feat(core): add foundation for subagent tool isolation

[akh64bit]

Summary

This PR lays the groundwork for isolating tools per subagent. It introduces the mcpServers metadata structure to AgentOverride and LocalAgentDefinition, parses inline MCP servers from agent markdown definitions, and updates the DeclarativeTool class with a clone method to support deep cloning with a specific message bus.

Details

• Types & Metadata: Added mcpServers to LocalAgentDefinition and AgentOverride to describe inline MCP servers for subagents.
• Agent Loader: Updated markdownToAgentDefinition to parse and populate the mcpServers configurations from agent markdown definitions.
• Declarative Tool: Added a clone(messageBus?: MessageBus) method to enable deep cloning of tools, allowing subagents to use their own message bus while sharing core tool logic.
• UI Notification: Updated the NewAgentsNotification component to optionally display the names of inline MCP servers.

This is part 1 of 3 in the subagent tool isolation rollout. This PR is strictly foundational and does not alter the current main execution flow.

Child of: #21935

Related Issues

Fixes #21901

How to Validate

• Run npm run typecheck and npm run test to verify everything compiles and all existing tests pass.

Pre-Merge Checklist

• Updated relevant documentation and README (if needed)
• Added/updated tests (if needed)
• Noted breaking changes (if any)
• Validated on required platforms/methods:

[gemini-cli]

Hi @akh64bit, thank you so much for your contribution to Gemini CLI! We really appreciate the time and effort you've put into this.

We're making some updates to our contribution process to improve how we track and review changes. Please take a moment to review our recent discussion post: Improving Our Contribution Process & Introducing New Guidelines.

Key Update: Starting January 26, 2026, the Gemini CLI project will require all pull requests to be associated with an existing issue. Any pull requests not linked to an issue by that date will be automatically closed.

Thank you for your understanding and for being a part of our community!

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request establishes the foundational elements necessary for enabling tool isolation for subagents. It introduces new metadata structures for defining inline Model Context Protocol (MCP) servers within agent configurations and enhances the agent loading process to parse these definitions. Additionally, it provides a mechanism for deep cloning declarative tools, allowing subagents to operate with their own message buses while reusing core tool logic. This is the first step in a multi-part rollout for subagent tool isolation, focusing on core infrastructure without altering current main execution flows.

Highlights

• Subagent Tool Isolation Foundation: Introduced the mcpServers metadata structure to AgentOverride and LocalAgentDefinition to lay the groundwork for isolating tools per subagent.
• Agent Definition Parsing: Updated the agent loader to parse inline Model Context Protocol (MCP) servers from agent markdown definitions, allowing agents to specify their own server configurations.
• Declarative Tool Cloning: Added a clone method to the DeclarativeTool class, enabling deep cloning of tools with an optional MessageBus to support subagents using their own message buses.
• UI Notification Enhancement: Modified the NewAgentsNotification component to optionally display the names of inline MCP servers associated with new local agents.

Changelog

• package-lock.json
  • Removed peer: true from several dependency entries.
• packages/cli/src/ui/components/NewAgentsNotification.test.tsx
  • Updated agent test data to include mcpServers and added a new test agent.
• packages/cli/src/ui/components/NewAgentsNotification.tsx
  • Modified the notification component to display associated MCP server names for local agents.
• packages/cli/src/ui/components/snapshots/NewAgentsNotification.test.tsx.snap
  • Updated the UI snapshot to reflect changes in agent notification display.
• packages/core/src/agents/agentLoader.test.ts
  • Added tests for parsing and converting mcp_servers from agent markdown.
• packages/core/src/agents/agentLoader.ts
  • Introduced mcp_servers parsing in agent frontmatter and updated agent definition conversion logic.
  • Imported MCPServerConfig and defined FrontmatterMCPServerConfig schema.
• packages/core/src/agents/registry.ts
  • Implemented logic to merge mcpServers from agent overrides into the agent definition.
• packages/core/src/agents/types.ts
  • Extended LocalAgentDefinition to include an optional mcpServers property.
  • Imported MCPServerConfig.
• packages/core/src/config/config.ts
  • Added tools and mcpServers properties to the AgentOverride interface.
• packages/core/src/tools/tools.ts
  • Added a clone method to DeclarativeTool for creating deep copies with an optional message bus.

Activity

• The author, akh64bit, created this pull request to add foundational support for subagent tool isolation.
• The pull request includes new and updated tests to cover the introduced functionality.
• The pull request description indicates this is part 1 of 3 in the subagent tool isolation rollout.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[github-actions]

Size Change: +3 kB (+0.01%)

Total Size: 26.2 MB

Filename	Size	Change
./bundle/chunk-IST5U23V.js	0 B	-3.62 MB (removed)	🏆
./bundle/chunk-PRSH5ZMN.js	0 B	-1.95 MB (removed)	🏆
./bundle/chunk-ZP4J6KEI.js	0 B	-13.5 MB (removed)	🏆
./bundle/core-M4MQQWE3.js	0 B	-41.1 kB (removed)	🏆
./bundle/devtoolsService-HYFT7VP6.js	0 B	-27.7 kB (removed)	🏆
./bundle/interactiveCli-BOCQOOCX.js	0 B	-1.6 MB (removed)	🏆
./bundle/oauth2-provider-2HU42PF2.js	0 B	-9.19 kB (removed)	🏆
./bundle/chunk-6HQKYZ7W.js	3.62 MB	+3.62 MB (new file)	🆕
./bundle/chunk-CV6IRPW4.js	13.5 MB	+13.5 MB (new file)	🆕
./bundle/chunk-FIQWQZVG.js	1.95 MB	+1.95 MB (new file)	🆕
./bundle/core-XRIVTAKZ.js	41.1 kB	+41.1 kB (new file)	🆕
./bundle/devtoolsService-QAYOIMUW.js	27.7 kB	+27.7 kB (new file)	🆕
./bundle/interactiveCli-VFKQAMIC.js	1.6 MB	+1.6 MB (new file)	🆕
./bundle/oauth2-provider-233VH4LL.js	9.19 kB	+9.19 kB (new file)	🆕

ℹ️ View Unchanged

Filename	Size	Change
./bundle/chunk-34MYV7JD.js	2.45 kB	0 B
./bundle/chunk-37ZTTFQF.js	966 kB	0 B
./bundle/chunk-5AUYMPVF.js	858 B	0 B
./bundle/chunk-664ZODQF.js	124 kB	0 B
./bundle/chunk-DAHVX5MI.js	206 kB	0 B
./bundle/chunk-IUUIT4SU.js	56.5 kB	0 B
./bundle/chunk-RJTRUG2J.js	39.8 kB	0 B
./bundle/devtools-36NN55EP.js	696 kB	0 B
./bundle/dist-T73EYRDX.js	356 B	0 B
./bundle/gemini.js	695 kB	0 B
./bundle/getMachineId-bsd-TXG52NKR.js	1.55 kB	0 B
./bundle/getMachineId-darwin-7OE4DDZ6.js	1.55 kB	0 B
./bundle/getMachineId-linux-SHIFKOOX.js	1.34 kB	0 B
./bundle/getMachineId-unsupported-5U5DOEYY.js	1.06 kB	0 B
./bundle/getMachineId-win-6KLLGOI4.js	1.72 kB	0 B
./bundle/memoryDiscovery-HQGRYQ2Y.js	0 B	-922 B (removed)	🏆
./bundle/multipart-parser-KPBZEGQU.js	11.7 kB	0 B
./bundle/node_modules/@google/gemini-cli-devtools/dist/client/main.js	221 kB	0 B
./bundle/node_modules/@google/gemini-cli-devtools/dist/src/_client-assets.js	227 kB	0 B
./bundle/node_modules/@google/gemini-cli-devtools/dist/src/index.js	11.5 kB	0 B
./bundle/node_modules/@google/gemini-cli-devtools/dist/src/types.js	132 B	0 B
./bundle/sandbox-macos-permissive-open.sb	890 B	0 B
./bundle/sandbox-macos-permissive-proxied.sb	1.31 kB	0 B
./bundle/sandbox-macos-restrictive-open.sb	3.36 kB	0 B
./bundle/sandbox-macos-restrictive-proxied.sb	3.56 kB	0 B
./bundle/sandbox-macos-strict-open.sb	4.82 kB	0 B
./bundle/sandbox-macos-strict-proxied.sb	5.02 kB	0 B
./bundle/src-QVCVGIUX.js	47 kB	0 B
./bundle/tree-sitter-7U6MW5PS.js	274 kB	0 B
./bundle/tree-sitter-bash-34ZGLXVX.js	1.84 MB	0 B
./bundle/undici-4X2YZID5.js	360 B	0 B
./bundle/memoryDiscovery-P6SEGMWA.js	922 B	+922 B (new file)	🆕

_{compressed-size-action}

[gemini-code-assist]

Code Review

This pull request introduces foundational changes for subagent tool isolation, including adding mcpServers to agent definitions, updating the agent loader to parse new configurations from markdown files, and implementing a clone method on DeclarativeTool. The identified security concerns regarding arbitrary commands and environment variables in agent definitions from project-level files are not considered vulnerabilities, as agent/skill definitions are treated as trusted by design, and thus do not require additional sanitization or UI transparency for security purposes.

[abhipatel12]

Is this change necessary?

[abhipatel12]

lgtm, but also want @gundermanc to review the clone piece to make sure we're aligned on that.

[akh64bit]

@gemini-code-assist why is the E2E (Chained) failing? Could you resolve it?

[gemini-code-assist]

Hi @akh64bit, I understand you're concerned about the failing "E2E (Chained)" test. As an AI, I don't have the ability to directly resolve or fix issues in the codebase. My role is to provide feedback and analysis.

To help you understand why the test might be failing, could you please provide more details about the failure? Specifically, any error messages, stack traces, or logs from the CI/CD pipeline related to that test would be very helpful. Once I have that information, I can try to analyze it and offer insights or potential causes.

If you're looking for assistance with commands or features I support, you can always use /gemini help to see a list of available commands.