diff --git a/docs/commands.md b/docs/commands.md
index 3588c9333..3a617b4a6 100644
--- a/docs/commands.md
+++ b/docs/commands.md
@@ -265,7 +265,6 @@ agentcore add gateway \
 | `--allowed-scopes <scopes>`      | Comma-separated allowed scopes (optional for CUSTOM_JWT)     |
 | `--agent-client-id <id>`         | Agent OAuth client ID for Bearer token auth (CUSTOM_JWT)     |
 | `--agent-client-secret <secret>` | Agent OAuth client secret (CUSTOM_JWT)                       |
-| `--agents <agents>`              | Comma-separated agent names                                  |
 | `--no-semantic-search`           | Disable semantic search for tool discovery                   |
 | `--exception-level <level>`      | Exception verbosity level (default: `NONE`)                  |
 | `--json`                         | JSON output                                                  |
diff --git a/src/cli/commands/add/__tests__/add-gateway.test.ts b/src/cli/commands/add/__tests__/add-gateway.test.ts
index 3bdd66622..8b6ee0c57 100644
--- a/src/cli/commands/add/__tests__/add-gateway.test.ts
+++ b/src/cli/commands/add/__tests__/add-gateway.test.ts
@@ -78,6 +78,13 @@ describe('add gateway command', () => {
     });
   });
 
+  describe('rejected flags', () => {
+    it('rejects unknown --agents flag', async () => {
+      const result = await runCLI(['add', 'gateway', '--name', 'agents-test', '--agents', 'foo', '--json'], projectDir);
+      expect(result.exitCode).toBe(1);
+    });
+  });
+
   describe('JWT authorizer', () => {
     it('creates gateway with CUSTOM_JWT authorizer', async () => {
       const gatewayName = `jwt-gw-${Date.now()}`;
diff --git a/src/cli/commands/add/types.ts b/src/cli/commands/add/types.ts
index f0b846c31..c087c0539 100644
--- a/src/cli/commands/add/types.ts
+++ b/src/cli/commands/add/types.ts
@@ -57,7 +57,6 @@ export interface AddGatewayOptions {
   customClaims?: string;
   clientId?: string;
   clientSecret?: string;
-  agents?: string;
   semanticSearch?: boolean;
   exceptionLevel?: string;
   policyEngine?: string;
diff --git a/src/cli/primitives/GatewayPrimitive.ts b/src/cli/primitives/GatewayPrimitive.ts
index cc6d565a8..82c84a8fa 100644
--- a/src/cli/primitives/GatewayPrimitive.ts
+++ b/src/cli/primitives/GatewayPrimitive.ts
@@ -33,7 +33,6 @@ export interface AddGatewayOptions {
   customClaims?: CustomClaimValidation[];
   clientId?: string;
   clientSecret?: string;
-  agents?: string;
   enableSemanticSearch?: boolean;
   exceptionLevel?: string;
   policyEngine?: string;
@@ -161,7 +160,6 @@ export class GatewayPrimitive extends BasePrimitive<AddGatewayOptions, Removable
       .description('Add an API gateway that routes requests to agent targets')
       .option('--name <name>', 'Gateway name [non-interactive]')
       .option('--description <desc>', 'Gateway description [non-interactive]')
-      .option('--agents <agents>', 'Comma-separated agent names to expose through this gateway [non-interactive]')
       .option('--authorizer-type <type>', 'Authorizer type: NONE or CUSTOM_JWT [non-interactive]')
       .option('--discovery-url <url>', 'OIDC discovery URL (for CUSTOM_JWT) [non-interactive]')
       .option('--allowed-audience <audience>', 'Comma-separated allowed audiences (for CUSTOM_JWT) [non-interactive]')
@@ -213,7 +211,6 @@ export class GatewayPrimitive extends BasePrimitive<AddGatewayOptions, Removable
             customClaims: parsedCustomClaims,
             clientId: cliOptions.clientId,
             clientSecret: cliOptions.clientSecret,
-            agents: cliOptions.agents,
             enableSemanticSearch: cliOptions.semanticSearch !== false,
             exceptionLevel: cliOptions.exceptionLevel,
             policyEngine: cliOptions.policyEngine,