Commit Graph

2116 Commits

Author SHA1 Message Date
Akhilesh Kumar ee425228fe fix(core): ensure policy engine compatibility with isolated MCP servers
This commit addresses PR feedback regarding the prefixing of isolated subagent MCP servers and its potential to break existing security policies relying on standard FQNs.

1. Added `originalName` to `MCPServerConfig` and `originalServerName` to `DiscoveredMCPTool`.
2. Updated `CoreToolScheduler` to reconstruct the original FQN (without the `__agent__` prefix) when performing policy checks via the Policy Engine. This ensures policies mapping to standard `mcp_{server}_{tool}` formats still apply correctly to isolated agents.
3. Added a remote agent back to `NewAgentsNotification.test.tsx` to maintain coverage for both local and remote agents.
2026-03-13 17:30:32 +00:00
Akhilesh Kumar 3bf0a5579a Merge remote-tracking branch 'origin/main' into fix-subagent-tool-isolation
# Conflicts:
#	packages/core/src/agents/local-executor.ts
2026-03-12 19:26:33 +00:00
Abhi cd7dced951 feat(core): implement model-driven parallel tool scheduler (#21933) 2026-03-12 17:03:44 +00:00
Adam Weidman 4b76fe0061 feat(core): add google credentials provider for remote agents (#21024) 2026-03-12 15:39:59 +00:00
Gaurav 867dc0fdda feat(telemetry): add Clearcut instrumentation for AI credits billing events (#22153) 2026-03-12 15:16:27 +00:00
Michael Ramos 7506b00488 fix(core): handle policy ALLOW for exit_plan_mode (#21802) 2026-03-12 14:43:40 +00:00
Jaisal K Jain 34709dc62d fix(cli): validate --model argument at startup (#21393)
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
2026-03-12 14:38:54 +00:00
Abhi 8432bcee75 fix(core): resolve MCP tool FQN validation, schema export, and wildcards in subagents (#22069) 2026-03-12 14:17:36 +00:00
Aditya Bijalwan 333475c41f feat(browser): implement input blocker overlay during automation (#21132)
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
Co-authored-by: Gaurav <39389231+gsquared94@users.noreply.github.com>
Co-authored-by: Gaurav Ghosh <gaghosh@google.com>
2026-03-12 11:29:57 +00:00
Adam Weidman 10ab958378 refactor(core): extract ExecutionLifecycleService for tool backgrounding (#21717) 2026-03-12 04:03:54 +00:00
Bryan Morgan 949e85ca55 feat(core): differentiate User-Agent for a2a-server and ACP clients (#22059) 2026-03-12 02:31:59 +00:00
Spencer f090736ebc fix(core): secure argsPattern and revert WEB_FETCH_TOOL_NAME escalation (#22104)
Co-authored-by: Taylor Mullen <ntaylormullen@google.com>
2026-03-12 02:26:21 +00:00
N. Taylor Mullen 7380424782 fix(policy): ensure user policies are loaded when policyPaths is empty (#22090) 2026-03-11 23:58:58 +00:00
N. Taylor Mullen 4a6d1fad9d fix(core): propagate subagent context to policy engine (#22086) 2026-03-11 23:01:45 +00:00
Akhilesh Kumar 164abf9d9b fix(core): resolve TypeScript compilation errors in LocalAgentExecutor 2026-03-11 21:47:31 +00:00
Gal Zahavi e3b3b71c14 feat(core): implement SandboxManager interface and config schema (#21774)
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
2026-03-11 21:42:50 +00:00
krishdef7 926dddf0bf fix(hooks): fix BeforeAgent/AfterAgent inconsistencies (#18514) (#21383)
Co-authored-by: Spencer <spencertang@google.com>
2026-03-11 21:40:11 +00:00
Abhi 3bf4f885d8 feat(core): simplify subagent success UI and improve early termination display (#21917) 2026-03-11 21:11:07 +00:00
Akhilesh Kumar b132791cd2 test(core): add unit tests for subagent MCP tool isolation
Unit tests added:
1. Tool Registry Filtering: Verified that main registry hides all '__agent__' prefixed tools.
2. Subagent Tool Inheritance: Verified that agents correctly filter out other agents' MCP tools while retaining their own.
Verified with vitest in packages/core.
2026-03-11 20:55:10 +00:00
Akhilesh Kumar 5a020e7720 fix(core): avoid restarting subagent MCP servers
I've tactically refactored the `LocalAgentExecutor` so that it avoids shutting down and restarting subagent MCP servers for every agent execution, which mitigates the performance overhead caused by long startup times.

1. Leveraging the Global McpClientManager:
Instead of instantiating an entirely new `McpClientManager` instance within the `LocalAgentExecutor` per execution (and shutting it down in its `finally` block), we now use the single global `McpClientManager` available on `context.config`. Since the global manager deduplicates connection attempts by checking if the server is already active, subagent MCP servers will now naturally stay alive after their initial initialization.

2. Prefixing to Avoid Polluting the Global Namespace:
To isolate the agent-specific tools, we now register the subagent's MCP servers with a unique prefix: `__agent__${definition.name}__${name}`.

