@vm0/cli 9.14.0 → 9.15.0

package/index.js

@@ -1969,6 +1969,71 @@ var MODEL_PROVIDER_TYPES = {
     },
     models: ["MiniMax-M2.1"],
     defaultModel: "MiniMax-M2.1"
+  },
+  "aws-bedrock": {
+    framework: "claude-code",
+    label: "AWS Bedrock",
+    helpText: "Run Claude on AWS Bedrock.\nSetup guide: https://docs.anthropic.com/en/docs/claude-code/bedrock",
+    authMethods: {
+      "api-key": {
+        label: "Bedrock API Key",
+        helpText: "Use a Bedrock API key for authentication",
+        credentials: {
+          AWS_BEARER_TOKEN_BEDROCK: {
+            label: "AWS_BEARER_TOKEN_BEDROCK",
+            required: true,
+            helpText: "Bedrock API key from AWS console"
+          },
+          AWS_REGION: {
+            label: "AWS_REGION",
+            required: true,
+            placeholder: "us-east-1",
+            helpText: "e.g., us-east-1, us-west-2"
+          }
+        }
+      },
+      "access-keys": {
+        label: "IAM Access Keys",
+        helpText: "Use IAM access key credentials",
+        credentials: {
+          AWS_ACCESS_KEY_ID: {
+            label: "AWS_ACCESS_KEY_ID",
+            required: true,
+            helpText: "IAM access key ID"
+          },
+          AWS_SECRET_ACCESS_KEY: {
+            label: "AWS_SECRET_ACCESS_KEY",
+            required: true,
+            helpText: "IAM secret access key"
+          },
+          AWS_SESSION_TOKEN: {
+            label: "AWS_SESSION_TOKEN",
+            required: false,
+            helpText: "Optional, for temporary credentials"
+          },
+          AWS_REGION: {
+            label: "AWS_REGION",
+            required: true,
+            placeholder: "us-east-1",
+            helpText: "e.g., us-east-1, us-west-2"
+          }
+        }
+      }
+    },
+    defaultAuthMethod: "api-key",
+    environmentMapping: {
+      CLAUDE_CODE_USE_BEDROCK: "1",
+      AWS_REGION: "$credentials.AWS_REGION",
+      AWS_BEARER_TOKEN_BEDROCK: "$credentials.AWS_BEARER_TOKEN_BEDROCK",
+      AWS_ACCESS_KEY_ID: "$credentials.AWS_ACCESS_KEY_ID",
+      AWS_SECRET_ACCESS_KEY: "$credentials.AWS_SECRET_ACCESS_KEY",
+      AWS_SESSION_TOKEN: "$credentials.AWS_SESSION_TOKEN",
+      ANTHROPIC_MODEL: "$model"
+    },
+    models: [],
+    defaultModel: "",
+    allowCustomModel: true,
+    customModelPlaceholder: "anthropic.claude-sonnet-4-20250514-v1:0"
   }
 };
 var modelProviderTypeSchema = z14.enum([
@@ -1976,9 +2041,30 @@ var modelProviderTypeSchema = z14.enum([
   "anthropic-api-key",
   "openrouter-api-key",
   "moonshot-api-key",
-  "minimax-api-key"
+  "minimax-api-key",
+  "aws-bedrock"
 ]);
 var modelProviderFrameworkSchema = z14.enum(["claude-code", "codex"]);
+function hasAuthMethods(type) {
+  const config = MODEL_PROVIDER_TYPES[type];
+  return "authMethods" in config;
+}
+function getAuthMethodsForType(type) {
+  const config = MODEL_PROVIDER_TYPES[type];
+  return "authMethods" in config ? config.authMethods : void 0;
+}
+function getDefaultAuthMethod(type) {
+  const config = MODEL_PROVIDER_TYPES[type];
+  return "defaultAuthMethod" in config ? config.defaultAuthMethod : void 0;
+}
+function getCredentialsForAuthMethod(type, authMethod) {
+  const authMethods = getAuthMethodsForType(type);
+  if (!authMethods || !(authMethod in authMethods)) {
+    return void 0;
+  }
+  const method = authMethods[authMethod];
+  return method?.credentials;
+}
 function getModels(type) {
   const config = MODEL_PROVIDER_TYPES[type];
   return "models" in config ? config.models : void 0;
@@ -1989,13 +2075,26 @@ function getDefaultModel(type) {
 }
 function hasModelSelection(type) {
   const config = MODEL_PROVIDER_TYPES[type];
-  return "models" in config && config.models.length > 0;
+  return "models" in config && config.models.length > 0 || "allowCustomModel" in config && config.allowCustomModel === true;
+}
+function allowsCustomModel(type) {
+  const config = MODEL_PROVIDER_TYPES[type];
+  return "allowCustomModel" in config && config.allowCustomModel === true;
+}
+function getCustomModelPlaceholder(type) {
+  const config = MODEL_PROVIDER_TYPES[type];
+  return "customModelPlaceholder" in config ? config.customModelPlaceholder : void 0;
 }
 var modelProviderResponseSchema = z14.object({
   id: z14.string().uuid(),
   type: modelProviderTypeSchema,
   framework: modelProviderFrameworkSchema,
-  credentialName: z14.string(),
+  credentialName: z14.string().nullable(),
+  // Legacy single-credential (deprecated for multi-auth)
+  authMethod: z14.string().nullable(),
+  // For multi-auth providers
+  credentialNames: z14.array(z14.string()).nullable(),
+  // For multi-auth providers
   isDefault: z14.boolean(),
   selectedModel: z14.string().nullable(),
   createdAt: z14.string(),
@@ -2006,7 +2105,12 @@ var modelProviderListResponseSchema = z14.object({
 });
 var upsertModelProviderRequestSchema = z14.object({
   type: modelProviderTypeSchema,
-  credential: z14.string().min(1, "Credential is required"),
+  credential: z14.string().min(1).optional(),
+  // Legacy single credential
+  authMethod: z14.string().optional(),
+  // For multi-auth providers
+  credentials: z14.record(z14.string(), z14.string()).optional(),
+  // For multi-auth providers
   convert: z14.boolean().optional(),
   selectedModel: z14.string().optional()
 });
@@ -2651,29 +2755,67 @@ var platformArtifactDownloadContract = c15.router({
   }
 });
 
-// ../../packages/core/src/contracts/public/agents.ts
+// ../../packages/core/src/contracts/llm.ts
 import { z as z20 } from "zod";
 var c16 = initContract();
-var publicAgentSchema = z20.object({
-  id: z20.string(),
-  name: z20.string(),
-  currentVersionId: z20.string().nullable(),
+var messageRoleSchema = z20.enum(["user", "assistant", "system"]);
+var chatMessageSchema = z20.object({
+  role: messageRoleSchema,
+  content: z20.string()
+});
+var tokenUsageSchema = z20.object({
+  promptTokens: z20.number(),
+  completionTokens: z20.number(),
+  totalTokens: z20.number()
+});
+var llmChatRequestSchema = z20.object({
+  model: z20.string().min(1).optional(),
+  messages: z20.array(chatMessageSchema).min(1, "At least one message is required"),
+  stream: z20.boolean().optional().default(false)
+});
+var llmChatResponseSchema = z20.object({
+  content: z20.string(),
+  model: z20.string(),
+  usage: tokenUsageSchema
+});
+var llmChatContract = c16.router({
+  chat: {
+    method: "POST",
+    path: "/api/llm/chat",
+    body: llmChatRequestSchema,
+    responses: {
+      200: llmChatResponseSchema,
+      400: apiErrorSchema,
+      500: apiErrorSchema,
+      503: apiErrorSchema
+    },
+    summary: "Send a chat completion request to OpenRouter"
+  }
+});
+
+// ../../packages/core/src/contracts/public/agents.ts
+import { z as z21 } from "zod";
+var c17 = initContract();
+var publicAgentSchema = z21.object({
+  id: z21.string(),
+  name: z21.string(),
+  currentVersionId: z21.string().nullable(),
   createdAt: timestampSchema,
   updatedAt: timestampSchema
 });
-var agentVersionSchema = z20.object({
-  id: z20.string(),
-  agentId: z20.string(),
-  versionNumber: z20.number(),
+var agentVersionSchema = z21.object({
+  id: z21.string(),
+  agentId: z21.string(),
+  versionNumber: z21.number(),
   createdAt: timestampSchema
 });
 var publicAgentDetailSchema = publicAgentSchema;
 var paginatedAgentsSchema = createPaginatedResponseSchema(publicAgentSchema);
 var paginatedAgentVersionsSchema = createPaginatedResponseSchema(agentVersionSchema);
 var agentListQuerySchema = listQuerySchema.extend({
-  name: z20.string().optional()
+  name: z21.string().optional()
 });
-var publicAgentsListContract = c16.router({
+var publicAgentsListContract = c17.router({
   list: {
     method: "GET",
     path: "/v1/agents",
@@ -2688,13 +2830,13 @@ var publicAgentsListContract = c16.router({
     description: "List all agents in the current scope with pagination. Use the `name` query parameter to filter by agent name."
   }
 });
-var publicAgentByIdContract = c16.router({
+var publicAgentByIdContract = c17.router({
   get: {
     method: "GET",
     path: "/v1/agents/:id",
     headers: authHeadersSchema,
-    pathParams: z20.object({
-      id: z20.string().min(1, "Agent ID is required")
+    pathParams: z21.object({
+      id: z21.string().min(1, "Agent ID is required")
     }),
     responses: {
       200: publicAgentDetailSchema,
@@ -2706,13 +2848,13 @@ var publicAgentByIdContract = c16.router({
     description: "Get agent details by ID"
   }
 });
-var publicAgentVersionsContract = c16.router({
+var publicAgentVersionsContract = c17.router({
   list: {
     method: "GET",
     path: "/v1/agents/:id/versions",
     headers: authHeadersSchema,
-    pathParams: z20.object({
-      id: z20.string().min(1, "Agent ID is required")
+    pathParams: z21.object({
+      id: z21.string().min(1, "Agent ID is required")
     }),
     query: listQuerySchema,
     responses: {
@@ -2727,9 +2869,9 @@ var publicAgentVersionsContract = c16.router({
 });
 
 // ../../packages/core/src/contracts/public/runs.ts
-import { z as z21 } from "zod";
-var c17 = initContract();
-var publicRunStatusSchema = z21.enum([
+import { z as z22 } from "zod";
+var c18 = initContract();
+var publicRunStatusSchema = z22.enum([
   "pending",
   "running",
   "completed",
@@ -2737,54 +2879,54 @@ var publicRunStatusSchema = z21.enum([
   "timeout",
   "cancelled"
 ]);
-var publicRunSchema = z21.object({
-  id: z21.string(),
-  agentId: z21.string(),
-  agentName: z21.string(),
+var publicRunSchema = z22.object({
+  id: z22.string(),
+  agentId: z22.string(),
+  agentName: z22.string(),
   status: publicRunStatusSchema,
-  prompt: z21.string(),
+  prompt: z22.string(),
   createdAt: timestampSchema,
   startedAt: timestampSchema.nullable(),
   completedAt: timestampSchema.nullable()
 });
 var publicRunDetailSchema = publicRunSchema.extend({
-  error: z21.string().nullable(),
-  executionTimeMs: z21.number().nullable(),
-  checkpointId: z21.string().nullable(),
-  sessionId: z21.string().nullable(),
-  artifactName: z21.string().nullable(),
-  artifactVersion: z21.string().nullable(),
-  volumes: z21.record(z21.string(), z21.string()).optional()
+  error: z22.string().nullable(),
+  executionTimeMs: z22.number().nullable(),
+  checkpointId: z22.string().nullable(),
+  sessionId: z22.string().nullable(),
+  artifactName: z22.string().nullable(),
+  artifactVersion: z22.string().nullable(),
+  volumes: z22.record(z22.string(), z22.string()).optional()
 });
 var paginatedRunsSchema = createPaginatedResponseSchema(publicRunSchema);
-var createRunRequestSchema = z21.object({
+var createRunRequestSchema = z22.object({
   // Agent identification (one of: agent, agentId, sessionId, checkpointId)
-  agent: z21.string().optional(),
+  agent: z22.string().optional(),
   // Agent name
-  agentId: z21.string().optional(),
+  agentId: z22.string().optional(),
   // Agent ID
-  agentVersion: z21.string().optional(),
+  agentVersion: z22.string().optional(),
   // Version specifier (e.g., "latest", "v1", specific ID)
   // Continue session
-  sessionId: z21.string().optional(),
+  sessionId: z22.string().optional(),
   // Resume from checkpoint
-  checkpointId: z21.string().optional(),
+  checkpointId: z22.string().optional(),
   // Required
-  prompt: z21.string().min(1, "Prompt is required"),
+  prompt: z22.string().min(1, "Prompt is required"),
   // Optional configuration
-  variables: z21.record(z21.string(), z21.string()).optional(),
-  secrets: z21.record(z21.string(), z21.string()).optional(),
-  artifactName: z21.string().optional(),
+  variables: z22.record(z22.string(), z22.string()).optional(),
+  secrets: z22.record(z22.string(), z22.string()).optional(),
+  artifactName: z22.string().optional(),
   // Artifact name to mount
-  artifactVersion: z21.string().optional(),
+  artifactVersion: z22.string().optional(),
   // Artifact version (defaults to latest)
-  volumes: z21.record(z21.string(), z21.string()).optional()
+  volumes: z22.record(z22.string(), z22.string()).optional()
   // volume_name -> version
 });
 var runListQuerySchema = listQuerySchema.extend({
   status: publicRunStatusSchema.optional()
 });
-var publicRunsListContract = c17.router({
+var publicRunsListContract = c18.router({
   list: {
     method: "GET",
     path: "/v1/runs",
@@ -2816,13 +2958,13 @@ var publicRunsListContract = c17.router({
     description: "Create and execute a new agent run. Returns 202 Accepted as runs execute asynchronously."
