@vm0/cli 9.17.2 → 9.19.0

package/index.js

@@ -1,7 +1,7 @@
 #!/usr/bin/env node
 
 // src/index.ts
-import { Command as Command59 } from "commander";
+import { Command as Command68 } from "commander";
 
 // src/commands/auth/index.ts
 import { Command as Command5 } from "commander";
@@ -1987,9 +1987,108 @@ var secretsByNameContract = c11.router({
   }
 });
 
-// ../../packages/core/src/contracts/model-providers.ts
+// ../../packages/core/src/contracts/variables.ts
 import { z as z15 } from "zod";
 var c12 = initContract();
+var variableNameSchema = z15.string().min(1, "Variable name is required").max(255, "Variable name must be at most 255 characters").regex(
+  /^[A-Z][A-Z0-9_]*$/,
+  "Variable name must contain only uppercase letters, numbers, and underscores, and must start with a letter (e.g., MY_VAR)"
+);
+var variableResponseSchema = z15.object({
+  id: z15.string().uuid(),
+  name: z15.string(),
+  value: z15.string(),
+  description: z15.string().nullable(),
+  createdAt: z15.string(),
+  updatedAt: z15.string()
+});
+var variableListResponseSchema = z15.object({
+  variables: z15.array(variableResponseSchema)
+});
+var setVariableRequestSchema = z15.object({
+  name: variableNameSchema,
+  value: z15.string().min(1, "Variable value is required"),
+  description: z15.string().max(1e3).optional()
+});
+var variablesMainContract = c12.router({
+  /**
+   * GET /api/variables
+   * List all variables for the current user's scope (includes values)
+   */
+  list: {
+    method: "GET",
+    path: "/api/variables",
+    headers: authHeadersSchema,
+    responses: {
+      200: variableListResponseSchema,
+      401: apiErrorSchema,
+      500: apiErrorSchema
+    },
+    summary: "List all variables (includes values)"
+  },
+  /**
+   * PUT /api/variables
+   * Create or update a variable
+   */
+  set: {
+    method: "PUT",
+    path: "/api/variables",
+    headers: authHeadersSchema,
+    body: setVariableRequestSchema,
+    responses: {
+      200: variableResponseSchema,
+      201: variableResponseSchema,
+      400: apiErrorSchema,
+      401: apiErrorSchema,
+      500: apiErrorSchema
+    },
+    summary: "Create or update a variable"
+  }
+});
+var variablesByNameContract = c12.router({
+  /**
+   * GET /api/variables/:name
+   * Get a variable by name (includes value)
+   */
+  get: {
+    method: "GET",
+    path: "/api/variables/:name",
+    headers: authHeadersSchema,
+    pathParams: z15.object({
+      name: variableNameSchema
+    }),
+    responses: {
+      200: variableResponseSchema,
+      401: apiErrorSchema,
+      404: apiErrorSchema,
+      500: apiErrorSchema
+    },
+    summary: "Get variable by name"
+  },
+  /**
+   * DELETE /api/variables/:name
+   * Delete a variable by name
+   */
+  delete: {
+    method: "DELETE",
+    path: "/api/variables/:name",
+    headers: authHeadersSchema,
+    pathParams: z15.object({
+      name: variableNameSchema
+    }),
+    responses: {
+      204: c12.noBody(),
+      401: apiErrorSchema,
+      404: apiErrorSchema,
+      500: apiErrorSchema
+    },
+    summary: "Delete a variable"
+  }
+});
+
+// ../../packages/core/src/contracts/model-providers.ts
+import { z as z16 } from "zod";
+var c13 = initContract();
 var MODEL_PROVIDER_TYPES = {
   "claude-code-oauth-token": {
     framework: "claude-code",
@@ -2210,7 +2309,7 @@ var MODEL_PROVIDER_TYPES = {
     customModelPlaceholder: "anthropic.claude-sonnet-4-20250514-v1:0"
   }
 };
-var modelProviderTypeSchema = z15.enum([
+var modelProviderTypeSchema = z16.enum([
   "claude-code-oauth-token",
   "anthropic-api-key",
   "openrouter-api-key",
@@ -2221,7 +2320,7 @@ var modelProviderTypeSchema = z15.enum([
   "azure-foundry",
   "aws-bedrock"
 ]);
-var modelProviderFrameworkSchema = z15.enum(["claude-code", "codex"]);
+var modelProviderFrameworkSchema = z16.enum(["claude-code", "codex"]);
 function hasAuthMethods(type) {
   const config = MODEL_PROVIDER_TYPES[type];
   return "authMethods" in config;
@@ -2262,45 +2361,45 @@ function getCustomModelPlaceholder(type) {
   const config = MODEL_PROVIDER_TYPES[type];
   return "customModelPlaceholder" in config ? config.customModelPlaceholder : void 0;
 }
-var modelProviderResponseSchema = z15.object({
-  id: z15.string().uuid(),
+var modelProviderResponseSchema = z16.object({
+  id: z16.string().uuid(),
   type: modelProviderTypeSchema,
   framework: modelProviderFrameworkSchema,
-  credentialName: z15.string().nullable(),
+  credentialName: z16.string().nullable(),
   // Legacy single-credential (deprecated for multi-auth)
-  authMethod: z15.string().nullable(),
+  authMethod: z16.string().nullable(),
   // For multi-auth providers
-  credentialNames: z15.array(z15.string()).nullable(),
+  credentialNames: z16.array(z16.string()).nullable(),
   // For multi-auth providers
-  isDefault: z15.boolean(),
-  selectedModel: z15.string().nullable(),
-  createdAt: z15.string(),
-  updatedAt: z15.string()
+  isDefault: z16.boolean(),
+  selectedModel: z16.string().nullable(),
+  createdAt: z16.string(),
+  updatedAt: z16.string()
 });
-var modelProviderListResponseSchema = z15.object({
-  modelProviders: z15.array(modelProviderResponseSchema)
+var modelProviderListResponseSchema = z16.object({
+  modelProviders: z16.array(modelProviderResponseSchema)
 });
-var upsertModelProviderRequestSchema = z15.object({
+var upsertModelProviderRequestSchema = z16.object({
   type: modelProviderTypeSchema,
-  credential: z15.string().min(1).optional(),
+  credential: z16.string().min(1).optional(),
   // Legacy single credential
-  authMethod: z15.string().optional(),
+  authMethod: z16.string().optional(),
   // For multi-auth providers
-  credentials: z15.record(z15.string(), z15.string()).optional(),
+  credentials: z16.record(z16.string(), z16.string()).optional(),
   // For multi-auth providers
-  convert: z15.boolean().optional(),
-  selectedModel: z15.string().optional()
+  convert: z16.boolean().optional(),
+  selectedModel: z16.string().optional()
 });
-var upsertModelProviderResponseSchema = z15.object({
+var upsertModelProviderResponseSchema = z16.object({
   provider: modelProviderResponseSchema,
-  created: z15.boolean()
+  created: z16.boolean()
 });
-var checkCredentialResponseSchema = z15.object({
-  exists: z15.boolean(),
-  credentialName: z15.string(),
-  currentType: z15.enum(["user", "model-provider"]).optional()
+var checkCredentialResponseSchema = z16.object({
+  exists: z16.boolean(),
+  credentialName: z16.string(),
+  currentType: z16.enum(["user", "model-provider"]).optional()
 });
-var modelProvidersMainContract = c12.router({
+var modelProvidersMainContract = c13.router({
   list: {
     method: "GET",
     path: "/api/model-providers",
@@ -2328,12 +2427,12 @@ var modelProvidersMainContract = c12.router({
     summary: "Create or update a model provider"
   }
 });
-var modelProvidersCheckContract = c12.router({
+var modelProvidersCheckContract = c13.router({
   check: {
     method: "GET",
     path: "/api/model-providers/check/:type",
     headers: authHeadersSchema,
-    pathParams: z15.object({
+    pathParams: z16.object({
       type: modelProviderTypeSchema
     }),
     responses: {
@@ -2344,16 +2443,16 @@ var modelProvidersCheckContract = c12.router({
     summary: "Check if credential exists for a model provider type"
   }
 });
-var modelProvidersByTypeContract = c12.router({
+var modelProvidersByTypeContract = c13.router({
   delete: {
     method: "DELETE",
     path: "/api/model-providers/:type",
     headers: authHeadersSchema,
-    pathParams: z15.object({
+    pathParams: z16.object({
       type: modelProviderTypeSchema
     }),
     responses: {
-      204: c12.noBody(),
+      204: c13.noBody(),
       401: apiErrorSchema,
       404: apiErrorSchema,
       500: apiErrorSchema
@@ -2361,15 +2460,15 @@ var modelProvidersByTypeContract = c12.router({
     summary: "Delete a model provider"
   }
 });
-var modelProvidersConvertContract = c12.router({
+var modelProvidersConvertContract = c13.router({
   convert: {
     method: "POST",
     path: "/api/model-providers/:type/convert",
     headers: authHeadersSchema,
-    pathParams: z15.object({
+    pathParams: z16.object({
       type: modelProviderTypeSchema
     }),
-    body: z15.undefined(),
+    body: z16.undefined(),
     responses: {
       200: modelProviderResponseSchema,
       400: apiErrorSchema,
@@ -2380,15 +2479,15 @@ var modelProvidersConvertContract = c12.router({
     summary: "Convert existing user credential to model provider"
   }
 });
-var modelProvidersSetDefaultContract = c12.router({
+var modelProvidersSetDefaultContract = c13.router({
   setDefault: {
     method: "POST",
     path: "/api/model-providers/:type/set-default",
     headers: authHeadersSchema,
-    pathParams: z15.object({
+    pathParams: z16.object({
       type: modelProviderTypeSchema
     }),
-    body: z15.undefined(),
+    body: z16.undefined(),
     responses: {
       200: modelProviderResponseSchema,
       401: apiErrorSchema,
@@ -2398,15 +2497,15 @@ var modelProvidersSetDefaultContract = c12.router({
     summary: "Set a model provider as default for its framework"
   }
 });
-var updateModelRequestSchema = z15.object({
-  selectedModel: z15.string().optional()
+var updateModelRequestSchema = z16.object({
+  selectedModel: z16.string().optional()
 });
-var modelProvidersUpdateModelContract = c12.router({
+var modelProvidersUpdateModelContract = c13.router({
   updateModel: {
     method: "PATCH",
     path: "/api/model-providers/:type/model",
     headers: authHeadersSchema,
-    pathParams: z15.object({
+    pathParams: z16.object({
       type: modelProviderTypeSchema
     }),
     body: updateModelRequestSchema,
@@ -2421,42 +2520,42 @@ var modelProvidersUpdateModelContract = c12.router({
 });
 
 // ../../packages/core/src/contracts/sessions.ts
-import { z as z16 } from "zod";
-var c13 = initContract();
-var sessionResponseSchema = z16.object({
-  id: z16.string(),
-  agentComposeId: z16.string(),
-  agentComposeVersionId: z16.string().nullable(),
-  conversationId: z16.string().nullable(),
-  artifactName: z16.string().nullable(),
-  vars: z16.record(z16.string(), z16.string()).nullable(),
-  secretNames: z16.array(z16.string()).nullable(),
-  volumeVersions: z16.record(z16.string(), z16.string()).nullable(),
-  createdAt: z16.string(),
-  updatedAt: z16.string()
+import { z as z17 } from "zod";
+var c14 = initContract();
+var sessionResponseSchema = z17.object({
+  id: z17.string(),
+  agentComposeId: z17.string(),
+  agentComposeVersionId: z17.string().nullable(),
+  conversationId: z17.string().nullable(),
+  artifactName: z17.string().nullable(),
+  vars: z17.record(z17.string(), z17.string()).nullable(),
+  secretNames: z17.array(z17.string()).nullable(),
+  volumeVersions: z17.record(z17.string(), z17.string()).nullable(),
+  createdAt: z17.string(),
+  updatedAt: z17.string()
 });
-var agentComposeSnapshotSchema = z16.object({
-  agentComposeVersionId: z16.string(),
-  vars: z16.record(z16.string(), z16.string()).optional(),
-  secretNames: z16.array(z16.string()).optional()
+var agentComposeSnapshotSchema = z17.object({
+  agentComposeVersionId: z17.string(),
+  vars: z17.record(z17.string(), z17.string()).optional(),
+  secretNames: z17.array(z17.string()).optional()
 });
-var artifactSnapshotSchema2 = z16.object({
-  artifactName: z16.string(),
-  artifactVersion: z16.string()
+var artifactSnapshotSchema2 = z17.object({
+  artifactName: z17.string(),
+  artifactVersion: z17.string()
 });
-var volumeVersionsSnapshotSchema2 = z16.object({
-  versions: z16.record(z16.string(), z16.string())
+var volumeVersionsSnapshotSchema2 = z17.object({
+  versions: z17.record(z17.string(), z17.string())
 });
-var checkpointResponseSchema = z16.object({
-  id: z16.string(),
-  runId: z16.string(),
-  conversationId: z16.string(),
+var checkpointResponseSchema = z17.object({
+  id: z17.string(),
+  runId: z17.string(),
+  conversationId: z17.string(),
   agentComposeSnapshot: agentComposeSnapshotSchema,
   artifactSnapshot: artifactSnapshotSchema2.nullable(),
   volumeVersionsSnapshot: volumeVersionsSnapshotSchema2.nullable(),
-  createdAt: z16.string()
+  createdAt: z17.string()
 });
-var sessionsByIdContract = c13.router({
+var sessionsByIdContract = c14.router({
   /**
    * GET /api/agent/sessions/:id
    * Get session by ID
@@ -2465,8 +2564,8 @@ var sessionsByIdContract = c13.router({
     method: "GET",
     path: "/api/agent/sessions/:id",
     headers: authHeadersSchema,
-    pathParams: z16.object({
-      id: z16.string().min(1, "Session ID is required")
+    pathParams: z17.object({
+      id: z17.string().min(1, "Session ID is required")
     }),
     responses: {
       200: sessionResponseSchema,
@@ -2477,7 +2576,7 @@ var sessionsByIdContract = c13.router({
     summary: "Get session by ID"
   }
 });
-var checkpointsByIdContract = c13.router({
+var checkpointsByIdContract = c14.router({
   /**
    * GET /api/agent/checkpoints/:id
    * Get checkpoint by ID
@@ -2486,8 +2585,8 @@ var checkpointsByIdContract = c13.router({
     method: "GET",
     path: "/api/agent/checkpoints/:id",
     headers: authHeadersSchema,
-    pathParams: z16.object({
-      id: z16.string().min(1, "Checkpoint ID is required")
+    pathParams: z17.object({
+      id: z17.string().min(1, "Checkpoint ID is required")
     }),
     responses: {
       200: checkpointResponseSchema,
@@ -2500,93 +2599,93 @@ var checkpointsByIdContract = c13.router({
 });
 
 // ../../packages/core/src/contracts/schedules.ts
-import { z as z17 } from "zod";
-var c14 = initContract();
-var scheduleTriggerSchema = z17.object({
-  cron: z17.string().optional(),
-  at: z17.string().optional(),
-  timezone: z17.string().default("UTC")
+import { z as z18 } from "zod";
+var c15 = initContract();
+var scheduleTriggerSchema = z18.object({
+  cron: z18.string().optional(),
+  at: z18.string().optional(),
+  timezone: z18.string().default("UTC")
 }).refine((data) => data.cron && !data.at || !data.cron && data.at, {
   message: "Exactly one of 'cron' or 'at' must be specified"
 });
-var scheduleRunConfigSchema = z17.object({
-  agent: z17.string().min(1, "Agent reference required"),
-  prompt: z17.string().min(1, "Prompt required"),
-  vars: z17.record(z17.string(), z17.string()).optional(),
-  secrets: z17.record(z17.string(), z17.string()).optional(),
-  artifactName: z17.string().optional(),
-  artifactVersion: z17.string().optional(),
-  volumeVersions: z17.record(z17.string(), z17.string()).optional()
+var scheduleRunConfigSchema = z18.object({
+  agent: z18.string().min(1, "Agent reference required"),
+  prompt: z18.string().min(1, "Prompt required"),
+  vars: z18.record(z18.string(), z18.string()).optional(),
+  secrets: z18.record(z18.string(), z18.string()).optional(),
+  artifactName: z18.string().optional(),
+  artifactVersion: z18.string().optional(),
+  volumeVersions: z18.record(z18.string(), z18.string()).optional()
 });
-var scheduleDefinitionSchema = z17.object({
+var scheduleDefinitionSchema = z18.object({
   on: scheduleTriggerSchema,
   run: scheduleRunConfigSchema
 });
-var scheduleYamlSchema = z17.object({
-  version: z17.literal("1.0"),
-  schedules: z17.record(z17.string(), scheduleDefinitionSchema)
-});
-var deployScheduleRequestSchema = z17.object({
-  name: z17.string().min(1).max(64, "Schedule name max 64 chars"),
-  cronExpression: z17.string().optional(),
-  atTime: z17.string().optional(),
-  timezone: z17.string().default("UTC"),
-  prompt: z17.string().min(1, "Prompt required"),
-  vars: z17.record(z17.string(), z17.string()).optional(),
-  secrets: z17.record(z17.string(), z17.string()).optional(),
-  artifactName: z17.string().optional(),
-  artifactVersion: z17.string().optional(),
-  volumeVersions: z17.record(z17.string(), z17.string()).optional(),
+var scheduleYamlSchema = z18.object({
+  version: z18.literal("1.0"),
+  schedules: z18.record(z18.string(), scheduleDefinitionSchema)
+});
+var deployScheduleRequestSchema = z18.object({
+  name: z18.string().min(1).max(64, "Schedule name max 64 chars"),
+  cronExpression: z18.string().optional(),
+  atTime: z18.string().optional(),
+  timezone: z18.string().default("UTC"),
+  prompt: z18.string().min(1, "Prompt required"),
+  vars: z18.record(z18.string(), z18.string()).optional(),
+  secrets: z18.record(z18.string(), z18.string()).optional(),
+  artifactName: z18.string().optional(),
+  artifactVersion: z18.string().optional(),
+  volumeVersions: z18.record(z18.string(), z18.string()).optional(),
   // Resolved agent compose ID (CLI resolves scope/name:version → composeId)
-  composeId: z17.string().uuid("Invalid compose ID")
+  composeId: z18.string().uuid("Invalid compose ID")
 }).refine(
   (data) => data.cronExpression && !data.atTime || !data.cronExpression && data.atTime,
   {
     message: "Exactly one of 'cronExpression' or 'atTime' must be specified"
   }
 );
-var scheduleResponseSchema = z17.object({
-  id: z17.string().uuid(),
-  composeId: z17.string().uuid(),
-  composeName: z17.string(),
-  scopeSlug: z17.string(),
-  name: z17.string(),
-  cronExpression: z17.string().nullable(),
-  atTime: z17.string().nullable(),
-  timezone: z17.string(),
-  prompt: z17.string(),
-  vars: z17.record(z17.string(), z17.string()).nullable(),
+var scheduleResponseSchema = z18.object({
+  id: z18.string().uuid(),
+  composeId: z18.string().uuid(),
+  composeName: z18.string(),
+  scopeSlug: z18.string(),
+  name: z18.string(),
+  cronExpression: z18.string().nullable(),
+  atTime: z18.string().nullable(),
+  timezone: z18.string(),
+  prompt: z18.string(),
+  vars: z18.record(z18.string(), z18.string()).nullable(),
   // Secret names only (values are never returned)
-  secretNames: z17.array(z17.string()).nullable(),
-  artifactName: z17.string().nullable(),
-  artifactVersion: z17.string().nullable(),
-  volumeVersions: z17.record(z17.string(), z17.string()).nullable(),
-  enabled: z17.boolean(),
-  nextRunAt: z17.string().nullable(),
-  lastRunAt: z17.string().nullable(),
-  retryStartedAt: z17.string().nullable(),
-  createdAt: z17.string(),
-  updatedAt: z17.string()
-});
-var runSummarySchema = z17.object({
-  id: z17.string().uuid(),
-  status: z17.enum(["pending", "running", "completed", "failed", "timeout"]),
-  createdAt: z17.string(),
-  completedAt: z17.string().nullable(),
-  error: z17.string().nullable()
-});
-var scheduleRunsResponseSchema = z17.object({
-  runs: z17.array(runSummarySchema)
-});
-var scheduleListResponseSchema = z17.object({
-  schedules: z17.array(scheduleResponseSchema)
-});
-var deployScheduleResponseSchema = z17.object({
+  secretNames: z18.array(z18.string()).nullable(),
+  artifactName: z18.string().nullable(),
+  artifactVersion: z18.string().nullable(),
+  volumeVersions: z18.record(z18.string(), z18.string()).nullable(),
+  enabled: z18.boolean(),
+  nextRunAt: z18.string().nullable(),
+  lastRunAt: z18.string().nullable(),
+  retryStartedAt: z18.string().nullable(),
+  createdAt: z18.string(),
+  updatedAt: z18.string()
+});
+var runSummarySchema = z18.object({
+  id: z18.string().uuid(),
+  status: z18.enum(["pending", "running", "completed", "failed", "timeout"]),
+  createdAt: z18.string(),
+  completedAt: z18.string().nullable(),
+  error: z18.string().nullable()
+});
+var scheduleRunsResponseSchema = z18.object({
+  runs: z18.array(runSummarySchema)
+});
+var scheduleListResponseSchema = z18.object({
+  schedules: z18.array(scheduleResponseSchema)
+});
+var deployScheduleResponseSchema = z18.object({
   schedule: scheduleResponseSchema,
-  created: z17.boolean()
+  created: z18.boolean()
   // true if created, false if updated
 });
-var schedulesMainContract = c14.router({
+var schedulesMainContract = c15.router({
   /**
    * POST /api/agent/schedules
    * Deploy (create or update) a schedule
@@ -2624,7 +2723,7 @@ var schedulesMainContract = c14.router({
     summary: "List all schedules"
   }
 });
-var schedulesByNameContract = c14.router({
+var schedulesByNameContract = c15.router({
   /**
    * GET /api/agent/schedules/:name
    * Get schedule by name
@@ -2633,11 +2732,11 @@ var schedulesByNameContract = c14.router({
     method: "GET",
     path: "/api/agent/schedules/:name",
     headers: authHeadersSchema,
-    pathParams: z17.object({
-      name: z17.string().min(1, "Schedule name required")
+    pathParams: z18.object({
+      name: z18.string().min(1, "Schedule name required")
     }),
-    query: z17.object({
-      composeId: z17.string().uuid("Compose ID required")
+    query: z18.object({
+      composeId: z18.string().uuid("Compose ID required")
     }),
     responses: {
       200: scheduleResponseSchema,
@@ -2654,21 +2753,21 @@ var schedulesByNameContract = c14.router({
     method: "DELETE",
     path: "/api/agent/schedules/:name",
     headers: authHeadersSchema,
-    pathParams: z17.object({
-      name: z17.string().min(1, "Schedule name required")
+    pathParams: z18.object({
+      name: z18.string().min(1, "Schedule name required")
     }),
-    query: z17.object({
-      composeId: z17.string().uuid("Compose ID required")
+    query: z18.object({
+      composeId: z18.string().uuid("Compose ID required")
     }),
     responses: {
-      204: c14.noBody(),
+      204: c15.noBody(),
       401: apiErrorSchema,
       404: apiErrorSchema
     },
     summary: "Delete schedule"
   }
 });
-var schedulesEnableContract = c14.router({
+var schedulesEnableContract = c15.router({
   /**
    * POST /api/agent/schedules/:name/enable
    * Enable a disabled schedule
@@ -2677,11 +2776,11 @@ var schedulesEnableContract = c14.router({
     method: "POST",
     path: "/api/agent/schedules/:name/enable",
     headers: authHeadersSchema,
-    pathParams: z17.object({
-      name: z17.string().min(1, "Schedule name required")
+    pathParams: z18.object({
+      name: z18.string().min(1, "Schedule name required")
     }),
-    body: z17.object({
-      composeId: z17.string().uuid("Compose ID required")
+    body: z18.object({
+      composeId: z18.string().uuid("Compose ID required")
     }),
     responses: {
       200: scheduleResponseSchema,
@@ -2698,11 +2797,11 @@ var schedulesEnableContract = c14.router({
     method: "POST",
     path: "/api/agent/schedules/:name/disable",
     headers: authHeadersSchema,
-    pathParams: z17.object({
-      name: z17.string().min(1, "Schedule name required")
+    pathParams: z18.object({
+      name: z18.string().min(1, "Schedule name required")
     }),
-    body: z17.object({
-      composeId: z17.string().uuid("Compose ID required")
+    body: z18.object({
+      composeId: z18.string().uuid("Compose ID required")
     }),
     responses: {
       200: scheduleResponseSchema,
@@ -2712,7 +2811,7 @@ var schedulesEnableContract = c14.router({
     summary: "Disable schedule"
   }
 });
-var scheduleRunsContract = c14.router({
+var scheduleRunsContract = c15.router({
   /**
    * GET /api/agent/schedules/:name/runs
    * List recent runs for a schedule
@@ -2721,12 +2820,12 @@ var scheduleRunsContract = c14.router({
     method: "GET",
     path: "/api/agent/schedules/:name/runs",
     headers: authHeadersSchema,
-    pathParams: z17.object({
-      name: z17.string().min(1, "Schedule name required")
+    pathParams: z18.object({
+      name: z18.string().min(1, "Schedule name required")
     }),
-    query: z17.object({
-      composeId: z17.string().uuid("Compose ID required"),
-      limit: z17.coerce.number().min(0).max(100).default(5)
+    query: z18.object({
+      composeId: z18.string().uuid("Compose ID required"),
+      limit: z18.coerce.number().min(0).max(100).default(5)
     }),
     responses: {
       200: scheduleRunsResponseSchema,
@@ -2738,18 +2837,18 @@ var scheduleRunsContract = c14.router({
 });
 
