@vm0/cli 9.119.2 → 9.120.0

package/zero.js

@@ -18,15 +18,11 @@ import {
   createPhoneCall,
   createSkill,
   createZeroAgent,
-  createZeroComputerConnector,
-  createZeroConnectorSession,
   createZeroRun,
   decodeCliTokenPayload,
   decodeZeroTokenPayload,
   deleteSkill,
   deleteZeroAgent,
-  deleteZeroComputerConnector,
-  deleteZeroConnector,
   deleteZeroOrg,
   deleteZeroOrgModelProvider,
   deleteZeroOrgSecret,
@@ -44,7 +40,6 @@ import {
   getActiveOrg,
   getApiUrl,
   getAuthMethodsForType,
-  getBaseUrl,
   getComputerUseHost,
   getConnectorDerivedNames,
   getConnectorEnvironmentMapping,
@@ -65,7 +60,6 @@ import {
   getZeroAgentInstructions,
   getZeroAgentUserConnectors,
   getZeroConnector,
-  getZeroConnectorSession,
   getZeroOrg,
   getZeroOrgMembers,
   getZeroRun,
@@ -110,6 +104,7 @@ import {
   resolveFirewallPolicies,
   resolveZeroScheduleByAgent,
   saveConfig,
+  searchConnectors,
   searchZeroLogs,
   sendChatMessage,
   sendSlackMessage,
@@ -131,7 +126,7 @@ import {
   upsertZeroOrgModelProvider,
   withErrorHandler,
   zeroAgentCustomSkillNameSchema
-} from "./chunk-PS4P6JB6.js";
+} from "./chunk-CVXG5BRK.js";
 import {
   __toESM,
   init_esm_shims
@@ -1564,388 +1559,63 @@ Notes:
 // src/commands/zero/connector/index.ts
 init_esm_shims();
 
-// src/commands/zero/connector/connect.ts
+// src/commands/zero/connector/list.ts
 init_esm_shims();
 
-// src/lib/computer/start-services.ts
+// src/commands/zero/connector/agent-context.ts
 init_esm_shims();
-import { spawn } from "child_process";
-import { access, constants } from "fs/promises";
-import { createServer } from "net";
-import { homedir } from "os";
-import { join } from "path";
-
-// src/lib/computer/ngrok.ts
-init_esm_shims();
-async function loadNgrok() {
-  try {
-    const mod = await import("@ngrok/ngrok");
-    return mod.default;
-  } catch (cause) {
-    throw new Error(
-      "Failed to load ngrok tunnel module. This may be caused by a system library (GLIBC) incompatibility. See: https://github.com/vm0-ai/vm0/issues/6825",
-      { cause }
-    );
-  }
-}
-async function startNgrokTunnels(ngrokToken, endpointPrefix, webdavPort, cdpPort) {
-  const ngrok = await loadNgrok();
-  await ngrok.forward({
-    addr: `localhost:${webdavPort}`,
-    authtoken: ngrokToken,
-    domain: `webdav.${endpointPrefix}.internal`
-  });
-  await ngrok.forward({
-    addr: `localhost:${cdpPort}`,
-    authtoken: ngrokToken,
-    domain: `chrome.${endpointPrefix}.internal`
-  });
-}
-async function stopNgrokTunnels() {
-  const ngrok = await loadNgrok();
-  await ngrok.kill();
+async function resolveAgentContext(flagAgentId) {
+  const agentId = flagAgentId ?? process.env.ZERO_AGENT_ID;
+  if (!agentId) return null;
+  const [agent, enabledTypes] = await Promise.all([
+    getZeroAgent(agentId),
+    getZeroAgentUserConnectors(agentId)
+  ]);
+  return {
+    agentId: agent.agentId,
+    displayName: agent.displayName ?? agent.agentId,
+    authorizedTypes: new Set(enabledTypes)
+  };
 }
 
