@vm0/cli 9.125.7 → 9.126.1

package/{chunk-JJFBKM2R.js → chunk-QCBJS3R3.js}

@@ -73642,7 +73642,7 @@ if (DSN) {
   init2({
     dsn: DSN,
     environment: process.env.SENTRY_ENVIRONMENT ?? "production",
-    release: "9.125.7",
+    release: "9.126.1",
     sendDefaultPii: false,
     tracesSampleRate: 0,
     shutdownTimeout: 500,
@@ -73661,7 +73661,7 @@ if (DSN) {
     }
   });
   setContext("cli", {
-    version: "9.125.7",
+    version: "9.126.1",
     command: process.argv.slice(2).join(" ")
   });
   setContext("runtime", {
@@ -110037,6 +110037,7 @@ var networkLogEntrySchema = external_exports.object({
   firewall_permission: external_exports.string().optional(),
   firewall_rule_match: external_exports.string().optional(),
   firewall_params: external_exports.record(external_exports.string(), external_exports.string()).optional(),
+  firewall_billable: external_exports.boolean().optional(),
   firewall_error: external_exports.string().optional(),
   auth_resolved_secrets: external_exports.array(external_exports.string()).optional(),
   auth_refreshed_connectors: external_exports.array(external_exports.string()).optional(),
@@ -112167,7 +112168,8 @@ var storedExecutionContextSchema = external_exports.object({
   // VM profile for resource allocation (e.g., "vm0/default")
   experimentalProfile: external_exports.string().optional(),
   // Feature flags evaluated at job creation time (all switch states for user/org)
-  featureFlags: external_exports.record(external_exports.string(), external_exports.boolean()).optional()
+  featureFlags: external_exports.record(external_exports.string(), external_exports.boolean()).optional(),
+  billableFirewalls: external_exports.array(external_exports.string()).optional()
 });
 var executionContextSchema = external_exports.object({
   runId: external_exports.uuid(),
@@ -112211,7 +112213,8 @@ var executionContextSchema = external_exports.object({
   // VM profile for resource allocation (e.g., "vm0/default")
   experimentalProfile: external_exports.string().optional(),
   // Feature flags evaluated at job creation time (all switch states for user/org)
-  featureFlags: external_exports.record(external_exports.string(), external_exports.boolean()).optional()
+  featureFlags: external_exports.record(external_exports.string(), external_exports.boolean()).optional(),
+  billableFirewalls: external_exports.array(external_exports.string()).optional()
 });
 var runnersJobClaimContract = c13.router({
   claim: {
@@ -115929,29 +115932,35 @@ var zeroPhoneSetupContract = c55.router({
 // ../../packages/core/src/contracts/zero-uploads.ts
 init_esm_shims();
 var c56 = initContract();
-var uploadResponseSchema = external_exports.object({
+var prepareRequestSchema = external_exports.object({
+  filename: external_exports.string().min(1).max(255),
+  contentType: external_exports.string().min(1).max(200),
+  size: external_exports.number().int().nonnegative()
+});
+var prepareResponseSchema = external_exports.object({
   id: external_exports.string(),
   filename: external_exports.string(),
   contentType: external_exports.string(),
   size: external_exports.number(),
+  /** Presigned PUT URL — browser uploads the file body here directly. */
+  uploadUrl: external_exports.string().url(),
+  /** Presigned GET URL returned to the app after upload succeeds. */
   url: external_exports.string().url()
 });
 var zeroUploadsContract = c56.router({
-  upload: {
+  prepare: {
     method: "POST",
-    path: "/api/zero/uploads",
+    path: "/api/zero/uploads/prepare",
     headers: authHeadersSchema,
-    contentType: "multipart/form-data",
-    body: c56.type(),
+    body: prepareRequestSchema,
     responses: {
-      200: uploadResponseSchema,
+      200: prepareResponseSchema,
       400: apiErrorSchema,
       401: apiErrorSchema,
       403: apiErrorSchema,
-      413: apiErrorSchema,
       500: apiErrorSchema
     },
-    summary: "Upload a file"
+    summary: "Prepare a direct-to-R2 upload"
   }
 });
 