 // ../../packages/core/src/contracts/realtime.ts
-import { z as z18 } from "zod";
-var c15 = initContract();
-var ablyTokenRequestSchema = z18.object({
-  keyName: z18.string(),
-  ttl: z18.number().optional(),
-  timestamp: z18.number(),
-  capability: z18.string(),
-  clientId: z18.string().optional(),
-  nonce: z18.string(),
-  mac: z18.string()
-});
-var realtimeTokenContract = c15.router({
+import { z as z19 } from "zod";
+var c16 = initContract();
+var ablyTokenRequestSchema = z19.object({
+  keyName: z19.string(),
+  ttl: z19.number().optional(),
+  timestamp: z19.number(),
+  capability: z19.string(),
+  clientId: z19.string().optional(),
+  nonce: z19.string(),
+  mac: z19.string()
+});
+var realtimeTokenContract = c16.router({
   /**
    * POST /api/realtime/token
    * Get an Ably token to subscribe to a run's events channel
@@ -2758,8 +2857,8 @@ var realtimeTokenContract = c15.router({
     method: "POST",
     path: "/api/realtime/token",
     headers: authHeadersSchema,
-    body: z18.object({
-      runId: z18.string().uuid("runId must be a valid UUID")
+    body: z19.object({
+      runId: z19.string().uuid("runId must be a valid UUID")
     }),
     responses: {
       200: ablyTokenRequestSchema,
@@ -2771,7 +2870,7 @@ var realtimeTokenContract = c15.router({
     summary: "Get Ably token for run event subscription"
   }
 });
-var runnerRealtimeTokenContract = c15.router({
+var runnerRealtimeTokenContract = c16.router({
   /**
    * POST /api/runners/realtime/token
    * Get an Ably token to subscribe to a runner group's job notification channel
@@ -2780,7 +2879,7 @@ var runnerRealtimeTokenContract = c15.router({
     method: "POST",
     path: "/api/runners/realtime/token",
     headers: authHeadersSchema,
-    body: z18.object({
+    body: z19.object({
       group: runnerGroupSchema
     }),
     responses: {
@@ -2794,11 +2893,11 @@ var runnerRealtimeTokenContract = c15.router({
 });
 
 // ../../packages/core/src/contracts/platform.ts
-import { z as z20 } from "zod";
+import { z as z21 } from "zod";
 
 // ../../packages/core/src/contracts/public/common.ts
-import { z as z19 } from "zod";
-var publicApiErrorTypeSchema = z19.enum([
+import { z as z20 } from "zod";
+var publicApiErrorTypeSchema = z20.enum([
   "api_error",
   // Internal server error (5xx)
   "invalid_request_error",
@@ -2812,40 +2911,40 @@ var publicApiErrorTypeSchema = z19.enum([
   "rate_limit_error"
   // Rate limit exceeded (429)
 ]);
-var publicApiErrorSchema = z19.object({
-  error: z19.object({
+var publicApiErrorSchema = z20.object({
+  error: z20.object({
     type: publicApiErrorTypeSchema,
-    code: z19.string(),
-    message: z19.string(),
-    param: z19.string().optional(),
-    docUrl: z19.string().url().optional()
+    code: z20.string(),
+    message: z20.string(),
+    param: z20.string().optional(),
+    docUrl: z20.string().url().optional()
   })
 });
-var paginationSchema = z19.object({
-  hasMore: z19.boolean(),
-  nextCursor: z19.string().nullable()
+var paginationSchema = z20.object({
+  hasMore: z20.boolean(),
+  nextCursor: z20.string().nullable()
 });
 function createPaginatedResponseSchema(dataSchema) {
-  return z19.object({
-    data: z19.array(dataSchema),
+  return z20.object({
+    data: z20.array(dataSchema),
     pagination: paginationSchema
   });
 }
-var listQuerySchema = z19.object({
-  cursor: z19.string().optional(),
-  limit: z19.coerce.number().min(1).max(100).default(20)
+var listQuerySchema = z20.object({
+  cursor: z20.string().optional(),
+  limit: z20.coerce.number().min(1).max(100).default(20)
 });
-var requestIdSchema = z19.string().uuid();
-var timestampSchema = z19.string().datetime();
+var requestIdSchema = z20.string().uuid();
+var timestampSchema = z20.string().datetime();
 
 // ../../packages/core/src/contracts/platform.ts
-var c16 = initContract();
-var platformPaginationSchema = z20.object({
-  hasMore: z20.boolean(),
-  nextCursor: z20.string().nullable(),
-  totalPages: z20.number()
+var c17 = initContract();
+var platformPaginationSchema = z21.object({
+  hasMore: z21.boolean(),
+  nextCursor: z21.string().nullable(),
+  totalPages: z21.number()
 });
-var platformLogStatusSchema = z20.enum([
+var platformLogStatusSchema = z21.enum([
   "pending",
   "running",
   "completed",
@@ -2853,41 +2952,41 @@ var platformLogStatusSchema = z20.enum([
   "timeout",
   "cancelled"
 ]);
-var platformLogEntrySchema = z20.object({
-  id: z20.string().uuid(),
-  sessionId: z20.string().nullable(),
-  agentName: z20.string(),
-  framework: z20.string().nullable(),
+var platformLogEntrySchema = z21.object({
+  id: z21.string().uuid(),
+  sessionId: z21.string().nullable(),
+  agentName: z21.string(),
+  framework: z21.string().nullable(),
   status: platformLogStatusSchema,
-  createdAt: z20.string()
+  createdAt: z21.string()
 });
-var platformLogsListResponseSchema = z20.object({
-  data: z20.array(platformLogEntrySchema),
+var platformLogsListResponseSchema = z21.object({
+  data: z21.array(platformLogEntrySchema),
   pagination: platformPaginationSchema
 });
-var artifactSchema = z20.object({
-  name: z20.string().nullable(),
-  version: z20.string().nullable()
+var artifactSchema = z21.object({
+  name: z21.string().nullable(),
+  version: z21.string().nullable()
 });
-var platformLogDetailSchema = z20.object({
-  id: z20.string().uuid(),
-  sessionId: z20.string().nullable(),
-  agentName: z20.string(),
-  framework: z20.string().nullable(),
+var platformLogDetailSchema = z21.object({
+  id: z21.string().uuid(),
+  sessionId: z21.string().nullable(),
+  agentName: z21.string(),
+  framework: z21.string().nullable(),
   status: platformLogStatusSchema,
-  prompt: z20.string(),
-  error: z20.string().nullable(),
-  createdAt: z20.string(),
-  startedAt: z20.string().nullable(),
-  completedAt: z20.string().nullable(),
+  prompt: z21.string(),
+  error: z21.string().nullable(),
+  createdAt: z21.string(),
+  startedAt: z21.string().nullable(),
+  completedAt: z21.string().nullable(),
   artifact: artifactSchema
 });
-var platformLogsListContract = c16.router({
+var platformLogsListContract = c17.router({
   list: {
     method: "GET",
     path: "/api/platform/logs",
     query: listQuerySchema.extend({
-      search: z20.string().optional()
+      search: z21.string().optional()
     }),
     responses: {
       200: platformLogsListResponseSchema,
@@ -2896,12 +2995,12 @@ var platformLogsListContract = c16.router({
     summary: "List agent run logs with pagination"
   }
 });
-var platformLogsByIdContract = c16.router({
+var platformLogsByIdContract = c17.router({
   getById: {
     method: "GET",
     path: "/api/platform/logs/:id",
-    pathParams: z20.object({
-      id: z20.string().uuid("Invalid log ID")
+    pathParams: z21.object({
+      id: z21.string().uuid("Invalid log ID")
     }),
     responses: {
       200: platformLogDetailSchema,
@@ -2911,17 +3010,17 @@ var platformLogsByIdContract = c16.router({
     summary: "Get agent run log details by ID"
   }
 });
-var artifactDownloadResponseSchema = z20.object({
-  url: z20.string().url(),
-  expiresAt: z20.string()
+var artifactDownloadResponseSchema = z21.object({
+  url: z21.string().url(),
+  expiresAt: z21.string()
 });
-var platformArtifactDownloadContract = c16.router({
+var platformArtifactDownloadContract = c17.router({
   getDownloadUrl: {
     method: "GET",
     path: "/api/platform/artifacts/download",
-    query: z20.object({
-      name: z20.string().min(1, "Artifact name is required"),
-      version: z20.string().optional()
+    query: z21.object({
+      name: z21.string().min(1, "Artifact name is required"),
+      version: z21.string().optional()
     }),
     responses: {
       200: artifactDownloadResponseSchema,
@@ -2933,29 +3032,29 @@ var platformArtifactDownloadContract = c16.router({
 });
 
 // ../../packages/core/src/contracts/llm.ts
-import { z as z21 } from "zod";
-var c17 = initContract();
-var messageRoleSchema = z21.enum(["user", "assistant", "system"]);
-var chatMessageSchema = z21.object({
+import { z as z22 } from "zod";
+var c18 = initContract();
+var messageRoleSchema = z22.enum(["user", "assistant", "system"]);
+var chatMessageSchema = z22.object({
   role: messageRoleSchema,
-  content: z21.string()
+  content: z22.string()
 });
-var tokenUsageSchema = z21.object({
-  promptTokens: z21.number(),
-  completionTokens: z21.number(),
-  totalTokens: z21.number()
+var tokenUsageSchema = z22.object({
+  promptTokens: z22.number(),
+  completionTokens: z22.number(),
+  totalTokens: z22.number()
 });
-var llmChatRequestSchema = z21.object({
-  model: z21.string().min(1).optional(),
-  messages: z21.array(chatMessageSchema).min(1, "At least one message is required"),
-  stream: z21.boolean().optional().default(false)
+var llmChatRequestSchema = z22.object({
+  model: z22.string().min(1).optional(),
+  messages: z22.array(chatMessageSchema).min(1, "At least one message is required"),
+  stream: z22.boolean().optional().default(false)
 });
-var llmChatResponseSchema = z21.object({
-  content: z21.string(),
-  model: z21.string(),
+var llmChatResponseSchema = z22.object({
+  content: z22.string(),
+  model: z22.string(),
   usage: tokenUsageSchema
 });
-var llmChatContract = c17.router({
+var llmChatContract = c18.router({
   chat: {
     method: "POST",
     path: "/api/llm/chat",
@@ -2971,28 +3070,28 @@ var llmChatContract = c17.router({
 });
 
 // ../../packages/core/src/contracts/public/agents.ts
-import { z as z22 } from "zod";
-var c18 = initContract();
-var publicAgentSchema = z22.object({
-  id: z22.string(),
-  name: z22.string(),
-  currentVersionId: z22.string().nullable(),
+import { z as z23 } from "zod";
+var c19 = initContract();
+var publicAgentSchema = z23.object({
+  id: z23.string(),
+  name: z23.string(),
+  currentVersionId: z23.string().nullable(),
   createdAt: timestampSchema,
   updatedAt: timestampSchema
 });
-var agentVersionSchema = z22.object({
-  id: z22.string(),
-  agentId: z22.string(),
-  versionNumber: z22.number(),
+var agentVersionSchema = z23.object({
+  id: z23.string(),
+  agentId: z23.string(),
+  versionNumber: z23.number(),
   createdAt: timestampSchema
 });
 var publicAgentDetailSchema = publicAgentSchema;
 var paginatedAgentsSchema = createPaginatedResponseSchema(publicAgentSchema);
 var paginatedAgentVersionsSchema = createPaginatedResponseSchema(agentVersionSchema);
 var agentListQuerySchema = listQuerySchema.extend({
-  name: z22.string().optional()
+  name: z23.string().optional()
 });
-var publicAgentsListContract = c18.router({
+var publicAgentsListContract = c19.router({
   list: {
     method: "GET",
     path: "/v1/agents",
@@ -3007,13 +3106,13 @@ var publicAgentsListContract = c18.router({
     description: "List all agents in the current scope with pagination. Use the `name` query parameter to filter by agent name."
   }
 });
-var publicAgentByIdContract = c18.router({
+var publicAgentByIdContract = c19.router({
   get: {
     method: "GET",
     path: "/v1/agents/:id",
     headers: authHeadersSchema,
-    pathParams: z22.object({
-      id: z22.string().min(1, "Agent ID is required")
+    pathParams: z23.object({
+      id: z23.string().min(1, "Agent ID is required")
     }),
     responses: {
       200: publicAgentDetailSchema,
@@ -3025,13 +3124,13 @@ var publicAgentByIdContract = c18.router({
     description: "Get agent details by ID"
   }
 });
-var publicAgentVersionsContract = c18.router({
+var publicAgentVersionsContract = c19.router({
   list: {
     method: "GET",
     path: "/v1/agents/:id/versions",
     headers: authHeadersSchema,
-    pathParams: z22.object({
-      id: z22.string().min(1, "Agent ID is required")
+    pathParams: z23.object({
+      id: z23.string().min(1, "Agent ID is required")
     }),
     query: listQuerySchema,
     responses: {
@@ -3046,9 +3145,9 @@ var publicAgentVersionsContract = c18.router({
 });
 
 // ../../packages/core/src/contracts/public/runs.ts
-import { z as z23 } from "zod";
-var c19 = initContract();
-var publicRunStatusSchema = z23.enum([
+import { z as z24 } from "zod";
+var c20 = initContract();
+var publicRunStatusSchema = z24.enum([
   "pending",
   "running",
   "completed",
@@ -3056,54 +3155,54 @@ var publicRunStatusSchema = z23.enum([
   "timeout",
   "cancelled"
 ]);
-var publicRunSchema = z23.object({
-  id: z23.string(),
-  agentId: z23.string(),
-  agentName: z23.string(),
+var publicRunSchema = z24.object({
+  id: z24.string(),
+  agentId: z24.string(),
+  agentName: z24.string(),
   status: publicRunStatusSchema,
-  prompt: z23.string(),
+  prompt: z24.string(),
   createdAt: timestampSchema,
   startedAt: timestampSchema.nullable(),
   completedAt: timestampSchema.nullable()
 });
 var publicRunDetailSchema = publicRunSchema.extend({
-  error: z23.string().nullable(),
-  executionTimeMs: z23.number().nullable(),
-  checkpointId: z23.string().nullable(),
-  sessionId: z23.string().nullable(),
-  artifactName: z23.string().nullable(),
-  artifactVersion: z23.string().nullable(),
-  volumes: z23.record(z23.string(), z23.string()).optional()
+  error: z24.string().nullable(),
+  executionTimeMs: z24.number().nullable(),
+  checkpointId: z24.string().nullable(),
+  sessionId: z24.string().nullable(),
+  artifactName: z24.string().nullable(),
+  artifactVersion: z24.string().nullable(),
+  volumes: z24.record(z24.string(), z24.string()).optional()
 });
 var paginatedRunsSchema = createPaginatedResponseSchema(publicRunSchema);
-var createRunRequestSchema = z23.object({
+var createRunRequestSchema = z24.object({
   // Agent identification (one of: agent, agentId, sessionId, checkpointId)
-  agent: z23.string().optional(),
+  agent: z24.string().optional(),
   // Agent name
-  agentId: z23.string().optional(),
+  agentId: z24.string().optional(),
   // Agent ID
-  agentVersion: z23.string().optional(),
+  agentVersion: z24.string().optional(),
   // Version specifier (e.g., "latest", "v1", specific ID)
   // Continue session
-  sessionId: z23.string().optional(),
+  sessionId: z24.string().optional(),
   // Resume from checkpoint
-  checkpointId: z23.string().optional(),
+  checkpointId: z24.string().optional(),
   // Required
-  prompt: z23.string().min(1, "Prompt is required"),
+  prompt: z24.string().min(1, "Prompt is required"),
   // Optional configuration
-  variables: z23.record(z23.string(), z23.string()).optional(),
-  secrets: z23.record(z23.string(), z23.string()).optional(),
-  artifactName: z23.string().optional(),
+  variables: z24.record(z24.string(), z24.string()).optional(),
+  secrets: z24.record(z24.string(), z24.string()).optional(),
+  artifactName: z24.string().optional(),
   // Artifact name to mount
-  artifactVersion: z23.string().optional(),
+  artifactVersion: z24.string().optional(),
   // Artifact version (defaults to latest)
-  volumes: z23.record(z23.string(), z23.string()).optional()
+  volumes: z24.record(z24.string(), z24.string()).optional()
   // volume_name -> version
 });
 var runListQuerySchema = listQuerySchema.extend({
   status: publicRunStatusSchema.optional()
 });
-var publicRunsListContract = c19.router({
+var publicRunsListContract = c20.router({
   list: {
     method: "GET",
     path: "/v1/runs",
@@ -3135,13 +3234,13 @@ var publicRunsListContract = c19.router({
     description: "Create and execute a new agent run. Returns 202 Accepted as runs execute asynchronously."
   }
 });
-var publicRunByIdContract = c19.router({
+var publicRunByIdContract = c20.router({
   get: {
     method: "GET",
     path: "/v1/runs/:id",
     headers: authHeadersSchema,
-    pathParams: z23.object({
-      id: z23.string().min(1, "Run ID is required")
+    pathParams: z24.object({
+      id: z24.string().min(1, "Run ID is required")
     }),
     responses: {
       200: publicRunDetailSchema,
@@ -3153,15 +3252,15 @@ var publicRunByIdContract = c19.router({
     description: "Get run details by ID"
   }
 });
-var publicRunCancelContract = c19.router({
+var publicRunCancelContract = c20.router({
   cancel: {
     method: "POST",
     path: "/v1/runs/:id/cancel",
     headers: authHeadersSchema,
-    pathParams: z23.object({
-      id: z23.string().min(1, "Run ID is required")
+    pathParams: z24.object({
+      id: z24.string().min(1, "Run ID is required")
     }),
-    body: z23.undefined(),
+    body: z24.undefined(),
     responses: {
       200: publicRunDetailSchema,
       400: publicApiErrorSchema,
@@ -3174,27 +3273,27 @@ var publicRunCancelContract = c19.router({
     description: "Cancel a pending or running execution"
   }
 });
-var logEntrySchema = z23.object({
+var logEntrySchema = z24.object({
   timestamp: timestampSchema,
-  type: z23.enum(["agent", "system", "network"]),
-  level: z23.enum(["debug", "info", "warn", "error"]),
-  message: z23.string(),
-  metadata: z23.record(z23.string(), z23.unknown()).optional()
+  type: z24.enum(["agent", "system", "network"]),
+  level: z24.enum(["debug", "info", "warn", "error"]),
+  message: z24.string(),
+  metadata: z24.record(z24.string(), z24.unknown()).optional()
 });
 var paginatedLogsSchema = createPaginatedResponseSchema(logEntrySchema);
 var logsQuerySchema = listQuerySchema.extend({
-  type: z23.enum(["agent", "system", "network", "all"]).default("all"),
+  type: z24.enum(["agent", "system", "network", "all"]).default("all"),
   since: timestampSchema.optional(),
   until: timestampSchema.optional(),
-  order: z23.enum(["asc", "desc"]).default("asc")
+  order: z24.enum(["asc", "desc"]).default("asc")
 });
-var publicRunLogsContract = c19.router({
+var publicRunLogsContract = c20.router({
   getLogs: {
     method: "GET",
     path: "/v1/runs/:id/logs",
     headers: authHeadersSchema,
-    pathParams: z23.object({
-      id: z23.string().min(1, "Run ID is required")
+    pathParams: z24.object({
+      id: z24.string().min(1, "Run ID is required")
     }),
     query: logsQuerySchema,
     responses: {
@@ -3207,30 +3306,30 @@ var publicRunLogsContract = c19.router({
     description: "Get unified logs for a run. Combines agent, system, and network logs."
   }
 });
-var metricPointSchema = z23.object({
+var metricPointSchema = z24.object({
   timestamp: timestampSchema,
-  cpuPercent: z23.number(),
-  memoryUsedMb: z23.number(),
-  memoryTotalMb: z23.number(),
-  diskUsedMb: z23.number(),
-  diskTotalMb: z23.number()
-});
-var metricsSummarySchema = z23.object({
-  avgCpuPercent: z23.number(),
-  maxMemoryUsedMb: z23.number(),
-  totalDurationMs: z23.number().nullable()
-});
-var metricsResponseSchema2 = z23.object({
-  data: z23.array(metricPointSchema),
+  cpuPercent: z24.number(),
+  memoryUsedMb: z24.number(),
+  memoryTotalMb: z24.number(),
+  diskUsedMb: z24.number(),
+  diskTotalMb: z24.number()
+});
+var metricsSummarySchema = z24.object({
+  avgCpuPercent: z24.number(),
+  maxMemoryUsedMb: z24.number(),
+  totalDurationMs: z24.number().nullable()
+});
+var metricsResponseSchema2 = z24.object({
+  data: z24.array(metricPointSchema),
   summary: metricsSummarySchema
 });
-var publicRunMetricsContract = c19.router({
+var publicRunMetricsContract = c20.router({
   getMetrics: {
     method: "GET",
     path: "/v1/runs/:id/metrics",
     headers: authHeadersSchema,
-    pathParams: z23.object({
-      id: z23.string().min(1, "Run ID is required")
+    pathParams: z24.object({
+      id: z24.string().min(1, "Run ID is required")
     }),
     responses: {
       200: metricsResponseSchema2,
@@ -3242,7 +3341,7 @@ var publicRunMetricsContract = c19.router({
     description: "Get CPU, memory, and disk metrics for a run"
   }
 });
-var sseEventTypeSchema = z23.enum([
+var sseEventTypeSchema = z24.enum([
   "status",
   // Run status change
   "output",
@@ -3254,26 +3353,26 @@ var sseEventTypeSchema = z23.enum([
   "heartbeat"
   // Keep-alive
 ]);
-var sseEventSchema = z23.object({
+var sseEventSchema = z24.object({
   event: sseEventTypeSchema,
-  data: z23.unknown(),
-  id: z23.string().optional()
+  data: z24.unknown(),
+  id: z24.string().optional()
   // For Last-Event-ID reconnection
 });
-var publicRunEventsContract = c19.router({
+var publicRunEventsContract = c20.router({
   streamEvents: {
     method: "GET",
     path: "/v1/runs/:id/events",
     headers: authHeadersSchema,
-    pathParams: z23.object({
-      id: z23.string().min(1, "Run ID is required")
+    pathParams: z24.object({
+      id: z24.string().min(1, "Run ID is required")
     }),
-    query: z23.object({
-      lastEventId: z23.string().optional()
+    query: z24.object({
+      lastEventId: z24.string().optional()
       // For reconnection
     }),
     responses: {
-      200: z23.any(),
+      200: z24.any(),
       // SSE stream - actual content is text/event-stream
       401: publicApiErrorSchema,
       404: publicApiErrorSchema,
@@ -3285,28 +3384,28 @@ var publicRunEventsContract = c19.router({
 });
 
 // ../../packages/core/src/contracts/public/artifacts.ts
-import { z as z24 } from "zod";
-var c20 = initContract();
-var publicArtifactSchema = z24.object({
-  id: z24.string(),
-  name: z24.string(),
-  currentVersionId: z24.string().nullable(),
-  size: z24.number(),
+import { z as z25 } from "zod";
+var c21 = initContract();
+var publicArtifactSchema = z25.object({
+  id: z25.string(),
+  name: z25.string(),
+  currentVersionId: z25.string().nullable(),
+  size: z25.number(),
   // Total size in bytes
-  fileCount: z24.number(),
+  fileCount: z25.number(),
   createdAt: timestampSchema,
   updatedAt: timestampSchema
 });
-var artifactVersionSchema = z24.object({
-  id: z24.string(),
+var artifactVersionSchema = z25.object({
+  id: z25.string(),
   // SHA-256 content hash
-  artifactId: z24.string(),
-  size: z24.number(),
+  artifactId: z25.string(),
+  size: z25.number(),
   // Size in bytes
-  fileCount: z24.number(),
-  message: z24.string().nullable(),
+  fileCount: z25.number(),
+  message: z25.string().nullable(),
   // Optional commit message
-  createdBy: z24.string(),
+  createdBy: z25.string(),
   createdAt: timestampSchema
 });
 var publicArtifactDetailSchema = publicArtifactSchema.extend({
@@ -3316,7 +3415,7 @@ var paginatedArtifactsSchema = createPaginatedResponseSchema(publicArtifactSchem
 var paginatedArtifactVersionsSchema = createPaginatedResponseSchema(
   artifactVersionSchema
 );
-var publicArtifactsListContract = c20.router({
+var publicArtifactsListContract = c21.router({
   list: {
     method: "GET",
     path: "/v1/artifacts",
@@ -3331,13 +3430,13 @@ var publicArtifactsListContract = c20.router({
     description: "List all artifacts in the current scope with pagination"
   }
 });
-var publicArtifactByIdContract = c20.router({
+var publicArtifactByIdContract = c21.router({
   get: {
     method: "GET",
     path: "/v1/artifacts/:id",
     headers: authHeadersSchema,
-    pathParams: z24.object({
-      id: z24.string().min(1, "Artifact ID is required")
+    pathParams: z25.object({
+      id: z25.string().min(1, "Artifact ID is required")
     }),
     responses: {
       200: publicArtifactDetailSchema,
@@ -3349,13 +3448,13 @@ var publicArtifactByIdContract = c20.router({
     description: "Get artifact details by ID"
   }
 });
-var publicArtifactVersionsContract = c20.router({
+var publicArtifactVersionsContract = c21.router({
   list: {
     method: "GET",
     path: "/v1/artifacts/:id/versions",
     headers: authHeadersSchema,
-    pathParams: z24.object({
-      id: z24.string().min(1, "Artifact ID is required")
+    pathParams: z25.object({
+      id: z25.string().min(1, "Artifact ID is required")
     }),
     query: listQuerySchema,
     responses: {
@@ -3368,20 +3467,20 @@ var publicArtifactVersionsContract = c20.router({
     description: "List all versions of an artifact with pagination"
   }
 });
-var publicArtifactDownloadContract = c20.router({
+var publicArtifactDownloadContract = c21.router({
   download: {
     method: "GET",
     path: "/v1/artifacts/:id/download",
     headers: authHeadersSchema,
-    pathParams: z24.object({
-      id: z24.string().min(1, "Artifact ID is required")
+    pathParams: z25.object({
+      id: z25.string().min(1, "Artifact ID is required")
     }),
-    query: z24.object({
-      versionId: z24.string().optional()
+    query: z25.object({
+      versionId: z25.string().optional()
       // Defaults to current version
     }),
     responses: {
-      302: z24.undefined(),
+      302: z25.undefined(),
       // Redirect to presigned URL
       401: publicApiErrorSchema,
       404: publicApiErrorSchema,
@@ -3393,28 +3492,28 @@ var publicArtifactDownloadContract = c20.router({
 });
 
 // ../../packages/core/src/contracts/public/volumes.ts
-import { z as z25 } from "zod";
-var c21 = initContract();
-var publicVolumeSchema = z25.object({
-  id: z25.string(),
-  name: z25.string(),
-  currentVersionId: z25.string().nullable(),
-  size: z25.number(),
+import { z as z26 } from "zod";
+var c22 = initContract();
+var publicVolumeSchema = z26.object({
+  id: z26.string(),
+  name: z26.string(),
+  currentVersionId: z26.string().nullable(),
+  size: z26.number(),
   // Total size in bytes
-  fileCount: z25.number(),
+  fileCount: z26.number(),
   createdAt: timestampSchema,
   updatedAt: timestampSchema
 });
-var volumeVersionSchema = z25.object({
-  id: z25.string(),
+var volumeVersionSchema = z26.object({
+  id: z26.string(),
   // SHA-256 content hash
-  volumeId: z25.string(),
-  size: z25.number(),
+  volumeId: z26.string(),
+  size: z26.number(),
   // Size in bytes
-  fileCount: z25.number(),
-  message: z25.string().nullable(),
+  fileCount: z26.number(),
+  message: z26.string().nullable(),
   // Optional commit message
-  createdBy: z25.string(),
+  createdBy: z26.string(),
   createdAt: timestampSchema
 });
 var publicVolumeDetailSchema = publicVolumeSchema.extend({
@@ -3422,7 +3521,7 @@ var publicVolumeDetailSchema = publicVolumeSchema.extend({
 });
 var paginatedVolumesSchema = createPaginatedResponseSchema(publicVolumeSchema);
 var paginatedVolumeVersionsSchema = createPaginatedResponseSchema(volumeVersionSchema);
-var publicVolumesListContract = c21.router({
+var publicVolumesListContract = c22.router({
   list: {
     method: "GET",
     path: "/v1/volumes",
@@ -3437,13 +3536,13 @@ var publicVolumesListContract = c21.router({
     description: "List all volumes in the current scope with pagination"
   }
 });
-var publicVolumeByIdContract = c21.router({
+var publicVolumeByIdContract = c22.router({
   get: {
     method: "GET",
     path: "/v1/volumes/:id",
     headers: authHeadersSchema,
-    pathParams: z25.object({
-      id: z25.string().min(1, "Volume ID is required")
+    pathParams: z26.object({
+      id: z26.string().min(1, "Volume ID is required")
     }),
     responses: {
       200: publicVolumeDetailSchema,
@@ -3455,13 +3554,13 @@ var publicVolumeByIdContract = c21.router({
     description: "Get volume details by ID"
   }
 });
-var publicVolumeVersionsContract = c21.router({
+var publicVolumeVersionsContract = c22.router({
   list: {
     method: "GET",
     path: "/v1/volumes/:id/versions",
     headers: authHeadersSchema,
-    pathParams: z25.object({
-      id: z25.string().min(1, "Volume ID is required")
+    pathParams: z26.object({
+      id: z26.string().min(1, "Volume ID is required")
     }),
     query: listQuerySchema,
     responses: {
@@ -3474,20 +3573,20 @@ var publicVolumeVersionsContract = c21.router({
     description: "List all versions of a volume with pagination"
   }
 });
-var publicVolumeDownloadContract = c21.router({
+var publicVolumeDownloadContract = c22.router({
   download: {
     method: "GET",
     path: "/v1/volumes/:id/download",
     headers: authHeadersSchema,
-    pathParams: z25.object({
-      id: z25.string().min(1, "Volume ID is required")
+    pathParams: z26.object({
+      id: z26.string().min(1, "Volume ID is required")
     }),
-    query: z25.object({
-      versionId: z25.string().optional()
+    query: z26.object({
+      versionId: z26.string().optional()
       // Defaults to current version
     }),
     responses: {
-      302: z25.undefined(),
+      302: z26.undefined(),
       // Redirect to presigned URL
       401: publicApiErrorSchema,
       404: publicApiErrorSchema,
@@ -3673,6 +3772,26 @@ async function httpGet(path16) {
     headers
   });
 }
+async function httpPost(path16, body) {
+  const baseUrl = await getBaseUrl();
+  const headers = await getRawHeaders();
+  return fetch(`${baseUrl}${path16}`, {
+    method: "POST",
+    headers: {
+      ...headers,
+      "Content-Type": "application/json"
+    },
+    body: JSON.stringify(body)
+  });
+}
+async function httpDelete(path16) {
+  const baseUrl = await getBaseUrl();
+  const headers = await getRawHeaders();
+  return fetch(`${baseUrl}${path16}`, {
+    method: "DELETE",
+    headers
+  });
+}
 
 // src/lib/api/domains/composes.ts
 import { initClient } from "@ts-rest/core";
@@ -4005,53 +4124,96 @@ async function deleteSecret(name) {
   handleError(result, `Secret "${name}" not found`);
 }
 
-// src/lib/api/domains/model-providers.ts
+// src/lib/api/domains/variables.ts
 import { initClient as initClient8 } from "@ts-rest/core";
-async function listModelProviders() {
+async function listVariables() {
   const config = await getClientConfig();
-  const client = initClient8(modelProvidersMainContract, config);
+  const client = initClient8(variablesMainContract, config);
   const result = await client.list({ headers: {} });
   if (result.status === 200) {
     return result.body;
   }
-  handleError(result, "Failed to list model providers");
+  handleError(result, "Failed to list variables");
 }
-async function upsertModelProvider(body) {
+async function getVariable(name) {
   const config = await getClientConfig();
-  const client = initClient8(modelProvidersMainContract, config);
-  const result = await client.upsert({ body });
-  if (result.status === 200 || result.status === 201) {
+  const client = initClient8(variablesByNameContract, config);
+  const result = await client.get({
+    params: { name }
+  });
+  if (result.status === 200) {
     return result.body;
   }
-  handleError(result, "Failed to set model provider");
+  handleError(result, `Variable "${name}" not found`);
 }
-async function checkModelProviderCredential(type) {
+async function setVariable(body) {
   const config = await getClientConfig();
-  const client = initClient8(modelProvidersCheckContract, config);
-  const result = await client.check({
-    params: { type }
-  });
-  if (result.status === 200) {
+  const client = initClient8(variablesMainContract, config);
+  const result = await client.set({ body });
+  if (result.status === 200 || result.status === 201) {
     return result.body;
   }
-  handleError(result, "Failed to check credential");
+  handleError(result, "Failed to set variable");
 }
-async function deleteModelProvider(type) {
+async function deleteVariable(name) {
   const config = await getClientConfig();
-  const client = initClient8(modelProvidersByTypeContract, config);
+  const client = initClient8(variablesByNameContract, config);
   const result = await client.delete({
-    params: { type }
+    params: { name }
   });
   if (result.status === 204) {
     return;
   }
-  handleError(result, `Model provider "${type}" not found`);
+  handleError(result, `Variable "${name}" not found`);
 }
-async function convertModelProviderCredential(type) {
+
+// src/lib/api/domains/model-providers.ts
+import { initClient as initClient9 } from "@ts-rest/core";
+async function listModelProviders() {
   const config = await getClientConfig();
-  const client = initClient8(modelProvidersConvertContract, config);
-  const result = await client.convert({
-    params: { type }
+  const client = initClient9(modelProvidersMainContract, config);
+  const result = await client.list({ headers: {} });
+  if (result.status === 200) {
+    return result.body;
+  }
+  handleError(result, "Failed to list model providers");
+}
+async function upsertModelProvider(body) {
+  const config = await getClientConfig();
+  const client = initClient9(modelProvidersMainContract, config);
+  const result = await client.upsert({ body });
+  if (result.status === 200 || result.status === 201) {
+    return result.body;
+  }
+  handleError(result, "Failed to set model provider");
+}
+async function checkModelProviderCredential(type) {
+  const config = await getClientConfig();
+  const client = initClient9(modelProvidersCheckContract, config);
+  const result = await client.check({
+    params: { type }
+  });
+  if (result.status === 200) {
+    return result.body;
+  }
+  handleError(result, "Failed to check credential");
+}
+async function deleteModelProvider(type) {
+  const config = await getClientConfig();
+  const client = initClient9(modelProvidersByTypeContract, config);
+  const result = await client.delete({
+    params: { type }
+  });
+  if (result.status === 204) {
+    return;
+  }
+  handleError(result, `Model provider "${type}" not found`);
+}
+async function convertModelProviderCredential(type) {
+  const config = await getClientConfig();
+  const client = initClient9(modelProvidersConvertContract, config);
+  const result = await client.convert({
+    params: { type }
   });
   if (result.status === 200) {
     return result.body;
@@ -4060,7 +4222,7 @@ async function convertModelProviderCredential(type) {
 }
 async function setModelProviderDefault(type) {
   const config = await getClientConfig();
-  const client = initClient8(modelProvidersSetDefaultContract, config);
+  const client = initClient9(modelProvidersSetDefaultContract, config);
   const result = await client.setDefault({
     params: { type }
   });
@@ -4071,7 +4233,7 @@ async function setModelProviderDefault(type) {
 }
 async function updateModelProviderModel(type, selectedModel) {
   const config = await getClientConfig();
-  const client = initClient8(modelProvidersUpdateModelContract, config);
+  const client = initClient9(modelProvidersUpdateModelContract, config);
   const result = await client.updateModel({
     params: { type },
     body: { selectedModel }
@@ -4102,8 +4264,8 @@ async function getUsage(options) {
 }
 
 // src/lib/domain/yaml-validator.ts
-import { z as z26 } from "zod";
-var cliAgentNameSchema = z26.string().min(3, "Agent name must be at least 3 characters").max(64, "Agent name must be 64 characters or less").regex(
+import { z as z27 } from "zod";
+var cliAgentNameSchema = z27.string().min(3, "Agent name must be at least 3 characters").max(64, "Agent name must be 64 characters or less").regex(
   /^[a-zA-Z0-9]([a-zA-Z0-9-]{0,62}[a-zA-Z0-9])?$/,
   "Agent name must start and end with letter or number, and contain only letters, numbers, and hyphens"
 );
@@ -4118,7 +4280,7 @@ var cliAgentDefinitionSchema = agentDefinitionSchema.superRefine(
         const skillUrl = agent.skills[i];
         if (skillUrl && !validateGitHubTreeUrl(skillUrl)) {
           ctx.addIssue({
-            code: z26.ZodIssueCode.custom,
+            code: z27.ZodIssueCode.custom,
             message: `Invalid skill URL: ${skillUrl}. Expected format: https://github.com/{owner}/{repo}/tree/{branch}/{path}`,
             path: ["skills", i]
           });
@@ -4127,15 +4289,15 @@ var cliAgentDefinitionSchema = agentDefinitionSchema.superRefine(
     }
   }
 );
-var cliComposeSchema = z26.object({
-  version: z26.string().min(1, "Missing config.version"),
-  agents: z26.record(cliAgentNameSchema, cliAgentDefinitionSchema),
-  volumes: z26.record(z26.string(), volumeConfigSchema).optional()
+var cliComposeSchema = z27.object({
+  version: z27.string().min(1, "Missing config.version"),
+  agents: z27.record(cliAgentNameSchema, cliAgentDefinitionSchema),
+  volumes: z27.record(z27.string(), volumeConfigSchema).optional()
 }).superRefine((config, ctx) => {
   const agentKeys = Object.keys(config.agents);
   if (agentKeys.length === 0) {
     ctx.addIssue({
-      code: z26.ZodIssueCode.custom,
+      code: z27.ZodIssueCode.custom,
       message: "agents must have at least one agent defined",
       path: ["agents"]
     });
@@ -4143,7 +4305,7 @@ var cliComposeSchema = z26.object({
   }
   if (agentKeys.length > 1) {
     ctx.addIssue({
-      code: z26.ZodIssueCode.custom,
+      code: z27.ZodIssueCode.custom,
       message: "Multiple agents not supported yet. Only one agent allowed.",
       path: ["agents"]
     });
@@ -4155,7 +4317,7 @@ var cliComposeSchema = z26.object({
   if (agentVolumes && agentVolumes.length > 0) {
     if (!config.volumes) {
       ctx.addIssue({
-        code: z26.ZodIssueCode.custom,
+        code: z27.ZodIssueCode.custom,
         message: "Agent references volumes but no volumes section defined. Each volume must have explicit name and version.",
         path: ["volumes"]
       });
@@ -4165,7 +4327,7 @@ var cliComposeSchema = z26.object({
       const parts = volDeclaration.split(":");
       if (parts.length !== 2) {
         ctx.addIssue({
-          code: z26.ZodIssueCode.custom,
+          code: z27.ZodIssueCode.custom,
           message: `Invalid volume declaration: ${volDeclaration}. Expected format: volume-key:/mount/path`,
           path: ["agents", agentName, "volumes"]
         });
@@ -4174,7 +4336,7 @@ var cliComposeSchema = z26.object({
       const volumeKey = parts[0].trim();
       if (!config.volumes[volumeKey]) {
         ctx.addIssue({
-          code: z26.ZodIssueCode.custom,
+          code: z27.ZodIssueCode.custom,
           message: `Volume "${volumeKey}" is not defined in volumes section. Each volume must have explicit name and version.`,
           path: ["volumes", volumeKey]
         });
@@ -5224,7 +5386,7 @@ var composeCommand = new Command7().name("compose").description("Create or updat
         )
       );
       if (options.autoUpdate !== false) {
-        await silentUpgradeAfterCommand("9.17.2");
+        await silentUpgradeAfterCommand("9.19.0");
       }
     } catch (error) {
       if (error instanceof Error) {
@@ -5979,9 +6141,9 @@ var CodexEventParser = class {
       }
     }
     if (itemType === "file_change" && item.changes && item.changes.length > 0) {
-      const changes = item.changes.map((c22) => {
-        const action = c22.kind === "add" ? "Created" : c22.kind === "modify" ? "Modified" : "Deleted";
-        return `${action}: ${c22.path}`;
+      const changes = item.changes.map((c23) => {
+        const action = c23.kind === "add" ? "Created" : c23.kind === "modify" ? "Modified" : "Deleted";
+        return `${action}: ${c23.path}`;
       }).join("\n");
       return {
         type: "text",
@@ -6135,9 +6297,9 @@ var CodexEventRenderer = class {
       return;
     }
     if (itemType === "file_change" && item.changes && item.changes.length > 0) {
-      const summary = item.changes.map((c22) => {
-        const icon = c22.kind === "add" ? "+" : c22.kind === "delete" ? "-" : "~";
-        return `${icon}${c22.path}`;
+      const summary = item.changes.map((c23) => {
+        const icon = c23.kind === "add" ? "+" : c23.kind === "delete" ? "-" : "~";
+        return `${icon}${c23.path}`;
       }).join(", ");
       console.log(chalk7.green("[files]") + ` ${summary}`);
       return;
@@ -6158,7 +6320,7 @@ var CodexEventRenderer = class {
 };
 
 // src/lib/api/api-client.ts
-import { initClient as initClient9 } from "@ts-rest/core";
+import { initClient as initClient10 } from "@ts-rest/core";
 var ApiClient = class {
   async getHeaders() {
     const token = await getToken();
@@ -6184,7 +6346,7 @@ var ApiClient = class {
   async getComposeByName(name, scope) {
     const baseUrl = await this.getBaseUrl();
     const headers = await this.getHeaders();
-    const client = initClient9(composesMainContract, {
+    const client = initClient10(composesMainContract, {
       baseUrl,
       baseHeaders: headers,
       jsonQuery: true
@@ -6205,7 +6367,7 @@ var ApiClient = class {
   async getComposeById(id) {
     const baseUrl = await this.getBaseUrl();
     const headers = await this.getHeaders();
-    const client = initClient9(composesByIdContract, {
+    const client = initClient10(composesByIdContract, {
       baseUrl,
       baseHeaders: headers,
       jsonQuery: true
@@ -6227,7 +6389,7 @@ var ApiClient = class {
   async getComposeVersion(composeId, version) {
     const baseUrl = await this.getBaseUrl();
     const headers = await this.getHeaders();
-    const client = initClient9(composesVersionsContract, {
+    const client = initClient10(composesVersionsContract, {
       baseUrl,
       baseHeaders: headers,
       jsonQuery: true
@@ -6248,7 +6410,7 @@ var ApiClient = class {
   async createOrUpdateCompose(body) {
     const baseUrl = await this.getBaseUrl();
     const headers = await this.getHeaders();
-    const client = initClient9(composesMainContract, {
+    const client = initClient10(composesMainContract, {
       baseUrl,
       baseHeaders: headers,
       jsonQuery: true
@@ -6271,7 +6433,7 @@ var ApiClient = class {
   async createRun(body) {
     const baseUrl = await this.getBaseUrl();
     const headers = await this.getHeaders();
-    const client = initClient9(runsMainContract, {
+    const client = initClient10(runsMainContract, {
       baseUrl,
       baseHeaders: headers,
       jsonQuery: true
@@ -6287,7 +6449,7 @@ var ApiClient = class {
   async getEvents(runId, options) {
     const baseUrl = await this.getBaseUrl();
     const headers = await this.getHeaders();
-    const client = initClient9(runEventsContract, {
+    const client = initClient10(runEventsContract, {
       baseUrl,
       baseHeaders: headers,
       jsonQuery: true
@@ -6309,7 +6471,7 @@ var ApiClient = class {
   async getSystemLog(runId, options) {
     const baseUrl = await this.getBaseUrl();
     const headers = await this.getHeaders();
-    const client = initClient9(runSystemLogContract, {
+    const client = initClient10(runSystemLogContract, {
       baseUrl,
       baseHeaders: headers,
       jsonQuery: true
@@ -6332,7 +6494,7 @@ var ApiClient = class {
   async getMetrics(runId, options) {
     const baseUrl = await this.getBaseUrl();
     const headers = await this.getHeaders();
-    const client = initClient9(runMetricsContract, {
+    const client = initClient10(runMetricsContract, {
       baseUrl,
       baseHeaders: headers,
       jsonQuery: true
@@ -6355,7 +6517,7 @@ var ApiClient = class {
   async getAgentEvents(runId, options) {
     const baseUrl = await this.getBaseUrl();
     const headers = await this.getHeaders();
-    const client = initClient9(runAgentEventsContract, {
+    const client = initClient10(runAgentEventsContract, {
       baseUrl,
       baseHeaders: headers,
       jsonQuery: true
@@ -6378,7 +6540,7 @@ var ApiClient = class {
   async getNetworkLogs(runId, options) {
     const baseUrl = await this.getBaseUrl();
     const headers = await this.getHeaders();
-    const client = initClient9(runNetworkLogsContract, {
+    const client = initClient10(runNetworkLogsContract, {
       baseUrl,
       baseHeaders: headers,
       jsonQuery: true
@@ -6404,7 +6566,7 @@ var ApiClient = class {
   async getScope() {
     const baseUrl = await this.getBaseUrl();
     const headers = await this.getHeaders();
-    const client = initClient9(scopeContract, {
+    const client = initClient10(scopeContract, {
       baseUrl,
       baseHeaders: headers,
       jsonQuery: true
@@ -6423,7 +6585,7 @@ var ApiClient = class {
   async createScope(body) {
     const baseUrl = await this.getBaseUrl();
     const headers = await this.getHeaders();
-    const client = initClient9(scopeContract, {
+    const client = initClient10(scopeContract, {
       baseUrl,
       baseHeaders: headers,
       jsonQuery: true
@@ -6442,7 +6604,7 @@ var ApiClient = class {
   async updateScope(body) {
     const baseUrl = await this.getBaseUrl();
     const headers = await this.getHeaders();
-    const client = initClient9(scopeContract, {
+    const client = initClient10(scopeContract, {
       baseUrl,
       baseHeaders: headers,
       jsonQuery: true
@@ -6462,7 +6624,7 @@ var ApiClient = class {
   async getSession(sessionId) {
     const baseUrl = await this.getBaseUrl();
     const headers = await this.getHeaders();
-    const client = initClient9(sessionsByIdContract, {
+    const client = initClient10(sessionsByIdContract, {
       baseUrl,
       baseHeaders: headers,
       jsonQuery: true
@@ -6484,7 +6646,7 @@ var ApiClient = class {
   async getCheckpoint(checkpointId) {
     const baseUrl = await this.getBaseUrl();
     const headers = await this.getHeaders();
-    const client = initClient9(checkpointsByIdContract, {
+    const client = initClient10(checkpointsByIdContract, {
       baseUrl,
       baseHeaders: headers,
       jsonQuery: true
@@ -6505,7 +6667,7 @@ var ApiClient = class {
   async prepareStorage(body) {
     const baseUrl = await this.getBaseUrl();
     const headers = await this.getHeaders();
-    const client = initClient9(storagesPrepareContract, {
+    const client = initClient10(storagesPrepareContract, {
       baseUrl,
       baseHeaders: headers,
       jsonQuery: true
@@ -6524,7 +6686,7 @@ var ApiClient = class {
   async commitStorage(body) {
     const baseUrl = await this.getBaseUrl();
     const headers = await this.getHeaders();
-    const client = initClient9(storagesCommitContract, {
+    const client = initClient10(storagesCommitContract, {
       baseUrl,
       baseHeaders: headers,
       jsonQuery: true
@@ -6543,7 +6705,7 @@ var ApiClient = class {
   async getStorageDownload(query) {
     const baseUrl = await this.getBaseUrl();
     const headers = await this.getHeaders();
-    const client = initClient9(storagesDownloadContract, {
+    const client = initClient10(storagesDownloadContract, {
       baseUrl,
       baseHeaders: headers,
       jsonQuery: true
@@ -6568,7 +6730,7 @@ var ApiClient = class {
   async listStorages(query) {
     const baseUrl = await this.getBaseUrl();
     const headers = await this.getHeaders();
-    const client = initClient9(storagesListContract, {
+    const client = initClient10(storagesListContract, {
       baseUrl,
       baseHeaders: headers,
       jsonQuery: true
@@ -6587,7 +6749,7 @@ var ApiClient = class {
   async deploySchedule(body) {
     const baseUrl = await this.getBaseUrl();
     const headers = await this.getHeaders();
-    const client = initClient9(schedulesMainContract, {
+    const client = initClient10(schedulesMainContract, {
       baseUrl,
       baseHeaders: headers,
       jsonQuery: true
@@ -6606,7 +6768,7 @@ var ApiClient = class {
   async listSchedules() {
     const baseUrl = await this.getBaseUrl();
     const headers = await this.getHeaders();
-    const client = initClient9(schedulesMainContract, {
+    const client = initClient10(schedulesMainContract, {
       baseUrl,
       baseHeaders: headers,
       jsonQuery: true
@@ -6625,7 +6787,7 @@ var ApiClient = class {
   async getScheduleByName(params) {
     const baseUrl = await this.getBaseUrl();
     const headers = await this.getHeaders();
-    const client = initClient9(schedulesByNameContract, {
+    const client = initClient10(schedulesByNameContract, {
       baseUrl,
       baseHeaders: headers,
       jsonQuery: true
@@ -6647,7 +6809,7 @@ var ApiClient = class {
   async deleteSchedule(params) {
     const baseUrl = await this.getBaseUrl();
     const headers = await this.getHeaders();
-    const client = initClient9(schedulesByNameContract, {
+    const client = initClient10(schedulesByNameContract, {
       baseUrl,
       baseHeaders: headers,
       jsonQuery: true
@@ -6669,7 +6831,7 @@ var ApiClient = class {
   async enableSchedule(params) {
     const baseUrl = await this.getBaseUrl();
     const headers = await this.getHeaders();
-    const client = initClient9(schedulesEnableContract, {
+    const client = initClient10(schedulesEnableContract, {
       baseUrl,
       baseHeaders: headers,
       jsonQuery: true
@@ -6691,7 +6853,7 @@ var ApiClient = class {
   async disableSchedule(params) {
     const baseUrl = await this.getBaseUrl();
     const headers = await this.getHeaders();
-    const client = initClient9(schedulesEnableContract, {
+    const client = initClient10(schedulesEnableContract, {
       baseUrl,
       baseHeaders: headers,
       jsonQuery: true
@@ -6713,7 +6875,7 @@ var ApiClient = class {
   async listScheduleRuns(params) {
     const baseUrl = await this.getBaseUrl();
     const headers = await this.getHeaders();
-    const client = initClient9(scheduleRunsContract, {
+    const client = initClient10(scheduleRunsContract, {
       baseUrl,
       baseHeaders: headers,
       jsonQuery: true
@@ -6738,7 +6900,7 @@ var ApiClient = class {
   async listPublicAgents(query) {
     const baseUrl = await this.getBaseUrl();
     const headers = await this.getHeaders();
-    const client = initClient9(publicAgentsListContract, {
+    const client = initClient10(publicAgentsListContract, {
       baseUrl,
       baseHeaders: headers,
       jsonQuery: true
@@ -6757,7 +6919,7 @@ var ApiClient = class {
   async listPublicArtifacts(query) {
     const baseUrl = await this.getBaseUrl();
     const headers = await this.getHeaders();
-    const client = initClient9(publicArtifactsListContract, {
+    const client = initClient10(publicArtifactsListContract, {
       baseUrl,
       baseHeaders: headers,
       jsonQuery: true
@@ -6776,7 +6938,7 @@ var ApiClient = class {
   async getPublicArtifact(id) {
     const baseUrl = await this.getBaseUrl();
     const headers = await this.getHeaders();
-    const client = initClient9(publicArtifactByIdContract, {
+    const client = initClient10(publicArtifactByIdContract, {
       baseUrl,
       baseHeaders: headers,
       jsonQuery: true
@@ -6795,7 +6957,7 @@ var ApiClient = class {
   async listPublicVolumes(query) {
     const baseUrl = await this.getBaseUrl();
     const headers = await this.getHeaders();
-    const client = initClient9(publicVolumesListContract, {
+    const client = initClient10(publicVolumesListContract, {
       baseUrl,
       baseHeaders: headers,
       jsonQuery: true
@@ -6814,7 +6976,7 @@ var ApiClient = class {
   async getPublicVolume(id) {
     const baseUrl = await this.getBaseUrl();
     const headers = await this.getHeaders();
-    const client = initClient9(publicVolumeByIdContract, {
+    const client = initClient10(publicVolumeByIdContract, {
       baseUrl,
       baseHeaders: headers,
       jsonQuery: true
@@ -6853,7 +7015,7 @@ var ApiClient = class {
   async listCredentials() {
     const baseUrl = await this.getBaseUrl();
     const headers = await this.getHeaders();
-    const client = initClient9(credentialsMainContract, {
+    const client = initClient10(credentialsMainContract, {
       baseUrl,
       baseHeaders: headers,
       jsonQuery: true
@@ -6872,7 +7034,7 @@ var ApiClient = class {
   async getCredential(name) {
     const baseUrl = await this.getBaseUrl();
     const headers = await this.getHeaders();
-    const client = initClient9(credentialsByNameContract, {
+    const client = initClient10(credentialsByNameContract, {
       baseUrl,
       baseHeaders: headers,
       jsonQuery: true
@@ -6893,7 +7055,7 @@ var ApiClient = class {
   async setCredential(body) {
     const baseUrl = await this.getBaseUrl();
     const headers = await this.getHeaders();
-    const client = initClient9(credentialsMainContract, {
+    const client = initClient10(credentialsMainContract, {
       baseUrl,
       baseHeaders: headers,
       jsonQuery: true
@@ -6912,7 +7074,7 @@ var ApiClient = class {
   async deleteCredential(name) {
     const baseUrl = await this.getBaseUrl();
     const headers = await this.getHeaders();
-    const client = initClient9(credentialsByNameContract, {
+    const client = initClient10(credentialsByNameContract, {
       baseUrl,
       baseHeaders: headers,
       jsonQuery: true
@@ -6933,7 +7095,7 @@ var ApiClient = class {
   async getRealtimeToken(runId) {
     const baseUrl = await this.getBaseUrl();
     const headers = await this.getHeaders();
-    const client = initClient9(realtimeTokenContract, {
+    const client = initClient10(realtimeTokenContract, {
       baseUrl,
       baseHeaders: headers,
       jsonQuery: true
@@ -7455,7 +7617,7 @@ var mainRunCommand = new Command8().name("run").description("Run an agent").argu
       }
       showNextSteps(result);
       if (options.autoUpdate !== false) {
-        await silentUpgradeAfterCommand("9.17.2");
+        await silentUpgradeAfterCommand("9.19.0");
       }
     } catch (error) {
       handleRunError(error, identifier);
@@ -8962,7 +9124,7 @@ var cookAction = new Command27().name("cook").description("Quick start: prepare,
 ).option("-y, --yes", "Skip confirmation prompts").option("-v, --verbose", "Show full tool inputs and outputs").addOption(new Option5("--debug-no-mock-claude").hideHelp()).addOption(new Option5("--no-auto-update").hideHelp()).action(
   async (prompt, options) => {
     if (options.autoUpdate !== false) {
-      const shouldExit = await checkAndUpgrade("9.17.2", prompt);
+      const shouldExit = await checkAndUpgrade("9.19.0", prompt);
       if (shouldExit) {
         process.exit(0);
       }
@@ -9537,7 +9699,7 @@ var setCommand = new Command33().name("set").description("Set your scope slug").
 var scopeCommand = new Command34().name("scope").description("Manage your scope (namespace for agents)").addCommand(statusCommand4).addCommand(setCommand);
 
 // src/commands/agent/index.ts
-import { Command as Command38 } from "commander";
+import { Command as Command43 } from "commander";
 
 // src/commands/agent/clone.ts
 import { Command as Command35 } from "commander";
@@ -9677,7 +9839,7 @@ var listCommand4 = new Command36().name("list").alias("ls").description("List al
       );
       return;
     }
-    const nameWidth = Math.max(4, ...data.composes.map((c22) => c22.name.length));
+    const nameWidth = Math.max(4, ...data.composes.map((c23) => c23.name.length));
     const header = ["NAME".padEnd(nameWidth), "VERSION", "UPDATED"].join(
       "  "
     );
@@ -9957,12 +10119,206 @@ var statusCommand5 = new Command37().name("status").description("Show status of
   }
 });
 
+// src/commands/agent/public.ts
+import { Command as Command38 } from "commander";
+import chalk39 from "chalk";
+var publicCommand = new Command38().name("public").description("Make an agent public (accessible to all authenticated users)").argument("<name>", "Agent name").action(async (name) => {
+  try {
+    const compose = await getComposeByName(name);
+    if (!compose) {
+      console.error(chalk39.red(`\u2717 Agent not found: ${name}`));
+      process.exit(1);
+    }
+    const scope = await getScope();
+    const response = await httpPost(
+      `/api/agent/composes/${compose.id}/permissions`,
+      { granteeType: "public" }
+    );
+    if (!response.ok) {
+      const error = await response.json();
+      if (response.status === 409) {
+        console.log(chalk39.yellow(`Agent "${name}" is already public`));
+        return;
+      }
+      throw new Error(error.error?.message || "Failed to make agent public");
+    }
+    const fullName = `${scope.slug}/${name}`;
+    console.log(chalk39.green(`\u2713 Agent "${name}" is now public`));
+    console.log();
+    console.log("Others can now run your agent with:");
+    console.log(chalk39.cyan(`  vm0 run ${fullName} "your prompt"`));
+  } catch (error) {
+    console.error(chalk39.red("\u2717 Failed to make agent public"));
+    if (error instanceof Error) {
+      console.error(chalk39.dim(`  ${error.message}`));
+    }
+    process.exit(1);
+  }
+});
+
+// src/commands/agent/private.ts
+import { Command as Command39 } from "commander";
+import chalk40 from "chalk";
+var privateCommand = new Command39().name("private").description("Make an agent private (remove public access)").argument("<name>", "Agent name").action(async (name) => {
+  try {
+    const compose = await getComposeByName(name);
+    if (!compose) {
+      console.error(chalk40.red(`\u2717 Agent not found: ${name}`));
+      process.exit(1);
+    }
+    const response = await httpDelete(
+      `/api/agent/composes/${compose.id}/permissions?type=public`
+    );
+    if (!response.ok) {
+      const error = await response.json();
+      if (response.status === 404) {
+        console.log(chalk40.yellow(`Agent "${name}" is already private`));
+        return;
+      }
+      throw new Error(error.error?.message || "Failed to make agent private");
+    }
+    console.log(chalk40.green(`\u2713 Agent "${name}" is now private`));
+  } catch (error) {
+    console.error(chalk40.red("\u2717 Failed to make agent private"));
+    if (error instanceof Error) {
+      console.error(chalk40.dim(`  ${error.message}`));
+    }
+    process.exit(1);
+  }
+});
+
+// src/commands/agent/share.ts
+import { Command as Command40 } from "commander";
+import chalk41 from "chalk";
+var shareCommand = new Command40().name("share").description("Share an agent with a user by email").argument("<name>", "Agent name").requiredOption("--email <email>", "Email address to share with").action(async (name, options) => {
+  try {
+    const compose = await getComposeByName(name);
+    if (!compose) {
+      console.error(chalk41.red(`\u2717 Agent not found: ${name}`));
+      process.exit(1);
+    }
+    const scope = await getScope();
+    const response = await httpPost(
+      `/api/agent/composes/${compose.id}/permissions`,
+      { granteeType: "email", granteeEmail: options.email }
+    );
+    if (!response.ok) {
+      const error = await response.json();
+      if (response.status === 409) {
+        console.log(
+          chalk41.yellow(
+            `Agent "${name}" is already shared with ${options.email}`
+          )
+        );
+        return;
+      }
+      throw new Error(error.error?.message || "Failed to share agent");
+    }
+    const fullName = `${scope.slug}/${name}`;
+    console.log(
+      chalk41.green(`\u2713 Agent "${name}" shared with ${options.email}`)
+    );
+    console.log();
+    console.log("They can now run your agent with:");
+    console.log(chalk41.cyan(`  vm0 run ${fullName} "your prompt"`));
+  } catch (error) {
+    console.error(chalk41.red("\u2717 Failed to share agent"));
+    if (error instanceof Error) {
+      console.error(chalk41.dim(`  ${error.message}`));
+    }
+    process.exit(1);
+  }
+});
+
+// src/commands/agent/unshare.ts
+import { Command as Command41 } from "commander";
+import chalk42 from "chalk";
+var unshareCommand = new Command41().name("unshare").description("Remove sharing from a user").argument("<name>", "Agent name").requiredOption("--email <email>", "Email address to unshare").action(async (name, options) => {
+  try {
+    const compose = await getComposeByName(name);
+    if (!compose) {
+      console.error(chalk42.red(`\u2717 Agent not found: ${name}`));
+      process.exit(1);
+    }
+    const response = await httpDelete(
+      `/api/agent/composes/${compose.id}/permissions?type=email&email=${encodeURIComponent(options.email)}`
+    );
+    if (!response.ok) {
+      const error = await response.json();
+      if (response.status === 404) {
+        console.log(
+          chalk42.yellow(`Agent "${name}" is not shared with ${options.email}`)
+        );
+        return;
+      }
+      throw new Error(error.error?.message || "Failed to unshare agent");
+    }
+    console.log(
+      chalk42.green(`\u2713 Removed sharing of "${name}" from ${options.email}`)
+    );
+  } catch (error) {
+    console.error(chalk42.red("\u2717 Failed to unshare agent"));
+    if (error instanceof Error) {
+      console.error(chalk42.dim(`  ${error.message}`));
+    }
+    process.exit(1);
+  }
+});
+
+// src/commands/agent/permission.ts
+import { Command as Command42 } from "commander";
+import chalk43 from "chalk";
+var permissionCommand = new Command42().name("permission").description("List all permissions for an agent").argument("<name>", "Agent name").action(async (name) => {
+  try {
+    const compose = await getComposeByName(name);
+    if (!compose) {
+      console.error(chalk43.red(`\u2717 Agent not found: ${name}`));
+      process.exit(1);
+    }
+    const response = await httpGet(
+      `/api/agent/composes/${compose.id}/permissions`
+    );
+    if (!response.ok) {
+      const error = await response.json();
+      throw new Error(error.error?.message || "Failed to list permissions");
+    }
+    const data = await response.json();
+    if (data.permissions.length === 0) {
+      console.log(chalk43.dim("No permissions set (private agent)"));
+      return;
+    }
+    console.log(
+      chalk43.dim(
+        "TYPE     EMAIL                          PERMISSION  GRANTED"
+      )
+    );
+    console.log(
+      chalk43.dim(
+        "-------  -----------------------------  ----------  ----------"
+      )
+    );
+    for (const p of data.permissions) {
+      const type = p.granteeType.padEnd(7);
+      const email = (p.granteeEmail ?? "-").padEnd(29);
+      const permission = p.permission.padEnd(10);
+      const granted = formatRelativeTime(p.createdAt);
+      console.log(`${type}  ${email}  ${permission}  ${granted}`);
+    }
+  } catch (error) {
+    console.error(chalk43.red("\u2717 Failed to list permissions"));
+    if (error instanceof Error) {
+      console.error(chalk43.dim(`  ${error.message}`));
+    }
+    process.exit(1);
+  }
+});
+
 // src/commands/agent/index.ts
-var agentCommand = new Command38().name("agent").description("Manage agent composes").addCommand(cloneCommand3).addCommand(listCommand4).addCommand(statusCommand5);
+var agentCommand = new Command43().name("agent").description("Manage agent composes").addCommand(cloneCommand3).addCommand(listCommand4).addCommand(statusCommand5).addCommand(publicCommand).addCommand(privateCommand).addCommand(shareCommand).addCommand(unshareCommand).addCommand(permissionCommand);
 