-// src/lib/computer/start-services.ts
-var CHROME_CANDIDATES = [
-  // macOS absolute paths
-  "/Applications/Google Chrome.app/Contents/MacOS/Google Chrome",
-  "/Applications/Google Chrome Canary.app/Contents/MacOS/Google Chrome Canary",
-  "/Applications/Chromium.app/Contents/MacOS/Chromium",
-  // Linux / PATH-based
-  "google-chrome",
-  "google-chrome-stable",
-  "chromium-browser",
-  "chromium",
-  "chrome"
-];
-async function getRandomPort() {
-  return new Promise((resolve, reject) => {
-    const server = createServer();
-    server.listen(0, "127.0.0.1", () => {
-      const { port } = server.address();
-      server.close(() => {
-        return resolve(port);
-      });
-    });
-    server.on("error", reject);
-  });
-}
-async function findBinary(...candidates) {
-  for (const candidate of candidates) {
-    if (candidate.startsWith("/")) {
-      try {
-        await access(candidate, constants.X_OK);
-        return candidate;
-      } catch {
-      }
-    } else {
-      const found = await new Promise((resolve) => {
-        const child = spawn("which", [candidate]);
-        child.on("close", (code) => {
-          return resolve(code === 0);
-        });
-      });
-      if (found) return candidate;
-    }
-  }
-  return null;
-}
-async function checkComputerDependencies() {
-  const wsgidavBinary = await findBinary("wsgidav");
-  if (!wsgidavBinary) {
-    throw new Error(
-      "wsgidav not found\n\nInstall with: pip install wsgidav[cheroot]"
-    );
-  }
-  const chromeBinary = await findBinary(...CHROME_CANDIDATES);
-  if (!chromeBinary) {
-    throw new Error("Chrome not found\n\nInstall Google Chrome or Chromium");
-  }
+// src/commands/zero/connector/list.ts
+function renderIdentity(connector) {
+  if (connector.externalUsername) return `@${connector.externalUsername}`;
+  if (connector.externalEmail) return connector.externalEmail;
+  return "-";
 }
-async function startComputerServices(credentials) {
-  console.log(source_default.cyan("Starting computer connector services..."));
-  const wsgidavBinary = await findBinary("wsgidav");
-  if (!wsgidavBinary) {
-    throw new Error(
-      "wsgidav not found\n\nInstall with: pip install wsgidav[cheroot]"
-    );
+function renderConnectedAsCell(connector) {
+  if (!connector) return source_default.dim("(not connected)");
+  const identity = renderIdentity(connector);
+  if (connector.needsReconnect) {
+    return source_default.yellow(`${identity} (reconnect needed)`);
   }
-  const chromeBinary = await findBinary(...CHROME_CANDIDATES);
-  if (!chromeBinary) {
-    throw new Error("Chrome not found\n\nInstall Google Chrome or Chromium");
-  }
-  const webdavPort = await getRandomPort();
-  const cdpPort = await getRandomPort();
-  const downloadsPath = join(homedir(), "Downloads");
-  const wsgidav = spawn(
-    wsgidavBinary,
-    [
-      "--host=127.0.0.1",
-      `--port=${webdavPort}`,
-      `--root=${downloadsPath}`,
-      "--auth=anonymous",
-      "--no-config"
-    ],
-    { stdio: ["ignore", "pipe", "pipe"] }
-  );
-  wsgidav.stdout?.on("data", (data) => {
-    return process.stdout.write(data);
-  });
-  wsgidav.stderr?.on("data", (data) => {
-    return process.stderr.write(data);
-  });
-  console.log(source_default.green("\u2713 WebDAV server started"));
-  const chrome = spawn(
-    chromeBinary,
-    [
-      `--remote-debugging-port=${cdpPort}`,
-      "--remote-debugging-address=127.0.0.1",
-      "--headless=new",
-      "--no-sandbox",
-      "--disable-gpu"
-    ],
-    { stdio: ["ignore", "pipe", "pipe"] }
-  );
-  chrome.stdout?.on("data", (data) => {
-    return process.stdout.write(data);
-  });
-  chrome.stderr?.on("data", (data) => {
-    return process.stderr.write(data);
-  });
-  console.log(source_default.green("\u2713 Chrome started"));
-  try {
-    await startNgrokTunnels(
-      credentials.ngrokToken,
-      credentials.endpointPrefix,
-      webdavPort,
-      cdpPort
-    );
-    console.log(
-      source_default.green(
-        `\u2713 ngrok tunnels: webdav.${credentials.domain}, chrome.${credentials.domain}`
-      )
-    );
-    console.log();
-    console.log(source_default.green("\u2713 Computer connector active"));
-    console.log(`  WebDAV:     ~/Downloads \u2192 webdav.${credentials.domain}`);
-    console.log(
-      `  Chrome CDP: port ${cdpPort}   \u2192 chrome.${credentials.domain}`
-    );
-    console.log();
-    console.log(source_default.dim("Press ^C twice to disconnect"));
-    console.log();
-    let sigintCount = 0;
-    await new Promise((resolve) => {
-      const keepAlive = setInterval(() => {
-      }, 6e4);
-      const done = () => {
-        clearInterval(keepAlive);
-        process.removeListener("SIGINT", onSigint);
-        resolve();
-      };
-      const onSigint = () => {
-        sigintCount++;
-        if (sigintCount === 1) {
-          console.log(source_default.dim("\nPress ^C again to disconnect and exit..."));
-        } else {
-          done();
-        }
-      };
-      process.on("SIGINT", onSigint);
-      process.once("SIGTERM", done);
-    });
-  } finally {
-    console.log();
-    console.log(source_default.cyan("Stopping services..."));
-    wsgidav.kill("SIGTERM");
-    chrome.kill("SIGTERM");
-    await stopNgrokTunnels();
-    console.log(source_default.green("\u2713 Services stopped"));
+  const scopeMismatch = connector.authMethod === "oauth" && !hasRequiredScopes(connector.type, connector.oauthScopes);
+  if (scopeMismatch) {
+    return source_default.yellow(`${identity} (permissions update available)`);
   }
+  return identity;
 }
-
-// src/commands/zero/connector/connect.ts
-function delay(ms) {
-  return new Promise((resolve) => {
-    return setTimeout(resolve, ms);
-  });
+var ANSI_PATTERN = /\u001b\[[0-9;]*m/g;
+function stripAnsi(s) {
+  return s.replace(ANSI_PATTERN, "");
 }
-function renderHelpText(text) {
-  return text.replace(/\[([^\]]+)\]\(([^)]+)\)/g, (_m, label, url) => {
-    return `${label} (${source_default.cyan(url)})`;
-  }).replace(/\*\*([^*]+)\*\*/g, (_m, content) => {
-    return source_default.bold(content);
-  }).replace(/^> (.+)$/gm, (_m, content) => {
-    return source_default.yellow(`  ${content}`);
-  });
+function padEndAnsi(s, width) {
+  const visible = stripAnsi(s).length;
+  return s + " ".repeat(Math.max(0, width - visible));
 }
-async function connectViaApiToken(connectorType, tokenValue) {
-  const config = CONNECTOR_TYPES[connectorType];
-  const apiTokenConfig = config.authMethods["api-token"];
-  if (!apiTokenConfig) {
-    throw new Error(
-      `${config.label} does not support API token authentication`
-    );
-  }
-  const secretEntries = Object.entries(apiTokenConfig.secrets);
-  const inputSecrets = {};
-  if (tokenValue && secretEntries.length === 1) {
-    const [secretName] = secretEntries[0];
-    inputSecrets[secretName] = tokenValue;
-  } else {
-    if (apiTokenConfig.helpText) {
-      console.log();
-      console.log(renderHelpText(apiTokenConfig.helpText));
-      console.log();
-    }
-    for (const [secretName, secretConfig] of secretEntries) {
-      if (!secretConfig.required) continue;
-      const value = await promptPassword(
-        `${secretConfig.label}${secretConfig.placeholder ? source_default.dim(` (${secretConfig.placeholder})`) : ""}:`
-      );
-      if (!value) {
-        console.log(source_default.dim("Cancelled"));
-        return;
-      }
-      inputSecrets[secretName] = value;
-    }
-  }
-  for (const [name, value] of Object.entries(inputSecrets)) {
-    await setZeroSecret({
-      name,
-      value,
-      description: `API token for ${config.label} connector`
-    });
-  }
-  console.log(source_default.green(`
-\u2713 Connector "${connectorType}" connected`));
