aui-agent-builder 0.3.90 → 0.3.92

package/dist/commands/validate.js

@@ -1,168 +1,310 @@
 import { jsx as _jsx } from "react/jsx-runtime";
 /**
- * validate command - Validate AUI files against domain schemas (*.dschema.json)
+ * validate command — Validate AUI files against the agent-settings backend.
  *
- * Convention-based mapping:
- *   tools.dschema.json      → tools/*.aui.json (validates the "tool" key)
- *   agent.dschema.json      → agent.aui.json (validates the "agent" or "general_settings" key)
- *   parameters.dschema.json → parameters.aui.json (validates the "parameters" key)
- *   entities.dschema.json   → entities.aui.json (validates the "entities" key)
- *   integrations.dschema.json → integrations.aui.json (validates the "integrations" key)
- *   rules.dschema.json      → rules.aui.json (validates the "rules" key)
+ * ─── HOW THIS COMMAND WORKS NOW ─────────────────────────────────────────
+ *
+ * Validation is performed REMOTELY against
+ *   POST {agent-settings}/v1/agents/{agent_id}/validate
+ *
+ * The CLI reads every `.aui.json` file in the project, assembles the flat
+ * payload the backend expects (general_settings + parameters + entities +
+ * rules + integrations + tools), and forwards it to the backend's
+ * canonical pydantic + cross-reference validator. The response is mapped
+ * back onto local file paths so the existing `ValidateView` can render
+ * the errors/warnings exactly as it did when validation ran locally.
+ *
+ * The previous local implementation (AJV + JS cross-reference checks) is
+ * preserved INLINE BELOW inside the `LEGACY_LOCAL_VALIDATION_*` regions
+ * as a JS comment so we can revive it for offline or backend-down
+ * scenarios without re-deriving the logic from git history. Do not delete
+ * those regions — they are a deliberate fall-back snapshot.
+ *
+ * ─── PUSH FLOW SAFETY ───────────────────────────────────────────────────
+ *
+ * `aui push` invokes `validate(projectRoot)` in its preflight span and
+ * aborts the push (with `ValidationError`) whenever validation returns
+ * false — UNLESS `--force` is set. We preserve that contract here: any
+ * validation error (backend-reported or infra failure) returns false.
+ *
+ *   • Backend says `valid: false`        → return false (push blocked)
+ *   • Backend returns 4xx/5xx            → return false (push blocked)
+ *   • Network/timeout failure            → return false (push blocked)
+ *   • Backend returns `valid: true`      → return true (push proceeds)
+ *
+ * Push-time safety is thus exactly what it was before: a failed
+ * validation never silently lets a push through.
  *
  * Usage: aui validate [path]
  * Options:
  *   --verbose    Show detailed output
+ *   --strict     Reserved (no-op against the remote validator today;
+ *                kept so existing scripts that pass it don't break)
  */
 import * as fs from "fs";
 import * as path from "path";
 import { fileURLToPath } from "url";
-import { execSync } from "child_process";
 import { render } from "ink";
-import AjvModule from "ajv";
-const Ajv = AjvModule.default ?? AjvModule;
 import { glob } from "glob";
-import { findProjectRoot } from "../config/index.js";
-import { parseAuiFile, readAgentFiles, } from "../utils/index.js";
+import { findProjectRoot, loadProjectConfig, loadSession, getConfig, } from "../config/index.js";
+import { parseAuiFile, } from "../utils/index.js";
 import { ValidateView } from "../ui/views/ValidateView.js";
 import { ValidationError } from "../errors/index.js";
 import { isJsonMode, outputJson } from "../utils/json-output.js";
-import { getTracer, SpanStatusCode, setUserContext } from "../telemetry.js";
+import { getTracer, SpanStatusCode, setUserContext, setAgentContext, } from "../telemetry.js";
+import { AUIClient, AUIAPIError } from "../api-client/index.js";
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = path.dirname(__filename);
+/** Schema-version pinned by the backend validator. */
+const VALIDATE_SCHEMA_VERSION = 1;
 /**
- * Tool codes that must never be renamed.
- * If a tool file's original code (derived from filename) is in this list,
- * the code field inside the file must match exactly.
+ * Map a backend section name to the local file name we surface in the UI.
+ * Tools are handled separately — each tool lives in its own file under
+ * `tools/<code>.aui.json` and we resolve the code via the payload index.
  */
-const IMMUTABLE_TOOL_CODES = ["WEB_SEARCH"];
-/**
- * Schema types whose validation issues should be reported as warnings, not errors.
- */
-const WARNING_ONLY_TYPES = new Set(["questions"]);
-/** Map schema type name to the JSON key that holds the data inside the .aui.json file */
-const TYPE_TO_KEY = {
-    tools: "tool",
-    agent: "agent",
-    parameters: "parameters",
-    entities: "entities",
-    integrations: "integrations",
-    rules: "rules",
-    // "knowledge-bases": null,
-    // "knowledge-bases-files": null,
+const SECTION_TO_FILE = {
+    general_settings: "agent.aui.json",
+    parameters: "parameters.aui.json",
+    entities: "entities.aui.json",
+    rules: "rules.aui.json",
+    integrations: "integrations.aui.json",
 };
 /**
- * Discover all *.dschema.json files.
- * Scans bundled dist/schema/ first, then recursively searches the given root
- * for any *.dschema.json files. Later matches override earlier ones (local wins).
+ * Discover all `.aui.json` files (excluding any helper / cache dirs).
+ * Returns absolute paths.
  */
-async function discoverSchemas(searchRoot) {
-    const schemas = new Map();
-    // 1. Bundled schemas (dist/schema/)
-    const bundledDir = path.resolve(__dirname, "..", "schema");
-    if (fs.existsSync(bundledDir)) {
-        for (const file of fs.readdirSync(bundledDir)) {
-            const match = file.match(/^(.+)\.dschema\.json$/);
-            if (match) {
-                schemas.set(match[1], path.join(bundledDir, file));
-            }
-        }
-    }
-    // 2. Scan searchRoot recursively for any *.dschema.json
-    const localFiles = await glob("**/*.dschema.json", {
-        cwd: searchRoot,
+async function discoverAuiFiles(projectRoot) {
+    return glob("**/*.aui.json", {
+        cwd: projectRoot,
         absolute: true,
         ignore: ["node_modules/**", ".aui/**", ".aui-cache/**"],
     });
-    for (const filePath of localFiles) {
-        const base = path.basename(filePath);
-        const match = base.match(/^(.+)\.dschema\.json$/);
-        if (match) {
-            schemas.set(match[1], filePath);
-        }
-    }
-    return schemas;
 }
 /**
- * Find .aui.json files that match a given schema type within the project.
- * - "tools" → tools/*.aui.json
- * - other types → <type>.aui.json
+ * Read every project file and build the flat payload expected by
+ * `POST /v1/agents/{id}/validate`. Returns the payload plus an index
+ * mapping backend section indexes back to local file names so we can
+ * surface accurate file paths in the UI.
+ *
+ * Files that fail to parse are NOT included in the payload — they are
+ * returned in `parseErrors` and surfaced as local validation issues so
+ * the backend doesn't choke on syntactically invalid JSON.
