feat(core): subagent local execution and tool isolation

[akh64bit]

Summary

This is the 3rd and final PR of the subagent tool isolation rollout. It wires up the localized configuration and MCP manager updates directly into the agent scheduling loop, finalizing the tool isolation feature.

Details

• Local Agent Executor: Updated LocalAgentExecutor to instantiate its own private ToolRegistry, PromptRegistry, and ResourceRegistry.
• Tool Cloning: Leverages the .clone() method (from PR 1) to ensure core tools respect the subagent's isolated messageBus.
• MCP Server Initialization: Configures inline MCP servers (parsed in PR 1) using the maybeDiscoverMcpServer(..., registries) method (from PR 2).
• Agent Loop Context: Overrides agentConfig.toolRegistry in agent-scheduler.ts to ensure the core execution loop leverages the subagent-specific registries.

Child of: #22712

Related Issues

Fixes #21901

How to Validate

• Run npm run typecheck and npm run test to verify everything compiles and all existing tests pass.

Pre-Merge Checklist

• Updated relevant documentation and README (if needed)
• Added/updated tests (if needed)
• Noted breaking changes (if any)
• Validated on required platforms/methods:

[gemini-cli]

Hi @akh64bit, thank you so much for your contribution to Gemini CLI! We really appreciate the time and effort you've put into this.

We're making some updates to our contribution process to improve how we track and review changes. Please take a moment to review our recent discussion post: Improving Our Contribution Process & Introducing New Guidelines.

Key Update: Starting January 26, 2026, the Gemini CLI project will require all pull requests to be associated with an existing issue. Any pull requests not linked to an issue by that date will be automatically closed.

Thank you for your understanding and for being a part of our community!

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request completes the subagent tool isolation feature by integrating localized configuration and MCP manager updates directly into the agent scheduling process. It ensures that each subagent operates within its own isolated environment for tools, prompts, and resources, enhancing modularity and preventing conflicts between different agent contexts. The changes involve creating dedicated registries for subagents, cloning tools to maintain message bus isolation, and properly initializing MCP servers within these isolated contexts.

Highlights

• Subagent Local Execution: The LocalAgentExecutor now instantiates its own private ToolRegistry, PromptRegistry, and ResourceRegistry, ensuring that subagents operate with isolated configurations.
• Tool Isolation via Cloning: Core tools are now cloned using a new .clone() method, allowing them to respect the subagent's isolated messageBus and prevent unintended interactions.
• MCP Server Integration: Inline Model Context Protocol (MCP) servers, parsed in a previous PR, are now configured directly into the agent scheduling loop using maybeDiscoverMcpServer with the subagent's specific registries.
• Agent Loop Context Override: The agentConfig.toolRegistry is overridden within agent-scheduler.ts to ensure that the core execution loop correctly leverages the subagent-specific registries for tool management.

Changelog

• package-lock.json
  • Removed 'peer' property from several dependency entries.
• packages/cli/src/ui/components/NewAgentsNotification.test.tsx
  • Updated agent test data to include a local agent with MCP server configurations.
• packages/cli/src/ui/components/NewAgentsNotification.tsx
  • Modified agent display logic to show associated MCP servers for local agents.
• packages/cli/src/ui/components/snapshots/NewAgentsNotification.test.tsx.snap
  • Updated snapshot to reflect new agent display with MCP server information.
• packages/core/src/agents/agent-scheduler.ts
  • Updated agent scheduling options to include prompt and resource registries.
  • Configured agent-specific registries for the execution loop.
• packages/core/src/agents/agentLoader.test.ts
  • Added tests for parsing mcp_servers from agent markdown frontmatter.
  • Added tests for converting mcp_servers to MCPServerConfig objects.
• packages/core/src/agents/agentLoader.ts
  • Extended local agent definition to include mcp_servers.
  • Implemented conversion logic for mcp_servers from markdown to MCPServerConfig objects.
• packages/core/src/agents/local-executor.test.ts
  • Enhanced MCP client manager mocks.
  • Added tests for MCP isolation.
  • Verified inheritance of main registry tools.
• packages/core/src/agents/local-executor.ts
  • Refactored LocalAgentExecutor to instantiate isolated tool, prompt, and resource registries.
  • Managed MCP server discovery for subagents.
  • Cloned tools for independent message bus usage.
• packages/core/src/agents/registry.ts
  • Implemented logic to merge tools and mcpServers overrides into agent definitions.
• packages/core/src/agents/types.ts
  • Added mcpServers property to the LocalAgentDefinition interface.
• packages/core/src/config/config.test.ts
  • Updated McpClientManager mock to include setMainRegistries for testing purposes.
• packages/core/src/config/config.ts
  • Extended AgentOverride with tools and mcpServers properties.
  • Introduced mainAgentTools for tool filtering.
  • Updated McpClientManager initialization to set main registries.
  • Marked the main tool registry during creation.
• packages/core/src/tools/mcp-client-manager.test.ts
  • Updated MCP client manager tests to align with new constructor and discoverInto method signatures.
  • Added setup for main registries.
• packages/core/src/tools/mcp-client-manager.ts
  • Refactored McpClientManager to support multiple registry sets.
  • Introduced setMainRegistries and removeRegistries for managing registry contexts.
  • Implemented unique client key generation for server identification.
  • Updated maybeDiscoverMcpServer to use specific registries and handle client keying.
• packages/core/src/tools/mcp-client.test.ts
  • Adjusted MCP client tests to utilize the discoverInto method with explicit registry sets.
  • Removed direct registry dependencies from the constructor.
• packages/core/src/tools/mcp-client.ts
  • Introduced RegistrySet interface and registeredRegistries to manage multiple registry contexts.
  • Removed direct registry dependencies from the constructor.
  • Added getServerName method.
  • Updated discovery and notification handling to operate on these registry sets.
  • Modified updateResourceRegistry and discoverTools to accept a target registry.
• packages/core/src/tools/tool-registry.test.ts
  • Added tests for the removeMcpToolsByServer method to verify tool removal functionality.
• packages/core/src/tools/tool-registry.ts
  • Added isMainRegistry property to the constructor.
  • Implemented logic in getFunctionDeclarations to filter tools based on mainAgentTools when it is the main registry.
• packages/core/src/tools/tools.ts
  • Added a clone method to DeclarativeTool to enable creating independent tool instances with a new message bus.

Activity

• No human activity has been recorded for this pull request yet.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[github-actions]

Size Change: +2.13 kB (+0.01%)

Total Size: 26.2 MB

Filename	Size	Change
./bundle/chunk-4K4ZDVQK.js	0 B	-13.5 MB (removed)	🏆
./bundle/chunk-TASGEGNN.js	0 B	-3.63 MB (removed)	🏆
./bundle/core-STPVJ6OA.js	0 B	-41.3 kB (removed)	🏆
./bundle/devtoolsService-2FWAJTBC.js	0 B	-27.7 kB (removed)	🏆
./bundle/interactiveCli-KW2YTL2J.js	0 B	-1.6 MB (removed)	🏆
./bundle/oauth2-provider-OUY22YQ7.js	0 B	-9.19 kB (removed)	🏆
./bundle/chunk-PVVFGB3T.js	3.63 MB	+3.63 MB (new file)	🆕
./bundle/chunk-STCQZOQP.js	13.5 MB	+13.5 MB (new file)	🆕
./bundle/core-WFYUAE2H.js	41.3 kB	+41.3 kB (new file)	🆕
./bundle/devtoolsService-MIKJ2CW4.js	27.7 kB	+27.7 kB (new file)	🆕
./bundle/interactiveCli-WHI7ZSAQ.js	1.6 MB	+1.6 MB (new file)	🆕
./bundle/oauth2-provider-C7KZVQDJ.js	9.19 kB	+9.19 kB (new file)	🆕

ℹ️ View Unchanged

Filename	Size
./bundle/chunk-34MYV7JD.js	2.45 kB
./bundle/chunk-37ZTTFQF.js	966 kB
./bundle/chunk-5AUYMPVF.js	858 B
./bundle/chunk-664ZODQF.js	124 kB
./bundle/chunk-DAHVX5MI.js	206 kB
./bundle/chunk-IUUIT4SU.js	56.5 kB
./bundle/chunk-PFX74K66.js	1.95 MB
./bundle/chunk-RJTRUG2J.js	39.8 kB
./bundle/devtools-36NN55EP.js	696 kB
./bundle/dist-T73EYRDX.js	356 B
./bundle/gemini.js	696 kB
./bundle/getMachineId-bsd-TXG52NKR.js	1.55 kB
./bundle/getMachineId-darwin-7OE4DDZ6.js	1.55 kB
./bundle/getMachineId-linux-SHIFKOOX.js	1.34 kB
./bundle/getMachineId-unsupported-5U5DOEYY.js	1.06 kB
./bundle/getMachineId-win-6KLLGOI4.js	1.72 kB
./bundle/memoryDiscovery-T62THVNM.js	922 B
./bundle/multipart-parser-KPBZEGQU.js	11.7 kB
./bundle/node_modules/@google/gemini-cli-devtools/dist/client/main.js	221 kB
./bundle/node_modules/@google/gemini-cli-devtools/dist/src/_client-assets.js	227 kB
./bundle/node_modules/@google/gemini-cli-devtools/dist/src/index.js	11.5 kB
./bundle/node_modules/@google/gemini-cli-devtools/dist/src/types.js	132 B
./bundle/sandbox-macos-permissive-open.sb	890 B
./bundle/sandbox-macos-permissive-proxied.sb	1.31 kB
./bundle/sandbox-macos-restrictive-open.sb	3.36 kB
./bundle/sandbox-macos-restrictive-proxied.sb	3.56 kB
./bundle/sandbox-macos-strict-open.sb	4.82 kB
./bundle/sandbox-macos-strict-proxied.sb	5.02 kB
./bundle/src-QVCVGIUX.js	47 kB
./bundle/tree-sitter-7U6MW5PS.js	274 kB
./bundle/tree-sitter-bash-34ZGLXVX.js	1.84 MB
./bundle/undici-4X2YZID5.js	360 B

_{compressed-size-action}

[gemini-code-assist]

Code Review

This pull request finalizes the subagent tool isolation feature by wiring up localized configurations and registry management into the agent execution loop. The changes introduce private registries for LocalAgentExecutor, clone tools to ensure message bus isolation, and update the McpClientManager to handle multiple registry sets for different subagents. The implementation appears robust and correctly addresses the complex requirements of tool isolation. I did not find any issues of high or critical severity in this pull request.

_{Note: Security Review did not run due to the size of the PR.}

[gundermanc]

I just fixed a bug on Friday related to this pattern of unsafe partial cloning: #22397.

Can we either follow one of the safe proxying patterns I used in #22408 or make targeted refactors to avoid the need to pass around this incorrectly typed object?

@joshualitt just did some related refactors to break a few properties off of config into the AgentLoopContext type. Maybe you can do similar: #21198

[abhipatel12]

Why are we adding a blanket level disable here?

[abhipatel12]

Why was package-lock changed?

[gundermanc]

nit: delete blank line.

[abhipatel12]

if you test this with /mcp list in the interactive mode, it seems that the server shows up but the active tools don't. I assume this is b/c the mcp tool is limited to the subagent but can we add a fast follow to fix the UX for this?

[akh64bit]

I agree. Lets handle this in a follow up PR.

[abhipatel12]

LGTM, overall, we need to revisit whether or not the disabled lints is something we want to keep doing.

You may need to run npm run format.