-}
-async function connectComputer() {
-  await checkComputerDependencies();
-  console.log(source_default.cyan("Setting up computer connector..."));
-  const credentials = await createZeroComputerConnector();
-  await startComputerServices(credentials);
-  console.log(source_default.cyan("Disconnecting computer connector..."));
-  await deleteZeroComputerConnector();
-  console.log(source_default.green("\u2713 Disconnected computer"));
-}
-async function resolveAuthMethod(connectorType, tokenFlag) {
-  const config = CONNECTOR_TYPES[connectorType];
-  const oauthFlag = CONNECTOR_TYPES[connectorType].featureFlag;
-  const orgId = await getActiveOrg();
-  const oauthAvailable = "oauth" in config.authMethods && (!oauthFlag || isFeatureEnabled(oauthFlag, { orgId }));
-  const apiTokenAvailable = "api-token" in config.authMethods;
-  if (tokenFlag) {
-    if (!apiTokenAvailable) {
-      throw new Error(
-        `${config.label} does not support API token authentication`
-      );
-    }
-    return "api-token";
-  }
-  if (oauthAvailable && apiTokenAvailable) {
-    const selected = await promptSelect(
-      `How would you like to connect ${config.label}?`,
-      [
-        { title: "OAuth (Sign in with browser)", value: "oauth" },
-        {
-          title: `API Token (${config.authMethods["api-token"].label})`,
-          value: "api-token"
-        }
-      ]
-    );
-    if (!selected) {
-      console.log(source_default.dim("Cancelled"));
-      return null;
-    }
-    return selected;
-  }
-  if (apiTokenAvailable) return "api-token";
-  if (oauthAvailable) return "oauth";
-  throw new Error(
-    `${config.label} has no available auth methods. OAuth may not be enabled yet.`
-  );
-}
-async function connectViaOAuth(connectorType) {
-  console.log(`Connecting ${source_default.cyan(connectorType)}...`);
-  const session = await createZeroConnectorSession(connectorType);
-  const apiUrl = await getBaseUrl();
-  const verificationUrl = `${apiUrl}${session.verificationUrl}`;
-  console.log(source_default.green("\nSession created"));
-  console.log(source_default.cyan(`
-To connect, visit: ${verificationUrl}`));
-  console.log(
-    `
-The session expires in ${Math.floor(session.expiresIn / 60)} minutes.`
-  );
-  console.log("\nWaiting for authorization...");
-  const startTime = Date.now();
-  const maxWaitTime = session.expiresIn * 1e3;
-  const pollInterval = (session.interval || 5) * 1e3;
-  let isFirstPoll = true;
-  while (Date.now() - startTime < maxWaitTime) {
-    if (!isFirstPoll) {
-      await delay(pollInterval);
-    }
-    isFirstPoll = false;
-    const status = await getZeroConnectorSession(connectorType, session.id);
-    switch (status.status) {
-      case "complete":
-        console.log(
-          source_default.green(`
-
-\u2713 Connector "${connectorType}" connected`)
-        );
-        return;
-      case "expired":
-        throw new Error("Session expired, please try again");
-      case "error":
-        throw new Error(
-          `Connection failed: ${status.errorMessage || "Unknown error"}`
-        );
-      case "pending":
-        process.stdout.write(source_default.dim("."));
-        break;
-    }
-  }
-  throw new Error("Session timed out, please try again");
-}
-var connectCommand = new Command().name("connect").description("Connect a third-party service (e.g., GitHub)").argument("<type>", "Connector type (e.g., github)").option("--token <value>", "API token value (skip interactive prompt)").action(
-  withErrorHandler(async (type, options) => {
-    const parseResult = connectorTypeSchema.safeParse(type);
-    if (!parseResult.success) {
-      const available = Object.keys(CONNECTOR_TYPES).join(", ");
-      throw new Error(`Unknown connector type: ${type}`, {
-        cause: new Error(`Available connectors: ${available}`)
-      });
-    }
-    const connectorType = parseResult.data;
-    if (connectorType === "computer") {
-      await connectComputer();
-      return;
-    }
-    const authMethod = await resolveAuthMethod(connectorType, options.token);
-    if (!authMethod) return;
-    if (authMethod === "api-token") {
-      await connectViaApiToken(connectorType, options.token);
-      return;
-    }
-    await connectViaOAuth(connectorType);
-  })
-);
-
-// src/commands/zero/connector/list.ts
-init_esm_shims();
-var listCommand6 = new Command().name("list").alias("ls").description("List all connectors and their status").action(
-  withErrorHandler(async () => {
-    const result = await listZeroConnectors();
+var listCommand6 = new Command().name("list").alias("ls").description("List all connectors and their status").option("--agent <id>", "Show per-agent authorization column").action(
+  withErrorHandler(async (options) => {
+    const [{ connectors }, orgId, agentCtx] = await Promise.all([
+      listZeroConnectors(),
+      getActiveOrg(),
+      resolveAgentContext(options.agent)
+    ]);
     const connectedMap = new Map(
-      result.connectors.map((c) => {
+      connectors.map((c) => {
         return [c.type, c];
       })
     );
-    const orgId = await getActiveOrg();
     const allTypesRaw = Object.keys(CONNECTOR_TYPES);
     const allTypes = [];
     for (const type of allTypesRaw) {
@@ -1962,28 +1632,133 @@ var listCommand6 = new Command().name("list").alias("ls").description("List all
         return t.length;
       })
     );
-    const statusText = "STATUS";
-    const statusWidth = statusText.length;
-    const header = [
+    const connectedAsHeader = "CONNECTED AS";
+    const connectedCells = allTypes.map((type) => {
+      return renderConnectedAsCell(connectedMap.get(type));
+    });
+    const connectedAsWidth = Math.max(
+      connectedAsHeader.length,
+      ...connectedCells.map((c) => {
+        return stripAnsi(c).length;
+      })
+    );
+    const authorizedHeader = agentCtx ? `AUTHORIZED FOR ${agentCtx.displayName}` : null;
+    const headerParts = [
       "TYPE".padEnd(typeWidth),
-      statusText.padEnd(statusWidth),
-      "ACCOUNT"
-    ].join("  ");
-    console.log(source_default.dim(header));
-    for (const type of allTypes) {
-      const connector = connectedMap.get(type);
-      const scopeMismatch = connector !== void 0 && connector.authMethod === "oauth" && !hasRequiredScopes(type, connector.oauthScopes);
-      const status = connector ? connector.needsReconnect ? source_default.yellow("!".padEnd(statusWidth)) : scopeMismatch ? source_default.yellow("!".padEnd(statusWidth)) : source_default.green("\u2713".padEnd(statusWidth)) : source_default.dim("-".padEnd(statusWidth));
-      const account = connector?.needsReconnect ? source_default.yellow("(reconnect needed)") : scopeMismatch ? source_default.yellow("(permissions update available)") : connector?.externalUsername ? `@${connector.externalUsername}` : source_default.dim("-");
-      const row = [type.padEnd(typeWidth), status, account].join("  ");
-      console.log(row);
+      connectedAsHeader.padEnd(connectedAsWidth)
+    ];
+    if (authorizedHeader) headerParts.push(authorizedHeader);
+    console.log(source_default.dim(headerParts.join("  ")));
+    for (let i = 0; i < allTypes.length; i++) {
+      const type = allTypes[i];
+      const connectedCell = padEndAnsi(connectedCells[i], connectedAsWidth);
+      const parts = [type.padEnd(typeWidth), connectedCell];
+      if (agentCtx) {
+        parts.push(
+          agentCtx.authorizedTypes.has(type) ? source_default.green("\u2713") : source_default.dim("-")
+        );
+      }
+      console.log(parts.join("  "));
     }
-    console.log();
-    console.log(source_default.dim("To connect a service:"));
-    console.log(source_default.dim("  zero connector connect <type>"));
   })
 );
 
