stateContext?: Record<string, unknown>;
     /** Additional scopes to request (e.g., optional scopes declared by the agent) */
     scopes?: string[];
+    /**
+     * Opt out of proxy routing when the ref's source registry has
+     * `proxy: { mode: 'optional' }`. Ignored for `mode: 'required'`.
+     * Defaults to `false` — if a registry offers a proxy we use it.
+     */
+    preferLocal?: boolean;
   }): Promise<AuthStartResult>;
   /**
    * Run the full OAuth flow locally: start auth, spin up a callback
@@ -264,14 +270,7 @@ export interface AdkRefApi {
   refreshToken(name: string): Promise<{ accessToken: string } | null>;
 }
 
-export interface AdkProxyApi {
-  add(entry: ProxyEntry): Promise<void>;
-  remove(name: string): Promise<boolean>;
-  list(): Promise<ProxyEntry[]>;
-}
-
 export interface Adk {
-  proxy: AdkProxyApi;
   registry: AdkRegistryApi;
   ref: AdkRefApi;
   readConfig(): Promise<ConsumerConfig>;
@@ -723,6 +722,82 @@ export function createAdk(fs: FsStore, options: AdkOptions = {}): Adk {
     return fallback;
   }
 
+  // ==========================================
+  // Proxy Routing
+  // ==========================================
+
+  /**
+   * Find the configured RegistryEntry for a ref, consulting `sourceRegistry`
+   * first and falling back to the first registry in config. Returns `null` when
+   * the ref is sourced from a raw URL (no registry), in which case proxy routing
+   * does not apply.
+   */
+  async function findRegistryEntryForRef(entry: RefEntry): Promise<RegistryEntry | null> {
+    const sourceUrl = entry.sourceRegistry?.url;
+    if (!sourceUrl) return null;
+    const config = await readConfig();
+    const match = (config.registries ?? []).find((r) => {
+      if (typeof r === "string") return r === sourceUrl;
+      return r.url === sourceUrl;
+    });
+    if (!match || typeof match === "string") return null;
+    return match;
+  }
+
+  /**
+   * Returns the proxy settings for a ref when its source registry has
+   * `proxy` configured. `null` means "run locally".
+   *
+   * Callers pass `{ preferLocal: true }` to opt out of `mode: 'optional'`
+   * proxying when they already hold credentials locally. `mode: 'required'`
+   * cannot be bypassed — the registry owns auth server-side and there is
+   * nothing useful the local SDK can do.
+   */
+  async function resolveProxyForRef(
+    entry: RefEntry,
+    opts?: { preferLocal?: boolean },
+  ): Promise<{ reg: RegistryEntry; agent: string } | null> {
+    const reg = await findRegistryEntryForRef(entry);
+    if (!reg?.proxy) return null;
+    if (reg.proxy.mode === "optional" && opts?.preferLocal) return null;
+    return { reg, agent: reg.proxy.agent ?? "@config" };
+  }
+
+  /**
+   * Forward an `@config ref` operation to the proxy agent on a remote registry.
+   *
+   * The remote side speaks the standard adk-tools surface, so the call shape is
+   * identical to what the local `ref` API would do — the only difference is
+   * that tokens and secrets live server-side. `callRegistry` returns the
+   * standard CallAgentResponse envelope: `{ success: true, result }` on
+   * success or `{ success: false, error }` on failure. We unwrap once and
+   * throw on error so callers get a result that matches the local signature.
+   */
+  async function forwardRefOpToProxy<T>(
+    reg: RegistryEntry,
+    agent: string,
+    operation: string,
+    params: Record<string, unknown>,
+  ): Promise<T> {
+    const consumer = await buildConsumerForRef({ ref: "", sourceRegistry: { url: reg.url, agentPath: agent } } as RefEntry);
+    const resolved = consumer.registries().find((r) => r.url === reg.url);
+    if (!resolved) throw new Error(`Registry ${reg.url} not resolvable for proxy forwarding`);
+
+    const response = await consumer.callRegistry(resolved, {
+      action: "execute_tool",
+      path: agent,
+      tool: "ref",
+      params: { operation, ...params },
+    });
+
+    if (!response.success) {
+      const errResponse = response as { success: false; error?: string; code?: string };
+      const msg = errResponse.error ?? `Proxy ${agent}.ref(${operation}) failed`;
+      throw new Error(msg);
+    }
+    return (response as { success: true; result: unknown }).result as T;
+  }
+
   // ==========================================
   // Registry API
   // ==========================================
@@ -734,7 +809,37 @@ export function createAdk(fs: FsStore, options: AdkOptions = {}): Adk {
       const registries = (config.registries ?? []).filter(
         (r) => registryDisplayName(r) !== alias,
       );
-      registries.push(entry);
+
+      // Probe the registry's MCP initialize response so we can auto-populate
+      // `proxy` when the server advertises it. Users who pass an explicit
+      // `proxy` on the entry always win — discovery only fills in blanks.
+      let final: RegistryEntry = entry;
+      if (!entry.proxy) {
+        try {
+          const probeConsumer = await createRegistryConsumer(
+            { registries: [entry], refs: [] },
+            { token: options.token, fetch: options.fetch },
+          );
+          const resolved = probeConsumer.registries()[0];
+          if (resolved) {
+            const discovered = await probeConsumer.discover(resolved.url);
+            if (discovered.proxy?.mode) {
+              final = {
+                ...entry,
+                proxy: {
+                  mode: discovered.proxy.mode,
+                  ...(discovered.proxy.agent && { agent: discovered.proxy.agent }),
+                },
+              };
+            }
+          }
+        } catch {
+          // Discovery is best-effort — offline, unreachable, or non-adk
+          // registries simply skip proxy auto-configuration.
+        }
+      }
+
+      registries.push(final);
       await writeConfig({ ...config, registries });
     },
 
@@ -777,6 +882,7 @@ export function createAdk(fs: FsStore, options: AdkOptions = {}): Adk {
         if (updates.name) existing.name = updates.name;
         if (updates.auth) existing.auth = updates.auth;
         if (updates.headers) existing.headers = { ...existing.headers, ...updates.headers };
+        if (updates.proxy !== undefined) existing.proxy = updates.proxy;
         return existing;
       });
       if (!found) return false;
@@ -784,7 +890,7 @@ export function createAdk(fs: FsStore, options: AdkOptions = {}): Adk {
       return true;
     },
 
-    async browse(name: string, query?: string): Promise<AgentListing[]> {
+    async browse(name: string, query?: string): Promise<AgentListEntry[]> {
       const consumer = await buildConsumer(name);
       const config = await readConfig();
       const target = findRegistry(config.registries ?? [], name);
@@ -995,7 +1101,7 @@ export function createAdk(fs: FsStore, options: AdkOptions = {}): Adk {
       return true;
     },
 
-    async inspect(name: string, opts?: { full?: boolean }): Promise<AgentListing | null> {
+    async inspect(name: string, opts?: { full?: boolean }): Promise<AgentInspection | null> {
       const config = await readConfig();
       const entry = findRef(config.refs ?? [], name);
       if (!entry) throw new Error(`Ref "${name}" not found`);
@@ -1102,6 +1208,13 @@ export function createAdk(fs: FsStore, options: AdkOptions = {}): Adk {
       const entry = findRef(config.refs ?? [], name);
       if (!entry) throw new Error(`Ref "${name}" not found`);
 
+      // Registry-proxied refs: ask the remote @config for state (secrets live
+      // server-side so local inspection would always return "missing").
+      const proxy = await resolveProxyForRef(entry);
+      if (proxy) {
+        return forwardRefOpToProxy<RefAuthStatus>(proxy.reg, proxy.agent, "auth-status", { name });
+      }
+
       let security: SecuritySchemeSummary | null = null;
       try {
         const consumer = await buildConsumerForRef(entry);
@@ -1228,11 +1341,30 @@ export function createAdk(fs: FsStore, options: AdkOptions = {}): Adk {
       stateContext?: Record<string, unknown>;
       /** Additional scopes to request (e.g., optional scopes declared by the agent) */
       scopes?: string[];
+      /**
+       * Opt out of proxy routing when the ref's source registry has
+       * `proxy: { mode: 'optional' }`. Ignored for `mode: 'required'`.
+       */
+      preferLocal?: boolean;
     }): Promise<AuthStartResult> {
       const config = await readConfig();
       const entry = findRef(config.refs ?? [], name);
       if (!entry) throw new Error(`Ref "${name}" not found`);
 
+      // Registry-proxied auth: forward the start-of-flow to the remote @config
+      // agent. The registry owns the client_id/secret and returns an authorize
+      // URL pointing at the registry's OAuth callback domain, so the user
+      // completes the flow against the registry instead of localhost.
+      const proxy = await resolveProxyForRef(entry, { preferLocal: opts?.preferLocal });
+      if (proxy) {
+        const params: Record<string, unknown> = { name };
+        if (opts?.apiKey !== undefined) params.apiKey = opts.apiKey;
+        if (opts?.credentials) params.credentials = opts.credentials;
+        if (opts?.scopes) params.scopes = opts.scopes;
+        if (opts?.stateContext) params.stateContext = opts.stateContext;
+        return forwardRefOpToProxy<AuthStartResult>(proxy.reg, proxy.agent, "auth", params);
+      }
+
       const status = await ref.authStatus(name);
       const security = status.security;
       const resolve = options.resolveCredentials;
@@ -1487,16 +1619,34 @@ export function createAdk(fs: FsStore, options: AdkOptions = {}): Adk {
       onAuthorizeUrl?: (url: string) => void;
       timeoutMs?: number;
     }): Promise<{ complete: boolean }> {
+      // `ref.auth` is already proxy-aware — for proxied refs it returns
+      // the authorizeUrl that the registry minted against its own
+      // callback domain. Everything below is identical for local and
+      // proxied refs except the last step (polling for the callback),
+      // which only makes sense when we own the redirect URI.
       const result = await ref.auth(name);
-
       if (result.complete) return { complete: true };
 
+      const config = await readConfig();
+      const entry = findRef(config.refs ?? [], name);
+      const proxy = entry ? await resolveProxyForRef(entry) : null;
+
       const port = options.oauthCallbackPort ?? 8919;
       const timeout = opts?.timeoutMs ?? 300_000;
       const { createServer } = await import("node:http");
 
-      // API key / HTTP auth — serve a local credential form
+      // API key / HTTP auth — local credential form.
+      //
+      // We refuse to serve the form for a proxied ref: the registry
+      // owns the credential store, so the user needs to submit via
+      // whatever UI the registry exposes. Supporting this through the
+      // proxy would need a remote form endpoint — out of scope here.
       if (result.fields && result.fields.length > 0 && result.type !== "oauth2") {
+        if (proxy) {
+          throw new Error(
+            `Ref "${name}" is sourced from a proxied registry; submit credentials through ${proxy.agent} instead of a local form.`,
+          );
+        }
         return new Promise<{ complete: boolean }>((resolve, reject) => {
           const server = createServer(async (req, res) => {
             const reqUrl = new URL(req.url ?? "/", `http://localhost:${port}`);
@@ -1563,15 +1713,21 @@ export function createAdk(fs: FsStore, options: AdkOptions = {}): Adk {
         });
       }
 
-      // OAuth2 — open authorize URL and wait for callback
+      // OAuth2 — hand the authorize URL to the caller.
       if (result.type !== "oauth2" || !result.authorizeUrl) {
         throw new Error(`authLocal cannot handle auth type: ${result.type}`);
       }
-
       if (opts?.onAuthorizeUrl) {
         opts.onAuthorizeUrl(result.authorizeUrl);
       }
 
+      // Proxied refs: the registry owns the callback endpoint, so there's
+      // nothing to poll here. Callers poll `ref.authStatus` on their own
+      // schedule once the user finishes the remote consent screen.
+      if (proxy) return { complete: false };
+
+      // Local refs: spin up the callback server on oauthCallbackPort and
+      // block until the OAuth provider redirects back.
       return new Promise<{ complete: boolean }>((resolve, reject) => {
         const server = createServer(async (req, res) => {
           const reqUrl = new URL(req.url ?? "/", `http://localhost:${port}`);
@@ -1613,6 +1769,20 @@ export function createAdk(fs: FsStore, options: AdkOptions = {}): Adk {
     },
 
     async refreshToken(name: string): Promise<{ accessToken: string } | null> {
+      // Registry-proxied refs: the remote @config holds the refresh_token.
+      const entryForProxy = await ref.get(name);
+      if (entryForProxy) {
+        const proxy = await resolveProxyForRef(entryForProxy);
+        if (proxy) {
+          return forwardRefOpToProxy<{ accessToken: string } | null>(
+            proxy.reg,
+            proxy.agent,
+            "refresh-token",
+            { name },
+          );
+        }
+      }
+
       // Read stored refresh_token
       const refreshToken = await readRefSecret(name, "refresh_token");
       if (!refreshToken) return null;
@@ -1696,33 +1866,5 @@ export function createAdk(fs: FsStore, options: AdkOptions = {}): Adk {
     return { refName: pending.refName, complete: true, stateContext };
   }
 
-  // ==========================================
-  // Proxy API
-  // ==========================================
-
-  const proxy: AdkProxyApi = {
-    async add(entry: ProxyEntry): Promise<void> {
-      const config = await readConfig();
-      const proxies = (config.proxies ?? []).filter((p) => p.name !== entry.name);
-      proxies.push(entry);
-      await writeConfig({ ...config, proxies });
-    },
-
-    async remove(name: string): Promise<boolean> {
-      const config = await readConfig();
-      if (!config.proxies?.length) return false;
-      const before = config.proxies.length;
-      const proxies = config.proxies.filter((p) => p.name !== name);
-      if (proxies.length === before) return false;
-      await writeConfig({ ...config, proxies });
-      return true;
-    },
-
-    async list(): Promise<ProxyEntry[]> {
-      const config = await readConfig();
-      return config.proxies ?? [];
-    },
-  };
-
-  return { proxy, registry, ref, readConfig, writeConfig, handleCallback };
+  return { registry, ref, readConfig, writeConfig, handleCallback };
 }

package/src/define-config.ts

@@ -34,6 +34,30 @@ export type RegistryAuth =
   | { type: "api-key"; key?: string; header?: string }
   | { type: "jwt"; issuer?: string };
 
