@vm0/cli 9.103.3 → 9.104.0

package/{chunk-LQW4RGRH.js → chunk-FKDGKPGQ.js}

@@ -49,7 +49,7 @@ if (DSN) {
   Sentry.init({
     dsn: DSN,
     environment: process.env.SENTRY_ENVIRONMENT ?? "production",
-    release: "9.103.3",
+    release: "9.104.0",
     sendDefaultPii: false,
     tracesSampleRate: 0,
     shutdownTimeout: 500,
@@ -68,7 +68,7 @@ if (DSN) {
     }
   });
   Sentry.setContext("cli", {
-    version: "9.103.3",
+    version: "9.104.0",
     command: process.argv.slice(2).join(" ")
   });
   Sentry.setContext("runtime", {
@@ -32244,4 +32244,4 @@ export {
   parseTime,
   paginate
 };
-//# sourceMappingURL=chunk-LQW4RGRH.js.map
+//# sourceMappingURL=chunk-FKDGKPGQ.js.map

package/index.js

@@ -61,7 +61,7 @@ import {
   showNextSteps,
   volumeConfigSchema,
   withErrorHandler
-} from "./chunk-LQW4RGRH.js";
+} from "./chunk-FKDGKPGQ.js";
 
 // src/index.ts
 import { Command as Command44 } from "commander";
@@ -454,7 +454,7 @@ function getConfigPath() {
   return join(homedir(), ".vm0", "config.json");
 }
 var infoCommand = new Command6().name("info").description("Display environment and debug information").action(async () => {
-  console.log(chalk3.bold(`VM0 CLI v${"9.103.3"}`));
+  console.log(chalk3.bold(`VM0 CLI v${"9.104.0"}`));
   console.log();
   const config = await loadConfig();
   const hasEnvToken = !!process.env.VM0_TOKEN;
@@ -1581,7 +1581,7 @@ var composeCommand = new Command7().name("compose").description("Create or updat
         options.autoUpdate = false;
       }
       if (options.autoUpdate !== false) {
-        await startSilentUpgrade("9.103.3");
+        await startSilentUpgrade("9.104.0");
       }
       try {
         let result;
@@ -1655,7 +1655,7 @@ var mainRunCommand = new Command8().name("run").description("Run an agent").argu
   withErrorHandler(
     async (identifier, prompt, options) => {
       if (options.autoUpdate !== false) {
-        await startSilentUpgrade("9.103.3");
+        await startSilentUpgrade("9.104.0");
       }
       const { name, version } = parseIdentifier(identifier);
       let composeId;
@@ -3413,7 +3413,7 @@ var cookAction = new Command35().name("cook").description("Quick start: prepare,
   withErrorHandler(
     async (prompt, options) => {
       if (options.autoUpdate !== false) {
-        const shouldExit = await checkAndUpgrade("9.103.3", prompt);
+        const shouldExit = await checkAndUpgrade("9.104.0", prompt);
         if (shouldExit) {
           process.exit(0);
         }
@@ -4156,13 +4156,13 @@ var upgradeCommand = new Command42().name("upgrade").description("Upgrade vm0 CL
     if (latestVersion === null) {
       throw new Error("Could not check for updates. Please try again later.");
     }
-    if (latestVersion === "9.103.3") {
-      console.log(chalk33.green(`\u2713 Already up to date (${"9.103.3"})`));
+    if (latestVersion === "9.104.0") {
+      console.log(chalk33.green(`\u2713 Already up to date (${"9.104.0"})`));
       return;
     }
     console.log(
       chalk33.yellow(
-        `Current version: ${"9.103.3"} -> Latest version: ${latestVersion}`
+        `Current version: ${"9.104.0"} -> Latest version: ${latestVersion}`
       )
     );
     console.log();
@@ -4189,7 +4189,7 @@ var upgradeCommand = new Command42().name("upgrade").description("Upgrade vm0 CL
     const success = await performUpgrade(packageManager);
     if (success) {
       console.log(
-        chalk33.green(`\u2713 Upgraded from ${"9.103.3"} to ${latestVersion}`)
+        chalk33.green(`\u2713 Upgraded from ${"9.104.0"} to ${latestVersion}`)
       );
       return;
     }
@@ -4257,7 +4257,7 @@ var whoamiCommand = new Command43().name("whoami").description("Show current ide
 