 // src/commands/init/index.ts
-import { Command as Command39 } from "commander";
-import chalk39 from "chalk";
+import { Command as Command44 } from "commander";
+import chalk44 from "chalk";
 import path15 from "path";
 import { existsSync as existsSync10 } from "fs";
 import { writeFile as writeFile7 } from "fs/promises";
@@ -10000,14 +10356,14 @@ function checkExistingFiles() {
   if (existsSync10(AGENTS_MD_FILE)) existingFiles.push(AGENTS_MD_FILE);
   return existingFiles;
 }
-var initCommand3 = new Command39().name("init").description("Initialize a new VM0 project in the current directory").option("-f, --force", "Overwrite existing files").option("-n, --name <name>", "Agent name (required in non-interactive mode)").action(async (options) => {
+var initCommand3 = new Command44().name("init").description("Initialize a new VM0 project in the current directory").option("-f, --force", "Overwrite existing files").option("-n, --name <name>", "Agent name (required in non-interactive mode)").action(async (options) => {
   const existingFiles = checkExistingFiles();
   if (existingFiles.length > 0 && !options.force) {
     for (const file of existingFiles) {
-      console.log(chalk39.red(`\u2717 ${file} already exists`));
+      console.log(chalk44.red(`\u2717 ${file} already exists`));
     }
     console.log();
-    console.log(`To overwrite: ${chalk39.cyan("vm0 init --force")}`);
+    console.log(`To overwrite: ${chalk44.cyan("vm0 init --force")}`);
     process.exit(1);
   }
   let agentName;
@@ -10015,9 +10371,9 @@ var initCommand3 = new Command39().name("init").description("Initialize a new VM
     agentName = options.name.trim();
   } else if (!isInteractive()) {
     console.error(
-      chalk39.red("\u2717 --name flag is required in non-interactive mode")
+      chalk44.red("\u2717 --name flag is required in non-interactive mode")
     );
-    console.error(chalk39.dim("  Usage: vm0 init --name <agent-name>"));
+    console.error(chalk44.dim("  Usage: vm0 init --name <agent-name>"));
     process.exit(1);
   } else {
     const dirName = path15.basename(process.cwd());
@@ -10033,47 +10389,47 @@ var initCommand3 = new Command39().name("init").description("Initialize a new VM
       }
     );
     if (name === void 0) {
-      console.log(chalk39.dim("Cancelled"));
+      console.log(chalk44.dim("Cancelled"));
       return;
     }
     agentName = name;
   }
   if (!agentName || !validateAgentName(agentName)) {
-    console.log(chalk39.red("\u2717 Invalid agent name"));
+    console.log(chalk44.red("\u2717 Invalid agent name"));
     console.log(
-      chalk39.dim("  Must be 3-64 characters, alphanumeric and hyphens only")
+      chalk44.dim("  Must be 3-64 characters, alphanumeric and hyphens only")
     );
-    console.log(chalk39.dim("  Must start and end with letter or number"));
+    console.log(chalk44.dim("  Must start and end with letter or number"));
     process.exit(1);
   }
   await writeFile7(VM0_YAML_FILE, generateVm0Yaml(agentName));
   const vm0Status = existingFiles.includes(VM0_YAML_FILE) ? " (overwritten)" : "";
-  console.log(chalk39.green(`\u2713 Created ${VM0_YAML_FILE}${vm0Status}`));
+  console.log(chalk44.green(`\u2713 Created ${VM0_YAML_FILE}${vm0Status}`));
   await writeFile7(AGENTS_MD_FILE, generateAgentsMd());
   const agentsStatus = existingFiles.includes(AGENTS_MD_FILE) ? " (overwritten)" : "";
-  console.log(chalk39.green(`\u2713 Created ${AGENTS_MD_FILE}${agentsStatus}`));
+  console.log(chalk44.green(`\u2713 Created ${AGENTS_MD_FILE}${agentsStatus}`));
   console.log();
   console.log("Next steps:");
   console.log(
-    `  1. Set up model provider (one-time): ${chalk39.cyan("vm0 model-provider setup")}`
+    `  1. Set up model provider (one-time): ${chalk44.cyan("vm0 model-provider setup")}`
   );
   console.log(
-    `  2. Edit ${chalk39.cyan("AGENTS.md")} to customize your agent's workflow`
+    `  2. Edit ${chalk44.cyan("AGENTS.md")} to customize your agent's workflow`
   );
   console.log(
-    `     Or install Claude plugin: ${chalk39.cyan(`vm0 setup-claude && claude "/vm0-agent let's build an agent"`)}`
+    `     Or install Claude plugin: ${chalk44.cyan(`vm0 setup-claude && claude "/vm0-agent let's build an agent"`)}`
   );
   console.log(
-    `  3. Run your agent: ${chalk39.cyan(`vm0 cook "let's start working"`)}`
+    `  3. Run your agent: ${chalk44.cyan(`vm0 cook "let's start working"`)}`
   );
 });
 
 // src/commands/schedule/index.ts
-import { Command as Command46 } from "commander";
+import { Command as Command51 } from "commander";
 
 // src/commands/schedule/setup.ts
-import { Command as Command40 } from "commander";
-import chalk41 from "chalk";
+import { Command as Command45 } from "commander";
+import chalk46 from "chalk";
 
 // src/lib/domain/schedule-utils.ts
 import { parse as parseYaml5 } from "yaml";
@@ -10215,7 +10571,7 @@ async function resolveScheduleByAgent(agentName) {
 }
 
 // src/commands/schedule/gather-configuration.ts
-import chalk40 from "chalk";
+import chalk45 from "chalk";
 var defaultPromptDeps = {
   isInteractive,
   promptConfirm,
@@ -10243,7 +10599,7 @@ async function handleExistingSecrets(existingSecretNames, deps) {
       return true;
     }
     console.log(
-      chalk40.dim(
+      chalk45.dim(
         "  Note: Secrets will be cleared. Use 'vm0 secret set' to add platform secrets."
       )
     );
@@ -10268,21 +10624,21 @@ async function handleVars(optionVars, existingVars, deps) {
 }
 function displayMissingRequirements(missingSecrets, missingVars) {
   if (missingSecrets.length > 0) {
-    console.log(chalk40.yellow("\nAgent requires the following secrets:"));
+    console.log(chalk45.yellow("\nAgent requires the following secrets:"));
     for (const name of missingSecrets) {
-      console.log(chalk40.dim(`  ${name}`));
+      console.log(chalk45.dim(`  ${name}`));
     }
     console.log();
     console.log("Set secrets using the platform:");
     for (const name of missingSecrets) {
-      console.log(chalk40.cyan(`  vm0 secret set ${name} <value>`));
+      console.log(chalk45.cyan(`  vm0 secret set ${name} <value>`));
     }
     console.log();
   }
   if (missingVars.length > 0) {
-    console.log(chalk40.yellow("\nAgent requires the following variables:"));
+    console.log(chalk45.yellow("\nAgent requires the following variables:"));
     for (const name of missingVars) {
-      console.log(chalk40.dim(`  ${name}`));
+      console.log(chalk45.dim(`  ${name}`));
     }
     console.log();
   }
@@ -10290,7 +10646,7 @@ function displayMissingRequirements(missingSecrets, missingVars) {
 async function promptForMissingVars(missingVars, vars, deps) {
   for (const name of missingVars) {
     const value = await deps.promptText(
-      `Enter value for var ${chalk40.cyan(name)}`,
+      `Enter value for var ${chalk45.cyan(name)}`,
       ""
     );
     if (value) {
@@ -10378,7 +10734,7 @@ function expandEnvVars(value) {
     const envValue = process.env[varName];
     if (envValue === void 0) {
       console.warn(
-        chalk41.yellow(`  Warning: Environment variable ${varName} not set`)
+        chalk46.yellow(`  Warning: Environment variable ${varName} not set`)
       );
       return match;
     }
@@ -10445,11 +10801,11 @@ async function gatherFrequency(optionFrequency, existingFrequency) {
   }
   if (!isInteractive()) {
     console.error(
-      chalk41.red("\u2717 --frequency is required (daily|weekly|monthly|once)")
+      chalk46.red("\u2717 --frequency is required (daily|weekly|monthly|once)")
     );
     process.exit(1);
   }
-  const defaultIndex = existingFrequency ? FREQUENCY_CHOICES.findIndex((c22) => c22.value === existingFrequency) : 0;
+  const defaultIndex = existingFrequency ? FREQUENCY_CHOICES.findIndex((c23) => c23.value === existingFrequency) : 0;
   frequency = await promptSelect(
     "Schedule frequency",
     FREQUENCY_CHOICES,
@@ -10465,7 +10821,7 @@ async function gatherDay(frequency, optionDay, existingDay) {
     const day2 = parseDayOption(optionDay, frequency);
     if (day2 === void 0) {
       console.error(
-        chalk41.red(
+        chalk46.red(
           `\u2717 Invalid day: ${optionDay}. Use mon-sun for weekly or 1-31 for monthly.`
         )
       );
@@ -10474,11 +10830,11 @@ async function gatherDay(frequency, optionDay, existingDay) {
     return day2;
   }
   if (!isInteractive()) {
-    console.error(chalk41.red("\u2717 --day is required for weekly/monthly"));
+    console.error(chalk46.red("\u2717 --day is required for weekly/monthly"));
     process.exit(1);
   }
   if (frequency === "weekly") {
-    const defaultDayIndex = existingDay !== void 0 ? DAY_OF_WEEK_CHOICES.findIndex((c22) => c22.value === existingDay) : 0;
+    const defaultDayIndex = existingDay !== void 0 ? DAY_OF_WEEK_CHOICES.findIndex((c23) => c23.value === existingDay) : 0;
     const day2 = await promptSelect(
       "Day of week",
       DAY_OF_WEEK_CHOICES,
@@ -10493,7 +10849,7 @@ async function gatherDay(frequency, optionDay, existingDay) {
   if (!dayStr) return null;
   const day = parseInt(dayStr, 10);
   if (isNaN(day) || day < 1 || day > 31) {
-    console.error(chalk41.red("\u2717 Day must be between 1 and 31"));
+    console.error(chalk46.red("\u2717 Day must be between 1 and 31"));
     process.exit(1);
   }
   return day;
@@ -10502,13 +10858,13 @@ async function gatherRecurringTime(optionTime, existingTime) {
   if (optionTime) {
     const validation = validateTimeFormat(optionTime);
     if (validation !== true) {
-      console.error(chalk41.red(`\u2717 Invalid time: ${validation}`));
+      console.error(chalk46.red(`\u2717 Invalid time: ${validation}`));
       process.exit(1);
     }
     return optionTime;
   }
   if (!isInteractive()) {
-    console.error(chalk41.red("\u2717 --time is required (HH:MM format)"));
+    console.error(chalk46.red("\u2717 --time is required (HH:MM format)"));
     process.exit(1);
   }
   return await promptText(
@@ -10521,7 +10877,7 @@ async function gatherOneTimeSchedule(optionDay, optionTime, existingTime) {
   if (optionDay && optionTime) {
     if (!validateDateFormat(optionDay)) {
       console.error(
-        chalk41.red(
+        chalk46.red(
           `\u2717 Invalid date format: ${optionDay}. Use YYYY-MM-DD format.`
         )
       );
@@ -10529,16 +10885,16 @@ async function gatherOneTimeSchedule(optionDay, optionTime, existingTime) {
     }
     if (!validateTimeFormat(optionTime)) {
       console.error(
-        chalk41.red(`\u2717 Invalid time format: ${optionTime}. Use HH:MM format.`)
+        chalk46.red(`\u2717 Invalid time format: ${optionTime}. Use HH:MM format.`)
       );
       process.exit(1);
     }
     return `${optionDay} ${optionTime}`;
   }
   if (!isInteractive()) {
-    console.error(chalk41.red("\u2717 One-time schedules require interactive mode"));
+    console.error(chalk46.red("\u2717 One-time schedules require interactive mode"));
     console.error(
-      chalk41.dim("  Or provide --day (YYYY-MM-DD) and --time (HH:MM) flags")
+      chalk46.dim("  Or provide --day (YYYY-MM-DD) and --time (HH:MM) flags")
     );
     process.exit(1);
   }
@@ -10569,7 +10925,7 @@ async function gatherTimezone(optionTimezone, existingTimezone) {
 async function gatherPromptText(optionPrompt, existingPrompt) {
   if (optionPrompt) return optionPrompt;
   if (!isInteractive()) {
-    console.error(chalk41.red("\u2717 --prompt is required"));
+    console.error(chalk46.red("\u2717 --prompt is required"));
     process.exit(1);
   }
   return await promptText(
@@ -10580,8 +10936,8 @@ async function gatherPromptText(optionPrompt, existingPrompt) {
 async function resolveAgent(agentName) {
   const compose = await getComposeByName(agentName);
   if (!compose) {
-    console.error(chalk41.red(`\u2717 Agent not found: ${agentName}`));
-    console.error(chalk41.dim("  Make sure the agent is composed first"));
+    console.error(chalk46.red(`\u2717 Agent not found: ${agentName}`));
+    console.error(chalk46.dim("  Make sure the agent is composed first"));
     process.exit(1);
   }
   return {
@@ -10628,7 +10984,7 @@ async function buildAndDeploy(params) {
   const expandedSecrets = expandEnvVarsInObject(params.secrets);
   console.log(
     `
-Deploying schedule for agent ${chalk41.cyan(params.agentName)}...`
+Deploying schedule for agent ${chalk46.cyan(params.agentName)}...`
   );
   const deployResult = await deploySchedule({
     name: params.scheduleName,
@@ -10644,12 +11000,12 @@ Deploying schedule for agent ${chalk41.cyan(params.agentName)}...`
   return deployResult;
 }
 function handleSetupError(error) {
-  console.error(chalk41.red("\u2717 Failed to setup schedule"));
+  console.error(chalk46.red("\u2717 Failed to setup schedule"));
   if (error instanceof Error) {
     if (error.message.includes("Not authenticated")) {
-      console.error(chalk41.dim("  Run: vm0 auth login"));
+      console.error(chalk46.dim("  Run: vm0 auth login"));
     } else {
-      console.error(chalk41.dim(`  ${error.message}`));
+      console.error(chalk46.dim(`  ${error.message}`));
     }
   }
   process.exit(1);
@@ -10657,56 +11013,56 @@ function handleSetupError(error) {
 function displayDeployResult(agentName, deployResult) {
   if (deployResult.created) {
     console.log(
-      chalk41.green(`\u2713 Created schedule for agent ${chalk41.cyan(agentName)}`)
+      chalk46.green(`\u2713 Created schedule for agent ${chalk46.cyan(agentName)}`)
     );
   } else {
     console.log(
-      chalk41.green(`\u2713 Updated schedule for agent ${chalk41.cyan(agentName)}`)
+      chalk46.green(`\u2713 Updated schedule for agent ${chalk46.cyan(agentName)}`)
     );
   }
-  console.log(chalk41.dim(`  Timezone: ${deployResult.schedule.timezone}`));
+  console.log(chalk46.dim(`  Timezone: ${deployResult.schedule.timezone}`));
   if (deployResult.schedule.cronExpression) {
-    console.log(chalk41.dim(`  Cron: ${deployResult.schedule.cronExpression}`));
+    console.log(chalk46.dim(`  Cron: ${deployResult.schedule.cronExpression}`));
     if (deployResult.schedule.nextRunAt) {
       const nextRun = formatInTimezone(
         deployResult.schedule.nextRunAt,
         deployResult.schedule.timezone
       );
-      console.log(chalk41.dim(`  Next run: ${nextRun}`));
+      console.log(chalk46.dim(`  Next run: ${nextRun}`));
     }
   } else if (deployResult.schedule.atTime) {
     const atTimeFormatted = formatInTimezone(
       deployResult.schedule.atTime,
       deployResult.schedule.timezone
     );
-    console.log(chalk41.dim(`  At: ${atTimeFormatted}`));
+    console.log(chalk46.dim(`  At: ${atTimeFormatted}`));
   }
 }
 async function tryEnableSchedule(scheduleName, composeId, agentName) {
   try {
     await enableSchedule({ name: scheduleName, composeId });
     console.log(
-      chalk41.green(`\u2713 Enabled schedule for agent ${chalk41.cyan(agentName)}`)
+      chalk46.green(`\u2713 Enabled schedule for agent ${chalk46.cyan(agentName)}`)
     );
   } catch (error) {
-    console.error(chalk41.yellow("\u26A0 Failed to enable schedule"));
+    console.error(chalk46.yellow("\u26A0 Failed to enable schedule"));
     if (error instanceof ApiRequestError) {
       if (error.code === "SCHEDULE_PAST") {
-        console.error(chalk41.dim("  Scheduled time has already passed"));
+        console.error(chalk46.dim("  Scheduled time has already passed"));
       } else {
-        console.error(chalk41.dim(`  ${error.message}`));
+        console.error(chalk46.dim(`  ${error.message}`));
       }
     } else if (error instanceof Error) {
-      console.error(chalk41.dim(`  ${error.message}`));
+      console.error(chalk46.dim(`  ${error.message}`));
     }
     console.log(
-      `  To enable manually: ${chalk41.cyan(`vm0 schedule enable ${agentName}`)}`
+      `  To enable manually: ${chalk46.cyan(`vm0 schedule enable ${agentName}`)}`
     );
   }
 }
 function showEnableHint(agentName) {
   console.log();
-  console.log(`  To enable: ${chalk41.cyan(`vm0 schedule enable ${agentName}`)}`);
+  console.log(`  To enable: ${chalk46.cyan(`vm0 schedule enable ${agentName}`)}`);
 }
 async function handleScheduleEnabling(params) {
   const { scheduleName, composeId, agentName, enableFlag, shouldPromptEnable } = params;
@@ -10727,13 +11083,13 @@ async function handleScheduleEnabling(params) {
     showEnableHint(agentName);
   }
 }
-var setupCommand = new Command40().name("setup").description("Create or edit a schedule for an agent").argument("<agent-name>", "Agent name to configure schedule for").option("-f, --frequency <type>", "Frequency: daily|weekly|monthly|once").option("-t, --time <HH:MM>", "Time to run (24-hour format)").option("-d, --day <day>", "Day of week (mon-sun) or day of month (1-31)").option("-z, --timezone <tz>", "IANA timezone").option("-p, --prompt <text>", "Prompt to run").option("--var <name=value>", "Variable (can be repeated)", collect, []).option("--artifact-name <name>", "Artifact name", "artifact").option("-e, --enable", "Enable schedule immediately after creation").action(async (agentName, options) => {
+var setupCommand = new Command45().name("setup").description("Create or edit a schedule for an agent").argument("<agent-name>", "Agent name to configure schedule for").option("-f, --frequency <type>", "Frequency: daily|weekly|monthly|once").option("-t, --time <HH:MM>", "Time to run (24-hour format)").option("-d, --day <day>", "Day of week (mon-sun) or day of month (1-31)").option("-z, --timezone <tz>", "IANA timezone").option("-p, --prompt <text>", "Prompt to run").option("--var <name=value>", "Variable (can be repeated)", collect, []).option("--artifact-name <name>", "Artifact name", "artifact").option("-e, --enable", "Enable schedule immediately after creation").action(async (agentName, options) => {
   try {
     const { composeId, scheduleName, composeContent } = await resolveAgent(agentName);
     const requiredConfig = extractRequiredConfiguration(composeContent);
     const existingSchedule = await findExistingSchedule(agentName);
     console.log(
-      chalk41.dim(
+      chalk46.dim(
         existingSchedule ? `Editing existing schedule for agent ${agentName}` : `Creating new schedule for agent ${agentName}`
       )
     );
@@ -10743,12 +11099,12 @@ var setupCommand = new Command40().name("setup").description("Create or edit a s
       defaults.frequency
     );
     if (!frequency) {
-      console.log(chalk41.dim("Cancelled"));
+      console.log(chalk46.dim("Cancelled"));
       return;
     }
     const timing = await gatherTiming(frequency, options, defaults);
     if (!timing) {
-      console.log(chalk41.dim("Cancelled"));
+      console.log(chalk46.dim("Cancelled"));
       return;
     }
     const { day, time, atTime } = timing;
@@ -10757,7 +11113,7 @@ var setupCommand = new Command40().name("setup").description("Create or edit a s
       existingSchedule?.timezone
     );
     if (!timezone) {
-      console.log(chalk41.dim("Cancelled"));
+      console.log(chalk46.dim("Cancelled"));
       return;
     }
     const promptText_ = await gatherPromptText(
@@ -10765,7 +11121,7 @@ var setupCommand = new Command40().name("setup").description("Create or edit a s
       existingSchedule?.prompt
     );
     if (!promptText_) {
-      console.log(chalk41.dim("Cancelled"));
+      console.log(chalk46.dim("Cancelled"));
       return;
     }
     const config = await gatherConfiguration({
@@ -10805,15 +11161,15 @@ var setupCommand = new Command40().name("setup").description("Create or edit a s
 });
 
 // src/commands/schedule/list.ts
-import { Command as Command41 } from "commander";
-import chalk42 from "chalk";
-var listCommand5 = new Command41().name("list").alias("ls").description("List all schedules").action(async () => {
+import { Command as Command46 } from "commander";
+import chalk47 from "chalk";
+var listCommand5 = new Command46().name("list").alias("ls").description("List all schedules").action(async () => {
   try {
     const result = await listSchedules();
     if (result.schedules.length === 0) {
-      console.log(chalk42.dim("No schedules found"));
+      console.log(chalk47.dim("No schedules found"));
       console.log(
-        chalk42.dim("  Create one with: vm0 schedule setup <agent-name>")
+        chalk47.dim("  Create one with: vm0 schedule setup <agent-name>")
       );
       return;
     }
@@ -10833,10 +11189,10 @@ var listCommand5 = new Command41().name("list").alias("ls").description("List al
       "STATUS".padEnd(8),
       "NEXT RUN"
     ].join("  ");
-    console.log(chalk42.dim(header));
+    console.log(chalk47.dim(header));
     for (const schedule of result.schedules) {
       const trigger = schedule.cronExpression ? `${schedule.cronExpression} (${schedule.timezone})` : schedule.atTime || "-";
-      const status = schedule.enabled ? chalk42.green("enabled") : chalk42.yellow("disabled");
+      const status = schedule.enabled ? chalk47.green("enabled") : chalk47.yellow("disabled");
       const nextRun = schedule.enabled ? formatRelativeTime2(schedule.nextRunAt) : "-";
       const row = [
         schedule.composeName.padEnd(agentWidth),
@@ -10848,12 +11204,12 @@ var listCommand5 = new Command41().name("list").alias("ls").description("List al
       console.log(row);
     }
   } catch (error) {
-    console.error(chalk42.red("\u2717 Failed to list schedules"));
+    console.error(chalk47.red("\u2717 Failed to list schedules"));
     if (error instanceof Error) {
       if (error.message.includes("Not authenticated")) {
-        console.error(chalk42.dim("  Run: vm0 auth login"));
+        console.error(chalk47.dim("  Run: vm0 auth login"));
       } else {
-        console.error(chalk42.dim(`  ${error.message}`));
+        console.error(chalk47.dim(`  ${error.message}`));
       }
     }
     process.exit(1);
@@ -10861,45 +11217,45 @@ var listCommand5 = new Command41().name("list").alias("ls").description("List al
 });
 
 // src/commands/schedule/status.ts
-import { Command as Command42 } from "commander";
-import chalk43 from "chalk";
+import { Command as Command47 } from "commander";
+import chalk48 from "chalk";
 function formatDateTimeStyled(dateStr) {
-  if (!dateStr) return chalk43.dim("-");
+  if (!dateStr) return chalk48.dim("-");
   const formatted = formatDateTime(dateStr);
-  return formatted.replace(/\(([^)]+)\)$/, chalk43.dim("($1)"));
+  return formatted.replace(/\(([^)]+)\)$/, chalk48.dim("($1)"));
 }
 function formatTrigger(schedule) {
   if (schedule.cronExpression) {
     return schedule.cronExpression;
   }
   if (schedule.atTime) {
-    return `${schedule.atTime} ${chalk43.dim("(one-time)")}`;
+    return `${schedule.atTime} ${chalk48.dim("(one-time)")}`;
   }
-  return chalk43.dim("-");
+  return chalk48.dim("-");
 }
 function formatRunStatus2(status) {
   switch (status) {
     case "completed":
-      return chalk43.green(status);
+      return chalk48.green(status);
     case "failed":
     case "timeout":
-      return chalk43.red(status);
+      return chalk48.red(status);
     case "running":
-      return chalk43.blue(status);
+      return chalk48.blue(status);
     case "pending":
-      return chalk43.yellow(status);
+      return chalk48.yellow(status);
     default:
       return status;
   }
 }
 function printRunConfiguration(schedule) {
-  const statusText = schedule.enabled ? chalk43.green("enabled") : chalk43.yellow("disabled");
+  const statusText = schedule.enabled ? chalk48.green("enabled") : chalk48.yellow("disabled");
   console.log(`${"Status:".padEnd(16)}${statusText}`);
   console.log(
-    `${"Agent:".padEnd(16)}${schedule.composeName} ${chalk43.dim(`(${schedule.scopeSlug})`)}`
+    `${"Agent:".padEnd(16)}${schedule.composeName} ${chalk48.dim(`(${schedule.scopeSlug})`)}`
   );
   const promptPreview = schedule.prompt.length > 60 ? schedule.prompt.slice(0, 57) + "..." : schedule.prompt;
-  console.log(`${"Prompt:".padEnd(16)}${chalk43.dim(promptPreview)}`);
+  console.log(`${"Prompt:".padEnd(16)}${chalk48.dim(promptPreview)}`);
   if (schedule.vars && Object.keys(schedule.vars).length > 0) {
     console.log(
       `${"Variables:".padEnd(16)}${Object.keys(schedule.vars).join(", ")}`
@@ -10936,7 +11292,7 @@ async function printRecentRuns(name, composeId, limit) {
       console.log();
       console.log("Recent Runs:");
       console.log(
-        chalk43.dim("RUN ID                                STATUS     CREATED")
+        chalk48.dim("RUN ID                                STATUS     CREATED")
       );
       for (const run of runs) {
         const id = run.id;
@@ -10947,24 +11303,24 @@ async function printRecentRuns(name, composeId, limit) {
     }
   } catch {
     console.log();
-    console.log(chalk43.dim("Recent Runs: (unable to fetch)"));
+    console.log(chalk48.dim("Recent Runs: (unable to fetch)"));
   }
 }
 function handleStatusError(error, agentName) {
-  console.error(chalk43.red("\u2717 Failed to get schedule status"));
+  console.error(chalk48.red("\u2717 Failed to get schedule status"));
   if (error instanceof Error) {
     if (error.message.includes("Not authenticated")) {
-      console.error(chalk43.dim("  Run: vm0 auth login"));
+      console.error(chalk48.dim("  Run: vm0 auth login"));
     } else if (error.message.includes("not found") || error.message.includes("Not found") || error.message.includes("No schedule found")) {
-      console.error(chalk43.dim(`  No schedule found for agent "${agentName}"`));
-      console.error(chalk43.dim("  Run: vm0 schedule list"));
+      console.error(chalk48.dim(`  No schedule found for agent "${agentName}"`));
+      console.error(chalk48.dim("  Run: vm0 schedule list"));
     } else {
-      console.error(chalk43.dim(`  ${error.message}`));
+      console.error(chalk48.dim(`  ${error.message}`));
     }
   }
   process.exit(1);
 }
-var statusCommand6 = new Command42().name("status").description("Show detailed status of a schedule").argument("<agent-name>", "Agent name").option(
+var statusCommand6 = new Command47().name("status").description("Show detailed status of a schedule").argument("<agent-name>", "Agent name").option(
   "-l, --limit <number>",
   "Number of recent runs to show (0 to hide)",
   "5"
@@ -10974,8 +11330,8 @@ var statusCommand6 = new Command42().name("status").description("Show detailed s
     const { name, composeId } = resolved;
     const schedule = await getScheduleByName({ name, composeId });
     console.log();
-    console.log(`Schedule for agent: ${chalk43.cyan(agentName)}`);
-    console.log(chalk43.dim("\u2501".repeat(50)));
+    console.log(`Schedule for agent: ${chalk48.cyan(agentName)}`);
+    console.log(chalk48.dim("\u2501".repeat(50)));
     printRunConfiguration(schedule);
     printTimeSchedule(schedule);
     const parsed = parseInt(options.limit, 10);
@@ -10991,24 +11347,24 @@ var statusCommand6 = new Command42().name("status").description("Show detailed s
 });
 
 // src/commands/schedule/delete.ts
-import { Command as Command43 } from "commander";
-import chalk44 from "chalk";
-var deleteCommand = new Command43().name("delete").alias("rm").description("Delete a schedule").argument("<agent-name>", "Agent name").option("-f, --force", "Skip confirmation prompt").action(async (agentName, options) => {
+import { Command as Command48 } from "commander";
+import chalk49 from "chalk";
+var deleteCommand = new Command48().name("delete").alias("rm").description("Delete a schedule").argument("<agent-name>", "Agent name").option("-f, --force", "Skip confirmation prompt").action(async (agentName, options) => {
   try {
     const resolved = await resolveScheduleByAgent(agentName);
     if (!options.force) {
       if (!isInteractive()) {
         console.error(
-          chalk44.red("\u2717 --force required in non-interactive mode")
+          chalk49.red("\u2717 --force required in non-interactive mode")
         );
         process.exit(1);
       }
       const confirmed = await promptConfirm(
-        `Delete schedule for agent ${chalk44.cyan(agentName)}?`,
+        `Delete schedule for agent ${chalk49.cyan(agentName)}?`,
         false
       );
       if (!confirmed) {
-        console.log(chalk44.dim("Cancelled"));
+        console.log(chalk49.dim("Cancelled"));
         return;
       }
     }
@@ -11017,20 +11373,20 @@ var deleteCommand = new Command43().name("delete").alias("rm").description("Dele
       composeId: resolved.composeId
     });
     console.log(
-      chalk44.green(`\u2713 Deleted schedule for agent ${chalk44.cyan(agentName)}`)
+      chalk49.green(`\u2713 Deleted schedule for agent ${chalk49.cyan(agentName)}`)
     );
   } catch (error) {
-    console.error(chalk44.red("\u2717 Failed to delete schedule"));
+    console.error(chalk49.red("\u2717 Failed to delete schedule"));
     if (error instanceof Error) {
       if (error.message.includes("Not authenticated")) {
-        console.error(chalk44.dim("  Run: vm0 auth login"));
+        console.error(chalk49.dim("  Run: vm0 auth login"));
       } else if (error.message.toLowerCase().includes("not found") || error.message.includes("No schedule found")) {
         console.error(
-          chalk44.dim(`  No schedule found for agent "${agentName}"`)
+          chalk49.dim(`  No schedule found for agent "${agentName}"`)
         );
-        console.error(chalk44.dim("  Run: vm0 schedule list"));
+        console.error(chalk49.dim("  Run: vm0 schedule list"));
       } else {
-        console.error(chalk44.dim(`  ${error.message}`));
+        console.error(chalk49.dim(`  ${error.message}`));
       }
     }
     process.exit(1);
@@ -11038,9 +11394,9 @@ var deleteCommand = new Command43().name("delete").alias("rm").description("Dele
 });
 
 // src/commands/schedule/enable.ts
-import { Command as Command44 } from "commander";
-import chalk45 from "chalk";
-var enableCommand = new Command44().name("enable").description("Enable a schedule").argument("<agent-name>", "Agent name").action(async (agentName) => {
+import { Command as Command49 } from "commander";
+import chalk50 from "chalk";
+var enableCommand = new Command49().name("enable").description("Enable a schedule").argument("<agent-name>", "Agent name").action(async (agentName) => {
   try {
     const resolved = await resolveScheduleByAgent(agentName);
     await enableSchedule({
@@ -11048,34 +11404,34 @@ var enableCommand = new Command44().name("enable").description("Enable a schedul
       composeId: resolved.composeId
     });
     console.log(
-      chalk45.green(`\u2713 Enabled schedule for agent ${chalk45.cyan(agentName)}`)
+      chalk50.green(`\u2713 Enabled schedule for agent ${chalk50.cyan(agentName)}`)
     );
   } catch (error) {
-    console.error(chalk45.red("\u2717 Failed to enable schedule"));
+    console.error(chalk50.red("\u2717 Failed to enable schedule"));
     if (error instanceof ApiRequestError) {
       if (error.code === "SCHEDULE_PAST") {
-        console.error(chalk45.dim("  Scheduled time has already passed"));
-        console.error(chalk45.dim(`  Run: vm0 schedule setup ${agentName}`));
+        console.error(chalk50.dim("  Scheduled time has already passed"));
+        console.error(chalk50.dim(`  Run: vm0 schedule setup ${agentName}`));
       } else if (error.code === "NOT_FOUND") {
         console.error(
-          chalk45.dim(`  No schedule found for agent "${agentName}"`)
+          chalk50.dim(`  No schedule found for agent "${agentName}"`)
         );
-        console.error(chalk45.dim("  Run: vm0 schedule list"));
+        console.error(chalk50.dim("  Run: vm0 schedule list"));
       } else if (error.code === "UNAUTHORIZED") {
-        console.error(chalk45.dim("  Run: vm0 auth login"));
+        console.error(chalk50.dim("  Run: vm0 auth login"));
       } else {
-        console.error(chalk45.dim(`  ${error.message}`));
+        console.error(chalk50.dim(`  ${error.message}`));
       }
     } else if (error instanceof Error) {
       if (error.message.includes("Not authenticated")) {
-        console.error(chalk45.dim("  Run: vm0 auth login"));
+        console.error(chalk50.dim("  Run: vm0 auth login"));
       } else if (error.message.includes("No schedule found")) {
         console.error(
-          chalk45.dim(`  No schedule found for agent "${agentName}"`)
+          chalk50.dim(`  No schedule found for agent "${agentName}"`)
         );
-        console.error(chalk45.dim("  Run: vm0 schedule list"));
+        console.error(chalk50.dim("  Run: vm0 schedule list"));
       } else {
-        console.error(chalk45.dim(`  ${error.message}`));
+        console.error(chalk50.dim(`  ${error.message}`));
       }
     }
     process.exit(1);
@@ -11083,9 +11439,9 @@ var enableCommand = new Command44().name("enable").description("Enable a schedul
 });
 
 // src/commands/schedule/disable.ts
-import { Command as Command45 } from "commander";
-import chalk46 from "chalk";
-var disableCommand = new Command45().name("disable").description("Disable a schedule").argument("<agent-name>", "Agent name").action(async (agentName) => {
+import { Command as Command50 } from "commander";
+import chalk51 from "chalk";
+var disableCommand = new Command50().name("disable").description("Disable a schedule").argument("<agent-name>", "Agent name").action(async (agentName) => {
   try {
     const resolved = await resolveScheduleByAgent(agentName);
     await disableSchedule({
@@ -11093,20 +11449,20 @@ var disableCommand = new Command45().name("disable").description("Disable a sche
       composeId: resolved.composeId
     });
     console.log(
-      chalk46.green(`\u2713 Disabled schedule for agent ${chalk46.cyan(agentName)}`)
+      chalk51.green(`\u2713 Disabled schedule for agent ${chalk51.cyan(agentName)}`)
     );
   } catch (error) {
-    console.error(chalk46.red("\u2717 Failed to disable schedule"));
+    console.error(chalk51.red("\u2717 Failed to disable schedule"));
     if (error instanceof Error) {
       if (error.message.includes("Not authenticated")) {
-        console.error(chalk46.dim("  Run: vm0 auth login"));
+        console.error(chalk51.dim("  Run: vm0 auth login"));
       } else if (error.message.toLowerCase().includes("not found") || error.message.includes("No schedule found")) {
         console.error(
-          chalk46.dim(`  No schedule found for agent "${agentName}"`)
+          chalk51.dim(`  No schedule found for agent "${agentName}"`)
         );
-        console.error(chalk46.dim("  Run: vm0 schedule list"));
+        console.error(chalk51.dim("  Run: vm0 schedule list"));
       } else {
-        console.error(chalk46.dim(`  ${error.message}`));
+        console.error(chalk51.dim(`  ${error.message}`));
       }
     }
     process.exit(1);
@@ -11114,11 +11470,11 @@ var disableCommand = new Command45().name("disable").description("Disable a sche
 });
 
 // src/commands/schedule/index.ts
-var scheduleCommand = new Command46().name("schedule").description("Manage agent schedules").addCommand(setupCommand).addCommand(listCommand5).addCommand(statusCommand6).addCommand(deleteCommand).addCommand(enableCommand).addCommand(disableCommand);
+var scheduleCommand = new Command51().name("schedule").description("Manage agent schedules").addCommand(setupCommand).addCommand(listCommand5).addCommand(statusCommand6).addCommand(deleteCommand).addCommand(enableCommand).addCommand(disableCommand);
 
 // src/commands/usage/index.ts
-import { Command as Command47 } from "commander";
-import chalk47 from "chalk";
+import { Command as Command52 } from "commander";
+import chalk52 from "chalk";
 
 // src/lib/utils/duration-formatter.ts
 function formatDuration(ms) {
@@ -11191,7 +11547,7 @@ function fillMissingDates(daily, startDate, endDate) {
   result.sort((a, b) => b.date.localeCompare(a.date));
   return result;
 }
-var usageCommand = new Command47().name("usage").description("View usage statistics").option("--since <date>", "Start date (ISO format or relative: 7d, 30d)").option(
+var usageCommand = new Command52().name("usage").description("View usage statistics").option("--since <date>", "Start date (ISO format or relative: 7d, 30d)").option(
   "--until <date>",
   "End date (ISO format or relative, defaults to now)"
 ).action(async (options) => {
@@ -11205,7 +11561,7 @@ var usageCommand = new Command47().name("usage").description("View usage statist
         endDate = new Date(untilMs);
       } catch {
         console.error(
-          chalk47.red(
+          chalk52.red(
             "\u2717 Invalid --until format. Use ISO (2026-01-01) or relative (7d, 30d)"
           )
         );
@@ -11220,7 +11576,7 @@ var usageCommand = new Command47().name("usage").description("View usage statist
         startDate = new Date(sinceMs);
       } catch {
         console.error(
-          chalk47.red(
+          chalk52.red(
             "\u2717 Invalid --since format. Use ISO (2026-01-01) or relative (7d, 30d)"
           )
         );
@@ -11230,13 +11586,13 @@ var usageCommand = new Command47().name("usage").description("View usage statist
       startDate = new Date(endDate.getTime() - DEFAULT_RANGE_MS);
     }
     if (startDate >= endDate) {
-      console.error(chalk47.red("\u2717 --since must be before --until"));
+      console.error(chalk52.red("\u2717 --since must be before --until"));
       process.exit(1);
     }
     const rangeMs = endDate.getTime() - startDate.getTime();
     if (rangeMs > MAX_RANGE_MS) {
       console.error(
-        chalk47.red(
+        chalk52.red(
           "\u2717 Time range exceeds maximum of 30 days. Use --until to specify an end date"
         )
       );
@@ -11253,19 +11609,19 @@ var usageCommand = new Command47().name("usage").description("View usage statist
     );
     console.log();
     console.log(
-      chalk47.bold(
+      chalk52.bold(
         `Usage Summary (${formatDateRange(usage.period.start, usage.period.end)})`
       )
     );
     console.log();
-    console.log(chalk47.dim("DATE        RUNS    RUN TIME"));
+    console.log(chalk52.dim("DATE        RUNS    RUN TIME"));
     for (const day of filledDaily) {
       const dateDisplay = formatDateDisplay(day.date).padEnd(10);
       const runsDisplay = String(day.run_count).padStart(6);
       const timeDisplay = formatDuration(day.run_time_ms);
       console.log(`${dateDisplay}${runsDisplay}    ${timeDisplay}`);
     }
-    console.log(chalk47.dim("\u2500".repeat(29)));
+    console.log(chalk52.dim("\u2500".repeat(29)));
     const totalRunsDisplay = String(usage.summary.total_runs).padStart(6);
     const totalTimeDisplay = formatDuration(usage.summary.total_run_time_ms);
     console.log(
@@ -11275,66 +11631,66 @@ var usageCommand = new Command47().name("usage").description("View usage statist
   } catch (error) {
     if (error instanceof Error) {
       if (error.message.includes("Not authenticated")) {
-        console.error(chalk47.red("\u2717 Not authenticated"));
-        console.error(chalk47.dim("  Run: vm0 auth login"));
+        console.error(chalk52.red("\u2717 Not authenticated"));
+        console.error(chalk52.dim("  Run: vm0 auth login"));
       } else {
-        console.error(chalk47.red(`\u2717 ${error.message}`));
+        console.error(chalk52.red(`\u2717 ${error.message}`));
       }
     } else {
-      console.error(chalk47.red("\u2717 An unexpected error occurred"));
+      console.error(chalk52.red("\u2717 An unexpected error occurred"));
     }
     process.exit(1);
   }
 });
 
 // src/commands/secret/index.ts
-import { Command as Command51 } from "commander";
+import { Command as Command56 } from "commander";
 
 // src/commands/secret/list.ts
-import { Command as Command48 } from "commander";
-import chalk48 from "chalk";
-var listCommand6 = new Command48().name("list").alias("ls").description("List all secrets").action(async () => {
+import { Command as Command53 } from "commander";
+import chalk53 from "chalk";
+var listCommand6 = new Command53().name("list").alias("ls").description("List all secrets").action(async () => {
   try {
     const result = await listSecrets();
     if (result.secrets.length === 0) {
-      console.log(chalk48.dim("No secrets found"));
+      console.log(chalk53.dim("No secrets found"));
       console.log();
       console.log("To add a secret:");
-      console.log(chalk48.cyan("  vm0 secret set MY_API_KEY <value>"));
+      console.log(chalk53.cyan("  vm0 secret set MY_API_KEY <value>"));
       return;
     }
-    console.log(chalk48.bold("Secrets:"));
+    console.log(chalk53.bold("Secrets:"));
     console.log();
     for (const secret of result.secrets) {
-      const typeIndicator = secret.type === "model-provider" ? chalk48.dim(" [model-provider]") : "";
-      console.log(`  ${chalk48.cyan(secret.name)}${typeIndicator}`);
+      const typeIndicator = secret.type === "model-provider" ? chalk53.dim(" [model-provider]") : "";
+      console.log(`  ${chalk53.cyan(secret.name)}${typeIndicator}`);
       if (secret.description) {
-        console.log(`    ${chalk48.dim(secret.description)}`);
+        console.log(`    ${chalk53.dim(secret.description)}`);
       }
       console.log(
-        `    ${chalk48.dim(`Updated: ${new Date(secret.updatedAt).toLocaleString()}`)}`
+        `    ${chalk53.dim(`Updated: ${new Date(secret.updatedAt).toLocaleString()}`)}`
       );
       console.log();
     }
-    console.log(chalk48.dim(`Total: ${result.secrets.length} secret(s)`));
+    console.log(chalk53.dim(`Total: ${result.secrets.length} secret(s)`));
   } catch (error) {
     if (error instanceof Error) {
       if (error.message.includes("Not authenticated")) {
-        console.error(chalk48.red("\u2717 Not authenticated. Run: vm0 auth login"));
+        console.error(chalk53.red("\u2717 Not authenticated. Run: vm0 auth login"));
       } else {
-        console.error(chalk48.red(`\u2717 ${error.message}`));
+        console.error(chalk53.red(`\u2717 ${error.message}`));
       }
     } else {
-      console.error(chalk48.red("\u2717 An unexpected error occurred"));
+      console.error(chalk53.red("\u2717 An unexpected error occurred"));
     }
     process.exit(1);
   }
 });
 
 // src/commands/secret/set.ts
-import { Command as Command49 } from "commander";
-import chalk49 from "chalk";
-var setCommand2 = new Command49().name("set").description("Create or update a secret").argument("<name>", "Secret name (uppercase, e.g., MY_API_KEY)").argument("<value>", "Secret value").option("-d, --description <description>", "Optional description").action(
+import { Command as Command54 } from "commander";
+import chalk54 from "chalk";
+var setCommand2 = new Command54().name("set").description("Create or update a secret").argument("<name>", "Secret name (uppercase, e.g., MY_API_KEY)").argument("<value>", "Secret value").option("-d, --description <description>", "Optional description").action(
   async (name, value, options) => {
     try {
       const secret = await setSecret({
@@ -11342,29 +11698,29 @@ var setCommand2 = new Command49().name("set").description("Create or update a se
         value,
         description: options.description
       });
-      console.log(chalk49.green(`\u2713 Secret "${secret.name}" saved`));
+      console.log(chalk54.green(`\u2713 Secret "${secret.name}" saved`));
       console.log();
       console.log("Use in vm0.yaml:");
-      console.log(chalk49.cyan(`  environment:`));
-      console.log(chalk49.cyan(`    ${name}: \${{ secrets.${name} }}`));
+      console.log(chalk54.cyan(`  environment:`));
+      console.log(chalk54.cyan(`    ${name}: \${{ secrets.${name} }}`));
     } catch (error) {
       if (error instanceof Error) {
         if (error.message.includes("Not authenticated")) {
           console.error(
-            chalk49.red("\u2717 Not authenticated. Run: vm0 auth login")
+            chalk54.red("\u2717 Not authenticated. Run: vm0 auth login")
           );
         } else if (error.message.includes("must contain only uppercase")) {
-          console.error(chalk49.red(`\u2717 ${error.message}`));
+          console.error(chalk54.red(`\u2717 ${error.message}`));
           console.log();
           console.log("Examples of valid secret names:");
-          console.log(chalk49.dim("  MY_API_KEY"));
-          console.log(chalk49.dim("  GITHUB_TOKEN"));
-          console.log(chalk49.dim("  AWS_ACCESS_KEY_ID"));
+          console.log(chalk54.dim("  MY_API_KEY"));
+          console.log(chalk54.dim("  GITHUB_TOKEN"));
+          console.log(chalk54.dim("  AWS_ACCESS_KEY_ID"));
         } else {
-          console.error(chalk49.red(`\u2717 ${error.message}`));
+          console.error(chalk54.red(`\u2717 ${error.message}`));
         }
       } else {
-        console.error(chalk49.red("\u2717 An unexpected error occurred"));
+        console.error(chalk54.red("\u2717 An unexpected error occurred"));
       }
       process.exit(1);
     }
@@ -11372,20 +11728,20 @@ var setCommand2 = new Command49().name("set").description("Create or update a se
 );
 
