@vm0/cli 9.14.1 → 9.15.1

package/index.js

@@ -1969,6 +1969,71 @@ var MODEL_PROVIDER_TYPES = {
     },
     models: ["MiniMax-M2.1"],
     defaultModel: "MiniMax-M2.1"
+  },
+  "aws-bedrock": {
+    framework: "claude-code",
+    label: "AWS Bedrock",
+    helpText: "Run Claude on AWS Bedrock.\nSetup guide: https://docs.anthropic.com/en/docs/claude-code/bedrock",
+    authMethods: {
+      "api-key": {
+        label: "Bedrock API Key",
+        helpText: "Use a Bedrock API key for authentication",
+        credentials: {
+          AWS_BEARER_TOKEN_BEDROCK: {
+            label: "AWS_BEARER_TOKEN_BEDROCK",
+            required: true,
+            helpText: "Bedrock API key from AWS console"
+          },
+          AWS_REGION: {
+            label: "AWS_REGION",
+            required: true,
+            placeholder: "us-east-1",
+            helpText: "e.g., us-east-1, us-west-2"
+          }
+        }
+      },
+      "access-keys": {
+        label: "IAM Access Keys",
+        helpText: "Use IAM access key credentials",
+        credentials: {
+          AWS_ACCESS_KEY_ID: {
+            label: "AWS_ACCESS_KEY_ID",
+            required: true,
+            helpText: "IAM access key ID"
+          },
+          AWS_SECRET_ACCESS_KEY: {
+            label: "AWS_SECRET_ACCESS_KEY",
+            required: true,
+            helpText: "IAM secret access key"
+          },
+          AWS_SESSION_TOKEN: {
+            label: "AWS_SESSION_TOKEN",
+            required: false,
+            helpText: "Optional, for temporary credentials"
+          },
+          AWS_REGION: {
+            label: "AWS_REGION",
+            required: true,
+            placeholder: "us-east-1",
+            helpText: "e.g., us-east-1, us-west-2"
+          }
+        }
+      }
+    },
+    defaultAuthMethod: "api-key",
+    environmentMapping: {
+      CLAUDE_CODE_USE_BEDROCK: "1",
+      AWS_REGION: "$credentials.AWS_REGION",
+      AWS_BEARER_TOKEN_BEDROCK: "$credentials.AWS_BEARER_TOKEN_BEDROCK",
+      AWS_ACCESS_KEY_ID: "$credentials.AWS_ACCESS_KEY_ID",
+      AWS_SECRET_ACCESS_KEY: "$credentials.AWS_SECRET_ACCESS_KEY",
+      AWS_SESSION_TOKEN: "$credentials.AWS_SESSION_TOKEN",
+      ANTHROPIC_MODEL: "$model"
+    },
+    models: [],
+    defaultModel: "",
+    allowCustomModel: true,
+    customModelPlaceholder: "anthropic.claude-sonnet-4-20250514-v1:0"
   }
 };
 var modelProviderTypeSchema = z14.enum([
@@ -1976,9 +2041,30 @@ var modelProviderTypeSchema = z14.enum([
   "anthropic-api-key",
   "openrouter-api-key",
   "moonshot-api-key",
-  "minimax-api-key"
+  "minimax-api-key",
+  "aws-bedrock"
 ]);
 var modelProviderFrameworkSchema = z14.enum(["claude-code", "codex"]);
+function hasAuthMethods(type) {
+  const config = MODEL_PROVIDER_TYPES[type];
+  return "authMethods" in config;
+}
+function getAuthMethodsForType(type) {
+  const config = MODEL_PROVIDER_TYPES[type];
+  return "authMethods" in config ? config.authMethods : void 0;
+}
+function getDefaultAuthMethod(type) {
+  const config = MODEL_PROVIDER_TYPES[type];
+  return "defaultAuthMethod" in config ? config.defaultAuthMethod : void 0;
+}
+function getCredentialsForAuthMethod(type, authMethod) {
+  const authMethods = getAuthMethodsForType(type);
+  if (!authMethods || !(authMethod in authMethods)) {
+    return void 0;
+  }
+  const method = authMethods[authMethod];
+  return method?.credentials;
+}
 function getModels(type) {
   const config = MODEL_PROVIDER_TYPES[type];
   return "models" in config ? config.models : void 0;
@@ -1989,13 +2075,26 @@ function getDefaultModel(type) {
 }
 function hasModelSelection(type) {
   const config = MODEL_PROVIDER_TYPES[type];
-  return "models" in config && config.models.length > 0;
+  return "models" in config && config.models.length > 0 || "allowCustomModel" in config && config.allowCustomModel === true;
+}
+function allowsCustomModel(type) {
+  const config = MODEL_PROVIDER_TYPES[type];
+  return "allowCustomModel" in config && config.allowCustomModel === true;
+}
+function getCustomModelPlaceholder(type) {
+  const config = MODEL_PROVIDER_TYPES[type];
+  return "customModelPlaceholder" in config ? config.customModelPlaceholder : void 0;
 }
 var modelProviderResponseSchema = z14.object({
   id: z14.string().uuid(),
   type: modelProviderTypeSchema,
   framework: modelProviderFrameworkSchema,
-  credentialName: z14.string(),
+  credentialName: z14.string().nullable(),
+  // Legacy single-credential (deprecated for multi-auth)
+  authMethod: z14.string().nullable(),
+  // For multi-auth providers
+  credentialNames: z14.array(z14.string()).nullable(),
+  // For multi-auth providers
   isDefault: z14.boolean(),
   selectedModel: z14.string().nullable(),
   createdAt: z14.string(),
@@ -2006,7 +2105,12 @@ var modelProviderListResponseSchema = z14.object({
 });
 var upsertModelProviderRequestSchema = z14.object({
   type: modelProviderTypeSchema,
-  credential: z14.string().min(1, "Credential is required"),
+  credential: z14.string().min(1).optional(),
+  // Legacy single credential
+  authMethod: z14.string().optional(),
+  // For multi-auth providers
+  credentials: z14.record(z14.string(), z14.string()).optional(),
+  // For multi-auth providers
   convert: z14.boolean().optional(),
   selectedModel: z14.string().optional()
 });
@@ -3318,7 +3422,7 @@ var FEATURE_SWITCHES = {
   },
   ["platformAgents" /* PlatformAgents */]: {
     maintainer: "ethan@vm0.ai",
-    enabled: false
+    enabled: true
   },
   ["platformSecrets" /* PlatformSecrets */]: {
     maintainer: "ethan@vm0.ai",
@@ -4933,7 +5037,7 @@ var composeCommand = new Command7().name("compose").description("Create or updat
         )
       );
       if (options.autoUpdate !== false) {
-        await silentUpgradeAfterCommand("9.14.1");
+        await silentUpgradeAfterCommand("9.15.1");
       }
     } catch (error) {
       if (error instanceof Error) {
@@ -7164,7 +7268,7 @@ var mainRunCommand = new Command8().name("run").description("Run an agent").argu
       }
       showNextSteps(result);
       if (options.autoUpdate !== false) {
-        await silentUpgradeAfterCommand("9.14.1");
+        await silentUpgradeAfterCommand("9.15.1");
       }
     } catch (error) {
       handleRunError(error, identifier);
@@ -8670,7 +8774,7 @@ var cookAction = new Command27().name("cook").description("Quick start: prepare,
 ).option("-y, --yes", "Skip confirmation prompts").option("-v, --verbose", "Show full tool inputs and outputs").addOption(new Option5("--debug-no-mock-claude").hideHelp()).addOption(new Option5("--no-auto-update").hideHelp()).action(
   async (prompt, options) => {
     if (options.autoUpdate !== false) {
-      const shouldExit = await checkAndUpgrade("9.14.1", prompt);
+      const shouldExit = await checkAndUpgrade("9.15.1", prompt);
       if (shouldExit) {
         process.exit(0);
       }
@@ -11212,6 +11316,9 @@ function validateProviderType(typeStr) {
 }
 function validateModel(type, modelStr) {
   const models = getModels(type);
+  if (allowsCustomModel(type)) {
+    return modelStr;
+  }
   if (models && !models.includes(modelStr)) {
     console.error(chalk52.red(`\u2717 Invalid model "${modelStr}"`));
     console.log();
@@ -11223,6 +11330,98 @@ function validateModel(type, modelStr) {
   }
   return modelStr;
 }
+function validateAuthMethod(type, authMethodStr) {
+  const authMethods = getAuthMethodsForType(type);
+  if (!authMethods || !(authMethodStr in authMethods)) {
+    console.error(chalk52.red(`\u2717 Invalid auth method "${authMethodStr}"`));
+    console.log();
+    console.log("Valid auth methods:");
+    if (authMethods) {
+      for (const [method, config] of Object.entries(authMethods)) {
+        console.log(`  ${chalk52.cyan(method)} - ${config.label}`);
