@vm0/cli 9.158.0 → 9.158.2

package/{chunk-AUKY6FBC.js → chunk-KLSNDWRO.js}

@@ -74083,7 +74083,7 @@ if (DSN) {
   init2({
     dsn: DSN,
     environment: process.env.SENTRY_ENVIRONMENT ?? "production",
-    release: "9.158.0",
+    release: "9.158.2",
     sendDefaultPii: false,
     tracesSampleRate: 0,
     shutdownTimeout: 500,
@@ -74102,7 +74102,7 @@ if (DSN) {
     }
   });
   setContext("cli", {
-    version: "9.158.0",
+    version: "9.158.2",
     command: process.argv.slice(2).join(" ")
   });
   setContext("runtime", {
@@ -74498,6 +74498,11 @@ var FEATURE_SWITCHES = {
     description: "Enable the Zapier connector. When disabled, Zapier is hidden from the connectors list and cannot be connected.",
     enabled: false
   },
+  ["wereadConnector" /* WereadConnector */]: {
+    maintainer: "ethan@vm0.ai",
+    description: "Enable the WeRead (\u5FAE\u4FE1\u8BFB\u4E66) connector. When disabled, WeRead is hidden from the connectors list and cannot be connected.",
+    enabled: false
+  },
   ["voiceChatRealtimeBilling" /* VoiceChatRealtimeBilling */]: {
     maintainer: "lancy@vm0.ai",
     description: "Gate voice-chat realtime billing (Plan D, Epic #12128). When OFF, the token route mints an OpenAI ephemeral token without admission checks and the /session-started, /usage, and /session-ended endpoints are 200 no-ops \u2014 the org gets unmetered voice-chat. When ON, the token route runs credit + pricing admission, /session-started inserts an audit row in voice_chat_realtime_sessions, and the browser self-reports response.done + transcription.completed usage events for billing. Staff-only during rollout; operator flips per org via the feature-switch overrides API.",
@@ -74509,6 +74514,12 @@ var FEATURE_SWITCHES = {
     description: "Enable static hosted-site deployments from zero host. Staff-only during rollout.",
     enabled: false,
     enabledOrgIdHashes: STAFF_ORG_ID_HASHES
+  },
+  ["sandboxIoLimiters" /* SandboxIoLimiters */]: {
+    maintainer: "liangyou@vm0.ai",
+    description: "Enable runner-provided disk and network device rate limiters for sandbox VMs.",
+    enabled: false,
+    enabledOrgIdHashes: STAFF_ORG_ID_HASHES
   }
 };
 function isFeatureEnabled(key, ctx) {
@@ -88976,6 +88987,18 @@ var RUN_ERROR_GUIDANCE = {
     guidance: "Wait for your current run to complete before starting a new one."
   }
 };
+var ACTIONABLE_RUN_ERROR_SNIPPETS = [
+  ...Object.values(RUN_ERROR_GUIDANCE).flatMap((guidance) => {
+    return [guidance.title, guidance.guidance];
+  }),
+  "Cannot continue session",
+  "Invalid signature in thinking block",
+  "Run cancelled",
+  "usage limit",
+  "usage_limit",
+  "usage-limit",
+  "UsageLimit"
+];
 
