opencode-gitlab-dap 1.6.0 → 1.6.1

package/dist/index.js

@@ -1,8 +1,11 @@
+import {
+  gql
+} from "./chunk-DPR6OUYG.js";
+
 // src/index.ts
-import { tool } from "@opencode-ai/plugin";
 import { GitLabModelCache } from "gitlab-ai-provider";
 
-// src/catalog.ts
+// src/flow-execution.ts
 import { load as yamlLoad } from "js-yaml";
 
 // src/generated/foundational-flows.ts
@@ -1180,7 +1183,7 @@ flow:
   "slack_assistant": 'version: "v1"\nenvironment: chat\ncomponents:\n  - name: "slack_assistant"\n    type: AgentComponent\n    prompt_id: "slack_assistant_prompt"\n    inputs:\n      - from: "context:goal"\n        as: "goal"\n    toolset:\n      - "gitlab_api_get"\n      - "gitlab_graphql"\n      - "gitlab_issue_search"\n      - "get_issue"\n      - "get_merge_request"\n      - "get_wiki_page"\n      - "get_repository_file"\n      - "gitlab_documentation_search"\n    ui_log_events:\n      - "on_agent_final_answer"\n      - "on_tool_execution_success"\n      - "on_tool_execution_failed"\nrouters:\n  - from: "slack_assistant"\n    to: "end"\nflow:\n  entry_point: "slack_assistant"\nprompts:\n  - name: "slack_assistant_prompt"\n    prompt_id: "slack_assistant_prompt"\n    unit_primitives:\n      - duo_agent_platform\n    prompt_template:\n      system: |\n        You are a helpful GitLab assistant that people talk to in Slack.\n\n        You receive the Slack thread as context (in <slack-thread-context> tags) and a user_context with the invoking user\'s identity and their group memberships. Use the groups to broaden your searches \u2014 search across multiple groups, not just the default namespace. When scoped searches return no results, always fall back to instance-wide search using `GET /api/v4/search?scope=issues&search=...` or `GET /api/v4/projects?search=...&search_namespaces=true`.\n\n        Keep Slack responses short. Use bullet points and link to GitLab so people can click through. Format your responses using Slack mrkdwn syntax:\n        - *bold* for emphasis\n        - _italic_ for secondary emphasis\n        - `code` for inline code or commands\n        - ```multi-line code``` for code blocks\n        - <url|link text> for URLs (e.g., <https://gitlab.com/my-issue|View issue>)\n        - <#channel_id> to link channels\n        - <@user_id> to mention users\n        - <!subteam^group_id> to mention groups\n        - @here, @channel, @everyone for special mentions\n        - ~strikethrough~ to strikethrough text\n        - > quote for block quotes\n        - - item for bullet points\n        - \\n for line breaks\n\n        You are currently *read-only* and act on behalf of the person who mentioned you. You can search and retrieve GitLab data (issues, projects, merge requests, users, etc.) but you cannot create, update, or delete anything. If someone asks you to create an issue or make changes, let them know this capability is not available yet and suggest they do it in GitLab directly.\n\n        When a specific tool exists for the task (e.g. `get_issue`, `get_merge_request`, `get_wiki_page`, `get_repository_file`), prefer it over `gitlab_api_get` \u2014 it handles URL parsing and compound operations automatically. Use `gitlab_api_get` and `gitlab_graphql` as fallbacks for resources not covered by a specific tool.\n\n        The GitLab API accepts URL-encoded project paths (like `gitlab-org%2Fgitlab`) wherever it accepts numeric project IDs. Use this when people reference projects by path.\n      user: |\n        {{goal}}\n      placeholder: history\n'
 };
 
-// src/catalog.ts
+// src/flow-execution.ts
 function extractFlowInputs(flowConfig) {
   if (!flowConfig) return [];
   const flow = flowConfig.flow;
@@ -1236,16 +1239,41 @@ query FlowVersionDefinition($itemId: AiCatalogItemID!) {
     }
   }
 }`;
-async function gql(instanceUrl, token, query, variables) {
-  const res = await fetch(`${instanceUrl.replace(/\/$/, "")}/api/graphql`, {
-    method: "POST",
-    headers: { "Content-Type": "application/json", Authorization: `Bearer ${token}` },
-    body: JSON.stringify({ query, variables })
-  });
-  const json = await res.json();
-  if (json.errors?.length) throw new Error(json.errors[0].message);
-  return json.data;
-}
+var RESOLVE_ROOT_NAMESPACE_QUERY = `
+query resolveRootNamespace($projectPath: ID!) {
+  project(fullPath: $projectPath) {
+    id
+    group {
+      id
+      rootNamespace { id }
+    }
+  }
+}`;
+var WORKFLOW_STATUS_QUERY = `
+query getWorkflowStatus($workflowId: AiDuoWorkflowsWorkflowID!) {
+  duoWorkflowWorkflows(workflowId: $workflowId) {
+    nodes {
+      id
+      status
+      humanStatus
+      createdAt
+      updatedAt
+      workflowDefinition
+      lastExecutorLogsUrl
+      latestCheckpoint {
+        duoMessages {
+          content
+          correlationId
+          role
+          messageType
+          status
+          timestamp
+          toolInfo
+        }
+      }
+    }
+  }
+}`;
 async function fetchFoundationalChatAgents(instanceUrl, token, projectId) {
   const agents = [];
   let after = null;
@@ -1330,59 +1358,18 @@ async function fetchCustomAgents(instanceUrl, token, projectId) {
   }
   return agents;
 }
-var MCP_SERVERS_QUERY = `
-query AiCatalogMcpServers($projectId: ProjectID!, $after: String) {
-  aiCatalogConfiguredItems(first: 50, projectId: $projectId, itemTypes: [AGENT], after: $after) {
-    pageInfo { hasNextPage endCursor }
-    nodes {
-      item {
-        id
-        name
-        latestVersion {
-          ... on AiCatalogAgentVersion {
-            mcpServers {
-              nodes { id name description url transport authType currentUserConnected }
-            }
-          }
-        }
-      }
-    }
-  }
-}`;
-async function fetchMcpServers(instanceUrl, token, projectId, agents) {
+async function fetchCatalogAgents(instanceUrl, token, projectId) {
+  const { fetchMcpServers: fetchMcpServers2 } = await import("./mcp-servers-2HCDB7XM.js");
   try {
-    let after = null;
-    const serversByAgent = /* @__PURE__ */ new Map();
-    for (; ; ) {
-      const data = await gql(instanceUrl, token, MCP_SERVERS_QUERY, {
-        projectId,
-        ...after ? { after } : {}
-      });
-      const page = data?.aiCatalogConfiguredItems;
-      if (!page) break;
-      for (const node of page.nodes ?? []) {
-        const item = node.item;
-        const version = item?.latestVersion;
-        if (!version?.mcpServers?.nodes?.length) continue;
-        const servers = version.mcpServers.nodes.map((s) => ({
-          id: s.id,
-          name: s.name,
-          description: s.description ?? "",
-          url: s.url,
-          transport: s.transport,
-          authType: s.authType,
-          currentUserConnected: !!s.currentUserConnected
-        }));
-        serversByAgent.set(item.id, servers);
-      }
-      if (!page.pageInfo?.hasNextPage) break;
-      after = page.pageInfo.endCursor;
-    }
-    for (const agent of agents) {
-      const servers = serversByAgent.get(agent.identifier);
-      if (servers?.length) agent.mcpServers = servers;
-    }
+    const [foundational, custom] = await Promise.all([
+      fetchFoundationalChatAgents(instanceUrl, token, projectId),
+      fetchCustomAgents(instanceUrl, token, projectId)
+    ]);
+    const agents = [...foundational, ...custom];
+    await fetchMcpServers2(instanceUrl, token, projectId, agents);
+    return agents;
   } catch {
+    return [];
   }
 }
 async function getFlowDefinition(instanceUrl, token, opts) {
@@ -1414,16 +1401,6 @@ async function getFlowDefinition(instanceUrl, token, opts) {
   }
   return { config, name, ...apiError && !config ? { error: apiError } : {} };
 }
-var RESOLVE_ROOT_NAMESPACE_QUERY = `
-query resolveRootNamespace($projectPath: ID!) {
-  project(fullPath: $projectPath) {
-    id
-    group {
-      id
-      rootNamespace { id }
-    }
-  }
-}`;
 async function resolveRootNamespaceId(instanceUrl, token, projectPath) {
   try {
     const data = await gql(instanceUrl, token, RESOLVE_ROOT_NAMESPACE_QUERY, {
@@ -1480,31 +1457,6 @@ async function executeFlow(instanceUrl, token, projectPath, consumerId, goal, op
   }
   return res.json();
 }
-var WORKFLOW_STATUS_QUERY = `
-query getWorkflowStatus($workflowId: AiDuoWorkflowsWorkflowID!) {
-  duoWorkflowWorkflows(workflowId: $workflowId) {
-    nodes {
-      id
-      status
-      humanStatus
-      createdAt
-      updatedAt
-      workflowDefinition
-      lastExecutorLogsUrl
-      latestCheckpoint {
-        duoMessages {
-          content
-          correlationId
-          role
-          messageType
-          status
-          timestamp
-          toolInfo
-        }
-      }
-    }
-  }
-}`;
 var sleep = (ms) => new Promise((r) => setTimeout(r, ms));
 async function getWorkflowStatus(instanceUrl, token, workflowId) {
   const gid = `gid://gitlab/Ai::DuoWorkflows::Workflow/${workflowId}`;
@@ -1524,19 +1476,8 @@ async function getWorkflowStatus(instanceUrl, token, workflowId) {
   if (!nodes?.length) throw new Error(`Workflow ${workflowId} not found`);
   return nodes[0];
 }
-async function fetchCatalogAgents(instanceUrl, token, projectId) {
-  try {
-    const [foundational, custom] = await Promise.all([
-      fetchFoundationalChatAgents(instanceUrl, token, projectId),
-      fetchCustomAgents(instanceUrl, token, projectId)
-    ]);
-    const agents = [...foundational, ...custom];
-    await fetchMcpServers(instanceUrl, token, projectId, agents);
-    return agents;
-  } catch {
-    return [];
-  }
-}
+
+// src/catalog-items.ts
 var LIST_AI_CATALOG_ITEMS_QUERY = `
 query listAiCatalogItems(
   $itemTypes: [AiCatalogItemType!]