3. Strict Filtering for True Isolation (ToolRegistry):
- Main CLI context: Added a block in the global `ToolRegistry.getFunctionDeclarations()` that strictly hides any tool belonging to a server prefixed with `__agent__` if the registry `isMainRegistry`. This prevents internal subagent tools from leaking to the main agent.
- Subagent context (`LocalAgentExecutor`): When inheriting tools from the parent registry (the fallback when an agent doesn't explicitly define `tools: []`), the agent now ignores `__agent__` prefixed tools that belong to *other* agents, ensuring strict tool isolation while keeping the actual underlying server processes alive and reusable.
2026-03-11 20:43:25 +00:00
Spencer 775bcbf3a6 fix(core): silently retry API errors up to 3 times before halting session (#21989) 2026-03-11 20:40:06 +00:00
M Junaid Shaukat e802776c96 feat(core): support custom base URL via env vars (#21561)
Co-authored-by: Spencer <spencertang@google.com>
2026-03-11 20:10:29 +00:00
AK eb5d22848c Merge branch 'main' into fix-subagent-tool-isolation 2026-03-11 13:02:45 -07:00
Sehoon Shon b7578eba7d fix(core): preserve dynamic tool descriptions on session resume (#18835)
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
2026-03-11 19:38:54 +00:00
Spencer b87718d1ff fix(policy): remove unnecessary escapeRegex from pattern builders (#21921) 2026-03-11 19:31:55 +00:00
Aishanee Shah 067e09a40b feat(telemetry): implement retry attempt telemetry for network related retries (#22027)
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
2026-03-11 18:55:48 +00:00
Sehoon Shon 36ce2ba96e fix(core): enable numerical routing for api key users (#21977) 2026-03-11 18:54:52 +00:00
Yuna Seol df8b399bb4 feat(core): include initiationMethod in conversation interaction telemetry (#22054)
Co-authored-by: Yuna Seol <yunaseol@google.com>
2026-03-11 18:38:15 +00:00
Sehoon Shon 41f1ea4672 fix(core): handle EISDIR in robustRealpath on Windows (#21984) 2026-03-11 18:22:10 +00:00
Sehoon Shon 58557ba786 perf(core): parallelize user quota and experiments fetching in refreshAuth (#21648) 2026-03-11 18:00:16 +00:00
Gal Zahavi 6900fe5527 feat(policy): add --admin-policy flag for supplemental admin policies (#20360) 2026-03-11 17:35:45 +00:00
Akhilesh Kumar 2e6c81e7ad chore: address PR feedback by adding inline comments 2026-03-11 17:13:32 +00:00
Akhilesh Kumar d4b7d358c5 feat(core): support inline MCP server definitions in subagent markdown 2026-03-11 17:10:36 +00:00
Akhilesh Kumar c68a2cb933 feat(core): implement configuration-based tool isolation for subagents 2026-03-11 17:09:46 +00:00
Yuna Seol 50384ab3c9 fix(core): update language detection to use LSP 3.18 identifiers (#21931) 2026-03-11 16:05:52 +00:00
Manav Sharma eaf6e8bbb1 fix(core)#20941: reap orphaned descendant processes on PTY abort (#21124)
Co-authored-by: Spencer <spencertang@google.com>
2026-03-11 15:36:25 +00:00
Jack Wotherspoon b804fe9662 fix: clean up /clear and /resume (#22007) 2026-03-11 15:23:23 +00:00
Krrish Verma c2d38bac54 test(core): add missing tests for prompts/utils.ts (#19941)
Co-authored-by: Jacob Richman <jacob314@gmail.com>
2026-03-11 07:00:37 +00:00
Sehoon Shon e54c450bc1 fix(core): remove OAuth check from handleFallback and clean up stray file (#21962) 2026-03-11 04:56:06 +00:00
Aishanee Shah f8ad3a200a Feat/retry fetch notifications (#21813) 2026-03-11 03:33:50 +00:00
gemini-cli-robot 3a0c9a0d39 chore(release): bump version to 0.35.0-nightly.20260311.657f19c1f (#21966) 2026-03-11 02:36:40 +00:00
joshualitt 20a226a5ab feat(core): Thread AgentLoopContext through core. (#21944) 2026-03-11 01:12:59 +00:00
Tommaso Sciortino daf3701194 feat(cli): customizable keyboard shortcuts (#21945) 2026-03-11 01:05:50 +00:00
Gal Zahavi 524679d23c feat: implement background process logging and cleanup (#21189) 2026-03-11 00:13:20 +00:00
Shyam Raghuwanshi 7c4570339e fix: robust UX for remote agent errors (#20307)
Co-authored-by: Adam Weidman <adamfweidman@google.com>
2026-03-10 23:50:25 +00:00
gemini-cli-robot a9500d6a6c chore/release: bump version to 0.34.0-nightly.20260310.4653b126f (#21816) 2026-03-10 21:22:37 +00:00
Coco Sheng 519c75f410 fix: prevent hangs in non-interactive mode and improve agent guidance (#20893)
Co-authored-by: Keith Schaab <keith.schaab@gmail.com>
2026-03-10 20:30:58 +00:00
Gaurav 3ff68a9e55 fix: patch gaxios v7 Array.toString() stream corruption (#21884) 2026-03-10 20:25:24 +00:00
kevinjwang1 5b8ad9cd65 Add extensionRegistryURI setting to change where the registry is read from (#20463) 2026-03-10 20:22:03 +00:00
Aditya Bijalwan 5caa192cfc feat: add pulsating blue border automation overlay to browser agent (#21173)
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
Co-authored-by: Gaurav <39389231+gsquared94@users.noreply.github.com>
2026-03-10 20:15:03 +00:00