 // src/lib/api/core/client-factory.ts
 init_esm_shims();
@@ -96232,34 +96255,6 @@ var MODEL_PROVIDER_TYPES = {
     label: "ChatGPT (Codex)",
     helpText: "Run `codex login` on your machine, then paste the resulting ~/.codex/auth.json contents to authorize ChatGPT (Plus / Pro / Business / Edu / Enterprise) for Codex.",
     authMethods: {
-      oauth: {
-        label: "OpenAI OAuth",
-        helpText: "Sign in with OpenAI to authorize ChatGPT (Plus / Pro / Business / Edu / Enterprise) for Codex.",
-        secrets: {
-          CHATGPT_ACCESS_TOKEN: {
-            label: "CHATGPT_ACCESS_TOKEN",
-            required: true,
-            derived: true
-          },
-          CHATGPT_REFRESH_TOKEN: {
-            label: "CHATGPT_REFRESH_TOKEN",
-            required: true,
-            serverOnly: true,
-            derived: true
-          },
-          CHATGPT_ACCOUNT_ID: {
-            label: "CHATGPT_ACCOUNT_ID",
-            required: true,
-            derived: true
-          },
-          CHATGPT_ID_TOKEN: {
-            label: "CHATGPT_ID_TOKEN",
-            required: true,
-            serverOnly: true,
-            derived: true
-          }
-        }
-      },
       // Paste-based auth: client posts CODEX_AUTH_JSON, server parses it via
       // codex-auth-json-parser.ts and persists the four derived CHATGPT_*
       // fields. The raw blob is NEVER stored. The wire-shape secret
@@ -96680,11 +96675,8 @@ var modelProviderResponseSchema = external_exports.object({
   selectedModel: external_exports.string().nullable(),
   createdAt: external_exports.string(),
   updatedAt: external_exports.string(),
-  // ChatGPT-only metadata populated by the codex-oauth-token callback.
-  // Other provider types omit these. Mirrors the server-side connector
-  // shape in apps/web/src/lib/zero/connector/providers/codex-oauth.ts.
-  // The corresponding server route lands in #11909; declared here so the
-  // platform UI does not have to bypass schema validation to read them.
+  // ChatGPT-only metadata populated by the codex-oauth-token auth.json paste
+  // flow. Other provider types omit these.
   workspaceName: external_exports.string().nullable().optional(),
   planType: external_exports.string().nullable().optional(),
   // OAuth refresh state. `needsReconnect` flips to true when the firewall's
@@ -104534,6 +104526,44 @@ var webflow = {
   }
 };
 
+// ../../packages/connectors/src/connectors/weread.ts
+init_esm_shims();
+var weread = {
+  weread: {
+    label: "WeRead",
+    category: "docs-files-knowledge",
+    tags: [
+      "weread",
+      "\u5FAE\u4FE1\u8BFB\u4E66",
+      "wechat reading",
+      "books",
+      "reading",
+      "highlights",
+      "notes",
+      "bookshelf"
+    ],
+    environmentMapping: {
+      WEREAD_API_KEY: "$secrets.WEREAD_API_KEY"
+    },
+    helpText: "Connect WeChat Reading (\u5FAE\u4FE1\u8BFB\u4E66) to search books, browse your bookshelf, and read your notes, highlights, reviews, and reading statistics",
+    authMethods: {
+      "api-token": {
+        featureFlag: "wereadConnector" /* WereadConnector */,
+        label: "WeRead API Key",
+        helpText: "1. Open the [WeRead Skill page](https://weread.qq.com/r/weread-skills)\n2. Scan the QR code with WeChat to sign in to your WeChat Reading account\n3. Copy the generated API key (it begins with `wrk-`)\n4. The key authorises every endpoint under `i.weread.qq.com` and is scoped to your own account data",
+        secrets: {
+          WEREAD_API_KEY: {
+            label: "API Key",
+            required: true,
+            placeholder: "wrk-xxxxxxxxxxxxxxxx"
+          }
+        }
+      }
+    },
+    defaultAuthMethod: "api-token"
+  }
+};
+
 // ../../packages/connectors/src/connectors/wix.ts
 init_esm_shims();
 var wix = {
@@ -105058,6 +105088,7 @@ var CONNECTOR_TYPES_DEF = {
   ...v0,
   ...wandb,
   ...webflow,
+  ...weread,
   ...wix,
   ...workos,
   ...wrike,
@@ -105119,6 +105150,9 @@ var connectorSessionStatusResponseSchema = external_exports.object({
   status: connectorSessionStatusSchema,
   errorMessage: external_exports.string().nullable().optional()
 });
+var connectorOauthStartResponseSchema = external_exports.object({
+  authorizationUrl: external_exports.string()
+});
 var computerConnectorCreateResponseSchema = external_exports.object({
   id: external_exports.uuid(),
   ngrokToken: external_exports.string(),
@@ -105201,6 +105235,23 @@ var zeroConnectorAuthorizeContract = c17.router({
     summary: "Start connector OAuth authorization (zero proxy)"
   }
 });
+var zeroConnectorOauthStartContract = c17.router({
+  start: {
+    method: "POST",
+    path: "/api/zero/connectors/:type/oauth/start",
+    headers: authHeadersSchema,
+    pathParams: external_exports.object({ type: connectorTypeSchema }),
+    body: external_exports.object({}).optional(),
+    responses: {
+      200: connectorOauthStartResponseSchema,
+      400: apiErrorSchema,
+      401: apiErrorSchema,
+      403: apiErrorSchema,
+      500: apiErrorSchema
+    },
+    summary: "Create connector OAuth handoff and authorization URL"
+  }
+});
 var connectorSearchAuthMethodSchema = external_exports.enum([
   "oauth",
   "api-token",
@@ -106547,6 +106598,7 @@ var sandboxReuseResultSchema = external_exports.enum([
   "noSessionId",
   "poolMiss",
   "profileMismatch",
+  "deviceLimitMismatch",
   "unparkFailed"
 ]);
 var agentEventSchema = external_exports.object({
@@ -123243,6 +123295,27 @@ var webflowFirewall = {
   ]
 };
 
+// ../../packages/connectors/src/firewalls/weread.generated.ts
+init_esm_shims();
+var wereadFirewall = {
+  name: "weread",
+  description: "WeRead (\u5FAE\u4FE1\u8BFB\u4E66) Agent gateway: bookshelf, notes, reading stats, search",
+  placeholders: {
+    WEREAD_API_KEY: "wrk-CoffeeSafeLocalCoffeeSafeLocalCoffee"
+  },
+  apis: [
+    {
+      base: "https://i.weread.qq.com",
+      auth: {
+        headers: {
+          Authorization: "Bearer ${{ secrets.WEREAD_API_KEY }}"
+        }
+      },
+      permissions: []
+    }
+  ]
+};
+
 // ../../packages/connectors/src/firewalls/wix.generated.ts
 init_esm_shims();
 var wixFirewall = {
@@ -125566,6 +125639,7 @@ var CONNECTOR_FIREWALLS = {
   vercel: vercelFirewall,
   wandb: wandbFirewall,
   webflow: webflowFirewall,
+  weread: wereadFirewall,
   wix: wixFirewall,
   workos: workosFirewall,
   wrike: wrikeFirewall,
@@ -127823,34 +127897,6 @@ var zeroPersonalModelProvidersByTypeContract = c65.router({
     summary: "Delete a personal model provider for the requesting user"
   }
 });
-var zeroPersonalModelProvidersCodexOauthContract = c65.router({
-  authorize: {
-    method: "GET",
-    path: "/api/zero/me/model-providers/codex-oauth-token/oauth/authorize",
-    headers: authHeadersSchema,
-    responses: {
-      307: c65.noBody(),
-      404: external_exports.object({ error: external_exports.string() }),
-      500: external_exports.object({ error: external_exports.string() })
-    },
-    summary: "Start Codex OAuth for a personal model provider"
-  },
-  callback: {
-    method: "GET",
-    path: "/api/zero/me/model-providers/codex-oauth-token/oauth/callback",
-    headers: authHeadersSchema,
-    query: external_exports.object({
-      code: external_exports.string().optional(),
-      state: external_exports.string().optional(),
-      error: external_exports.string().optional(),
-      error_description: external_exports.string().optional()
-    }),
-    responses: {
-      307: c65.noBody()
-    },
-    summary: "Complete Codex OAuth for a personal model provider"
-  }
-});
 
 // ../../packages/api-contracts/src/contracts/api-keys.ts
 init_esm_shims();
@@ -132109,4 +132155,4 @@ undici/lib/web/fetch/body.js:
 undici/lib/web/websocket/frame.js:
   (*! ws. MIT License. Einar Otto Stangvik <einaros@gmail.com> *)
 */
-//# sourceMappingURL=chunk-AUKY6FBC.js.map
+//# sourceMappingURL=chunk-KLSNDWRO.js.map