@@ -1671,6 +1612,80 @@ query resolveProjectIds($projectPath: ID!) {
     namespace { id }
   }
 }`;
+function normalizeItemGid(id) {
+  if (id.startsWith("gid://")) return id;
+  if (!/^\d+$/.test(id)) throw new Error(`Invalid catalog item ID: "${id}"`);
+  return `gid://gitlab/Ai::Catalog::Item/${id}`;
+}
+async function resolveProjectGid(instanceUrl, token, projectPath) {
+  const result = await gql(instanceUrl, token, RESOLVE_PROJECT_IDS_FOR_TOOLS_QUERY, {
+    projectPath
+  });
+  return result.project.id;
+}
+async function listAiCatalogItems(instanceUrl, token, itemTypes, options) {
+  const variables = {
+    itemTypes,
+    first: options?.first ?? 20
+  };
+  if (options?.search) variables.search = options.search;
+  if (options?.after) variables.after = options.after;
+  const result = await gql(instanceUrl, token, LIST_AI_CATALOG_ITEMS_QUERY, variables);
+  return result.aiCatalogItems;
+}
+async function getAiCatalogItem(instanceUrl, token, itemId) {
+  const gid = normalizeItemGid(itemId);
+  const result = await gql(instanceUrl, token, GET_AI_CATALOG_ITEM_QUERY, { id: gid });
+  return result.aiCatalogItem;
+}
+async function listProjectAiCatalogItems(instanceUrl, token, projectPath, itemTypes, options) {
+  const projectGid = await resolveProjectGid(instanceUrl, token, projectPath);
+  const variables = {
+    projectId: projectGid,
+    itemTypes,
+    includeFoundationalConsumers: true,
+    first: options?.first ?? 20
+  };
+  if (options?.after) variables.after = options.after;
+  const result = await gql(instanceUrl, token, LIST_PROJECT_CONFIGURED_ITEMS_QUERY, variables);
+  return result.aiCatalogConfiguredItems;
+}
+async function enableAiCatalogItemForProject(instanceUrl, token, projectPath, itemId) {
+  const projectGid = await resolveProjectGid(instanceUrl, token, projectPath);
+  const gid = normalizeItemGid(itemId);
+  const result = await gql(instanceUrl, token, ENABLE_AI_CATALOG_ITEM_MUTATION, {
+    input: { itemId: gid, target: { projectId: projectGid } }
+  });
+  if (result.aiCatalogItemConsumerCreate.errors.length > 0) {
+    throw new Error(
+      `Failed to enable item: ${result.aiCatalogItemConsumerCreate.errors.join(", ")}`
+    );
+  }
+  return result.aiCatalogItemConsumerCreate;
+}
+async function disableAiCatalogItemForProject(instanceUrl, token, projectPath, itemId) {
+  const projectGid = await resolveProjectGid(instanceUrl, token, projectPath);
+  const gid = normalizeItemGid(itemId);
+  const consumerResult = await gql(instanceUrl, token, FIND_ITEM_CONSUMER_FOR_DISABLE_QUERY, {
+    projectId: projectGid,
+    itemTypes: ["AGENT", "FLOW", "THIRD_PARTY_FLOW"]
+  });
+  const consumer = consumerResult.aiCatalogConfiguredItems.nodes.find(
+    (n) => n.item.id === gid
+  );
+  if (!consumer?.id) throw new Error("Agent/flow is not enabled in this project");
+  const result = await gql(instanceUrl, token, DISABLE_AI_CATALOG_ITEM_MUTATION, {
+    input: { id: consumer.id }
+  });
+  if (result.aiCatalogItemConsumerDelete.errors.length > 0) {
+    throw new Error(
+      `Failed to disable item: ${result.aiCatalogItemConsumerDelete.errors.join(", ")}`
+    );
+  }
+  return result.aiCatalogItemConsumerDelete;
+}
+
+// src/catalog-crud.ts
 var CREATE_AGENT_MUTATION = `
 mutation AiCatalogAgentCreate($input: AiCatalogAgentCreateInput!) {
   aiCatalogAgentCreate(input: $input) {
@@ -1772,78 +1787,11 @@ mutation AiCatalogFlowUpdate($input: AiCatalogFlowUpdateInput!) {
     }
   }
 }`;
-function normalizeItemGid(id) {
+function normalizeItemGid2(id) {
   if (id.startsWith("gid://")) return id;
   if (!/^\d+$/.test(id)) throw new Error(`Invalid catalog item ID: "${id}"`);
   return `gid://gitlab/Ai::Catalog::Item/${id}`;
 }
-async function listAiCatalogItems(instanceUrl, token, itemTypes, options) {
-  const variables = {
-    itemTypes,
-    first: options?.first ?? 20
-  };
-  if (options?.search) variables.search = options.search;
-  if (options?.after) variables.after = options.after;
-  const result = await gql(instanceUrl, token, LIST_AI_CATALOG_ITEMS_QUERY, variables);
-  return result.aiCatalogItems;
-}
-async function getAiCatalogItem(instanceUrl, token, itemId) {
-  const gid = normalizeItemGid(itemId);
-  const result = await gql(instanceUrl, token, GET_AI_CATALOG_ITEM_QUERY, { id: gid });
-  return result.aiCatalogItem;
-}
-async function resolveProjectGid(instanceUrl, token, projectPath) {
-  const result = await gql(instanceUrl, token, RESOLVE_PROJECT_IDS_FOR_TOOLS_QUERY, {
-    projectPath
-  });
-  return result.project.id;
-}
-async function listProjectAiCatalogItems(instanceUrl, token, projectPath, itemTypes, options) {
-  const projectGid = await resolveProjectGid(instanceUrl, token, projectPath);
-  const variables = {
-    projectId: projectGid,
-    itemTypes,
-    includeFoundationalConsumers: true,
-    first: options?.first ?? 20
-  };
-  if (options?.after) variables.after = options.after;
-  const result = await gql(instanceUrl, token, LIST_PROJECT_CONFIGURED_ITEMS_QUERY, variables);
-  return result.aiCatalogConfiguredItems;
-}
-async function enableAiCatalogItemForProject(instanceUrl, token, projectPath, itemId) {
-  const projectGid = await resolveProjectGid(instanceUrl, token, projectPath);
-  const gid = normalizeItemGid(itemId);
-  const result = await gql(instanceUrl, token, ENABLE_AI_CATALOG_ITEM_MUTATION, {
-    input: { itemId: gid, target: { projectId: projectGid } }
-  });
-  if (result.aiCatalogItemConsumerCreate.errors.length > 0) {
-    throw new Error(
-      `Failed to enable item: ${result.aiCatalogItemConsumerCreate.errors.join(", ")}`
-    );
-  }
-  return result.aiCatalogItemConsumerCreate;
-}
-async function disableAiCatalogItemForProject(instanceUrl, token, projectPath, itemId) {
-  const projectGid = await resolveProjectGid(instanceUrl, token, projectPath);
-  const gid = normalizeItemGid(itemId);
-  const consumerResult = await gql(instanceUrl, token, FIND_ITEM_CONSUMER_FOR_DISABLE_QUERY, {
-    projectId: projectGid,
-    itemTypes: ["AGENT", "FLOW", "THIRD_PARTY_FLOW"]
-  });
-  const consumer = consumerResult.aiCatalogConfiguredItems.nodes.find(
-    (n) => n.item.id === gid
-  );
-  if (!consumer?.id) throw new Error("Agent/flow is not enabled in this project");
-  const result = await gql(instanceUrl, token, DISABLE_AI_CATALOG_ITEM_MUTATION, {
-    input: { id: consumer.id }
-  });
-  if (result.aiCatalogItemConsumerDelete.errors.length > 0) {
-    throw new Error(
-      `Failed to disable item: ${result.aiCatalogItemConsumerDelete.errors.join(", ")}`
-    );
-  }
-  return result.aiCatalogItemConsumerDelete;
-}
 async function createAgent(instanceUrl, token, projectPath, params) {
   const projectGid = await resolveProjectGid(instanceUrl, token, projectPath);
   const input = {
@@ -1865,7 +1813,7 @@ async function createAgent(instanceUrl, token, projectPath, params) {
   return result.aiCatalogAgentCreate.item;
 }
 async function updateAgent(instanceUrl, token, itemId, params) {
-  const gid = normalizeItemGid(itemId);
+  const gid = normalizeItemGid2(itemId);
   const input = { id: gid };
   if (params.name !== void 0) input.name = params.name;
   if (params.description !== void 0) input.description = params.description;
@@ -1904,7 +1852,7 @@ async function createFlow(instanceUrl, token, projectPath, params) {
   return result.aiCatalogFlowCreate.item;
 }
 async function updateFlow(instanceUrl, token, itemId, params) {
-  const gid = normalizeItemGid(itemId);
+  const gid = normalizeItemGid2(itemId);
   const input = { id: gid };
   if (params.name !== void 0) input.name = params.name;
   if (params.description !== void 0) input.description = params.description;
@@ -1919,6 +1867,484 @@ async function updateFlow(instanceUrl, token, itemId, params) {
   return result.aiCatalogFlowUpdate.item;
 }
 
+// src/auth.ts
+import { readFileSync } from "fs";
+import { join } from "path";
+import os from "os";
+function readAuth() {
+  try {
+    const authPath = join(os.homedir(), ".local", "share", "opencode", "auth.json");
+    const data = JSON.parse(readFileSync(authPath, "utf-8"));
+    const gitlab = data?.gitlab;
+    if (!gitlab) return null;
+    const token = gitlab.type === "oauth" ? gitlab.access : gitlab.type === "api" ? gitlab.key : null;
+    if (!token) return null;
+    const instanceUrl = gitlab.enterpriseUrl ?? process.env.GITLAB_INSTANCE_URL ?? "https://gitlab.com";
+    return { token, instanceUrl };
+  } catch {
+    return null;
+  }
+}
+
+// src/agents.ts
+function resolveModelId(entry) {
+  const ref = entry.selectedModelRef ?? entry.discovery?.defaultModel?.ref;
+  if (!ref) return "duo-workflow-default";
+  return `duo-workflow-${ref.replace(/[/_]/g, "-")}`;
+}
+
+// src/prompts.ts
+var FLOW_DISPATCH_GUIDELINES = [
+  `## GitLab Flow Dispatch Guidelines`,
+  ``,
+  `CRITICAL: You must NEVER call gitlab_execute_project_flow or gitlab_get_flow_definition directly.`,
+  `Flows are ALWAYS executed via the Task tool with subagent_type "general".`,
+  `When the user's message contains flow dispatch instructions (starting with "IMPORTANT: You MUST"),`,
+  `follow those instructions exactly \u2014 call the Task tool with the provided parameters.`,
+  ``,
+  `### Multiple Flows or Resources`,
+  `When multiple flows need to run (multiple @mentions, or batch across resources), dispatch them`,
+  `via a SINGLE "general" subagent. The general subagent can execute multiple tool calls in parallel,`,
+  `so all flows fire simultaneously. Do NOT dispatch multiple Task calls \u2014 use ONE Task with a prompt`,
+  `that lists all the flows to execute, so the subagent runs them concurrently.`,
+  ``,
+  `### Batch Operations (Multiple Resources)`,
+  `If the user asks to run flows on multiple resources (e.g., "for each MR"), first list the`,
+  `resources yourself using GitLab API tools, then dispatch ONE general subagent whose prompt`,
+  `includes all flow executions (N flows x M resources) to run in parallel.`
+].join("\n");
+var AGENT_CREATION_GUIDELINES = `## Creating Custom GitLab Agents
+
+Before calling gitlab_create_agent, you MUST:
+1. Call gitlab_list_builtin_tools and gitlab_list_project_mcp_servers.
+2. Ask the user 4 questions using the question tool (one call, all 4 questions):
+   - Agent name (suggest one, allow custom)
+   - Visibility: Public or Private
+   - Tools: show tools grouped by category as multi-select (Search, Issues, MRs, Epics, Files, Git, CI/CD, Security, Audit, Planning, Wiki, API)
+   - MCP servers: multi-select from available servers
+3. Show the generated system prompt and ask for confirmation.
+4. Only then call gitlab_create_agent. Use full tool GIDs like "gid://gitlab/Ai::Catalog::BuiltInTool/1".
+5. Ask if the user wants to enable it on the current project.`;
+var FLOW_SCHEMA_REFERENCE = `## Flow YAML Schema Reference
+
+### Top-level structure (all required unless noted):
+  version: "v1"                    # Always "v1"
+  environment: ambient             # Always "ambient"
+  components: [...]                # Array of components (min 1)
+  routers: [...]                   # Array of routers connecting components
+  flow:
+    entry_point: "component_name"  # First component to run
+    inputs: [...]                  # Optional: additional context inputs
+  prompts: [...]                   # Optional: inline prompt definitions
+
+### Component types:
+
+1. DeterministicStepComponent \u2014 runs ONE tool, no LLM call:
+   - name: "fetch_data"           # alphanumeric + underscore only
+     type: DeterministicStepComponent
+     tool_name: "get_merge_request"
+     inputs:                       # map tool parameters
+       - { from: "context:goal", as: "merge_request_iid" }
+       - { from: "context:project_id", as: "project_id" }
+
+2. OneOffComponent \u2014 single LLM call + tool execution:
+   - name: "process_data"
+     type: OneOffComponent
+     prompt_id: "my_prompt"        # references inline prompt
+     prompt_version: null           # null = use inline prompt from prompts section
+     toolset: ["read_file", "edit_file"]
+     inputs:
+       - { from: "context:fetch_data.tool_responses", as: "data" }
+     max_correction_attempts: 3    # retries on tool failure (default 3)
+
+3. AgentComponent \u2014 multi-turn LLM reasoning loop:
+   - name: "analyze"
+     type: AgentComponent
+     prompt_id: "my_agent_prompt"
+     prompt_version: null
+     toolset: ["read_file", "grep"]
+     inputs:
+       - { from: "context:goal", as: "user_goal" }
+     ui_log_events: ["on_agent_final_answer"]
+
+### IOKey syntax (inputs/from values):
+  "context:goal"                           # The flow goal (user input)
+  "context:project_id"                     # Project ID (auto-injected)
+  "context:<component_name>.tool_responses" # Tool output from a component
+  "context:<component_name>.final_answer"  # Agent's final text answer
+  "context:<component_name>.execution_result" # OneOff execution result
+  { from: "context:x", as: "var_name" }   # Rename for prompt template
+  { from: "true", as: "flag", literal: true } # Literal value
+
+### Router patterns:
+  Direct:      { from: "step1", to: "step2" }
+  To end:      { from: "last_step", to: "end" }
+  Conditional: { from: "step1", condition: { input: "context:step1.final_answer.decision", routes: { "yes": "step2", "no": "end" } } }
+
+### Inline prompts (in prompts section):
+  - prompt_id: "my_prompt"
+    name: "My Prompt"
+    unit_primitives: ["duo_agent_platform"]   # Always this value
+    prompt_template:
+      system: "You are a helpful assistant. {{var_name}} is available."
+      user: "Process: {{data}}"
+      placeholder: "history"                   # Optional, for AgentComponent conversation history
+
+### Tool names: use names from gitlab_list_builtin_tools (e.g., "read_file", "get_merge_request", "create_merge_request_note").`;
+var FLOW_EXAMPLE_LINEAR = `## Example: Simple linear flow (fetch MR \u2192 analyze \u2192 post comment)
+\`\`\`yaml
+version: "v1"
+environment: ambient
+components:
+  - name: fetch_mr
+    type: DeterministicStepComponent
+    tool_name: build_review_merge_request_context
+    inputs:
+      - { from: "context:project_id", as: "project_id" }
+      - { from: "context:goal", as: "merge_request_iid" }
+    ui_log_events: ["on_tool_execution_success", "on_tool_execution_failed"]
+  - name: analyze_and_comment
+    type: OneOffComponent
+    prompt_id: review_prompt
+    prompt_version: null
+    toolset: ["create_merge_request_note"]
+    inputs:
+      - { from: "context:fetch_mr.tool_responses", as: "mr_data" }
+      - { from: "context:project_id", as: "project_id" }
+      - { from: "context:goal", as: "merge_request_iid" }
+    max_correction_attempts: 3
+    ui_log_events: ["on_tool_execution_success"]
+routers:
+  - { from: fetch_mr, to: analyze_and_comment }
+  - { from: analyze_and_comment, to: end }
+flow:
+  entry_point: fetch_mr
+prompts:
+  - prompt_id: review_prompt
+    name: MR Review Prompt
+    unit_primitives: ["duo_agent_platform"]
+    prompt_template:
+      system: |
+        You review merge requests. Analyze the MR data and post a concise review comment.
+        Focus on code quality, potential bugs, and improvements.
+      user: "Review MR !{{merge_request_iid}} in project {{project_id}}: {{mr_data}}"
+\`\`\``;
+var FLOW_EXAMPLE_CONDITIONAL = `## Example: Conditional flow (gather data \u2192 decide \u2192 branch)
+\`\`\`yaml
+version: "v1"
+environment: ambient
+components:
+  - name: gather_context
+    type: DeterministicStepComponent
+    tool_name: get_vulnerability_details
+    inputs:
+      - { from: "context:goal", as: "vulnerability_id" }
+    ui_log_events: ["on_tool_execution_success"]
+  - name: evaluate
+    type: AgentComponent
+    prompt_id: eval_prompt
+    prompt_version: null
+    toolset: []
+    inputs:
+      - { from: "context:gather_context.tool_responses", as: "vuln_data" }
+    ui_log_events: ["on_agent_final_answer"]
+  - name: create_fix
+    type: AgentComponent
+    prompt_id: fix_prompt
+    prompt_version: null
+    toolset: ["read_file", "edit_file", "grep"]
+    inputs:
+      - { from: "context:gather_context.tool_responses", as: "vuln_data" }
+    ui_log_events: ["on_agent_final_answer", "on_tool_execution_success"]
+routers:
+  - { from: gather_context, to: evaluate }
+  - from: evaluate
+    condition:
+      input: "context:evaluate.final_answer"
+      routes:
+        "fix_needed": create_fix
+        "false_positive": end
+      default_route: end
+  - { from: create_fix, to: end }
+flow:
+  entry_point: gather_context
+prompts:
+  - prompt_id: eval_prompt
+    name: Vulnerability Evaluator
+    unit_primitives: ["duo_agent_platform"]
+    prompt_template:
+      system: |
+        Evaluate if a vulnerability needs fixing. Respond with exactly "fix_needed" or "false_positive".
+      user: "Evaluate: {{vuln_data}}"
+  - prompt_id: fix_prompt
+    name: Fix Generator
+    unit_primitives: ["duo_agent_platform"]
+    prompt_template:
+      system: |
+        You fix security vulnerabilities. Read the relevant code and apply the fix.
+      user: "Fix this vulnerability: {{vuln_data}}"
+      placeholder: history
+\`\`\``;
+
+// src/hooks.ts
+function buildFlowSubagentPrompt(flow, projectPath, projectUrl) {
+  return [
+    `You execute the "${flow.name}" GitLab flow. Project: ${projectPath} (${projectUrl}).`,
+    ``,
+    `STEP 1: Call gitlab_get_flow_definition with consumer_id=${flow.consumerId}, foundational=${!!flow.foundational}.`,
+    `Parse the YAML config:`,
+    `- In "components", find { from: "context:goal", as: "<name>" }. The "as" value is what the goal parameter must contain:`,
+    `  "merge_request_iid" -> just the number (e.g. 14)`,
+    `  "pipeline_url"/"url"/"issue_url" -> full URL (e.g. ${projectUrl}/-/merge_requests/5)`,
+    `  "vulnerability_id" -> just the ID number`,
+    `  "goal" -> free-form text`,
+    `- In "flow.inputs", find additional_context categories (skip "agent_platform_standard_context").`,
+    ``,
+    `STEP 2: Resolve the goal to the EXACT value the flow expects (from step 1).`,
+    `The goal parameter has a 10000 char limit and is used directly as the flow parameter \u2014 pass ONLY the raw value, never a sentence.`,
+    `Use GitLab API tools if needed to look up IDs or construct URLs from the user's message.`,
+    ``,
+    `STEP 3: Gather additional_context values (if any from step 1) using available tools.`,
+    ``,
+    `STEP 4: Call gitlab_execute_project_flow with:`,
+    `  project_id: "${projectPath}"`,
+    `  consumer_id: ${flow.consumerId}`,
+    `  goal: <resolved value from step 2>`,
+    `  additional_context (if needed): [{"Category":"<cat>","Content":"{\\"field\\":\\"val\\"}"}]`,
+    ``,
+    `STEP 5: Call gitlab_get_workflow_status with the workflow_id. Report status and URL: ${projectUrl}/-/automate/agent-sessions/<id>`
+  ].join("\n");
+}
+function makeChatMessageHook(getAuthCache, flowAgents, getProjectPath) {
+  return async (_input, output) => {
+    const projectPath = getProjectPath();
+    const indicesToRemove = [];
+    const flowMentions = [];
+    for (let i = 0; i < output.parts.length; i++) {
+      const part = output.parts[i];
+      if (part.type !== "agent") continue;
+      const flow = flowAgents.get(part.name);
+      if (!flow || !flow.consumerId || !projectPath) continue;
+      flowMentions.push({ idx: i, flow, displayName: part.name });
+      if (i + 1 < output.parts.length) {
+        const next = output.parts[i + 1];
+        if (next.type === "text" && next.synthetic && next.text?.includes("call the task tool with subagent")) {
+          indicesToRemove.push(i + 1);
+        }
+      }
+    }
+    if (flowMentions.length === 0) {
+      return;
+    }
+    const authCache = getAuthCache();
+    if (flowMentions.length === 1) {
+      const { idx, flow } = flowMentions[0];
+      const baseUrl2 = authCache?.instanceUrl?.replace(/\/$/, "") ?? "https://gitlab.com";
+      const projectUrl2 = `${baseUrl2}/${projectPath}`;
+      const rawText2 = output.parts.filter((p) => p.type === "text" && !p.synthetic).map((p) => p.text).join(" ").trim() || "Execute the flow";
+      const subagentPrompt = buildFlowSubagentPrompt(flow, projectPath, projectUrl2) + `
+
+User goal: "${rawText2}"`;
+      const resultText = [
+        `IMPORTANT: You MUST call the Task tool RIGHT NOW to dispatch a subagent. Do NOT execute these steps yourself.`,
+        ``,
+        `Call the Task tool with:`,
+        `  subagent_type: "general"`,
+        `  description: "Execute ${flow.name} flow"`,
+        `  prompt: ${JSON.stringify(subagentPrompt)}`,
+        ``,
+        `Do not do anything else. Just call the Task tool with the above parameters.`
+      ].join("\n");
+      const original2 = output.parts[idx];
+      output.parts[idx] = { ...original2, type: "text", text: resultText };
+      delete output.parts[idx].name;
+      delete output.parts[idx].source;
+      for (const rmIdx of indicesToRemove.reverse()) {
+        output.parts.splice(rmIdx, 1);
+      }
+      return;
+    }
+    const baseUrl = authCache?.instanceUrl?.replace(/\/$/, "") ?? "https://gitlab.com";
+    const projectUrl = `${baseUrl}/${projectPath}`;
+    const flowNames = new Set(flowMentions.map((m) => m.displayName));
+    let rawText = output.parts.filter((p) => p.type === "text" && !p.synthetic).map((p) => p.text).join(" ").trim() || "Execute the flows";
+    for (const name of flowNames) {
+      rawText = rawText.replace(new RegExp(`@${name.replace(/[.*+?^${}()|[\]\\]/g, "\\$&")}`, "g"), "").trim();
+    }
+    rawText = rawText.replace(/\s{2,}/g, " ").trim() || "Execute the flows";
+    const flowList = flowMentions.map(
+      ({ flow, displayName }, i) => `${i + 1}. "${displayName}" \u2014 consumer_id=${flow.consumerId}, foundational=${!!flow.foundational}`
+    );
+    const batchPrompt = [
+      `Execute ${flowMentions.length} GitLab flows on project ${projectPath} (${projectUrl}).`,
+      `User goal: "${rawText}"`,
+      ``,
+      `Flows to execute:`,
+      ...flowList,
+      ``,
+      `EXECUTION PLAN:`,
+      `1. Call gitlab_get_flow_definition for ALL flows listed above in a SINGLE response (${flowMentions.length} tool calls at once).`,
+      `   Parse each YAML to find what "context:goal" maps to (the "as" field in components).`,
+      ``,
+      `2. If the user's goal involves multiple resources (e.g., "for each MR"), list them using GitLab API tools.`,
+      ``,
+      `3. Call gitlab_execute_project_flow for EVERY flow+resource combination in a SINGLE response.`,
+      `   For each call, set the goal to the EXACT value the flow expects (e.g., just "14" for merge_request_iid).`,
+      `   project_id: "${projectPath}"`,
+      `   You MUST emit ALL execute calls in ONE response \u2014 do NOT wait for one to finish before calling the next.`,
+      ``,
+      `4. Collect all workflow_ids from step 3. Call gitlab_get_workflow_status for ALL of them in a SINGLE response.`,
+      ``,
+      `5. Present a summary table: flow name, resource, status, URL (${projectUrl}/-/automate/agent-sessions/<id>).`,
+      ``,
+      `CRITICAL: In steps 1, 3, and 4 you MUST make multiple tool calls in the SAME response for parallel execution.`
+    ].join("\n");
+    const combinedText = [
+      `IMPORTANT: You MUST call the Task tool RIGHT NOW with subagent_type "general" to dispatch all flows in parallel.`,
+      `Do NOT call flow tools yourself. Do NOT dispatch multiple Task calls \u2014 use ONE.`,
+      ``,
+      `Call the Task tool with:`,
+      `  subagent_type: "general"`,
+      `  description: "Execute ${flowMentions.length} flows in parallel"`,
+      `  prompt: ${JSON.stringify(batchPrompt)}`,
+      ``,
+      `Do not do anything else. Just call the Task tool with the above parameters.`
+    ].join("\n");
+    const firstIdx = flowMentions[0].idx;
+    const original = output.parts[firstIdx];
+    output.parts[firstIdx] = { ...original, type: "text", text: combinedText };
+    delete output.parts[firstIdx].name;
+    delete output.parts[firstIdx].source;
+    for (let i = flowMentions.length - 1; i >= 1; i--) {
+      indicesToRemove.push(flowMentions[i].idx);
+    }
+    for (const idx of [...new Set(indicesToRemove)].sort((a, b) => b - a)) {
+      output.parts.splice(idx, 1);
+    }
+  };
+}
+function makeChatParamsHook(gitlabAgentNames) {
+  return async (input, _output) => {
+    if (!gitlabAgentNames.has(input.agent)) return;
+    const model = input.model;
+    const modelId = model?.modelID ?? model?.id ?? "";
+    const isDWS = modelId.includes("duo-workflow");
+    if (!isDWS) {
+      const name = model?.name ?? modelId ?? "unknown";
+      throw new Error(
+        `GitLab agent "${input.agent}" requires an Agent Platform model but the current model is "${name}". Please switch to an Agent Platform model (duo-workflow-*) in the model picker to use GitLab agents.`
+      );
+    }
+  };
+}
+function makeSystemTransformHook(flowAgents, getAuthCache) {
+  return async (_input, output) => {
+    if (flowAgents.size) {
+      output.system.push(FLOW_DISPATCH_GUIDELINES);
+    }
+    if (getAuthCache()) {
+      output.system.push(AGENT_CREATION_GUIDELINES);
+    }
+  };
+}
+
+// src/tools/flow-tools.ts
+import { tool } from "@opencode-ai/plugin";
+var z = tool.schema;
+function makeFlowTools(ctx) {
+  return {
+    gitlab_execute_project_flow: tool({
+      description: "Execute a GitLab DAP flow on a project.\nTriggers a flow via the Duo Workflow Service REST API.\nThe flow runs asynchronously and is visible in the GitLab UI.\nReturns the workflow record with ID and status.\nThe additional_context parameter accepts flow-specific inputs as a JSON array of {Category, Content} objects.",
+      args: {
+        project_id: z.string().describe('Project path (e.g., "gitlab-org/gitlab")'),
+        consumer_id: z.number().describe("AI Catalog ItemConsumer numeric ID"),
+        goal: z.string().describe("User prompt/goal for the flow, include relevant URLs"),
+        additional_context: z.string().optional().describe(
+          'JSON array of flow inputs: [{"Category":"merge_request","Content":"{\\"url\\":\\"https://...\\"}"}]'
+        ),
+        issue_id: z.number().optional().describe("Issue IID for context"),
+        merge_request_id: z.number().optional().describe("Merge request IID for context")
+      },
+      execute: async (args) => {
+        const auth = ctx.ensureAuth();
+        if (!auth) return "Error: GitLab authentication not available";
+        let flowInputs;
+        if (args.additional_context) {
+          try {
+            flowInputs = JSON.parse(args.additional_context);
+          } catch {
+            return "Error: additional_context must be a valid JSON array";
+          }
+        }
+        try {
+          const result = await executeFlow(
+            auth.instanceUrl,
+            auth.token,
+            args.project_id,
+            args.consumer_id,
+            args.goal,
+            {
+              issueId: args.issue_id,
+              mergeRequestId: args.merge_request_id,
+              namespaceId: ctx.getNamespaceId(),
+              flowInputs
+            }
+          );
+          return JSON.stringify(result, null, 2);
+        } catch (err) {
+          return `Error executing flow: ${err.message}`;
+        }
+      }
+    }),
+    gitlab_get_flow_definition: tool({
+      description: "Get the YAML configuration of a GitLab DAP flow.\nReturns the flow config YAML which contains the flow.inputs section\ndescribing what additional_context categories and fields the flow requires.\nUse this before executing a flow to understand what inputs to gather.\nSet foundational=true for GitLab built-in flows, foundational=false for custom flows.",
+      args: {
+        consumer_id: z.number().describe("AI Catalog ItemConsumer numeric ID"),
+        foundational: z.boolean().describe("true for GitLab foundational flows, false for custom flows")
+      },
+      execute: async (args) => {
+        const auth = ctx.ensureAuth();
+        if (!auth) return "Error: GitLab authentication not available";
+        const flow = [...ctx.getFlowAgents().values()].find(
+          (f) => f.consumerId === args.consumer_id
+        );
+        try {
+          const result = await getFlowDefinition(auth.instanceUrl, auth.token, {
+            consumerId: args.consumer_id,
+            flowName: flow?.name,
+            foundational: args.foundational,
+            catalogItemVersionId: flow?.catalogItemVersionId,
+            itemIdentifier: flow?.identifier,
+            workflowDefinition: flow?.workflowDefinition
+          });
+          return JSON.stringify(result, null, 2);
+        } catch (err) {
+          return `Error getting flow definition: ${err.message}`;
+        }
+      }
+    }),
+    gitlab_get_workflow_status: tool({
+      description: "Get the status and latest messages of a GitLab DAP workflow.\nUse this to monitor a running flow after executing it.\nReturns the workflow status, latest checkpoint messages, and timestamps.\nPoll every 10 seconds until status is completed, failed, or cancelled.",
+      args: {
+        workflow_id: z.number().describe("Workflow numeric ID (from gitlab_execute_project_flow result)")
+      },
+      execute: async (args) => {
+        const auth = ctx.ensureAuth();
+        if (!auth) return "Error: GitLab authentication not available";
+        try {
+          const result = await getWorkflowStatus(auth.instanceUrl, auth.token, args.workflow_id);
+          return JSON.stringify(result, null, 2);
+        } catch (err) {
+          return `Error getting workflow status: ${err.message}`;
+        }
+      }
+    })
+  };
+}
+
+// src/tools/catalog-crud-tools.ts
+import { tool as tool2 } from "@opencode-ai/plugin";
+
 // src/flow-validator.ts
 import Ajv from "ajv";
 import yaml from "js-yaml";
@@ -2526,30 +2952,257 @@ function validateFlowYaml(yamlString) {
   return { valid: true, errors: [] };
 }
 
-// src/agents.ts
-function resolveModelId(entry) {
-  const ref = entry.selectedModelRef ?? entry.discovery?.defaultModel?.ref;
-  if (!ref) return "duo-workflow-default";
-  return `duo-workflow-${ref.replace(/[/_]/g, "-")}`;
+// src/tools/catalog-crud-tools.ts
+var z2 = tool2.schema;
+function makeCatalogCrudTools(ctx) {
+  return {
+    gitlab_create_agent: tool2({
+      description: "Create a new custom agent in the GitLab AI Catalog.\nFirst call: set confirmed=false (or omit). The tool returns without creating anything and instructs you to ask the user for agent properties using the question tool.\nSecond call: after the user confirms, set confirmed=true to actually create the agent.\nAfter creation, use gitlab_enable_project_agent to enable it on a project.",
+      args: {
+        project_id: z2.string().describe('Project path (e.g., "gitlab-org/gitlab")'),
+        name: z2.string().describe("Display name for the agent"),
+        description: z2.string().describe("Description of what the agent does"),
+        public: z2.boolean().describe("Whether the agent is publicly visible in the AI Catalog"),
+        system_prompt: z2.string().describe("System prompt that defines the agent's behavior"),
+        user_prompt: z2.string().optional().describe("User prompt template (optional)"),
+        tools: z2.array(z2.string()).optional().describe(
+          'Array of built-in tool Global IDs from gitlab_list_builtin_tools. Must be full GIDs like "gid://gitlab/Ai::Catalog::BuiltInTool/1", NOT tool names.'
+        ),
+        mcp_tools: z2.array(z2.string()).optional().describe("Array of MCP tool names to enable"),
+        mcp_servers: z2.array(z2.string()).optional().describe(
+          'Array of MCP server Global IDs from gitlab_list_project_mcp_servers. Must be full GIDs like "gid://gitlab/Ai::Catalog::McpServer/1", NOT server names.'
+        ),
+        release: z2.boolean().optional().describe("Whether to release the version immediately (default: false)"),
+        confirmed: z2.boolean().optional().describe(
+          "Set to true only after the user has reviewed and confirmed all parameters. Omit or set false on first call."
+        )
+      },
+      execute: async (args) => {
+        if (!args.confirmed) {
+          return [
+            "STOP: Do not create the agent yet. You must ask the user to confirm the configuration first.",
+            "",
+            "Follow these steps NOW:",
+            "1. Call gitlab_list_builtin_tools and gitlab_list_project_mcp_servers to discover options.",
+            "2. Use the question tool to ask the user ALL 4 of these (in one call):",
+            "   - Agent name (suggest one, allow custom input)",
+            "   - Visibility: Public or Private",
+            "   - Tools: group by category (Search, Issues, MRs, Epics, Files, Git, CI/CD, Security, Audit, Planning, Wiki, API) as multi-select",
+            "   - MCP servers: multi-select from available servers",
+            "3. Generate a system prompt and show it to the user for approval.",
+            "4. Call gitlab_create_agent again with confirmed=true after the user approves."
+          ].join("\n");
+        }
+        const auth = ctx.ensureAuth();
+        if (!auth) throw new Error("Not authenticated");
+        const result = await createAgent(auth.instanceUrl, auth.token, args.project_id, {
+          name: args.name,
+          description: args.description,
+          public: args.public,
+          systemPrompt: args.system_prompt,
+          userPrompt: args.user_prompt,
+          tools: args.tools,
+          mcpTools: args.mcp_tools,
+          mcpServers: args.mcp_servers,
+          release: args.release
+        });
+        await ctx.refreshAgents();
+        return JSON.stringify(result, null, 2);
+      }
+    }),
+    gitlab_update_agent: tool2({
+      description: "Update an existing custom agent in the GitLab AI Catalog.\nOnly provided fields are updated; omitted fields remain unchanged.",
+      args: {
+        id: z2.string().describe("Agent ID (numeric or full GID)"),
+        name: z2.string().optional().describe("New display name"),
+        description: z2.string().optional().describe("New description"),
+        public: z2.boolean().optional().describe("Whether publicly visible"),
+        system_prompt: z2.string().optional().describe("New system prompt"),
+        user_prompt: z2.string().optional().describe("New user prompt template"),
+        tools: z2.array(z2.string()).optional().describe(
+          'New set of built-in tool Global IDs (full GIDs like "gid://gitlab/Ai::Catalog::BuiltInTool/1")'
+        ),
+        mcp_tools: z2.array(z2.string()).optional().describe("New set of MCP tool names"),
+        mcp_servers: z2.array(z2.string()).optional().describe(
+          'New set of MCP server Global IDs (full GIDs like "gid://gitlab/Ai::Catalog::McpServer/1")'
+        ),
+        release: z2.boolean().optional().describe("Whether to release the latest version"),
+        version_bump: z2.enum(["MAJOR", "MINOR", "PATCH"]).optional().describe("Version bump type")
+      },
+      execute: async (args) => {
+        const auth = ctx.ensureAuth();
+        if (!auth) throw new Error("Not authenticated");
+        const result = await updateAgent(auth.instanceUrl, auth.token, args.id, {
+          name: args.name,
+          description: args.description,
+          public: args.public,
+          systemPrompt: args.system_prompt,
+          userPrompt: args.user_prompt,
+          tools: args.tools,
+          mcpTools: args.mcp_tools,
+          mcpServers: args.mcp_servers,
+          release: args.release,
+          versionBump: args.version_bump
+        });
+        await ctx.refreshAgents();
+        return JSON.stringify(result, null, 2);
+      }
+    }),
+    gitlab_list_builtin_tools: tool2({
+      description: "List available built-in GitLab tools that can be assigned to custom agents.\nReturns tool IDs, names, and descriptions. Use the IDs when creating or updating agents.",
+      args: {},
+      execute: async () => {
+        const auth = ctx.ensureAuth();
+        if (!auth) throw new Error("Not authenticated");
+        const tools = await listBuiltInTools(auth.instanceUrl, auth.token);
+        if (!tools.length) return "No built-in tools available.";
+        return JSON.stringify(tools, null, 2);
+      }
+    }),
+    gitlab_design_flow: tool2({
+      description: "Interactive flow design tool. Returns the flow YAML schema reference, examples, and instructions.\nUse this BEFORE gitlab_create_flow to design the flow definition interactively with the user.\nThe tool also validates generated YAML against the flow_v2 JSON schema.",
+      args: {
+        action: z2.enum(["get_schema", "validate"]).describe(
+          '"get_schema" returns the schema reference and examples. "validate" validates a YAML definition.'
+        ),
+        definition: z2.string().optional().describe("YAML definition to validate (required when action=validate)")
+      },
+      execute: async (args) => {
+        if (args.action === "validate") {
+          if (!args.definition) return "Error: definition is required for validate action.";
+          const result = validateFlowYaml(args.definition);
+          if (result.valid) return "VALID: Flow definition passes schema validation.";
+          return `INVALID: ${result.errors.length} error(s):
+${result.errors.map((e, i) => `  ${i + 1}. ${e}`).join("\n")}`;
+        }
+        return [
+          "Follow this multi-round workflow to design a flow:",
+          "",
+          "ROUND 1: Call gitlab_list_builtin_tools to discover available tool names for the flow.",
+          "  Then use the question tool to ask the user:",
+          "  - Flow name",
+          "  - Visibility: Public or Private",
+          "  - What the flow should do (step-by-step description)",
+          "  - What GitLab resource it operates on (MR, issue, pipeline, vulnerability, etc.)",
+          "",
+          "ROUND 2: Based on the user's answers, propose a component architecture in plain text:",
+          "  - List each step with its type (DeterministicStep, OneOff, or Agent)",
+          "  - Explain what each step does and what tools it uses",
+          "  - Show the routing (linear or conditional)",
+          "  Ask the user to confirm or adjust.",
+          "",
+          "ROUND 3: Generate the full YAML definition using the schema below.",
+          "  Call gitlab_design_flow with action='validate' to check it.",
+          "  Show the validated YAML to the user for final approval.",
+          "  Then call gitlab_create_flow with confirmed=true.",
+          "",
+          "=== FLOW YAML SCHEMA ===",
+          FLOW_SCHEMA_REFERENCE,
+          "",
+          "=== EXAMPLE: Linear flow ===",
+          FLOW_EXAMPLE_LINEAR,
+          "",
+          "=== EXAMPLE: Conditional flow ===",
+          FLOW_EXAMPLE_CONDITIONAL
+        ].join("\n");
+      }
+    }),
+    gitlab_create_flow: tool2({
+      description: "Create a custom flow in the GitLab AI Catalog.\nFirst call: set confirmed=false (or omit). Returns instructions to use gitlab_design_flow first.\nSecond call: after the user confirms, set confirmed=true to create the flow.\nAfter creation, use gitlab_enable_project_flow to enable it on a project.",
+      args: {
+        project_id: z2.string().describe('Project path (e.g., "gitlab-org/gitlab")'),
+        name: z2.string().describe("Display name for the flow"),
+        description: z2.string().describe("Description of what the flow does"),
+        public: z2.boolean().describe("Whether publicly visible in the AI Catalog"),
+        definition: z2.string().describe("Flow YAML definition (validated via gitlab_design_flow)"),
+        release: z2.boolean().optional().describe("Whether to release the version immediately"),
+        confirmed: z2.boolean().optional().describe("Set true only after user has reviewed the YAML")
+      },
+      execute: async (args) => {
+        if (!args.confirmed) {
+          return [
+            "STOP: Do not create the flow yet.",
+            "",
+            "Call gitlab_design_flow with action='get_schema' first to get the interactive workflow.",
+            "Follow the multi-round design process, then call this tool with confirmed=true."
+          ].join("\n");
+        }
+        const validation = validateFlowYaml(args.definition);
+        if (!validation.valid) {
+          return `Flow YAML validation failed:
+${validation.errors.map((e, i) => `  ${i + 1}. ${e}`).join("\n")}
+
+Fix the errors and try again.`;
+        }
+        const auth = ctx.ensureAuth();
+        if (!auth) throw new Error("Not authenticated");
+        const result = await createFlow(auth.instanceUrl, auth.token, args.project_id, {
+          name: args.name,
+          description: args.description,
+          public: args.public,
+          definition: args.definition,
+          release: args.release
+        });
+        await ctx.refreshAgents();
+        const json = JSON.stringify(result, null, 2);
+        return `${json}
+
+Flow created successfully. Ask the user if they want to enable it on the current project using gitlab_enable_project_flow.`;
+      }
+    }),
+    gitlab_update_flow: tool2({
+      description: "Update an existing custom flow in the GitLab AI Catalog.\nOnly provided fields are updated; omitted fields remain unchanged.\nUse gitlab_design_flow with action='validate' to check YAML before updating.",
+      args: {
+        id: z2.string().describe("Flow ID (numeric or full GID)"),
+        name: z2.string().optional().describe("New display name"),
+        description: z2.string().optional().describe("New description"),
+        public: z2.boolean().optional().describe("Whether publicly visible"),
+        definition: z2.string().optional().describe("New flow YAML definition"),
+        release: z2.boolean().optional().describe("Whether to release the latest version"),
+        version_bump: z2.enum(["MAJOR", "MINOR", "PATCH"]).optional().describe("Version bump type")
+      },
+      execute: async (args) => {
+        if (args.definition) {
+          const validation = validateFlowYaml(args.definition);
+          if (!validation.valid) {
+            return `Flow YAML validation failed:
+${validation.errors.map((e, i) => `  ${i + 1}. ${e}`).join("\n")}
+
+Fix the errors and try again.`;
+          }
+        }
+        const auth = ctx.ensureAuth();
+        if (!auth) throw new Error("Not authenticated");
+        const result = await updateFlow(auth.instanceUrl, auth.token, args.id, {
+          name: args.name,
+          description: args.description,
+          public: args.public,
+          definition: args.definition,
+          release: args.release,
+          versionBump: args.version_bump
+        });
+        await ctx.refreshAgents();
+        return JSON.stringify(result, null, 2);
+      }
+    })
+  };
 }
 
-// src/index.ts
-import { readFileSync } from "fs";
-import { join } from "path";
-import os from "os";
-var z = tool.schema;
-function makeItemTools(z2, itemType, label, getAuth, ensureAuth, onChanged) {
+// src/tools/catalog-item-tools.ts
+import { tool as tool3 } from "@opencode-ai/plugin";
+var z3 = tool3.schema;
+function makeItemTools(itemType, label, getAuth, ensureAuth, onChanged) {
   const itemTypes = [itemType];
   const Label = label.charAt(0).toUpperCase() + label.slice(1);
   return {
-    [`gitlab_list_${label}s`]: tool({
+    [`gitlab_list_${label}s`]: tool3({
       description: `List ${label}s in the GitLab AI Catalog.
 Returns ${label}s with name, description, visibility, foundational flag, and version info.
 Supports search and cursor-based pagination.`,
       args: {
-        search: z2.string().optional().describe(`Search query to filter ${label}s by name or description`),
-        first: z2.number().optional().describe("Number of items to return (default 20)"),
-        after: z2.string().optional().describe("Cursor for pagination (from pageInfo.endCursor)")
+        search: z3.string().optional().describe(`Search query to filter ${label}s by name or description`),
+        first: z3.number().optional().describe("Number of items to return (default 20)"),
+        after: z3.string().optional().describe("Cursor for pagination (from pageInfo.endCursor)")
       },
       execute: async (args) => {
         const auth = ensureAuth();
@@ -2562,12 +3215,12 @@ Supports search and cursor-based pagination.`,
         }
       }
     }),
-    [`gitlab_get_${label}`]: tool({
+    [`gitlab_get_${label}`]: tool3({
       description: `Get details of a specific ${label} from the AI Catalog.
 Returns full details including name, description, visibility, versions, creator, and permissions.
 Accepts either a full Global ID (gid://gitlab/Ai::Catalog::Item/123) or just the numeric ID.`,
       args: {
-        [`${label}_id`]: z2.string().describe(`${Label} ID: full GID or numeric ID`)
+        [`${label}_id`]: z3.string().describe(`${Label} ID: full GID or numeric ID`)
       },
       execute: async (args) => {
         const auth = ensureAuth();
@@ -2580,14 +3233,14 @@ Accepts either a full Global ID (gid://gitlab/Ai::Catalog::Item/123) or just the
         }
       }
     }),
-    [`gitlab_list_project_${label}s`]: tool({
+    [`gitlab_list_project_${label}s`]: tool3({
       description: `List ${label}s enabled for a specific project.
 Returns all configured ${label}s including foundational ones.
 Each result includes the ${label} details and its consumer configuration.`,
       args: {
-        project_id: z2.string().describe('Project path (e.g., "gitlab-org/gitlab")'),
-        first: z2.number().optional().describe("Number of items to return (default 20)"),
-        after: z2.string().optional().describe("Cursor for pagination")
+        project_id: z3.string().describe('Project path (e.g., "gitlab-org/gitlab")'),
+        first: z3.number().optional().describe("Number of items to return (default 20)"),
+        after: z3.string().optional().describe("Cursor for pagination")
       },
       execute: async (args) => {
         const auth = ensureAuth();
@@ -2606,14 +3259,14 @@ Each result includes the ${label} details and its consumer configuration.`,
         }
       }
     }),
-    [`gitlab_enable_project_${label}`]: tool({
+    [`gitlab_enable_project_${label}`]: tool3({
       description: `Enable a ${label} in a project.
 Requires Maintainer or Owner role.
 Enabling in a project also enables at the group level.
 Foundational ${label}s cannot be enabled this way (use admin settings).`,
       args: {
-        project_id: z2.string().describe('Project path (e.g., "gitlab-org/gitlab")'),
-        [`${label}_id`]: z2.string().describe(`${Label} ID: full GID or numeric ID`)
+        project_id: z3.string().describe('Project path (e.g., "gitlab-org/gitlab")'),
+        [`${label}_id`]: z3.string().describe(`${Label} ID: full GID or numeric ID`)
       },
       execute: async (args) => {
         const auth = ensureAuth();
@@ -2626,287 +3279,81 @@ Foundational ${label}s cannot be enabled this way (use admin settings).`,
             args[`${label}_id`]
           );
           await onChanged?.();
-          return JSON.stringify(result, null, 2) + "\n\nNote: Restart opencode for the @ menu to reflect changes.";
-        } catch (err) {
-          return `Error: ${err.message}`;
-        }
-      }
-    }),
-    [`gitlab_disable_project_${label}`]: tool({
-      description: `Disable a ${label} in a project.
-Requires Maintainer or Owner role.
-Resolves the consumer ID internally from the ${label} ID.`,
-      args: {
-        project_id: z2.string().describe('Project path (e.g., "gitlab-org/gitlab")'),
-        [`${label}_id`]: z2.string().describe(`${Label} ID: full GID or numeric ID`)
-      },
-      execute: async (args) => {
-        const auth = ensureAuth();
-        if (!auth) return "Error: GitLab authentication not available";
-        try {
-          const result = await disableAiCatalogItemForProject(
-            auth.instanceUrl,
-            auth.token,
-            args.project_id,
-            args[`${label}_id`]
-          );
-          await onChanged?.();
-          return JSON.stringify(result, null, 2) + "\n\nNote: Restart opencode for the @ menu to reflect changes.";
-        } catch (err) {
-          return `Error: ${err.message}`;
-        }
-      }
-    })
-  };
-}
-function makeAgentFlowTools(z2, getAuth, readAuthFn, setAuth, onChanged) {
-  const ensureAuth = () => {
-    let auth = getAuth();
-    if (!auth) {
-      auth = readAuthFn();
-      if (auth) setAuth(auth);
-    }
-    return auth;
-  };
-  return {
-    ...makeItemTools(z2, "AGENT", "agent", getAuth, ensureAuth, onChanged),
-    ...makeItemTools(z2, "FLOW", "flow", getAuth, ensureAuth, onChanged)
-  };
-}
-function readAuth() {
-  try {
-    const authPath = join(os.homedir(), ".local", "share", "opencode", "auth.json");
-    const data = JSON.parse(readFileSync(authPath, "utf-8"));
-    const gitlab = data?.gitlab;
-    if (!gitlab) return null;
-    const token = gitlab.type === "oauth" ? gitlab.access : gitlab.type === "api" ? gitlab.key : null;
-    if (!token) return null;
-    const instanceUrl = gitlab.enterpriseUrl ?? process.env.GITLAB_INSTANCE_URL ?? "https://gitlab.com";
-    return { token, instanceUrl };
-  } catch {
-    return null;
-  }
-}
-function buildFlowSubagentPrompt(flow, projectPath, projectUrl) {
-  return [
-    `You execute the "${flow.name}" GitLab flow. Project: ${projectPath} (${projectUrl}).`,
-    ``,
-    `STEP 1: Call gitlab_get_flow_definition with consumer_id=${flow.consumerId}, foundational=${!!flow.foundational}.`,
-    `Parse the YAML config:`,
-    `- In "components", find { from: "context:goal", as: "<name>" }. The "as" value is what the goal parameter must contain:`,
-    `  "merge_request_iid" -> just the number (e.g. 14)`,
-    `  "pipeline_url"/"url"/"issue_url" -> full URL (e.g. ${projectUrl}/-/merge_requests/5)`,
-    `  "vulnerability_id" -> just the ID number`,
-    `  "goal" -> free-form text`,
-    `- In "flow.inputs", find additional_context categories (skip "agent_platform_standard_context").`,
-    ``,
-    `STEP 2: Resolve the goal to the EXACT value the flow expects (from step 1).`,
-    `The goal parameter has a 10000 char limit and is used directly as the flow parameter \u2014 pass ONLY the raw value, never a sentence.`,
-    `Use GitLab API tools if needed to look up IDs or construct URLs from the user's message.`,
-    ``,
-    `STEP 3: Gather additional_context values (if any from step 1) using available tools.`,
-    ``,
-    `STEP 4: Call gitlab_execute_project_flow with:`,
-    `  project_id: "${projectPath}"`,
-    `  consumer_id: ${flow.consumerId}`,
-    `  goal: <resolved value from step 2>`,
-    `  additional_context (if needed): [{"Category":"<cat>","Content":"{\\"field\\":\\"val\\"}"}]`,
-    ``,
-    `STEP 5: Call gitlab_get_workflow_status with the workflow_id. Report status and URL: ${projectUrl}/-/automate/agent-sessions/<id>`
-  ].join("\n");
-}
-var memo = /* @__PURE__ */ new Map();
-var FLOW_DISPATCH_GUIDELINES = [
-  `## GitLab Flow Dispatch Guidelines`,
-  ``,
-  `CRITICAL: You must NEVER call gitlab_execute_project_flow or gitlab_get_flow_definition directly.`,
-  `Flows are ALWAYS executed via the Task tool with subagent_type "general".`,
-  `When the user's message contains flow dispatch instructions (starting with "IMPORTANT: You MUST"),`,
-  `follow those instructions exactly \u2014 call the Task tool with the provided parameters.`,
-  ``,
-  `### Multiple Flows or Resources`,
-  `When multiple flows need to run (multiple @mentions, or batch across resources), dispatch them`,
-  `via a SINGLE "general" subagent. The general subagent can execute multiple tool calls in parallel,`,
-  `so all flows fire simultaneously. Do NOT dispatch multiple Task calls \u2014 use ONE Task with a prompt`,
-  `that lists all the flows to execute, so the subagent runs them concurrently.`,
-  ``,
-  `### Batch Operations (Multiple Resources)`,
-  `If the user asks to run flows on multiple resources (e.g., "for each MR"), first list the`,
-  `resources yourself using GitLab API tools, then dispatch ONE general subagent whose prompt`,
-  `includes all flow executions (N flows x M resources) to run in parallel.`
-].join("\n");
-var AGENT_CREATION_GUIDELINES = `## Creating Custom GitLab Agents
-
-Before calling gitlab_create_agent, you MUST:
-1. Call gitlab_list_builtin_tools and gitlab_list_project_mcp_servers.
-2. Ask the user 4 questions using the question tool (one call, all 4 questions):
-   - Agent name (suggest one, allow custom)
-   - Visibility: Public or Private
-   - Tools: show tools grouped by category as multi-select (Search, Issues, MRs, Epics, Files, Git, CI/CD, Security, Audit, Planning, Wiki, API)
-   - MCP servers: multi-select from available servers
-3. Show the generated system prompt and ask for confirmation.
-4. Only then call gitlab_create_agent. Use full tool GIDs like "gid://gitlab/Ai::Catalog::BuiltInTool/1".
-5. Ask if the user wants to enable it on the current project.`;
-var FLOW_SCHEMA_REFERENCE = `## Flow YAML Schema Reference
-
-### Top-level structure (all required unless noted):
-  version: "v1"                    # Always "v1"
-  environment: ambient             # Always "ambient"
-  components: [...]                # Array of components (min 1)
-  routers: [...]                   # Array of routers connecting components
-  flow:
-    entry_point: "component_name"  # First component to run
-    inputs: [...]                  # Optional: additional context inputs
-  prompts: [...]                   # Optional: inline prompt definitions
-
-### Component types:
-
-1. DeterministicStepComponent \u2014 runs ONE tool, no LLM call:
-   - name: "fetch_data"           # alphanumeric + underscore only
-     type: DeterministicStepComponent
-     tool_name: "get_merge_request"
-     inputs:                       # map tool parameters
-       - { from: "context:goal", as: "merge_request_iid" }
-       - { from: "context:project_id", as: "project_id" }
-
-2. OneOffComponent \u2014 single LLM call + tool execution:
-   - name: "process_data"
-     type: OneOffComponent
-     prompt_id: "my_prompt"        # references inline prompt
-     prompt_version: null           # null = use inline prompt from prompts section
-     toolset: ["read_file", "edit_file"]
-     inputs:
-       - { from: "context:fetch_data.tool_responses", as: "data" }
-     max_correction_attempts: 3    # retries on tool failure (default 3)
-
-3. AgentComponent \u2014 multi-turn LLM reasoning loop:
-   - name: "analyze"
-     type: AgentComponent
-     prompt_id: "my_agent_prompt"
-     prompt_version: null
-     toolset: ["read_file", "grep"]
-     inputs:
-       - { from: "context:goal", as: "user_goal" }
-     ui_log_events: ["on_agent_final_answer"]
-
-### IOKey syntax (inputs/from values):
-  "context:goal"                           # The flow goal (user input)
-  "context:project_id"                     # Project ID (auto-injected)
-  "context:<component_name>.tool_responses" # Tool output from a component
-  "context:<component_name>.final_answer"  # Agent's final text answer
-  "context:<component_name>.execution_result" # OneOff execution result
-  { from: "context:x", as: "var_name" }   # Rename for prompt template
-  { from: "true", as: "flag", literal: true } # Literal value
-
-### Router patterns:
-  Direct:      { from: "step1", to: "step2" }
-  To end:      { from: "last_step", to: "end" }
-  Conditional: { from: "step1", condition: { input: "context:step1.final_answer.decision", routes: { "yes": "step2", "no": "end" } } }
+          return JSON.stringify(result, null, 2) + "\n\nNote: Restart opencode for the @ menu to reflect changes.";
+        } catch (err) {
+          return `Error: ${err.message}`;
+        }
+      }
+    }),
+    [`gitlab_disable_project_${label}`]: tool3({
+      description: `Disable a ${label} in a project.
+Requires Maintainer or Owner role.
+Resolves the consumer ID internally from the ${label} ID.`,
+      args: {
+        project_id: z3.string().describe('Project path (e.g., "gitlab-org/gitlab")'),
+        [`${label}_id`]: z3.string().describe(`${Label} ID: full GID or numeric ID`)
+      },
+      execute: async (args) => {
+        const auth = ensureAuth();
+        if (!auth) return "Error: GitLab authentication not available";
+        try {
+          const result = await disableAiCatalogItemForProject(
+            auth.instanceUrl,
+            auth.token,
+            args.project_id,
+            args[`${label}_id`]
+          );
+          await onChanged?.();
+          return JSON.stringify(result, null, 2) + "\n\nNote: Restart opencode for the @ menu to reflect changes.";
+        } catch (err) {
+          return `Error: ${err.message}`;
+        }
+      }
+    })
+  };
+}
+function makeCatalogItemTools(ctx) {
+  return {
+    ...makeItemTools("AGENT", "agent", ctx.getAuth, ctx.ensureAuth, ctx.refreshAgents),
+    ...makeItemTools("FLOW", "flow", ctx.getAuth, ctx.ensureAuth, ctx.refreshAgents)
+  };
+}
 
-### Inline prompts (in prompts section):
-  - prompt_id: "my_prompt"
-    name: "My Prompt"
-    unit_primitives: ["duo_agent_platform"]   # Always this value
-    prompt_template:
-      system: "You are a helpful assistant. {{var_name}} is available."
-      user: "Process: {{data}}"
-      placeholder: "history"                   # Optional, for AgentComponent conversation history
+// src/tools/mcp-tools.ts
+import { tool as tool4 } from "@opencode-ai/plugin";
+var z4 = tool4.schema;
+function makeMcpTools(getCachedAgents) {
+  return {
+    gitlab_list_project_mcp_servers: tool4({
+      description: "List MCP servers available through agents enabled for a project.\nReturns deduplicated servers with name, URL, auth type, connection status, and which agents use them.",
+      args: {
+        project_id: z4.string().describe('Project path (e.g., "gitlab-org/gitlab")')
+      },
+      execute: async (_args) => {
+        const serverMap = /* @__PURE__ */ new Map();
+        for (const agent of getCachedAgents()) {
+          if (!agent.mcpServers?.length) continue;
+          for (const server of agent.mcpServers) {
+            const existing = serverMap.get(server.id);
+            if (existing) {
+              if (!existing.usedBy.includes(agent.name)) existing.usedBy.push(agent.name);
+            } else {
+              serverMap.set(server.id, { ...server, usedBy: [agent.name] });
+            }
+          }
+        }
+        const servers = [...serverMap.values()];
+        if (!servers.length) {
+          return "No MCP servers found for agents enabled in this project.";
+        }
+        return JSON.stringify(servers, null, 2);
+      }
+    })
+  };
+}
 
-### Tool names: use names from gitlab_list_builtin_tools (e.g., "read_file", "get_merge_request", "create_merge_request_note").`;
-var FLOW_EXAMPLE_LINEAR = `## Example: Simple linear flow (fetch MR \u2192 analyze \u2192 post comment)
-\`\`\`yaml
-version: "v1"
-environment: ambient
-components:
-  - name: fetch_mr
-    type: DeterministicStepComponent
-    tool_name: build_review_merge_request_context
-    inputs:
-      - { from: "context:project_id", as: "project_id" }
-      - { from: "context:goal", as: "merge_request_iid" }
-    ui_log_events: ["on_tool_execution_success", "on_tool_execution_failed"]
-  - name: analyze_and_comment
-    type: OneOffComponent
-    prompt_id: review_prompt
-    prompt_version: null
-    toolset: ["create_merge_request_note"]
-    inputs:
-      - { from: "context:fetch_mr.tool_responses", as: "mr_data" }
-      - { from: "context:project_id", as: "project_id" }
-      - { from: "context:goal", as: "merge_request_iid" }
-    max_correction_attempts: 3
-    ui_log_events: ["on_tool_execution_success"]
-routers:
-  - { from: fetch_mr, to: analyze_and_comment }
-  - { from: analyze_and_comment, to: end }
-flow:
-  entry_point: fetch_mr
-prompts:
-  - prompt_id: review_prompt
-    name: MR Review Prompt
-    unit_primitives: ["duo_agent_platform"]
-    prompt_template:
-      system: |
-        You review merge requests. Analyze the MR data and post a concise review comment.
-        Focus on code quality, potential bugs, and improvements.
-      user: "Review MR !{{merge_request_iid}} in project {{project_id}}: {{mr_data}}"
-\`\`\``;
-var FLOW_EXAMPLE_CONDITIONAL = `## Example: Conditional flow (gather data \u2192 decide \u2192 branch)
-\`\`\`yaml
-version: "v1"
-environment: ambient
-components:
-  - name: gather_context
-    type: DeterministicStepComponent
-    tool_name: get_vulnerability_details
-    inputs:
-      - { from: "context:goal", as: "vulnerability_id" }
-    ui_log_events: ["on_tool_execution_success"]
-  - name: evaluate
-    type: AgentComponent
-    prompt_id: eval_prompt
-    prompt_version: null
-    toolset: []
-    inputs:
-      - { from: "context:gather_context.tool_responses", as: "vuln_data" }
-    ui_log_events: ["on_agent_final_answer"]
-  - name: create_fix
-    type: AgentComponent
-    prompt_id: fix_prompt
-    prompt_version: null
-    toolset: ["read_file", "edit_file", "grep"]
-    inputs:
-      - { from: "context:gather_context.tool_responses", as: "vuln_data" }
-    ui_log_events: ["on_agent_final_answer", "on_tool_execution_success"]
-routers:
-  - { from: gather_context, to: evaluate }
-  - from: evaluate
-    condition:
-      input: "context:evaluate.final_answer"
-      routes:
-        "fix_needed": create_fix
-        "false_positive": end
-      default_route: end
-  - { from: create_fix, to: end }
-flow:
-  entry_point: gather_context
-prompts:
-  - prompt_id: eval_prompt
-    name: Vulnerability Evaluator
-    unit_primitives: ["duo_agent_platform"]
-    prompt_template:
-      system: |
-        Evaluate if a vulnerability needs fixing. Respond with exactly "fix_needed" or "false_positive".
-      user: "Evaluate: {{vuln_data}}"
-  - prompt_id: fix_prompt
-    name: Fix Generator
-    unit_primitives: ["duo_agent_platform"]
-    prompt_template:
-      system: |
-        You fix security vulnerabilities. Read the relevant code and apply the fix.
-      user: "Fix this vulnerability: {{vuln_data}}"
-      placeholder: history
-\`\`\``;
+// src/index.ts
+var memo = /* @__PURE__ */ new Map();
 var plugin = async (input) => {
   let authCache = null;
   let projectPath;
@@ -2916,6 +3363,13 @@ var plugin = async (input) => {
   let cachedAgents = [];
   let cfgRef = null;
   let baseModelIdRef;
+  function ensureAuth() {
+    if (!authCache) {
+      const auth = readAuth();
+      if (auth) authCache = auth;
+    }
+    return authCache;
+  }
   async function load() {
     const auth = readAuth();
     if (!auth) return null;
@@ -2989,6 +3443,14 @@ var plugin = async (input) => {
       }
     }
   }
+  const ctx = {
+    getAuth: () => authCache,
+    ensureAuth,
+    getFlowAgents: () => flowAgents,
+    getCachedAgents: () => cachedAgents,
+    getNamespaceId: () => namespaceId,
+    refreshAgents
+  };
   return {
     async config(cfg) {
       const result = await load();
@@ -3032,491 +3494,18 @@ var plugin = async (input) => {
         }
       }
     },
-    "chat.message": async (_input, output) => {
-      const indicesToRemove = [];
-      const flowMentions = [];
-      for (let i = 0; i < output.parts.length; i++) {
-        const part = output.parts[i];
-        if (part.type !== "agent") continue;
-        const flow = flowAgents.get(part.name);
-        if (!flow || !flow.consumerId || !projectPath) continue;
-        flowMentions.push({ idx: i, flow, displayName: part.name });
-        if (i + 1 < output.parts.length) {
-          const next = output.parts[i + 1];
-          if (next.type === "text" && next.synthetic && next.text?.includes("call the task tool with subagent")) {
-            indicesToRemove.push(i + 1);
-          }
-        }
-      }
-      if (flowMentions.length === 0) {
-        return;
-      }
-      if (flowMentions.length === 1) {
-        const { idx, flow } = flowMentions[0];
-        const baseUrl2 = authCache?.instanceUrl?.replace(/\/$/, "") ?? "https://gitlab.com";
-        const projectUrl2 = `${baseUrl2}/${projectPath}`;
-        const rawText2 = output.parts.filter((p) => p.type === "text" && !p.synthetic).map((p) => p.text).join(" ").trim() || "Execute the flow";
-        const subagentPrompt = buildFlowSubagentPrompt(flow, projectPath, projectUrl2) + `
-
-User goal: "${rawText2}"`;
-        const resultText = [
-          `IMPORTANT: You MUST call the Task tool RIGHT NOW to dispatch a subagent. Do NOT execute these steps yourself.`,
-          ``,
-          `Call the Task tool with:`,
-          `  subagent_type: "general"`,
-          `  description: "Execute ${flow.name} flow"`,
-          `  prompt: ${JSON.stringify(subagentPrompt)}`,
-          ``,
-          `Do not do anything else. Just call the Task tool with the above parameters.`
-        ].join("\n");
-        const original2 = output.parts[idx];
-        output.parts[idx] = { ...original2, type: "text", text: resultText };
-        delete output.parts[idx].name;
-        delete output.parts[idx].source;
-        for (const rmIdx of indicesToRemove.reverse()) {
-          output.parts.splice(rmIdx, 1);
-        }
-        return;
-      }
-      const baseUrl = authCache?.instanceUrl?.replace(/\/$/, "") ?? "https://gitlab.com";
-      const projectUrl = `${baseUrl}/${projectPath}`;
-      const flowNames = new Set(flowMentions.map((m) => m.displayName));
-      let rawText = output.parts.filter((p) => p.type === "text" && !p.synthetic).map((p) => p.text).join(" ").trim() || "Execute the flows";
-      for (const name of flowNames) {
-        rawText = rawText.replace(new RegExp(`@${name.replace(/[.*+?^${}()|[\]\\]/g, "\\$&")}`, "g"), "").trim();
-      }
-      rawText = rawText.replace(/\s{2,}/g, " ").trim() || "Execute the flows";
-      const flowList = flowMentions.map(
-        ({ flow, displayName }, i) => `${i + 1}. "${displayName}" \u2014 consumer_id=${flow.consumerId}, foundational=${!!flow.foundational}`
-      );
-      const batchPrompt = [
-        `Execute ${flowMentions.length} GitLab flows on project ${projectPath} (${projectUrl}).`,
-        `User goal: "${rawText}"`,
-        ``,
-        `Flows to execute:`,
-        ...flowList,
-        ``,
-        `EXECUTION PLAN:`,
-        `1. Call gitlab_get_flow_definition for ALL flows listed above in a SINGLE response (${flowMentions.length} tool calls at once).`,
-        `   Parse each YAML to find what "context:goal" maps to (the "as" field in components).`,
-        ``,
-        `2. If the user's goal involves multiple resources (e.g., "for each MR"), list them using GitLab API tools.`,
-        ``,
-        `3. Call gitlab_execute_project_flow for EVERY flow+resource combination in a SINGLE response.`,
-        `   For each call, set the goal to the EXACT value the flow expects (e.g., just "14" for merge_request_iid).`,
-        `   project_id: "${projectPath}"`,
-        `   You MUST emit ALL execute calls in ONE response \u2014 do NOT wait for one to finish before calling the next.`,
-        ``,
-        `4. Collect all workflow_ids from step 3. Call gitlab_get_workflow_status for ALL of them in a SINGLE response.`,
-        ``,
-        `5. Present a summary table: flow name, resource, status, URL (${projectUrl}/-/automate/agent-sessions/<id>).`,
-        ``,
-        `CRITICAL: In steps 1, 3, and 4 you MUST make multiple tool calls in the SAME response for parallel execution.`
-      ].join("\n");
-      const combinedText = [
-        `IMPORTANT: You MUST call the Task tool RIGHT NOW with subagent_type "general" to dispatch all flows in parallel.`,
-        `Do NOT call flow tools yourself. Do NOT dispatch multiple Task calls \u2014 use ONE.`,
-        ``,
-        `Call the Task tool with:`,
-        `  subagent_type: "general"`,
-        `  description: "Execute ${flowMentions.length} flows in parallel"`,
-        `  prompt: ${JSON.stringify(batchPrompt)}`,
-        ``,
-        `Do not do anything else. Just call the Task tool with the above parameters.`
-      ].join("\n");
-      const firstIdx = flowMentions[0].idx;
-      const original = output.parts[firstIdx];
-      output.parts[firstIdx] = { ...original, type: "text", text: combinedText };
-      delete output.parts[firstIdx].name;
-      delete output.parts[firstIdx].source;
-      for (let i = flowMentions.length - 1; i >= 1; i--) {
-        indicesToRemove.push(flowMentions[i].idx);
-      }
-      for (const idx of [...new Set(indicesToRemove)].sort((a, b) => b - a)) {
-        output.parts.splice(idx, 1);
-      }
-    },
-    "chat.params": async (input2, _output) => {
-      if (!gitlabAgentNames.has(input2.agent)) return;
-      const model = input2.model;
-      const modelId = model?.modelID ?? model?.id ?? "";
-      const isDWS = modelId.includes("duo-workflow");
-      if (!isDWS) {
-        const name = model?.name ?? modelId ?? "unknown";
-        throw new Error(
-          `GitLab agent "${input2.agent}" requires an Agent Platform model but the current model is "${name}". Please switch to an Agent Platform model (duo-workflow-*) in the model picker to use GitLab agents.`
-        );
-      }
-    },
-    "experimental.chat.system.transform": async (_input, output) => {
-      if (flowAgents.size) {
-        output.system.push(FLOW_DISPATCH_GUIDELINES);
-      }
-      if (authCache) {
-        output.system.push(AGENT_CREATION_GUIDELINES);
-      }
-    },
+    "chat.message": makeChatMessageHook(
+      () => authCache,
+      flowAgents,
+      () => projectPath
+    ),
+    "chat.params": makeChatParamsHook(gitlabAgentNames),
+    "experimental.chat.system.transform": makeSystemTransformHook(flowAgents, () => authCache),
     tool: {
-      gitlab_execute_project_flow: tool({
-        description: "Execute a GitLab DAP flow on a project.\nTriggers a flow via the Duo Workflow Service REST API.\nThe flow runs asynchronously and is visible in the GitLab UI.\nReturns the workflow record with ID and status.\nThe additional_context parameter accepts flow-specific inputs as a JSON array of {Category, Content} objects.",
-        args: {
-          project_id: z.string().describe('Project path (e.g., "gitlab-org/gitlab")'),
-          consumer_id: z.number().describe("AI Catalog ItemConsumer numeric ID"),
-          goal: z.string().describe("User prompt/goal for the flow, include relevant URLs"),
-          additional_context: z.string().optional().describe(
-            'JSON array of flow inputs: [{"Category":"merge_request","Content":"{\\"url\\":\\"https://...\\"}"}]'
-          ),
-          issue_id: z.number().optional().describe("Issue IID for context"),
-          merge_request_id: z.number().optional().describe("Merge request IID for context")
-        },
-        execute: async (args) => {
-          if (!authCache) {
-            const auth = readAuth();
-            if (!auth) return "Error: GitLab authentication not available";
-            authCache = auth;
-          }
-          let flowInputs;
-          if (args.additional_context) {
-            try {
-              flowInputs = JSON.parse(args.additional_context);
-            } catch {
-              return "Error: additional_context must be a valid JSON array";
-            }
-          }
-          try {
-            const result = await executeFlow(
-              authCache.instanceUrl,
-              authCache.token,
-              args.project_id,
-              args.consumer_id,
-              args.goal,
-              {
-                issueId: args.issue_id,
-                mergeRequestId: args.merge_request_id,
-                namespaceId,
-                flowInputs
-              }
-            );
-            return JSON.stringify(result, null, 2);
-          } catch (err) {
-            return `Error executing flow: ${err.message}`;
-          }
-        }
-      }),
-      gitlab_get_flow_definition: tool({
-        description: "Get the YAML configuration of a GitLab DAP flow.\nReturns the flow config YAML which contains the flow.inputs section\ndescribing what additional_context categories and fields the flow requires.\nUse this before executing a flow to understand what inputs to gather.\nSet foundational=true for GitLab built-in flows, foundational=false for custom flows.",
-        args: {
-          consumer_id: z.number().describe("AI Catalog ItemConsumer numeric ID"),
-          foundational: z.boolean().describe("true for GitLab foundational flows, false for custom flows")
-        },
-        execute: async (args) => {
-          if (!authCache) {
-            const auth = readAuth();
-            if (!auth) return "Error: GitLab authentication not available";
-            authCache = auth;
-          }
-          const flow = [...flowAgents.values()].find((f) => f.consumerId === args.consumer_id);
-          try {
-            const result = await getFlowDefinition(authCache.instanceUrl, authCache.token, {
-              consumerId: args.consumer_id,
-              flowName: flow?.name,
-              foundational: args.foundational,
-              catalogItemVersionId: flow?.catalogItemVersionId,
-              itemIdentifier: flow?.identifier,
-              workflowDefinition: flow?.workflowDefinition
-            });
-            return JSON.stringify(result, null, 2);
-          } catch (err) {
-            return `Error getting flow definition: ${err.message}`;
-          }
-        }
-      }),
-      gitlab_get_workflow_status: tool({
-        description: "Get the status and latest messages of a GitLab DAP workflow.\nUse this to monitor a running flow after executing it.\nReturns the workflow status, latest checkpoint messages, and timestamps.\nPoll every 10 seconds until status is completed, failed, or cancelled.",
-        args: {
-          workflow_id: z.number().describe("Workflow numeric ID (from gitlab_execute_project_flow result)")
-        },
-        execute: async (args) => {
-          if (!authCache) {
-            const auth = readAuth();
-            if (!auth) return "Error: GitLab authentication not available";
-            authCache = auth;
-          }
-          try {
-            const result = await getWorkflowStatus(
-              authCache.instanceUrl,
-              authCache.token,
-              args.workflow_id
-            );
-            return JSON.stringify(result, null, 2);
-          } catch (err) {
-            return `Error getting workflow status: ${err.message}`;
-          }
-        }
-      }),
-      gitlab_list_project_mcp_servers: tool({
-        description: "List MCP servers available through agents enabled for a project.\nReturns deduplicated servers with name, URL, auth type, connection status, and which agents use them.",
-        args: {
-          project_id: z.string().describe('Project path (e.g., "gitlab-org/gitlab")')
-        },
-        execute: async (_args) => {
-          const serverMap = /* @__PURE__ */ new Map();
-          for (const agent of cachedAgents) {
-            if (!agent.mcpServers?.length) continue;
-            for (const server of agent.mcpServers) {
-              const existing = serverMap.get(server.id);
-              if (existing) {
-                if (!existing.usedBy.includes(agent.name)) existing.usedBy.push(agent.name);
-              } else {
-                serverMap.set(server.id, { ...server, usedBy: [agent.name] });
-              }
-            }
-          }
-          const servers = [...serverMap.values()];
-          if (!servers.length) {
-            return "No MCP servers found for agents enabled in this project.";
-          }
-          return JSON.stringify(servers, null, 2);
-        }
-      }),
-      gitlab_create_agent: tool({
-        description: "Create a new custom agent in the GitLab AI Catalog.\nFirst call: set confirmed=false (or omit). The tool returns without creating anything and instructs you to ask the user for agent properties using the question tool.\nSecond call: after the user confirms, set confirmed=true to actually create the agent.\nAfter creation, use gitlab_enable_project_agent to enable it on a project.",
-        args: {
-          project_id: z.string().describe('Project path (e.g., "gitlab-org/gitlab")'),
-          name: z.string().describe("Display name for the agent"),
-          description: z.string().describe("Description of what the agent does"),
-          public: z.boolean().describe("Whether the agent is publicly visible in the AI Catalog"),
-          system_prompt: z.string().describe("System prompt that defines the agent's behavior"),
-          user_prompt: z.string().optional().describe("User prompt template (optional)"),
-          tools: z.array(z.string()).optional().describe(
-            'Array of built-in tool Global IDs from gitlab_list_builtin_tools. Must be full GIDs like "gid://gitlab/Ai::Catalog::BuiltInTool/1", NOT tool names.'
-          ),
-          mcp_tools: z.array(z.string()).optional().describe("Array of MCP tool names to enable"),
-          mcp_servers: z.array(z.string()).optional().describe(
-            'Array of MCP server Global IDs from gitlab_list_project_mcp_servers. Must be full GIDs like "gid://gitlab/Ai::Catalog::McpServer/1", NOT server names.'
-          ),
-          release: z.boolean().optional().describe("Whether to release the version immediately (default: false)"),
-          confirmed: z.boolean().optional().describe(
-            "Set to true only after the user has reviewed and confirmed all parameters. Omit or set false on first call."
-          )
-        },
-        execute: async (args) => {
-          if (!args.confirmed) {
-            return [
-              "STOP: Do not create the agent yet. You must ask the user to confirm the configuration first.",
-              "",
-              "Follow these steps NOW:",
-              "1. Call gitlab_list_builtin_tools and gitlab_list_project_mcp_servers to discover options.",
-              "2. Use the question tool to ask the user ALL 4 of these (in one call):",
-              "   - Agent name (suggest one, allow custom input)",
-              "   - Visibility: Public or Private",
-              "   - Tools: group by category (Search, Issues, MRs, Epics, Files, Git, CI/CD, Security, Audit, Planning, Wiki, API) as multi-select",
-              "   - MCP servers: multi-select from available servers",
-              "3. Generate a system prompt and show it to the user for approval.",
-              "4. Call gitlab_create_agent again with confirmed=true after the user approves."
-            ].join("\n");
-          }
-          const auth = authCache ?? readAuth();
-          if (!auth) throw new Error("Not authenticated");
-          const result = await createAgent(auth.instanceUrl, auth.token, args.project_id, {
-            name: args.name,
-            description: args.description,
-            public: args.public,
-            systemPrompt: args.system_prompt,
-            userPrompt: args.user_prompt,
-            tools: args.tools,
-            mcpTools: args.mcp_tools,
-            mcpServers: args.mcp_servers,
-            release: args.release
-          });
-          await refreshAgents();
-          return JSON.stringify(result, null, 2);
-        }
-      }),
-      gitlab_update_agent: tool({
-        description: "Update an existing custom agent in the GitLab AI Catalog.\nOnly provided fields are updated; omitted fields remain unchanged.",
-        args: {
-          id: z.string().describe("Agent ID (numeric or full GID)"),
-          name: z.string().optional().describe("New display name"),
-          description: z.string().optional().describe("New description"),
-          public: z.boolean().optional().describe("Whether publicly visible"),
-          system_prompt: z.string().optional().describe("New system prompt"),
-          user_prompt: z.string().optional().describe("New user prompt template"),
-          tools: z.array(z.string()).optional().describe(
-            'New set of built-in tool Global IDs (full GIDs like "gid://gitlab/Ai::Catalog::BuiltInTool/1")'
-          ),
-          mcp_tools: z.array(z.string()).optional().describe("New set of MCP tool names"),
-          mcp_servers: z.array(z.string()).optional().describe(
-            'New set of MCP server Global IDs (full GIDs like "gid://gitlab/Ai::Catalog::McpServer/1")'
-          ),
-          release: z.boolean().optional().describe("Whether to release the latest version"),
-          version_bump: z.enum(["MAJOR", "MINOR", "PATCH"]).optional().describe("Version bump type")
-        },
-        execute: async (args) => {
-          const auth = authCache ?? readAuth();
-          if (!auth) throw new Error("Not authenticated");
-          const result = await updateAgent(auth.instanceUrl, auth.token, args.id, {
-            name: args.name,
-            description: args.description,
-            public: args.public,
-            systemPrompt: args.system_prompt,
-            userPrompt: args.user_prompt,
-            tools: args.tools,
-            mcpTools: args.mcp_tools,
-            mcpServers: args.mcp_servers,
-            release: args.release,
-            versionBump: args.version_bump
-          });
-          await refreshAgents();
-          return JSON.stringify(result, null, 2);
-        }
-      }),
-      gitlab_list_builtin_tools: tool({
-        description: "List available built-in GitLab tools that can be assigned to custom agents.\nReturns tool IDs, names, and descriptions. Use the IDs when creating or updating agents.",
-        args: {},
-        execute: async () => {
-          const auth = authCache ?? readAuth();
-          if (!auth) throw new Error("Not authenticated");
-          const tools = await listBuiltInTools(auth.instanceUrl, auth.token);
-          if (!tools.length) return "No built-in tools available.";
-          return JSON.stringify(tools, null, 2);
-        }
-      }),
-      gitlab_design_flow: tool({
-        description: "Interactive flow design tool. Returns the flow YAML schema reference, examples, and instructions.\nUse this BEFORE gitlab_create_flow to design the flow definition interactively with the user.\nThe tool also validates generated YAML against the flow_v2 JSON schema.",
-        args: {
-          action: z.enum(["get_schema", "validate"]).describe(
-            '"get_schema" returns the schema reference and examples. "validate" validates a YAML definition.'
-          ),
-          definition: z.string().optional().describe("YAML definition to validate (required when action=validate)")
-        },
-        execute: async (args) => {
-          if (args.action === "validate") {
-            if (!args.definition) return "Error: definition is required for validate action.";
-            const result = validateFlowYaml(args.definition);
-            if (result.valid) return "VALID: Flow definition passes schema validation.";
-            return `INVALID: ${result.errors.length} error(s):
-${result.errors.map((e, i) => `  ${i + 1}. ${e}`).join("\n")}`;
-          }
-          return [
-            "Follow this multi-round workflow to design a flow:",
-            "",
-            "ROUND 1: Call gitlab_list_builtin_tools to discover available tool names for the flow.",
-            "  Then use the question tool to ask the user:",
-            "  - Flow name",
-            "  - Visibility: Public or Private",
-            "  - What the flow should do (step-by-step description)",
-            "  - What GitLab resource it operates on (MR, issue, pipeline, vulnerability, etc.)",
-            "",
-            "ROUND 2: Based on the user's answers, propose a component architecture in plain text:",
-            "  - List each step with its type (DeterministicStep, OneOff, or Agent)",
-            "  - Explain what each step does and what tools it uses",
-            "  - Show the routing (linear or conditional)",
-            "  Ask the user to confirm or adjust.",
-            "",
-            "ROUND 3: Generate the full YAML definition using the schema below.",
-            "  Call gitlab_design_flow with action='validate' to check it.",
-            "  Show the validated YAML to the user for final approval.",
-            "  Then call gitlab_create_flow with confirmed=true.",
-            "",
-            "=== FLOW YAML SCHEMA ===",
-            FLOW_SCHEMA_REFERENCE,
-            "",
-            "=== EXAMPLE: Linear flow ===",
-            FLOW_EXAMPLE_LINEAR,
-            "",
-            "=== EXAMPLE: Conditional flow ===",
-            FLOW_EXAMPLE_CONDITIONAL
-          ].join("\n");
-        }
-      }),
-      gitlab_create_flow: tool({
-        description: "Create a custom flow in the GitLab AI Catalog.\nFirst call: set confirmed=false (or omit). Returns instructions to use gitlab_design_flow first.\nSecond call: after the user confirms, set confirmed=true to create the flow.\nAfter creation, use gitlab_enable_project_flow to enable it on a project.",
-        args: {
-          project_id: z.string().describe('Project path (e.g., "gitlab-org/gitlab")'),
-          name: z.string().describe("Display name for the flow"),
-          description: z.string().describe("Description of what the flow does"),
-          public: z.boolean().describe("Whether publicly visible in the AI Catalog"),
-          definition: z.string().describe("Flow YAML definition (validated via gitlab_design_flow)"),
-          release: z.boolean().optional().describe("Whether to release the version immediately"),
-          confirmed: z.boolean().optional().describe("Set true only after user has reviewed the YAML")
-        },
-        execute: async (args) => {
-          if (!args.confirmed) {
-            return [
-              "STOP: Do not create the flow yet.",
-              "",
-              "Call gitlab_design_flow with action='get_schema' first to get the interactive workflow.",
-              "Follow the multi-round design process, then call this tool with confirmed=true."
-            ].join("\n");
-          }
-          const validation = validateFlowYaml(args.definition);
-          if (!validation.valid) {
-            return `Flow YAML validation failed:
-${validation.errors.map((e, i) => `  ${i + 1}. ${e}`).join("\n")}
-
-Fix the errors and try again.`;
-          }
-          const auth = authCache ?? readAuth();
-          if (!auth) throw new Error("Not authenticated");
-          const result = await createFlow(auth.instanceUrl, auth.token, args.project_id, {
-            name: args.name,
-            description: args.description,
-            public: args.public,
-            definition: args.definition,
-            release: args.release
-          });
-          await refreshAgents();
-          const json = JSON.stringify(result, null, 2);
-          return `${json}
-
-Flow created successfully. Ask the user if they want to enable it on the current project using gitlab_enable_project_flow.`;
-        }
-      }),
-      gitlab_update_flow: tool({
-        description: "Update an existing custom flow in the GitLab AI Catalog.\nOnly provided fields are updated; omitted fields remain unchanged.\nUse gitlab_design_flow with action='validate' to check YAML before updating.",
-        args: {
-          id: z.string().describe("Flow ID (numeric or full GID)"),
-          name: z.string().optional().describe("New display name"),
-          description: z.string().optional().describe("New description"),
-          public: z.boolean().optional().describe("Whether publicly visible"),
-          definition: z.string().optional().describe("New flow YAML definition"),
-          release: z.boolean().optional().describe("Whether to release the latest version"),
-          version_bump: z.enum(["MAJOR", "MINOR", "PATCH"]).optional().describe("Version bump type")
-        },
-        execute: async (args) => {
-          if (args.definition) {
-            const validation = validateFlowYaml(args.definition);
-            if (!validation.valid) {
-              return `Flow YAML validation failed:
-${validation.errors.map((e, i) => `  ${i + 1}. ${e}`).join("\n")}
-
-Fix the errors and try again.`;
-            }
-          }
-          const auth = authCache ?? readAuth();
-          if (!auth) throw new Error("Not authenticated");
-          const result = await updateFlow(auth.instanceUrl, auth.token, args.id, {
-            name: args.name,
-            description: args.description,
-            public: args.public,
-            definition: args.definition,
-            release: args.release,
-            versionBump: args.version_bump
-          });
-          await refreshAgents();
-          return JSON.stringify(result, null, 2);
-        }
-      }),
-      ...makeAgentFlowTools(
-        z,
-        () => authCache,
-        readAuth,
-        (a) => {
-          authCache = a;
-        },
-        refreshAgents
-      )
+      ...makeFlowTools(ctx),
+      ...makeMcpTools(() => cachedAgents),
+      ...makeCatalogCrudTools(ctx),
+      ...makeCatalogItemTools(ctx)
     }
   };
 };