@vm0/cli 9.103.3 → 9.104.1

package/{chunk-LQW4RGRH.js → chunk-FYV4IKTF.js}

@@ -49,7 +49,7 @@ if (DSN) {
   Sentry.init({
     dsn: DSN,
     environment: process.env.SENTRY_ENVIRONMENT ?? "production",
-    release: "9.103.3",
+    release: "9.104.1",
     sendDefaultPii: false,
     tracesSampleRate: 0,
     shutdownTimeout: 500,
@@ -68,7 +68,7 @@ if (DSN) {
     }
   });
   Sentry.setContext("cli", {
-    version: "9.103.3",
+    version: "9.104.1",
     command: process.argv.slice(2).join(" ")
   });
   Sentry.setContext("runtime", {
@@ -32244,4 +32244,4 @@ export {
   parseTime,
   paginate
 };
-//# sourceMappingURL=chunk-LQW4RGRH.js.map
+//# sourceMappingURL=chunk-FYV4IKTF.js.map

package/index.js

@@ -61,7 +61,7 @@ import {
   showNextSteps,
   volumeConfigSchema,
   withErrorHandler
-} from "./chunk-LQW4RGRH.js";
+} from "./chunk-FYV4IKTF.js";
 
 // src/index.ts
 import { Command as Command44 } from "commander";
@@ -454,7 +454,7 @@ function getConfigPath() {
   return join(homedir(), ".vm0", "config.json");
 }
 var infoCommand = new Command6().name("info").description("Display environment and debug information").action(async () => {
-  console.log(chalk3.bold(`VM0 CLI v${"9.103.3"}`));
+  console.log(chalk3.bold(`VM0 CLI v${"9.104.1"}`));
   console.log();
   const config = await loadConfig();
   const hasEnvToken = !!process.env.VM0_TOKEN;
@@ -1581,7 +1581,7 @@ var composeCommand = new Command7().name("compose").description("Create or updat
         options.autoUpdate = false;
       }
       if (options.autoUpdate !== false) {
-        await startSilentUpgrade("9.103.3");
+        await startSilentUpgrade("9.104.1");
       }
       try {
         let result;
@@ -1655,7 +1655,7 @@ var mainRunCommand = new Command8().name("run").description("Run an agent").argu
   withErrorHandler(
     async (identifier, prompt, options) => {
       if (options.autoUpdate !== false) {
-        await startSilentUpgrade("9.103.3");
+        await startSilentUpgrade("9.104.1");
       }
       const { name, version } = parseIdentifier(identifier);
       let composeId;
@@ -3413,7 +3413,7 @@ var cookAction = new Command35().name("cook").description("Quick start: prepare,
   withErrorHandler(
     async (prompt, options) => {
       if (options.autoUpdate !== false) {
-        const shouldExit = await checkAndUpgrade("9.103.3", prompt);
+        const shouldExit = await checkAndUpgrade("9.104.1", prompt);
         if (shouldExit) {
           process.exit(0);
         }
@@ -4156,13 +4156,13 @@ var upgradeCommand = new Command42().name("upgrade").description("Upgrade vm0 CL
     if (latestVersion === null) {
       throw new Error("Could not check for updates. Please try again later.");
     }
-    if (latestVersion === "9.103.3") {
-      console.log(chalk33.green(`\u2713 Already up to date (${"9.103.3"})`));
+    if (latestVersion === "9.104.1") {
+      console.log(chalk33.green(`\u2713 Already up to date (${"9.104.1"})`));
       return;
     }
     console.log(
       chalk33.yellow(
-        `Current version: ${"9.103.3"} -> Latest version: ${latestVersion}`
+        `Current version: ${"9.104.1"} -> Latest version: ${latestVersion}`
       )
     );
     console.log();
@@ -4189,7 +4189,7 @@ var upgradeCommand = new Command42().name("upgrade").description("Upgrade vm0 CL
     const success = await performUpgrade(packageManager);
     if (success) {
       console.log(
-        chalk33.green(`\u2713 Upgraded from ${"9.103.3"} to ${latestVersion}`)
+        chalk33.green(`\u2713 Upgraded from ${"9.104.1"} to ${latestVersion}`)
       );
       return;
     }
@@ -4257,7 +4257,7 @@ var whoamiCommand = new Command43().name("whoami").description("Show current ide
 
 // src/index.ts
 var program = new Command44();
-program.name("vm0").description("VM0 CLI - Build and run agents with natural language").version("9.103.3");
+program.name("vm0").description("VM0 CLI - Build and run agents with natural language").version("9.104.1");
 program.addCommand(authCommand);
 program.addCommand(infoCommand);
 program.addCommand(composeCommand);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@vm0/cli",
-  "version": "9.103.3",
+  "version": "9.104.1",
   "description": "CLI application",
   "repository": {
     "type": "git",

package/zero.js

@@ -115,7 +115,7 @@ import {
   upsertZeroOrgModelProvider,
   withErrorHandler,
   zeroAgentCustomSkillNameSchema
-} from "./chunk-LQW4RGRH.js";
+} from "./chunk-FYV4IKTF.js";
 