+// src/commands/zero/connector/search.ts
+init_esm_shims();
+var DEFAULT_LIMIT = 5;
+var EXACT_MATCH_THRESHOLD = 80;
+var ANSI_PATTERN2 = /\u001b\[[0-9;]*m/g;
+function stripAnsi2(s) {
+  return s.replace(ANSI_PATTERN2, "");
+}
+function padEndAnsi2(s, width) {
+  const visible = stripAnsi2(s).length;
+  return s + " ".repeat(Math.max(0, width - visible));
+}
+function parseLimit(raw) {
+  const n = Number.parseInt(raw, 10);
+  if (!Number.isFinite(n) || n <= 0) {
+    throw new Error(`--limit must be a positive integer, got "${raw}".`);
+  }
+  return n;
+}
+var searchCommand = new Command().name("search").description("Search connectors by type, label, env var, secret, or tag").argument("<keyword>", "Search keyword (case-insensitive)").option("--agent <id>", "Show per-agent authorization column").option(
+  "--limit <n>",
+  `Maximum number of results to display (default ${DEFAULT_LIMIT})`,
+  parseLimit,
+  DEFAULT_LIMIT
+).action(
+  withErrorHandler(
+    async (keyword, options) => {
+      const trimmed = keyword.trim();
+      if (!trimmed) {
+        throw new Error("Keyword cannot be empty.");
+      }
+      const [orgId, agentCtx] = await Promise.all([
+        getActiveOrg(),
+        resolveAgentContext(options.agent)
+      ]);
+      const isTypeAvailable = (type) => {
+        const config = CONNECTOR_TYPES[type];
+        const flag = config.featureFlag;
+        const hasApiToken = "api-token" in config.authMethods;
+        return !flag || isFeatureEnabled(flag, { orgId }) || hasApiToken;
+      };
+      const { results, total } = searchConnectors(
+        trimmed,
+        options.limit,
+        isTypeAvailable
+      );
+      if (results.length === 0) {
+        console.log("No matches found.");
+        return;
+      }
+      const topScore = results[0].score;
+      if (topScore < EXACT_MATCH_THRESHOLD) {
+        console.log("No exact match. Showing closest:");
+      }
+      if (total > options.limit) {
+        console.log(`Too many results (top ${options.limit} of ${total}):`);
+      }
+      const typeHeader = "TYPE";
+      const labelHeader = "LABEL";
+      const typeWidth = Math.max(
+        typeHeader.length,
+        ...results.map((r) => {
+          return r.type.length;
+        })
+      );
+      const labelWidth = Math.max(
+        labelHeader.length,
+        ...results.map((r) => {
+          return CONNECTOR_TYPES[r.type].label.length;
+        })
+      );
+      const headerParts = [
+        typeHeader.padEnd(typeWidth),
+        labelHeader.padEnd(labelWidth)
+      ];
+      if (agentCtx) {
+        headerParts.push(`AUTHORIZED FOR ${agentCtx.displayName}`);
+      }
+      console.log(source_default.dim(headerParts.join("  ")));
+      for (const result of results) {
+        const config = CONNECTOR_TYPES[result.type];
+        const parts = [
+          result.type.padEnd(typeWidth),
+          padEndAnsi2(config.label, labelWidth)
+        ];
+        if (agentCtx) {
+          parts.push(
+            agentCtx.authorizedTypes.has(result.type) ? source_default.green("\u2713") : source_default.dim("-")
+          );
+        }
+        console.log(parts.join("  "));
+      }
+    }
+  )
+);
+
 // src/commands/zero/connector/status.ts
 init_esm_shims();
 
