@vm0/cli 9.110.2 → 9.111.1

package/{chunk-W353Y7DH.js → chunk-H56HRDOU.js}

@@ -34652,7 +34652,7 @@ if (DSN) {
   Sentry.init({
     dsn: DSN,
     environment: process.env.SENTRY_ENVIRONMENT ?? "production",
-    release: "9.110.2",
+    release: "9.111.1",
     sendDefaultPii: false,
     tracesSampleRate: 0,
     shutdownTimeout: 500,
@@ -34671,7 +34671,7 @@ if (DSN) {
     }
   });
   Sentry.setContext("cli", {
-    version: "9.110.2",
+    version: "9.111.1",
     command: process.argv.slice(2).join(" ")
   });
   Sentry.setContext("runtime", {
@@ -55148,9 +55148,9 @@ var axiomFirewall = {
         {
           name: "query|read",
           rules: [
-            "POST /v1/datasets/_apl?format=tabular",
+            "POST /v1/datasets/_apl",
             "POST /v1/datasets/{dataset_name}/query",
-            "POST /v1/query/_apl?format=tabular",
+            "POST /v1/query/_apl",
             "POST /v1/query/_mpl",
             "POST /v1/query/batch",
             "GET /v1/query/metrics/info/datasets/{dataset}/metrics",
@@ -57725,6 +57725,7 @@ var googleDriveFirewall = {
             "POST /v2/drives/{driveId}/unhide",
             "GET /v2/files",
             "POST /v2/files",
+            "GET /v2/files/generateCseToken",
             "GET /v2/files/generateIds",
             "DELETE /v2/files/trash",
             "GET /v2/files/{fileId}",
@@ -57797,6 +57798,7 @@ var googleDriveFirewall = {
             "POST /v3/drives/{driveId}/unhide",
             "GET /v3/files",
             "POST /v3/files",
+            "GET /v3/files/generateCseToken",
             "GET /v3/files/generateIds",
             "DELETE /v3/files/trash",
             "GET /v3/files/{fileId}",
@@ -63631,14 +63633,13 @@ var DEFAULT_ALLOWED = {
 };
 function getDefaultFirewallPolicies(type) {
   const allowed = DEFAULT_ALLOWED[type];
-  if (!allowed) return null;
-  const allowSet = new Set(allowed);
+  const allowSet = allowed ? new Set(allowed) : null;
   const config2 = getConnectorFirewall(type);
   const result = {};
   for (const api of config2.apis) {
     if (api.permissions) {
       for (const p of api.permissions) {
-        result[p.name] = allowSet.has(p.name) ? "allow" : "deny";
+        result[p.name] = !allowSet || allowSet.has(p.name) ? "allow" : "deny";
       }
     }
   }
@@ -63648,10 +63649,11 @@ function resolveFirewallPolicies(stored, connectors) {
   let resolved = stored;
   for (const connector of connectors) {
     if (!isFirewallConnectorType(connector)) continue;
-    if (resolved?.[connector]) continue;
     const defaults = getDefaultFirewallPolicies(connector);
-    if (!defaults) continue;
-    resolved = { ...resolved, [connector]: defaults };
+    resolved = {
+      ...resolved,
+      [connector]: { ...defaults, ...resolved?.[connector] }
+    };
   }
   return resolved;
 }
@@ -68210,6 +68212,14 @@ var firewallPoliciesSchema = external_exports.record(
   external_exports.string(),
   external_exports.record(external_exports.string(), firewallPolicyValueSchema)
 );
+var grantedPermissionSchema = external_exports.object({
+  allow: external_exports.array(external_exports.string()),
+  allowUnknown: external_exports.boolean()
+});
+var grantedPermissionsSchema = external_exports.record(
+  external_exports.string(),
+  grantedPermissionSchema
+);
 var BASE_URL_VARS_PATTERN = /\$\{\{\s*vars\.([a-zA-Z_][a-zA-Z0-9_]*)\s*\}\}/;
 var BASE_URL_VARS_PATTERN_G = new RegExp(BASE_URL_VARS_PATTERN.source, "g");
 
@@ -70348,7 +70358,10 @@ var chatMessagesContract = c10.router({
       agentId: external_exports.string().min(1),
       prompt: external_exports.string().min(1),
       threadId: external_exports.string().optional(),
-      modelProvider: external_exports.string().optional()
+      modelProvider: external_exports.string().optional(),
+      // Optional for backward compatibility: older clients that omit this field
+      // still trigger title generation (server guards with !== false, not === true).
+      hasTextContent: external_exports.boolean().optional()
     }),
     responses: {
       201: external_exports.object({
@@ -70551,8 +70564,10 @@ var storedExecutionContextSchema = external_exports.object({
   userTimezone: external_exports.string().optional(),
   // Memory storage name (for first-run when manifest.memory is null)
   memoryName: external_exports.string().optional(),
-  // Firewall for proxy-side token replacement
+  // Firewall for proxy-side token replacement (complete config, all permissions)
   firewalls: firewallsSchema.optional(),
+  // Per-firewall grant config: which permissions are granted + allowUnknown flag
+  grantedPermissions: grantedPermissionsSchema.optional(),
   // Tools to disable in Claude CLI (passed as --disallowed-tools)
   disallowedTools: external_exports.array(external_exports.string()).optional(),
   // Tools to make available in Claude CLI (passed as --tools)
@@ -70591,8 +70606,10 @@ var executionContextSchema = external_exports.object({
   userTimezone: external_exports.string().optional(),
   // Memory storage name (for first-run when manifest.memory is null)
   memoryName: external_exports.string().optional(),
-  // Firewall for proxy-side token replacement
+  // Firewall for proxy-side token replacement (complete config, all permissions)
   firewalls: firewallsSchema.optional(),
+  // Per-firewall grant config: which permissions are granted + allowUnknown flag
+  grantedPermissions: grantedPermissionsSchema.optional(),
   // Tools to disable in Claude CLI (passed as --disallowed-tools)
   disallowedTools: external_exports.array(external_exports.string()).optional(),
   // Tools to make available in Claude CLI (passed as --tools)
@@ -71033,6 +71050,7 @@ var zeroAgentResponseSchema = external_exports.object({
   sound: external_exports.string().nullable(),
   avatarUrl: external_exports.string().nullable(),
   permissionPolicies: firewallPoliciesSchema.nullable(),
+  allowUnknownEndpoints: external_exports.record(external_exports.string(), external_exports.boolean()).nullable(),
   customSkills: external_exports.array(external_exports.string()).default([])
 });
 var zeroAgentRequestSchema = external_exports.object({
@@ -71144,7 +71162,8 @@ var zeroAgentsByIdContract = c17.router({
 });
 var zeroAgentPermissionPoliciesRequestSchema = external_exports.object({
   agentId: external_exports.string().uuid(),
-  policies: firewallPoliciesSchema
+  policies: firewallPoliciesSchema,
+  allowUnknownEndpoints: external_exports.record(external_exports.string(), external_exports.boolean()).optional()
 });
 var zeroAgentPermissionPoliciesContract = c17.router({
   update: {
@@ -72058,6 +72077,7 @@ var runContextResponseSchema = external_exports.object({
   vars: external_exports.record(external_exports.string(), external_exports.string()).nullable(),
   environment: external_exports.record(external_exports.string(), external_exports.string()),
   firewalls: external_exports.array(runContextFirewallSchema),
+  grantedPermissions: grantedPermissionsSchema.nullable().optional(),
   volumes: external_exports.array(runContextVolumeSchema),
   artifact: runContextArtifactSchema.nullable(),
   memory: runContextArtifactSchema.nullable()
@@ -73001,94 +73021,60 @@ var zeroMemberCreditCapContract = c38.router({
   }
 });
 
-// ../../packages/core/src/contracts/zero-ask-user.ts
+// ../../packages/core/src/contracts/zero-developer-support.ts
 init_esm_shims();
 var c39 = initContract();
-var askUserQuestionItemSchema = external_exports.object({
-  question: external_exports.string().min(1),
-  header: external_exports.string().max(12).optional(),
-  options: external_exports.array(
-    external_exports.object({
-      label: external_exports.string(),
-      description: external_exports.string().optional()
-    })
-  ).min(1),
-  multiSelect: external_exports.boolean().optional()
-});
-var askUserQuestionBodySchema = external_exports.object({
-  questions: external_exports.array(askUserQuestionItemSchema).min(1)
+var developerSupportBodySchema = external_exports.object({
+  title: external_exports.string().min(1, "Title is required"),
+  description: external_exports.string().min(1, "Description is required"),
+  consentCode: external_exports.string().optional()
 });
-var askUserQuestionResponseSchema = external_exports.object({
-  pendingId: external_exports.string().uuid()
+var consentCodeResponseSchema = external_exports.object({
+  consentCode: external_exports.string()
 });
-var askUserAnswerStatusSchema = external_exports.enum([
-  "pending",
-  "answered",
-  "expired"
-]);
-var askUserAnswerResponseSchema = external_exports.object({
-  status: askUserAnswerStatusSchema,
-  answer: external_exports.string().optional()
+var submitResponseSchema = external_exports.object({
+  reference: external_exports.string()
 });
-var zeroAskUserQuestionContract = c39.router({
-  postQuestion: {
+var zeroDeveloperSupportContract = c39.router({
+  submit: {
     method: "POST",
-    path: "/api/zero/ask-user/question",
+    path: "/api/zero/developer-support",
     headers: authHeadersSchema,
-    body: askUserQuestionBodySchema,
+    body: developerSupportBodySchema,
     responses: {
-      200: askUserQuestionResponseSchema,
+      200: external_exports.union([consentCodeResponseSchema, submitResponseSchema]),
       400: apiErrorSchema,
-      401: apiErrorSchema
-    },
-    summary: "Submit a question for the user and receive a pending ID for polling"
-  }
-});
-var zeroAskUserAnswerContract = c39.router({
-  getAnswer: {
-    method: "GET",
-    path: "/api/zero/ask-user/answer",
-    headers: authHeadersSchema,
-    query: external_exports.object({
-      pendingId: external_exports.string().uuid()
-    }),
-    responses: {
-      200: askUserAnswerResponseSchema,
       401: apiErrorSchema,
-      403: apiErrorSchema,
-      404: apiErrorSchema
+      403: apiErrorSchema
     },
-    summary: "Poll for the user's answer to a pending question"
+    summary: "Developer support: consent code generation or diagnostic submission"
   }
 });
 
-// ../../packages/core/src/contracts/zero-developer-support.ts
+// ../../packages/core/src/contracts/zero-report-error.ts
 init_esm_shims();
 var c40 = initContract();
-var developerSupportBodySchema = external_exports.object({
+var reportErrorBodySchema = external_exports.object({
+  runId: external_exports.string().min(1, "Run ID is required"),
   title: external_exports.string().min(1, "Title is required"),
-  description: external_exports.string().min(1, "Description is required"),
-  consentCode: external_exports.string().optional()
-});
-var consentCodeResponseSchema = external_exports.object({
-  consentCode: external_exports.string()
+  description: external_exports.string().optional()
 });
-var submitResponseSchema = external_exports.object({
+var reportErrorResponseSchema = external_exports.object({
   reference: external_exports.string()
 });
-var zeroDeveloperSupportContract = c40.router({
+var zeroReportErrorContract = c40.router({
   submit: {
     method: "POST",
-    path: "/api/zero/developer-support",
+    path: "/api/zero/report-error",
     headers: authHeadersSchema,
-    body: developerSupportBodySchema,
+    body: reportErrorBodySchema,
     responses: {
-      200: external_exports.union([consentCodeResponseSchema, submitResponseSchema]),
+      200: reportErrorResponseSchema,
       400: apiErrorSchema,
       401: apiErrorSchema,
       403: apiErrorSchema
     },
-    summary: "Developer support: consent code generation or diagnostic submission"
+    summary: "Submit error report for a failed run"
   }
 });
 
@@ -74701,26 +74687,6 @@ async function searchZeroLogs(options) {
   handleError(result, "Failed to search zero logs");
 }
 
-// src/lib/api/domains/zero-ask-user.ts
-init_esm_shims();
-async function postAskUserQuestion(body) {
-  const config2 = await getClientConfig();
-  const client = initClient(zeroAskUserQuestionContract, config2);
-  const result = await client.postQuestion({ body, headers: {} });
-  if (result.status === 200) return result.body;
-  handleError(result, "Failed to post question");
-}
-async function getAskUserAnswer(pendingId) {
-  const config2 = await getClientConfig();
-  const client = initClient(zeroAskUserAnswerContract, config2);
-  const result = await client.getAnswer({
-    query: { pendingId },
-    headers: {}
-  });
-  if (result.status === 200) return result.body;
-  handleError(result, "Failed to get answer");
-}
-
 // src/lib/api/domains/zero-computer-use.ts
 init_esm_shims();
 async function registerComputerUseHost() {
@@ -75359,7 +75325,15 @@ var EventRenderer = class _EventRenderer {
   static renderRunFailed(error48, runId) {
     console.error("");
     console.error(source_default.red("\u2717 Run failed"));
-    console.error(`  Error: ${source_default.red(error48 || "Unknown error")}`);
+    const errorText = error48 || "Unknown error";
+    const linkMatch = errorText.match(/\[([^\]]+)\]\(([^)]+)\)/);
+    if (linkMatch) {
+      const messageWithoutLink = errorText.replace(linkMatch[0], "").replace(/\s+$/, "");
+      console.error(`  Error: ${source_default.red(messageWithoutLink)}`);
+      console.error(`  ${linkMatch[1]}: ${source_default.cyan(linkMatch[2])}`);
+    } else {
+      console.error(`  Error: ${source_default.red(errorText)}`);
+    }
     console.error(
       source_default.dim(`  (use "vm0 logs ${runId} --system" to view system logs)`)
     );
@@ -75911,8 +75885,6 @@ export {
   getAgentEvents,
   getNetworkLogs,
   searchLogs,
-  postAskUserQuestion,
-  getAskUserAnswer,
   requestDeveloperSupportConsent,
   submitDeveloperSupport,
   registerComputerUseHost,
@@ -75954,4 +75926,4 @@ undici/lib/web/fetch/body.js:
 undici/lib/web/websocket/frame.js:
   (*! ws. MIT License. Einar Otto Stangvik <einaros@gmail.com> *)
 */
-//# sourceMappingURL=chunk-W353Y7DH.js.map
+//# sourceMappingURL=chunk-H56HRDOU.js.map