+      }
+    }
+    process.exit(1);
+  }
+  return authMethodStr;
+}
+function parseCredentials(type, authMethod, credentialArgs) {
+  const credentialsConfig = getCredentialsForAuthMethod(type, authMethod);
+  if (!credentialsConfig) {
+    console.error(chalk52.red(`\u2717 Invalid auth method "${authMethod}"`));
+    process.exit(1);
+  }
+  const credentialNames = Object.keys(credentialsConfig);
+  const firstArg = credentialArgs[0];
+  if (credentialArgs.length === 1 && firstArg && !firstArg.includes("=")) {
+    if (credentialNames.length !== 1) {
+      console.error(
+        chalk52.red(
+          "\u2717 Must use KEY=VALUE format for multi-credential auth methods"
+        )
+      );
+      console.log();
+      console.log("Required credentials:");
+      for (const [name, fieldConfig] of Object.entries(credentialsConfig)) {
+        const requiredNote = fieldConfig.required ? " (required)" : "";
+        console.log(`  ${chalk52.cyan(name)}${requiredNote}`);
+      }
+      process.exit(1);
+    }
+    const firstCredentialName = credentialNames[0];
+    if (!firstCredentialName) {
+      console.error(chalk52.red("\u2717 No credentials defined for this auth method"));
+      process.exit(1);
+    }
+    return { [firstCredentialName]: firstArg };
+  }
+  const credentials = {};
+  for (const arg of credentialArgs) {
+    const eqIndex = arg.indexOf("=");
+    if (eqIndex === -1) {
+      console.error(chalk52.red(`\u2717 Invalid credential format "${arg}"`));
+      console.log();
+      console.log("Use KEY=VALUE format (e.g., AWS_REGION=us-east-1)");
+      process.exit(1);
+    }
+    const key = arg.slice(0, eqIndex);
+    const value = arg.slice(eqIndex + 1);
+    credentials[key] = value;
+  }
+  return credentials;
+}
+function validateCredentials(type, authMethod, credentials) {
+  const credentialsConfig = getCredentialsForAuthMethod(type, authMethod);
+  if (!credentialsConfig) {
+    console.error(chalk52.red(`\u2717 Invalid auth method "${authMethod}"`));
+    process.exit(1);
+  }
+  for (const [name, fieldConfig] of Object.entries(credentialsConfig)) {
+    if (fieldConfig.required && !credentials[name]) {
+      console.error(chalk52.red(`\u2717 Missing required credential: ${name}`));
+      console.log();
+      console.log("Required credentials:");
+      for (const [n, fc] of Object.entries(credentialsConfig)) {
+        if (fc.required) {
+          console.log(`  ${chalk52.cyan(n)} - ${fc.label}`);
+        }
+      }
+      process.exit(1);
+    }
+  }
+  for (const name of Object.keys(credentials)) {
+    if (!(name in credentialsConfig)) {
+      console.error(chalk52.red(`\u2717 Unknown credential: ${name}`));
+      console.log();
+      console.log("Valid credentials:");
+      for (const [n, fc] of Object.entries(credentialsConfig)) {
+        const requiredNote = fc.required ? " (required)" : " (optional)";
+        console.log(`  ${chalk52.cyan(n)}${requiredNote}`);
+      }
+      process.exit(1);
+    }
+  }
+}
 function handleNonInteractiveMode(options) {
   const type = validateProviderType(options.type);
   let selectedModel;
@@ -11232,9 +11431,69 @@ function handleNonInteractiveMode(options) {
     const defaultModel = getDefaultModel(type);
     selectedModel = defaultModel || void 0;
   }
+  if (hasAuthMethods(type)) {
+    let authMethod;
+    if (options.authMethod) {
+      authMethod = validateAuthMethod(type, options.authMethod);
+    } else {
+      const defaultAuthMethod = getDefaultAuthMethod(type);
+      const authMethods = getAuthMethodsForType(type);
+      if (!defaultAuthMethod || !authMethods) {
+        console.error(chalk52.red(`\u2717 Provider "${type}" requires --auth-method`));
+        process.exit(1);
+      }
+      const authMethodNames = Object.keys(authMethods);
+      if (authMethodNames.length === 1) {
+        authMethod = authMethodNames[0];