@@ -2101,10 +1876,30 @@ function toISODateTime(dateTimeStr) {
   return date.toISOString();
 }
 
+// src/commands/zero/doctor/platform-url.ts
+init_esm_shims();
+function toPlatformUrl(apiUrl) {
+  const parsed = new URL(apiUrl);
+  const parts = parsed.hostname.split(".");
+  if (parts[0].endsWith("-www")) {
+    parts[0] = parts[0].slice(0, -"-www".length) + "-app";
+  } else if (parts[0] === "www" || parts[0] === "platform") {
+    parts[0] = "app";
+  } else if (parts[0] !== "app" && parts[0] !== "localhost") {
+    parts.unshift("app");
+  }
+  parsed.hostname = parts.join(".");
+  return parsed;
+}
+async function getPlatformOrigin() {
+  const apiUrl = await getApiUrl();
+  return toPlatformUrl(apiUrl).origin;
+}
+
 // src/commands/zero/connector/status.ts
 var LABEL_WIDTH = 16;
-var statusCommand2 = new Command().name("status").description("Show detailed status of a connector").argument("<type>", "Connector type (e.g., github)").action(
-  withErrorHandler(async (type) => {
+var statusCommand2 = new Command().name("status").description("Show detailed status of a connector").argument("<type>", "Connector type (e.g., github)").option("--agent <id>", "Show authorization state for the given agent").action(
+  withErrorHandler(async (type, options) => {
     const parseResult = connectorTypeSchema.safeParse(type);
     if (!parseResult.success) {
       const available = Object.keys(CONNECTOR_TYPES).join(", ");
@@ -2112,7 +1907,10 @@ var statusCommand2 = new Command().name("status").description("Show detailed sta
         cause: new Error(`Available connectors: ${available}`)
       });
     }
-    const connector = await getZeroConnector(parseResult.data);
+    const [connector, agentCtx] = await Promise.all([
+      getZeroConnector(parseResult.data),
+      resolveAgentContext(options.agent)
+    ]);
     console.log(`Connector: ${source_default.cyan(type)}`);
     console.log();
     if (connector) {
@@ -2154,67 +1952,37 @@ var statusCommand2 = new Command().name("status").description("Show detailed sta
           `${"Last Updated:".padEnd(LABEL_WIDTH)}${formatDateTime(connector.updatedAt)}`
         );
       }
-      console.log();
-      console.log(source_default.dim("To disconnect:"));
-      console.log(source_default.dim(`  zero connector disconnect ${type}`));
     } else {
       console.log(
         `${"Status:".padEnd(LABEL_WIDTH)}${source_default.dim("not connected")}`
       );
-      console.log();
-      console.log(source_default.dim("To connect:"));
-      console.log(source_default.dim(`  zero connector connect ${type}`));
     }
-  })
-);
-
-// src/commands/zero/connector/disconnect.ts
-init_esm_shims();
-var disconnectCommand = new Command().name("disconnect").description("Disconnect a third-party service").argument("<type>", "Connector type to disconnect (e.g., github)").action(
-  withErrorHandler(async (type) => {
-    const parseResult = connectorTypeSchema.safeParse(type);
-    if (!parseResult.success) {
-      const available = Object.keys(CONNECTOR_TYPES).join(", ");
-      throw new Error(`Unknown connector type: ${type}`, {
-        cause: new Error(`Available connectors: ${available}`)
-      });
+    if (agentCtx) {
+      const authorized = agentCtx.authorizedTypes.has(parseResult.data);
+      const glyph = authorized ? source_default.green("\u2713") : source_default.dim("-");
+      console.log();
+      console.log(
+        `${"Authorized:".padEnd(LABEL_WIDTH)}${glyph} for agent ${agentCtx.displayName}`
+      );
+      if (!authorized) {
+        const origin = await getPlatformOrigin();
+        const url = `${origin}/connectors/${parseResult.data}/authorize?agentId=${agentCtx.agentId}`;
+        console.log(
+          `${"".padEnd(LABEL_WIDTH)}${source_default.dim("Authorize:")} ${url}`
+        );
+      }
     }
-    const connectorType = parseResult.data;
-    await deleteZeroConnector(connectorType);
-    console.log(source_default.green(`\u2713 Disconnected ${type}`));
   })
 );
 