 // src/commands/secret/delete.ts
-import { Command as Command50 } from "commander";
-import chalk50 from "chalk";
-var deleteCommand2 = new Command50().name("delete").description("Delete a secret").argument("<name>", "Secret name to delete").option("-y, --yes", "Skip confirmation prompt").action(async (name, options) => {
+import { Command as Command55 } from "commander";
+import chalk55 from "chalk";
+var deleteCommand2 = new Command55().name("delete").description("Delete a secret").argument("<name>", "Secret name to delete").option("-y, --yes", "Skip confirmation prompt").action(async (name, options) => {
   try {
     try {
       await getSecret(name);
     } catch {
-      console.error(chalk50.red(`\u2717 Secret "${name}" not found`));
+      console.error(chalk55.red(`\u2717 Secret "${name}" not found`));
       process.exit(1);
     }
     if (!options.yes) {
       if (!isInteractive()) {
         console.error(
-          chalk50.red("\u2717 --yes flag is required in non-interactive mode")
+          chalk55.red("\u2717 --yes flag is required in non-interactive mode")
         );
         process.exit(1);
       }
@@ -11394,43 +11750,182 @@ var deleteCommand2 = new Command50().name("delete").description("Delete a secret
         false
       );
       if (!confirmed) {
-        console.log(chalk50.dim("Cancelled"));
+        console.log(chalk55.dim("Cancelled"));
         return;
       }
     }
     await deleteSecret(name);
-    console.log(chalk50.green(`\u2713 Secret "${name}" deleted`));
+    console.log(chalk55.green(`\u2713 Secret "${name}" deleted`));
   } catch (error) {
     if (error instanceof Error) {
       if (error.message.includes("Not authenticated")) {
-        console.error(chalk50.red("\u2717 Not authenticated. Run: vm0 auth login"));
+        console.error(chalk55.red("\u2717 Not authenticated. Run: vm0 auth login"));
       } else {
-        console.error(chalk50.red(`\u2717 ${error.message}`));
+        console.error(chalk55.red(`\u2717 ${error.message}`));
       }
     } else {
-      console.error(chalk50.red("\u2717 An unexpected error occurred"));
+      console.error(chalk55.red("\u2717 An unexpected error occurred"));
     }
     process.exit(1);
   }
 });
 
 // src/commands/secret/index.ts
-var secretCommand = new Command51().name("secret").description("Manage stored secrets for agent runs").addCommand(listCommand6).addCommand(setCommand2).addCommand(deleteCommand2);
+var secretCommand = new Command56().name("secret").description("Manage stored secrets for agent runs").addCommand(listCommand6).addCommand(setCommand2).addCommand(deleteCommand2);
+
+// src/commands/variable/index.ts
+import { Command as Command60 } from "commander";
+
+// src/commands/variable/list.ts
+import { Command as Command57 } from "commander";
+import chalk56 from "chalk";
+function truncateValue(value, maxLength = 60) {
+  if (value.length <= maxLength) {
+    return value;
+  }
+  return value.slice(0, maxLength - 15) + "... [truncated]";
+}
+var listCommand7 = new Command57().name("list").alias("ls").description("List all variables").action(async () => {
+  try {
+    const result = await listVariables();
+    if (result.variables.length === 0) {
+      console.log(chalk56.dim("No variables found"));
+      console.log();
+      console.log("To add a variable:");
+      console.log(chalk56.cyan("  vm0 variable set MY_VAR <value>"));
+      return;
+    }
+    console.log(chalk56.bold("Variables:"));
+    console.log();
+    for (const variable of result.variables) {
+      const displayValue = truncateValue(variable.value);
+      console.log(`  ${chalk56.cyan(variable.name)} = ${displayValue}`);
+      if (variable.description) {
+        console.log(`    ${chalk56.dim(variable.description)}`);
+      }
+      console.log(
+        `    ${chalk56.dim(`Updated: ${new Date(variable.updatedAt).toLocaleString()}`)}`
+      );
+      console.log();
+    }
+    console.log(chalk56.dim(`Total: ${result.variables.length} variable(s)`));
+  } catch (error) {
+    if (error instanceof Error) {
+      if (error.message.includes("Not authenticated")) {
+        console.error(chalk56.red("\u2717 Not authenticated. Run: vm0 auth login"));
+      } else {
+        console.error(chalk56.red(`\u2717 ${error.message}`));
+      }
+    } else {
+      console.error(chalk56.red("\u2717 An unexpected error occurred"));
+    }
+    process.exit(1);
+  }
+});
+
+// src/commands/variable/set.ts
+import { Command as Command58 } from "commander";
+import chalk57 from "chalk";
+var setCommand3 = new Command58().name("set").description("Create or update a variable").argument("<name>", "Variable name (uppercase, e.g., MY_VAR)").argument("<value>", "Variable value").option("-d, --description <description>", "Optional description").action(
+  async (name, value, options) => {
+    try {
+      const variable = await setVariable({
+        name,
+        value,
+        description: options.description
+      });
+      console.log(chalk57.green(`\u2713 Variable "${variable.name}" saved`));
+      console.log();
+      console.log("Use in vm0.yaml:");
+      console.log(chalk57.cyan(`  environment:`));
+      console.log(chalk57.cyan(`    ${name}: \${{ vars.${name} }}`));
+    } catch (error) {
+      if (error instanceof Error) {
+        if (error.message.includes("Not authenticated")) {
+          console.error(
+            chalk57.red("\u2717 Not authenticated. Run: vm0 auth login")
+          );
+        } else if (error.message.includes("must contain only uppercase")) {
+          console.error(chalk57.red(`\u2717 ${error.message}`));
+          console.log();
+          console.log("Examples of valid variable names:");
+          console.log(chalk57.dim("  MY_VAR"));
+          console.log(chalk57.dim("  API_URL"));
+          console.log(chalk57.dim("  DEBUG_MODE"));
+        } else {
+          console.error(chalk57.red(`\u2717 ${error.message}`));
+        }
+      } else {
+        console.error(chalk57.red("\u2717 An unexpected error occurred"));
+      }
+      process.exit(1);
+    }
+  }
+);
+
+// src/commands/variable/delete.ts
+import { Command as Command59 } from "commander";
+import chalk58 from "chalk";
+var deleteCommand3 = new Command59().name("delete").description("Delete a variable").argument("<name>", "Variable name to delete").option("-y, --yes", "Skip confirmation prompt").action(async (name, options) => {
+  try {
+    try {
+      await getVariable(name);
+    } catch (error) {
+      if (error instanceof Error && error.message.toLowerCase().includes("not found")) {
+        console.error(chalk58.red(`\u2717 Variable "${name}" not found`));
+        process.exit(1);
+      }
+      throw error;
+    }
+    if (!options.yes) {
+      if (!isInteractive()) {
+        console.error(
+          chalk58.red("\u2717 --yes flag is required in non-interactive mode")
+        );
+        process.exit(1);
+      }
+      const confirmed = await promptConfirm(
+        `Are you sure you want to delete variable "${name}"?`,
+        false
+      );
+      if (!confirmed) {
+        console.log(chalk58.dim("Cancelled"));
+        return;
+      }
+    }
+    await deleteVariable(name);
+    console.log(chalk58.green(`\u2713 Variable "${name}" deleted`));
+  } catch (error) {
+    if (error instanceof Error) {
+      if (error.message.includes("Not authenticated")) {
+        console.error(chalk58.red("\u2717 Not authenticated. Run: vm0 auth login"));
+      } else {
+        console.error(chalk58.red(`\u2717 ${error.message}`));
+      }
+    } else {
+      console.error(chalk58.red("\u2717 An unexpected error occurred"));
+    }
+    process.exit(1);
+  }
+});
+
+// src/commands/variable/index.ts
+var variableCommand = new Command60().name("variable").description("Manage stored variables for agent runs").addCommand(listCommand7).addCommand(setCommand3).addCommand(deleteCommand3);
 
 // src/commands/model-provider/index.ts
-import { Command as Command56 } from "commander";
+import { Command as Command65 } from "commander";
 
 // src/commands/model-provider/list.ts
-import { Command as Command52 } from "commander";
-import chalk51 from "chalk";
-var listCommand7 = new Command52().name("list").alias("ls").description("List all model providers").action(async () => {
+import { Command as Command61 } from "commander";
+import chalk59 from "chalk";
+var listCommand8 = new Command61().name("list").alias("ls").description("List all model providers").action(async () => {
   try {
     const result = await listModelProviders();
     if (result.modelProviders.length === 0) {
-      console.log(chalk51.dim("No model providers configured"));
+      console.log(chalk59.dim("No model providers configured"));
       console.log();
       console.log("To add a model provider:");
-      console.log(chalk51.cyan("  vm0 model-provider setup"));
+      console.log(chalk59.cyan("  vm0 model-provider setup"));
       return;
     }
     const byFramework = result.modelProviders.reduce(
@@ -11444,16 +11939,16 @@ var listCommand7 = new Command52().name("list").alias("ls").description("List al
       },
       {}
     );
-    console.log(chalk51.bold("Model Providers:"));
+    console.log(chalk59.bold("Model Providers:"));
     console.log();
     for (const [framework, providers] of Object.entries(byFramework)) {
-      console.log(`  ${chalk51.cyan(framework)}:`);
+      console.log(`  ${chalk59.cyan(framework)}:`);
       for (const provider of providers) {
-        const defaultTag = provider.isDefault ? chalk51.green(" (default)") : "";
-        const modelTag = provider.selectedModel ? chalk51.dim(` [${provider.selectedModel}]`) : "";
+        const defaultTag = provider.isDefault ? chalk59.green(" (default)") : "";
+        const modelTag = provider.selectedModel ? chalk59.dim(` [${provider.selectedModel}]`) : "";
         console.log(`    ${provider.type}${defaultTag}${modelTag}`);
         console.log(
-          chalk51.dim(
+          chalk59.dim(
             `      Updated: ${new Date(provider.updatedAt).toLocaleString()}`
           )
         );
@@ -11461,33 +11956,33 @@ var listCommand7 = new Command52().name("list").alias("ls").description("List al
       console.log();
     }
     console.log(
-      chalk51.dim(`Total: ${result.modelProviders.length} provider(s)`)
+      chalk59.dim(`Total: ${result.modelProviders.length} provider(s)`)
     );
   } catch (error) {
     if (error instanceof Error) {
       if (error.message.includes("Not authenticated")) {
-        console.error(chalk51.red("\u2717 Not authenticated. Run: vm0 auth login"));
+        console.error(chalk59.red("\u2717 Not authenticated. Run: vm0 auth login"));
       } else {
-        console.error(chalk51.red(`\u2717 ${error.message}`));
+        console.error(chalk59.red(`\u2717 ${error.message}`));
       }
     } else {
-      console.error(chalk51.red("\u2717 An unexpected error occurred"));
+      console.error(chalk59.red("\u2717 An unexpected error occurred"));
     }
     process.exit(1);
   }
 });
 
 // src/commands/model-provider/setup.ts
-import { Command as Command53 } from "commander";
-import chalk52 from "chalk";
+import { Command as Command62 } from "commander";
+import chalk60 from "chalk";
 import prompts2 from "prompts";
 function validateProviderType(typeStr) {
   if (!Object.keys(MODEL_PROVIDER_TYPES).includes(typeStr)) {
-    console.error(chalk52.red(`\u2717 Invalid type "${typeStr}"`));
+    console.error(chalk60.red(`\u2717 Invalid type "${typeStr}"`));
     console.log();
     console.log("Valid types:");
     for (const [t, config] of Object.entries(MODEL_PROVIDER_TYPES)) {
-      console.log(`  ${chalk52.cyan(t)} - ${config.label}`);
+      console.log(`  ${chalk60.cyan(t)} - ${config.label}`);
     }
     process.exit(1);
   }
@@ -11499,11 +11994,11 @@ function validateModel(type, modelStr) {
     return modelStr;
   }
   if (models && !models.includes(modelStr)) {
-    console.error(chalk52.red(`\u2717 Invalid model "${modelStr}"`));
+    console.error(chalk60.red(`\u2717 Invalid model "${modelStr}"`));
     console.log();
     console.log("Valid models:");
     for (const m of models) {
-      console.log(`  ${chalk52.cyan(m)}`);
+      console.log(`  ${chalk60.cyan(m)}`);
     }
     process.exit(1);
   }
@@ -11512,12 +12007,12 @@ function validateModel(type, modelStr) {
 function validateAuthMethod(type, authMethodStr) {
   const authMethods = getAuthMethodsForType(type);
   if (!authMethods || !(authMethodStr in authMethods)) {
-    console.error(chalk52.red(`\u2717 Invalid auth method "${authMethodStr}"`));
+    console.error(chalk60.red(`\u2717 Invalid auth method "${authMethodStr}"`));
     console.log();
     console.log("Valid auth methods:");
     if (authMethods) {
       for (const [method, config] of Object.entries(authMethods)) {
-        console.log(`  ${chalk52.cyan(method)} - ${config.label}`);
+        console.log(`  ${chalk60.cyan(method)} - ${config.label}`);
       }
     }
     process.exit(1);
@@ -11527,7 +12022,7 @@ function validateAuthMethod(type, authMethodStr) {
 function parseCredentials(type, authMethod, credentialArgs) {
   const credentialsConfig = getCredentialsForAuthMethod(type, authMethod);
   if (!credentialsConfig) {
-    console.error(chalk52.red(`\u2717 Invalid auth method "${authMethod}"`));
+    console.error(chalk60.red(`\u2717 Invalid auth method "${authMethod}"`));
     process.exit(1);
   }
   const credentialNames = Object.keys(credentialsConfig);
@@ -11535,7 +12030,7 @@ function parseCredentials(type, authMethod, credentialArgs) {
   if (credentialArgs.length === 1 && firstArg && !firstArg.includes("=")) {
     if (credentialNames.length !== 1) {
       console.error(
-        chalk52.red(
+        chalk60.red(
           "\u2717 Must use KEY=VALUE format for multi-credential auth methods"
         )
       );
@@ -11543,13 +12038,13 @@ function parseCredentials(type, authMethod, credentialArgs) {
       console.log("Required credentials:");
       for (const [name, fieldConfig] of Object.entries(credentialsConfig)) {
         const requiredNote = fieldConfig.required ? " (required)" : "";
-        console.log(`  ${chalk52.cyan(name)}${requiredNote}`);
+        console.log(`  ${chalk60.cyan(name)}${requiredNote}`);
       }
       process.exit(1);
     }
     const firstCredentialName = credentialNames[0];
     if (!firstCredentialName) {
-      console.error(chalk52.red("\u2717 No credentials defined for this auth method"));
+      console.error(chalk60.red("\u2717 No credentials defined for this auth method"));
       process.exit(1);
     }
     return { [firstCredentialName]: firstArg };
@@ -11558,7 +12053,7 @@ function parseCredentials(type, authMethod, credentialArgs) {
   for (const arg of credentialArgs) {
     const eqIndex = arg.indexOf("=");
     if (eqIndex === -1) {
-      console.error(chalk52.red(`\u2717 Invalid credential format "${arg}"`));
+      console.error(chalk60.red(`\u2717 Invalid credential format "${arg}"`));
       console.log();
       console.log("Use KEY=VALUE format (e.g., AWS_REGION=us-east-1)");
       process.exit(1);
@@ -11572,17 +12067,17 @@ function parseCredentials(type, authMethod, credentialArgs) {
 function validateCredentials(type, authMethod, credentials) {
   const credentialsConfig = getCredentialsForAuthMethod(type, authMethod);
   if (!credentialsConfig) {
-    console.error(chalk52.red(`\u2717 Invalid auth method "${authMethod}"`));
+    console.error(chalk60.red(`\u2717 Invalid auth method "${authMethod}"`));
     process.exit(1);
   }
   for (const [name, fieldConfig] of Object.entries(credentialsConfig)) {
     if (fieldConfig.required && !credentials[name]) {
-      console.error(chalk52.red(`\u2717 Missing required credential: ${name}`));
+      console.error(chalk60.red(`\u2717 Missing required credential: ${name}`));
       console.log();
       console.log("Required credentials:");
       for (const [n, fc] of Object.entries(credentialsConfig)) {
         if (fc.required) {
-          console.log(`  ${chalk52.cyan(n)} - ${fc.label}`);
+          console.log(`  ${chalk60.cyan(n)} - ${fc.label}`);
         }
       }
       process.exit(1);
@@ -11590,12 +12085,12 @@ function validateCredentials(type, authMethod, credentials) {
   }
   for (const name of Object.keys(credentials)) {
     if (!(name in credentialsConfig)) {
-      console.error(chalk52.red(`\u2717 Unknown credential: ${name}`));
+      console.error(chalk60.red(`\u2717 Unknown credential: ${name}`));
       console.log();
       console.log("Valid credentials:");
       for (const [n, fc] of Object.entries(credentialsConfig)) {
         const requiredNote = fc.required ? " (required)" : " (optional)";
-        console.log(`  ${chalk52.cyan(n)}${requiredNote}`);
+        console.log(`  ${chalk60.cyan(n)}${requiredNote}`);
       }
       process.exit(1);
     }
@@ -11618,7 +12113,7 @@ function handleNonInteractiveMode(options) {
       const defaultAuthMethod = getDefaultAuthMethod(type);
       const authMethods = getAuthMethodsForType(type);
       if (!defaultAuthMethod || !authMethods) {
-        console.error(chalk52.red(`\u2717 Provider "${type}" requires --auth-method`));
+        console.error(chalk60.red(`\u2717 Provider "${type}" requires --auth-method`));
         process.exit(1);
       }
       const authMethodNames = Object.keys(authMethods);
@@ -11626,7 +12121,7 @@ function handleNonInteractiveMode(options) {
         authMethod = authMethodNames[0];
       } else {
         console.error(
-          chalk52.red(
+          chalk60.red(
             `\u2717 --auth-method is required for "${type}" (multiple auth methods available)`
           )
         );
@@ -11635,13 +12130,13 @@ function handleNonInteractiveMode(options) {
         for (const [method, config] of Object.entries(authMethods)) {
           const defaultNote = method === defaultAuthMethod ? " (default)" : "";
           console.log(
-            `  ${chalk52.cyan(method)} - ${config.label}${defaultNote}`
+            `  ${chalk60.cyan(method)} - ${config.label}${defaultNote}`
           );
         }
         console.log();
         console.log("Example:");
         console.log(
-          chalk52.cyan(
+          chalk60.cyan(
             `  vm0 model-provider setup --type ${type} --auth-method ${authMethodNames[0]} --credential KEY=VALUE`
           )
         );
@@ -11661,7 +12156,7 @@ function handleNonInteractiveMode(options) {
   const credentialArgs = options.credential;
   const firstArg = credentialArgs[0];
   if (!firstArg) {
-    console.error(chalk52.red("\u2717 Credential is required"));
+    console.error(chalk60.red("\u2717 Credential is required"));
     process.exit(1);
   }
   let credential;
@@ -11710,7 +12205,7 @@ async function promptForModelSelection(type) {
   if (selected === "__custom__") {
     const placeholder = getCustomModelPlaceholder(type);
     if (placeholder) {
-      console.log(chalk52.dim(`Example: ${placeholder}`));
+      console.log(chalk60.dim(`Example: ${placeholder}`));
     }
     const customResponse = await prompts2(
       {
@@ -11755,13 +12250,13 @@ function isSecretCredential(name) {
 async function promptForCredentials(type, authMethod) {
   const credentialsConfig = getCredentialsForAuthMethod(type, authMethod);
   if (!credentialsConfig) {
-    console.error(chalk52.red(`\u2717 Invalid auth method "${authMethod}"`));
+    console.error(chalk60.red(`\u2717 Invalid auth method "${authMethod}"`));
     process.exit(1);
   }
   const credentials = {};
   for (const [name, fieldConfig] of Object.entries(credentialsConfig)) {
     if (fieldConfig.helpText) {
-      console.log(chalk52.dim(fieldConfig.helpText));
+      console.log(chalk60.dim(fieldConfig.helpText));
     }
     const isSecret = isSecretCredential(name);
     const placeholder = "placeholder" in fieldConfig ? fieldConfig.placeholder : "";
@@ -11796,11 +12291,11 @@ async function promptForCredentials(type, authMethod) {
 }
 async function handleInteractiveMode() {
   if (!isInteractive()) {
-    console.error(chalk52.red("\u2717 Interactive mode requires a TTY"));
+    console.error(chalk60.red("\u2717 Interactive mode requires a TTY"));
     console.log();
     console.log("Use non-interactive mode:");
     console.log(
-      chalk52.cyan(
+      chalk60.cyan(
         '  vm0 model-provider setup --type <type> --credential "<value>"'
       )
     );
@@ -11817,7 +12312,7 @@ async function handleInteractiveMode() {
         title = `${title} \u2713`;
       }
       if (isExperimental) {
-        title = `${title} ${chalk52.dim("(experimental)")}`;
+        title = `${title} ${chalk60.dim("(experimental)")}`;
       }
       return {
         title,
@@ -11850,14 +12345,14 @@ async function handleInteractiveMode() {
       const provider = await convertModelProviderCredential(type);
       const defaultNote = provider.isDefault ? ` (default for ${provider.framework})` : "";
       console.log(
-        chalk52.green(
+        chalk60.green(
           `\u2713 Converted "${checkResult.credentialName}" to model provider${defaultNote}`
         )
       );
       await promptSetAsDefault(type, provider.framework, provider.isDefault);
       return null;
     }
-    console.log(chalk52.dim("Aborted"));
+    console.log(chalk60.dim("Aborted"));
     process.exit(0);
   }
   if (checkResult.exists && checkResult.currentType === "model-provider") {
@@ -11888,7 +12383,7 @@ async function handleInteractiveMode() {
   }
   const config = MODEL_PROVIDER_TYPES[type];
   console.log();
-  console.log(chalk52.dim(config.helpText));
+  console.log(chalk60.dim(config.helpText));
   console.log();
   if (hasAuthMethods(type)) {
     const authMethod = await promptForAuthMethod(type);
@@ -11919,17 +12414,17 @@ async function handleInteractiveMode() {
 function handleSetupError2(error) {
   if (error instanceof Error) {
     if (error.message.includes("already exists")) {
-      console.error(chalk52.red(`\u2717 ${error.message}`));
+      console.error(chalk60.red(`\u2717 ${error.message}`));
       console.log();
       console.log("To convert the existing credential, run:");
-      console.log(chalk52.cyan("  vm0 model-provider setup --convert"));
+      console.log(chalk60.cyan("  vm0 model-provider setup --convert"));
     } else if (error.message.includes("Not authenticated")) {
-      console.error(chalk52.red("\u2717 Not authenticated. Run: vm0 auth login"));
+      console.error(chalk60.red("\u2717 Not authenticated. Run: vm0 auth login"));
     } else {
-      console.error(chalk52.red(`\u2717 ${error.message}`));
+      console.error(chalk60.red(`\u2717 ${error.message}`));
     }
   } else {
-    console.error(chalk52.red("\u2717 An unexpected error occurred"));
+    console.error(chalk60.red("\u2717 An unexpected error occurred"));
   }
   process.exit(1);
 }
@@ -11946,13 +12441,13 @@ async function promptSetAsDefault(type, framework, isDefault) {
   );
   if (response.setDefault) {
     await setModelProviderDefault(type);
-    console.log(chalk52.green(`\u2713 Default for ${framework} set to "${type}"`));
+    console.log(chalk60.green(`\u2713 Default for ${framework} set to "${type}"`));
   }
 }
 function collectCredentials(value, previous) {
   return previous.concat([value]);
 }
-var setupCommand2 = new Command53().name("setup").description("Configure a model provider").option("-t, --type <type>", "Provider type (for non-interactive mode)").option(
+var setupCommand2 = new Command62().name("setup").description("Configure a model provider").option("-t, --type <type>", "Provider type (for non-interactive mode)").option(
   "-c, --credential <value>",
   "Credential value (can be used multiple times, supports VALUE or KEY=VALUE format)",
   collectCredentials,
@@ -11975,7 +12470,7 @@ var setupCommand2 = new Command53().name("setup").description("Configure a model
         });
       } else if (options.type || credentialArgs.length > 0) {
         console.error(
-          chalk52.red("\u2717 Both --type and --credential are required")
+          chalk60.red("\u2717 Both --type and --credential are required")
         );
         process.exit(1);
       } else {
@@ -11994,11 +12489,11 @@ var setupCommand2 = new Command53().name("setup").description("Configure a model
         const modelNote2 = provider2.selectedModel ? ` with model: ${provider2.selectedModel}` : "";
         if (!hasModelSelection(input.type)) {
           console.log(
-            chalk52.green(`\u2713 Model provider "${input.type}" unchanged`)
+            chalk60.green(`\u2713 Model provider "${input.type}" unchanged`)
           );
         } else {
           console.log(
-            chalk52.green(
+            chalk60.green(
               `\u2713 Model provider "${input.type}" updated${defaultNote2}${modelNote2}`
             )
           );
@@ -12024,7 +12519,7 @@ var setupCommand2 = new Command53().name("setup").description("Configure a model
       const defaultNote = provider.isDefault ? ` (default for ${provider.framework})` : "";
       const modelNote = provider.selectedModel ? ` with model: ${provider.selectedModel}` : "";
       console.log(
-        chalk52.green(
+        chalk60.green(
           `\u2713 Model provider "${input.type}" ${action}${defaultNote}${modelNote}`
         )
       );
@@ -12042,96 +12537,96 @@ var setupCommand2 = new Command53().name("setup").description("Configure a model
 );
 