   }
 });
-var publicRunByIdContract = c17.router({
+var publicRunByIdContract = c18.router({
   get: {
     method: "GET",
     path: "/v1/runs/:id",
     headers: authHeadersSchema,
-    pathParams: z21.object({
-      id: z21.string().min(1, "Run ID is required")
+    pathParams: z22.object({
+      id: z22.string().min(1, "Run ID is required")
     }),
     responses: {
       200: publicRunDetailSchema,
@@ -2834,15 +2976,15 @@ var publicRunByIdContract = c17.router({
     description: "Get run details by ID"
   }
 });
-var publicRunCancelContract = c17.router({
+var publicRunCancelContract = c18.router({
   cancel: {
     method: "POST",
     path: "/v1/runs/:id/cancel",
     headers: authHeadersSchema,
-    pathParams: z21.object({
-      id: z21.string().min(1, "Run ID is required")
+    pathParams: z22.object({
+      id: z22.string().min(1, "Run ID is required")
     }),
-    body: z21.undefined(),
+    body: z22.undefined(),
     responses: {
       200: publicRunDetailSchema,
       400: publicApiErrorSchema,
@@ -2855,27 +2997,27 @@ var publicRunCancelContract = c17.router({
     description: "Cancel a pending or running execution"
   }
 });
-var logEntrySchema = z21.object({
+var logEntrySchema = z22.object({
   timestamp: timestampSchema,
-  type: z21.enum(["agent", "system", "network"]),
-  level: z21.enum(["debug", "info", "warn", "error"]),
-  message: z21.string(),
-  metadata: z21.record(z21.string(), z21.unknown()).optional()
+  type: z22.enum(["agent", "system", "network"]),
+  level: z22.enum(["debug", "info", "warn", "error"]),
+  message: z22.string(),
+  metadata: z22.record(z22.string(), z22.unknown()).optional()
 });
 var paginatedLogsSchema = createPaginatedResponseSchema(logEntrySchema);
 var logsQuerySchema = listQuerySchema.extend({
-  type: z21.enum(["agent", "system", "network", "all"]).default("all"),
+  type: z22.enum(["agent", "system", "network", "all"]).default("all"),
   since: timestampSchema.optional(),
   until: timestampSchema.optional(),
-  order: z21.enum(["asc", "desc"]).default("asc")
+  order: z22.enum(["asc", "desc"]).default("asc")
 });
-var publicRunLogsContract = c17.router({
+var publicRunLogsContract = c18.router({
   getLogs: {
     method: "GET",
     path: "/v1/runs/:id/logs",
     headers: authHeadersSchema,
-    pathParams: z21.object({
-      id: z21.string().min(1, "Run ID is required")
+    pathParams: z22.object({
+      id: z22.string().min(1, "Run ID is required")
     }),
     query: logsQuerySchema,
     responses: {
@@ -2888,30 +3030,30 @@ var publicRunLogsContract = c17.router({
     description: "Get unified logs for a run. Combines agent, system, and network logs."
   }
 });
-var metricPointSchema = z21.object({
+var metricPointSchema = z22.object({
   timestamp: timestampSchema,
-  cpuPercent: z21.number(),
-  memoryUsedMb: z21.number(),
-  memoryTotalMb: z21.number(),
-  diskUsedMb: z21.number(),
-  diskTotalMb: z21.number()
-});
-var metricsSummarySchema = z21.object({
-  avgCpuPercent: z21.number(),
-  maxMemoryUsedMb: z21.number(),
-  totalDurationMs: z21.number().nullable()
-});
-var metricsResponseSchema2 = z21.object({
-  data: z21.array(metricPointSchema),
+  cpuPercent: z22.number(),
+  memoryUsedMb: z22.number(),
+  memoryTotalMb: z22.number(),
+  diskUsedMb: z22.number(),
+  diskTotalMb: z22.number()
+});
+var metricsSummarySchema = z22.object({
+  avgCpuPercent: z22.number(),
+  maxMemoryUsedMb: z22.number(),
+  totalDurationMs: z22.number().nullable()
+});
+var metricsResponseSchema2 = z22.object({
+  data: z22.array(metricPointSchema),
   summary: metricsSummarySchema
 });
-var publicRunMetricsContract = c17.router({
+var publicRunMetricsContract = c18.router({
   getMetrics: {
     method: "GET",
     path: "/v1/runs/:id/metrics",
     headers: authHeadersSchema,
-    pathParams: z21.object({
-      id: z21.string().min(1, "Run ID is required")
+    pathParams: z22.object({
+      id: z22.string().min(1, "Run ID is required")
     }),
     responses: {
       200: metricsResponseSchema2,
@@ -2923,7 +3065,7 @@ var publicRunMetricsContract = c17.router({
     description: "Get CPU, memory, and disk metrics for a run"
   }
 });
-var sseEventTypeSchema = z21.enum([
+var sseEventTypeSchema = z22.enum([
   "status",
   // Run status change
   "output",
@@ -2935,26 +3077,26 @@ var sseEventTypeSchema = z21.enum([
   "heartbeat"
   // Keep-alive
 ]);
-var sseEventSchema = z21.object({
+var sseEventSchema = z22.object({
   event: sseEventTypeSchema,
-  data: z21.unknown(),
-  id: z21.string().optional()
+  data: z22.unknown(),
+  id: z22.string().optional()
   // For Last-Event-ID reconnection
 });
-var publicRunEventsContract = c17.router({
+var publicRunEventsContract = c18.router({
   streamEvents: {
     method: "GET",
     path: "/v1/runs/:id/events",
     headers: authHeadersSchema,
-    pathParams: z21.object({
-      id: z21.string().min(1, "Run ID is required")
+    pathParams: z22.object({
+      id: z22.string().min(1, "Run ID is required")
     }),
-    query: z21.object({
-      lastEventId: z21.string().optional()
+    query: z22.object({
+      lastEventId: z22.string().optional()
       // For reconnection
     }),
     responses: {
-      200: z21.any(),
+      200: z22.any(),
       // SSE stream - actual content is text/event-stream
       401: publicApiErrorSchema,
       404: publicApiErrorSchema,
@@ -2966,28 +3108,28 @@ var publicRunEventsContract = c17.router({
 });
 
 // ../../packages/core/src/contracts/public/artifacts.ts
-import { z as z22 } from "zod";
-var c18 = initContract();
-var publicArtifactSchema = z22.object({
-  id: z22.string(),
-  name: z22.string(),
-  currentVersionId: z22.string().nullable(),
-  size: z22.number(),
+import { z as z23 } from "zod";
+var c19 = initContract();
+var publicArtifactSchema = z23.object({
+  id: z23.string(),
+  name: z23.string(),
+  currentVersionId: z23.string().nullable(),
+  size: z23.number(),
   // Total size in bytes
-  fileCount: z22.number(),
+  fileCount: z23.number(),
   createdAt: timestampSchema,
   updatedAt: timestampSchema
 });
-var artifactVersionSchema = z22.object({
-  id: z22.string(),
+var artifactVersionSchema = z23.object({
+  id: z23.string(),
   // SHA-256 content hash