+      } else {
+        console.error(
+          chalk52.red(
+            `\u2717 --auth-method is required for "${type}" (multiple auth methods available)`
+          )
+        );
+        console.log();
+        console.log("Available auth methods:");
+        for (const [method, config] of Object.entries(authMethods)) {
+          const defaultNote = method === defaultAuthMethod ? " (default)" : "";
+          console.log(
+            `  ${chalk52.cyan(method)} - ${config.label}${defaultNote}`
+          );
+        }
+        console.log();
+        console.log("Example:");
+        console.log(
+          chalk52.cyan(
+            `  vm0 model-provider setup --type ${type} --auth-method ${authMethodNames[0]} --credential KEY=VALUE`
+          )
+        );
+        process.exit(1);
+      }
+    }
+    const credentials = parseCredentials(type, authMethod, options.credential);
+    validateCredentials(type, authMethod, credentials);
+    return {
+      type,
+      authMethod,
+      credentials,
+      selectedModel,
+      isInteractiveMode: false
+    };
+  }
+  const credentialArgs = options.credential;
+  const firstArg = credentialArgs[0];
+  if (!firstArg) {
+    console.error(chalk52.red("\u2717 Credential is required"));
+    process.exit(1);
+  }
+  let credential;
+  if (firstArg.includes("=")) {
+    credential = firstArg.slice(firstArg.indexOf("=") + 1);
+  } else {
+    credential = firstArg;
+  }
   return {
     type,
-    credential: options.credential,
+    credential,
     selectedModel,
     isInteractiveMode: false
   };
@@ -11245,13 +11504,20 @@ async function promptForModelSelection(type) {
   }
   const models = getModels(type) ?? [];
   const defaultModel = getDefaultModel(type);
-  const modelChoices = defaultModel === "" ? [
-    { title: "auto (Recommended)", value: "" },
-    ...models.map((model) => ({ title: model, value: model }))
-  ] : models.map((model) => ({
-    title: model === defaultModel ? `${model} (Recommended)` : model,
-    value: model
-  }));
+  const supportsCustomModel = allowsCustomModel(type);
+  const modelChoices = [];
+  if (defaultModel === "") {
+    modelChoices.push({ title: "auto (Recommended)", value: "" });
+  }
+  for (const model of models) {
+    modelChoices.push({
+      title: model === defaultModel ? `${model} (Recommended)` : model,
+      value: model
+    });
+  }
+  if (supportsCustomModel) {
+    modelChoices.push({ title: "Custom model ID", value: "__custom__" });
+  }
   const modelResponse = await prompts2(
     {
       type: "select",
@@ -11262,8 +11528,93 @@ async function promptForModelSelection(type) {
     { onCancel: () => process.exit(0) }
   );
   const selected = modelResponse.model;
+  if (selected === "__custom__") {
+    const placeholder = getCustomModelPlaceholder(type);
+    if (placeholder) {
+      console.log(chalk52.dim(`Example: ${placeholder}`));
+    }
+    const customResponse = await prompts2(
+      {
+        type: "text",
+        name: "customModel",
+        message: "Enter model ID:",
+        validate: (value) => value.length > 0 || "Model ID is required"
+      },
+      { onCancel: () => process.exit(0) }
+    );
+    return customResponse.customModel;
+  }
   return selected === "" ? void 0 : selected;
 }
+async function promptForAuthMethod(type) {
+  const authMethods = getAuthMethodsForType(type);
+  const defaultAuthMethod = getDefaultAuthMethod(type);
+  if (!authMethods) {
+    return "default";
+  }
+  const choices = Object.entries(authMethods).map(([method, config]) => ({
+    title: method === defaultAuthMethod ? `${config.label} (Recommended)` : config.label,
+    value: method
+  }));
+  const response = await prompts2(
+    {
+      type: "select",
+      name: "authMethod",
+      message: "Select authentication method:",
+      choices
+    },
+    { onCancel: () => process.exit(0) }
+  );