 // src/commands/zero/connector/index.ts
-var zeroConnectorCommand = new Command().name("connector").description("Check or connect third-party services (GitHub, Slack, etc.)").addCommand(listCommand6).addCommand(statusCommand2).addCommand(connectCommand).addCommand(disconnectCommand);
+var zeroConnectorCommand = new Command().name("connector").description("Check third-party service connections (GitHub, Slack, etc.)").addCommand(listCommand6).addCommand(searchCommand).addCommand(statusCommand2);
 
 // src/commands/zero/doctor/index.ts
 init_esm_shims();
 
 // src/commands/zero/doctor/check-connector.ts
 init_esm_shims();
-
-// src/commands/zero/doctor/platform-url.ts
-init_esm_shims();
-function toPlatformUrl(apiUrl) {
-  const parsed = new URL(apiUrl);
-  const parts = parsed.hostname.split(".");
-  if (parts[0].endsWith("-www")) {
-    parts[0] = parts[0].slice(0, -"-www".length) + "-app";
-  } else if (parts[0] === "www" || parts[0] === "platform") {
-    parts[0] = "app";
-  } else if (parts[0] !== "app" && parts[0] !== "localhost") {
-    parts.unshift("app");
-  }
-  parsed.hostname = parts.join(".");
-  return parsed;
-}
-async function getPlatformOrigin() {
-  const apiUrl = await getApiUrl();
-  return toPlatformUrl(apiUrl).origin;
-}
-
-// src/commands/zero/doctor/check-connector.ts
 function resolveConnectorFromUrl(url) {
   const allTypes = Object.keys(CONNECTOR_TYPES);
   const normalized = url.endsWith("/") ? url.slice(0, -1) : url;
@@ -4222,10 +3990,10 @@ Notes:
 
 // src/commands/zero/slack/download-file.ts
 init_esm_shims();
-import { join as join2 } from "path";
+import { join } from "path";
 import { tmpdir } from "os";
 function defaultOutPath(fileId) {
-  return join2(tmpdir(), `slack-${fileId}`);
+  return join(tmpdir(), `slack-${fileId}`);
 }
 var downloadFileCommand = new Command().name("download-file").description("Download a Slack file by id using the bot token").argument("<file-id>", "Slack file id (e.g. F01234ABCD)").option(
   "-o, --out <path>",
@@ -4520,7 +4288,7 @@ init_esm_shims();
 // src/lib/skill-directory.ts
 init_esm_shims();
 import { readFileSync as readFileSync6, readdirSync } from "fs";
-import { join as join3 } from "path";
+import { join as join2 } from "path";
 var IGNORED_NAMES = /* @__PURE__ */ new Set(["node_modules", ".git", ".DS_Store"]);
 function readSkillDirectory(dirPath) {
   const files = [];
@@ -4530,11 +4298,11 @@ function readSkillDirectory(dirPath) {
       if (entry.name.startsWith(".") || IGNORED_NAMES.has(entry.name)) continue;
       const relPath = prefix ? `${prefix}/${entry.name}` : entry.name;
       if (entry.isDirectory()) {
-        walk(join3(dir, entry.name), relPath);
+        walk(join2(dir, entry.name), relPath);
       } else {
         files.push({
           path: relPath,
-          content: readFileSync6(join3(dir, entry.name), "utf-8")
+          content: readFileSync6(join2(dir, entry.name), "utf-8")
         });
       }
     }
@@ -4857,7 +4625,7 @@ function parseContextOptions(options) {
   }
   return { before, after };
 }
-function parseLimit(value) {
+function parseLimit2(value) {
   if (!value) return void 0;
   const limit = parseInt(value, 10);
   if (isNaN(limit) || limit < 1 || limit > 50) {
@@ -4912,7 +4680,7 @@ function renderResults(response) {
     );
   }
 }
-var searchCommand = new Command().name("search").description("Search agent events across runs").argument("<keyword>", "Search keyword").option("-A, --after-context <n>", "Show n events after each match").option("-B, --before-context <n>", "Show n events before each match").option("-C, --context <n>", "Show n events before and after each match").option("--agent <name>", "Filter by agent name").option("--run <id>", "Filter by specific run ID").option("--since <time>", "Search logs since (default: 7d)").option("--limit <n>", "Maximum number of matches (default: 20)").addHelpText(
+var searchCommand2 = new Command().name("search").description("Search agent events across runs").argument("<keyword>", "Search keyword").option("-A, --after-context <n>", "Show n events after each match").option("-B, --before-context <n>", "Show n events before each match").option("-C, --context <n>", "Show n events before and after each match").option("--agent <name>", "Filter by agent name").option("--run <id>", "Filter by specific run ID").option("--since <time>", "Search logs since (default: 7d)").option("--limit <n>", "Maximum number of matches (default: 20)").addHelpText(
   "after",
   `
 Examples:
@@ -4930,7 +4698,7 @@ Examples:
       process.exit(1);
     }
     const since = options.since ? parseTime(options.since) : Date.now() - SEVEN_DAYS_MS;
-    const limit = parseLimit(options.limit);
+    const limit = parseLimit2(options.limit);
     const response = await searchZeroLogs({
       keyword,
       agent: options.agent,
@@ -5008,7 +4776,7 @@ async function showAgentEvents(runId, options) {
     renderAgentEvent(event, renderer);
   }
 }
-var zeroLogsCommand = new Command().name("logs").description("View and search agent run logs").argument("[runId]", "Run ID to view agent events for").addCommand(listCommand11).addCommand(searchCommand).option(
+var zeroLogsCommand = new Command().name("logs").description("View and search agent run logs").argument("[runId]", "Run ID to view agent events for").addCommand(listCommand11).addCommand(searchCommand2).option(
   "--since <time>",
   "Show logs since timestamp (e.g., 5m, 2h, 1d, 2024-01-15T10:30:00Z)"
 ).option("--tail <n>", "Show last N entries (default: 5)").option("--head <n>", "Show first N entries").option("--all", "Fetch all log entries").addHelpText(
@@ -5117,7 +4885,7 @@ init_esm_shims();
 // src/lib/computer-use/desktop-server.ts
 init_esm_shims();
 import {
-  createServer as createServer2
+  createServer
 } from "http";
 import { createServer as createNetServer } from "net";
 
@@ -5126,12 +4894,12 @@ init_esm_shims();
 import { execFile } from "child_process";
 import { readFile, unlink } from "fs/promises";
 import { randomUUID } from "crypto";
-import { join as join4 } from "path";
+import { join as join3 } from "path";
 import { tmpdir as tmpdir2 } from "os";
 import { promisify } from "util";
 var execFileAsync = promisify(execFile);
 async function captureScreenshot() {
-  const tmpPath = join4(tmpdir2(), `vm0-screenshot-${randomUUID()}.jpg`);
+  const tmpPath = join3(tmpdir2(), `vm0-screenshot-${randomUUID()}.jpg`);
   try {
     await execFileAsync("screencapture", ["-x", "-t", "jpg", tmpPath]);
     const info = await getScreenInfo();
@@ -5160,7 +4928,7 @@ async function captureScreenshot() {
   }
 }
 async function captureRegionScreenshot(region) {
-  const tmpPath = join4(tmpdir2(), `vm0-zoom-${randomUUID()}.jpg`);
+  const tmpPath = join3(tmpdir2(), `vm0-zoom-${randomUUID()}.jpg`);
   try {
     const regionArg = `${region.x},${region.y},${region.width},${region.height}`;
     await execFileAsync("screencapture", [
@@ -5417,7 +5185,7 @@ async function scroll(x, y, direction, amount = DEFAULT_SCROLL_AMOUNT) {
 
 // src/lib/computer-use/clipboard.ts
 init_esm_shims();
-import { execFile as execFile4, spawn as spawn2 } from "child_process";
+import { execFile as execFile4, spawn } from "child_process";
 import { promisify as promisify4 } from "util";
 var execFileAsync4 = promisify4(execFile4);
 async function readClipboard() {
@@ -5426,7 +5194,7 @@ async function readClipboard() {
 }
 async function writeClipboard(text) {
   return new Promise((resolve, reject) => {
-    const proc = spawn2("pbcopy", { stdio: ["pipe", "ignore", "ignore"] });
+    const proc = spawn("pbcopy", { stdio: ["pipe", "ignore", "ignore"] });
     proc.on("error", reject);
     proc.on("close", (code) => {
       if (code === 0) {
@@ -5653,7 +5421,7 @@ async function handleOpenApplication(req, res) {
   res.writeHead(200, { "Content-Type": "application/json" });
   res.end(JSON.stringify({ ok: true }));
 }
-async function getRandomPort2() {
+async function getRandomPort() {
   return new Promise((resolve, reject) => {
     const server = createNetServer();
     server.listen(0, "127.0.0.1", () => {
@@ -5727,7 +5495,7 @@ async function handleRequest(token, req, res) {
 }
 function startDesktopServer(token, port) {
   return new Promise((resolve, reject) => {
-    const server = createServer2((req, res) => {
+    const server = createServer((req, res) => {
       handleRequest(token, req, res).catch(() => {
         if (!res.headersSent) {
           res.writeHead(500, { "Content-Type": "text/plain" });
@@ -5744,7 +5512,7 @@ function startDesktopServer(token, port) {
 