-  artifactId: z22.string(),
-  size: z22.number(),
+  artifactId: z23.string(),
+  size: z23.number(),
   // Size in bytes
-  fileCount: z22.number(),
-  message: z22.string().nullable(),
+  fileCount: z23.number(),
+  message: z23.string().nullable(),
   // Optional commit message
-  createdBy: z22.string(),
+  createdBy: z23.string(),
   createdAt: timestampSchema
 });
 var publicArtifactDetailSchema = publicArtifactSchema.extend({
@@ -2997,7 +3139,7 @@ var paginatedArtifactsSchema = createPaginatedResponseSchema(publicArtifactSchem
 var paginatedArtifactVersionsSchema = createPaginatedResponseSchema(
   artifactVersionSchema
 );
-var publicArtifactsListContract = c18.router({
+var publicArtifactsListContract = c19.router({
   list: {
     method: "GET",
     path: "/v1/artifacts",
@@ -3012,13 +3154,13 @@ var publicArtifactsListContract = c18.router({
     description: "List all artifacts in the current scope with pagination"
   }
 });
-var publicArtifactByIdContract = c18.router({
+var publicArtifactByIdContract = c19.router({
   get: {
     method: "GET",
     path: "/v1/artifacts/:id",
     headers: authHeadersSchema,
-    pathParams: z22.object({
-      id: z22.string().min(1, "Artifact ID is required")
+    pathParams: z23.object({
+      id: z23.string().min(1, "Artifact ID is required")
     }),
     responses: {
       200: publicArtifactDetailSchema,
@@ -3030,13 +3172,13 @@ var publicArtifactByIdContract = c18.router({
     description: "Get artifact details by ID"
   }
 });
-var publicArtifactVersionsContract = c18.router({
+var publicArtifactVersionsContract = c19.router({
   list: {
     method: "GET",
     path: "/v1/artifacts/:id/versions",
     headers: authHeadersSchema,
-    pathParams: z22.object({
-      id: z22.string().min(1, "Artifact ID is required")
+    pathParams: z23.object({
+      id: z23.string().min(1, "Artifact ID is required")
     }),
     query: listQuerySchema,
     responses: {
@@ -3049,20 +3191,20 @@ var publicArtifactVersionsContract = c18.router({
     description: "List all versions of an artifact with pagination"
   }
 });
-var publicArtifactDownloadContract = c18.router({
+var publicArtifactDownloadContract = c19.router({
   download: {
     method: "GET",
     path: "/v1/artifacts/:id/download",
     headers: authHeadersSchema,
-    pathParams: z22.object({
-      id: z22.string().min(1, "Artifact ID is required")
+    pathParams: z23.object({
+      id: z23.string().min(1, "Artifact ID is required")
     }),
-    query: z22.object({
-      versionId: z22.string().optional()
+    query: z23.object({
+      versionId: z23.string().optional()
       // Defaults to current version
     }),
     responses: {
-      302: z22.undefined(),
+      302: z23.undefined(),
       // Redirect to presigned URL
       401: publicApiErrorSchema,
       404: publicApiErrorSchema,
@@ -3074,28 +3216,28 @@ var publicArtifactDownloadContract = c18.router({
 });
 
 // ../../packages/core/src/contracts/public/volumes.ts
-import { z as z23 } from "zod";
-var c19 = initContract();
-var publicVolumeSchema = z23.object({
-  id: z23.string(),
-  name: z23.string(),
-  currentVersionId: z23.string().nullable(),
-  size: z23.number(),
+import { z as z24 } from "zod";
+var c20 = initContract();
+var publicVolumeSchema = z24.object({
+  id: z24.string(),
+  name: z24.string(),
+  currentVersionId: z24.string().nullable(),
+  size: z24.number(),
   // Total size in bytes
-  fileCount: z23.number(),
+  fileCount: z24.number(),
   createdAt: timestampSchema,
   updatedAt: timestampSchema
 });
-var volumeVersionSchema = z23.object({
-  id: z23.string(),
+var volumeVersionSchema = z24.object({
+  id: z24.string(),
   // SHA-256 content hash
-  volumeId: z23.string(),
-  size: z23.number(),
+  volumeId: z24.string(),
+  size: z24.number(),
   // Size in bytes
-  fileCount: z23.number(),
-  message: z23.string().nullable(),
+  fileCount: z24.number(),
+  message: z24.string().nullable(),
   // Optional commit message
-  createdBy: z23.string(),
+  createdBy: z24.string(),
   createdAt: timestampSchema
 });
 var publicVolumeDetailSchema = publicVolumeSchema.extend({
@@ -3103,7 +3245,7 @@ var publicVolumeDetailSchema = publicVolumeSchema.extend({
 });
 var paginatedVolumesSchema = createPaginatedResponseSchema(publicVolumeSchema);
 var paginatedVolumeVersionsSchema = createPaginatedResponseSchema(volumeVersionSchema);
-var publicVolumesListContract = c19.router({
+var publicVolumesListContract = c20.router({
   list: {
     method: "GET",
     path: "/v1/volumes",
@@ -3118,13 +3260,13 @@ var publicVolumesListContract = c19.router({
     description: "List all volumes in the current scope with pagination"
   }
 });
-var publicVolumeByIdContract = c19.router({
+var publicVolumeByIdContract = c20.router({
   get: {
     method: "GET",
     path: "/v1/volumes/:id",
     headers: authHeadersSchema,
-    pathParams: z23.object({
-      id: z23.string().min(1, "Volume ID is required")
+    pathParams: z24.object({
+      id: z24.string().min(1, "Volume ID is required")
     }),
     responses: {
       200: publicVolumeDetailSchema,
@@ -3136,13 +3278,13 @@ var publicVolumeByIdContract = c19.router({
     description: "Get volume details by ID"
   }
 });
-var publicVolumeVersionsContract = c19.router({
+var publicVolumeVersionsContract = c20.router({
   list: {
     method: "GET",
     path: "/v1/volumes/:id/versions",
     headers: authHeadersSchema,
-    pathParams: z23.object({
-      id: z23.string().min(1, "Volume ID is required")
+    pathParams: z24.object({
+      id: z24.string().min(1, "Volume ID is required")
     }),
     query: listQuerySchema,
     responses: {
@@ -3155,20 +3297,20 @@ var publicVolumeVersionsContract = c19.router({
     description: "List all versions of a volume with pagination"
   }
 });
-var publicVolumeDownloadContract = c19.router({
+var publicVolumeDownloadContract = c20.router({
   download: {
     method: "GET",
     path: "/v1/volumes/:id/download",
     headers: authHeadersSchema,
-    pathParams: z23.object({
-      id: z23.string().min(1, "Volume ID is required")
+    pathParams: z24.object({
+      id: z24.string().min(1, "Volume ID is required")
     }),
-    query: z23.object({
-      versionId: z23.string().optional()