 // src/commands/model-provider/delete.ts
-import { Command as Command54 } from "commander";
-import chalk53 from "chalk";
-var deleteCommand3 = new Command54().name("delete").description("Delete a model provider").argument("<type>", "Model provider type to delete").action(async (type) => {
+import { Command as Command63 } from "commander";
+import chalk61 from "chalk";
+var deleteCommand4 = new Command63().name("delete").description("Delete a model provider").argument("<type>", "Model provider type to delete").action(async (type) => {
   try {
     if (!Object.keys(MODEL_PROVIDER_TYPES).includes(type)) {
-      console.error(chalk53.red(`\u2717 Invalid type "${type}"`));
+      console.error(chalk61.red(`\u2717 Invalid type "${type}"`));
       console.log();
       console.log("Valid types:");
       for (const [t, config] of Object.entries(MODEL_PROVIDER_TYPES)) {
-        console.log(`  ${chalk53.cyan(t)} - ${config.label}`);
+        console.log(`  ${chalk61.cyan(t)} - ${config.label}`);
       }
       process.exit(1);
     }
     await deleteModelProvider(type);
-    console.log(chalk53.green(`\u2713 Model provider "${type}" deleted`));
+    console.log(chalk61.green(`\u2713 Model provider "${type}" deleted`));
   } catch (error) {
     if (error instanceof Error) {
       if (error.message.includes("not found")) {
-        console.error(chalk53.red(`\u2717 Model provider "${type}" not found`));
+        console.error(chalk61.red(`\u2717 Model provider "${type}" not found`));
       } else if (error.message.includes("Not authenticated")) {
-        console.error(chalk53.red("\u2717 Not authenticated. Run: vm0 auth login"));
+        console.error(chalk61.red("\u2717 Not authenticated. Run: vm0 auth login"));
       } else {
-        console.error(chalk53.red(`\u2717 ${error.message}`));
+        console.error(chalk61.red(`\u2717 ${error.message}`));
       }
     } else {
-      console.error(chalk53.red("\u2717 An unexpected error occurred"));
+      console.error(chalk61.red("\u2717 An unexpected error occurred"));
     }
     process.exit(1);
   }
 });
 
 // src/commands/model-provider/set-default.ts
-import { Command as Command55 } from "commander";
-import chalk54 from "chalk";
-var setDefaultCommand = new Command55().name("set-default").description("Set a model provider as default for its framework").argument("<type>", "Model provider type to set as default").action(async (type) => {
+import { Command as Command64 } from "commander";
+import chalk62 from "chalk";
+var setDefaultCommand = new Command64().name("set-default").description("Set a model provider as default for its framework").argument("<type>", "Model provider type to set as default").action(async (type) => {
   try {
     if (!Object.keys(MODEL_PROVIDER_TYPES).includes(type)) {
-      console.error(chalk54.red(`\u2717 Invalid type "${type}"`));
+      console.error(chalk62.red(`\u2717 Invalid type "${type}"`));
       console.log();
       console.log("Valid types:");
       for (const [t, config] of Object.entries(MODEL_PROVIDER_TYPES)) {
-        console.log(`  ${chalk54.cyan(t)} - ${config.label}`);
+        console.log(`  ${chalk62.cyan(t)} - ${config.label}`);
       }
       process.exit(1);
     }
     const provider = await setModelProviderDefault(type);
     console.log(
-      chalk54.green(
+      chalk62.green(
         `\u2713 Default for ${provider.framework} set to "${provider.type}"`
       )
     );
   } catch (error) {
     if (error instanceof Error) {
       if (error.message.includes("not found")) {
-        console.error(chalk54.red(`\u2717 Model provider "${type}" not found`));
+        console.error(chalk62.red(`\u2717 Model provider "${type}" not found`));
       } else if (error.message.includes("Not authenticated")) {
-        console.error(chalk54.red("\u2717 Not authenticated. Run: vm0 auth login"));
+        console.error(chalk62.red("\u2717 Not authenticated. Run: vm0 auth login"));
       } else {
-        console.error(chalk54.red(`\u2717 ${error.message}`));
+        console.error(chalk62.red(`\u2717 ${error.message}`));
       }
     } else {
-      console.error(chalk54.red("\u2717 An unexpected error occurred"));
+      console.error(chalk62.red("\u2717 An unexpected error occurred"));
     }
     process.exit(1);
   }
 });
 
 // src/commands/model-provider/index.ts
-var modelProviderCommand = new Command56().name("model-provider").description("Manage model providers for agent runs").addCommand(listCommand7).addCommand(setupCommand2).addCommand(deleteCommand3).addCommand(setDefaultCommand);
+var modelProviderCommand = new Command65().name("model-provider").description("Manage model providers for agent runs").addCommand(listCommand8).addCommand(setupCommand2).addCommand(deleteCommand4).addCommand(setDefaultCommand);
 
 // src/commands/onboard/index.ts
-import { Command as Command57 } from "commander";
-import chalk58 from "chalk";
+import { Command as Command66 } from "commander";
+import chalk66 from "chalk";
 import { mkdir as mkdir8 } from "fs/promises";
 import { existsSync as existsSync11 } from "fs";
 
 // src/lib/ui/welcome-box.ts
-import chalk55 from "chalk";
+import chalk63 from "chalk";
 var gradientColors = [
-  chalk55.hex("#FFAB5E"),
+  chalk63.hex("#FFAB5E"),
   // Line 1 - lightest
-  chalk55.hex("#FF9642"),
+  chalk63.hex("#FF9642"),
   // Line 2
-  chalk55.hex("#FF8228"),
+  chalk63.hex("#FF8228"),
   // Line 3
-  chalk55.hex("#FF6D0A"),
+  chalk63.hex("#FF6D0A"),
   // Line 4
-  chalk55.hex("#E85D00"),
+  chalk63.hex("#E85D00"),
   // Line 5
-  chalk55.hex("#CC4E00")
+  chalk63.hex("#CC4E00")
   // Line 6 - darkest
 ];
 var vm0LogoLines = [
@@ -12153,15 +12648,15 @@ function renderVm0Banner() {
 function renderOnboardWelcome() {
   renderVm0Banner();
   console.log(`  Build agentic workflows using natural language.`);
-  console.log(`  ${chalk55.dim("Currently in beta, enjoy it free.")}`);
+  console.log(`  ${chalk63.dim("Currently in beta, enjoy it free.")}`);
   console.log(
-    `  ${chalk55.dim("Star us on GitHub: https://github.com/vm0-ai/vm0")}`
+    `  ${chalk63.dim("Star us on GitHub: https://github.com/vm0-ai/vm0")}`
   );
   console.log();
 }
 
 // src/lib/ui/step-runner.ts
-import chalk56 from "chalk";
+import chalk64 from "chalk";
 function createStepRunner(options = true) {
   const opts = typeof options === "boolean" ? { interactive: options } : options;
   const interactive = opts.interactive ?? true;
@@ -12176,25 +12671,25 @@ function createStepRunner(options = true) {
     }
     for (const [i, step] of completedSteps.entries()) {
       if (step.failed) {
-        console.log(chalk56.red(`\u2717 ${step.label}`));
+        console.log(chalk64.red(`\u2717 ${step.label}`));
       } else {
-        console.log(chalk56.green(`\u25CF ${step.label}`));
+        console.log(chalk64.green(`\u25CF ${step.label}`));
       }
       const isLastStep = i === completedSteps.length - 1;
       if (!isLastStep || !isFinal) {
-        console.log(chalk56.dim("\u2502"));
+        console.log(chalk64.dim("\u2502"));
       }
     }
   }
   async function executeStep(label, fn, isFinal) {
     let stepFailed = false;
-    console.log(chalk56.yellow(`\u25CB ${label}`));
+    console.log(chalk64.yellow(`\u25CB ${label}`));
     const ctx = {
       connector() {
-        console.log(chalk56.dim("\u2502"));
+        console.log(chalk64.dim("\u2502"));
       },
       detail(message) {
-        console.log(`${chalk56.dim("\u2502")} ${message}`);
+        console.log(`${chalk64.dim("\u2502")} ${message}`);
       },
       async prompt(promptFn) {
         return await promptFn();
@@ -12211,12 +12706,12 @@ function createStepRunner(options = true) {
         redrawCompletedSteps(isFinal);
       } else {
         if (stepFailed) {
-          console.log(chalk56.red(`\u2717 ${label}`));
+          console.log(chalk64.red(`\u2717 ${label}`));
         } else {
-          console.log(chalk56.green(`\u25CF ${label}`));
+          console.log(chalk64.green(`\u25CF ${label}`));
         }
         if (!isFinal) {
-          console.log(chalk56.dim("\u2502"));
+          console.log(chalk64.dim("\u2502"));
         }
       }
     }
@@ -12374,7 +12869,7 @@ async function setupModelProvider(type, credential, options) {
 
 // src/lib/domain/onboard/claude-setup.ts
 import { spawn as spawn3 } from "child_process";
-import chalk57 from "chalk";
+import chalk65 from "chalk";
 var MARKETPLACE_NAME = "vm0-skills";
 var MARKETPLACE_REPO = "vm0-ai/vm0-skills";
 var PLUGIN_ID = "vm0@vm0-skills";
@@ -12411,12 +12906,12 @@ async function runClaudeCommand(args, cwd) {
 }
 function handlePluginError(error, context) {
   const displayContext = context ?? "Claude plugin";
-  console.error(chalk57.red(`Failed to install ${displayContext}`));
+  console.error(chalk65.red(`Failed to install ${displayContext}`));
   if (error instanceof Error) {
-    console.error(chalk57.red(error.message));
+    console.error(chalk65.red(error.message));
   }
   console.error(
-    chalk57.dim("Please ensure Claude CLI is installed and accessible.")
+    chalk65.dim("Please ensure Claude CLI is installed and accessible.")
   );
   process.exit(1);
 }
@@ -12459,7 +12954,7 @@ async function updateMarketplace() {
   ]);
   if (!result.success) {
     console.warn(
-      chalk57.yellow(
+      chalk65.yellow(
         `Warning: Could not update marketplace: ${result.error ?? "unknown error"}`
       )
     );
@@ -12497,7 +12992,7 @@ async function handleAuthentication(ctx) {
       return;
     }
     if (!ctx.interactive) {
-      console.error(chalk58.red("Error: Not authenticated"));
+      console.error(chalk66.red("Error: Not authenticated"));
       console.error("Run 'vm0 auth login' first or set VM0_TOKEN");
       process.exit(1);
     }
@@ -12505,16 +13000,16 @@ async function handleAuthentication(ctx) {
       onInitiating: () => {
       },
       onDeviceCodeReady: (url, code, expiresIn) => {
-        step.detail(`Copy code: ${chalk58.cyan.bold(code)}`);
-        step.detail(`Open: ${chalk58.cyan(url)}`);
-        step.detail(chalk58.dim(`Expires in ${expiresIn} minutes`));
+        step.detail(`Copy code: ${chalk66.cyan.bold(code)}`);
+        step.detail(`Open: ${chalk66.cyan(url)}`);
+        step.detail(chalk66.dim(`Expires in ${expiresIn} minutes`));
       },
       onPolling: () => {
       },
       onSuccess: () => {
       },
       onError: (error) => {
-        console.error(chalk58.red(`
+        console.error(chalk66.red(`
 ${error.message}`));
         process.exit(1);
       }
@@ -12528,7 +13023,7 @@ async function handleModelProvider(ctx) {
       return;
     }
     if (!ctx.interactive) {
-      console.error(chalk58.red("Error: No model provider configured"));
+      console.error(chalk66.red("Error: No model provider configured"));
       console.error("Run 'vm0 model-provider setup' first");
       process.exit(1);
     }
@@ -12537,19 +13032,19 @@ async function handleModelProvider(ctx) {
     const providerType = await step.prompt(
       () => promptSelect(
         "Select provider type:",
-        choices.map((c22) => ({
-          title: c22.label,
-          value: c22.type
+        choices.map((c23) => ({
+          title: c23.label,
+          value: c23.type
         }))
       )
     );
     if (!providerType) {
       process.exit(0);
     }
-    const selectedChoice = choices.find((c22) => c22.type === providerType);
+    const selectedChoice = choices.find((c23) => c23.type === providerType);
     if (selectedChoice?.helpText) {
       for (const line of selectedChoice.helpText.split("\n")) {
-        step.detail(chalk58.dim(line));
+        step.detail(chalk66.dim(line));
       }
     }
     const credential = await step.prompt(
@@ -12558,7 +13053,7 @@ async function handleModelProvider(ctx) {
       )
     );
     if (!credential) {
-      console.log(chalk58.dim("Cancelled"));
+      console.log(chalk66.dim("Cancelled"));
       process.exit(0);
     }
     let selectedModel;
@@ -12577,7 +13072,7 @@ async function handleModelProvider(ctx) {
         () => promptSelect("Select model:", modelChoices)
       );
       if (modelSelection === void 0) {
-        console.log(chalk58.dim("Cancelled"));
+        console.log(chalk66.dim("Cancelled"));
         process.exit(0);
       }
       selectedModel = modelSelection === "" ? void 0 : modelSelection;
@@ -12587,7 +13082,7 @@ async function handleModelProvider(ctx) {
     });
     const modelNote = result.provider.selectedModel ? ` with model: ${result.provider.selectedModel}` : "";
     step.detail(
-      chalk58.green(
+      chalk66.green(
         `${providerType} ${result.created ? "created" : "updated"}${result.isDefault ? ` (default for ${result.framework})` : ""}${modelNote}`
       )
     );
@@ -12618,7 +13113,7 @@ async function handleAgentCreation(ctx) {
         agentName = inputName;
         if (existsSync11(agentName)) {
           step.detail(
-            chalk58.yellow(`${agentName}/ already exists, choose another name`)
+            chalk66.yellow(`${agentName}/ already exists, choose another name`)
           );
         } else {
           folderExists = false;
@@ -12627,22 +13122,22 @@ async function handleAgentCreation(ctx) {
     } else {
       if (!validateAgentName(agentName)) {
         console.error(
-          chalk58.red(
+          chalk66.red(
             "Invalid agent name: must be 3-64 chars, alphanumeric + hyphens"
           )
         );
         process.exit(1);
       }
       if (existsSync11(agentName)) {
-        console.error(chalk58.red(`${agentName}/ already exists`));
+        console.error(chalk66.red(`${agentName}/ already exists`));
         console.log();
         console.log("Remove it first or choose a different name:");
-        console.log(chalk58.cyan(`  rm -rf ${agentName}`));
+        console.log(chalk66.cyan(`  rm -rf ${agentName}`));
         process.exit(1);
       }
     }
     await mkdir8(agentName, { recursive: true });
-    step.detail(chalk58.green(`Created ${agentName}/`));
+    step.detail(chalk66.green(`Created ${agentName}/`));
   });
   return agentName;
 }
@@ -12658,7 +13153,7 @@ async function handlePluginInstallation(ctx, agentName) {
       shouldInstall = confirmed ?? true;
     }
     if (!shouldInstall) {
-      step.detail(chalk58.dim("Skipped"));
+      step.detail(chalk66.dim("Skipped"));
       return;
     }
     const scope = "project";
@@ -12666,7 +13161,7 @@ async function handlePluginInstallation(ctx, agentName) {
       const agentDir = `${process.cwd()}/${agentName}`;
       const result = await installVm0Plugin(scope, agentDir);
       step.detail(
-        chalk58.green(`Installed ${result.pluginId} (scope: ${result.scope})`)
+        chalk66.green(`Installed ${result.pluginId} (scope: ${result.scope})`)
       );
       pluginInstalled = true;
     } catch (error) {
@@ -12677,18 +13172,18 @@ async function handlePluginInstallation(ctx, agentName) {
 }
 function printNextSteps(agentName, pluginInstalled) {
   console.log();
-  console.log(chalk58.bold("Next step:"));
+  console.log(chalk66.bold("Next step:"));
   console.log();
   if (pluginInstalled) {
     console.log(
-      `  ${chalk58.cyan(`cd ${agentName} && claude "/${PRIMARY_SKILL_NAME} let's build an agent"`)}`
+      `  ${chalk66.cyan(`cd ${agentName} && claude "/${PRIMARY_SKILL_NAME} let's build an agent"`)}`
     );
   } else {
-    console.log(`  ${chalk58.cyan(`cd ${agentName} && vm0 init`)}`);
+    console.log(`  ${chalk66.cyan(`cd ${agentName} && vm0 init`)}`);
   }
   console.log();
 }
-var onboardCommand = new Command57().name("onboard").description("Guided setup for new VM0 users").option("-y, --yes", "Skip confirmation prompts").option("--name <name>", `Agent name (default: ${DEFAULT_AGENT_NAME})`).action(async (options) => {
+var onboardCommand = new Command66().name("onboard").description("Guided setup for new VM0 users").option("-y, --yes", "Skip confirmation prompts").option("--name <name>", `Agent name (default: ${DEFAULT_AGENT_NAME})`).action(async (options) => {
   const interactive = isInteractive();
   if (interactive) {
     process.stdout.write("\x1B[2J\x1B[H");
@@ -12711,15 +13206,15 @@ var onboardCommand = new Command57().name("onboard").description("Guided setup f
 });
 
 // src/commands/setup-claude/index.ts
-import { Command as Command58 } from "commander";
-import chalk59 from "chalk";
-var setupClaudeCommand = new Command58().name("setup-claude").description("Install VM0 Claude Plugin").option("--agent-dir <dir>", "Agent directory to run install in").option("--scope <scope>", "Installation scope (user or project)", "project").action(async (options) => {
-  console.log(chalk59.dim("Installing VM0 Claude Plugin..."));
+import { Command as Command67 } from "commander";
+import chalk67 from "chalk";
+var setupClaudeCommand = new Command67().name("setup-claude").description("Install VM0 Claude Plugin").option("--agent-dir <dir>", "Agent directory to run install in").option("--scope <scope>", "Installation scope (user or project)", "project").action(async (options) => {
+  console.log(chalk67.dim("Installing VM0 Claude Plugin..."));
   const scope = options.scope === "user" ? "user" : "project";
   try {
     const result = await installVm0Plugin(scope, options.agentDir);
     console.log(
-      chalk59.green(`\u2713 Installed ${result.pluginId} (scope: ${result.scope})`)
+      chalk67.green(`\u2713 Installed ${result.pluginId} (scope: ${result.scope})`)
     );
   } catch (error) {
     handlePluginError(error);
@@ -12728,15 +13223,15 @@ var setupClaudeCommand = new Command58().name("setup-claude").description("Insta
   console.log("Next step:");
   const cdPrefix = options.agentDir ? `cd ${options.agentDir} && ` : "";
   console.log(
-    chalk59.cyan(
+    chalk67.cyan(
       `  ${cdPrefix}claude "/${PRIMARY_SKILL_NAME} let's build a workflow"`
     )
   );
 });
 
 // src/index.ts
-var program = new Command59();
-program.name("vm0").description("VM0 CLI - Build and run agents with natural language").version("9.17.2");
+var program = new Command68();
+program.name("vm0").description("VM0 CLI - Build and run agents with natural language").version("9.19.0");
 program.addCommand(authCommand);
 program.addCommand(infoCommand);
 program.addCommand(composeCommand);
@@ -12751,6 +13246,7 @@ program.addCommand(initCommand3);
 program.addCommand(scheduleCommand);
 program.addCommand(usageCommand);
 program.addCommand(secretCommand);
+program.addCommand(variableCommand);
 program.addCommand(modelProviderCommand);
 program.addCommand(onboardCommand);
 program.addCommand(setupClaudeCommand);