 // src/zero.ts
 import { Command as Command77 } from "commander";
@@ -2265,10 +2265,57 @@ Notes:
 );
 
 // src/commands/zero/doctor/firewall-deny.ts
-import { Command as Command37, Option as Option2 } from "commander";
+import { Command as Command36, Option } from "commander";
+var firewallDenyCommand = new Command36().name("firewall-deny").description(
+  "Diagnose a firewall denial and find the permission that covers it"
+).argument("<firewall-ref>", "The firewall connector type (e.g. github)").addOption(
+  new Option(
+    "--method <method>",
+    "The denied HTTP method"
+  ).makeOptionMandatory()
+).addOption(
+  new Option("--path <path>", "The denied path").makeOptionMandatory()
+).addHelpText(
+  "after",
+  `
+Examples:
+  zero doctor firewall-deny github --method GET --path /repos/owner/repo/pulls
+  zero doctor firewall-deny slack --method POST --path /chat.postMessage
+
+Notes:
+  - Identifies which named permission covers a denied request
+  - Use firewall-permissions-change to request or enable the permission`
+).action(
+  withErrorHandler(
+    async (firewallRef, opts) => {
+      if (!isFirewallConnectorType(firewallRef)) {
+        throw new Error(`Unknown firewall connector type: ${firewallRef}`);
+      }
+      const { label } = CONNECTOR_TYPES[firewallRef];
+      const config = getConnectorFirewall(firewallRef);
+      const permissions = findMatchingPermissions(
+        opts.method,
+        opts.path,
+        config
+      );
+      console.log(
+        `The ${label} firewall blocked ${opts.method} ${opts.path}.`
+      );
+      if (permissions.length === 0) {
+        console.log("No named permission was found covering this request.");
+        return;
+      }
+      const permission = permissions[0];
+      console.log(`This is covered by the "${permission}" permission.`);
+      console.log(
+        `To request this permission, run: zero doctor firewall-permissions-change ${firewallRef} --permission ${permission} --enable --reason "why this is needed"`
+      );
+    }
+  )
+);
 
 // src/commands/zero/doctor/firewall-permissions-change.ts
-import { Command as Command36, Option } from "commander";
+import { Command as Command37, Option as Option2 } from "commander";
 