+    query: z24.object({
+      versionId: z24.string().optional()
       // Defaults to current version
     }),
     responses: {
-      302: z23.undefined(),
+      302: z24.undefined(),
       // Redirect to presigned URL
       401: publicApiErrorSchema,
       404: publicApiErrorSchema,
@@ -3789,8 +3931,8 @@ async function getUsage(options) {
 }
 
 // src/lib/domain/yaml-validator.ts
-import { z as z24 } from "zod";
-var cliAgentNameSchema = z24.string().min(3, "Agent name must be at least 3 characters").max(64, "Agent name must be 64 characters or less").regex(
+import { z as z25 } from "zod";
+var cliAgentNameSchema = z25.string().min(3, "Agent name must be at least 3 characters").max(64, "Agent name must be 64 characters or less").regex(
   /^[a-zA-Z0-9]([a-zA-Z0-9-]{0,62}[a-zA-Z0-9])?$/,
   "Agent name must start and end with letter or number, and contain only letters, numbers, and hyphens"
 );
@@ -3805,7 +3947,7 @@ var cliAgentDefinitionSchema = agentDefinitionSchema.superRefine(
         const skillUrl = agent.skills[i];
         if (skillUrl && !validateGitHubTreeUrl(skillUrl)) {
           ctx.addIssue({
-            code: z24.ZodIssueCode.custom,
+            code: z25.ZodIssueCode.custom,
             message: `Invalid skill URL: ${skillUrl}. Expected format: https://github.com/{owner}/{repo}/tree/{branch}/{path}`,
             path: ["skills", i]
           });
@@ -3814,15 +3956,15 @@ var cliAgentDefinitionSchema = agentDefinitionSchema.superRefine(
     }
   }
 );
-var cliComposeSchema = z24.object({
-  version: z24.string().min(1, "Missing config.version"),
-  agents: z24.record(cliAgentNameSchema, cliAgentDefinitionSchema),
-  volumes: z24.record(z24.string(), volumeConfigSchema).optional()
+var cliComposeSchema = z25.object({
+  version: z25.string().min(1, "Missing config.version"),
+  agents: z25.record(cliAgentNameSchema, cliAgentDefinitionSchema),
+  volumes: z25.record(z25.string(), volumeConfigSchema).optional()
 }).superRefine((config, ctx) => {
   const agentKeys = Object.keys(config.agents);
   if (agentKeys.length === 0) {
     ctx.addIssue({
-      code: z24.ZodIssueCode.custom,
+      code: z25.ZodIssueCode.custom,
       message: "agents must have at least one agent defined",
       path: ["agents"]
     });
@@ -3830,7 +3972,7 @@ var cliComposeSchema = z24.object({
   }
   if (agentKeys.length > 1) {
     ctx.addIssue({
-      code: z24.ZodIssueCode.custom,
+      code: z25.ZodIssueCode.custom,
       message: "Multiple agents not supported yet. Only one agent allowed.",
       path: ["agents"]
     });
@@ -3842,7 +3984,7 @@ var cliComposeSchema = z24.object({
   if (agentVolumes && agentVolumes.length > 0) {
     if (!config.volumes) {
       ctx.addIssue({
-        code: z24.ZodIssueCode.custom,
+        code: z25.ZodIssueCode.custom,
         message: "Agent references volumes but no volumes section defined. Each volume must have explicit name and version.",
         path: ["volumes"]
       });
@@ -3852,7 +3994,7 @@ var cliComposeSchema = z24.object({
       const parts = volDeclaration.split(":");
       if (parts.length !== 2) {
         ctx.addIssue({
-          code: z24.ZodIssueCode.custom,
+          code: z25.ZodIssueCode.custom,
           message: `Invalid volume declaration: ${volDeclaration}. Expected format: volume-key:/mount/path`,
           path: ["agents", agentName, "volumes"]
         });
@@ -3861,7 +4003,7 @@ var cliComposeSchema = z24.object({
       const volumeKey = parts[0].trim();
       if (!config.volumes[volumeKey]) {
         ctx.addIssue({
-          code: z24.ZodIssueCode.custom,
+          code: z25.ZodIssueCode.custom,
           message: `Volume "${volumeKey}" is not defined in volumes section. Each volume must have explicit name and version.`,
           path: ["volumes", volumeKey]
         });
@@ -4895,7 +5037,7 @@ var composeCommand = new Command7().name("compose").description("Create or updat
         )
       );
       if (options.autoUpdate !== false) {
-        await silentUpgradeAfterCommand("9.14.0");
+        await silentUpgradeAfterCommand("9.15.0");
       }
     } catch (error) {
       if (error instanceof Error) {
@@ -5650,9 +5792,9 @@ var CodexEventParser = class {
       }
     }
     if (itemType === "file_change" && item.changes && item.changes.length > 0) {
-      const changes = item.changes.map((c20) => {
-        const action = c20.kind === "add" ? "Created" : c20.kind === "modify" ? "Modified" : "Deleted";
-        return `${action}: ${c20.path}`;
+      const changes = item.changes.map((c21) => {
+        const action = c21.kind === "add" ? "Created" : c21.kind === "modify" ? "Modified" : "Deleted";
+        return `${action}: ${c21.path}`;
       }).join("\n");
       return {
         type: "text",
@@ -5806,9 +5948,9 @@ var CodexEventRenderer = class {
       return;
     }
     if (itemType === "file_change" && item.changes && item.changes.length > 0) {
-      const summary = item.changes.map((c20) => {
-        const icon = c20.kind === "add" ? "+" : c20.kind === "delete" ? "-" : "~";
-        return `${icon}${c20.path}`;
+      const summary = item.changes.map((c21) => {
+        const icon = c21.kind === "add" ? "+" : c21.kind === "delete" ? "-" : "~";
+        return `${icon}${c21.path}`;
       }).join(", ");
       console.log(chalk7.green("[files]") + ` ${summary}`);
       return;
@@ -7126,7 +7268,7 @@ var mainRunCommand = new Command8().name("run").description("Run an agent").argu
       }
       showNextSteps(result);
       if (options.autoUpdate !== false) {
-        await silentUpgradeAfterCommand("9.14.0");
+        await silentUpgradeAfterCommand("9.15.0");
       }
     } catch (error) {
       handleRunError(error, identifier);
@@ -8631,8 +8773,8 @@ var cookAction = new Command27().name("cook").description("Quick start: prepare,
   "Load environment variables from file (priority: CLI flags > file > env vars)"
 ).option("-y, --yes", "Skip confirmation prompts").option("-v, --verbose", "Show full tool inputs and outputs").addOption(new Option5("--debug-no-mock-claude").hideHelp()).addOption(new Option5("--no-auto-update").hideHelp()).action(
   async (prompt, options) => {
-    if (!options.noAutoUpdate) {
-      const shouldExit = await checkAndUpgrade("9.14.0", prompt);
+    if (options.autoUpdate !== false) {
+      const shouldExit = await checkAndUpgrade("9.15.0", prompt);
       if (shouldExit) {
         process.exit(0);
       }
@@ -9346,7 +9488,7 @@ var listCommand4 = new Command36().name("list").alias("ls").description("List al
       );
       return;
     }
-    const nameWidth = Math.max(4, ...data.composes.map((c20) => c20.name.length));
+    const nameWidth = Math.max(4, ...data.composes.map((c21) => c21.name.length));
     const header = ["NAME".padEnd(nameWidth), "VERSION", "UPDATED"].join(
       "  "
     );
@@ -10128,7 +10270,7 @@ async function gatherFrequency(optionFrequency, existingFrequency) {
     );
     process.exit(1);
   }
-  const defaultIndex = existingFrequency ? FREQUENCY_CHOICES.findIndex((c20) => c20.value === existingFrequency) : 0;
+  const defaultIndex = existingFrequency ? FREQUENCY_CHOICES.findIndex((c21) => c21.value === existingFrequency) : 0;
   frequency = await promptSelect(
     "Schedule frequency",
     FREQUENCY_CHOICES,
@@ -10157,7 +10299,7 @@ async function gatherDay(frequency, optionDay, existingDay) {
     process.exit(1);
   }
   if (frequency === "weekly") {
-    const defaultDayIndex = existingDay !== void 0 ? DAY_OF_WEEK_CHOICES.findIndex((c20) => c20.value === existingDay) : 0;
+    const defaultDayIndex = existingDay !== void 0 ? DAY_OF_WEEK_CHOICES.findIndex((c21) => c21.value === existingDay) : 0;
     const day2 = await promptSelect(
       "Day of week",
       DAY_OF_WEEK_CHOICES,
@@ -11174,6 +11316,9 @@ function validateProviderType(typeStr) {
 }
 function validateModel(type, modelStr) {
   const models = getModels(type);
+  if (allowsCustomModel(type)) {
+    return modelStr;
+  }
   if (models && !models.includes(modelStr)) {
     console.error(chalk52.red(`\u2717 Invalid model "${modelStr}"`));
     console.log();
@@ -11185,6 +11330,98 @@ function validateModel(type, modelStr) {
   }
   return modelStr;
 }
+function validateAuthMethod(type, authMethodStr) {
+  const authMethods = getAuthMethodsForType(type);
+  if (!authMethods || !(authMethodStr in authMethods)) {
+    console.error(chalk52.red(`\u2717 Invalid auth method "${authMethodStr}"`));
+    console.log();
+    console.log("Valid auth methods:");
+    if (authMethods) {
+      for (const [method, config] of Object.entries(authMethods)) {
+        console.log(`  ${chalk52.cyan(method)} - ${config.label}`);
+      }
+    }
+    process.exit(1);
+  }
+  return authMethodStr;
+}
+function parseCredentials(type, authMethod, credentialArgs) {
+  const credentialsConfig = getCredentialsForAuthMethod(type, authMethod);
+  if (!credentialsConfig) {
+    console.error(chalk52.red(`\u2717 Invalid auth method "${authMethod}"`));
+    process.exit(1);
+  }
+  const credentialNames = Object.keys(credentialsConfig);
+  const firstArg = credentialArgs[0];
+  if (credentialArgs.length === 1 && firstArg && !firstArg.includes("=")) {
+    if (credentialNames.length !== 1) {
+      console.error(
+        chalk52.red(
+          "\u2717 Must use KEY=VALUE format for multi-credential auth methods"
+        )
+      );
+      console.log();
+      console.log("Required credentials:");
+      for (const [name, fieldConfig] of Object.entries(credentialsConfig)) {
+        const requiredNote = fieldConfig.required ? " (required)" : "";
+        console.log(`  ${chalk52.cyan(name)}${requiredNote}`);
+      }
+      process.exit(1);
+    }
+    const firstCredentialName = credentialNames[0];
+    if (!firstCredentialName) {
+      console.error(chalk52.red("\u2717 No credentials defined for this auth method"));
+      process.exit(1);
+    }
+    return { [firstCredentialName]: firstArg };
+  }
+  const credentials = {};
+  for (const arg of credentialArgs) {
+    const eqIndex = arg.indexOf("=");
+    if (eqIndex === -1) {
+      console.error(chalk52.red(`\u2717 Invalid credential format "${arg}"`));
+      console.log();
+      console.log("Use KEY=VALUE format (e.g., AWS_REGION=us-east-1)");
+      process.exit(1);
+    }
+    const key = arg.slice(0, eqIndex);
+    const value = arg.slice(eqIndex + 1);
+    credentials[key] = value;
+  }
+  return credentials;
+}
+function validateCredentials(type, authMethod, credentials) {
+  const credentialsConfig = getCredentialsForAuthMethod(type, authMethod);
+  if (!credentialsConfig) {
+    console.error(chalk52.red(`\u2717 Invalid auth method "${authMethod}"`));
+    process.exit(1);
+  }
+  for (const [name, fieldConfig] of Object.entries(credentialsConfig)) {
+    if (fieldConfig.required && !credentials[name]) {
+      console.error(chalk52.red(`\u2717 Missing required credential: ${name}`));
+      console.log();
+      console.log("Required credentials:");
+      for (const [n, fc] of Object.entries(credentialsConfig)) {
+        if (fc.required) {
+          console.log(`  ${chalk52.cyan(n)} - ${fc.label}`);
+        }
+      }
+      process.exit(1);
+    }
+  }
+  for (const name of Object.keys(credentials)) {
+    if (!(name in credentialsConfig)) {
+      console.error(chalk52.red(`\u2717 Unknown credential: ${name}`));
+      console.log();
+      console.log("Valid credentials:");
+      for (const [n, fc] of Object.entries(credentialsConfig)) {
+        const requiredNote = fc.required ? " (required)" : " (optional)";
+        console.log(`  ${chalk52.cyan(n)}${requiredNote}`);
+      }
+      process.exit(1);
+    }
+  }
+}
 function handleNonInteractiveMode(options) {
   const type = validateProviderType(options.type);
   let selectedModel;
@@ -11194,9 +11431,69 @@ function handleNonInteractiveMode(options) {
     const defaultModel = getDefaultModel(type);
     selectedModel = defaultModel || void 0;
   }
+  if (hasAuthMethods(type)) {
+    let authMethod;
+    if (options.authMethod) {
+      authMethod = validateAuthMethod(type, options.authMethod);
+    } else {
+      const defaultAuthMethod = getDefaultAuthMethod(type);
+      const authMethods = getAuthMethodsForType(type);
+      if (!defaultAuthMethod || !authMethods) {
+        console.error(chalk52.red(`\u2717 Provider "${type}" requires --auth-method`));
+        process.exit(1);
+      }
+      const authMethodNames = Object.keys(authMethods);
