@vm0/cli 9.157.1 → 9.158.1

package/{chunk-YWCHIHYE.js → chunk-Y2IQIGV7.js}

@@ -30012,7 +30012,7 @@ var require_proxy_agent = __commonJS({
         });
       }
       dispatch(opts, handler) {
-        const headers = buildHeaders4(opts.headers);
+        const headers = buildHeaders5(opts.headers);
         throwIfProxyAuthIsSent(headers);
         if (headers && !("host" in headers) && !("Host" in headers)) {
           const { host } = new URL3(opts.origin);
@@ -30048,7 +30048,7 @@ var require_proxy_agent = __commonJS({
         await this[kClient].destroy();
       }
     };
-    function buildHeaders4(headers) {
+    function buildHeaders5(headers) {
       if (Array.isArray(headers)) {
         const headersPair = {};
         for (let i = 0; i < headers.length; i += 2) {
@@ -74083,7 +74083,7 @@ if (DSN) {
   init2({
     dsn: DSN,
     environment: process.env.SENTRY_ENVIRONMENT ?? "production",
-    release: "9.157.1",
+    release: "9.158.1",
     sendDefaultPii: false,
     tracesSampleRate: 0,
     shutdownTimeout: 500,
@@ -74102,7 +74102,7 @@ if (DSN) {
     }
   });
   setContext("cli", {
-    version: "9.157.1",
+    version: "9.158.1",
     command: process.argv.slice(2).join(" ")
   });
   setContext("runtime", {
@@ -74342,7 +74342,8 @@ var FEATURE_SWITCHES = {
   ["pwaOfflineCache" /* PwaOfflineCache */]: {
     maintainer: "ethan@vm0.ai",
     description: "Enable PWA offline caching (static asset cache-first, offline fallback page, and service worker updateViaCache: none)",
-    enabled: false
+    enabled: false,
+    enabledOrgIdHashes: STAFF_ORG_ID_HASHES
   },
   ["mailchimpConnector" /* MailchimpConnector */]: {
     maintainer: "ethan@vm0.ai",
@@ -74380,10 +74381,17 @@ var FEATURE_SWITCHES = {
     enabled: false,
     enabledOrgIdHashes: STAFF_ORG_ID_HASHES
   },
+  ["desktopLocalAgent" /* DesktopLocalAgent */]: {
+    maintainer: "lancy@vm0.ai",
+    description: "Enable the Desktop-owned Local Agent page, folder selection, and native host lifecycle",
+    enabled: false,
+    enabledOrgIdHashes: STAFF_ORG_ID_HASHES
+  },
   ["lab" /* Lab */]: {
     maintainer: "ethan@vm0.ai",
     description: "Show the Lab page for toggling experimental features",
-    enabled: false
+    enabled: false,
+    enabledOrgIdHashes: STAFF_ORG_ID_HASHES
   },
   ["auditLink" /* AuditLink */]: {
     maintainer: "ethan@vm0.ai",
@@ -74408,8 +74416,7 @@ var FEATURE_SWITCHES = {
   ["chatHeaderNewButton" /* ChatHeaderNewButton */]: {
     maintainer: "ethan@vm0.ai",
     description: "Replace the Invite people button in the agent chat page header with a New button that creates a new chat thread",
-    enabled: false,
-    enabledOrgIdHashes: STAFF_ORG_ID_HASHES
+    enabled: false
   },
   ["agentPhoneAppUi" /* AgentPhoneAppUi */]: {
     maintainer: "linghan@vm0.ai",
@@ -74420,8 +74427,7 @@ var FEATURE_SWITCHES = {
   ["chatMessageStartButton" /* ChatMessageStartButton */]: {
     maintainer: "linghan@vm0.ai",
     description: "Show an icon button in assistant message group actions that scrolls back to the start of that message group.",
-    enabled: false,
-    enabledOrgIdHashes: STAFF_ORG_ID_HASHES
+    enabled: false
   },
   ["goal" /* Goal */]: {
     maintainer: "ethan@vm0.ai",
@@ -74432,8 +74438,7 @@ var FEATURE_SWITCHES = {
   ["chatThreadRename" /* ChatThreadRename */]: {
     maintainer: "ethan@vm0.ai",
     description: "Adds a Rename chat item to the sidebar thread kebab menu. When the user renames a thread, automated title generation is suppressed for that thread.",
-    enabled: false,
-    enabledOrgIdHashes: STAFF_ORG_ID_HASHES
+    enabled: false
   },
   ["docsSite" /* DocsSite */]: {
     maintainer: "linghan@vm0.ai",
@@ -74493,6 +74498,11 @@ var FEATURE_SWITCHES = {
     description: "Enable the Zapier connector. When disabled, Zapier is hidden from the connectors list and cannot be connected.",
     enabled: false
   },
+  ["wereadConnector" /* WereadConnector */]: {
+    maintainer: "ethan@vm0.ai",
+    description: "Enable the WeRead (\u5FAE\u4FE1\u8BFB\u4E66) connector. When disabled, WeRead is hidden from the connectors list and cannot be connected.",
+    enabled: false
+  },
   ["voiceChatRealtimeBilling" /* VoiceChatRealtimeBilling */]: {
     maintainer: "lancy@vm0.ai",
     description: "Gate voice-chat realtime billing (Plan D, Epic #12128). When OFF, the token route mints an OpenAI ephemeral token without admission checks and the /session-started, /usage, and /session-ended endpoints are 200 no-ops \u2014 the org gets unmetered voice-chat. When ON, the token route runs credit + pricing admission, /session-started inserts an audit row in voice_chat_realtime_sessions, and the browser self-reports response.done + transcription.completed usage events for billing. Staff-only during rollout; operator flips per org via the feature-switch overrides API.",
@@ -74504,6 +74514,12 @@ var FEATURE_SWITCHES = {
     description: "Enable static hosted-site deployments from zero host. Staff-only during rollout.",
     enabled: false,
     enabledOrgIdHashes: STAFF_ORG_ID_HASHES
+  },
+  ["sandboxIoLimiters" /* SandboxIoLimiters */]: {
+    maintainer: "liangyou@vm0.ai",
+    description: "Enable runner-provided disk and network device rate limiters for sandbox VMs.",
+    enabled: false,
+    enabledOrgIdHashes: STAFF_ORG_ID_HASHES
   }
 };
 function isFeatureEnabled(key, ctx) {
@@ -88971,6 +88987,18 @@ var RUN_ERROR_GUIDANCE = {
     guidance: "Wait for your current run to complete before starting a new one."