 // src/commands/zero/doctor/resolve-role.ts
 async function resolveUserId() {
@@ -2309,15 +2356,21 @@ function findPermissionInConfig(ref, permissionName) {
   }
   return false;
 }
-async function outputPermissionChangeMessage(firewallRef, permission, action) {
+var REASON_MAX_LENGTH = 500;
+async function outputPermissionChangeMessage(firewallRef, permission, action, reason) {
   const { label } = CONNECTOR_TYPES[firewallRef];
   const platformOrigin = await getPlatformOrigin();
   const agentId = process.env.ZERO_AGENT_ID;
+  const role = agentId ? await resolveAgentRole(agentId) : "unknown";
   const urlParams = new URLSearchParams({
     ref: firewallRef,
     permission,
     action: action === "enable" ? "allow" : "deny"
   });
+  if (role === "member" && reason) {
+    const truncated = reason.length > REASON_MAX_LENGTH ? reason.slice(0, REASON_MAX_LENGTH) : reason;
+    urlParams.set("reason", truncated);
+  }
   const pagePath = agentId ? `/agents/${agentId}/permissions` : "/agents";
   const url = `${platformOrigin}${pagePath}?${urlParams.toString()}`;
   if (firewallRef === "slack" && permission === "chat:write" && action === "enable") {
@@ -2333,13 +2386,16 @@ async function outputPermissionChangeMessage(firewallRef, permission, action) {
     );
     console.log("");
   }
-  const role = agentId ? await resolveAgentRole(agentId) : "unknown";
   if (role === "admin" || role === "owner") {
     console.log(
       `You can ${action} the "${permission}" permission directly: [Manage ${label} firewall](${url})`
     );
   } else if (role === "member") {
-    if (action === "enable") {
+    if (!reason) {
+      console.log(
+        `IMPORTANT: Re-run with \`--reason "one sentence why this is needed"\` so the admin can review your request faster.`
+      );
+    } else if (action === "enable") {
       console.log(
         `Permission changes require admin approval. Request access at: [Request ${label} access](${url})`
       );
@@ -2354,19 +2410,24 @@ async function outputPermissionChangeMessage(firewallRef, permission, action) {
     );
   }
 }
-var firewallPermissionsChangeCommand = new Command36().name("firewall-permissions-change").description("Request a firewall permission change (enable or disable)").argument("<firewall-ref>", "The firewall connector type (e.g. github)").addOption(
-  new Option(
+var firewallPermissionsChangeCommand = new Command37().name("firewall-permissions-change").description("Request a firewall permission change (enable or disable)").argument("<firewall-ref>", "The firewall connector type (e.g. github)").addOption(
+  new Option2(
     "--permission <name>",
     "The permission name to change"
   ).makeOptionMandatory()
 ).addOption(
-  new Option("--enable", "Request to enable the permission").conflicts(
+  new Option2("--enable", "Request to enable the permission").conflicts(
     "disable"
   )
 ).addOption(
-  new Option("--disable", "Request to disable the permission").conflicts(
+  new Option2("--disable", "Request to disable the permission").conflicts(
     "enable"
   )
+).addOption(
+  new Option2(
+    "--reason <text>",
+    "Brief reason why the permission is needed (max 500 chars)"
+  )
 ).addHelpText(
   "after",
   `
@@ -2395,55 +2456,9 @@ Notes:
       await outputPermissionChangeMessage(
         firewallRef,
         opts.permission,
-        action
-      );
-    }
-  )
-);
-
-// src/commands/zero/doctor/firewall-deny.ts
-var firewallDenyCommand = new Command37().name("firewall-deny").description(
-  "Diagnose a firewall denial and find the permission that covers it"
-).argument("<firewall-ref>", "The firewall connector type (e.g. github)").addOption(
-  new Option2(
-    "--method <method>",
-    "The denied HTTP method"
-  ).makeOptionMandatory()
-).addOption(
-  new Option2("--path <path>", "The denied path").makeOptionMandatory()
-).addHelpText(
-  "after",
-  `
-Examples:
-  zero doctor firewall-deny github --method GET --path /repos/owner/repo/pulls
-  zero doctor firewall-deny slack --method POST --path /chat.postMessage
-
-Notes:
-  - Identifies which named permission covers a denied request
-  - Outputs a platform URL for the user to allow the permission`
-).action(
-  withErrorHandler(
-    async (firewallRef, opts) => {
-      if (!isFirewallConnectorType(firewallRef)) {
-        throw new Error(`Unknown firewall connector type: ${firewallRef}`);
-      }
-      const { label } = CONNECTOR_TYPES[firewallRef];
-      const config = getConnectorFirewall(firewallRef);
-      const permissions = findMatchingPermissions(
-        opts.method,
-        opts.path,
-        config
+        action,
+        opts.reason
       );
-      console.log(
-        `The ${label} firewall blocked ${opts.method} ${opts.path}.`
-      );
-      if (permissions.length === 0) {
-        console.log("No named permission was found covering this request.");
-        return;
-      }
-      const permission = permissions[0];
-      console.log(`This is covered by the "${permission}" permission.`);
-      await outputPermissionChangeMessage(firewallRef, permission, "enable");
     }
   )
 );
@@ -4720,8 +4735,19 @@ async function captureScreenshot() {
   const tmpPath = join3(tmpdir(), `vm0-screenshot-${randomUUID()}.jpg`);
   try {
     await execFileAsync("screencapture", ["-x", "-t", "jpg", tmpPath]);
-    const buffer = await readFile(tmpPath);
     const info = await getScreenInfo();
+    if (info.scaleFactor > 1) {
+      await execFileAsync("sips", [
+        "-z",
+        String(info.height),
+        String(info.width),