+/**
+ * Proxy configuration for a registry.
+ *
+ * When set, ref operations (`auth`, `auth-status`, `call`, `inspect`,
+ * `resources`, `read`, `refresh-token`) for refs sourced from this
+ * registry are forwarded to a server-side agent that implements the
+ * adk-tools surface. Use this for cloud-hosted registries that own
+ * OAuth client credentials and/or user tokens on behalf of consumers
+ * (e.g. `api.twin.slash.com/mcp`).
+ *
+ * - `mode: 'required'` — all ref ops MUST route through the proxy agent.
+ *   Local handshake (`ref.authLocal`) is refused for refs from this
+ *   registry because the local environment has no way to build an
+ *   authorize URL without the server's client credentials.
+ * - `mode: 'optional'` — proxy is the default; callers may opt out via
+ *   `{ preferLocal: true }` on a per-op basis when they already hold
+ *   local credentials.
+ */
+export interface RegistryProxy {
+  mode: 'required' | 'optional';
+  /** Agent path to forward to. Defaults to `@config`. */
+  agent?: string;
+}
+
 /** A registry endpoint the consumer connects to */
 export interface RegistryEntry {
   /** Registry URL (e.g., 'https://registry.slash.com') */
@@ -53,6 +77,13 @@ export interface RegistryEntry {
 
   /** Connection status — set by validation/test, used to filter active entries */
   status?: 'active' | 'inactive' | 'error';
+
+  /**
+   * If set, ref ops for refs sourced from this registry are forwarded
+   * to a server-side adk-tools agent (default `@config`) instead of
+   * running locally. See {@link RegistryProxy}.
+   */
+  proxy?: RegistryProxy;
 }
 
 // ============================================
@@ -100,35 +131,12 @@ export type RefEntry = {
       status?: 'active' | 'inactive' | 'error';
     };
 
-// ============================================
-// Proxy Config
-// ============================================
-
-/** A proxy target — remote adk server that handles ref/registry operations */
-export interface ProxyEntry {
-  /** Human-readable name */
-  name: string;
-  /** URL of the remote server */
-  url: string;
-  /** Connection type: 'mcp' (direct MCP server) or 'registry' (agent on a registry) */
-  type: 'mcp' | 'registry';
-  /** For type 'registry': the agent path that implements adk tools (e.g. '@config') */
-  agent?: string;
-  /** Auth for connecting to the proxy */
-  auth?: RegistryAuth;
-  /** Whether this is the default proxy when no local refs/registries exist */
-  default?: boolean;
-}
-
 // ============================================
 // Consumer Config
 // ============================================
 
 /** The full consumer configuration */
 export interface ConsumerConfig {
-  /** Remote adk proxies — forward operations to a remote server */
-  proxies?: ProxyEntry[];
-
   /** Registries to connect to, in resolution order */
   registries?: (string | RegistryEntry)[];
 

package/src/index.ts

@@ -306,7 +306,6 @@ export {
 export type {
   RegistryAuth,
   RegistryEntry,
-  ProxyEntry,
   RefConfig,
   RefEntry,
   ConsumerConfig,
@@ -324,6 +323,9 @@ export type {
   RegistryConsumer,
   RegistryConsumerOptions,
   RegistryConfiguration,
+  AgentBase,
+  AgentListEntry,
+  AgentInspection,
   AgentListing,
   SecretResolver,
 } from "./registry-consumer.js";
@@ -424,7 +426,6 @@ export { createAdk } from "./config-store.js";
 export type {
   Adk,
   AdkOptions,
-  AdkProxyApi,
   AdkRegistryApi,
   AdkRefApi,
   AdkAgentRegistry,

package/src/init.ts

@@ -185,7 +185,7 @@ export async function runInit(adk: Adk, targets: SkillTarget[]): Promise<void> {
       if (agents.length > 0) {
         console.log(`\n${agents.length} agent(s) available on ${DEFAULT_REGISTRY_URL}:\n`);
         for (const a of agents) {
-          const toolCount = a.tools?.length ?? 0;
+          const toolCount = a.toolCount ?? 0;
           console.log(`  ${a.path} (${toolCount} tools)`);
           if (a.description) console.log(`    ${a.description.slice(0, 120)}`);
           console.log();