+      if (authMethodNames.length === 1) {
+        authMethod = authMethodNames[0];
+      } else {
+        console.error(
+          chalk52.red(
+            `\u2717 --auth-method is required for "${type}" (multiple auth methods available)`
+          )
+        );
+        console.log();
+        console.log("Available auth methods:");
+        for (const [method, config] of Object.entries(authMethods)) {
+          const defaultNote = method === defaultAuthMethod ? " (default)" : "";
+          console.log(
+            `  ${chalk52.cyan(method)} - ${config.label}${defaultNote}`
+          );
+        }
+        console.log();
+        console.log("Example:");
+        console.log(
+          chalk52.cyan(
+            `  vm0 model-provider setup --type ${type} --auth-method ${authMethodNames[0]} --credential KEY=VALUE`
+          )
+        );
+        process.exit(1);
+      }
+    }
+    const credentials = parseCredentials(type, authMethod, options.credential);
+    validateCredentials(type, authMethod, credentials);
+    return {
+      type,
+      authMethod,
+      credentials,
+      selectedModel,
+      isInteractiveMode: false
+    };
+  }
+  const credentialArgs = options.credential;
+  const firstArg = credentialArgs[0];
+  if (!firstArg) {
+    console.error(chalk52.red("\u2717 Credential is required"));
+    process.exit(1);
+  }
+  let credential;
+  if (firstArg.includes("=")) {
+    credential = firstArg.slice(firstArg.indexOf("=") + 1);
+  } else {
+    credential = firstArg;
+  }
   return {
     type,
-    credential: options.credential,
+    credential,
     selectedModel,
     isInteractiveMode: false
   };
@@ -11207,13 +11504,20 @@ async function promptForModelSelection(type) {
   }
   const models = getModels(type) ?? [];
   const defaultModel = getDefaultModel(type);
-  const modelChoices = defaultModel === "" ? [
-    { title: "auto (Recommended)", value: "" },
-    ...models.map((model) => ({ title: model, value: model }))
-  ] : models.map((model) => ({
-    title: model === defaultModel ? `${model} (Recommended)` : model,
-    value: model
-  }));
+  const supportsCustomModel = allowsCustomModel(type);
+  const modelChoices = [];
+  if (defaultModel === "") {
+    modelChoices.push({ title: "auto (Recommended)", value: "" });
+  }
+  for (const model of models) {
+    modelChoices.push({
+      title: model === defaultModel ? `${model} (Recommended)` : model,
+      value: model
+    });
+  }
+  if (supportsCustomModel) {
+    modelChoices.push({ title: "Custom model ID", value: "__custom__" });
+  }
   const modelResponse = await prompts2(
     {
       type: "select",
@@ -11224,8 +11528,93 @@ async function promptForModelSelection(type) {
     { onCancel: () => process.exit(0) }
   );
   const selected = modelResponse.model;
+  if (selected === "__custom__") {
+    const placeholder = getCustomModelPlaceholder(type);
+    if (placeholder) {
+      console.log(chalk52.dim(`Example: ${placeholder}`));
+    }
+    const customResponse = await prompts2(
+      {
+        type: "text",
+        name: "customModel",
+        message: "Enter model ID:",
+        validate: (value) => value.length > 0 || "Model ID is required"
+      },
+      { onCancel: () => process.exit(0) }
+    );
+    return customResponse.customModel;
+  }
   return selected === "" ? void 0 : selected;
 }
+async function promptForAuthMethod(type) {
+  const authMethods = getAuthMethodsForType(type);
+  const defaultAuthMethod = getDefaultAuthMethod(type);
+  if (!authMethods) {
+    return "default";
+  }
+  const choices = Object.entries(authMethods).map(([method, config]) => ({
+    title: method === defaultAuthMethod ? `${config.label} (Recommended)` : config.label,
+    value: method
+  }));
+  const response = await prompts2(
+    {
+      type: "select",
+      name: "authMethod",
+      message: "Select authentication method:",
+      choices
+    },
+    { onCancel: () => process.exit(0) }
+  );
+  return response.authMethod;
+}
+function isSecretCredential(name) {
+  const nonSecretPatterns = ["REGION", "ENDPOINT", "URL"];
+  return !nonSecretPatterns.some(
+    (pattern) => name.toUpperCase().includes(pattern)
+  );
+}
+async function promptForCredentials(type, authMethod) {
+  const credentialsConfig = getCredentialsForAuthMethod(type, authMethod);
+  if (!credentialsConfig) {
+    console.error(chalk52.red(`\u2717 Invalid auth method "${authMethod}"`));
+    process.exit(1);
+  }
+  const credentials = {};
+  for (const [name, fieldConfig] of Object.entries(credentialsConfig)) {
+    if (fieldConfig.helpText) {
+      console.log(chalk52.dim(fieldConfig.helpText));
+    }
+    const isSecret = isSecretCredential(name);
+    const placeholder = "placeholder" in fieldConfig ? fieldConfig.placeholder : "";
+    if (fieldConfig.required) {
+      const response = await prompts2(
+        {
+          type: isSecret ? "password" : "text",
+          name: "value",
+          message: `${fieldConfig.label}:`,
+          initial: placeholder ? "" : void 0,
+          validate: (value) => value.length > 0 || `${fieldConfig.label} is required`
+        },
+        { onCancel: () => process.exit(0) }
+      );
+      credentials[name] = response.value;
+    } else {
+      const response = await prompts2(
+        {
+          type: isSecret ? "password" : "text",
+          name: "value",
+          message: `${fieldConfig.label} (optional):`
+        },
+        { onCancel: () => process.exit(0) }
+      );
+      const value = response.value;
+      if (value && value.trim()) {
+        credentials[name] = value.trim();
+      }
+    }
+  }
+  return credentials;
+}
 async function handleInteractiveMode() {
   if (!isInteractive()) {
     console.error(chalk52.red("\u2717 Interactive mode requires a TTY"));
@@ -11241,10 +11630,21 @@ async function handleInteractiveMode() {
   const { modelProviders: configuredProviders } = await listModelProviders();
   const configuredTypes = new Set(configuredProviders.map((p) => p.type));
   const annotatedChoices = Object.entries(MODEL_PROVIDER_TYPES).map(
-    ([type2, config2]) => ({
-      title: configuredTypes.has(type2) ? `${config2.label} \u2713` : config2.label,
-      value: type2