@@ -116388,12 +116397,6 @@ var FEATURE_SWITCHES = {
     enabled: true,
     enabledOrgIdHashes: STAFF_ORG_ID_HASHES
   },
-  ["redeemCode" /* RedeemCode */]: {
-    maintainer: "yuma@vm0.ai",
-    description: "Show redeem-code gift icon and dialog in the agent chat page header",
-    enabled: false,
-    enabledOrgIdHashes: STAFF_ORG_ID_HASHES
-  },
   ["nanoBananaConnector" /* NanoBananaConnector */]: {
     maintainer: "liangyou@vm0.ai",
     description: "Show the Nano Banana (Google Gemini image generation) platform-managed connector",
@@ -117787,6 +117790,17 @@ async function downloadWebFile(fileId, outPath) {
   const size = contentLengthHeader ? Number(contentLengthHeader) : 0;
   return { path: outPath, mimetype, size };
 }
+async function parseErrorBody(response, fallback) {
+  let message = `${fallback} (HTTP ${response.status})`;
+  let code = "UNKNOWN";
+  try {
+    const body = await response.json();
+    if (body.error?.message) message = body.error.message;
+    if (body.error?.code) code = body.error.code;
+  } catch {
+  }
+  return { message, code };
+}
 async function uploadWebFile(localPath, options) {
   const stats = statSync(localPath);
   if (!stats.isFile()) {
@@ -117803,35 +117817,48 @@ async function uploadWebFile(localPath, options) {
   }
   const filename = basename2(localPath);
   const contentType = options?.contentType ?? inferContentType(localPath);
-  const bytes = readFileSync3(localPath);
-  const blob = new Blob([new Uint8Array(bytes)], { type: contentType });
-  const formData = new FormData();
-  formData.append("file", blob, filename);
-  const url2 = new URL("/api/zero/uploads", baseUrl);
-  const headers = {
-    Authorization: `Bearer ${token}`
+  const prepareHeaders = {
+    Authorization: `Bearer ${token}`,
+    "Content-Type": "application/json"
   };
   const bypassSecret = process.env.VERCEL_AUTOMATION_BYPASS_SECRET;
   if (bypassSecret) {
-    headers["x-vercel-protection-bypass"] = bypassSecret;
+    prepareHeaders["x-vercel-protection-bypass"] = bypassSecret;
   }
-  const response = await fetch(url2, {
+  const prepareUrl = new URL("/api/zero/uploads/prepare", baseUrl);
+  const prepareRes = await fetch(prepareUrl, {
     method: "POST",
-    headers,
-    body: formData
+    headers: prepareHeaders,
+    body: JSON.stringify({ filename, contentType, size: stats.size })
   });
-  if (!response.ok) {
-    let message = `Failed to upload file (HTTP ${response.status})`;
-    let code = "UNKNOWN";
-    try {
-      const body = await response.json();
-      if (body.error?.message) message = body.error.message;
-      if (body.error?.code) code = body.error.code;
-    } catch {
-    }
-    throw new ApiRequestError(message, code, response.status);
+  if (!prepareRes.ok) {
+    const { message, code } = await parseErrorBody(
+      prepareRes,
+      "Failed to prepare upload"
+    );
+    throw new ApiRequestError(message, code, prepareRes.status);
   }
-  return await response.json();
+  const prepared = await prepareRes.json();
+  const bytes = readFileSync3(localPath);
+  const putRes = await fetch(prepared.uploadUrl, {
+    method: "PUT",
+    headers: { "Content-Type": contentType },
+    body: new Uint8Array(bytes)
+  });
+  if (!putRes.ok) {
+    throw new ApiRequestError(
+      `Failed to upload file to storage (HTTP ${putRes.status})`,
+      "UPLOAD_FAILED",
+      putRes.status
+    );
+  }
+  return {
+    id: prepared.id,
+    filename: prepared.filename,
+    contentType: prepared.contentType,
+    size: prepared.size,
+    url: prepared.url
+  };
 }
 
 // src/lib/utils/prompt-utils.ts
@@ -119006,4 +119033,4 @@ undici/lib/web/fetch/body.js:
 undici/lib/web/websocket/frame.js:
   (*! ws. MIT License. Einar Otto Stangvik <einaros@gmail.com> *)
 */
-//# sourceMappingURL=chunk-JJFBKM2R.js.map
+//# sourceMappingURL=chunk-QCBJS3R3.js.map