 // src/lib/computer-use/ngrok.ts
 init_esm_shims();
-async function loadNgrok2() {
+async function loadNgrok() {
   try {
     const mod = await import("@ngrok/ngrok");
     return mod.default;
@@ -5756,7 +5524,7 @@ async function loadNgrok2() {
   }
 }
 async function startDesktopTunnel(ngrokToken, endpointPrefix, port) {
-  const ngrok = await loadNgrok2();
+  const ngrok = await loadNgrok();
   await ngrok.forward({
     addr: `localhost:${port}`,
     authtoken: ngrokToken,
@@ -5764,7 +5532,7 @@ async function startDesktopTunnel(ngrokToken, endpointPrefix, port) {
   });
 }
 async function stopDesktopTunnel() {
-  const ngrok = await loadNgrok2();
+  const ngrok = await loadNgrok();
   await ngrok.kill();
 }
 
@@ -5786,7 +5554,7 @@ var hostStartCommand = new Command().name("start").description("Start the comput
     }
     console.log(source_default.cyan("Registering computer-use host..."));
     const credentials = await registerComputerUseHost();
-    const port = await getRandomPort2();
+    const port = await getRandomPort();
     const server = await startDesktopServer(credentials.token, port);
     try {
       await startDesktopTunnel(
@@ -5852,7 +5620,7 @@ var hostStopCommand = new Command().name("stop").description("Stop and unregiste
 // src/commands/zero/computer-use/client.ts
 init_esm_shims();
 import { writeFile, mkdir } from "fs/promises";
-import { join as join5 } from "path";
+import { join as join4 } from "path";
 
 // src/lib/computer-use/client.ts
 init_esm_shims();
@@ -5920,7 +5688,7 @@ var clientScreenshotCommand = new Command().name("screenshot").description("Capt
     const dir = "/tmp/computer-use";
     await mkdir(dir, { recursive: true });
     const timestamp = Date.now();
-    const filePath = join5(dir, `screenshot-${timestamp}.${data.format}`);
+    const filePath = join4(dir, `screenshot-${timestamp}.${data.format}`);
     const buffer = Buffer.from(data.image, "base64");
     await writeFile(filePath, buffer);
     process.stdout.write(`${filePath}
@@ -5948,7 +5716,7 @@ var clientZoomCommand = new Command().name("zoom").description("Capture a region
       const dir = "/tmp/computer-use";
       await mkdir(dir, { recursive: true });
       const timestamp = Date.now();
-      const filePath = join5(dir, `zoom-${timestamp}.${data.format}`);
+      const filePath = join4(dir, `zoom-${timestamp}.${data.format}`);
       const buffer = Buffer.from(data.image, "base64");
       await writeFile(filePath, buffer);
       process.stdout.write(`${filePath}
@@ -6172,7 +5940,7 @@ function printCallInfo(call, callId) {
 // src/commands/zero/phone/call.ts
 var POLL_INTERVAL_MS = 1e4;
 var POLL_TIMEOUT_MS = 15 * 60 * 1e3;
-var delay2 = {
+var delay = {
   ms: (ms) => {
     return new Promise((resolve) => {
       setTimeout(resolve, ms);
@@ -6243,7 +6011,7 @@ var callCommand = new Command().name("call").description("Initiate an outbound p
       );
       const startTime = Date.now();
       while (Date.now() - startTime < POLL_TIMEOUT_MS) {
-        await delay2.ms(POLL_INTERVAL_MS);
+        await delay.ms(POLL_INTERVAL_MS);
         const detail = await getPhoneCallDetail(result.callId);
         const status = detail.call.status;
         const elapsed = Math.round((Date.now() - startTime) / 1e3);
@@ -6422,10 +6190,10 @@ init_esm_shims();
 
 // src/commands/zero/web/download-file.ts
 init_esm_shims();
-import { join as join6 } from "path";
+import { join as join5 } from "path";
 import { tmpdir as tmpdir3 } from "os";
 function defaultOutPath2(fileId) {
-  return join6(tmpdir3(), `web-${fileId}`);
+  return join5(tmpdir3(), `web-${fileId}`);
 }
 var downloadFileCommand2 = new Command().name("download-file").description("Download a web-uploaded file by id").argument("<file-id>", "File id (UUID returned by the upload API)").option(
   "-o, --out <path>",
@@ -6523,7 +6291,7 @@ function registerZeroCommands(prog, commands) {
 var program = new Command();
 program.name("zero").description(
   "Zero CLI \u2014 interact with the zero platform from inside the sandbox"
-).version("9.119.2").addHelpText(
+).version("9.120.0").addHelpText(
   "after",
   `
 Examples: