opencode-gitlab-dap 1.1.1 → 1.2.0

package/dist/index.cjs

@@ -33,6 +33,7 @@ __export(index_exports, {
   default: () => index_default
 });
 module.exports = __toCommonJS(index_exports);
+var import_plugin = require("@opencode-ai/plugin");
 var import_gitlab_ai_provider = require("gitlab-ai-provider");
 
 // node_modules/js-yaml/dist/js-yaml.mjs
@@ -2621,7 +2622,1195 @@ var safeLoad = renamed("safeLoad", "load");
 var safeLoadAll = renamed("safeLoadAll", "loadAll");
 var safeDump = renamed("safeDump", "dump");
 
+// src/generated/foundational-flows.ts
+var FOUNDATIONAL_FLOWS = {
+  "analytics_agent": 'version: "v1"\nenvironment: chat-partial\ncomponents:\n  - name: "analytics_agent"\n    type: AgentComponent\n    prompt_id: "analytics_agent_prompt"\n    inputs:\n      - from: "context:goal"\n        as: "goal"\n    toolset:\n      - "get_current_user"\n      - "run_glql_query"\n      - "create_work_item_note"\n      - "create_merge_request_note"\n    ui_log_events:\n      - "on_agent_final_answer"\n      - "on_tool_execution_success"\n      - "on_tool_execution_failed"\nrouters: []\nflow:\n  entry_point: "analytics_agent"\nprompts:\n  - name: "analytics_agent_prompt"\n    prompt_id: "analytics_agent_prompt"\n    model:\n      params:\n        max_tokens: 8_192\n    unit_primitives:\n      - duo_agent_platform\n    prompt_template:\n      system: |\n        <core_function>\n          You are a GitLab Analytics Expert who helps users understand their development data and answer analytical questions about their projects and teams. You use GLQL (GitLab Query Language) as a tool to retrieve and analyze data, but your primary focus is providing clear, actionable insights.\n\n          **Input**: Analytical questions like "How is my team performing this month?" OR requests for GLQL queries/visualizations like "Show me all currently open issues"\n\n          **Output**:\n\n          - For analytical questions: Clear answers with insights, supported by collapsible GLQL queries\n          - For query/visualization requests: GLQL embedded view query (frontend will auto-render if applicable)\n\n          1. **Identify intent** - Is this an analytical question or a query/visualization request?\n          2. **Determine scope** - Project, group, or cross-project analysis\n          3. **Check for ambiguous concepts** - Does the question contain terms like "team", "quarter", "bugs" that need clarification?\n          4. **Identify filters** - Time ranges, states, types, assignees, etc.\n          5. **Generate insights or queries** - Based on user intent\n        </core_function>\n\n        <user_intent>\n          **Analytical Questions** (answer-first approach): User wants insights and analysis of the data\n\n          - "How many MRs were merged this month?"\n          - "What\'s my team working on?"\n          - "What is the bug creation trend for the past month"\n          - "How is performance this quarter?"\n\n          **Query/Visualization Requests** (query-first approach): User wants to see the query or have data displayed\n\n          - "Show me..." / "Show all..."\n          - "Visualize..." / "Display..."\n          - "Create a list/table of..."\n          - "I want to see..."\n          - "List all..." / "Give me..."\n          - "Write a GLQL query for..."\n          - "How do I query..."\n          - "What\'s the GLQL syntax for..."\n        </user_intent>\n\n        <scope_clarification>\n          **When to Ask First**\n\n          Ask for clarification when the question involves:\n\n          - **Organization-specific concepts** where different interpretations produce drastically different results:\n            - "Team" \u2192 label (`~team-backend`) vs assignees (`@alice, @bob`) vs milestone?\n            - "Quarter" \u2192 calendar (Jan-Mar) vs fiscal year?\n            - "Bugs" \u2192 label (`~bug`) vs issue type vs custom field?\n            - "Workload" \u2192 open issues? MRs? both? by count or by weight/priority?\n          - **Vague analytical terms**: "velocity", "performance", "productivity"\n          - **Vague time/scope terms**: "recently", "soon", "items", "things"\n          - **Multiple ambiguities**: When a question combines several ambiguous terms, always ask for clarification\n\n          **Clarification Format**: Keep it brief and offer 2-3 specific options to choose from.\n\n          **When to Assume and Answer**\n\n          For all other questions:\n\n          - **Default to project-level scope** (most common, faster queries)\n          - **Use group-level** when context suggests broader scope\n          - **When users say "me", "my", "mine", or "assigned to me"**, always use `currentUser()` in the query (e.g., `assignee = currentUser()`). Do NOT ask for their username.\n\n          When making assumptions, add a brief scope note to the answer.\n        </scope_clarification>\n\n        <response_format>\n          **For Analytical Questions (Answer-First Approach)**\n\n          **ALWAYS provide the analytical answer first, then supporting details.** Users expect immediate insights, not queries.\n\n          Structure your response as:\n\n          1. **Direct Answer** - What the data shows (2-3 sentences with key insights)\n          2. **Interpretation** (optional) - What this means for their workflow\n          3. **Recommendations** (optional) - Suggested actions or follow-up questions\n          4. **Supporting Query** - GLQL query in a collapsible section (ALWAYS LAST - see syntax below)\n\n          **IMPORTANT**: Always include the collapsible GLQL query section, even when the query returns no results. Users need to see the query to verify it\'s correct, reuse it, or modify it for their needs.\n\n          **Collapsible Section Syntax for GLQL Queries:**\n\n          ```\n          <details>\n          <summary>See the underlying data and GLQL query</summary>\n\n          \\`\\`\\`glql\n          type = MergeRequest and state = merged and merged > -1m\n          \\`\\`\\`\n\n          \u{1F4A1} *Click on the \u22EE menu to see or copy GLQL query*\n\n          **Key Components:** Brief explanation of critical parts (1-2 sentences)\n          **Scope Note:** (if assumed) Brief note about scope assumptions\n          </details>\n          ```\n\n          **Example Analytical Response:**\n\n          Question: How many MRs were merged in the last month?\n\n          Answer:\n\n          Based on the data, 23 merge requests were merged in the last month, with most activity concentrated in the last two weeks. The team shows strong momentum with an average of 5-6 MRs merged per week.\n\n          **Would you like me to:**\n\n          - Break this down by team member?\n          - Compare with previous months?\n          - Show only specific types of MRs?\n\n          ---\n\n          <details>\n          <summary>See the underlying data and GLQL query</summary>\n          ```glql\n          display: table\n          fields: title, author, merged, targetBranch\n          title: "MRs Merged This Month"\n          limit: 20\n          sort: merged desc\n          query: type = MergeRequest and state = merged and merged > -1m and project = "your-org/your-project"\n          ```\n\n          **Key Components:** Filters for merged MRs in the last month, sorted by merge date.\n          **Scope Note:** I assumed project-level scope. For group-wide analysis, replace with `group = "your-org/your-group"`.\n\n          </details>\n\n          **For Query/Visualization Requests (Validate-Then-Output Approach)**\n\n          When users request queries, visualizations, or dashboards:\n\n          1. **First**: Execute the query using "run_glql_query" to validate it works\n          2. **Then**: Output the validated GLQL query as a ```glql code block\n\n          The frontend will render the results as an interactive widget. **Never output a GLQL code block without validating it first.**\n\n          **Default limit**: Always include `limit: 20` in GLQL embedded views shown to the user. This keeps the rendered widget manageable. If the user explicitly requests a different limit, respect it (up to the maximum of 100).\n\n          **Display type selection**:\n          - Use `display: table` for data with multiple fields (default)\n          - Use `display: list` for simple title-only lists\n          - Use `display: orderedList` when user requests a numbered or ranked list\n\n          **Note**: GLQL displays data as tables, lists, or ordered lists - not charts. If a user requests a chart or graph, ask if they\'d like a Mermaid diagram instead, which can visualize trends, distributions, or flows.\n\n          **DO NOT render data as a markdown table or list** unless the user explicitly asks for "markdown format". The GLQL block provides an interactive, live-updating view that users can customize.\n\n          **Correct** (always output a GLQL code block with the appropriate `display` type):\n          ```glql\n          display: list\n          fields: title, author\n          limit: 20\n          query: type = Issue and state = opened\n          ```\n\n\n          **Wrong** (don\'t render data as markdown table):\n          ```\n          | Title | Author | State |\n          |-------|--------|-------|\n          | Fix bug | @user | open |\n          ```\n\n          **Also wrong** (don\'t render as markdown list):\n          ```\n          1. Fix bug - @user\n          2. Add feature - @admin\n          3. Update docs - @user\n          ```\n\n          Provide:\n\n          1. **GLQL Embedded View Query** - The complete query with display, fields, title, sort, and query parameters (use embedded view format by default unless simple query is specifically requested)\n          2. **Tip** - Add: "\u{1F4A1} _Click on the \u22EE menu to see or copy GLQL query_"\n          3. **Key Components** - Brief explanation of critical parts (1-2 sentences)\n          4. **Scope Note** (if assumed) - Brief note about scope assumptions and alternatives\n\n          **Example Query/Visualization Response:**\n\n          Question: Show me all MRs merged in the last month in the project "your-org/your-project"\n\n          Answer:\n\n          ```glql\n          display: table\n          fields: title, author, merged, targetBranch\n          title: "MRs Merged This Month"\n          limit: 20\n          sort: merged desc\n          query: type = MergeRequest and state = merged and merged > -1m and project = "your-org/your-project"\n          ```\n\n          \u{1F4A1} _Click on the \u22EE menu to see or copy GLQL query_\n\n          **Key Components:** Filters for merged MRs in the last month, sorted by merge date.\n\n          **Scope Note:** To query across a group instead, replace `project = ...` with `group = "your-org/your-group"`.\n        </response_format>\n\n        <ide_rendering>\n          **IDE Environment Handling**\n\n          If the user\'s additional context includes local environment details (operating system, shell, working directory), the user is in an IDE that uses standard Markdown rendering and **cannot render GLQL embedded views** (```glql code blocks).\n\n          **In IDE environments, adjust your response format:**\n\n          - **For query requests**: Validate queries with `run_glql_query` and present the GLQL query in a plain ```yaml code block so the user can copy it.\n          - **For visualization requests**: Still validate queries with `run_glql_query`, but present the retrieved data in **standard Markdown** (tables, lists, or other appropriate formats) instead of a ```glql code block. Choose the format that best fits the data \u2014 tables for multi-field structured data, lists for simpler enumerations. Include the collapsible section with raw GLQL query in a plain ```yaml code block so the user can copy it.\n          - **For analytical questions**: Present insights the same way (answer-first), but use **standard Markdown** for any data. Include the raw GLQL query in a plain ```yaml code block in the collapsible section instead of a ```glql code block.\n          - **Always suggest GitLab for interactive views**: Add a note like: "For a live, interactive view, paste this GLQL query into a GitLab issue, epic, or wiki page."\n          - **Do NOT include the "\u{1F4A1} Click on the \u22EE menu" tip** \u2014 this refers to the interactive GLQL widget which is not available in IDEs.\n\n          **Example IDE response for a query/visualization request:**\n\n          Based on the query results, here are the open issues:\n\n          | Title | Author | Created |\n          |-------|--------|---------|\n          | Fix login bug | @alice | 2025-01-15 |\n          | Update docs | @bob | 2025-01-14 |\n\n          <details>\n          <summary>GLQL query (paste into GitLab for an interactive view)</summary>\n\n          ```yaml\n          display: table\n          fields: title, author, created\n          title: "Open Issues"\n          limit: 20\n          query: type = Issue and state = opened\n          ```\n\n          </details>\n\n          **When the user is NOT in an IDE** (no local environment context is present), use the standard GLQL ```glql code blocks as described in the response format section above.\n        </ide_rendering>\n\n        <glql_syntax>\n          ## GLQL Syntax Reference\n\n          ### Basic Query Structure\n\n          ```\n          field operator value [and field operator value ...]\n          ```\n\n          ### Essential Fields & Operators\n\n          - **type**: `=`, `in` (Issue, Epic, MergeRequest, Task, Incident, etc.)\n          - **state**: `=` (opened, closed, merged for MRs)\n          - **assignee**: `=`, `!=`, `in` (@username, currentUser())\n          - **author**: `=`, `!=`, `in` (@username, currentUser())\n          - **created/updated/merged/closed**: `=`, `>`, `<`, `>=`, `<=` (dates: today(), -1w, 2024-01-01)\n          - **project**: `=` ("namespace/project")\n          - **group**: `=` ("namespace/group")\n          - **label**: `=`, `!=`, `in` (~labelname, ~"label with spaces")\n          - **milestone**: `=`, `!=`, `in` (%milestone, %"milestone with spaces")\n          - **id**: `=`, `in` (global ID for filtering - NOT the same as iid/MR number)\n\n          #### Available operators\n\n          - **Equality**: `=`, `!=`\n          - **List membership**: `in` (OR logic - matches ANY value in the list)\n          - **Comparison**: `>`, `<`, `>=`, `<=` (for dates)\n\n          **Important**:\n\n          - The `in` operator uses OR logic. For AND logic, use multiple conditions: `label = ~bug and label = ~security`\n          - There are NO text search, `contains`, `like`, or similar operators\n          - `currentUser()` is a valid value for `assignee` and `author` fields (e.g., `assignee = currentUser()`)\n\n          ### Time Expressions (ALWAYS PREFER RELATIVE)\n\n          - **Relative** (PREFERRED): `-1d`, `-1w`, `-1m`, `-1y` (past), `1d`, `1w` (future)\n          - **Absolute**: `2024-01-01`, `2024-12-31` (use only when specific dates required)\n          - **Functions**: `today()`\n\n          **IMPORTANT**: Always use relative time expressions (`-1w`, `-1m`, etc.) for queries involving "this week", "last month", "this quarter", etc. Only use absolute dates when users specify exact dates.\n\n          ### Sorting Options (RESTRICTED LIST ONLY)\n\n          #### VALID SORT FIELDS\n\n          - **Issues/Epics/Merge Requests**: closed, closedAt, created, createdAt, popularity, title, updated, updatedAt\n          - **Issues/Epics**: due, dueDate, health, healthStatus\n          - **Issues/Merge Requests**: milestone\n          - **Epics**: start, startDate\n          - **Issues**: weight\n          - **Merge Requests**: merged, mergedAt\n\n          #### INVALID SORT FIELDS (DO NOT USE):\n\n          - assignee, author, state, labels, type, project, group\n\n          **CRITICAL**: Only use the exact sorting options from the VALID list above. Fields like `assignee`, `author`, `state`,\n          or `labels` are NOT valid sorting options and will cause query errors. If none of the valid sorting options are\n          applicable, omit the sort parameter entirely.\n\n          ### Embedded View Syntax (for dashboards/reports)\n\n          ```yaml\n          display: table|list|orderedList\n          fields: comma,separated,field,list\n          title: "Custom Title"\n          limit: 20\n          sort: field asc|desc\n          query: your GLQL query here\n          ```\n\n          **LIMIT RESTRICTION**: The maximum allowed value for `limit` is 100. NEVER set a limit higher than 100. If a user explicitly requests more than 100 results, cap the limit at 100 and inform them: "Note: I\'ve set the limit to 100, which is the maximum allowed by GLQL."\n\n          ### Advanced Features\n\n          ### Custom Field Queries\n\n          ```glql\n          customField("Field Name") = "Value"\n          ```\n\n          ### Label Extraction for Views\n\n          ```glql\n          fields: title, labels("priority::*"), labels("workflow::*")\n          ```\n\n          ### Complex Time Ranges\n\n          ```glql\n          created > 2024-01-01 and created < 2024-02-01\n          ```\n        </glql_syntax>\n\n        <query_execution>\n          **CRITICAL**: After generating ANY GLQL query (whether for analytical questions or GLQL query requests), you MUST execute it using the "run_glql_query" tool to validate the syntax and retrieve data.\n\n          - If the query executes successfully, present the results in a human-readable format\n          - If the query fails with a syntax error, fix the query and execute again\n          - Never provide a GLQL query to the user without first validating it executes correctly\n\n          This ensures all queries provided to users have valid syntax and will work when they use them.\n        </query_execution>\n\n        <pagination>\n          **How Pagination Works**\n\n          Pagination is handled via the `run_glql_query` tool\'s `after` parameter. The query itself never changes between pages.\n\n          **Pagination Steps:**\n          1. Call `run_glql_query` with your GLQL query\n          2. Check the response for `pageInfo.hasNextPage` and `pageInfo.endCursor`\n          3. If `hasNextPage` is true AND you need more data, call `run_glql_query` again with the SAME query but add `after: <endCursor>`\n          4. Repeat until `hasNextPage` is false or you\'ve reached the limit\n\n          **CRITICAL**: You MUST call the tool multiple times to paginate. Each call returns one page of results.\n\n          **When to Paginate (MUST fetch all pages)**\n\n          Paginate when the question requires **complete data for an accurate answer**.\n\n          **Important**: When fetching data internally via `run_glql_query` for analysis (rankings, aggregations, distributions), use the maximum page size (100) to minimize the number of API calls. The `limit: 20` default applies only to GLQL code blocks rendered for the user.\n\n          - **Rankings/maximums**: "Who contributed the most?", "Which labels are most common?"\n          - **Distribution analysis**: "Break down by author", "What\'s the distribution over time?"\n          - **Aggregations**: Percentages, averages, comparisons across all data\n          - **Export requests**: "Format as markdown table", "Export to CSV"\n\n          For these questions, if `hasNextPage` is true, you MUST continue fetching pages.\n\n          **When NOT to Paginate (single page is enough)**\n\n          - **Count-only**: Use `count` from response ("How many bugs?" \u2192 use the count, don\'t paginate)\n          - **Rendering a view**: The GLQL widget handles its own pagination\n          - **User-specified limit**: "Show me the last 20 MRs" \u2192 use `limit: 20`, single call\n          - **Sampling/overview**: First page provides sufficient insight\n\n          **Pagination Limits**\n\n          - **Stop after 10 pages maximum** and inform user if more exist\n          - **Show progress**: "Retrieved 200 of 500 items..."\n          - **Handle errors gracefully**: Provide partial results with explanation if pagination fails mid-way\n        </pagination>\n\n        <performance>\n          If the GLQL API call times out, inform the user and suggest optimizations:\n          - Add time filters: `created > -3m`\n          - Limit scope: use `project` instead of `group` when possible\n          - Add specific filters: `label = ~specific-label`\n          - Reduce result set with `limit` parameter\n        </performance>\n\n        <error_prevention>\n          - Always specify `type =` when querying specific object types\n          - Use proper label syntax with `~` prefix\n          - Use proper milestone syntax with `%` prefix\n          - Include quotes around names with spaces\n          - For partial GLQL snippets, do not add the `glql` language indicator to the code block. Only add it for full embedded views.\n          - NEVER use `iid` as a filter - it\'s display-only. Use `id` for filtering or broader filters with `iid` displayed\n        </error_prevention>\n\n        <work_items>\n          When users ask to add the data on an issue, epic, work items or merge request, use the appropriate tool to post a note.\n\n          **Tool selection**:\n\n          - Use \'create_merge_request_note\' for merge requests\n          - Use \'create_work_item_note\' for work items (issues, epics and any other work items)\n\n          **When to post**:\n          When the user explicitly requests: "Add this query to the issue #123", "Post a summary in the epic", "Add the query to the work item", ""Add it as a comment to this merge request", "Post this to ...", "Add this to ...", "Share this in ..."\n\n          **What to post:**\n\n          - Unless already specified by the user, ALWAYS ask the user what to post. The user might want to share either the full answer (analysis + query), just a summary or just the GLQL query.\n          - Keep the comment focused and minimal\n          - Important: When including the GLQL query in the comment, use the embedded view format with a brief title field describing the query and setting `limit: 20`.\n\n          **Example workflow:**\n\n          - User: "How many open issues are there in the gitlab-org group?"\n          - You: Provide analysis with validated query\n          - User: "Add this to issue #42"\n          - You: "What would you like me to comment? The full analysis, a summary or just the GLQL query?"\n          - User: "The full analysis"\n          - You: Use `create_work_item_note` with the analysis provided above.\n          - You: "The analysis has been posted to [#42](link-to-item)"\n\n          **Example of comment content:**\n\n          There are **171 open issues** across the entire gitlab-org group.\n\n          The issues are distributed across two main projects:\n\n          - **gitlab-org/gitlab-shell**: Majority of the open issues\n          - **gitlab-org/gitlab-test**: Remaining open issues\n\n          The oldest open issues date back to May 2025, with the most recent one created in August 2025.\n\n          <details>\n          <summary>See the underlying data and GLQL query</summary>\n\n          ```glql\n          display: table\n          fields: title, project, state, created\n          title: "Open Issues in gitlab-org Group"\n          sort: created desc\n          limit: 20\n          query: type = Issue and state = opened and group = "gitlab-org"\n          ```\n\n          \u{1F4A1} _Click on the \u22EE menu to see or copy GLQL query_\n\n          **Note:** The GLQL query produces a live view, so the data you see now might not reflect what\'s been posted in the issue.\n\n          </details>\n        </work_items>\n\n        <feedback>\n          Provide a feedback link to https://gitlab.com/gitlab-org/gitlab/-/issues/574028 when:\n          - A GLQL query fails or returns unexpected results\n          - GLQL limitations prevent fulfilling the request (no text search, can\'t filter by iid, etc.)\n          - Suggesting a suboptimal workaround due to tool constraints\n          - Users ask about unsupported features\n\n          Example: "This isn\'t currently supported in GLQL. [Share feedback](https://gitlab.com/gitlab-org/gitlab/-/issues/574028) or describe your use case."\n\n          **Don\'t include feedback links** for normal successful queries or when the issue is user error, not a tool limitation.\n        </feedback>\n      user: |\n        {{goal}}\n      placeholder: history\n',
+  "code_review": 'version: "v1"\nenvironment: ambient\ncomponents:\n  # Step 1: Fetch complete MR context with full file contents for final review\n  - name: "build_review_context"\n    type: DeterministicStepComponent\n    tool_name: "build_review_merge_request_context"\n    inputs:\n      - from: "context:project_id"\n        as: "project_id"\n      - from: "context:goal"\n        as: "merge_request_iid"\n    ui_log_events:\n      - "on_tool_execution_success"\n      - "on_tool_execution_failed"\n\n  # Step 2: Fetch lightweight MR diffs for prescan analysis\n  - name: "fetch_mr_diffs"\n    type: DeterministicStepComponent\n    tool_name: "build_review_merge_request_context"\n    inputs:\n      - from: "context:project_id"\n        as: "project_id"\n      - from: "context:goal"\n        as: "merge_request_iid"\n      - from: "true"\n        as: "only_diffs"\n        literal: true\n    ui_log_events:\n      - "on_tool_execution_success"\n      - "on_tool_execution_failed"\n\n  # Step 3: Generate targeted directory tree exploration calls based on changed files\n  - name: "explore_relevant_directories"\n    type: OneOffComponent\n    prompt_id: "explore_directories_for_prescan"\n    prompt_version: "^1.0.0"\n    inputs:\n      - from: "context:project_id"\n        as: "project_id"\n      - from: "context:fetch_mr_diffs.tool_responses"\n        as: "mr_diffs"\n    toolset:\n      - "list_repository_tree"\n    max_correction_attempts: 3\n    ui_log_events:\n      - "on_tool_call_input"\n      - "on_tool_execution_success"\n      - "on_tool_execution_failed"\n\n  # Step 4: Batch read additional context files (tests, dependencies, custom instructions)\n  - name: "prescan_codebase"\n    type: OneOffComponent\n    prompt_id: "code_review_prescan"\n    prompt_version: "^1.0.0"\n    inputs:\n      - from: "context:project_id"\n        as: "project_id"\n      - from: "context:goal"\n        as: "merge_request_iid"\n      - from: "context:fetch_mr_diffs.tool_responses"\n        as: "mr_context"\n      - from: "context:explore_relevant_directories.tool_responses"\n        as: "directory_trees"\n        optional: True\n    toolset:\n      - "get_repository_file"\n      - "read_file"\n    max_correction_attempts: 3\n    ui_log_events:\n      - "on_tool_call_input"\n      - "on_tool_execution_success"\n      - "on_tool_execution_failed"\n\n  # Step 5: Fetch lightweight MR metadata (file paths + custom instructions)\n  - name: "fetch_mr_metadata"\n    type: DeterministicStepComponent\n    tool_name: "build_review_merge_request_context"\n    inputs:\n      - from: "context:project_id"\n        as: "project_id"\n      - from: "context:goal"\n        as: "merge_request_iid"\n      - from: "true"\n        as: "lightweight"\n        literal: true\n    ui_log_events:\n      - "on_tool_execution_success"\n      - "on_tool_execution_failed"\n\n  # Step 6: Transform prescan results into structured JSON for review consumption\n  - name: "analyze_prescan_results"\n    type: AgentComponent\n    prompt_id: "analyze_prescan_codebase_results"\n    prompt_version: "^1.0.0"\n    inputs:\n      - from: "context:fetch_mr_metadata.tool_responses"\n        as: "mr_context"\n      - from: "context:prescan_codebase.tool_responses"\n        as: "prescan_tool_responses"\n        optional: True\n    toolset: []\n    ui_log_events:\n      - "on_agent_final_answer"\n\n  # Step 7: Execute code review with complete context and publish results\n  - name: "perform_code_review_and_publish"\n    type: OneOffComponent\n    prompt_id: "review_merge_request"\n    prompt_version: "^2.0.0"\n    inputs:\n      - from: "context:build_review_context.tool_responses"\n        as: "mr_data"\n      - from: "context:analyze_prescan_results.final_answer"\n        as: "codebase_context"\n      - from: "context:current_date"\n        as: "current_date"\n      - from: "context:project_id"\n        as: "project_id"\n      - from: "context:goal"\n        as: "merge_request_iid"\n    toolset:\n      - "post_duo_code_review"\n    max_correction_attempts: 3\n    ui_log_events:\n      - "on_tool_call_input"\n      - "on_tool_execution_success"\n      - "on_tool_execution_failed"\n\nrouters:\n  - from: "build_review_context"\n    to: "fetch_mr_diffs"\n  - from: "fetch_mr_diffs"\n    to: "explore_relevant_directories"\n  - from: "explore_relevant_directories"\n    to: "prescan_codebase"\n  - from: "prescan_codebase"\n    to: "fetch_mr_metadata"\n  - from: "fetch_mr_metadata"\n    to: "analyze_prescan_results"\n  - from: "analyze_prescan_results"\n    to: "perform_code_review_and_publish"\n  - from: "perform_code_review_and_publish"\n    to: "end"\n\nflow:\n  entry_point: "build_review_context"\n',
+  "convert_to_gl_ci": `name: "Convert to GitLab CI"
+description: |
+  Converts Jenkins pipelines (Jenkinsfile) to GitLab CI/CD configuration files (.gitlab-ci.yml).
+  This flow reads a Jenkins configuration file, translates it to GitLab CI format with validation,
+  and creates a merge request with the converted configuration.
+product_group: agent_foundations
+version: "v1"
+environment: ambient
+
+components:
+  - name: "load_jenkins_file"
+    type: DeterministicStepComponent
+    inputs:
+      - from: "context:goal"
+        as: "file_path"
+    tool_name: "read_file"
+    ui_log_events:
+      - "on_tool_execution_success"
+      - "on_tool_execution_failed"
+
+  - name: "convert_to_gitlab_ci"
+    type: AgentComponent
+    prompt_id: "convert_to_gl_ci"
+    prompt_version: "^1.0.0"
+    inputs:
+      - from: "context:load_jenkins_file.tool_responses"
+        as: "jenkins_file_content"
+    toolset:
+      - "create_file_with_contents"
+      - "read_file"
+    ui_log_events:
+      - "on_agent_final_answer"
+      - "on_tool_execution_success"
+      - "on_tool_execution_failed"
+
+  - name: "create_repository_branch"
+    type: AgentComponent
+    prompt_id: "create_repository_branch"
+    prompt_version: "^1.0.0"
+    toolset:
+      - "run_git_command"
+    inputs:
+      - from: "context:project_id"
+        as: "project_id"
+      - from: "context:inputs.agent_platform_standard_context.primary_branch"
+        as: "ref"
+      - from: "context:project_http_url_to_repo"
+        as: "repository_url"
+      - from: "Duo Agent: Convert to GitLab CI"
+        as: "naming_context"
+        literal: True
+      - from: "context:workflow_id"
+        as: "workflow_id"
+      - from: "context:inputs.user_rule"
+        as: "agents_dot_md"
+        optional: True
+      - from: "context:inputs.workspace_agent_skills"
+        as: "workspace_agent_skills"
+        optional: True
+    ui_log_events:
+      - "on_tool_execution_success"
+      - "on_tool_execution_failed"
+
+  - name: "git_commit"
+    type: AgentComponent
+    prompt_id: "commit_changes"
+    prompt_version: "^1.0.0"
+    inputs:
+      - from: "context:project_http_url_to_repo"
+        as: "repository_url"
+      - from: "context:inputs.user_rule"
+        as: "agents_dot_md"
+        optional: True
+      - from: "context:inputs.workspace_agent_skills"
+        as: "workspace_agent_skills"
+        optional: True
+    toolset:
+      - "run_git_command"
+    ui_log_events:
+      - "on_tool_execution_success"
+      - "on_tool_execution_failed"
+
+  - name: "git_push"
+    type: AgentComponent
+    prompt_id: "convert_ci_push_changes"
+    prompt_version: "^1.0.0"
+    inputs:
+      - from: "context:project_http_url_to_repo"
+        as: "repository_url"
+      - from: "context:create_repository_branch.final_answer"
+        as: "target_branch_details"
+      - from: "context:inputs.agent_platform_standard_context.primary_branch"
+        as: "source_branch"
+      - from: "context:project_id"
+        as: "project_id"
+      - from: "context:workflow_id"
+        as: "workflow_id"
+      - from: "context:session_url"
+        as: "session_url"
+      - from: "context:inputs.user_rule"
+        as: "agents_dot_md"
+        optional: True
+      - from: "context:inputs.workspace_agent_skills"
+        as: "workspace_agent_skills"
+        optional: True
+    toolset:
+      - "run_git_command"
+      - "create_merge_request"
+    ui_log_events:
+      - "on_agent_final_answer"
+      - "on_tool_execution_success"
+      - "on_tool_execution_failed"
+
+routers:
+  - from: "load_jenkins_file"
+    to: "convert_to_gitlab_ci"
+  - from: "convert_to_gitlab_ci"
+    to: "create_repository_branch"
+  - from: "create_repository_branch"
+    to: "git_commit"
+  - from: "git_commit"
+    to: "git_push"
+  - from: "git_push"
+    to: "end"
+
+flow:
+  entry_point: "load_jenkins_file"
+  inputs:
+    - category: agent_user_environment
+      input_schema:
+        source_branch:
+          type: string
+          description: Source branch of the Jenkins file
+    - category: agent_platform_standard_context
+      input_schema:
+        workload_branch:
+          type: string
+          description: The workload branch for the GitLab Merge Request
+        primary_branch:
+          type: string
+          description: Merge Request target branch
+        session_owner_id:
+          type: string
+          description: Human user's ID that initiated the flow
+`,
+  "developer": `version: "v1"
+environment: ambient
+
+components:
+  - name: "issue_parser"
+    type: DeterministicStepComponent
+    tool_name: "get_issue"
+    inputs:
+      - from: "context:goal"
+        as: "url"
+    ui_log_events:
+      - "on_tool_execution_success"
+      - "on_tool_execution_failed"
+  - name: "create_repository_branch"
+    type: AgentComponent
+    prompt_id: "create_repository_branch"
+    prompt_version: "^1.0.0"
+    toolset:
+      - "run_git_command"
+    model_size_preference: "small"
+    inputs:
+      - from: "context:project_id"
+        as: "project_id"
+      - from: "context:inputs.agent_platform_standard_context.primary_branch"
+        as: "ref"
+      - from: "context:project_http_url_to_repo"
+        as: "repository_url"
+      - from: "context:issue_parser.tool_responses"
+        as: "naming_context"
+      - from: "context:workflow_id"
+        as: "workflow_id"
+      - from: "context:inputs.user_rule"
+        as: "agents_dot_md"
+        optional: True
+      - from: "context:inputs.workspace_agent_skills"
+        as: "workspace_agent_skills"
+        optional: True
+    ui_log_events:
+      - "on_tool_execution_success"
+      - "on_tool_execution_failed"
+  - name: "draft_merge_request_creator"
+    type: OneOffComponent
+    prompt_id: "create_merge_request"
+    prompt_version: "^1.0.0"
+    tool_name: "create_merge_request"
+    model_size_preference: "small"
+    inputs:
+      - from: "context:goal"
+        as: "issue_url"
+      - from: "context:project_id"
+        as: "project_id"
+      - from: "context:issue_parser.tool_responses"
+        as: "issue_details"
+      - from: "context:create_repository_branch.final_answer"
+        as: "source_branch_details"
+      - from: "context:inputs.agent_platform_standard_context.primary_branch"
+        as: "target_branch"
+      - from: "context:inputs.user_rule"
+        as: "agents_dot_md"
+        optional: True
+      - from: "context:inputs.workspace_agent_skills"
+        as: "workspace_agent_skills"
+        optional: True
+    ui_log_events:
+      - "on_tool_call_input"
+      - "on_tool_execution_success"
+      - "on_tool_execution_failed"
+  - name: "tool_listing_agent"
+    type: AgentComponent
+    prompt_id: "list_available_tools"
+    prompt_version: "^1.0.0"
+    model_size_preference: "large"
+    toolset:
+      - "list_issues"
+      - "get_issue"
+      - "list_issue_notes"
+      - "get_issue_note"
+      - "get_job_logs"
+      - "get_merge_request"
+      - "get_pipeline_failing_jobs"
+      - "get_project"
+      - "list_all_merge_request_notes"
+      - "list_merge_request_diffs"
+      - "gitlab_issue_search"
+      - "gitlab_merge_request_search"
+      - "read_file"
+      - "create_file_with_contents"
+      - "edit_file"
+      - "find_files"
+      - "grep"
+      - "mkdir"
+      - "get_epic"
+      - "list_epics"
+      - "get_repository_file"
+      - "list_dir"
+      - "list_epic_notes"
+      - "get_epic_note"
+      - "get_commit"
+      - "run_command"
+  - name: "planning_agent"
+    type: AgentComponent
+    prompt_id: "developer_planner"
+    prompt_version: "^1.0.0"
+    model_size_preference: "small"
+    inputs:
+      - from: "context:project_id"
+        as: "project_id"
+      - from: "context:project_http_url_to_repo"
+        as: "repository_url"
+      - from: "context:issue_parser.tool_responses"
+        as: "issue_details"
+      - from: "context:tool_listing_agent.final_answer"
+        as: "coding_agent_tools"
+      - from: "context:inputs.user_rule"
+        as: "agents_dot_md"
+        optional: True
+      - from: "context:inputs.workspace_agent_skills"
+        as: "workspace_agent_skills"
+        optional: True
+    toolset:
+      - "list_issues"
+      - "get_issue"
+      - "list_issue_notes"
+      - "get_issue_note"
+      - "get_job_logs"
+      - "get_merge_request"
+      - "get_project"
+      - "get_pipeline_failing_jobs"
+      - "list_all_merge_request_notes"
+      - "list_merge_request_diffs"
+      - "gitlab_issue_search"
+      - "gitlab_merge_request_search"
+      - "read_file"
+      - "find_files"
+      - "list_dir"
+      - "grep"
+      - "get_epic"
+      - "list_epics"
+      - "get_repository_file"
+      - "list_epic_notes"
+      - "get_epic_note"
+      - "get_commit"
+      - "list_commits"
+      - "get_commit_comments"
+      - "get_commit_diff"
+      - "get_work_item"
+      - "list_work_items"
+      - "get_work_item_notes"
+    ui_log_events:
+      - "on_tool_execution_success"
+      - "on_tool_execution_failed"
+      - "on_agent_final_answer"
+
+  - name: "add_plan_comment"
+    type: OneOffComponent
+    prompt_id: "developer_add_plan_comment"
+    prompt_version: "^1.0.0"
+    model_size_preference: "small"
+    inputs:
+      - from: "context:planning_agent.final_answer"
+        as: "plan_text"
+      - from: "context:draft_merge_request_creator.tool_responses"
+        as: "merge_request_details"
+      - from: "context:inputs.user_rule"
+        as: "agents_dot_md"
+        optional: True
+      - from: "context:inputs.workspace_agent_skills"
+        as: "workspace_agent_skills"
+        optional: True
+    toolset:
+      - "create_merge_request_note"
+    ui_log_events:
+      - "on_tool_execution_success"
+      - "on_tool_execution_failed"
+
+  - name: "programming_agent"
+    type: AgentComponent
+    prompt_id: "programming_agent"
+    prompt_version: "^1.0.0"
+    model_size_preference: "small"
+    inputs:
+      - from: "context:project_id"
+        as: "project_id"
+      - from: "context:project_http_url_to_repo"
+        as: "repository_url"
+      - from: "context:planning_agent.final_answer"
+        as: "planner_handover"
+      - from: "context:inputs.os_information"
+        as: "os_information"
+      - from: "context:inputs.user_rule"
+        as: "agents_dot_md"
+        optional: True
+      - from: "context:inputs.workspace_agent_skills"
+        as: "workspace_agent_skills"
+        optional: True
+    toolset:
+      - "list_issues"
+      - "get_issue"
+      - "list_issue_notes"
+      - "get_issue_note"
+      - "get_job_logs"
+      - "get_merge_request"
+      - "get_pipeline_failing_jobs"
+      - "get_project"
+      - "list_all_merge_request_notes"
+      - "list_merge_request_diffs"
+      - "gitlab_issue_search"
+      - "gitlab_merge_request_search"
+      - "read_file"
+      - "create_file_with_contents"
+      - "edit_file"
+      - "find_files"
+      - "grep"
+      - "mkdir"
+      - "get_epic"
+      - "list_epics"
+      - "get_repository_file"
+      - "list_dir"
+      - "list_epic_notes"
+      - "get_epic_note"
+      - "get_commit"
+      - "run_command"
+    ui_log_events:
+      - "on_tool_execution_success"
+      - "on_tool_execution_failed"
+      - "on_agent_final_answer"
+  - name: "git_actions"
+    type: OneOffComponent
+    prompt_id: "push_to_remote"
+    prompt_version: "^1.0.0"
+    model_size_preference: "small"
+    inputs:
+      - from: "context:project_http_url_to_repo"
+        as: "repository_url"
+      - from: "context:programming_agent.final_answer"
+        as: "programming_agent_handover"
+      - from: "context:draft_merge_request_creator.tool_responses"
+        as: "merge_request_details"
+      - from: "context:inputs.agent_platform_standard_context.session_owner_id"
+        as: "assignee_id"
+      - from: "context:goal"
+        as: "issue_url"
+      - from: "context:inputs.user_rule"
+        as: "agents_dot_md"
+        optional: True
+      - from: "context:inputs.workspace_agent_skills"
+        as: "workspace_agent_skills"
+        optional: True
+    toolset:
+      - "run_git_command"
+      - "update_merge_request"
+    ui_log_events:
+      - "on_tool_execution_success"
+      - "on_tool_execution_failed"
+
+routers:
+  - from: "issue_parser"
+    to: "create_repository_branch"
+  - from: "create_repository_branch"
+    to: "draft_merge_request_creator"
+  - from: "draft_merge_request_creator"
+    to: "tool_listing_agent"
+  - from: "tool_listing_agent"
+    to: "planning_agent"
+  - from: "planning_agent"
+    to: "add_plan_comment"
+  - from: "add_plan_comment"
+    to: "programming_agent"
+  - from: "programming_agent"
+    to: "git_actions"
+  - from: "git_actions"
+    condition:
+      input: "context:git_actions.execution_result"
+      routes:
+        "success": "end"
+        "failed": "abort"
+
+flow:
+  entry_point: "issue_parser"
+  inputs:
+    - category: agent_platform_standard_context
+      input_schema:
+        workload_branch:
+          type: string
+          description: The workload branch for the GitLab Merge Request
+        primary_branch:
+          type: string
+          description: Merge Request target branch
+        session_owner_id:
+          type: string
+          description: Human user's ID that initiated the flow
+`,
+  "duo_permissions_assistant": `version: "v1"
+environment: chat-partial
+components:
+  - name: "duo_permissions_assistant"
+    type: AgentComponent
+    prompt_id: "duo_permissions_assistant_prompt"
+    inputs:
+      - from: "context:goal"
+        as: "goal"
+    toolset:
+      - "gitlab_graphql"
+      - "update_form_permissions"
+    ui_log_events:
+      - "on_agent_final_answer"
+      - "on_tool_execution_success"
+routers: []
+flow:
+  entry_point: "duo_permissions_assistant"
+prompts:
+  - name: "duo_permissions_assistant_prompt"
+    prompt_id: "duo_permissions_assistant_prompt"
+    model:
+      params:
+        max_tokens: 8192
+    unit_primitives:
+      - duo_agent_platform
+    prompt_template:
+      system: |
+        You are a GitLab fine-grained access token permissions assistant.
+        You help users pick the right permissions for their access tokens.
+
+        STEP 1 \u2014 FETCH PERMISSIONS:
+        On the first message, call the gitlab_graphql tool with this query to get all available permissions:
+        query GetAccessTokenPermissions { accessTokenPermissions { name description } }
+
+        STEP 2 \u2014 SUGGEST PERMISSIONS:
+        Using ONLY permission names returned by the tool:
+        - Always suggest specific permissions immediately based on what the user describes. Do not ask clarifying questions about scope, projects, groups, or access level \u2014 you cannot act on that information.
+        - Apply the principle of least privilege.
+        - Do not suggest legacy scopes (api, read_api, write_repository, etc.) or anything not in the tool results.
+        - If nothing matches, say: "No matching permissions are available."
+        - IMPORTANT: Each user message is a standalone request. Do NOT use prior conversation turns to infer what is currently selected \u2014 the user may have changed the form manually between messages. Only act on what the user explicitly asks for right now.
+        - If the user's request is vague, make your best guess and explain your reasoning. The user can refine afterward.
+
+        STEP 3 \u2014 APPLY CHANGES:
+        After explaining your reasoning, call the update_form_permissions tool to apply the changes.
+        Only include "select" and/or "clear" as needed.
+      user: |
+        {{goal}}
+      placeholder: history
+`,
+  "fix_pipeline": `name: "Fix pipeline"
+description: |
+  Fix pipeline flow can be run for a failed CI jobs.
+  It opens a new MR with changes that address root cause of CI job failures.
+product_group: agent_foundations
+version: "v1"
+environment: ambient
+
+components:
+  - name: "fix_pipeline_context"
+    type: AgentComponent
+    prompt_id: "fix_pipeline_context"
+    prompt_version: "^1.0.0"
+    inputs:
+      - from: "context:goal"
+        as: "pipeline_url"
+      - from: "context:inputs.merge_request.url"
+        as: "merge_request_url"
+      - from: "context:inputs.user_rule"
+        as: "agents_dot_md"
+        optional: True
+      - from: "context:inputs.workspace_agent_skills"
+        as: "workspace_agent_skills"
+        optional: True
+    toolset:
+      - get_downstream_pipelines
+      - get_pipeline_failing_jobs
+      - get_job_logs
+      - list_merge_request_diffs
+      - read_file
+      - find_files
+      - list_dir
+    ui_log_events:
+      - "on_agent_final_answer"
+      - "on_tool_execution_success"
+      - "on_tool_execution_failed"
+
+  - name: "fix_pipeline_decide_approach"
+    type: AgentComponent
+    prompt_id: "fix_pipeline_decide_approach"
+    prompt_version: "^1.0.0"
+    response_schema_id: "fix_pipeline_decide_approach"
+    response_schema_version: "^1.0.0"
+    inputs:
+      - from: "context:fix_pipeline_context.final_answer"
+        as: "fix_pipeline_context_results"
+    toolset: []
+    ui_log_events:
+      - "on_agent_final_answer"
+
+  - name: "fix_pipeline_add_comment"
+    type: AgentComponent
+    prompt_id: "fix_pipeline_add_comment"
+    prompt_version: "^1.0.0"
+    inputs:
+      - from: "context:goal"
+        as: "pipeline_url"
+      - from: "context:inputs.merge_request.url"
+        as: "merge_request_url"
+      - from: "context:fix_pipeline_context.final_answer"
+        as: "fix_pipeline_context_results"
+      - from: "context:inputs.user_rule"
+        as: "agents_dot_md"
+        optional: True
+      - from: "context:workflow_id"
+        as: "workflow_id"
+      - from: "context:session_url"
+        as: "session_url"
+      - from: "context:inputs.workspace_agent_skills"
+        as: "workspace_agent_skills"
+        optional: True
+    toolset: ["create_merge_request_note"]
+    ui_log_events:
+      - "on_agent_final_answer"
+      - "on_tool_execution_success"
+      - "on_tool_execution_failed"
+
+  - name: "create_repository_branch"
+    type: AgentComponent
+    prompt_id: "create_repository_branch"
+    prompt_version: "^1.0.0"
+    toolset:
+      - "run_git_command"
+    inputs:
+      - from: "context:project_id"
+        as: "project_id"
+      - from: "context:inputs.pipeline.source_branch"
+        as: "ref"
+      - from: "context:project_http_url_to_repo"
+        as: "repository_url"
+      - from: "context:fix_pipeline_context.final_answer"
+        as: "naming_context"
+      - from: "context:workflow_id"
+        as: "workflow_id"
+      - from: "context:inputs.user_rule"
+        as: "agents_dot_md"
+        optional: True
+      - from: "context:inputs.workspace_agent_skills"
+        as: "workspace_agent_skills"
+        optional: True
+    ui_log_events:
+      - "on_tool_execution_success"
+      - "on_tool_execution_failed"
+
+  - name: "fix_pipeline_create_plan"
+    type: AgentComponent
+    prompt_id: "fix_pipeline_create_plan"
+    prompt_version: "^1.0.0"
+    inputs:
+      - from: "context:fix_pipeline_context.final_answer"
+        as: "fix_pipeline_context_results"
+      - from: "context:inputs.pipeline.source_branch"
+        as: "source_branch"
+      - from: "context:inputs.user_rule"
+        as: "agents_dot_md"
+        optional: True
+      - from: "context:inputs.workspace_agent_skills"
+        as: "workspace_agent_skills"
+        optional: True
+    toolset: []
+    ui_log_events:
+      - "on_agent_final_answer"
+
+  - name: "fix_pipeline_execution"
+    type: AgentComponent
+    prompt_id: "fix_pipeline_execution"
+    prompt_version: "^1.0.0"
+    inputs:
+      - from: "context:fix_pipeline_context.final_answer"
+        as: "fix_pipeline_context_results"
+      - from: "context:fix_pipeline_create_plan.final_answer"
+        as: "fix_pipeline_plan"
+      - from: "context:inputs.user_rule"
+        as: "agents_dot_md"
+        optional: True
+      - from: "context:inputs.os_information"
+        as: "os_information"
+      - from: "context:inputs.workspace_agent_skills"
+        as: "workspace_agent_skills"
+        optional: True
+    toolset:
+      - create_file_with_contents
+      - edit_file
+      - find_files
+      - mkdir
+      - read_file
+      - run_command
+    ui_log_events:
+      - "on_agent_final_answer"
+      - "on_tool_execution_success"
+      - "on_tool_execution_failed"
+
+  - name: "fix_pipeline_git_commit"
+    type: AgentComponent
+    prompt_id: "commit_changes"
+    prompt_version: "^1.0.0"
+    inputs:
+      - from: "context:project_http_url_to_repo"
+        as: "repository_url"
+      - from: "context:inputs.user_rule"
+        as: "agents_dot_md"
+        optional: True
+      - from: "context:inputs.workspace_agent_skills"
+        as: "workspace_agent_skills"
+        optional: True
+    toolset:
+      - "run_git_command"
+    ui_log_events:
+      - "on_tool_execution_success"
+      - "on_tool_execution_failed"
+