   }
 };
+var ACTIONABLE_RUN_ERROR_SNIPPETS = [
+  ...Object.values(RUN_ERROR_GUIDANCE).flatMap((guidance) => {
+    return [guidance.title, guidance.guidance];
+  }),
+  "Cannot continue session",
+  "Invalid signature in thinking block",
+  "Run cancelled",
+  "usage limit",
+  "usage_limit",
+  "usage-limit",
+  "UsageLimit"
+];
 
 // src/lib/api/core/client-factory.ts
 init_esm_shims();
@@ -96227,34 +96255,6 @@ var MODEL_PROVIDER_TYPES = {
     label: "ChatGPT (Codex)",
     helpText: "Run `codex login` on your machine, then paste the resulting ~/.codex/auth.json contents to authorize ChatGPT (Plus / Pro / Business / Edu / Enterprise) for Codex.",
     authMethods: {
-      oauth: {
-        label: "OpenAI OAuth",
-        helpText: "Sign in with OpenAI to authorize ChatGPT (Plus / Pro / Business / Edu / Enterprise) for Codex.",
-        secrets: {
-          CHATGPT_ACCESS_TOKEN: {
-            label: "CHATGPT_ACCESS_TOKEN",
-            required: true,
-            derived: true
-          },
-          CHATGPT_REFRESH_TOKEN: {
-            label: "CHATGPT_REFRESH_TOKEN",
-            required: true,
-            serverOnly: true,
-            derived: true
-          },
-          CHATGPT_ACCOUNT_ID: {
-            label: "CHATGPT_ACCOUNT_ID",
-            required: true,
-            derived: true
-          },
-          CHATGPT_ID_TOKEN: {
-            label: "CHATGPT_ID_TOKEN",
-            required: true,
-            serverOnly: true,
-            derived: true
-          }
-        }
-      },
       // Paste-based auth: client posts CODEX_AUTH_JSON, server parses it via
       // codex-auth-json-parser.ts and persists the four derived CHATGPT_*
       // fields. The raw blob is NEVER stored. The wire-shape secret
@@ -96675,11 +96675,8 @@ var modelProviderResponseSchema = external_exports.object({
   selectedModel: external_exports.string().nullable(),
   createdAt: external_exports.string(),
   updatedAt: external_exports.string(),
-  // ChatGPT-only metadata populated by the codex-oauth-token callback.
-  // Other provider types omit these. Mirrors the server-side connector
-  // shape in apps/web/src/lib/zero/connector/providers/codex-oauth.ts.
-  // The corresponding server route lands in #11909; declared here so the
-  // platform UI does not have to bypass schema validation to read them.
+  // ChatGPT-only metadata populated by the codex-oauth-token auth.json paste
+  // flow. Other provider types omit these.
   workspaceName: external_exports.string().nullable().optional(),
   planType: external_exports.string().nullable().optional(),
   // OAuth refresh state. `needsReconnect` flips to true when the firewall's
@@ -104529,6 +104526,44 @@ var webflow = {
   }
 };
 
+// ../../packages/connectors/src/connectors/weread.ts
+init_esm_shims();
+var weread = {
+  weread: {
+    label: "WeRead",
+    category: "docs-files-knowledge",
+    tags: [
+      "weread",
+      "\u5FAE\u4FE1\u8BFB\u4E66",
+      "wechat reading",
+      "books",
+      "reading",
+      "highlights",
+      "notes",
+      "bookshelf"
+    ],
+    environmentMapping: {
+      WEREAD_API_KEY: "$secrets.WEREAD_API_KEY"
+    },
+    helpText: "Connect WeChat Reading (\u5FAE\u4FE1\u8BFB\u4E66) to search books, browse your bookshelf, and read your notes, highlights, reviews, and reading statistics",
+    authMethods: {
+      "api-token": {
+        featureFlag: "wereadConnector" /* WereadConnector */,
+        label: "WeRead API Key",
+        helpText: "1. Open the [WeRead Skill page](https://weread.qq.com/r/weread-skills)\n2. Scan the QR code with WeChat to sign in to your WeChat Reading account\n3. Copy the generated API key (it begins with `wrk-`)\n4. The key authorises every endpoint under `i.weread.qq.com` and is scoped to your own account data",
+        secrets: {
+          WEREAD_API_KEY: {
+            label: "API Key",
+            required: true,
+            placeholder: "wrk-xxxxxxxxxxxxxxxx"
+          }
+        }
+      }
+    },
+    defaultAuthMethod: "api-token"
+  }
+};
+
 // ../../packages/connectors/src/connectors/wix.ts
 init_esm_shims();
 var wix = {
@@ -105053,6 +105088,7 @@ var CONNECTOR_TYPES_DEF = {
   ...v0,
   ...wandb,
   ...webflow,
+  ...weread,
   ...wix,
   ...workos,
   ...wrike,
@@ -106542,6 +106578,7 @@ var sandboxReuseResultSchema = external_exports.enum([
   "noSessionId",
   "poolMiss",
   "profileMismatch",
+  "deviceLimitMismatch",
   "unparkFailed"
 ]);
 var agentEventSchema = external_exports.object({
@@ -107984,92 +108021,586 @@ init_esm_shims();
 // ../../packages/api-contracts/src/contracts/zero-computer-use.ts
 init_esm_shims();
 var c25 = initContract();
-var registerResponseSchema = external_exports.object({
+var computerUseHostStatusSchema = external_exports.enum(["online", "offline"]);
+var computerUseReadCommandKindSchema = external_exports.enum([
+  "apps.list",
+  "app.state"
+]);
+var computerUseWriteCommandKindSchema = external_exports.enum([
+  "app.open",
+  "element.click",
+  "element.scroll",
+  "element.set_value",
+  "element.perform_action",
+  "keyboard.type_text",
+  "keyboard.press_key"
+]);
+var computerUseCommandKindSchema = external_exports.enum([