 // src/index.ts
 var program = new Command44();
-program.name("vm0").description("VM0 CLI - Build and run agents with natural language").version("9.103.3");
+program.name("vm0").description("VM0 CLI - Build and run agents with natural language").version("9.104.0");
 program.addCommand(authCommand);
 program.addCommand(infoCommand);
 program.addCommand(composeCommand);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@vm0/cli",
-  "version": "9.103.3",
+  "version": "9.104.0",
   "description": "CLI application",
   "repository": {
     "type": "git",

package/zero.js

@@ -115,7 +115,7 @@ import {
   upsertZeroOrgModelProvider,
   withErrorHandler,
   zeroAgentCustomSkillNameSchema
-} from "./chunk-LQW4RGRH.js";
+} from "./chunk-FKDGKPGQ.js";
 
 // src/zero.ts
 import { Command as Command77 } from "commander";
@@ -2265,10 +2265,57 @@ Notes:
 );
 
 // src/commands/zero/doctor/firewall-deny.ts
-import { Command as Command37, Option as Option2 } from "commander";
+import { Command as Command36, Option } from "commander";
+var firewallDenyCommand = new Command36().name("firewall-deny").description(
+  "Diagnose a firewall denial and find the permission that covers it"
+).argument("<firewall-ref>", "The firewall connector type (e.g. github)").addOption(
+  new Option(
+    "--method <method>",
+    "The denied HTTP method"
+  ).makeOptionMandatory()
+).addOption(
+  new Option("--path <path>", "The denied path").makeOptionMandatory()
+).addHelpText(
+  "after",
+  `
+Examples:
+  zero doctor firewall-deny github --method GET --path /repos/owner/repo/pulls
+  zero doctor firewall-deny slack --method POST --path /chat.postMessage
+
+Notes:
+  - Identifies which named permission covers a denied request
+  - Use firewall-permissions-change to request or enable the permission`
+).action(
+  withErrorHandler(
+    async (firewallRef, opts) => {
+      if (!isFirewallConnectorType(firewallRef)) {
+        throw new Error(`Unknown firewall connector type: ${firewallRef}`);
+      }
+      const { label } = CONNECTOR_TYPES[firewallRef];
+      const config = getConnectorFirewall(firewallRef);
+      const permissions = findMatchingPermissions(
+        opts.method,
+        opts.path,
+        config
+      );
+      console.log(
+        `The ${label} firewall blocked ${opts.method} ${opts.path}.`
+      );
+      if (permissions.length === 0) {
+        console.log("No named permission was found covering this request.");
+        return;
+      }
+      const permission = permissions[0];
+      console.log(`This is covered by the "${permission}" permission.`);
+      console.log(
+        `To request this permission, run: zero doctor firewall-permissions-change ${firewallRef} --permission ${permission} --enable --reason "why this is needed"`
+      );
+    }
+  )
+);
 
 // src/commands/zero/doctor/firewall-permissions-change.ts
-import { Command as Command36, Option } from "commander";
+import { Command as Command37, Option as Option2 } from "commander";
 
 // src/commands/zero/doctor/resolve-role.ts
 async function resolveUserId() {
@@ -2309,15 +2356,21 @@ function findPermissionInConfig(ref, permissionName) {
   }
   return false;
 }
-async function outputPermissionChangeMessage(firewallRef, permission, action) {
+var REASON_MAX_LENGTH = 500;
+async function outputPermissionChangeMessage(firewallRef, permission, action, reason) {
   const { label } = CONNECTOR_TYPES[firewallRef];
   const platformOrigin = await getPlatformOrigin();
   const agentId = process.env.ZERO_AGENT_ID;
+  const role = agentId ? await resolveAgentRole(agentId) : "unknown";
   const urlParams = new URLSearchParams({
     ref: firewallRef,
     permission,
     action: action === "enable" ? "allow" : "deny"
   });
+  if (role === "member" && reason) {
+    const truncated = reason.length > REASON_MAX_LENGTH ? reason.slice(0, REASON_MAX_LENGTH) : reason;
+    urlParams.set("reason", truncated);
+  }
   const pagePath = agentId ? `/agents/${agentId}/permissions` : "/agents";
   const url = `${platformOrigin}${pagePath}?${urlParams.toString()}`;
   if (firewallRef === "slack" && permission === "chat:write" && action === "enable") {
@@ -2333,13 +2386,16 @@ async function outputPermissionChangeMessage(firewallRef, permission, action) {
     );
     console.log("");
   }
-  const role = agentId ? await resolveAgentRole(agentId) : "unknown";
   if (role === "admin" || role === "owner") {
     console.log(
       `You can ${action} the "${permission}" permission directly: [Manage ${label} firewall](${url})`
     );
   } else if (role === "member") {
-    if (action === "enable") {
+    if (!reason) {
+      console.log(
+        `IMPORTANT: Re-run with \`--reason "one sentence why this is needed"\` so the admin can review your request faster.`
+      );
+    } else if (action === "enable") {
       console.log(
         `Permission changes require admin approval. Request access at: [Request ${label} access](${url})`
       );
@@ -2354,19 +2410,24 @@ async function outputPermissionChangeMessage(firewallRef, permission, action) {
     );
   }
 }
-var firewallPermissionsChangeCommand = new Command36().name("firewall-permissions-change").description("Request a firewall permission change (enable or disable)").argument("<firewall-ref>", "The firewall connector type (e.g. github)").addOption(
-  new Option(
+var firewallPermissionsChangeCommand = new Command37().name("firewall-permissions-change").description("Request a firewall permission change (enable or disable)").argument("<firewall-ref>", "The firewall connector type (e.g. github)").addOption(
+  new Option2(
     "--permission <name>",
     "The permission name to change"
   ).makeOptionMandatory()
 ).addOption(
-  new Option("--enable", "Request to enable the permission").conflicts(
+  new Option2("--enable", "Request to enable the permission").conflicts(
     "disable"
   )
 ).addOption(
-  new Option("--disable", "Request to disable the permission").conflicts(
+  new Option2("--disable", "Request to disable the permission").conflicts(
     "enable"
   )
+).addOption(
+  new Option2(
+    "--reason <text>",
+    "Brief reason why the permission is needed (max 500 chars)"
+  )
 ).addHelpText(
   "after",
   `
@@ -2395,55 +2456,9 @@ Notes:
       await outputPermissionChangeMessage(
         firewallRef,
         opts.permission,
-        action
-      );
-    }
-  )
-);
-
-// src/commands/zero/doctor/firewall-deny.ts
-var firewallDenyCommand = new Command37().name("firewall-deny").description(
-  "Diagnose a firewall denial and find the permission that covers it"
-).argument("<firewall-ref>", "The firewall connector type (e.g. github)").addOption(
-  new Option2(
-    "--method <method>",
-    "The denied HTTP method"
-  ).makeOptionMandatory()
-).addOption(
-  new Option2("--path <path>", "The denied path").makeOptionMandatory()
-).addHelpText(
-  "after",
-  `
-Examples:
-  zero doctor firewall-deny github --method GET --path /repos/owner/repo/pulls
-  zero doctor firewall-deny slack --method POST --path /chat.postMessage
-
-Notes:
-  - Identifies which named permission covers a denied request
-  - Outputs a platform URL for the user to allow the permission`
-).action(
-  withErrorHandler(
-    async (firewallRef, opts) => {
-      if (!isFirewallConnectorType(firewallRef)) {
-        throw new Error(`Unknown firewall connector type: ${firewallRef}`);
-      }
-      const { label } = CONNECTOR_TYPES[firewallRef];
-      const config = getConnectorFirewall(firewallRef);
-      const permissions = findMatchingPermissions(
-        opts.method,
-        opts.path,
-        config
-      );
-      console.log(
-        `The ${label} firewall blocked ${opts.method} ${opts.path}.`
+        action,
+        opts.reason
       );
-      if (permissions.length === 0) {
-        console.log("No named permission was found covering this request.");
-        return;
-      }
-      const permission = permissions[0];
-      console.log(`This is covered by the "${permission}" permission.`);
-      await outputPermissionChangeMessage(firewallRef, permission, "enable");
     }
   )
 );
@@ -5738,7 +5753,7 @@ function registerZeroCommands(prog, commands) {
 var program = new Command77();
 program.name("zero").description(
   "Zero CLI \u2014 interact with the zero platform from inside the sandbox"
-).version("9.103.3").addHelpText(
+).version("9.104.0").addHelpText(
   "after",
   `
 Examples: