npm - @vm0/cli - Versions diffs - 9.180.5 → 9.180.6 - Mend

@vm0/cli 9.180.5 → 9.180.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/{chunk-GBLGZMXM.js → chunk-Z5VRB237.js} +311 -388
package/{chunk-GBLGZMXM.js.map → chunk-Z5VRB237.js.map} +1 -1
package/index.js +9 -9
package/package.json +1 -1
package/zero.js +24 -137
package/zero.js.map +1 -1

package/index.js CHANGED Viewed

@@ -67,7 +67,7 @@ import {
   source_default,
   volumeConfigSchema,
   withErrorHandler
-} from "./chunk-GBLGZMXM.js";
+} from "./chunk-Z5VRB237.js";
 import {
   __toESM,
   init_esm_shims
@@ -400,7 +400,7 @@ function getConfigPath() {
   return join(os.homedir(), ".vm0", "config.json");
 }
 var infoCommand = new Command().name("info").description("Display environment and debug information").action(async () => {
-  console.log(source_default.bold(`VM0 CLI v${"9.180.5"}`));
+  console.log(source_default.bold(`VM0 CLI v${"9.180.6"}`));
   console.log();
   const config = await loadConfig();
   const hasEnvToken = !!process.env.VM0_TOKEN;
@@ -4293,7 +4293,7 @@ var composeCommand = new Command().name("compose").description("Create or update
         options.autoUpdate = false;
       }
       if (options.autoUpdate !== false) {
-        await startSilentUpgrade("9.180.5");
+        await startSilentUpgrade("9.180.6");
       }
       try {
         let result;
@@ -4395,7 +4395,7 @@ var mainRunCommand = new Command().name("run").description("Run an agent").argum
   withErrorHandler(
     async (identifier, prompt, options) => {
       if (options.autoUpdate !== false) {
-        await startSilentUpgrade("9.180.5");
+        await startSilentUpgrade("9.180.6");
       }
       const { name, version } = parseIdentifier(identifier);
       let composeId;
@@ -6192,13 +6192,13 @@ var upgradeCommand = new Command().name("upgrade").description("Upgrade vm0 CLI
     if (latestVersion === null) {
       throw new Error("Could not check for updates. Please try again later.");
     }
-    if (latestVersion === "9.180.5") {
-      console.log(source_default.green(`\u2713 Already up to date (${"9.180.5"})`));
+    if (latestVersion === "9.180.6") {
+      console.log(source_default.green(`\u2713 Already up to date (${"9.180.6"})`));
       return;
     }
     console.log(
       source_default.yellow(
-        `Current version: ${"9.180.5"} -> Latest version: ${latestVersion}`
+        `Current version: ${"9.180.6"} -> Latest version: ${latestVersion}`
       )
     );
     console.log();
@@ -6225,7 +6225,7 @@ var upgradeCommand = new Command().name("upgrade").description("Upgrade vm0 CLI
     const success = await performUpgrade(packageManager);
     if (success) {
       console.log(
-        source_default.green(`\u2713 Upgraded from ${"9.180.5"} to ${latestVersion}`)
+        source_default.green(`\u2713 Upgraded from ${"9.180.6"} to ${latestVersion}`)
       );
       return;
     }
@@ -6292,7 +6292,7 @@ var whoamiCommand = new Command().name("whoami").description("Show current ident
 // src/index.ts
 var program = new Command();
-program.name("vm0").description("VM0 CLI - Build and run agents with natural language").version("9.180.5");
+program.name("vm0").description("VM0 CLI - Build and run agents with natural language").version("9.180.6");
 program.addCommand(authCommand);
 program.addCommand(infoCommand);
 program.addCommand(composeCommand);

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@vm0/cli",
-  "version": "9.180.5",
+  "version": "9.180.6",
   "description": "CLI application",
   "repository": {
     "type": "git",

package/zero.js CHANGED Viewed

@@ -28,7 +28,6 @@ import {
   createZeroAgent,
   createZeroCreditCheckout,
   createZeroRun,
-  decodeCliTokenPayload,
   decodeZeroTokenPayload,
   deleteGithubLabelListener,
   deleteSkill,
@@ -107,11 +106,13 @@ import {
   listZeroOrgs,
   listZeroSchedules,
   listZeroSecrets,
+  listZeroUserPermissionGrants,
   listZeroVariables,
   matchFirewallBaseUrl,
   paginate,
   parseEvent,
   parseTime,
+  permissionGrantsToFirewallPolicies,
   prepareHostedSite,
   promptConfirm,
   promptPassword,
@@ -149,7 +150,7 @@ import {
   upsertZeroOrgModelProvider,
   withErrorHandler,
   zeroAgentCustomSkillNameSchema
-} from "./chunk-GBLGZMXM.js";
+} from "./chunk-Z5VRB237.js";
 import {
   __toESM,
   init_esm_shims
@@ -1552,8 +1553,11 @@ Examples:
       if (agent.displayName) console.log(source_default.dim(agent.displayName));
       console.log();
       console.log(`Agent ID:     ${agent.agentId}`);
+      const permissionPolicies = options.permissions ? permissionGrantsToFirewallPolicies(
+        await listZeroUserPermissionGrants(agent.agentId)
+      ) : null;
       const resolvedPolicies = resolveFirewallPolicies(
-        agent.permissionPolicies,
+        permissionPolicies,
         connectorTypes
       );
       const connectorInfos = connectorTypes.map((type) => {
@@ -2979,66 +2983,6 @@ How connectors work:
 // src/commands/zero/doctor/permission-deny.ts
 init_esm_shims();
-// src/commands/zero/doctor/permission-context.ts
-init_esm_shims();
-var LEGACY_PERMISSION_GRANT_MODE = "legacy";
-function roleFromOrg(org) {
-  if (org.role === "admin") return "admin";
-  if (org.role === "member") return "member";
-  return "unknown";
-}
-function permissionGrantModeFromOrg(org) {
-  return org.permissionGrantMode ?? LEGACY_PERMISSION_GRANT_MODE;
-}
-async function resolveUserId() {
-  const zeroPayload = decodeZeroTokenPayload();
-  if (zeroPayload?.userId) return zeroPayload.userId;
-  const token = await getToken();
-  const cliPayload = decodeCliTokenPayload(token);
-  return cliPayload?.userId;
-}
-async function resolvePermissionGrantMode() {
-  try {
-    const org = await getZeroOrg();
-    return permissionGrantModeFromOrg(org);
-  } catch {
-    return LEGACY_PERMISSION_GRANT_MODE;
-  }
-}
-async function resolvePermissionChangeContext(agentId) {
-  try {
-    const org = await getZeroOrg();
-    const permissionGrantMode = permissionGrantModeFromOrg(org);
-    if (!agentId || permissionGrantMode === "user-grants") {
-      return {
-        role: roleFromOrg(org),
-        permissionGrantMode
-      };
-    }
-    if (org.role === "admin") {
-      return { role: "admin", permissionGrantMode };
-    }
-    if (org.role === "member") {
-      const userId = await resolveUserId();
-      if (userId) {
-        const agent = await getZeroAgent(agentId);
-        if (agent.ownerId === userId) {
-          return { role: "owner", permissionGrantMode };
-        }
-      }
-      return { role: "member", permissionGrantMode };
-    }
-    return { role: "unknown", permissionGrantMode };
-  } catch {
-    return {
-      role: "unknown",
-      permissionGrantMode: LEGACY_PERMISSION_GRANT_MODE
-    };
-  }
-}
-// src/commands/zero/doctor/permission-deny.ts
 var permissionDenyCommand = new Command().name("permission-deny").description(
   "Diagnose a permission denial and find the permission that covers it"
 ).argument("<connector-ref>", "The connector type (e.g. github)").addOption(
@@ -3092,11 +3036,8 @@ Notes:
         return (ruleCount.get(current) ?? Infinity) < (ruleCount.get(narrowest) ?? Infinity) ? current : narrowest;
       });
       console.log(`This is covered by the "${permission}" permission.`);
-      const permissionGrantMode = await resolvePermissionGrantMode();
-      const reasonArg = permissionGrantMode === "user-grants" ? "" : ' --reason "why this is needed"';
-      const actionVerb = permissionGrantMode === "user-grants" ? "allow" : "request";
       console.log(
-        `To ${actionVerb} this permission, run: zero doctor permission-change ${connectorRef} --permission ${permission} --enable${reasonArg}`
+        `To allow this permission, run: zero doctor permission-change ${connectorRef} --permission ${permission} --enable`
       );
     }
   )
@@ -3115,15 +3056,8 @@ function findPermissionInConfig(ref, permissionName) {
   }
   return false;
 }
-var REASON_MAX_LENGTH = 500;
-function addReasonParam(urlParams, role, usesUserGrants, reason) {
-  if (usesUserGrants || role !== "member" || !reason) return;
-  const truncated = reason.length > REASON_MAX_LENGTH ? reason.slice(0, REASON_MAX_LENGTH) : reason;
-  urlParams.set("reason", truncated);
-}
-function printSensitivePermissionGuidance(connectorRef, permission, action, usesUserGrants) {
+function printSensitivePermissionGuidance(connectorRef, permission, action) {
   if (action !== "enable") return;
-  const approvalWording = usesUserGrants ? "Only allow this permission below" : "Only request user approval below";
   if (connectorRef === "slack" && permission === "chat:write") {
     console.log("");
     console.log(
@@ -3133,7 +3067,7 @@ function printSensitivePermissionGuidance(connectorRef, permission, action, uses
       "Use `zero slack message send -c <channel> -t <text>` to send messages as the bot instead \u2014 this is the recommended approach for most use cases."
     );
     console.log(
-      `${approvalWording} if acting as the user is specifically required.`
+      "Only allow this permission below if acting as the user is specifically required."
     );
     console.log("");
   }
@@ -3146,77 +3080,34 @@ function printSensitivePermissionGuidance(connectorRef, permission, action, uses
       "Consider keeping gmail.send disabled and using gmail.compose instead \u2014 the agent can create drafts for the user to review and send manually."
     );
     console.log(
-      `${approvalWording} if direct sending is specifically required.`
+      "Only allow this permission below if direct sending is specifically required."
     );
     console.log("");
   }
 }
 function printPermissionActionMessage(args) {
-  if (args.usesUserGrants) {
-    const grantAction = args.action === "enable" ? "allow" : "deny";
-    console.log(
-      `You can ${grantAction} the "${args.permission}" permission for your connector access: [Manage ${args.label} permissions](${args.url})`
-    );
-    return;
-  }
-  if (args.role === "admin" || args.role === "owner") {
-    console.log(
-      `You can ${args.action} the "${args.permission}" permission directly: [Manage ${args.label} permissions](${args.url})`
-    );
-    return;
-  }
-  if (args.role !== "member") {
-    console.log(
-      `To ${args.action} the "${args.permission}" permission for ${args.label}: [Manage ${args.label} permissions](${args.url})`
-    );
-    return;
-  }
-  if (!args.reason) {
-    console.log(
-      `IMPORTANT: Re-run with \`--reason "one sentence why this is needed"\` so the admin can review your request faster.`
-    );
-    return;
-  }
-  if (args.action === "enable") {
-    console.log(
-      `Permission changes require admin approval. Request access at: [Request ${args.label} access](${args.url})`
-    );
-    return;
-  }
+  const grantAction = args.action === "enable" ? "allow" : "deny";
   console.log(
-    `Permission changes require admin approval. Contact an org admin to disable this permission: [View ${args.label} permissions](${args.url})`
+    `You can ${grantAction} the "${args.permission}" permission for your connector access: [Manage ${args.label} permissions](${args.url})`
   );
 }
-async function outputPermissionChangeMessage(connectorRef, permission, action, reason) {
+async function outputPermissionChangeMessage(connectorRef, permission, action) {
   const { label } = CONNECTOR_TYPES[connectorRef];
   const platformOrigin = await getPlatformOrigin();
   const agentId = process.env.ZERO_AGENT_ID;
-  const context = await resolvePermissionChangeContext(agentId || void 0);
-  const role = context.role;
-  const permissionGrantMode = context.permissionGrantMode;
-  const usesUserGrants = permissionGrantMode === "user-grants";
   const urlParams = new URLSearchParams({
     ref: connectorRef,
     permission,
     action: action === "enable" ? "allow" : "deny"
   });
-  addReasonParam(urlParams, role, usesUserGrants, reason);
   const pagePath = agentId ? `/agents/${agentId}/permissions` : "/agents";
   const url = `${platformOrigin}${pagePath}?${urlParams.toString()}`;
-  printSensitivePermissionGuidance(
-    connectorRef,
-    permission,
-    action,
-    usesUserGrants
-  );
+  printSensitivePermissionGuidance(connectorRef, permission, action);
   printPermissionActionMessage({
-    usesUserGrants,
     action,
-    role,
     permission,
     label,
-    url,
-    reason
+    url
   });
 }
 var permissionChangeCommand = new Command().name("permission-change").description("Change or request a permission (enable or disable)").argument("<connector-ref>", "The connector type (e.g. github)").addOption(
@@ -3235,10 +3126,7 @@ var permissionChangeCommand = new Command().name("permission-change").descriptio
     "Disable or request disabling the permission"
   ).conflicts("enable")
 ).addOption(
-  new Option(
-    "--reason <text>",
-    "Brief reason for admin approval requests (max 500 chars)"
-  )
+  new Option("--reason <text>", "Brief reason for the permission change")
 ).addHelpText(
   "after",
   `
@@ -3248,7 +3136,7 @@ Examples:
 Notes:
   - Outputs a platform URL for the user to adjust the permission
-  - Depending on rollout state, members either request approval or manage their own permission grants`
+  - Permission changes update the current user's connector grants`
 ).action(
   withErrorHandler(
     async (connectorRef, opts) => {
@@ -3267,8 +3155,7 @@ Notes:
       await outputPermissionChangeMessage(
         connectorRef,
         opts.permission,
-        action,
-        opts.reason
+        action
       );
     }
   )
@@ -5838,9 +5725,9 @@ async function showSandboxInfo(showPermissions) {
   }
   try {
     if (showPermissions) {
-      const [connectorsResult, agentResult, enabledResult] = await Promise.allSettled([
+      const [connectorsResult, grantsResult, enabledResult] = await Promise.allSettled([
         listZeroConnectors(),
-        getZeroAgent(agentId),
+        listZeroUserPermissionGrants(agentId),
         getZeroAgentUserConnectors(agentId)
       ]);
       if (connectorsResult.status === "rejected") return;
@@ -5849,10 +5736,10 @@ async function showSandboxInfo(showPermissions) {
       });
       if (identities.length === 0) return;
       let resolvedPolicies = null;
-      const permissionDataAvailable = agentResult.status === "fulfilled" && enabledResult.status === "fulfilled";
+      const permissionDataAvailable = grantsResult.status === "fulfilled" && enabledResult.status === "fulfilled";
       if (permissionDataAvailable) {
         resolvedPolicies = resolveFirewallPolicies(
-          agentResult.value.permissionPolicies,
+          permissionGrantsToFirewallPolicies(grantsResult.value),
           enabledResult.value
         );
       }
@@ -13432,7 +13319,7 @@ function registerZeroCommands(prog, commands) {
 var program = new Command();
 program.name("zero").description(
   "Zero CLI \u2014 interact with the zero platform from inside the sandbox"
-).version("9.180.5").addHelpText("after", () => {
+).version("9.180.6").addHelpText("after", () => {
   return buildZeroHelpText();
 });
 if (process.argv[1]?.endsWith("zero.js") || process.argv[1]?.endsWith("zero.ts") || process.argv[1]?.endsWith("zero")) {