  */
-async function findFilesForType(projectRoot, typeName) {
-    // if (typeName === "knowledge-bases" || typeName === "knowledge-bases-files") {
-    //   return glob("knowledge-hubs/*/kb.json", {
-    //     cwd: projectRoot,
-    //     absolute: true,
-    //     ignore: ["node_modules/**", ".aui/**", ".aui-cache/**"],
-    //   });
-    // }
-    const pattern = typeName === "tools" ? "**/tools/*.aui.json" : `${typeName}*.aui.json`;
-    return glob(pattern, {
-        cwd: projectRoot,
-        absolute: true,
-        ignore: ["node_modules/**", ".aui/**", ".aui-cache/**"],
-    });
+async function buildValidatePayload(projectRoot) {
+    const files = await discoverAuiFiles(projectRoot);
+    const parseErrors = [];
+    const validatedFiles = [];
+    const payload = {
+        schema_version: VALIDATE_SCHEMA_VERSION,
+    };
+    const toolFiles = [];
+    // Sort tool files alphabetically by basename so the payload index is
+    // deterministic between runs (important for diffing & log correlation).
+    const toolFilesAll = [];
+    for (const f of files) {
+        const rel = path.relative(projectRoot, f);
+        if (rel.startsWith("tools/") || rel.startsWith("tools\\")) {
+            toolFilesAll.push(f);
+        }
+    }
+    toolFilesAll.sort();
+    for (const file of files) {
+        const rel = path.relative(projectRoot, file);
+        const parsed = parseAuiFile(file);
+        if (!parsed) {
+            parseErrors.push({
+                type: "error",
+                file: rel,
+                message: "Invalid JSON syntax — file could not be parsed",
+            });
+            continue;
+        }
+        const isToolFile = rel.startsWith("tools/") || rel.startsWith("tools\\");
+        if (isToolFile) {
+            // Handled later via toolFilesAll to keep deterministic index order
+            continue;
+        }
+        if (rel === "agent.aui.json" || parsed.general_settings) {
+            const gs = (parsed.general_settings ?? parsed);
+            payload.general_settings = gs;
+            validatedFiles.push(rel);
+            continue;
+        }
+        if (parsed.parameters && Array.isArray(parsed.parameters)) {
+            payload.parameters = parsed.parameters;
+            validatedFiles.push(rel);
+            continue;
+        }
+        if (parsed.entities && Array.isArray(parsed.entities)) {
+            payload.entities = parsed.entities;
+            validatedFiles.push(rel);
+            continue;
+        }
+        if (parsed.integrations && Array.isArray(parsed.integrations)) {
+            payload.integrations = parsed.integrations;
+            validatedFiles.push(rel);
+            continue;
+        }
+        if (parsed.rules && Array.isArray(parsed.rules)) {
+            payload.rules = parsed.rules;
+            validatedFiles.push(rel);
+            continue;
+        }
+    }
+    // Build tools array preserving deterministic ordering.
+    const tools = [];
+    for (const file of toolFilesAll) {
+        const rel = path.relative(projectRoot, file);
+        const parsed = parseAuiFile(file);
+        if (!parsed) {
+            // Already captured above in parseErrors. Skip to keep array dense.
+            continue;
+        }
+        const toolObj = (parsed.tool ?? parsed);
+        tools.push(toolObj);
+        toolFiles.push(rel);
+        validatedFiles.push(rel);
+    }
+    if (tools.length > 0) {
+        payload.tools = tools;
+    }
+    return {
+        payload,
+        index: {
+            toolFiles,
+            validatedFiles,
+            totalFiles: validatedFiles.length,
+        },
+        parseErrors,
+    };
 }
 /**
- * Convert AJV errors to ValidationIssue format
+ * Convert a single backend `AgentValidateIssue` into the CLI's
+ * `ValidationIssue` shape so existing UI/JSON consumers don't see a new
+ * envelope. `loc` is rendered as a dot-path with bracket indexes for
+ * arrays — matches what FastAPI prints in its docs and what users will
+ * see in their browser's network tab if they ever inspect the endpoint
+ * directly.
  */
-function ajvErrorsToIssues(errors, relativePath, issueType = "error") {
-    if (!errors)
-        return [];
-    return errors.map((err) => ({
-        type: issueType,
-        file: relativePath,
-        path: err.instancePath || "/",
-        message: `${err.instancePath || "/"} ${err.message || "validation error"}${err.params ? ` (${JSON.stringify(err.params)})` : ""}`,
-    }));
+function backendIssueToValidationIssue(issue, file, sectionPath) {
+    const severity = issue.severity === "warning" ? "warning" : "error";
+    const loc = (issue.loc ?? [])
+        .map((p) => (typeof p === "number" ? `[${p}]` : `.${p}`))
+        .join("")
+        .replace(/^\./, "");
+    const fullPath = loc ? `${sectionPath}.${loc}`.replace(/\.\[/g, "[") : sectionPath;
+    const code = issue.code ? `[${issue.code}] ` : "";
+    return {
+        type: severity,
+        file,
+        path: fullPath,
+        message: `${code}${issue.message}${loc ? ` (at ${loc})` : ""}`,
+    };
 }
 /**
- * Patch recursive "When" definitions in a schema so that AJV's anyOf
- * discrimination works correctly.  Without additionalProperties: false on
- * When-type objects, any object (including a Condition with an invalid
- * operation like "equals") silently matches the When branch of anyOf.
+ * Map a per-section result onto local file paths.
+ *
+ * `general_settings` is a single object (no index). All other sections
+ * are arrays where each element carries its own index into the original
+ * payload. Tools additionally need their code looked up via the payload
+ * index because each tool lives in its own file on disk.
  */
-function patchRecursiveWhenDefs(schema) {
-    const defs = schema.$defs;
-    if (!defs)
-        return;
-    for (const [name, def] of Object.entries(defs)) {
-        if (!name.endsWith("When") && !name.endsWith("RuleWhen"))
+function mapResponseToIssues(response, payloadIndex) {
+    const issues = [];
+    // ── general_settings ──
+    const gs = response.general_settings;
+    if (gs) {
+        const file = SECTION_TO_FILE.general_settings;
+        for (const err of gs.errors ?? []) {
+            issues.push(backendIssueToValidationIssue({ ...err, severity: err.severity ?? "error" }, file, "general_settings"));
+        }
+        for (const w of gs.warnings ?? []) {
+            issues.push(backendIssueToValidationIssue({ ...w, severity: w.severity ?? "warning" }, file, "general_settings"));
+        }
+    }
+    // ── array sections (parameters, entities, rules, integrations) ──
+    const arraySections = [
+        ["parameters", "parameters"],
+        ["entities", "entities"],
+        ["rules", "rules"],
+        ["integrations", "integrations"],
+    ];
+    for (const [key, section] of arraySections) {
+        const items = response[key];
+        if (!Array.isArray(items))
             continue;
-        if (def.type === "object" && !("additionalProperties" in def)) {
-            def.additionalProperties = false;
+        const file = SECTION_TO_FILE[section];
+        for (const item of items) {
+            const pathPrefix = `${section}[${item.index}]`;
+            for (const err of item.result.errors ?? []) {
+                issues.push(backendIssueToValidationIssue({ ...err, severity: err.severity ?? "error" }, file, pathPrefix));
+            }
+            for (const w of item.result.warnings ?? []) {
+                issues.push(backendIssueToValidationIssue({ ...w, severity: w.severity ?? "warning" }, file, pathPrefix));
+            }
         }
     }
+    // ── agent_tools (one-file-per-tool) ──
+    const tools = response.agent_tools;
+    if (Array.isArray(tools)) {
+        for (const item of tools) {
+            const toolFile = payloadIndex.toolFiles[item.index] ?? `tools[${item.index}]`;
+            for (const err of item.result.errors ?? []) {
+                issues.push(backendIssueToValidationIssue({ ...err, severity: err.severity ?? "error" }, toolFile, "tool"));
+            }
+            for (const w of item.result.warnings ?? []) {
+                issues.push(backendIssueToValidationIssue({ ...w, severity: w.severity ?? "warning" }, toolFile, "tool"));
+            }
+        }
+    }
+    return issues;
 }
 /**
- * Recursively collect leaf Condition objects from a when clause (which may
- * contain nested all/any/not groups).
+ * Render results into the existing `ValidateView` envelope. We split
+ * issues into `schemaIssues` (issues with a specific path inside a
+ * section, i.e. backend schema validation) and `crossRefIssues` (no
+ * sub-path → cross-section references, the legacy local code's
+ * categorization). This keeps the UI grouping the user already knows.
  */
-function collectConditions(items, out) {
-    for (const item of items) {
-        if (!item || typeof item !== "object")
-            continue;
-        const obj = item;
-        if (obj.method) {
-            out.push(obj);
+function categorizeIssues(issues) {
+    const schemaIssues = [];
+    const crossRefIssues = [];
+    for (const issue of issues) {
+        // Heuristic: backend issues with a non-trivial path go into "schema"
+        // (validator caught a specific field). Issues whose path is the bare
+        // section name represent cross-references the validator surfaces as
+        // "missing reference foo" / "duplicate code bar" — group them as
+        // cross-reference issues so the user sees the same two-section UI
+        // they had with local validation.
+        const path = issue.path ?? "";
+        if (path.includes(".") || path.includes("[")) {
+            schemaIssues.push(issue);
         }
-        for (const key of ["all", "any", "not"]) {
-            if (Array.isArray(obj[key])) {
-                collectConditions(obj[key], out);
-            }
+        else {
+            crossRefIssues.push(issue);
         }
     }
+    return { schemaIssues, crossRefIssues };
 }
 /**
- * Validate AUI configuration files against domain schemas
+ * Validate AUI configuration files against the agent-settings backend.
+ *
+ * Returns `true` only when the backend explicitly reports `valid: true`
+ * with no error-severity issues. Any other outcome (errors, network
+ * failure, missing config) returns `false` so `aui push` blocks the
+ * push unless the user passes `--force`.
  */
 export async function validate(targetPath, options = {}) {
     const tracer = getTracer();
     return tracer.startActiveSpan("aui.validate", async (span) => {
-        setUserContext(span);
+        await setUserContext(span);
         try {
-            const result = await _validate(targetPath, options);
-            span.setStatus({ code: result ? SpanStatusCode.OK : SpanStatusCode.ERROR, message: result ? undefined : "Validation failed" });
+            const result = await _validate(span, targetPath, options);
+            span.setAttribute("validate.result.valid", result);
+            span.setStatus({
+                code: result ? SpanStatusCode.OK : SpanStatusCode.ERROR,
+                message: result ? undefined : "Validation failed",
+            });
             return result;
         }
         catch (error) {
@@ -178,773 +320,286 @@ export async function validate(targetPath, options = {}) {
         }
     });
 }
-async function _validate(targetPath, options = {}) {
+async function _validate(parentSpan, targetPath, options = {}) {
     const projectRoot = targetPath || findProjectRoot() || process.cwd();
+    parentSpan.setAttribute("validate.project_root", projectRoot);
     if (targetPath && !fs.existsSync(targetPath)) {
         throw new ValidationError(`Path does not exist: ${targetPath}`, {
             suggestion: "Provide a valid directory path, or run from an AUI project directory.",
         });
     }
-    // 1. Discover schemas
-    const schemas = await discoverSchemas(projectRoot);
-    const schemaNames = [...schemas.keys()];
-    const issues = [];
-    const validatedFiles = [];
-    let totalFiles = 0;
-    // 2. For each schema, validate matching files
-    for (const [typeName, schemaPath] of schemas) {
-        let schemaData;
-        try {
-            schemaData = JSON.parse(fs.readFileSync(schemaPath, "utf-8"));
-        }
-        catch (e) {
-            issues.push({
-                type: "error",
-                file: path.basename(schemaPath),
-                message: `Failed to parse schema: ${e instanceof Error ? e.message : e}`,
-            });
-            continue;
-        }
-        patchRecursiveWhenDefs(schemaData);
-        const ajv = new Ajv({ allErrors: true, strict: false });
-        let validateFn;
-        try {
-            validateFn = ajv.compile(schemaData);
-        }
-        catch (e) {
-            issues.push({
-                type: "error",
-                file: path.basename(schemaPath),
-                message: `Failed to compile schema: ${e instanceof Error ? e.message : e}`,
-            });
-            continue;
-        }
-        const files = await findFilesForType(projectRoot, typeName);
-        if (files.length === 0) {
-            continue;
-        }
-        const dataKey = TYPE_TO_KEY[typeName];
-        const issueType = WARNING_ONLY_TYPES.has(typeName) ? "warning" : "error";
-        for (const file of files) {
-            totalFiles++;
-            const relativePath = path.relative(projectRoot, file);
-            validatedFiles.push(relativePath);
-            const parsed = parseAuiFile(file);
-            if (!parsed) {
-                issues.push({
-                    type: "error",
-                    file: relativePath,
-                    message: "Invalid JSON syntax",
-                });
-                continue;
-            }
-            const dataToValidate = dataKey && parsed[dataKey] !== undefined ? parsed[dataKey] : parsed;
-            // // Knowledge-hub kb.json files with an empty resources array are valid —
-            // // they represent newly-created or cleared knowledge bases that haven't
-            // // been populated yet.  Skip schema validation for these.