-    })
+    ([type2, config2]) => {
+      const isConfigured = configuredTypes.has(type2);
+      const isExperimental = hasAuthMethods(type2);
+      let title = config2.label;
+      if (isConfigured) {
+        title = `${title} \u2713`;
+      }
+      if (isExperimental) {
+        title = `${title} ${chalk52.dim("(experimental)")}`;
+      }
+      return {
+        title,
+        value: type2
+      };
+    }
   );
   const typeResponse = await prompts2(
     {
@@ -11311,12 +11711,25 @@ async function handleInteractiveMode() {
   console.log();
   console.log(chalk52.dim(config.helpText));
   console.log();
+  if (hasAuthMethods(type)) {
+    const authMethod = await promptForAuthMethod(type);
+    const credentials = await promptForCredentials(type, authMethod);
+    const selectedModel2 = await promptForModelSelection(type);
+    return {
+      type,
+      authMethod,
+      credentials,
+      selectedModel: selectedModel2,
+      isInteractiveMode: true
+    };
+  }
+  const credentialLabel = "credentialLabel" in config ? config.credentialLabel : "credential";
   const credentialResponse = await prompts2(
     {
       type: "password",
       name: "credential",
-      message: `Enter your ${config.credentialLabel}:`,
-      validate: (value) => value.length > 0 || `${config.credentialLabel} is required`
+      message: `Enter your ${credentialLabel}:`,
+      validate: (value) => value.length > 0 || `${credentialLabel} is required`
     },
     { onCancel: () => process.exit(0) }
   );
@@ -11357,21 +11770,31 @@ async function promptSetAsDefault(type, framework, isDefault) {
     console.log(chalk52.green(`\u2713 Default for ${framework} set to "${type}"`));
   }
 }
+function collectCredentials(value, previous) {
+  return previous.concat([value]);
+}
 var setupCommand2 = new Command53().name("setup").description("Configure a model provider").option("-t, --type <type>", "Provider type (for non-interactive mode)").option(
-  "-c, --credential <credential>",
-  "Credential value (for non-interactive mode)"
+  "-c, --credential <value>",
+  "Credential value (can be used multiple times, supports VALUE or KEY=VALUE format)",
+  collectCredentials,
+  []
+).option(
+  "-a, --auth-method <method>",
+  "Auth method (required for multi-auth providers like aws-bedrock)"
 ).option("-m, --model <model>", "Model selection (for non-interactive mode)").option("--convert", "Convert existing user credential to model provider").action(
   async (options) => {
     try {
       let input;
       const shouldConvert = options.convert ?? false;
-      if (options.type && options.credential) {
+      const credentialArgs = options.credential ?? [];
+      if (options.type && credentialArgs.length > 0) {
         input = handleNonInteractiveMode({
           type: options.type,
-          credential: options.credential,
+          credential: credentialArgs,
+          authMethod: options.authMethod,
           model: options.model
         });
-      } else if (options.type || options.credential) {
+      } else if (options.type || credentialArgs.length > 0) {
         console.error(
           chalk52.red("\u2717 Both --type and --credential are required")
         );
@@ -11413,6 +11836,8 @@ var setupCommand2 = new Command53().name("setup").description("Configure a model
       const { provider, created } = await upsertModelProvider({
         type: input.type,
         credential: input.credential,
+        authMethod: input.authMethod,
+        credentials: input.credentials,
         convert: shouldConvert,
         selectedModel: input.selectedModel
       });
@@ -11725,6 +12150,13 @@ async function runAuthFlow(callbacks, apiUrl) {
 }
 
 // src/lib/domain/onboard/model-provider.ts
+var ONBOARD_PROVIDER_TYPES = [
+  "claude-code-oauth-token",
+  "anthropic-api-key",
+  "openrouter-api-key",
+  "moonshot-api-key",
+  "minimax-api-key"
+];
 async function checkModelProviderStatus() {
   const response = await listModelProviders();
   return {
@@ -11733,16 +12165,17 @@ async function checkModelProviderStatus() {
   };
 }
 function getProviderChoices() {
-  return Object.keys(MODEL_PROVIDER_TYPES).map(
-    (type) => ({
+  return ONBOARD_PROVIDER_TYPES.map((type) => {
+    const config = MODEL_PROVIDER_TYPES[type];
+    return {
       type,
-      label: MODEL_PROVIDER_TYPES[type].label,
-      helpText: MODEL_PROVIDER_TYPES[type].helpText,
-      credentialLabel: MODEL_PROVIDER_TYPES[type].credentialLabel,
+      label: config.label,
+      helpText: config.helpText,
+      credentialLabel: "credentialLabel" in config ? config.credentialLabel : "",
       models: getModels(type),
       defaultModel: getDefaultModel(type)
-    })
-  );
+    };
+  });
 }
 async function setupModelProvider(type, credential, options) {
   const response = await upsertModelProvider({
@@ -11925,16 +12358,16 @@ async function handleModelProvider(ctx) {
     const providerType = await step.prompt(
       () => promptSelect(
         "Select provider type:",
-        choices.map((c20) => ({
-          title: c20.label,
-          value: c20.type
+        choices.map((c21) => ({
+          title: c21.label,
+          value: c21.type
         }))
       )
     );
     if (!providerType) {
       process.exit(0);
     }
-    const selectedChoice = choices.find((c20) => c20.type === providerType);
+    const selectedChoice = choices.find((c21) => c21.type === providerType);
     if (selectedChoice?.helpText) {
       for (const line of selectedChoice.helpText.split("\n")) {
         step.detail(chalk58.dim(line));
@@ -12124,7 +12557,7 @@ var setupClaudeCommand = new Command58().name("setup-claude").description("Insta
 
 // src/index.ts
 var program = new Command59();
-program.name("vm0").description("VM0 CLI - Build and run agents with natural language").version("9.14.0");
+program.name("vm0").description("VM0 CLI - Build and run agents with natural language").version("9.15.0");
 program.addCommand(authCommand);
 program.addCommand(infoCommand);
 program.addCommand(composeCommand);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@vm0/cli",
-  "version": "9.14.0",
+  "version": "9.15.0",
   "description": "CLI application",
   "repository": {
     "type": "git",