feat: add support for Gemini Enterprise (Discovery Engine) assistant

- Implemented EnterpriseAgentProtocol and EnterpriseAgentSession in core
- Authenticates seamlessly via Application Default Credentials (ADC)
- Added robust brace-counting JSON stream parser with partial chunk caching
- Extracted and rendered immersive docArtifacts (markdown tables) E2E
- Integrated with CLI config schema and enabled default 'all tools' execution
- Added comprehensive unit tests verifying all stream events (thoughts, tools, tables)

TAG=agy
CONV=81e82460-f8cd-4c7b-a037-2cbedda4d3c0

packages/cli/src/gemini.tsx

@@ -507,7 +507,8 @@ export async function main() {
   // the sandbox because the sandbox will interfere with the Oauth2 web
   // redirect.
   let initialAuthFailed = false;
-  if (!settings.merged.security.auth.useExternal && !argv.isCommand) {
+  const useEnterprise = process.env['GEMINI_CLI_ENTERPRISE_AGENT'] === 'true';
+  if (!settings.merged.security.auth.useExternal && !argv.isCommand && !useEnterprise) {
     try {
       if (
         partialConfig.isInteractive() &&
@@ -858,13 +859,16 @@ export async function main() {
       ),
     );
 
-    const authType = await validateNonInteractiveAuth(
-      settings.merged.security.auth.selectedType,
-      settings.merged.security.auth.useExternal,
-      config,
-      settings,
-    );
-    await config.refreshAuth(authType);
+    const useEnterprise = process.env['GEMINI_CLI_ENTERPRISE_AGENT'] === 'true';
+    if (!useEnterprise) {
+      const authType = await validateNonInteractiveAuth(
+        settings.merged.security.auth.selectedType,
+        settings.merged.security.auth.useExternal,
+        config,
+        settings,
+      );
+      await config.refreshAuth(authType);
+    }
 
     if (config.getDebugMode()) {
       debugLogger.log('Session ID: %s', sessionId);