-            // if (
-            //   (typeName === "knowledge-bases" || typeName === "knowledge-bases-files") &&
-            //   Array.isArray((parsed as Record<string, unknown>).resources) &&
-            //   ((parsed as Record<string, unknown>).resources as unknown[]).length === 0
-            // ) {
-            //   continue;
-            // }
-            if (Array.isArray(dataToValidate)) {
-                for (let i = 0; i < dataToValidate.length; i++) {
-                    const valid = validateFn(dataToValidate[i]);
-                    if (!valid) {
-                        issues.push(...ajvErrorsToIssues(validateFn.errors, relativePath, issueType).map((issue) => ({
-                            ...issue,
-                            path: `${dataKey}[${i}]${issue.path === "/" ? "" : issue.path}`,
-                        })));
-                    }
-                }
-            }
-            else {
-                const valid = validateFn(dataToValidate);
-                if (!valid) {
-                    issues.push(...ajvErrorsToIssues(validateFn.errors, relativePath, issueType));
-                }
-            }
-        }
-    }
-    // Mark the boundary between schema and cross-reference issues
-    const schemaIssueCount = issues.length;
-    // 3. Cross-reference: ensure all params in integrations/entities exist in parameters
-    const agentData = await readAgentFiles(projectRoot);
-    // 3a. Rules: if a condition has more than 1 param, operation must be any_has_value or all_has_value
-    const MULTI_PARAM_OPERATIONS = ["any_has_value", "all_has_value"];
-    const rulesRaw = agentData.rules;
-    const rulesList = Array.isArray(rulesRaw)
-        ? rulesRaw
-        : [];
-    for (const rule of rulesList) {
-        const conditions = [];
-        const when = rule.when;
-        if (when) {
-            for (const key of ["all", "any", "not"]) {
-                const items = when[key];
-                if (Array.isArray(items)) {
-                    collectConditions(items, conditions);
-                }
-            }
-        }
-        for (const cond of conditions) {
-            const params = cond.params;
-            const operation = cond.operation;
-            if (params && params.length > 1) {
-                if (operation && !MULTI_PARAM_OPERATIONS.includes(operation)) {
-                    issues.push({
-                        type: "error",
-                        file: "rules.aui.json",
-                        message: `Rule "${rule.code}" has a condition with ${params.length} params [${params.join(", ")}] but operation "${operation}" — when params has more than 1 value, operation must be one of: ${MULTI_PARAM_OPERATIONS.join(", ")}`,
-                    });
-                }
-                if (cond.value !== null && cond.value !== undefined) {
-                    issues.push({
-                        type: "error",
-                        file: "rules.aui.json",
-                        message: `Rule "${rule.code}" has a condition with ${params.length} params [${params.join(", ")}] but value is "${cond.value}" — when params has more than 1 value, value must be null`,
-                    });
-                }
-            }
-        }
-    }
-    // 3b. Tool rules: when with empty combinator (e.g. { all: [] }) should be null
-    const toolFiles = await findFilesForType(projectRoot, "tools");
-    for (const file of toolFiles) {
-        const parsed = parseAuiFile(file);
-        if (!parsed?.tool)
-            continue;
-        const tool = parsed.tool;
-        const relativePath = path.relative(projectRoot, file);
-        for (const section of ["pre", "summary"]) {
-            const ruleSection = tool.rules?.[section];
-            if (!ruleSection)
-                continue;
-            for (const [category, ruleArray] of Object.entries(ruleSection)) {
-                if (!Array.isArray(ruleArray))
-                    continue;
-                for (const rule of ruleArray) {
-                    const r = rule;
-                    // when: null is only allowed in summary rules
-                    if (r.when === null && section !== "summary") {
-                        issues.push({
-                            type: "error",
-                            file: relativePath,
-                            message: `Tool "${tool.code}" has a ${section}.${category} rule with when: null — when: null is only allowed in summary rules. Non-summary rules must have a condition.`,
-                        });
-                        continue;
-                    }
-                    if (r.when && typeof r.when === "object") {
-                        const keys = Object.keys(r.when);
-                        const isEmpty = keys.length === 0 ||
-                            keys.every((k) => {
-                                const v = r.when[k];
-                                return Array.isArray(v) && v.length === 0;
-                            });
-                        if (isEmpty) {
-                            issues.push({
-                                type: "error",
-                                file: relativePath,
-                                message: `Tool "${tool.code}" has a ${section}.${category} rule with an empty "when" clause (e.g. { all: [] }) — ${section === "summary" ? "use when: null instead" : "non-summary rules must have a condition"}`,
-                            });
-                        }
-                    }
-                }
-            }
-        }
-    }
-    // 3c. Immutable tool codes: certain tool codes must not be renamed
-    for (const file of toolFiles) {
-        const parsed = parseAuiFile(file);
-        if (!parsed?.tool)
-            continue;
-        const tool = parsed.tool;
-        const stem = path.basename(file, ".aui.json").toUpperCase();
-        if (IMMUTABLE_TOOL_CODES.includes(stem) && tool.code !== stem) {
-            issues.push({
-                type: "error",
-                file: path.relative(projectRoot, file),
-                message: `Tool code "${tool.code}" was renamed from "${stem}" — this code is immutable and must not be changed`,
-            });
-        }
-    }
-    // ── 0. Duplicate-code rejection ─────────────────────────────────────────
-    //
-    // Each entity-array file (parameters, entities, integrations, rules) keys
-    // its items by `code` (or `name` for entities). The agent-settings backend
-    // treats each code as a unique platform-side ID. If the local file has two
-    // items with the same code, the push layer's git-diff machinery synthesises
-    // a `code[N]` suffix to disambiguate, and `_executePushTask` then issues
-    // PATCH/POST against `parameters/view/code[1]` — which 404s because that
-    // bracket-suffixed code doesn't exist on the platform. The user sees an
-    // opaque "PATCH param user-id[1] failed: 404" with no clue why.
-    //
-    // Catching this at validate-time turns the opaque runtime failure into a
-    // precise, actionable pre-push error pointing at the exact duplicate.
-    // No data corruption risk if missed (push fails loudly, exit non-zero,
-    // baseline correctly held back per Finding B), but the UX is significantly
-    // better when surfaced here.
-    const findDuplicates = (items, keyOf) => {
-        const counts = new Map();
-        for (const item of items ?? []) {
-            const k = keyOf(item);
-            if (!k)
-                continue;
-            counts.set(k, (counts.get(k) ?? 0) + 1);
-        }
-        // Keep only keys that appear more than once.
-        for (const [k, n] of [...counts.entries()]) {
-            if (n < 2)
-                counts.delete(k);
-        }
-        return counts;
-    };
-    const dupParams = findDuplicates(agentData.parameters, (p) => p.code);
-    for (const [code, n] of dupParams) {
-        issues.push({
-            type: "error",
-            file: "parameters.aui.json",
-            message: `Duplicate parameter code "${code}" appears ${n} times — codes must be unique within a file. The push layer can't disambiguate duplicates and would fail with an opaque 404.`,
+    // ── Resolve agent + auth context (required for remote validation) ──
+    const projectConfig = loadProjectConfig(projectRoot);
+    const session = loadSession();
+    const config = getConfig(projectRoot);
+    const agentId = projectConfig?.agent_id || session?.network_id;
+    const accountId = projectConfig?.account_id || config.accountId;
+    const organizationId = projectConfig?.organization_id || config.organizationId;
+    const authToken = config.authToken;
+    // Attach agent-scoped identifiers to the parent span as early as
+    // possible — even if validation fails further down, Logfire shows the
+    // right "which agent/account/org" row.
+    await setAgentContext(parentSpan, {
+        agentId: agentId ?? undefined,
+        agentCode: projectConfig?.agent_code ?? undefined,
+        agentManagementId: projectConfig?.agent_management_id ?? undefined,
+        versionId: projectConfig?.version_id ?? undefined,
+        versionLabel: projectConfig?.version_label ?? undefined,
+        networkId: agentId ?? undefined,
+        accountId: accountId ?? undefined,
+        organizationId: organizationId ?? undefined,
+        networkCategoryId: projectConfig?.network_category_id ?? undefined,
+    });
+    parentSpan.setAttribute("validate.has_project_config", !!projectConfig);
+    parentSpan.setAttribute("validate.has_session", !!session);
+    parentSpan.setAttribute("validate.environment", config.environment);
+    // ── Build the validate payload from local files ──
+    const { payload, index, parseErrors } = await buildValidatePayload(projectRoot);
+    parentSpan.setAttribute("validate.payload.general_settings", !!payload.general_settings);
+    parentSpan.setAttribute("validate.payload.parameters_count", payload.parameters?.length ?? 0);
+    parentSpan.setAttribute("validate.payload.entities_count", payload.entities?.length ?? 0);
+    parentSpan.setAttribute("validate.payload.rules_count", payload.rules?.length ?? 0);
+    parentSpan.setAttribute("validate.payload.integrations_count", payload.integrations?.length ?? 0);
+    parentSpan.setAttribute("validate.payload.tools_count", payload.tools?.length ?? 0);
+    parentSpan.setAttribute("validate.total_files", index.totalFiles);
+    parentSpan.setAttribute("validate.parse_errors", parseErrors.length);
+    // ── Early-exit: nothing to validate ──
+    // An empty directory (or one without any `.aui.json` files) is a no-op
+    // for validate — match the pre-remote-validate behaviour where running
+    // `aui validate` somewhere with nothing to check just printed a clean
+    // "no files" summary and exited 0. Without this guard the remote
+    // pre-check below would error out (no agent_id / no auth) and break
+    // the long-standing UX for the empty-dir smoke test in particular.
+    if (index.totalFiles === 0 &&
+        parseErrors.length === 0 &&
+        !payload.general_settings &&
+        !payload.parameters &&
+        !payload.entities &&
+        !payload.rules &&
+        !payload.integrations &&
+        !payload.tools) {
+        parentSpan.addEvent("validate.no_files_to_validate");
+        return renderAndReturn({
+            projectRoot,
+            issues: [],
+            validatedFiles: [],
+            totalFiles: 0,
+            verbose: options.verbose ?? false,
+            remoteOk: true,
         });
     }
-    const dupEntities = findDuplicates(agentData.entities, (e) => e.name);
-    for (const [name, n] of dupEntities) {
-        issues.push({
-            type: "error",
-            file: "entities.aui.json",
-            message: `Duplicate entity name "${name}" appears ${n} times — names must be unique within entities.aui.json.`,
+    // ── Decide if we can call the remote validator ──
+    // A remote call needs (1) an agent id to address the right validate
+    // endpoint, (2) an auth token, and (3) account+org for the headers
+    // the agent-settings gateway expects. Anything missing → we surface a
+    // clear error rather than silently passing.
+    const missing = [];
+    if (!agentId)
+        missing.push("agent_id (.auirc or session)");
+    if (!authToken)
+        missing.push("auth token (run `aui login`)");
+    if (!accountId)
+        missing.push("account_id");
+    if (!organizationId)
+        missing.push("organization_id");
+    // If we have JSON-syntax parse errors there is no point calling the
+    // remote validator — it can't even read the payload. Render those
+    // and exit early with `valid = false`.
+    if (parseErrors.length > 0) {
+        parentSpan.addEvent("validate.skipped_remote_due_to_parse_errors", {
+            count: parseErrors.length,
+        });
+        return renderAndReturn({
+            projectRoot,
+            issues: parseErrors,
+            validatedFiles: index.validatedFiles,
+            totalFiles: index.totalFiles,
+            verbose: options.verbose ?? false,
+            remoteOk: false,
         });
     }
-    const dupIntegrations = findDuplicates(agentData.integrations, (i) => i.code);
-    for (const [code, n] of dupIntegrations) {
-        issues.push({
+    if (missing.length > 0) {
+        parentSpan.addEvent("validate.missing_remote_context", {
+            missing: missing.join(", "),
+        });
+        const issue = {
             type: "error",
-            file: "integrations.aui.json",
-            message: `Duplicate integration code "${code}" appears ${n} times — codes must be unique within integrations.aui.json.`,
+            file: ".auirc",
+            message: `Cannot run remote validation — missing: ${missing.join(", ")}. ` +
+                "Run `aui import-agent` to link an agent and `aui login` to authenticate.",
+        };
+        return renderAndReturn({
+            projectRoot,
+            issues: [issue],
+            validatedFiles: index.validatedFiles,
+            totalFiles: index.totalFiles,
+            verbose: options.verbose ?? false,
+            remoteOk: false,
         });
     }
-    // Top-level rules.aui.json (constraint rules with `code` field).
-    const topLevelRules = agentData.rules;
-    if (Array.isArray(topLevelRules)) {
-        const dupRules = findDuplicates(topLevelRules, (r) => r.code);
-        for (const [code, n] of dupRules) {
-            issues.push({
-                type: "error",
-                file: "rules.aui.json",
-                message: `Duplicate rule code "${code}" appears ${n} times — rule codes must be unique within rules.aui.json.`,
-            });
-        }
-    }
-    // Tool-internal summary rule arrays (success / fail / missing_info each
-    // contain SummaryRule items with optional `code`). Duplicates here cause
-    // the same diff-machinery confusion if the tool ever moves to per-rule
-    // PATCH semantics, and they're a code-smell either way.
-    for (const tool of agentData.tools || []) {
-        for (const section of ["pre", "summary"]) {
-            const ruleSection = tool.rules?.[section];
-            if (!ruleSection)
-                continue;
-            for (const [category, ruleArray] of Object.entries(ruleSection)) {
-                if (!Array.isArray(ruleArray))
-                    continue;
-                const dupToolRules = findDuplicates(ruleArray, (r) => r.code);
-                for (const [code, n] of dupToolRules) {
-                    issues.push({
-                        type: "error",
-                        file: `tools/${tool.code}.aui.json`,
-                        message: `Tool "${tool.code}" has duplicate ${section}.${category} rule code "${code}" appears ${n} times — rule codes must be unique within their array.`,
-                    });
-                }
-            }
-        }
-    }
-    const paramCodes = new Set(agentData.parameters?.map((p) => p.code) || []);
-    const integrationCodes = new Set(agentData.integrations?.map((i) => i.code) || []);
-    const entityNames = new Set(agentData.entities?.map((e) => e.name) || []);
-    const toolCodes = new Set(agentData.tools?.map((t) => t.code) || []);
-    // ── 1. Tool → Integration references ──
-    for (const tool of agentData.tools || []) {
-        for (const ref of tool.integrations || []) {
-            if (!integrationCodes.has(ref.code)) {
-                issues.push({
-                    type: "error",
-                    file: `tools/${tool.code}.aui.json`,
-                    message: `Tool "${tool.code}" references integration "${ref.code}" which is not defined in integrations`,
-                });
-            }
-        }
-    }
-    // ── 2. Tool → Parameter references (required/optional) ──
-    for (const tool of agentData.tools || []) {
-        if (tool.config?.params) {
-            for (const req of tool.config.params.required || []) {
-                const codes = Array.isArray(req) ? req : [req];
-                for (const code of codes) {
-                    if (!paramCodes.has(code)) {
-                        issues.push({
-                            type: "error",
-                            file: `tools/${tool.code}.aui.json`,
-                            message: `Tool "${tool.code}" requires parameter "${code}" which is not defined in parameters`,
-                        });
-                    }
-                }
-            }
-            for (const code of tool.config.params.optional || []) {
-                if (!paramCodes.has(code)) {
-                    issues.push({
-                        type: "error",
-                        file: `tools/${tool.code}.aui.json`,
-                        message: `Tool "${tool.code}" references optional parameter "${code}" which is not defined in parameters`,
-                    });
-                }
-            }
-        }
-    }
-    // ── 3. Tool → Entity references (available_context) ──
-    for (const tool of agentData.tools || []) {
-        if (tool.available_context?.entities) {
-            for (const entityName of tool.available_context.entities) {
-                if (!entityNames.has(entityName)) {
-                    issues.push({
-                        type: "error",
-                        file: `tools/${tool.code}.aui.json`,
-                        message: `Tool "${tool.code}" references entity "${entityName}" in available_context which is not defined in entities`,
-                    });
-                }
-            }
-        }
-    }
-    // ── 4. Tool rules → Parameter references (pre/summary then.params) ──
-    for (const tool of agentData.tools || []) {
-        for (const section of ["pre", "summary"]) {
-            const ruleSection = tool.rules?.[section];
-            if (!ruleSection)
-                continue;
-            for (const [category, ruleArray] of Object.entries(ruleSection)) {
-                if (!Array.isArray(ruleArray))
-                    continue;
-                for (const rule of ruleArray) {
-                    const r = rule;
-                    if (r.then?.params?.mandatory) {
-                        for (const p of r.then.params.mandatory) {
-                            if (!paramCodes.has(p)) {
-                                issues.push({
-                                    type: "error",
-                                    file: `tools/${tool.code}.aui.json`,
-                                    message: `Tool "${tool.code}" rule ${section}.${category} references mandatory parameter "${p}" which is not defined in parameters`,
-                                });
-                            }
-                        }
-                    }
-                    if (r.then?.params?.optional) {
-                        for (const p of r.then.params.optional) {
-                            if (!paramCodes.has(p)) {
-                                issues.push({
-                                    type: "error",
-                                    file: `tools/${tool.code}.aui.json`,
-                                    message: `Tool "${tool.code}" rule ${section}.${category} references optional parameter "${p}" which is not defined in parameters`,
-                                });
-                            }
-                        }
-                    }
-                }
-            }
-        }
-    }
-    // ── 5. Global rules → Tool references (applies_to) ──
-    for (const rule of rulesList) {
-        const appliesTo = rule.applies_to;
-        if (appliesTo) {
-            for (const toolCode of appliesTo) {
-                if (!toolCodes.has(toolCode)) {
-                    issues.push({
-                        type: "error",
-                        file: "rules.aui.json",
-                        message: `Rule "${rule.code}" applies_to references tool "${toolCode}" which is not defined in tools`,
-                    });
-                }
-            }
-        }
-    }
-    // ── 6. Global rules → Parameter references (conditions + then.params) ──
-    for (const rule of rulesList) {
-        const ruleCode = (rule.code || rule.description || "unknown");
-        const conditions = [];
-        const when = rule.when;
-        if (when) {
-            for (const key of ["all", "any", "not"]) {
-                const items = when[key];
-                if (Array.isArray(items)) {
-                    collectConditions(items, conditions);
-                }
-            }
-        }
-        for (const cond of conditions) {
-            const condParams = cond.params;
-            if (condParams) {
-                for (const p of condParams) {
-                    if (!paramCodes.has(p)) {
-                        issues.push({
-                            type: "error",
-                            file: "rules.aui.json",
-                            message: `Rule "${ruleCode}" condition references parameter "${p}" which is not defined in parameters`,
-                        });
-                    }
-                }
-            }
-        }
-        const then = rule.then;
-        if (then?.params?.mandatory) {
-            for (const p of then.params.mandatory) {
-                if (!paramCodes.has(p)) {
-                    issues.push({
-                        type: "error",
-                        file: "rules.aui.json",
-                        message: `Rule "${ruleCode}" then.params.mandatory references parameter "${p}" which is not defined in parameters`,
-                    });
-                }
-            }
-        }
-        if (then?.params?.optional) {
-            for (const p of then.params.optional) {
-                if (!paramCodes.has(p)) {
-                    issues.push({
-                        type: "error",
-                        file: "rules.aui.json",
-                        message: `Rule "${ruleCode}" then.params.optional references parameter "${p}" which is not defined in parameters`,
-                    });
-                }
-            }
-        }
-    }
-    // ── Existing validations ──
-    const responseMappingParams = new Set();
-    const requestSchemaParams = new Set();
-    for (const integration of agentData.integrations || []) {
-        const settings = integration.settings;
-        if (!settings)
-            continue;
-        if (settings.request_schema) {
-            for (const field of settings.request_schema) {
-                for (const p of field.params || []) {
-                    requestSchemaParams.add(p);
-                }
-            }
-        }
-        if (settings.response_mapping) {
-            for (const groups of Object.values(settings.response_mapping)) {
-                for (const group of groups) {
-                    for (const mapping of group.mappings || []) {
-                        if (mapping.param) {
-                            responseMappingParams.add(mapping.param);
-                        }
-                    }
-                }
-            }
-        }
-    }
-    // Validate integration code matches kebab-case transformation of name
-    for (const integration of agentData.integrations || []) {
-        if (integration.name) {
-            const expectedCode = integration.name
-                .toLowerCase()
-                .replace(/[\s_]+/g, "-");
-            if (integration.code !== expectedCode) {
-                issues.push({
-                    type: "error",
-                    file: "integrations.aui.json",
-                    message: `Integration "${integration.name}" has code "${integration.code}" but expected "${expectedCode}" (name lowercased with spaces and underscores replaced by dashes)`,
-                });
+    // ── Call remote validation ──
+    const client = new AUIClient({
+        baseUrl: config.apiUrl,
+        authToken: authToken,
+        accountId: accountId,
+        organizationId: organizationId,
+        environment: config.environment,
+    });
+    const tracer = getTracer();
+    let response = null;
+    let remoteError = null;
+    await tracer.startActiveSpan("aui.validate.remote", async (rSpan) => {
+        rSpan.setAttribute("validate.agent_id", agentId);
+        rSpan.setAttribute("validate.account_id", accountId);
+        rSpan.setAttribute("validate.organization_id", organizationId);
+        rSpan.setAttribute("validate.environment", config.environment);
+        rSpan.setAttribute("validate.payload.tools_count", payload.tools?.length ?? 0);
+        rSpan.setAttribute("validate.payload.parameters_count", payload.parameters?.length ?? 0);
+        rSpan.setAttribute("validate.payload.entities_count", payload.entities?.length ?? 0);
+        const startedAt = Date.now();
+        try {
+            response = await client.agentManagement.validateAgent(agentId, payload);
+            rSpan.setAttribute("validate.remote.duration_ms", Date.now() - startedAt);
+            rSpan.setAttribute("validate.remote.valid", response.valid);
+            const errorCount = countIssues(response, "errors");
+            const warningCount = countIssues(response, "warnings");
+            rSpan.setAttribute("validate.remote.error_count", errorCount);
+            rSpan.setAttribute("validate.remote.warning_count", warningCount);
+            rSpan.setStatus({ code: SpanStatusCode.OK });
+        }
+        catch (err) {
+            const msg = err instanceof Error ? err.message : String(err);
+            remoteError = msg;
+            rSpan.setAttribute("validate.remote.duration_ms", Date.now() - startedAt);
+            if (err instanceof AUIAPIError) {
+                rSpan.setAttribute("http.status_code", err.status);
+                rSpan.setAttribute("validate.remote.error_body", typeof err.body === "string" ? err.body : JSON.stringify(err.body ?? null));
             }
+            rSpan.setStatus({ code: SpanStatusCode.ERROR, message: msg });
+            rSpan.recordException(err instanceof Error ? err : new Error(msg));
         }
-    }
-    // ── API integrations must have non-empty response mappings ──
-    for (const integration of agentData.integrations || []) {
-        if (integration.type !== "API" || integration.code === "web-search")
-            continue;
-        const settings = integration.settings;
-        if (!settings)
-            continue;
-        const mapping = settings.response_mapping;
-        const hasMapping = mapping &&
-            typeof mapping === "object" &&
-            Object.values(mapping).some((groups) => Array.isArray(groups) &&
-                groups.some((g) => Array.isArray(g.mappings) && g.mappings.length > 0));
-        if (!hasMapping) {
-            issues.push({
-                type: "error",
-                file: "integrations.aui.json",
-                message: `Integration "${integration.code}" has empty response mappings — API integrations must have at least one response mapping`,
-            });
+        finally {
+            rSpan.end();
         }
-    }
-    // ── test_curl validation: only for added/modified API integrations ──
-    // These are warnings by default, errors only with --strict
-    const curlIssueType = options.strict ? "error" : "warning";
-    // Load the last-committed version of integrations to detect changes
-    let committedIntegrations = new Map();
-    try {
-        const committedRaw = execSync("git show HEAD:integrations.aui.json", {
-            encoding: "utf-8",
-            cwd: projectRoot,
-            stdio: ["pipe", "pipe", "pipe"],
+    });
+    if (!response) {
+        // Remote validation could not be performed. We deliberately treat
+        // this as a hard failure (return false) rather than silently passing
+        // — letting `aui push` proceed against an un-validated bundle would
+        // re-introduce exactly the class of bugs the duplicate-code rejection
+        // and other validate-time checks were added to prevent.
+        parentSpan.setAttribute("validate.remote.failure", remoteError ?? "unknown");
+        const friendly = formatRemoteFailure(remoteError);
+        const issue = {
+            type: "error",
+            file: "(remote validate)",
+            message: friendly,
+        };
+        return renderAndReturn({
+            projectRoot,
+            issues: [issue],
+            validatedFiles: index.validatedFiles,
+            totalFiles: index.totalFiles,
+            verbose: options.verbose ?? false,
+            remoteOk: false,
         });
-        const committedData = JSON.parse(committedRaw);
-        for (const int of committedData.integrations || []) {
-            committedIntegrations.set(int.code, JSON.stringify(int));
-        }
     }
-    catch {
-        // No committed version — all integrations are considered new
+    const responseLocal = response;
+    const remoteIssues = mapResponseToIssues(responseLocal, index);
+    const allIssues = [...parseErrors, ...remoteIssues];
+    parentSpan.setAttribute("validate.result.error_count", allIssues.filter((i) => i.type === "error").length);
+    parentSpan.setAttribute("validate.result.warning_count", allIssues.filter((i) => i.type === "warning").length);
+    return renderAndReturn({
+        projectRoot,
+        issues: allIssues,
+        validatedFiles: index.validatedFiles,
+        totalFiles: index.totalFiles,
+        verbose: options.verbose ?? false,
+        remoteOk: responseLocal.valid && allIssues.every((i) => i.type !== "error"),
+    });
+}
+/** Count issues of a given kind across all sections in the response. */
+function countIssues(response, kind) {
+    let count = 0;
+    const gs = response.general_settings;
+    if (gs)
+        count += (gs[kind] ?? []).length;
+    const arr = (section) => {
+        if (!section)
+            return 0;
+        return section.reduce((s, it) => s + (it.result[kind] ?? []).length, 0);
+    };
+    count += arr(response.parameters);
+    count += arr(response.entities);
+    count += arr(response.rules);
+    count += arr(response.integrations);
+    count += arr(response.agent_tools);
+    return count;
+}
+/**
+ * Build a user-facing message for a remote-validation infra failure so
+ * `aui push` (and a direct `aui validate` call) tells the user exactly
+ * which knob to turn — instead of a raw `validate agent: 502 ...` blob.
+ */
+function formatRemoteFailure(err) {
+    const base = err ?? "remote validation failed for an unknown reason";
+    // The error strings from AUIAPIError always start with "API Error <code>:"
+    // and writeV2-style errors say "<label> failed: <status> ...". Anchor
+    // status-code matching to those prefixes so an agent_id substring like
+    // "593" in the URL never gets misclassified as a 5xx response.
+    const statusMatch = base.match(/API Error (\d{3})/) || base.match(/failed: (\d{3})/);
+    const status = statusMatch ? parseInt(statusMatch[1], 10) : null;
+    if (/timed out/i.test(base) || /timeout/i.test(base)) {
+        return `Remote validation timed out: ${base}. Retry, or use --force on \`aui push\` to bypass validation temporarily.`;
     }
-    for (const integration of agentData.integrations || []) {
-        if (integration.type !== "API" || integration.code === "web-search")
-            continue;
-        const settings = integration.settings;
-        if (!settings)
-            continue;
-        // Skip unchanged integrations
-        const currentStr = JSON.stringify(integration);
-        const committedStr = committedIntegrations.get(integration.code);
-        if (committedStr === currentStr)
-            continue;
-        // test_curl must not be nullish
-        if (!settings.test_curl) {
-            issues.push({
-                type: curlIssueType,
-                file: "integrations.aui.json",
-                message: `Integration "${integration.code}" is missing test_curl — API integrations must have a test_curl command`,
-            });
-            continue;
-        }
-        // test_curl must be a valid curl command
-        const trimmedCurl = settings.test_curl.trim();
-        if (!trimmedCurl.startsWith("curl ") && trimmedCurl !== "curl") {
-            issues.push({
-                type: curlIssueType,
-                file: "integrations.aui.json",
-                message: `Integration "${integration.code}" test_curl must be a valid curl command (must start with "curl")`,
-            });
-            continue;
-        }
-        // test_curl must include the endpoint URL
-        if (settings.endpoint?.url && !trimmedCurl.includes(settings.endpoint.url)) {
-            issues.push({
-                type: curlIssueType,
-                file: "integrations.aui.json",
-                message: `Integration "${integration.code}" test_curl does not include the endpoint URL "${settings.endpoint.url}" — the test_curl should use the same URL as the endpoint`,
-            });
-        }
-        // Execute the test_curl command
-        let curlOutput;
-        try {
-            curlOutput = execSync(settings.test_curl, {
-                encoding: "utf-8",
-                timeout: 30_000,
-                stdio: ["pipe", "pipe", "pipe"],
-            }).trim();
-        }
-        catch (e) {
-            issues.push({
-                type: curlIssueType,
-                file: "integrations.aui.json",
-                message: `Integration "${integration.code}" test_curl failed to execute: ${e instanceof Error ? e.message : e}`,
-            });
-            continue;
-        }
-        // Parse the curl response
-        let curlResponse;
-        try {
-            curlResponse = JSON.parse(curlOutput);
-        }
-        catch {
-            issues.push({
-                type: curlIssueType,
-                file: "integrations.aui.json",
-                message: `Integration "${integration.code}" test_curl response is not valid JSON`,
-            });
-            continue;
-        }
-        // test_curl_response must exist
-        if (settings.test_curl_response === undefined || settings.test_curl_response === null) {
-            issues.push({
-                type: curlIssueType,
-                file: "integrations.aui.json",
-                message: `Integration "${integration.code}" is missing test_curl_response — API integrations must have a test_curl_response to validate against`,
-            });
-            continue;
-        }
-        // Parse test_curl_response if it's a string
-        let testCurlResponse = settings.test_curl_response;
-        if (typeof testCurlResponse === "string") {
-            try {
-                testCurlResponse = JSON.parse(testCurlResponse);
-            }
-            catch {
-                issues.push({
-                    type: curlIssueType,
-                    file: "integrations.aui.json",
-                    message: `Integration "${integration.code}" test_curl_response is a string but not valid JSON`,
-                });
-                continue;
-            }
-        }
-        // Compare test_curl_response schema (keys) and values separately
-        const collectKeysDeep = (obj, prefix = "") => {
-            const keys = new Set();
-            if (Array.isArray(obj)) {
-                keys.add(prefix + "[]");
-                if (obj.length > 0) {
-                    for (const k of collectKeysDeep(obj[0], prefix + "[]."))
-                        keys.add(k);
-                }
-            }
-            else if (obj && typeof obj === "object") {
-                for (const [k, v] of Object.entries(obj)) {
-                    const fullKey = prefix + k;
-                    keys.add(fullKey);
-                    if (v && typeof v === "object") {
-                        for (const nested of collectKeysDeep(v, fullKey + "."))
-                            keys.add(nested);
-                    }
-                }
-            }
-            return keys;
-        };
-        const expectedKeys = collectKeysDeep(testCurlResponse);
-        const actualKeys = collectKeysDeep(curlResponse);
-        const missingKeys = [...expectedKeys].filter((k) => !actualKeys.has(k));
-        const extraKeys = [...actualKeys].filter((k) => !expectedKeys.has(k));
-        if (missingKeys.length > 0 || extraKeys.length > 0) {
-            // Keys/schema are different — error
-            const parts = [];
-            if (missingKeys.length > 0)
-                parts.push(`missing keys: ${missingKeys.join(", ")}`);
-            if (extraKeys.length > 0)
-                parts.push(`unexpected keys: ${extraKeys.join(", ")}`);
-            issues.push({
-                type: curlIssueType,
-                file: "integrations.aui.json",
-                message: `Integration "${integration.code}" test_curl response schema differs from test_curl_response — ${parts.join("; ")}`,
-            });
-        }
-        else {
-            // Keys match but values might differ — warning
-            const expectedStr = JSON.stringify(testCurlResponse);
-            const actualStr = JSON.stringify(curlResponse);
-            if (expectedStr !== actualStr) {
-                issues.push({
-                    type: "warning",
-                    file: "integrations.aui.json",
-                    message: `Integration "${integration.code}" test_curl response values differ from test_curl_response (schema matches but values changed)`,
-                });
-            }
-        }
-        // Cross-reference: mapping keys must be actual keys in the curl response
-        if (settings.response_mapping && curlResponse && typeof curlResponse === "object") {
-            // Collect all keys from the curl response (recursively from first item if array)
-            const collectKeys = (obj) => {
-                const keys = new Set();
-                if (Array.isArray(obj)) {
-                    if (obj.length > 0) {
-                        for (const k of collectKeys(obj[0]))
-                            keys.add(k);
-                    }
-                }
-                else if (obj && typeof obj === "object") {
-                    for (const [k, v] of Object.entries(obj)) {
-                        keys.add(k);
-                        if (v && typeof v === "object") {
-                            for (const nested of collectKeys(v))
-                                keys.add(nested);
-                        }
-                    }
-                }
-                return keys;
-            };
-            const responseKeys = collectKeys(curlResponse);
-            for (const groups of Object.values(settings.response_mapping)) {
-                for (const group of groups) {
-                    for (const mapping of group.mappings || []) {
-                        const mappingKeys = Array.isArray(mapping.key) ? mapping.key : [mapping.key];
-                        for (const k of mappingKeys) {
-                            if (!responseKeys.has(k)) {
-                                issues.push({
-                                    type: curlIssueType,
-                                    file: "integrations.aui.json",
-                                    message: `Integration "${integration.code}" response mapping key "${k}" (param: "${mapping.param}") is not found in the actual curl response`,
-                                });
-                            }
-                        }
-                    }
-                }
-            }
-        }
+    if (/econnrefused|enotfound|network/i.test(base)) {
+        return `Remote validation could not reach the backend: ${base}. Check connectivity; use --force on \`aui push\` if urgent.`;
     }
-    const entityParams = new Set();
-    for (const entity of agentData.entities || []) {
-        for (const p of entity.parameters || []) {
-            entityParams.add(p);
-        }
+    if (status === 401 || /unauthor/i.test(base)) {
+        return `Remote validation rejected the request (auth): ${base}. Run \`aui login\` and try again.`;
     }
-    for (const p of responseMappingParams) {
-        if (!paramCodes.has(p)) {
-            issues.push({
-                type: "error",
-                file: "integrations.aui.json",
-                message: `Integration response mapping references parameter "${p}" which is not defined in parameters`,
-            });
-        }
+    if (status === 404) {
+        return `Remote validation endpoint returned 404: ${base}. Verify .auirc.agent_id matches an existing agent.`;
     }
-    for (const p of requestSchemaParams) {
-        if (!paramCodes.has(p)) {
-            issues.push({
-                type: "error",
-                file: "integrations.aui.json",
-                message: `Integration request schema references parameter "${p}" which is not defined in parameters`,
-            });
-        }
+    if (status === 422) {
+        return `Remote validator could not parse the payload: ${base}.`;
     }
-    for (const p of entityParams) {
-        if (!paramCodes.has(p)) {
-            issues.push({
-                type: "error",
-                file: "entities.aui.json",
-                message: `Entity references parameter "${p}" which is not defined in parameters`,
-            });
-        }
+    if (status !== null && status >= 500 && status < 600) {
+        return `Remote validation backend error (${status}): ${base}. Retry shortly; use --force on \`aui push\` if urgent.`;
     }
-    // Build result and render
-    const schemaIssues = issues.slice(0, schemaIssueCount);
-    const crossRefIssues = issues.slice(schemaIssueCount);
+    return `Remote validation failed: ${base}.`;
+}
+function renderAndReturn(args) {
+    const { schemaIssues, crossRefIssues } = categorizeIssues(args.issues);
     const result = {
-        projectRoot,
-        schemaCount: schemas.size,
-        schemaNames,
-        totalFiles,
-        validatedFiles: [...new Set(validatedFiles)],
+        projectRoot: args.projectRoot,
+        // schemaCount/schemaNames are legacy fields from local AJV validation.
+        // We keep the shape stable but report `1` to mean "the remote schema",
+        // so the UI's "0 schemas / no .dschema.json files" warning never fires.
+        schemaCount: 1,
+        schemaNames: ["remote:agent-settings/v1/validate"],
+        totalFiles: args.totalFiles,
+        validatedFiles: [...new Set(args.validatedFiles)],
         schemaIssues,
         crossRefIssues,
-        verbose: options.verbose ?? false,
+        verbose: args.verbose,
     };
+    const allErrors = args.issues.filter((i) => i.type === "error");
     if (isJsonMode()) {
-        const allErrors = issues.filter((i) => i.type === "error");
         outputJson({
-            valid: allErrors.length === 0,
-            project_root: projectRoot,
-            schemas: schemaNames,
-            total_files: totalFiles,
-            validated_files: [...new Set(validatedFiles)],
+            valid: allErrors.length === 0 && args.remoteOk,
+            project_root: args.projectRoot,
+            remote_ok: args.remoteOk,
+            schemas: result.schemaNames,
+            total_files: args.totalFiles,
+            validated_files: result.validatedFiles,
             schema_issues: schemaIssues,
             cross_ref_issues: crossRefIssues,
             error_count: allErrors.length,
         });
-        return allErrors.length === 0;
+        return allErrors.length === 0 && args.remoteOk;
     }
     render(_jsx(ValidateView, { data: result }));
-    const allErrors = issues.filter((i) => i.type === "error");
-    return allErrors.length === 0;
+    return allErrors.length === 0 && args.remoteOk;
 }
 //# sourceMappingURL=validate.js.map