+  return response.authMethod;
+}
+function isSecretCredential(name) {
+  const nonSecretPatterns = ["REGION", "ENDPOINT", "URL"];
+  return !nonSecretPatterns.some(
+    (pattern) => name.toUpperCase().includes(pattern)
+  );
+}
+async function promptForCredentials(type, authMethod) {
+  const credentialsConfig = getCredentialsForAuthMethod(type, authMethod);
+  if (!credentialsConfig) {
+    console.error(chalk52.red(`\u2717 Invalid auth method "${authMethod}"`));
+    process.exit(1);
+  }
+  const credentials = {};
+  for (const [name, fieldConfig] of Object.entries(credentialsConfig)) {
+    if (fieldConfig.helpText) {
+      console.log(chalk52.dim(fieldConfig.helpText));
+    }
+    const isSecret = isSecretCredential(name);
+    const placeholder = "placeholder" in fieldConfig ? fieldConfig.placeholder : "";
+    if (fieldConfig.required) {
+      const response = await prompts2(
+        {
+          type: isSecret ? "password" : "text",
+          name: "value",
+          message: `${fieldConfig.label}:`,
+          initial: placeholder ? "" : void 0,
+          validate: (value) => value.length > 0 || `${fieldConfig.label} is required`
+        },
+        { onCancel: () => process.exit(0) }
+      );
+      credentials[name] = response.value;
+    } else {
+      const response = await prompts2(
+        {
+          type: isSecret ? "password" : "text",
+          name: "value",
+          message: `${fieldConfig.label} (optional):`
+        },
+        { onCancel: () => process.exit(0) }
+      );
+      const value = response.value;
+      if (value && value.trim()) {
+        credentials[name] = value.trim();
+      }
+    }
+  }
+  return credentials;
+}
 async function handleInteractiveMode() {
   if (!isInteractive()) {
     console.error(chalk52.red("\u2717 Interactive mode requires a TTY"));
@@ -11279,10 +11630,21 @@ async function handleInteractiveMode() {
   const { modelProviders: configuredProviders } = await listModelProviders();
   const configuredTypes = new Set(configuredProviders.map((p) => p.type));
   const annotatedChoices = Object.entries(MODEL_PROVIDER_TYPES).map(
-    ([type2, config2]) => ({
-      title: configuredTypes.has(type2) ? `${config2.label} \u2713` : config2.label,
-      value: type2
-    })
+    ([type2, config2]) => {
+      const isConfigured = configuredTypes.has(type2);
+      const isExperimental = hasAuthMethods(type2);
+      let title = config2.label;
+      if (isConfigured) {
+        title = `${title} \u2713`;
+      }
+      if (isExperimental) {
+        title = `${title} ${chalk52.dim("(experimental)")}`;
+      }
+      return {
+        title,
+        value: type2
+      };
+    }
   );
   const typeResponse = await prompts2(
     {
@@ -11349,12 +11711,25 @@ async function handleInteractiveMode() {
   console.log();
   console.log(chalk52.dim(config.helpText));
   console.log();
+  if (hasAuthMethods(type)) {
+    const authMethod = await promptForAuthMethod(type);
+    const credentials = await promptForCredentials(type, authMethod);
+    const selectedModel2 = await promptForModelSelection(type);
+    return {
+      type,
+      authMethod,
+      credentials,
+      selectedModel: selectedModel2,
+      isInteractiveMode: true
+    };
+  }
+  const credentialLabel = "credentialLabel" in config ? config.credentialLabel : "credential";
   const credentialResponse = await prompts2(
     {
       type: "password",
       name: "credential",
-      message: `Enter your ${config.credentialLabel}:`,
-      validate: (value) => value.length > 0 || `${config.credentialLabel} is required`
+      message: `Enter your ${credentialLabel}:`,
+      validate: (value) => value.length > 0 || `${credentialLabel} is required`
     },
     { onCancel: () => process.exit(0) }
   );
@@ -11395,21 +11770,31 @@ async function promptSetAsDefault(type, framework, isDefault) {
     console.log(chalk52.green(`\u2713 Default for ${framework} set to "${type}"`));
   }
 }
+function collectCredentials(value, previous) {
+  return previous.concat([value]);
+}
 var setupCommand2 = new Command53().name("setup").description("Configure a model provider").option("-t, --type <type>", "Provider type (for non-interactive mode)").option(
-  "-c, --credential <credential>",
-  "Credential value (for non-interactive mode)"
+  "-c, --credential <value>",
+  "Credential value (can be used multiple times, supports VALUE or KEY=VALUE format)",
+  collectCredentials,
+  []
+).option(
+  "-a, --auth-method <method>",
+  "Auth method (required for multi-auth providers like aws-bedrock)"
 ).option("-m, --model <model>", "Model selection (for non-interactive mode)").option("--convert", "Convert existing user credential to model provider").action(
   async (options) => {
     try {
       let input;
       const shouldConvert = options.convert ?? false;
-      if (options.type && options.credential) {
+      const credentialArgs = options.credential ?? [];
+      if (options.type && credentialArgs.length > 0) {
         input = handleNonInteractiveMode({
           type: options.type,
-          credential: options.credential,
+          credential: credentialArgs,
+          authMethod: options.authMethod,
           model: options.model
         });
-      } else if (options.type || options.credential) {
+      } else if (options.type || credentialArgs.length > 0) {
         console.error(
           chalk52.red("\u2717 Both --type and --credential are required")
         );
@@ -11451,6 +11836,8 @@ var setupCommand2 = new Command53().name("setup").description("Configure a model
       const { provider, created } = await upsertModelProvider({
         type: input.type,
         credential: input.credential,
+        authMethod: input.authMethod,
+        credentials: input.credentials,
         convert: shouldConvert,
         selectedModel: input.selectedModel
       });
@@ -11763,6 +12150,13 @@ async function runAuthFlow(callbacks, apiUrl) {
 }
 
 // src/lib/domain/onboard/model-provider.ts
+var ONBOARD_PROVIDER_TYPES = [
+  "claude-code-oauth-token",
+  "anthropic-api-key",
+  "openrouter-api-key",
+  "moonshot-api-key",
+  "minimax-api-key"
+];
 async function checkModelProviderStatus() {
   const response = await listModelProviders();
   return {
@@ -11771,16 +12165,17 @@ async function checkModelProviderStatus() {
   };
 }
 function getProviderChoices() {
-  return Object.keys(MODEL_PROVIDER_TYPES).map(
-    (type) => ({
+  return ONBOARD_PROVIDER_TYPES.map((type) => {
+    const config = MODEL_PROVIDER_TYPES[type];
+    return {
       type,
-      label: MODEL_PROVIDER_TYPES[type].label,
-      helpText: MODEL_PROVIDER_TYPES[type].helpText,
-      credentialLabel: MODEL_PROVIDER_TYPES[type].credentialLabel,
+      label: config.label,
+      helpText: config.helpText,
+      credentialLabel: "credentialLabel" in config ? config.credentialLabel : "",
       models: getModels(type),
       defaultModel: getDefaultModel(type)
-    })
-  );
+    };
+  });
 }
 async function setupModelProvider(type, credential, options) {
   const response = await upsertModelProvider({
@@ -12162,7 +12557,7 @@ var setupClaudeCommand = new Command58().name("setup-claude").description("Insta
 
 // src/index.ts
 var program = new Command59();
-program.name("vm0").description("VM0 CLI - Build and run agents with natural language").version("9.14.1");
+program.name("vm0").description("VM0 CLI - Build and run agents with natural language").version("9.15.1");
 program.addCommand(authCommand);
 program.addCommand(infoCommand);
 program.addCommand(composeCommand);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@vm0/cli",
-  "version": "9.14.1",
+  "version": "9.15.1",
   "description": "CLI application",
   "repository": {
     "type": "git",