+  - name: "fix_pipeline_git_push"
+    type: AgentComponent
+    prompt_id: "fix_pipeline_push_changes"
+    prompt_version: "^1.0.0"
+    inputs:
+      - from: "context:goal"
+        as: "pipeline_url"
+      - from: "context:project_http_url_to_repo"
+        as: "repository_url"
+      - from: "context:inputs.merge_request.url"
+        as: "merge_request_url"
+      - from: "context:inputs.pipeline.source_branch"
+        as: "source_branch"
+      - from: "context:inputs.user_rule"
+        as: "agents_dot_md"
+        optional: True
+      - from: "context:workflow_id"
+        as: "workflow_id"
+      - from: "context:session_url"
+        as: "session_url"
+      - from: "context:project_id"
+        as: "project_id"
+      - from: "context:create_repository_branch.final_answer"
+        as: "target_branch_details"
+      - from: "context:inputs.agent_platform_standard_context.primary_branch"
+        as: "default_branch"
+      - from: "context:inputs.workspace_agent_skills"
+        as: "workspace_agent_skills"
+        optional: True
+    toolset:
+      - "run_git_command"
+      - "create_merge_request"
+    ui_log_events:
+      - "on_agent_final_answer"
+      - "on_tool_execution_success"
+      - "on_tool_execution_failed"
+
+  - name: "fix_pipeline_summarize"
+    type: OneOffComponent
+    prompt_id: "fix_pipeline_summarize_changes"
+    prompt_version: "^1.0.0"
+    inputs:
+      - from: "context:goal"
+        as: "pipeline_url"
+      - from: "context:inputs.merge_request.url"
+        as: "merge_request_url"
+      - from: "context:inputs.user_rule"
+        as: "agents_dot_md"
+        optional: True
+      - from: "context:fix_pipeline_git_push.final_answer"
+        as: "git_push_response"
+      - from: "context:workflow_id"
+        as: "workflow_id"
+      - from: "context:session_url"
+        as: "session_url"
+      - from: "context:fix_pipeline_execution.final_answer"
+        as: "execution_results"
+      - from: "context:inputs.agent_platform_standard_context.session_owner_id"
+        as: "assignee_id"
+      - from: "context:inputs.workspace_agent_skills"
+        as: "workspace_agent_skills"
+        optional: True
+    toolset:
+      - "update_merge_request"
+    ui_log_events:
+      - "on_agent_final_answer"
+      - "on_tool_execution_success"
+      - "on_tool_execution_failed"
+
+  - name: "fix_pipeline_decide_comment"
+    type: AgentComponent
+    prompt_id: "fix_pipeline_decide_comment"
+    prompt_version: "^1.0.0"
+    response_schema_id: "fix_pipeline_decide_comment"
+    response_schema_version: "^1.0.0"
+    inputs:
+      - from: "context:inputs.merge_request.url"
+        as: "merge_request_url"
+      - from: "context:inputs.user_rule"
+        as: "agents_dot_md"
+        optional: True
+      - from: "context:inputs.workspace_agent_skills"
+        as: "workspace_agent_skills"
+        optional: True
+    toolset: []
+    ui_log_events:
+      - "on_agent_final_answer"
+
+  - name: "fix_pipeline_comment_link"
+    type: OneOffComponent
+    prompt_id: "fix_pipeline_comment_link"
+    prompt_version: "^1.0.0"
+    max_correction_attempts: 3
+    inputs:
+      - from: "context:inputs.merge_request.url"
+        as: "merge_request_url"
+      - from: "context:fix_pipeline_git_push.final_answer"
+        as: "git_push_response"
+      - from: "context:inputs.user_rule"
+        as: "agents_dot_md"
+        optional: True
+      - from: "context:workflow_id"
+        as: "workflow_id"
+      - from: "context:session_url"
+        as: "session_url"
+      - from: "context:inputs.workspace_agent_skills"
+        as: "workspace_agent_skills"
+        optional: True
+    toolset: ["create_merge_request_note"]
+    ui_log_events:
+      - "on_tool_execution_success"
+      - "on_tool_execution_failed"
+
+routers:
+  - from: "fix_pipeline_context"
+    to: "fix_pipeline_decide_approach"
+  - from: "fix_pipeline_decide_approach"
+    condition:
+      input: "context:fix_pipeline_decide_approach.final_answer.decision"
+      routes:
+        "add_comment": "fix_pipeline_add_comment"
+        "create_fix": "create_repository_branch"
+        "default_route": "fix_pipeline_add_comment"
+  - from: "fix_pipeline_add_comment"
+    to: "end"
+  - from: "create_repository_branch"
+    to: "fix_pipeline_create_plan"
+  - from: "fix_pipeline_create_plan"
+    to: "fix_pipeline_execution"
+  - from: "fix_pipeline_execution"
+    to: "fix_pipeline_git_commit"
+  - from: "fix_pipeline_git_commit"
+    to: "fix_pipeline_git_push"
+  - from: "fix_pipeline_git_push"
+    to: "fix_pipeline_summarize"
+  - from: "fix_pipeline_summarize"
+    to: "fix_pipeline_decide_comment"
+  - from: "fix_pipeline_decide_comment"
+    condition:
+      input: "context:fix_pipeline_decide_comment.final_answer.decision"
+      routes:
+        "comment_link": "fix_pipeline_comment_link"
+        "end": "end"
+        "default_route": "end"
+  - from: "fix_pipeline_comment_link"
+    to: "end"
+
+flow:
+  entry_point: "fix_pipeline_context"
+  inputs:
+    - category: merge_request
+      input_schema:
+        url:
+          type: string
+          format: uri
+          description: The URL for the GitLab Merge Request
+    - category: pipeline
+      input_schema:
+        source_branch:
+          type: string
+    - category: agent_platform_standard_context
+      input_schema:
+        workload_branch:
+          type: string
+          description: The workload branch for the GitLab Merge Request
+        primary_branch:
+          type: string
+          description: Merge Request target branch
+        session_owner_id:
+          type: string
+          description: Human user's ID that initiated the flow
+`,
+  "fix_pipeline_next": `name: "Fix pipeline (next)"
+description: |
+  Fix pipeline flow can be run for a failed CI jobs.
+  When a merge request URL is provided, it pushes the fix directly to that MR's branch.
+  Otherwise it opens a new MR with changes that address root cause of CI job failures.
+product_group: agent_foundations
+version: "v1"
+environment: ambient
+
+components:
+  - name: "fix_pipeline_context"
+    type: AgentComponent
+    prompt_id: "fix_pipeline_context"
+    prompt_version: "^1.0.0"
+    inputs:
+      - from: "context:goal"
+        as: "pipeline_url"
+      - from: "context:inputs.merge_request.url"
+        as: "merge_request_url"
+      - from: "context:inputs.user_rule"
+        as: "agents_dot_md"
+        optional: True
+      - from: "context:inputs.workspace_agent_skills"
+        as: "workspace_agent_skills"
+        optional: True
+    toolset:
+      - get_downstream_pipelines
+      - get_pipeline_failing_jobs
+      - get_job_logs
+      - list_merge_request_diffs
+      - read_file
+      - find_files
+      - list_dir
+    ui_log_events:
+      - "on_agent_final_answer"
+      - "on_tool_execution_success"
+      - "on_tool_execution_failed"
+
+  - name: "fix_pipeline_next_decide_approach"
+    type: AgentComponent
+    prompt_id: "fix_pipeline_next_decide_approach"
+    prompt_version: "^1.0.0"
+    response_schema_id: "fix_pipeline_next_decide_approach"
+    response_schema_version: "^1.0.0"
+    inputs:
+      - from: "context:fix_pipeline_context.final_answer"
+        as: "fix_pipeline_context_results"
+      - from: "context:inputs.merge_request.url"
+        as: "merge_request_url"
+        optional: True
+      - from: "context:inputs.user_rule"
+        as: "agents_dot_md"
+        optional: True
+    toolset: []
+    ui_log_events:
+      - "on_agent_final_answer"
+
+  - name: "fix_pipeline_add_comment"
+    type: AgentComponent
+    prompt_id: "fix_pipeline_add_comment"
+    prompt_version: "^1.0.0"
+    inputs:
+      - from: "context:goal"
+        as: "pipeline_url"
+      - from: "context:inputs.merge_request.url"
+        as: "merge_request_url"
+      - from: "context:fix_pipeline_context.final_answer"
+        as: "fix_pipeline_context_results"
+      - from: "context:inputs.user_rule"
+        as: "agents_dot_md"
+        optional: True
+      - from: "context:workflow_id"
+        as: "workflow_id"
+      - from: "context:session_url"
+        as: "session_url"
+      - from: "context:inputs.workspace_agent_skills"
+        as: "workspace_agent_skills"
+        optional: True
+    toolset: ["create_merge_request_note"]
+    ui_log_events:
+      - "on_agent_final_answer"
+      - "on_tool_execution_success"
+      - "on_tool_execution_failed"
+
+  - name: "fix_pipeline_next_checkout_existing_branch"
+    type: AgentComponent
+    prompt_id: "fix_pipeline_next_checkout_existing_branch"
+    prompt_version: "^1.0.0"
+    inputs:
+      - from: "context:inputs.pipeline.source_branch"
+        as: "ref"
+      - from: "context:project_http_url_to_repo"
+        as: "repository_url"
+      - from: "context:inputs.user_rule"
+        as: "agents_dot_md"
+        optional: True
+    toolset:
+      - "run_git_command"
+    ui_log_events:
+      - "on_tool_execution_success"
+      - "on_tool_execution_failed"
+
+  - name: "create_repository_branch"
+    type: AgentComponent
+    prompt_id: "create_repository_branch"
+    prompt_version: "^1.0.0"
+    toolset:
+      - "run_git_command"
+    inputs:
+      - from: "context:project_id"
+        as: "project_id"
+      - from: "context:inputs.pipeline.source_branch"
+        as: "ref"
+      - from: "context:project_http_url_to_repo"
+        as: "repository_url"
+      - from: "context:fix_pipeline_context.final_answer"
+        as: "naming_context"
+      - from: "context:workflow_id"
+        as: "workflow_id"
+      - from: "context:inputs.user_rule"
+        as: "agents_dot_md"
+        optional: True
+      - from: "context:inputs.workspace_agent_skills"
+        as: "workspace_agent_skills"
+        optional: True
+    ui_log_events:
+      - "on_tool_execution_success"
+      - "on_tool_execution_failed"
+
+  - name: "fix_pipeline_create_plan"
+    type: AgentComponent
+    prompt_id: "fix_pipeline_create_plan"
+    prompt_version: "^1.0.0"
+    inputs:
+      - from: "context:fix_pipeline_context.final_answer"
+        as: "fix_pipeline_context_results"
+      - from: "context:inputs.pipeline.source_branch"
+        as: "source_branch"
+      - from: "context:inputs.user_rule"
+        as: "agents_dot_md"
+        optional: True
+      - from: "context:inputs.workspace_agent_skills"
+        as: "workspace_agent_skills"
+        optional: True
+    toolset: []
+    ui_log_events:
+      - "on_agent_final_answer"
+
+  - name: "fix_pipeline_execution"
+    type: AgentComponent
+    prompt_id: "fix_pipeline_execution"
+    prompt_version: "^1.0.0"
+    inputs:
+      - from: "context:fix_pipeline_context.final_answer"
+        as: "fix_pipeline_context_results"
+      - from: "context:fix_pipeline_create_plan.final_answer"
+        as: "fix_pipeline_plan"
+      - from: "context:inputs.user_rule"
+        as: "agents_dot_md"
+        optional: True
+      - from: "context:inputs.os_information"
+        as: "os_information"
+      - from: "context:inputs.workspace_agent_skills"
+        as: "workspace_agent_skills"
+        optional: True
+    toolset:
+      - create_file_with_contents
+      - edit_file
+      - find_files
+      - mkdir
+      - read_file
+      - run_command
+    ui_log_events:
+      - "on_agent_final_answer"
+      - "on_tool_execution_success"
+      - "on_tool_execution_failed"
+
+  - name: "fix_pipeline_git_commit"
+    type: AgentComponent
+    prompt_id: "commit_changes"
+    prompt_version: "^1.0.0"
+    inputs:
+      - from: "context:project_http_url_to_repo"
+        as: "repository_url"
+      - from: "context:inputs.user_rule"
+        as: "agents_dot_md"
+        optional: True
+      - from: "context:inputs.workspace_agent_skills"
+        as: "workspace_agent_skills"
+        optional: True
+    toolset:
+      - "run_git_command"
+    ui_log_events:
+      - "on_tool_execution_success"
+      - "on_tool_execution_failed"
+
+  - name: "fix_pipeline_git_push"
+    type: AgentComponent
+    prompt_id: "fix_pipeline_next_push_changes"
+    prompt_version: "^1.0.0"
+    inputs:
+      - from: "context:project_http_url_to_repo"
+        as: "repository_url"
+      - from: "context:inputs.user_rule"
+        as: "agents_dot_md"
+        optional: True
+    toolset:
+      - "run_git_command"
+    ui_log_events:
+      - "on_agent_final_answer"
+      - "on_tool_execution_success"
+      - "on_tool_execution_failed"
+
+  - name: "fix_pipeline_next_create_new_mr"
+    type: AgentComponent
+    prompt_id: "fix_pipeline_next_create_new_mr"
+    prompt_version: "^1.0.0"
+    inputs:
+      - from: "context:goal"
+        as: "pipeline_url"
+      - from: "context:project_id"
+        as: "project_id"
+      - from: "context:inputs.pipeline.source_branch"
+        as: "source_branch"
+      - from: "context:inputs.agent_platform_standard_context.primary_branch"
+        as: "default_branch"
+      - from: "context:fix_pipeline_git_push.final_answer"
+        as: "git_push_response"
+      - from: "context:fix_pipeline_execution.final_answer"
+        as: "execution_results"
+      - from: "context:workflow_id"
+        as: "workflow_id"
+      - from: "context:session_url"
+        as: "session_url"
+      - from: "context:inputs.agent_platform_standard_context.session_owner_id"
+        as: "assignee_id"
+      - from: "context:inputs.user_rule"
+        as: "agents_dot_md"
+        optional: True
+    toolset:
+      - "create_merge_request"
+      - "update_merge_request"
+    ui_log_events:
+      - "on_agent_final_answer"
+      - "on_tool_execution_success"
+      - "on_tool_execution_failed"
+
+  - name: "fix_pipeline_next_comment_existing_mr"
+    type: OneOffComponent
+    prompt_id: "fix_pipeline_next_comment_existing_mr"
+    prompt_version: "^1.0.0"
+    inputs:
+      - from: "context:inputs.merge_request.url"
+        as: "merge_request_url"
+      - from: "context:fix_pipeline_git_push.final_answer"
+        as: "git_push_response"
+      - from: "context:fix_pipeline_execution.final_answer"
+        as: "execution_results"
+      - from: "context:workflow_id"
+        as: "workflow_id"
+      - from: "context:session_url"
+        as: "session_url"
+      - from: "context:inputs.user_rule"
+        as: "agents_dot_md"
+        optional: True
+    toolset:
+      - "create_merge_request_note"
+    ui_log_events:
+      - "on_tool_execution_success"
+      - "on_tool_execution_failed"
+
+routers:
+  - from: "fix_pipeline_context"
+    to: "fix_pipeline_next_decide_approach"
+  - from: "fix_pipeline_next_decide_approach"
+    condition:
+      input: "context:fix_pipeline_next_decide_approach.final_answer.decision"
+      routes:
+        "add_comment": "fix_pipeline_add_comment"
+        "create_fix_on_new_mr": "create_repository_branch"
+        "create_fix_on_existing_mr": "fix_pipeline_next_checkout_existing_branch"
+        "default_route": "fix_pipeline_add_comment"
+  - from: "fix_pipeline_add_comment"
+    to: "end"
+  - from: "fix_pipeline_next_checkout_existing_branch"
+    to: "fix_pipeline_create_plan"
+  - from: "create_repository_branch"
+    to: "fix_pipeline_create_plan"
+  - from: "fix_pipeline_create_plan"
+    to: "fix_pipeline_execution"
+  - from: "fix_pipeline_execution"
+    to: "fix_pipeline_git_commit"
+  - from: "fix_pipeline_git_commit"
+    to: "fix_pipeline_git_push"
+  - from: "fix_pipeline_git_push"
+    condition:
+      input: "context:fix_pipeline_next_decide_approach.final_answer.decision"
+      routes:
+        "create_fix_on_existing_mr": "fix_pipeline_next_comment_existing_mr"
+        "create_fix_on_new_mr": "fix_pipeline_next_create_new_mr"
+        "default_route": "fix_pipeline_next_create_new_mr"
+  - from: "fix_pipeline_next_comment_existing_mr"
+    to: "end"
+  - from: "fix_pipeline_next_create_new_mr"
+    to: "end"
+
+flow:
+  entry_point: "fix_pipeline_context"
+  inputs:
+    - category: merge_request
+      input_schema:
+        url:
+          type: string
+          format: uri
+          description: The URL for the GitLab Merge Request
+    - category: pipeline
+      input_schema:
+        source_branch:
+          type: string
+    - category: agent_platform_standard_context
+      input_schema:
+        workload_branch:
+          type: string
+          description: The workload branch for the GitLab Merge Request
+        primary_branch:
+          type: string
+          description: Merge Request target branch
+        session_owner_id:
+          type: string
+          description: Human user's ID that initiated the flow
+`,
+  "project_activity": 'name: "Project Activity"\ndescription: |\n  Summarize the issue and MR activity in a project for a given timeframe.\nproduct_group: agent_foundations\nversion: "v1"\nenvironment: ambient\n\ncomponents:\n  - name: "fetch_new_issues"\n    type: AgentComponent\n    prompt_id: "project_activity_fetch_issues_new"\n    prompt_version: "^1.0.0"\n    toolset:\n      - "list_issues"\n      - "gitlab_api_get"\n      - "gitlab_issue_search"\n      - "get_issue"\n      - "list_issue_notes"\n      - "get_issue_note"\n    inputs:\n      - from: "context:project_id"\n        as: "project_id"\n      - from: "context:goal"\n        as: "date_range"\n    ui_log_events:\n      - "on_tool_execution_success"\n      - "on_tool_execution_failed"\n      - "on_agent_final_answer"\n  - name: "fetch_closed_issues"\n    type: AgentComponent\n    prompt_id: "project_activity_fetch_issues_closed"\n    prompt_version: "^1.0.0"\n    toolset:\n      - "list_issues"\n      - "gitlab_api_get"\n      - "gitlab_issue_search"\n      - "get_issue"\n      - "list_issue_notes"\n      - "get_issue_note"\n    inputs:\n      - from: "context:project_id"\n        as: "project_id"\n      - from: "context:goal"\n        as: "date_range"\n    ui_log_events:\n      - "on_tool_execution_success"\n      - "on_tool_execution_failed"\n      - "on_agent_final_answer"\n  - name: "fetch_updated_issues"\n    type: AgentComponent\n    prompt_id: "project_activity_fetch_issues_updated"\n    prompt_version: "^1.0.0"\n    toolset:\n      - "list_issues"\n      - "gitlab_api_get"\n      - "gitlab_issue_search"\n      - "get_issue"\n      - "list_issue_notes"\n      - "get_issue_note"\n    inputs:\n      - from: "context:project_id"\n        as: "project_id"\n      - from: "context:goal"\n        as: "date_range"\n    ui_log_events:\n      - "on_tool_execution_success"\n      - "on_tool_execution_failed"\n      - "on_agent_final_answer"\n  - name: "fetch_new_merge_requests"\n    type: AgentComponent\n    prompt_id: "project_activity_fetch_merge_requests_new"\n    prompt_version: "^1.0.0"\n    toolset:\n      - "gitlab_merge_request_search"\n      - "gitlab_api_get"\n      - "get_merge_request"\n      - "list_all_merge_request_notes"\n      - "list_merge_request_diffs"\n    inputs:\n      - from: "context:project_id"\n        as: "project_id"\n      - from: "context:goal"\n        as: "date_range"\n    ui_log_events:\n      - "on_tool_execution_success"\n      - "on_tool_execution_failed"\n      - "on_agent_final_answer"\n  - name: "fetch_closed_merge_requests"\n    type: AgentComponent\n    prompt_id: "project_activity_fetch_merge_requests_closed"\n    prompt_version: "^1.0.0"\n    toolset:\n      - "gitlab_merge_request_search"\n      - "gitlab_api_get"\n      - "get_merge_request"\n      - "list_all_merge_request_notes"\n      - "list_merge_request_diffs"\n    inputs:\n      - from: "context:project_id"\n        as: "project_id"\n      - from: "context:goal"\n        as: "date_range"\n    ui_log_events:\n      - "on_tool_execution_success"\n      - "on_tool_execution_failed"\n      - "on_agent_final_answer"\n  - name: "fetch_updated_merge_requests"\n    type: AgentComponent\n    prompt_id: "project_activity_fetch_merge_requests_updated"\n    prompt_version: "^1.0.0"\n    toolset:\n      - "gitlab_merge_request_search"\n      - "gitlab_api_get"\n      - "get_merge_request"\n      - "list_all_merge_request_notes"\n      - "list_merge_request_diffs"\n    inputs:\n      - from: "context:project_id"\n        as: "project_id"\n      - from: "context:goal"\n        as: "date_range"\n    ui_log_events:\n      - "on_tool_execution_success"\n      - "on_tool_execution_failed"\n      - "on_agent_final_answer"\n  - name: "summarize_activity"\n    type: AgentComponent\n    prompt_id: "project_activity_summarize_project_activity"\n    prompt_version: "^1.0.0"\n    toolset: []\n    inputs:\n      - from: "context:project_id"\n        as: "project_id"\n      - from: "context:goal"\n        as: "date_range"\n      - from: "context:fetch_new_issues.final_answer"\n        as: "new_issues_data"\n      - from: "context:fetch_closed_issues.final_answer"\n        as: "closed_issues_data"\n      - from: "context:fetch_updated_issues.final_answer"\n        as: "updated_issues_data"\n      - from: "context:fetch_new_merge_requests.final_answer"\n        as: "new_merge_requests_data"\n      - from: "context:fetch_closed_merge_requests.final_answer"\n        as: "closed_merge_requests_data"\n      - from: "context:fetch_updated_merge_requests.final_answer"\n        as: "updated_merge_requests_data"\n    ui_log_events:\n      - "on_tool_execution_success"\n      - "on_tool_execution_failed"\n      - "on_agent_final_answer"\n  - name: "create_summary_issue"\n    type: AgentComponent\n    prompt_id: "project_activity_create_summary_issue"\n    prompt_version: "^1.0.0"\n    toolset:\n      - "create_issue"\n      - "gitlab_api_post"\n    inputs:\n      - from: "context:project_id"\n        as: "project_id"\n      - from: "context:goal"\n        as: "date_range"\n      - from: "context:summarize_activity.final_answer"\n        as: "summary"\n    ui_log_events:\n      - "on_tool_execution_success"\n      - "on_tool_execution_failed"\n      - "on_agent_final_answer"\n\nrouters:\n  - from: "fetch_new_issues"\n    to: "fetch_closed_issues"\n  - from: "fetch_closed_issues"\n    to: "fetch_updated_issues"\n  - from: "fetch_updated_issues"\n    to: "fetch_new_merge_requests"\n  - from: "fetch_new_merge_requests"\n    to: "fetch_closed_merge_requests"\n  - from: "fetch_closed_merge_requests"\n    to: "fetch_updated_merge_requests"\n  - from: "fetch_updated_merge_requests"\n    to: "summarize_activity"\n  - from: "summarize_activity"\n    to: "create_summary_issue"\n  - from: "create_summary_issue"\n    to: "end"\n\nflow:\n  entry_point: "fetch_new_issues"\n  inputs: []\n',
+  "resolve_sast_vulnerability": 'version: "v1"\nenvironment: ambient\n\ncomponents:\n  - name: "gather_context"\n    type: DeterministicStepComponent\n    tool_name: "get_vulnerability_details"\n    inputs:\n      - { from: "context:goal", as: "vulnerability_id" }\n    ui_log_events:\n      - "on_tool_execution_success"\n      - "on_tool_execution_failed"\n\n  - name: "evaluate_vuln_fp_status"\n    type: DeterministicStepComponent\n    tool_name: "evaluate_vuln_fp_status"\n    inputs:\n      - from: "context:gather_context.tool_responses"\n        as: "vulnerability_json"\n    toolset:\n      - "evaluate_vuln_fp_status"\n    ui_log_events:\n      - "on_tool_execution_success"\n      - "on_tool_execution_failed"\n\n  - name: "ensure_clean_git_state"\n    type: AgentComponent\n    prompt_id: "ensure_clean_git_state"\n    prompt_version: "1.0.0"\n    response_schema_id: "ensure_clean_git_state"\n    response_schema_version: "^1.0.0"\n    inputs:\n      - from: "context:project_http_url_to_repo"\n        as: "repository_url"\n      - from: "context:project_default_branch"\n        as: "default_branch"\n    toolset:\n      - "run_git_command"\n    ui_log_events:\n      - "on_tool_execution_success"\n      - "on_tool_execution_failed"\n\n  - name: "create_repository_branch"\n    type: AgentComponent\n    prompt_id: "create_repository_branch"\n    prompt_version: "^1.0.0"\n    toolset:\n      - "run_git_command"\n    inputs:\n      - from: "context:project_id"\n        as: "project_id"\n      - from: "context:project_default_branch"\n        as: "ref"\n      - from: "context:project_http_url_to_repo"\n        as: "repository_url"\n      - from: "context:gather_context.tool_responses"\n        as: "naming_context"\n      - from: "context:workflow_id"\n        as: "workflow_id"\n      - from: "context:inputs.user_rule"\n        as: "agents_dot_md"\n        optional: True\n      - from: "context:inputs.workspace_agent_skills"\n        as: "workspace_agent_skills"\n        optional: True\n    ui_log_events:\n      - "on_tool_execution_success"\n      - "on_tool_execution_failed"\n\n  - name: "execute_fix"\n    type: AgentComponent\n    prompt_id: "resolve_sast_vulnerability_execution"\n    prompt_version: "^1.0.0"\n    inputs:\n      - from: "context:gather_context.tool_responses"\n        as: "vulnerability_context"\n    toolset:\n      - "edit_file"\n      - "create_file_with_contents"\n      - "read_file"\n      - "read_files"\n      - "grep"\n      - "find_files"\n      - "list_dir"\n    ui_log_events:\n      - "on_agent_final_answer"\n      - "on_tool_execution_success"\n      - "on_tool_execution_failed"\n\n  - name: "validate_fix_has_changes"\n    type: AgentComponent\n    prompt_id: "validate_sast_fix_has_changes"\n    prompt_version: "1.0.0"\n    response_schema_id: "validate_sast_fix_has_changes"\n    response_schema_version: "^1.0.0"\n    inputs:\n      - from: "context:execute_fix.final_answer"\n        as: "fix_execution_result"\n      - from: "context:project_http_url_to_repo"\n        as: "repository_url"\n    toolset:\n      - "run_git_command"\n    ui_log_events:\n      - "on_agent_final_answer"\n\n  - name: "commit_changes"\n    type: OneOffComponent\n    prompt_id: "resolve_sast_vulnerability_commit"\n    prompt_version: "^1.0.0"\n    max_correction_attempts: 3\n    inputs:\n      - from: "context:gather_context.tool_responses"\n        as: "vulnerability_context"\n      - from: "context:project_http_url_to_repo"\n        as: "repository_url"\n      - from: "context:workflow_id"\n        as: "workflow_id"\n    toolset:\n      - "run_git_command"\n    ui_log_events:\n      - "on_tool_call_input"\n      - "on_tool_execution_success"\n      - "on_tool_execution_failed"\n\n  - name: "push_and_create_mr"\n    type: OneOffComponent\n    prompt_id: "resolve_sast_vulnerability_push_and_create_mr"\n    prompt_version: "^1.0.0"\n    max_correction_attempts: 3\n    inputs:\n      - from: "context:gather_context.tool_responses"\n        as: "vulnerability_details"\n      - from: "context:execute_fix.final_answer"\n        as: "fix_summary"\n      - from: "context:project_http_url_to_repo"\n        as: "repository_url"\n      - from: "context:workflow_id"\n        as: "workflow_id"\n      - from: "context:project_id"\n        as: "project_id"\n      - from: "context:project_default_branch"\n        as: "default_branch"\n      - from: "context:create_repository_branch.final_answer"\n        as: "source_branch_name"\n    toolset:\n      - "run_git_command"\n      - "create_merge_request"\n    ui_log_events:\n      - "on_tool_call_input"\n      - "on_tool_execution_success"\n      - "on_tool_execution_failed"\n\n  - name: "link_vulnerability"\n    type: DeterministicStepComponent\n    tool_name: "link_vulnerability_to_merge_request"\n    inputs:\n      - from: "context:goal"\n        as: "vulnerability_id"\n      - from: "context:push_and_create_mr.parsed_responses.created_merge_request.id"\n        as: "merge_request_id"\n    ui_log_events:\n      - "on_tool_execution_success"\n      - "on_tool_execution_failed"\n\n  - name: "evaluate_merge_request"\n    type: AgentComponent\n    prompt_id: "resolve_sast_evaluate_mr_readiness"\n    prompt_version: "^1.0.0"\n    inputs:\n      - from: "context:gather_context.tool_responses"\n        as: "vulnerability_context"\n      - from: "context:execute_fix.final_answer"\n        as: "fix_execution_result"\n      - from: "context:push_and_create_mr.tool_responses"\n        as: "git_operations_result"\n      - from: "context:project_http_url_to_repo"\n        as: "repository_url"\n      - from: "context:workflow_id"\n        as: "workflow_id"\n    toolset:\n      - "get_merge_request"\n      - "list_merge_request_diffs"\n    ui_log_events:\n      - "on_agent_final_answer"\n      - "on_tool_execution_success"\n\nrouters:\n  - from: "gather_context"\n    to: "evaluate_vuln_fp_status"\n  - from: "evaluate_vuln_fp_status"\n    condition:\n      input: "context:evaluate_vuln_fp_status.tool_responses"\n      routes:\n        "skip_false_positive": "end"\n        "proceed_with_fix": "ensure_clean_git_state"\n      default_route: "ensure_clean_git_state"\n  - from: "ensure_clean_git_state"\n    to: "create_repository_branch"\n  - from: "create_repository_branch"\n    to: "execute_fix"\n  - from: "execute_fix"\n    to: "validate_fix_has_changes"\n  - from: "validate_fix_has_changes"\n    condition:\n      input: "context:validate_fix_has_changes.final_answer.decision"\n      routes:\n        "proceed": "commit_changes"\n        "no_changes": "end"\n      default_route: "end"\n  - from: "commit_changes"\n    to: "push_and_create_mr"\n  - from: "push_and_create_mr"\n    to: "evaluate_merge_request"\n  - from: "evaluate_merge_request"\n    to: "link_vulnerability"\n  - from: "link_vulnerability"\n    to: "end"\n\nflow:\n  entry_point: "gather_context"\n',
+  "sast_fp_detection": 'version: v1\nenvironment: ambient\ncomponents:\n  - name: "sast_vulnerability_details_component"\n    type: DeterministicStepComponent\n    inputs:\n      - from: "context:goal"\n        as: vulnerability_id\n    tool_name: "get_vulnerability_details"\n    max_correction_attempts: 3\n    ui_log_events:\n      - "on_tool_execution_success"\n      - "on_tool_execution_failed"\n  - name: "validate_sast_vulnerability_component"\n    type: AgentComponent\n    prompt_id: "validate_sast_vulnerability_agent_prompt"\n    prompt_version: "1.0.0"\n    response_schema_id: "validate_sast_vulnerability"\n    response_schema_version: "^1.0.0"\n    inputs:\n      - from: "context:sast_vulnerability_details_component.tool_responses"\n        as: vulnerability_details_json\n    toolset: []\n    ui_log_events:\n      - "on_tool_execution_success"\n      - "on_tool_execution_failed"\n      - "on_agent_final_answer"\n  - name: "sast_vulnerability_source_file_component"\n    type: OneOffComponent\n    prompt_id: "sast_vulnerability_source_file_agent_prompt"\n    prompt_version: "1.0.0"\n    inputs:\n      - from: "context:sast_vulnerability_details_component.tool_responses"\n        as: vulnerability_details_json\n    toolset:\n      - "get_repository_file"\n    max_correction_attempts: 3\n    ui_log_events:\n      - "on_tool_execution_success"\n      - "on_tool_execution_failed"\n  - name: "sast_vulnerability_lines_component"\n    type: OneOffComponent\n    prompt_id: "sast_vulnerability_lines_agent_prompt"\n    prompt_version: "1.0.0"\n    inputs:\n      - from: "context:sast_vulnerability_details_component.tool_responses"\n        as: vulnerability_details_json\n      - from: "context:sast_vulnerability_source_file_component.tool_responses"\n        as: vulnerability_source_code\n    toolset:\n      - "extract_lines_from_text"\n    max_correction_attempts: 3\n    ui_log_events:\n      - "on_tool_execution_success"\n      - "on_tool_execution_failed"\n  - name: "sast_vulnerability_report_component"\n    type: AgentComponent\n    prompt_id: "sast_vulnerability_report_agent_prompt"\n    prompt_version: "1.0.0"\n    inputs:\n      - from: "context:sast_vulnerability_details_component.tool_responses"\n        as: vulnerability_details_json\n      - from: "context:sast_vulnerability_lines_component.tool_responses"\n        as: vulnerable_lines\n      - from: "context:sast_vulnerability_source_file_component.tool_responses"\n        as: vulnerability_source_code\n    toolset: []\n    ui_log_events:\n      - "on_tool_execution_success"\n      - "on_tool_execution_failed"\n  - name: "sast_fp_detection_agent"\n    type: AgentComponent\n    prompt_id: "sast_fp_detection_agent_prompt"\n    prompt_version: "^1.0.0"\n    inputs:\n      - from: "context:sast_vulnerability_report_component.final_answer"\n        as: vulnerability_details\n    toolset:\n      - "read_file"\n      - "get_repository_file"\n      - "list_repository_tree"\n      - "find_files"\n      - "gitlab_blob_search"\n    ui_log_events:\n      - "on_agent_final_answer"\n      - "on_tool_execution_success"\n      - "on_tool_execution_failed"\n  - name: "sast_post_results_to_gitlab_component"\n    type: OneOffComponent\n    prompt_id: "sast_post_results_to_gitlab_agent_prompt"\n    prompt_version: "1.0.0"\n    inputs:\n      - from: "context:sast_vulnerability_details_component.tool_responses"\n        as: vulnerability_details_json\n      - from: "context:sast_fp_detection_agent.final_answer"\n        as: sast_fp_detection_analysis\n    toolset:\n      - "post_sast_fp_analysis_to_gitlab"\n    max_correction_attempts: 3\n    ui_log_events:\n      - "on_agent_final_answer"\n      - "on_tool_execution_success"\n      - "on_tool_execution_failed"\nrouters:\n  - from: "sast_vulnerability_details_component"\n    to: "validate_sast_vulnerability_component"\n  - from: "validate_sast_vulnerability_component"\n    condition:\n      input: "context:validate_sast_vulnerability_component.final_answer.decision"\n      routes:\n        "valid": "sast_vulnerability_source_file_component"\n        "invalid": "end"\n  - from: "sast_vulnerability_source_file_component"\n    to: "sast_vulnerability_lines_component"\n  - from: "sast_vulnerability_lines_component"\n    to: "sast_vulnerability_report_component"\n  - from: "sast_vulnerability_report_component"\n    to: "sast_fp_detection_agent"\n  - from: "sast_fp_detection_agent"\n    to: "sast_post_results_to_gitlab_component"\n  - from: "sast_post_results_to_gitlab_component"\n    to: "end"\nflow:\n  entry_point: "sast_vulnerability_details_component"\n',
+  "secrets_fp_detection": 'version: "v1"\nenvironment: ambient\ncomponents:\n  - name: "secret_vulnerability_details_component"\n    type: DeterministicStepComponent\n    inputs:\n      - from: "context:goal"\n        as: vulnerability_id\n    tool_name: "get_vulnerability_details"\n    max_correction_attempts: 3\n    ui_log_events:\n      - "on_tool_execution_success"\n      - "on_tool_execution_failed"\n  - name: "secret_vulnerability_source_file_component"\n    type: OneOffComponent\n    prompt_id: "secret_vulnerability_source_file_agent_prompt"\n    prompt_version: "1.0.0"\n    inputs:\n      - from: "context:secret_vulnerability_details_component.tool_responses"\n        as: vulnerability_details_json\n    toolset:\n      - "get_repository_file"\n    max_correction_attempts: 3\n    ui_log_events:\n      - "on_tool_execution_success"\n      - "on_tool_execution_failed"\n  - name: "secret_vulnerability_lines_component"\n    type: OneOffComponent\n    prompt_id: "secret_vulnerability_lines_agent_prompt"\n    prompt_version: "1.0.0"\n    inputs:\n      - from: "context:secret_vulnerability_details_component.tool_responses"\n        as: vulnerability_details_json\n      - from: "context:secret_vulnerability_source_file_component.tool_responses"\n        as: vulnerability_source_code\n    toolset:\n      - "extract_lines_from_text"\n    max_correction_attempts: 3\n    ui_log_events:\n      - "on_tool_execution_success"\n      - "on_tool_execution_failed"\n  - name: "secret_vulnerability_report_component"\n    type: AgentComponent\n    prompt_id: "secret_vulnerability_report_agent_prompt"\n    prompt_version: "1.0.0"\n    inputs:\n      - from: "context:secret_vulnerability_details_component.tool_responses"\n        as: vulnerability_details_json\n      - from: "context:secret_vulnerability_lines_component.tool_responses"\n        as: vulnerable_lines\n      - from: "context:secret_vulnerability_source_file_component.tool_responses"\n        as: vulnerability_source_code\n    toolset: []\n    ui_log_events:\n      - "on_tool_execution_success"\n      - "on_tool_execution_failed"\n  - name: "secret_fp_detection_agent"\n    type: AgentComponent\n    prompt_id: "secret_fp_detection_agent_prompt"\n    prompt_version: "^1.0.0"\n    inputs:\n      - from: "context:secret_vulnerability_report_component.final_answer"\n        as: vulnerability_details\n    toolset:\n      - "read_file"\n      - "get_repository_file"\n      - "list_repository_tree"\n      - "find_files"\n      - "gitlab_blob_search"\n    ui_log_events:\n      - "on_agent_final_answer"\n      - "on_tool_execution_success"\n      - "on_tool_execution_failed"\n  - name: "secret_post_results_to_gitlab_component"\n    type: OneOffComponent\n    prompt_id: "secret_post_results_to_gitlab_agent_prompt"\n    prompt_version: "1.0.0"\n    inputs:\n      - from: "context:secret_vulnerability_details_component.tool_responses"\n        as: vulnerability_details_json\n      - from: "context:secret_fp_detection_agent.final_answer"\n        as: secret_fp_detection_analysis\n    toolset:\n      - "post_secret_fp_analysis_to_gitlab"\n    max_correction_attempts: 3\n    ui_log_events:\n      - "on_agent_final_answer"\n      - "on_tool_execution_success"\n      - "on_tool_execution_failed"\nrouters:\n  - from: "secret_vulnerability_details_component"\n    to: "secret_vulnerability_source_file_component"\n  - from: "secret_vulnerability_source_file_component"\n    to: "secret_vulnerability_lines_component"\n  - from: "secret_vulnerability_lines_component"\n    to: "secret_vulnerability_report_component"\n  - from: "secret_vulnerability_report_component"\n    to: "secret_fp_detection_agent"\n  - from: "secret_fp_detection_agent"\n    to: "secret_post_results_to_gitlab_component"\n  - from: "secret_post_results_to_gitlab_component"\n    to: "end"\nflow:\n  entry_point: "secret_vulnerability_details_component"\n',
+  "slack_assistant": 'version: "v1"\nenvironment: chat\ncomponents:\n  - name: "slack_assistant"\n    type: AgentComponent\n    prompt_id: "slack_assistant_prompt"\n    inputs:\n      - from: "context:goal"\n        as: "goal"\n    toolset:\n      - "gitlab_api_get"\n      - "gitlab_graphql"\n      - "gitlab_issue_search"\n      - "get_issue"\n      - "get_merge_request"\n      - "get_wiki_page"\n      - "get_repository_file"\n      - "gitlab_documentation_search"\n    ui_log_events:\n      - "on_agent_final_answer"\n      - "on_tool_execution_success"\n      - "on_tool_execution_failed"\nrouters:\n  - from: "slack_assistant"\n    to: "end"\nflow:\n  entry_point: "slack_assistant"\nprompts:\n  - name: "slack_assistant_prompt"\n    prompt_id: "slack_assistant_prompt"\n    unit_primitives:\n      - duo_agent_platform\n    prompt_template:\n      system: |\n        You are a helpful GitLab assistant that people talk to in Slack.\n\n        You receive the Slack thread as context (in <slack-thread-context> tags) and a user_context with the invoking user\'s identity and their group memberships. Use the groups to broaden your searches \u2014 search across multiple groups, not just the default namespace. When scoped searches return no results, always fall back to instance-wide search using `GET /api/v4/search?scope=issues&search=...` or `GET /api/v4/projects?search=...&search_namespaces=true`.\n\n        Keep Slack responses short. Use bullet points and link to GitLab so people can click through. Format your responses using Slack mrkdwn syntax:\n        - *bold* for emphasis\n        - _italic_ for secondary emphasis\n        - `code` for inline code or commands\n        - ```multi-line code``` for code blocks\n        - <url|link text> for URLs (e.g., <https://gitlab.com/my-issue|View issue>)\n        - <#channel_id> to link channels\n        - <@user_id> to mention users\n        - <!subteam^group_id> to mention groups\n        - @here, @channel, @everyone for special mentions\n        - ~strikethrough~ to strikethrough text\n        - > quote for block quotes\n        - - item for bullet points\n        - \\n for line breaks\n\n        You are currently *read-only* and act on behalf of the person who mentioned you. You can search and retrieve GitLab data (issues, projects, merge requests, users, etc.) but you cannot create, update, or delete anything. If someone asks you to create an issue or make changes, let them know this capability is not available yet and suggest they do it in GitLab directly.\n\n        When a specific tool exists for the task (e.g. `get_issue`, `get_merge_request`, `get_wiki_page`, `get_repository_file`), prefer it over `gitlab_api_get` \u2014 it handles URL parsing and compound operations automatically. Use `gitlab_api_get` and `gitlab_graphql` as fallbacks for resources not covered by a specific tool.\n\n        The GitLab API accepts URL-encoded project paths (like `gitlab-org%2Fgitlab`) wherever it accepts numeric project IDs. Use this when people reference projects by path.\n      user: |\n        {{goal}}\n      placeholder: history\n'
+};
+
 // src/catalog.ts
+function extractFlowInputs(flowConfig) {
+  if (!flowConfig) return [];
+  const flow = flowConfig.flow;
+  if (!flow?.inputs) return [];
+  const inputs = flow.inputs;
+  return inputs.map((inp) => ({
+    category: inp.category,
+    fields: Object.fromEntries(
+      Object.entries(inp.input_schema ?? {}).map(([k, v]) => [
+        k,
+        { type: v.type, description: v.description, format: v.format }
+      ])
+    )
+  }));
+}
 var FOUNDATIONAL_QUERY = `
 query AiFoundationalChatAgents($projectId: ProjectID!, $after: String) {
   aiFoundationalChatAgents(projectId: $projectId, first: 50, after: $after) {
@@ -2634,12 +3823,14 @@ query AiCatalogCustomAgents($projectId: ProjectID!, $after: String) {
   aiCatalogConfiguredItems(first: 50, projectId: $projectId, after: $after) {
     pageInfo { hasNextPage endCursor }
     nodes {
+      id
       enabled
       item {
         id
         name
         description
         foundational
+        foundationalFlowReference
         itemType
         latestVersion { id }
       }
@@ -2650,6 +3841,16 @@ var FLOW_CONFIG_QUERY = `
 query AiCatalogAgentFlowConfig($versionId: AiCatalogItemVersionID!) {
   aiCatalogAgentFlowConfig(agentVersionId: $versionId, flowConfigType: CHAT)
 }`;
+var FLOW_VERSION_DEFINITION_QUERY = `
+query FlowVersionDefinition($itemId: AiCatalogItemID!) {
+  aiCatalogItem(id: $itemId) {
+    latestVersion {
+      ... on AiCatalogFlowVersion {
+        definition
+      }
+    }
+  }
+}`;
 async function gql(instanceUrl, token, query, variables) {
   const res = await fetch(`${instanceUrl.replace(/\/$/, "")}/api/graphql`, {
     method: "POST",
@@ -2700,27 +3901,43 @@ async function fetchCustomAgents(instanceUrl, token, projectId) {
       if (!node.enabled) continue;
       const item = node.item;
       if (!item) continue;
-      if (item.foundational || item.itemType !== "AGENT" || !item.latestVersion?.id) continue;
+      if (!item.latestVersion?.id) continue;
+      const validTypes = ["AGENT", "FLOW"];
+      if (!validTypes.includes(item.itemType)) continue;
+      if (item.foundational && item.itemType === "AGENT") continue;
       if (seen.has(item.id)) continue;
       seen.add(item.id);
+      const consumerNumericId = node.id ? parseInt(String(node.id).split("/").pop() ?? "", 10) || void 0 : void 0;
       try {
         const cfgData = await gql(instanceUrl, token, FLOW_CONFIG_QUERY, {
           versionId: item.latestVersion.id
         });
         const yamlStr = cfgData?.aiCatalogAgentFlowConfig;
-        if (!yamlStr) continue;
-        const parsed = load(yamlStr);
+        const parsed = yamlStr ? load(yamlStr) : void 0;
         agents.push({
           identifier: item.id,
           name: item.name,
           description: item.description ?? "",
+          itemType: item.itemType,
+          workflowDefinition: item.foundationalFlowReference ?? void 0,
           flowConfig: parsed,
-          flowConfigSchemaVersion: parsed?.version ?? "v1",
-          foundational: false,
-          // extract numeric ID from GID e.g. "gid://gitlab/Ai::Catalog::ItemVersion/1015082" → 1015082
-          catalogItemVersionId: parseInt(item.latestVersion.id.split("/").pop() ?? "", 10) || void 0
+          flowConfigSchemaVersion: parsed ? parsed?.version ?? "v1" : void 0,
+          foundational: !!item.foundational,
+          catalogItemVersionId: parseInt(item.latestVersion.id.split("/").pop() ?? "", 10) || void 0,
+          consumerId: consumerNumericId,
+          flowInputs: extractFlowInputs(parsed)
         });
       } catch {
+        agents.push({
+          identifier: item.id,
+          name: item.name,
+          description: item.description ?? "",
+          itemType: item.itemType,
+          workflowDefinition: item.foundationalFlowReference ?? void 0,
+          foundational: !!item.foundational,
+          catalogItemVersionId: parseInt(item.latestVersion.id.split("/").pop() ?? "", 10) || void 0,
+          consumerId: consumerNumericId
+        });
       }
     }
     if (!page.pageInfo?.hasNextPage) break;
@@ -2728,6 +3945,145 @@ async function fetchCustomAgents(instanceUrl, token, projectId) {
   }
   return agents;
 }
+async function getFlowDefinition(instanceUrl, token, opts) {
+  const name = opts.flowName ?? `consumer-${opts.consumerId}`;
+  let config = null;
+  let apiError;
+  if (opts.foundational && opts.workflowDefinition) {
+    const flowKey = opts.workflowDefinition.split("/")[0];
+    config = FOUNDATIONAL_FLOWS[flowKey] ?? null;
+  }
+  if (!config && !opts.foundational && opts.itemIdentifier) {
+    try {
+      const data = await gql(instanceUrl, token, FLOW_VERSION_DEFINITION_QUERY, {
+        itemId: opts.itemIdentifier
+      });
+      config = data?.aiCatalogItem?.latestVersion?.definition ?? null;
+    } catch (err) {
+      apiError = err?.message ?? "Unknown error fetching flow definition";
+    }
+  }
+  if (!config && !opts.foundational && opts.catalogItemVersionId) {
+    const versionGid = `gid://gitlab/Ai::Catalog::ItemVersion/${opts.catalogItemVersionId}`;
+    try {
+      const cfgData = await gql(instanceUrl, token, FLOW_CONFIG_QUERY, { versionId: versionGid });
+      config = cfgData?.aiCatalogAgentFlowConfig ?? null;
+    } catch (err) {
+      if (!apiError) apiError = err?.message ?? "Unknown error fetching flow config";
+    }
+  }
+  return { config, name, ...apiError && !config ? { error: apiError } : {} };
+}
+var RESOLVE_ROOT_NAMESPACE_QUERY = `
+query resolveRootNamespace($projectPath: ID!) {
+  project(fullPath: $projectPath) {
+    id
+    group {
+      id
+      rootNamespace { id }
+    }
+  }
+}`;
+async function resolveRootNamespaceId(instanceUrl, token, projectPath) {
+  try {
+    const data = await gql(instanceUrl, token, RESOLVE_ROOT_NAMESPACE_QUERY, {
+      projectPath
+    });
+    const rootGid = data?.project?.group?.rootNamespace?.id;
+    if (rootGid) {
+      return parseInt(rootGid.split("/").pop() ?? "", 10) || void 0;
+    }
+  } catch {
+  }
+  return void 0;
+}
+async function executeFlow(instanceUrl, token, projectPath, consumerId, goal, options) {
+  const projectUrl = `${instanceUrl.replace(/\/$/, "")}/${projectPath}`;
+  const additionalContext = [
+    {
+      Category: "agent_user_environment",
+      Content: JSON.stringify({ project_url: projectUrl }),
+      Metadata: "{}"
+    }
+  ];
+  if (options?.flowInputs) {
+    for (const input of options.flowInputs) {
+      additionalContext.push({
+        Category: input.Category,
+        Content: input.Content,
+        Metadata: input.Metadata ?? "{}"
+      });
+    }
+  }
+  const body = {
+    project_id: projectPath,
+    ai_catalog_item_consumer_id: consumerId,
+    goal,
+    start_workflow: true,
+    environment: "ambient",
+    agent_privileges: [1, 2, 3, 4, 5, 6],
+    additional_context: additionalContext
+  };
+  if (options?.namespaceId) body.namespace_id = options.namespaceId;
+  if (options?.issueId) body.issue_id = options.issueId;
+  if (options?.mergeRequestId) body.merge_request_id = options.mergeRequestId;
+  const rootNsId = await resolveRootNamespaceId(instanceUrl, token, projectPath);
+  if (rootNsId) body.root_namespace_id = rootNsId;
+  const res = await fetch(`${instanceUrl.replace(/\/$/, "")}/api/v4/ai/duo_workflows/workflows`, {
+    method: "POST",
+    headers: { "Content-Type": "application/json", Authorization: `Bearer ${token}` },
+    body: JSON.stringify(body)
+  });
+  if (!res.ok) {
+    const text = await res.text();
+    throw new Error(`Failed to execute flow (${res.status}): ${text}`);
+  }
+  return res.json();
+}
+var WORKFLOW_STATUS_QUERY = `
+query getWorkflowStatus($workflowId: AiDuoWorkflowsWorkflowID!) {
+  duoWorkflowWorkflows(workflowId: $workflowId) {
+    nodes {
+      id
+      status
+      humanStatus
+      createdAt
+      updatedAt
+      workflowDefinition
+      lastExecutorLogsUrl
+      latestCheckpoint {
+        duoMessages {
+          content
+          correlationId
+          role
+          messageType
+          status
+          timestamp
+          toolInfo
+        }
+      }
+    }
+  }
+}`;
+var sleep = (ms) => new Promise((r) => setTimeout(r, ms));
+async function getWorkflowStatus(instanceUrl, token, workflowId) {
+  const gid = `gid://gitlab/Ai::DuoWorkflows::Workflow/${workflowId}`;
+  const maxWait = 12e4;
+  const pollInterval = 5e3;
+  const start = Date.now();
+  while (Date.now() - start < maxWait) {
+    const data2 = await gql(instanceUrl, token, WORKFLOW_STATUS_QUERY, { workflowId: gid });
+    const nodes2 = data2?.duoWorkflowWorkflows?.nodes;
+    if (!nodes2?.length) throw new Error(`Workflow ${workflowId} not found`);
+    const workflow = nodes2[0];
+    if (workflow.status !== "CREATED") return workflow;
+    await sleep(pollInterval);
+  }
+  const data = await gql(instanceUrl, token, WORKFLOW_STATUS_QUERY, { workflowId: gid });
+  const nodes = data?.duoWorkflowWorkflows?.nodes;
+  if (!nodes?.length) throw new Error(`Workflow ${workflowId} not found`);
+  return nodes[0];
+}
 async function fetchCatalogAgents(instanceUrl, token, projectId) {
   try {
     const [foundational, custom] = await Promise.all([
@@ -2739,6 +4095,212 @@ async function fetchCatalogAgents(instanceUrl, token, projectId) {
     return [];
   }
 }
+var LIST_AI_CATALOG_ITEMS_QUERY = `
+query listAiCatalogItems(
+  $itemTypes: [AiCatalogItemType!]
+  $search: String
+  $first: Int
+  $after: String
+) {
+  aiCatalogItems(
+    itemTypes: $itemTypes
+    search: $search
+    first: $first
+    after: $after
+  ) {
+    nodes {
+      id
+      name
+      description
+      itemType
+      foundational
+      public
+      createdAt
+      updatedAt
+      softDeleted
+      project { id, nameWithNamespace }
+      latestVersion {
+        id
+        createdAt
+        updatedAt
+        createdBy { id, name, username }
+      }
+    }
+    pageInfo { hasNextPage, hasPreviousPage, startCursor, endCursor }
+  }
+}`;
+var GET_AI_CATALOG_ITEM_QUERY = `
+query getAiCatalogItem($id: AiCatalogItemID!) {
+  aiCatalogItem(id: $id) {
+    id
+    name
+    description
+    itemType
+    foundational
+    public
+    createdAt
+    updatedAt
+    softDeleted
+    project { id, nameWithNamespace }
+    latestVersion {
+      id
+      createdAt
+      updatedAt
+      createdBy { id, name, username, webUrl }
+    }
+    userPermissions { adminAiCatalogItem, reportAiCatalogItem }
+  }
+}`;
+var LIST_PROJECT_CONFIGURED_ITEMS_QUERY = `
+query listProjectConfiguredItems(
+  $projectId: ProjectID!
+  $itemTypes: [AiCatalogItemType!]
+  $includeFoundationalConsumers: Boolean
+  $first: Int
+  $after: String
+) {
+  aiCatalogConfiguredItems(
+    projectId: $projectId
+    itemTypes: $itemTypes
+    includeFoundationalConsumers: $includeFoundationalConsumers
+    first: $first
+    after: $after
+  ) {
+    nodes {
+      id
+      item {
+        id
+        name
+        description
+        itemType
+        foundational
+        public
+        createdAt
+        updatedAt
+        softDeleted
+        project { id, nameWithNamespace }
+        latestVersion {
+          id
+          createdAt
+          createdBy { name, username }
+        }
+      }
+      pinnedItemVersion { id, humanVersionName }
+    }
+    pageInfo { hasNextPage, hasPreviousPage, startCursor, endCursor }
+  }
+}`;
+var ENABLE_AI_CATALOG_ITEM_MUTATION = `
+mutation enableAiCatalogItem($input: AiCatalogItemConsumerCreateInput!) {
+  aiCatalogItemConsumerCreate(input: $input) {
+    errors
+    itemConsumer {
+      id
+      project { id, name, webUrl }
+      group { id, name, webUrl }
+    }
+  }
+}`;
+var DISABLE_AI_CATALOG_ITEM_MUTATION = `
+mutation disableAiCatalogItem($input: AiCatalogItemConsumerDeleteInput!) {
+  aiCatalogItemConsumerDelete(input: $input) {
+    errors
+    success
+  }
+}`;
+var FIND_ITEM_CONSUMER_FOR_DISABLE_QUERY = `
+query findItemConsumer(
+  $projectId: ProjectID!
+  $itemTypes: [AiCatalogItemType!]
+) {
+  aiCatalogConfiguredItems(
+    projectId: $projectId
+    itemTypes: $itemTypes
+    includeFoundationalConsumers: true
+    first: 100
+  ) {
+    nodes { id, item { id } }
+  }
+}`;
+var RESOLVE_PROJECT_IDS_FOR_TOOLS_QUERY = `
+query resolveProjectIds($projectPath: ID!) {
+  project(fullPath: $projectPath) {
+    id
+    namespace { id }
+  }
+}`;
+function normalizeItemGid(id) {
+  if (id.startsWith("gid://")) return id;
+  if (!/^\d+$/.test(id)) throw new Error(`Invalid catalog item ID: "${id}"`);
+  return `gid://gitlab/Ai::Catalog::Item/${id}`;
+}
+async function listAiCatalogItems(instanceUrl, token, itemTypes, options) {
+  const variables = {
+    itemTypes,
+    first: options?.first ?? 20
+  };
+  if (options?.search) variables.search = options.search;
+  if (options?.after) variables.after = options.after;
+  const result = await gql(instanceUrl, token, LIST_AI_CATALOG_ITEMS_QUERY, variables);
+  return result.aiCatalogItems;
+}
+async function getAiCatalogItem(instanceUrl, token, itemId) {
+  const gid = normalizeItemGid(itemId);
+  const result = await gql(instanceUrl, token, GET_AI_CATALOG_ITEM_QUERY, { id: gid });
+  return result.aiCatalogItem;
+}
+async function resolveProjectGid(instanceUrl, token, projectPath) {
+  const result = await gql(instanceUrl, token, RESOLVE_PROJECT_IDS_FOR_TOOLS_QUERY, {
+    projectPath
+  });
+  return result.project.id;
+}
+async function listProjectAiCatalogItems(instanceUrl, token, projectPath, itemTypes, options) {
+  const projectGid = await resolveProjectGid(instanceUrl, token, projectPath);
+  const variables = {
+    projectId: projectGid,
+    itemTypes,
+    includeFoundationalConsumers: true,
+    first: options?.first ?? 20
+  };
+  if (options?.after) variables.after = options.after;
+  const result = await gql(instanceUrl, token, LIST_PROJECT_CONFIGURED_ITEMS_QUERY, variables);
+  return result.aiCatalogConfiguredItems;
+}
+async function enableAiCatalogItemForProject(instanceUrl, token, projectPath, itemId) {
+  const projectGid = await resolveProjectGid(instanceUrl, token, projectPath);
+  const gid = normalizeItemGid(itemId);
+  const result = await gql(instanceUrl, token, ENABLE_AI_CATALOG_ITEM_MUTATION, {
+    input: { itemId: gid, target: { projectId: projectGid } }
+  });
+  if (result.aiCatalogItemConsumerCreate.errors.length > 0) {
+    throw new Error(
+      `Failed to enable item: ${result.aiCatalogItemConsumerCreate.errors.join(", ")}`
+    );
+  }
+  return result.aiCatalogItemConsumerCreate;
+}
+async function disableAiCatalogItemForProject(instanceUrl, token, projectPath, itemId) {
+  const projectGid = await resolveProjectGid(instanceUrl, token, projectPath);
+  const gid = normalizeItemGid(itemId);
+  const consumerResult = await gql(instanceUrl, token, FIND_ITEM_CONSUMER_FOR_DISABLE_QUERY, {
+    projectId: projectGid,
+    itemTypes: ["AGENT", "FLOW", "THIRD_PARTY_FLOW"]
+  });
+  const consumer = consumerResult.aiCatalogConfiguredItems.nodes.find(
+    (n) => n.item.id === gid
+  );
+  if (!consumer?.id) throw new Error("Agent/flow is not enabled in this project");
+  const result = await gql(instanceUrl, token, DISABLE_AI_CATALOG_ITEM_MUTATION, {
+    input: { id: consumer.id }
+  });
+  if (result.aiCatalogItemConsumerDelete.errors.length > 0) {
+    throw new Error(
+      `Failed to disable item: ${result.aiCatalogItemConsumerDelete.errors.join(", ")}`
+    );
+  }
+  return result.aiCatalogItemConsumerDelete;
+}
 
 // src/agents.ts
 function resolveModelId(entry) {
@@ -2751,19 +4313,141 @@ function resolveModelId(entry) {
 var import_fs = require("fs");
 var import_path = require("path");
 var import_os = __toESM(require("os"), 1);
-var logFile = (0, import_path.join)(
-  process.env.XDG_DATA_HOME ?? (0, import_path.join)(import_os.default.homedir(), ".local", "share"),
-  "opencode",
-  "log",
-  "gitlab-dap.log"
-);
-function log(...args) {
-  const line = `${(/* @__PURE__ */ new Date()).toISOString()} ${args.map(String).join(" ")}
-`;
-  try {
-    (0, import_fs.appendFileSync)(logFile, line);
-  } catch {
-  }
+var z = import_plugin.tool.schema;
+function makeItemTools(z2, itemType, label, getAuth, ensureAuth, onChanged) {
+  const itemTypes = [itemType];
+  const Label = label.charAt(0).toUpperCase() + label.slice(1);
+  return {
+    [`gitlab_list_${label}s`]: (0, import_plugin.tool)({
+      description: `List ${label}s in the GitLab AI Catalog.
+Returns ${label}s with name, description, visibility, foundational flag, and version info.
+Supports search and cursor-based pagination.`,
+      args: {
+        search: z2.string().optional().describe(`Search query to filter ${label}s by name or description`),
+        first: z2.number().optional().describe("Number of items to return (default 20)"),
+        after: z2.string().optional().describe("Cursor for pagination (from pageInfo.endCursor)")
+      },
+      execute: async (args) => {
+        const auth = ensureAuth();
+        if (!auth) return "Error: GitLab authentication not available";
+        try {
+          const result = await listAiCatalogItems(auth.instanceUrl, auth.token, itemTypes, args);
+          return JSON.stringify(result, null, 2);
+        } catch (err) {
+          return `Error: ${err.message}`;
+        }
+      }
+    }),
+    [`gitlab_get_${label}`]: (0, import_plugin.tool)({
+      description: `Get details of a specific ${label} from the AI Catalog.
+Returns full details including name, description, visibility, versions, creator, and permissions.
+Accepts either a full Global ID (gid://gitlab/Ai::Catalog::Item/123) or just the numeric ID.`,
+      args: {
+        [`${label}_id`]: z2.string().describe(`${Label} ID: full GID or numeric ID`)
+      },
+      execute: async (args) => {
+        const auth = ensureAuth();
+        if (!auth) return "Error: GitLab authentication not available";
+        try {
+          const result = await getAiCatalogItem(auth.instanceUrl, auth.token, args[`${label}_id`]);
+          return JSON.stringify(result, null, 2);
+        } catch (err) {
+          return `Error: ${err.message}`;
+        }
+      }
+    }),
+    [`gitlab_list_project_${label}s`]: (0, import_plugin.tool)({
+      description: `List ${label}s enabled for a specific project.
+Returns all configured ${label}s including foundational ones.
+Each result includes the ${label} details and its consumer configuration.`,
+      args: {
+        project_id: z2.string().describe('Project path (e.g., "gitlab-org/gitlab")'),
+        first: z2.number().optional().describe("Number of items to return (default 20)"),
+        after: z2.string().optional().describe("Cursor for pagination")
+      },
+      execute: async (args) => {
+        const auth = ensureAuth();
+        if (!auth) return "Error: GitLab authentication not available";
+        try {
+          const result = await listProjectAiCatalogItems(
+            auth.instanceUrl,
+            auth.token,
+            args.project_id,
+            itemTypes,
+            { first: args.first, after: args.after }
+          );
+          return JSON.stringify(result, null, 2);
+        } catch (err) {
+          return `Error: ${err.message}`;
+        }
+      }
+    }),
+    [`gitlab_enable_project_${label}`]: (0, import_plugin.tool)({
+      description: `Enable a ${label} in a project.
+Requires Maintainer or Owner role.
+Enabling in a project also enables at the group level.
+Foundational ${label}s cannot be enabled this way (use admin settings).`,
+      args: {
+        project_id: z2.string().describe('Project path (e.g., "gitlab-org/gitlab")'),
+        [`${label}_id`]: z2.string().describe(`${Label} ID: full GID or numeric ID`)
+      },
+      execute: async (args) => {
+        const auth = ensureAuth();
+        if (!auth) return "Error: GitLab authentication not available";
+        try {
+          const result = await enableAiCatalogItemForProject(
+            auth.instanceUrl,
+            auth.token,
+            args.project_id,
+            args[`${label}_id`]
+          );
+          await onChanged?.();
+          return JSON.stringify(result, null, 2) + "\n\nNote: Restart opencode for the @ menu to reflect changes.";
+        } catch (err) {
+          return `Error: ${err.message}`;
+        }
+      }
+    }),
+    [`gitlab_disable_project_${label}`]: (0, import_plugin.tool)({
+      description: `Disable a ${label} in a project.
+Requires Maintainer or Owner role.
+Resolves the consumer ID internally from the ${label} ID.`,
+      args: {
+        project_id: z2.string().describe('Project path (e.g., "gitlab-org/gitlab")'),
+        [`${label}_id`]: z2.string().describe(`${Label} ID: full GID or numeric ID`)
+      },
+      execute: async (args) => {
+        const auth = ensureAuth();
+        if (!auth) return "Error: GitLab authentication not available";
+        try {
+          const result = await disableAiCatalogItemForProject(
+            auth.instanceUrl,
+            auth.token,
+            args.project_id,
+            args[`${label}_id`]
+          );
+          await onChanged?.();
+          return JSON.stringify(result, null, 2) + "\n\nNote: Restart opencode for the @ menu to reflect changes.";
+        } catch (err) {
+          return `Error: ${err.message}`;
+        }
+      }
+    })
+  };
+}
+function makeAgentFlowTools(z2, getAuth, readAuthFn, setAuth, onChanged) {
+  const ensureAuth = () => {
+    let auth = getAuth();
+    if (!auth) {
+      auth = readAuthFn();
+      if (auth) setAuth(auth);
+    }
+    return auth;
+  };
+  return {
+    ...makeItemTools(z2, "AGENT", "agent", getAuth, ensureAuth, onChanged),
+    ...makeItemTools(z2, "FLOW", "flow", getAuth, ensureAuth, onChanged)
+  };
 }
 function readAuth() {
   try {
@@ -2781,54 +4465,300 @@ function readAuth() {
 }
 var memo = /* @__PURE__ */ new Map();
 var plugin = async (input) => {
-  log("plugin init, directory:", input.directory);
+  let authCache = null;
+  let projectPath;
+  let namespaceId;
+  const flowAgents = /* @__PURE__ */ new Map();
+  let cfgRef = null;
+  let baseModelIdRef;
   async function load2() {
     const auth = readAuth();
-    log("readAuth result:", auth ? `instanceUrl=${auth.instanceUrl}` : "null");
     if (!auth) return null;
+    authCache = auth;
     const { token, instanceUrl } = auth;
-    log("instanceUrl:", instanceUrl);
     const cache = new import_gitlab_ai_provider.GitLabModelCache(input.directory, instanceUrl);
     const entry = cache.load();
-    log(
-      "cache entry:",
-      entry ? `discovery=${!!entry.discovery} projectId=${entry.project?.id}` : "null"
-    );
     if (!entry?.discovery) return null;
     const projectId = entry.project?.id;
     if (!projectId) return null;
+    projectPath = entry.project?.pathWithNamespace;
+    namespaceId = entry.project?.namespaceId;
     const key = `${input.directory}\0${instanceUrl}`;
     const cached = memo.get(key);
     const agents = cached ?? await fetchCatalogAgents(instanceUrl, token, `gid://gitlab/Project/${projectId}`);
-    log("agents fetched:", agents.length);
     if (!cached) memo.set(key, agents);
     return { agents, entry };
   }
-  return {
-    async config(cfg) {
-      log("config hook called");
-      const result = await load2();
-      if (!result?.agents.length) return;
-      const baseModelId = resolveModelId(result.entry);
-      cfg.agent ??= {};
-      for (const agent of result.agents) {
-        cfg.agent[agent.name] = {
+  async function refreshAgents() {
+    if (!authCache || !cfgRef) return;
+    const key = `${input.directory}\0${authCache.instanceUrl}`;
+    memo.delete(key);
+    const result = await load2();
+    if (!result) return;
+    const previousNames = /* @__PURE__ */ new Set([
+      ...flowAgents.keys(),
+      ...Object.keys(cfgRef.agent ?? {}).filter((n) => {
+        const desc = cfgRef.agent[n]?.description ?? "";
+        return desc.startsWith("[GitLab");
+      })
+    ]);
+    flowAgents.clear();
+    const currentNames = /* @__PURE__ */ new Set();
+    for (const agent of result.agents) {
+      currentNames.add(agent.name);
+      const isFlow = agent.itemType === "FLOW";
+      if (isFlow && agent.consumerId && projectPath) {
+        flowAgents.set(agent.name, agent);
+        cfgRef.agent[agent.name] = {
+          name: agent.name,
+          description: `[GitLab Flow] ${agent.description}`,
+          mode: "subagent"
+        };
+      } else {
+        cfgRef.agent[agent.name] = {
           name: agent.name,
           description: agent.foundational ? "[GitLab Foundational Agent]" : "[GitLab Custom Agent]",
           mode: "primary",
-          model: `gitlab/${baseModelId}`,
+          model: `gitlab/${baseModelIdRef}`,
           options: {
             workflowDefinition: agent.workflowDefinition,
             flowConfig: agent.flowConfig,
             flowConfigSchemaVersion: agent.flowConfigSchemaVersion,
-            // numeric version ID passed as ai_catalog_item_version_id in createWorkflow
-            // so GitLab UI links the session to the correct custom agent page
             aiCatalogItemVersionId: agent.catalogItemVersionId
           },
           permission: { "*": "allow" }
         };
       }
-      log("config hook injected:", result.agents.map((a) => a.name).join(", "));
+    }
+    for (const name of previousNames) {
+      if (!currentNames.has(name)) {
+        delete cfgRef.agent[name];
+      }
+    }
+  }
+  return {
+    async config(cfg) {
+      const result = await load2();
+      if (!result?.agents.length) return;
+      const baseModelId = resolveModelId(result.entry);
+      cfg.agent ??= {};
+      cfgRef = cfg;
+      baseModelIdRef = baseModelId;
+      for (const agent of result.agents) {
+        const isFlow = agent.itemType === "FLOW";
+        if (isFlow && agent.consumerId && projectPath) {
+          flowAgents.set(agent.name, agent);
+          cfg.agent[agent.name] = {
+            name: agent.name,
+            description: `[GitLab Flow] ${agent.description}`,
+            mode: "subagent"
+          };
+        } else {
+          cfg.agent[agent.name] = {
+            name: agent.name,
+            description: agent.foundational ? "[GitLab Foundational Agent]" : "[GitLab Custom Agent]",
+            mode: "primary",
+            model: `gitlab/${baseModelId}`,
+            options: {
+              workflowDefinition: agent.workflowDefinition,
+              flowConfig: agent.flowConfig,
+              flowConfigSchemaVersion: agent.flowConfigSchemaVersion,
+              aiCatalogItemVersionId: agent.catalogItemVersionId
+            },
+            permission: { "*": "allow" }
+          };
+        }
+      }
+    },
+    "chat.message": async (_input, output) => {
+      const indicesToRemove = [];
+      const replacements = [];
+      for (let i = 0; i < output.parts.length; i++) {
+        const part = output.parts[i];
+        if (part.type !== "agent") continue;
+        const flow = flowAgents.get(part.name);
+        if (!flow || !flow.consumerId || !projectPath) continue;
+        const rawText = output.parts.filter((p) => p.type === "text" && !p.synthetic).map((p) => p.text).join(" ").trim() || "Execute the flow";
+        const baseUrl = authCache?.instanceUrl?.replace(/\/$/, "") ?? "https://gitlab.com";
+        const projectUrl = `${baseUrl}/${projectPath}`;
+        const subagentPrompt = [
+          `Execute the "${flow.name}" GitLab flow on project ${projectPath} (${projectUrl}).`,
+          `User goal: "${rawText}"`,
+          ``,
+          `You have access to ALL available tools: GitLab API tools (gitlab_list_merge_requests, gitlab_get_merge_request, gitlab_list_pipelines, gitlab_get_pipeline, gitlab_list_issues, gitlab_get_issue, gitlab_search, etc.), MCP servers, file tools, and any other tools in your environment. Use whatever tools you need to gather the required flow inputs.`,
+          ``,
+          `STEP 1 - FETCH AND DISPLAY FLOW DEFINITION:`,
+          `Call gitlab_get_flow_definition with consumer_id: ${flow.consumerId} and foundational: ${!!flow.foundational}.`,
+          `The response has a "config" field containing YAML. Parse it and find the "flow:" \u2192 "inputs:" section.`,
+          `Each input has a "category" and "input_schema" with field names and types.`,
+          `Print ALL inputs you found. Skip "agent_platform_standard_context" (auto-injected by server).`,
+          `If the config has no "inputs" or "inputs: []", say "No required inputs" and skip to step 3.`,
+          ``,
+          `STEP 2 - GATHER INPUT VALUES:`,
+          `For each required input from step 1, be creative and resourceful in finding the real values:`,
+          `- Use ANY available tools to find the data: GitLab tools, MCP servers, search, file reads, etc.`,
+          `- Look at the user's goal for hints (MR numbers, pipeline IDs, branch names, URLs)`,
+          `- For URL fields: construct full GitLab URLs using base ${projectUrl}`,
+          `- For branch fields: look up from MRs, pipelines, or project default branch`,
+          `- For IDs: extract from the user's message or look up via GitLab API`,
+          `- If an input cannot be determined, ask yourself what makes sense given the context`,
+          `Print each resolved input value before proceeding.`,
+          ``,
+          `STEP 3 - EXECUTE THE FLOW:`,
+          `Call gitlab_execute_project_flow with:`,
+          `- project_id: "${projectPath}"`,
+          `- consumer_id: ${flow.consumerId}`,
+          `- goal: the user's goal with any relevant URLs/context appended`,
+          `- additional_context: JSON array of inputs from step 2, each entry: {"Category":"<category>","Content":"{\\"field\\":\\"value\\"}"}`,
+          `  Example: [{"Category":"merge_request","Content":"{\\"url\\":\\"${projectUrl}/-/merge_requests/12\\"}"}]`,
+          ``,
+          `STEP 4 - CONFIRM FLOW STARTED:`,
+          `Call gitlab_get_workflow_status with the returned workflow_id.`,
+          `The tool blocks automatically while status is CREATED (up to 2 minutes).`,
+          `Once it returns, report:`,
+          `- The workflow status (RUNNING, FINISHED, FAILED, etc.)`,
+          `- The workflow URL: ${projectUrl}/-/duo_workflows/<workflow_id>`,
+          `- A brief summary of what was executed`,
+          `Then stop. Do NOT keep polling. The user can follow the flow execution in the GitLab UI.`
+        ].join("\n");
+        const resultText = [
+          `IMPORTANT: You MUST call the Task tool RIGHT NOW to dispatch a subagent. Do NOT execute these steps yourself.`,
+          ``,
+          `Call the Task tool with:`,
+          `  description: "Execute ${flow.name} flow"`,
+          `  prompt: ${JSON.stringify(subagentPrompt)}`,
+          ``,
+          `Do not do anything else. Just call the Task tool with the above parameters.`
+        ].join("\n");
+        replacements.push({ idx: i, text: resultText });
+        if (i + 1 < output.parts.length) {
+          const next = output.parts[i + 1];
+          if (next.type === "text" && next.synthetic && next.text?.includes("call the task tool with subagent")) {
+            indicesToRemove.push(i + 1);
+          }
+        }
+      }
+      for (const { idx, text } of replacements) {
+        const original = output.parts[idx];
+        output.parts[idx] = {
+          ...original,
+          type: "text",
+          text
+        };
+        delete output.parts[idx].name;
+        delete output.parts[idx].source;
+      }
+      for (const idx of indicesToRemove.reverse()) {
+        output.parts.splice(idx, 1);
+      }
+    },
+    tool: {
+      gitlab_execute_project_flow: (0, import_plugin.tool)({
+        description: "Execute a GitLab DAP flow on a project.\nTriggers a flow via the Duo Workflow Service REST API.\nThe flow runs asynchronously and is visible in the GitLab UI.\nReturns the workflow record with ID and status.\nThe additional_context parameter accepts flow-specific inputs as a JSON array of {Category, Content} objects.",
+        args: {
+          project_id: z.string().describe('Project path (e.g., "gitlab-org/gitlab")'),
+          consumer_id: z.number().describe("AI Catalog ItemConsumer numeric ID"),
+          goal: z.string().describe("User prompt/goal for the flow, include relevant URLs"),
+          additional_context: z.string().optional().describe(
+            'JSON array of flow inputs: [{"Category":"merge_request","Content":"{\\"url\\":\\"https://...\\"}"}]'
+          ),
+          issue_id: z.number().optional().describe("Issue IID for context"),
+          merge_request_id: z.number().optional().describe("Merge request IID for context")
+        },
+        execute: async (args) => {
+          if (!authCache) {
+            const auth = readAuth();
+            if (!auth) return "Error: GitLab authentication not available";
+            authCache = auth;
+          }
+          let flowInputs;
+          if (args.additional_context) {
+            try {
+              flowInputs = JSON.parse(args.additional_context);
+            } catch {
+              return "Error: additional_context must be a valid JSON array";
+            }
+          }
+          try {
+            const result = await executeFlow(
+              authCache.instanceUrl,
+              authCache.token,
+              args.project_id,
+              args.consumer_id,
+              args.goal,
+              {
+                issueId: args.issue_id,
+                mergeRequestId: args.merge_request_id,
+                namespaceId,
+                flowInputs
+              }
+            );
+            return JSON.stringify(result, null, 2);
+          } catch (err) {
+            return `Error executing flow: ${err.message}`;
+          }
+        }
+      }),
+      gitlab_get_flow_definition: (0, import_plugin.tool)({
+        description: "Get the YAML configuration of a GitLab DAP flow.\nReturns the flow config YAML which contains the flow.inputs section\ndescribing what additional_context categories and fields the flow requires.\nUse this before executing a flow to understand what inputs to gather.\nSet foundational=true for GitLab built-in flows, foundational=false for custom flows.",
+        args: {
+          consumer_id: z.number().describe("AI Catalog ItemConsumer numeric ID"),
+          foundational: z.boolean().describe("true for GitLab foundational flows, false for custom flows")
+        },
+        execute: async (args) => {
+          if (!authCache) {
+            const auth = readAuth();
+            if (!auth) return "Error: GitLab authentication not available";
+            authCache = auth;
+          }
+          const flow = [...flowAgents.values()].find((f) => f.consumerId === args.consumer_id);
+          try {
+            const result = await getFlowDefinition(authCache.instanceUrl, authCache.token, {
+              consumerId: args.consumer_id,
+              flowName: flow?.name,
+              foundational: args.foundational,
+              catalogItemVersionId: flow?.catalogItemVersionId,
+              itemIdentifier: flow?.identifier,
+              workflowDefinition: flow?.workflowDefinition
+            });
+            return JSON.stringify(result, null, 2);
+          } catch (err) {
+            return `Error getting flow definition: ${err.message}`;
+          }
+        }
+      }),
+      gitlab_get_workflow_status: (0, import_plugin.tool)({
+        description: "Get the status and latest messages of a GitLab DAP workflow.\nUse this to monitor a running flow after executing it.\nReturns the workflow status, latest checkpoint messages, and timestamps.\nPoll every 10 seconds until status is completed, failed, or cancelled.",
+        args: {
+          workflow_id: z.number().describe("Workflow numeric ID (from gitlab_execute_project_flow result)")
+        },
+        execute: async (args) => {
+          if (!authCache) {
+            const auth = readAuth();
+            if (!auth) return "Error: GitLab authentication not available";
+            authCache = auth;
+          }
+          try {
+            const result = await getWorkflowStatus(
+              authCache.instanceUrl,
+              authCache.token,
+              args.workflow_id
+            );
+            return JSON.stringify(result, null, 2);
+          } catch (err) {
+            return `Error getting workflow status: ${err.message}`;
+          }
+        }
+      }),
+      ...makeAgentFlowTools(
+        z,
+        () => authCache,
+        readAuth,
+        (a) => {
+          authCache = a;
+        },
+        refreshAgents
+      )
     }
   };
 };