+  ...computerUseReadCommandKindSchema.options,
+  ...computerUseWriteCommandKindSchema.options
+]);
+var computerUseCommandStatusSchema = external_exports.enum([
+  "pending_approval",
+  "queued",
+  "running",
+  "succeeded",
+  "failed"
+]);
+var computerUseCommandErrorCodeSchema = external_exports.enum([
+  "no_host",
+  "permission_denied",
+  "accessibility_unavailable",
+  "screen_recording_unavailable",
+  "unsupported_command",
+  "timeout"
+]);
+var hostNameSchema = external_exports.string().trim().min(1).max(128);
+var hostVersionSchema = external_exports.string().trim().min(1).max(64);
+var hostOsVersionSchema = external_exports.string().trim().min(1).max(128);
+var hostIdPathParamsSchema = external_exports.object({
+  hostId: external_exports.string().min(1)
+});
+var commandIdPathParamsSchema = external_exports.object({
+  commandId: external_exports.string().min(1)
+});
+var supportedCapabilitiesSchema = external_exports.array(external_exports.string().trim().min(1).max(128)).max(50);
+var appNameSchema = external_exports.string().trim().min(1).max(256);
+var snapshotIdSchema = external_exports.string().trim().min(1).max(256);
+var elementIdSchema = external_exports.string().trim().min(1).max(256);
+var computerUsePermissionsSchema = external_exports.object({
+  accessibility: external_exports.boolean(),
+  screenRecording: external_exports.boolean()
+});
+var computerUseRuntimeBodySchema = external_exports.object({
+  hostName: hostNameSchema,
+  appVersion: hostVersionSchema,
+  osVersion: hostOsVersionSchema,
+  supportedCapabilities: supportedCapabilitiesSchema.default([]),
+  permissions: computerUsePermissionsSchema
+});
+var computerUseCommandTargetShape = {
+  hostId: external_exports.string().min(1).optional(),
+  hostName: hostNameSchema.optional(),
+  timeoutMs: external_exports.number().int().min(1e3).max(6e4).default(15e3)
+};
+var computerUseCommandPayloadShape = {
+  app: appNameSchema.optional(),
+  snapshotId: snapshotIdSchema.optional(),
+  elementId: elementIdSchema.optional(),
+  x: external_exports.number().int().min(0).optional(),
+  y: external_exports.number().int().min(0).optional(),
+  button: external_exports.enum(["left", "right", "middle"]).optional(),
+  clickCount: external_exports.number().int().min(1).max(3).optional(),
+  direction: external_exports.enum(["up", "down", "left", "right"]).optional(),
+  pages: external_exports.number().positive().max(25).optional(),
+  value: external_exports.string().min(1).max(64e3).optional(),
+  text: external_exports.string().min(1).max(64e3).optional(),
+  key: external_exports.string().trim().min(1).max(256).optional(),
+  action: external_exports.string().trim().min(1).max(256).optional()
+};
+var computerUseCommandCreateBodySchema = external_exports.object({
+  kind: computerUseReadCommandKindSchema,
+  ...computerUseCommandTargetShape,
+  ...computerUseCommandPayloadShape
+}).superRefine((body, ctx) => {
+  if (body.kind === "app.state" && !body.app) {
+    ctx.addIssue({
+      code: "custom",
+      path: ["app"],
+      message: "app.state requires app"
+    });
+  }
+});
+var computerUseWriteCommandCreateBaseSchema = external_exports.object({
+  kind: computerUseWriteCommandKindSchema,
+  ...computerUseCommandTargetShape,
+  ...computerUseCommandPayloadShape
+});
+function requireComputerUseField(ctx, field, message) {
+  ctx.addIssue({ code: "custom", path: [field], message });
+}
+function validateElementClickCommand(body, ctx) {
+  const hasPoint = body.x !== void 0 && body.y !== void 0;
+  if (!body.elementId && !hasPoint) {
+    requireComputerUseField(
+      ctx,
+      "elementId",
+      "element.click requires elementId or x/y"
+    );
+  }
+  if (body.x === void 0 !== (body.y === void 0)) {
+    requireComputerUseField(
+      ctx,
+      "x",
+      "element.click coordinates require both x and y"
+    );
+  }
+}
+function validateElementScrollCommand(body, ctx) {
+  if (!body.elementId) {
+    requireComputerUseField(
+      ctx,
+      "elementId",
+      "element.scroll requires elementId"
+    );
+  }
+  if (!body.direction) {
+    requireComputerUseField(
+      ctx,
+      "direction",
+      "element.scroll requires direction"
+    );
+  }
+}
+function validateElementSetValueCommand(body, ctx) {
+  if (!body.elementId) {
+    requireComputerUseField(
+      ctx,
+      "elementId",
+      "element.set_value requires elementId"
+    );
+  }
+  if (!body.value) {
+    requireComputerUseField(ctx, "value", "element.set_value requires value");
+  }
+}
+function validateElementActionCommand(body, ctx) {
+  if (!body.elementId) {
+    requireComputerUseField(
+      ctx,
+      "elementId",
+      "element.perform_action requires elementId"
+    );
+  }
+  if (!body.action) {
+    requireComputerUseField(
+      ctx,
+      "action",
+      "element.perform_action requires action"
+    );
+  }
+}
+function validateComputerUseWriteCommand(body, ctx) {
+  if (!body.app) {
+    requireComputerUseField(ctx, "app", `${body.kind} requires app`);
+    return;
+  }
+  switch (body.kind) {
+    case "app.open":
+      return;
+    case "element.click":
+      validateElementClickCommand(body, ctx);
+      return;
+    case "element.scroll":
+      validateElementScrollCommand(body, ctx);
+      return;
+    case "element.set_value":
+      validateElementSetValueCommand(body, ctx);
+      return;
+    case "element.perform_action":
+      validateElementActionCommand(body, ctx);
+      return;
+    case "keyboard.type_text":
+      if (!body.text) {
+        requireComputerUseField(
+          ctx,
+          "text",
+          "keyboard.type_text requires text"
+        );
+      }
+      return;
+    case "keyboard.press_key":
+      if (!body.key) {
+        requireComputerUseField(ctx, "key", "keyboard.press_key requires key");
+      }
+  }
+}
+var computerUseWriteCommandCreateBodySchema = computerUseWriteCommandCreateBaseSchema.superRefine(
+  validateComputerUseWriteCommand
+);
+var computerUseCommandErrorSchema = external_exports.object({
+  code: computerUseCommandErrorCodeSchema,
+  message: external_exports.string()
+});
+var computerUseCommandResultSchema = external_exports.record(external_exports.string(), external_exports.unknown());
+var computerUseHostSchema = external_exports.object({
   id: external_exports.string(),
-  domain: external_exports.string(),
-  token: external_exports.string(),
-  ngrokToken: external_exports.string(),
-  endpointPrefix: external_exports.string()
+  displayName: external_exports.string(),
+  appVersion: external_exports.string(),
+  osVersion: external_exports.string(),
+  supportedCapabilities: external_exports.array(external_exports.string()),
+  permissions: computerUsePermissionsSchema,
+  status: computerUseHostStatusSchema,
+  lastSeenAt: external_exports.string(),
+  createdAt: external_exports.string()
 });
-var hostResponseSchema = external_exports.object({
-  domain: external_exports.string(),
-  token: external_exports.string()
+var computerUseHostStartResponseSchema = external_exports.object({
+  hostId: external_exports.string(),
+  hostToken: external_exports.string()
 });
-var zeroComputerUseRegisterContract = c25.router({
-  register: {
+var computerUseHeartbeatResponseSchema = external_exports.object({
+  ok: external_exports.literal(true),
+  hostId: external_exports.string()
+});
+var computerUseHostListResponseSchema = external_exports.object({
+  hosts: external_exports.array(computerUseHostSchema)
+});
+var computerUseHostDeleteResponseSchema = external_exports.object({
+  ok: external_exports.literal(true)
+});
+var computerUseCommandCreateResponseSchema = external_exports.object({
+  commandId: external_exports.string(),
+  status: external_exports.enum(["queued", "pending_approval"])
+});
+var computerUseCommandResponseSchema = external_exports.object({
+  id: external_exports.string(),
+  kind: computerUseCommandKindSchema,
+  status: computerUseCommandStatusSchema,
+  hostId: external_exports.string().nullable(),
+  hostName: external_exports.string().nullable(),
+  payload: external_exports.record(external_exports.string(), external_exports.unknown()),
+  result: computerUseCommandResultSchema.optional(),
+  error: computerUseCommandErrorSchema.optional(),
+  timeoutMs: external_exports.number().int().nullable(),
+  createdAt: external_exports.string(),
+  claimedAt: external_exports.string().nullable(),
+  completedAt: external_exports.string().nullable()
+});
+var computerUseCommandApprovalBodySchema = external_exports.object({
+  decision: external_exports.enum(["approve", "deny"]),
+  message: external_exports.string().max(512).optional()
+});
+var computerUseCommandApprovalResponseSchema = external_exports.object({
+  commandId: external_exports.string(),
+  status: external_exports.enum(["queued", "failed"])
+});
+var computerUseHostCommandNextBodySchema = external_exports.object({
+  supportedCapabilities: supportedCapabilitiesSchema.default([])
+});
+var computerUseHostCommandNextResponseSchema = external_exports.discriminatedUnion(
+  "status",
+  [
+    external_exports.object({ status: external_exports.literal("idle") }),
+    external_exports.object({
+      status: external_exports.literal("command"),
+      command: computerUseCommandResponseSchema
+    })
+  ]
+);
+var computerUseHostCommandCompleteBodySchema = external_exports.discriminatedUnion(
+  "status",
+  [
+    external_exports.object({
+      status: external_exports.literal("succeeded"),
+      result: computerUseCommandResultSchema
+    }),
+    external_exports.object({
+      status: external_exports.literal("failed"),
+      error: computerUseCommandErrorSchema
+    })
+  ]
+);
+var computerUseCommandCompleteResponseSchema = external_exports.object({
+  ok: external_exports.literal(true)
+});
+var computerUseAuditEventSchema = external_exports.object({
+  id: external_exports.string(),
+  commandId: external_exports.string(),
+  runId: external_exports.string().nullable(),
+  hostId: external_exports.string().nullable(),
+  kind: computerUseWriteCommandKindSchema,
+  app: external_exports.string().nullable(),
+  event: external_exports.enum(["created", "approved", "denied", "completed"]),
+  approvalOutcome: external_exports.enum(["approved", "denied"]).nullable(),
+  redactedResult: external_exports.record(external_exports.string(), external_exports.unknown()).nullable(),
+  error: external_exports.record(external_exports.string(), external_exports.unknown()).nullable(),
+  createdAt: external_exports.string()
+});
+var computerUseAuditEventListResponseSchema = external_exports.object({
+  auditEvents: external_exports.array(computerUseAuditEventSchema)
+});
+var zeroComputerUseHostsContract = c25.router({
+  start: {
     method: "POST",
-    path: "/api/zero/computer-use/register",
+    path: "/api/zero/computer-use/hosts/start",
     headers: authHeadersSchema,
-    body: c25.noBody(),
+    body: computerUseRuntimeBodySchema,
     responses: {
-      200: registerResponseSchema,
+      200: computerUseHostStartResponseSchema,
       401: apiErrorSchema,
-      403: apiErrorSchema,
-      409: apiErrorSchema
+      403: apiErrorSchema
     },
-    summary: "Register a computer-use host"
-  }
-});
-var zeroComputerUseUnregisterContract = c25.router({
-  unregister: {
+    summary: "Start or reactivate a desktop computer-use host"
+  },
+  list: {
+    method: "GET",
+    path: "/api/zero/computer-use/hosts",
+    headers: authHeadersSchema,
+    responses: {
+      200: computerUseHostListResponseSchema,
+      401: apiErrorSchema,
+      403: apiErrorSchema
+    },
+    summary: "List linked desktop computer-use hosts"
+  },
+  delete: {
     method: "DELETE",
-    path: "/api/zero/computer-use/unregister",
+    path: "/api/zero/computer-use/hosts/:hostId",
     headers: authHeadersSchema,
-    body: c25.noBody(),
+    pathParams: hostIdPathParamsSchema,
     responses: {
-      204: c25.noBody(),
+      200: computerUseHostDeleteResponseSchema,
       401: apiErrorSchema,
       403: apiErrorSchema,
       404: apiErrorSchema
     },
-    summary: "Unregister a computer-use host"
+    summary: "Delete a desktop computer-use host"
   }
 });
-var zeroComputerUseHostContract = c25.router({
-  getHost: {
+var zeroComputerUseHeartbeatContract = c25.router({
+  heartbeat: {
+    method: "POST",
+    path: "/api/zero/computer-use/heartbeat",
+    headers: authHeadersSchema,
+    body: computerUseRuntimeBodySchema,
+    responses: {
+      200: computerUseHeartbeatResponseSchema,
+      401: apiErrorSchema
+    },
+    summary: "Refresh a desktop computer-use host heartbeat"
+  }
+});
+var zeroComputerUseCommandContract = c25.router({
+  create: {
+    method: "POST",
+    path: "/api/zero/computer-use/commands",
+    headers: authHeadersSchema,
+    body: computerUseCommandCreateBodySchema,
+    responses: {
+      200: computerUseCommandCreateResponseSchema,
+      400: apiErrorSchema,
+      401: apiErrorSchema,
+      403: apiErrorSchema,
+      404: apiErrorSchema,
+      409: apiErrorSchema
+    },
+    summary: "Create a read-only desktop computer-use command"
+  },
+  get: {
     method: "GET",
-    path: "/api/zero/computer-use/host",
+    path: "/api/zero/computer-use/commands/:commandId",
     headers: authHeadersSchema,
+    pathParams: commandIdPathParamsSchema,
     responses: {
-      200: hostResponseSchema,
+      200: computerUseCommandResponseSchema,
       401: apiErrorSchema,
       403: apiErrorSchema,
       404: apiErrorSchema
     },
-    summary: "Get computer-use host for the current user"
+    summary: "Get a desktop computer-use command result"
+  }
+});
+var zeroComputerUseWriteCommandContract = c25.router({
+  create: {
+    method: "POST",
+    path: "/api/zero/computer-use/write-commands",
+    headers: authHeadersSchema,
+    body: computerUseWriteCommandCreateBodySchema,
+    responses: {
+      200: computerUseCommandCreateResponseSchema,
+      400: apiErrorSchema,
+      401: apiErrorSchema,
+      403: apiErrorSchema,
+      404: apiErrorSchema,
+      409: apiErrorSchema
+    },
+    summary: "Create an approved-write desktop computer-use command"
+  }
+});
+var zeroComputerUseCommandApprovalContract = c25.router({
+  decide: {
+    method: "POST",
+    path: "/api/zero/computer-use/commands/:commandId/approval",
+    headers: authHeadersSchema,
+    pathParams: commandIdPathParamsSchema,
+    body: computerUseCommandApprovalBodySchema,
+    responses: {
+      200: computerUseCommandApprovalResponseSchema,
+      401: apiErrorSchema,
+      403: apiErrorSchema,
+      404: apiErrorSchema,
+      409: apiErrorSchema
+    },
+    summary: "Approve or deny a pending desktop computer-use write command"
+  }
+});
+var zeroComputerUseHostCommandsContract = c25.router({
+  next: {
+    method: "POST",
+    path: "/api/zero/computer-use/host/commands/next",
+    headers: authHeadersSchema,
+    body: computerUseHostCommandNextBodySchema,
+    responses: {
+      200: computerUseHostCommandNextResponseSchema,
+      401: apiErrorSchema
+    },
+    summary: "Claim the next approved desktop computer-use command"
+  },
+  complete: {
+    method: "POST",
+    path: "/api/zero/computer-use/host/commands/:commandId/complete",
+    headers: authHeadersSchema,
+    pathParams: commandIdPathParamsSchema,
+    body: computerUseHostCommandCompleteBodySchema,
+    responses: {
+      200: computerUseCommandCompleteResponseSchema,
+      400: apiErrorSchema,
+      401: apiErrorSchema,
+      404: apiErrorSchema,
+      409: apiErrorSchema
+    },
+    summary: "Complete a desktop computer-use command"
+  }
+});
+var zeroComputerUseAuditEventsContract = c25.router({
+  list: {
+    method: "GET",
+    path: "/api/zero/computer-use/audit-events",
+    headers: authHeadersSchema,
+    query: external_exports.object({
+      limit: external_exports.coerce.number().int().positive().max(200).default(50),
+      commandId: external_exports.string().optional(),
+      hostId: external_exports.string().optional(),
+      runId: external_exports.string().optional()
+    }),
+    responses: {
+      200: computerUseAuditEventListResponseSchema,
+      401: apiErrorSchema,
+      403: apiErrorSchema
+    },
+    summary: "List desktop computer-use write command audit events"
   }
 });
 
 // src/lib/api/domains/zero-computer-use.ts
-async function registerComputerUseHost() {
-  const config4 = await getClientConfig();
-  const client = initClient(zeroComputerUseRegisterContract, config4);
-  const result = await client.register({});
+function normalizeConfiguredUrl(value) {
+  return value.startsWith("http") ? value : `https://${value}`;
+}
+function resolveComputerUseApiBaseUrl(baseUrl) {
+  const override = process.env.VM0_API_BACKEND_URL;
+  if (override) {
+    return normalizeConfiguredUrl(override).replace(/\/$/, "");
+  }
+  const url2 = new URL(baseUrl);
+  if (url2.hostname === "www.vm0.ai" || url2.hostname === "app.vm0.ai") {
+    url2.hostname = "api.vm0.ai";
+  }
+  return url2.toString().replace(/\/$/, "");
+}
+function buildHeaders2(token) {
+  const headers = {};
+  if (token) {
+    headers.Authorization = `Bearer ${token}`;
+  }
+  const bypassSecret = process.env.VERCEL_AUTOMATION_BYPASS_SECRET;
+  if (bypassSecret) {
+    headers["x-vercel-protection-bypass"] = bypassSecret;
+  }
+  return headers;
+}
+async function getComputerUseClientConfig() {
+  const baseUrl = resolveComputerUseApiBaseUrl(await getBaseUrl());
+  const token = await getActiveToken();
+  if (!token) {
+    throw new ApiRequestError("Not authenticated", "UNAUTHORIZED", 401);
+  }
+  return {
+    baseUrl,
+    baseHeaders: buildHeaders2(token),
+    jsonQuery: false
+  };
+}
+function commandBody(params) {
+  return {
+    kind: params.kind,
+    timeoutMs: params.timeoutMs ?? 15e3,
+    ...params.hostId ? { hostId: params.hostId } : {},
+    ...params.hostName ? { hostName: params.hostName } : {},
+    ...params.app ? { app: params.app } : {},
+    ...params.snapshotId ? { snapshotId: params.snapshotId } : {},
+    ...params.elementId ? { elementId: params.elementId } : {},
+    ...params.x !== void 0 ? { x: params.x } : {},
+    ...params.y !== void 0 ? { y: params.y } : {},
+    ...params.button ? { button: params.button } : {},
+    ...params.clickCount !== void 0 ? { clickCount: params.clickCount } : {},
+    ...params.direction ? { direction: params.direction } : {},
+    ...params.pages !== void 0 ? { pages: params.pages } : {},
+    ...params.value !== void 0 ? { value: params.value } : {},
+    ...params.text !== void 0 ? { text: params.text } : {},
+    ...params.key ? { key: params.key } : {},
+    ...params.action ? { action: params.action } : {}
+  };
+}
+async function createComputerUseReadCommand(params) {
+  const config4 = await getComputerUseClientConfig();
+  const client = initClient(zeroComputerUseCommandContract, config4);
+  const result = await client.create({ body: commandBody(params) });
   if (result.status === 200) {
     return result.body;
   }
-  handleError(result, "Failed to register computer-use host");
+  handleError(result, "Failed to create computer-use command");
 }
-async function unregisterComputerUseHost() {
-  const config4 = await getClientConfig();
-  const client = initClient(zeroComputerUseUnregisterContract, config4);
-  const result = await client.unregister({});
-  if (result.status === 204) {
-    return;
+async function createComputerUseWriteCommand(params) {
+  const config4 = await getComputerUseClientConfig();
+  const client = initClient(zeroComputerUseWriteCommandContract, config4);
+  const result = await client.create({ body: commandBody(params) });
+  if (result.status === 200) {
+    return result.body;
   }
-  handleError(result, "Failed to unregister computer-use host");
+  handleError(result, "Failed to create computer-use write command");
 }
-async function getComputerUseHost() {
-  const config4 = await getClientConfig();
-  const client = initClient(zeroComputerUseHostContract, config4);
-  const result = await client.getHost({ headers: {} });
+async function getComputerUseCommand(commandId) {
+  const config4 = await getComputerUseClientConfig();
+  const client = initClient(zeroComputerUseCommandContract, config4);
+  const result = await client.get({ params: { commandId } });
   if (result.status === 200) {
     return result.body;
   }
-  if (result.status === 404) {
-    return null;
+  handleError(result, "Failed to get computer-use command");
+}
+async function listComputerUseHosts() {
+  const config4 = await getComputerUseClientConfig();
+  const client = initClient(zeroComputerUseHostsContract, config4);
+  const result = await client.list({ headers: {} });
+  if (result.status === 200) {
+    return result.body;
+  }
+  handleError(result, "Failed to list computer-use hosts");
+}
+async function deleteComputerUseHost(hostId) {
+  const config4 = await getComputerUseClientConfig();
+  const client = initClient(zeroComputerUseHostsContract, config4);
+  const result = await client.delete({ params: { hostId } });
+  if (result.status === 200) {
+    return result.body;
+  }
+  handleError(result, "Failed to revoke computer-use host");
+}
+async function listComputerUseAuditEvents(params) {
+  const config4 = await getComputerUseClientConfig();
+  const client = initClient(zeroComputerUseAuditEventsContract, config4);
+  const result = await client.list({
+    query: {
+      limit: params.limit ?? 50,
+      ...params.commandId ? { commandId: params.commandId } : {},
+      ...params.hostId ? { hostId: params.hostId } : {},
+      ...params.runId ? { runId: params.runId } : {}
+    }
+  });
+  if (result.status === 200) {
+    return result.body;
   }
-  handleError(result, "Failed to get computer-use host");
+  handleError(result, "Failed to list computer-use audit events");
 }
 
 // src/lib/api/domains/zero-local-agent.ts
@@ -108141,7 +108672,7 @@ var localAgentJobStatusSchema = external_exports.enum([
   "failed"
 ]);
 var localAgentHostStatusSchema = external_exports.enum(["online", "closed"]);
-var hostNameSchema = external_exports.string().trim().min(1).max(128);
+var hostNameSchema2 = external_exports.string().trim().min(1).max(128);
 var supportedBackendsSchema = external_exports.array(localAgentBackendSchema).min(1).max(2);
 var promptSchema = external_exports.string().trim().min(1).max(6e4);
 var localAgentRealtimeSubscriptionSchema = external_exports.object({
@@ -108243,7 +108774,7 @@ var zeroLocalAgentDeviceStartContract = c27.router({
     method: "POST",
     path: "/api/zero/local-agent/device/start",
     body: external_exports.object({
-      hostName: hostNameSchema,
+      hostName: hostNameSchema2,
       supportedBackends: supportedBackendsSchema
     }),
     responses: {
@@ -108293,7 +108824,7 @@ var zeroLocalAgentHeartbeatContract = c27.router({
     path: "/api/zero/local-agent/heartbeat",
     headers: authHeadersSchema,
     body: external_exports.object({
-      hostName: hostNameSchema,
+      hostName: hostNameSchema2,
       supportedBackends: supportedBackendsSchema,
       realtimeConnected: external_exports.boolean().optional()
     }),
@@ -108376,7 +108907,7 @@ var zeroLocalAgentHostsContract = c27.router({
     path: "/api/zero/local-agent/hosts/start",
     headers: authHeadersSchema,
     body: external_exports.object({
-      hostName: hostNameSchema,
+      hostName: hostNameSchema2,
       supportedBackends: supportedBackendsSchema,
       hostId: external_exports.string().min(1).optional()
     }),
@@ -108468,13 +108999,13 @@ var zeroLocalAgentHostJobsContract = c27.router({
 });
 
 // src/lib/api/domains/zero-local-agent.ts
-function normalizeConfiguredUrl(value) {
+function normalizeConfiguredUrl2(value) {
   return value.startsWith("http") ? value : `https://${value}`;
 }
 function resolveLocalAgentApiBaseUrl(baseUrl) {
   const override = process.env.VM0_API_BACKEND_URL;
   if (override) {
-    return normalizeConfiguredUrl(override).replace(/\/$/, "");
+    return normalizeConfiguredUrl2(override).replace(/\/$/, "");
   }
   const url2 = new URL(baseUrl);
   if (url2.hostname === "www.vm0.ai" || url2.hostname === "app.vm0.ai") {
@@ -108482,7 +109013,7 @@ function resolveLocalAgentApiBaseUrl(baseUrl) {
   }
   return url2.toString().replace(/\/$/, "");
 }
-function buildHeaders2(token) {
+function buildHeaders3(token) {
   const headers = {};
   if (token) {
     headers.Authorization = `Bearer ${token}`;
@@ -108506,7 +109037,7 @@ async function getLocalAgentClientConfig() {
   };
 }
 function buildBearerHeaders(token) {
-  return buildHeaders2(token);
+  return buildHeaders3(token);
 }
 async function sendLocalAgentHeartbeat(params) {
   const baseUrl = resolveLocalAgentApiBaseUrl(await getBaseUrl());
@@ -108694,7 +109225,7 @@ var localBrowserCommandErrorCodeSchema = external_exports.enum([
   "timeout",
   "unsupported_command"
 ]);
-var hostNameSchema2 = external_exports.string().trim().min(1).max(128);
+var hostNameSchema3 = external_exports.string().trim().min(1).max(128);
 var browserSchema = external_exports.string().trim().min(1).max(64);
 var extensionVersionSchema = external_exports.string().trim().min(1).max(64);
 var tabIdSchema = external_exports.string().trim().min(1).max(128);
@@ -108703,12 +109234,12 @@ var targetUrlSchema = external_exports.string().trim().url().max(2048).refine((v
   return protocol === "http:" || protocol === "https:";
 }, "URL must use http or https");
 var cssSelectorSchema = external_exports.string().trim().min(1).max(1024);
-var supportedCapabilitiesSchema = external_exports.array(external_exports.string().trim().min(1).max(128)).max(50);
+var supportedCapabilitiesSchema2 = external_exports.array(external_exports.string().trim().min(1).max(128)).max(50);
 var localBrowserRuntimeBodySchema = external_exports.object({
-  hostName: hostNameSchema2,
+  hostName: hostNameSchema3,
   browser: browserSchema,
   extensionVersion: extensionVersionSchema,
-  supportedCapabilities: supportedCapabilitiesSchema.default([])
+  supportedCapabilities: supportedCapabilitiesSchema2.default([])
 });
 var localBrowserRealtimeSubscriptionSchema = external_exports.object({
   channelName: external_exports.string(),
@@ -108783,7 +109314,7 @@ var localBrowserHostDeleteResponseSchema = external_exports.object({
 var localBrowserCommandTargetShape = {
   tabId: tabIdSchema.optional(),
   hostId: external_exports.string().min(1).optional(),
-  hostName: hostNameSchema2.optional(),
+  hostName: hostNameSchema3.optional(),
   timeoutMs: external_exports.number().int().min(1e3).max(6e4).default(15e3)
 };
 var localBrowserCommandCreateBodySchema = external_exports.object({
@@ -109182,7 +109713,7 @@ var zeroLocalBrowserHostCommandsContract = c28.router({
     path: "/api/zero/local-browser/host/commands/next",
     headers: authHeadersSchema,
     body: external_exports.object({
-      supportedCapabilities: supportedCapabilitiesSchema.default([])
+      supportedCapabilities: supportedCapabilitiesSchema2.default([])
     }),
     responses: {
       200: localBrowserHostCommandNextResponseSchema,
@@ -109211,13 +109742,13 @@ var zeroLocalBrowserHostCommandsContract = c28.router({
 });
 
 // src/lib/api/domains/zero-local-browser.ts
-function normalizeConfiguredUrl2(value) {
+function normalizeConfiguredUrl3(value) {
   return value.startsWith("http") ? value : `https://${value}`;
 }
 function resolveLocalBrowserApiBaseUrl(baseUrl) {
   const override = process.env.VM0_API_BACKEND_URL;
   if (override) {
-    return normalizeConfiguredUrl2(override).replace(/\/$/, "");
+    return normalizeConfiguredUrl3(override).replace(/\/$/, "");
   }
   const url2 = new URL(baseUrl);
   if (url2.hostname === "www.vm0.ai" || url2.hostname === "app.vm0.ai") {
@@ -109225,7 +109756,7 @@ function resolveLocalBrowserApiBaseUrl(baseUrl) {
   }
   return url2.toString().replace(/\/$/, "");
 }
-function buildHeaders3(token) {
+function buildHeaders4(token) {
   const headers = {};
   if (token) {
     headers.Authorization = `Bearer ${token}`;
@@ -109244,7 +109775,7 @@ async function getLocalBrowserClientConfig() {
   }
   return {
     baseUrl,
-    baseHeaders: buildHeaders3(token),
+    baseHeaders: buildHeaders4(token),
     jsonQuery: false
   };
 }
@@ -122744,6 +123275,27 @@ var webflowFirewall = {
   ]
 };
 
+// ../../packages/connectors/src/firewalls/weread.generated.ts
+init_esm_shims();
+var wereadFirewall = {
+  name: "weread",
+  description: "WeRead (\u5FAE\u4FE1\u8BFB\u4E66) Agent gateway: bookshelf, notes, reading stats, search",
+  placeholders: {
+    WEREAD_API_KEY: "wrk-CoffeeSafeLocalCoffeeSafeLocalCoffee"
+  },
+  apis: [
+    {
+      base: "https://i.weread.qq.com",
+      auth: {
+        headers: {
+          Authorization: "Bearer ${{ secrets.WEREAD_API_KEY }}"
+        }
+      },
+      permissions: []
+    }
+  ]
+};
+
 // ../../packages/connectors/src/firewalls/wix.generated.ts
 init_esm_shims();
 var wixFirewall = {
@@ -125067,6 +125619,7 @@ var CONNECTOR_FIREWALLS = {
   vercel: vercelFirewall,
   wandb: wandbFirewall,
   webflow: webflowFirewall,
+  weread: wereadFirewall,
   wix: wixFirewall,
   workos: workosFirewall,
   wrike: wrikeFirewall,
@@ -127324,34 +127877,6 @@ var zeroPersonalModelProvidersByTypeContract = c65.router({
     summary: "Delete a personal model provider for the requesting user"
   }
 });
-var zeroPersonalModelProvidersCodexOauthContract = c65.router({
-  authorize: {
-    method: "GET",
-    path: "/api/zero/me/model-providers/codex-oauth-token/oauth/authorize",
-    headers: authHeadersSchema,
-    responses: {
-      307: c65.noBody(),
-      404: external_exports.object({ error: external_exports.string() }),
-      500: external_exports.object({ error: external_exports.string() })
-    },
-    summary: "Start Codex OAuth for a personal model provider"
-  },
-  callback: {
-    method: "GET",
-    path: "/api/zero/me/model-providers/codex-oauth-token/oauth/callback",
-    headers: authHeadersSchema,
-    query: external_exports.object({
-      code: external_exports.string().optional(),
-      state: external_exports.string().optional(),
-      error: external_exports.string().optional(),
-      error_description: external_exports.string().optional()
-    }),
-    responses: {
-      307: c65.noBody()
-    },
-    summary: "Complete Codex OAuth for a personal model provider"
-  }
-});
 
 // ../../packages/api-contracts/src/contracts/api-keys.ts
 init_esm_shims();
@@ -131541,9 +132066,12 @@ export {
   searchLogs,
   requestDeveloperSupportConsent,
   submitDeveloperSupport,
-  registerComputerUseHost,
-  unregisterComputerUseHost,
-  getComputerUseHost,
+  createComputerUseReadCommand,
+  createComputerUseWriteCommand,
+  getComputerUseCommand,
+  listComputerUseHosts,
+  deleteComputerUseHost,
+  listComputerUseAuditEvents,
   createLocalBrowserReadCommand,
   createLocalBrowserWriteCommand,
   getLocalBrowserReadCommand,
@@ -131607,4 +132135,4 @@ undici/lib/web/fetch/body.js:
 undici/lib/web/websocket/frame.js:
   (*! ws. MIT License. Einar Otto Stangvik <einaros@gmail.com> *)
 */
-//# sourceMappingURL=chunk-YWCHIHYE.js.map
+//# sourceMappingURL=chunk-Y2IQIGV7.js.map