+        "-s",
+        "formatOptions",
+        "80",
+        tmpPath
+      ]);
+    }
+    const buffer = await readFile(tmpPath);
     return {
       image: buffer.toString("base64"),
       width: info.width,
@@ -4746,12 +4772,24 @@ async function captureRegionScreenshot(region) {
       regionArg,
       tmpPath
     ]);
+    const info = await getScreenInfo();
+    if (info.scaleFactor > 1) {
+      await execFileAsync("sips", [
+        "-z",
+        String(region.height),
+        String(region.width),
+        "-s",
+        "formatOptions",
+        "80",
+        tmpPath
+      ]);
+    }
     const buffer = await readFile(tmpPath);
     return {
       image: buffer.toString("base64"),
       width: region.width,
       height: region.height,
-      scaleFactor: 1,
+      scaleFactor: info.scaleFactor,
       format: "jpg"
     };
   } finally {
@@ -4771,14 +4809,30 @@ async function getScreenInfo() {
     for (const screen of screens) {
       const pixelStr = screen._spdisplays_pixels;
       if (pixelStr) {
-        const match = pixelStr.match(/(\d+)\s*x\s*(\d+)/);
-        if (match?.[1] && match[2]) {
-          const width = parseInt(match[1], 10);
-          const height = parseInt(match[2], 10);
+        const pixelMatch = pixelStr.match(/(\d+)\s*x\s*(\d+)/);
+        if (pixelMatch?.[1] && pixelMatch[2]) {
+          const physicalWidth = parseInt(pixelMatch[1], 10);
+          const physicalHeight = parseInt(pixelMatch[2], 10);
           const resStr = screen._spdisplays_resolution ?? screen.spdisplays_resolution ?? "";
-          const isRetina = /retina/i.test(resStr);
-          const scaleFactor = isRetina ? 2 : 1;
-          return { width, height, scaleFactor };
+          const resMatch = resStr.match(/(\d+)\s*x\s*(\d+)/);
+          let scaleFactor;
+          let logicalWidth;
+          let logicalHeight;
+          if (resMatch?.[1] && resMatch[2]) {
+            logicalWidth = parseInt(resMatch[1], 10);
+            logicalHeight = parseInt(resMatch[2], 10);
+            scaleFactor = Math.round(physicalWidth / logicalWidth);
+          } else {
+            const isRetina = /retina/i.test(resStr);
+            scaleFactor = isRetina ? 2 : 1;
+            logicalWidth = Math.floor(physicalWidth / scaleFactor);
+            logicalHeight = Math.floor(physicalHeight / scaleFactor);
+          }
+          return {
+            width: logicalWidth,
+            height: logicalHeight,
+            scaleFactor
+          };
         }
       }
     }
@@ -4893,17 +4947,20 @@ function parseKeyCombo(keys) {
   }
   return { modifiers, mainKey };
 }
+function keyAction(key) {
+  return VALID_SPECIAL_KEYS.has(key) ? `kp:${key}` : `t:${key}`;
+}
 async function pressKey(keys) {
   const { modifiers, mainKey } = parseKeyCombo(keys);
   if (modifiers.length === 0) {
-    await execFileAsync2("cliclick", [`kp:${mainKey}`]);
+    await execFileAsync2("cliclick", [keyAction(mainKey)]);
     return;
   }
   const args = [];
   for (const mod of modifiers) {
     args.push(`kd:${mod}`);
   }
-  args.push(`kp:${mainKey}`);
+  args.push(keyAction(mainKey));
   for (let i = modifiers.length - 1; i >= 0; i--) {
     args.push(`ku:${modifiers[i]}`);
   }
@@ -5086,12 +5143,10 @@ async function handleMouseRequest(req, res) {
       return;
     }
     const info = await getScreenInfo();
-    const maxX = Math.floor(info.width / info.scaleFactor);
-    const maxY = Math.floor(info.height / info.scaleFactor);
-    if (x < 0 || x >= maxX || y < 0 || y >= maxY) {
+    if (x < 0 || x >= info.width || y < 0 || y >= info.height) {
       res.writeHead(400, { "Content-Type": "text/plain" });
       res.end(
-        `Coordinates out of bounds. Screen size: ${maxX}x${maxY} (points)`
+        `Coordinates out of bounds. Screen size: ${info.width}x${info.height} (points)`
       );
       return;
     }
@@ -5665,6 +5720,23 @@ var clientCommand = new Command76().name("client").description("Interact with re
 var zeroComputerUseCommand = new Command76().name("computer-use").description("Remote desktop control for cloud agents").addCommand(hostCommand).addCommand(clientCommand).addHelpText(
   "after",
   `
+Coordinate System:
+  All coordinate parameters use macOS logical coordinates (points), not physical
+  pixels. On Retina displays (scaleFactor: 2), a 2880\xD71800 physical screen has
+  logical dimensions of 1440\xD7900. Use the "info" command to check your screen's
+  logical dimensions and scale factor.
+
+  The "screenshot" command returns an image at logical resolution. The "zoom"
+  command accepts a region in logical coordinates but returns an image at physical
+  resolution (logical size \xD7 scaleFactor), providing higher detail for precise
+  element location.
+
+  Recommended AI agent workflow:
+    1. screenshot          \u2014 get a screen overview at logical resolution
+    2. zoom --x --y ...    \u2014 zoom into a region of interest for pixel-level detail
+    3. Calculate the logical coordinates of the target element
+    4. Execute click/type operations using those logical coordinates
+
 Examples:
   Start the host daemon (on macOS):  zero computer-use host start
   Stop the host daemon:              zero computer-use host stop
@@ -5738,7 +5810,7 @@ function registerZeroCommands(prog, commands) {
 var program = new Command77();
 program.name("zero").description(
   "Zero CLI \u2014 interact with the zero platform from inside the sandbox"
-).version("9.103.3").addHelpText(
+).version("9.104.1").addHelpText(
   "after",
   `
 Examples: