@vm0/cli 9.208.0 → 9.208.1

package/{chunk-24KXQB23.js → chunk-HJC27CUJ.js}

@@ -80408,7 +80408,7 @@ if (DSN) {
   init2({
     dsn: DSN,
     environment: process.env.SENTRY_ENVIRONMENT ?? "production",
-    release: "9.208.0",
+    release: "9.208.1",
     sendDefaultPii: false,
     tracesSampleRate: 0,
     shutdownTimeout: 500,
@@ -80427,7 +80427,7 @@ if (DSN) {
     }
   });
   setContext("cli", {
-    version: "9.208.0",
+    version: "9.208.1",
     command: process.argv.slice(2).join(" ")
   });
   setContext("runtime", {
@@ -88060,6 +88060,218 @@ var VM0_MODEL_CREDIT_MULTIPLIER = Object.freeze({
   "gpt-5.4-mini": 0.3
 });
 
+// ../../packages/api-contracts/src/contracts/model-provider-firewalls.ts
+init_esm_shims();
+var MODEL_PROVIDER_ENV_PLACEHOLDERS = {
+  // Placeholder: sk-ant-api03-{93 word/hyphen chars}AA (108 chars total)
+  // Source: Semgrep regex \Bsk-ant-api03-[\w\-]{93}AA\B
+  //   https://semgrep.dev/blog/2025/secrets-story-and-prefixed-secrets/
+  ANTHROPIC_API_KEY: "sk-ant-api03-CoffeeSafeLocalCoffeeSafeLocalCoffeeSafeLocalCoffeeSafeLocalCoffeeSafeLocalCoffeeSafeLocalCofAA",
+  // Placeholder: sk-ant-oat01-{93 word/hyphen chars}AA (108 chars total)
+  // Source: same structure as API key; prefix from claude setup-token output
+  //   https://github.com/anthropics/claude-code/issues/18340
+  //   Example: sk-ant-oat01-xxxxx...xxxxx (1-year OAuth token)
+  CLAUDE_CODE_OAUTH_TOKEN: "sk-ant-oat01-CoffeeSafeLocalCoffeeSafeLocalCoffeeSafeLocalCoffeeSafeLocalCoffeeSafeLocalCoffeeSafeLocalCofAA",
+  // Generic bearer-token marker for Claude-compatible gateways that map
+  // provider-specific secrets into ANTHROPIC_AUTH_TOKEN.
+  ANTHROPIC_AUTH_TOKEN: "sk-CoffeeSafeLocalCoffeeSafeLocalCo",
+  // Placeholder: sk-proj-{chars}T3BlbkFJ{chars} (typical project key shape)
+  // Source: matches turbo/packages/connectors/src/firewalls/openai.generated.ts
+  OPENAI_API_KEY: "sk-proj-CoffeeSafeLocalCoffeeSafeLocalCoffeeSafeLocalCoffeeSafeLocaT3BlbkFJCoffeeSafeLocalCoffeeSafeLocalCoffeeSafeLocalCoffeeSafeLoca",
+  // Opaque fake marker, not a JWT. Codex ChatGPT mode reads auth.json, while
+  // firewall auth substitutes this marker at egress.
+  CHATGPT_ACCESS_TOKEN: "chatgpt-token-CoffeeSafeLocalCoffeeSafeLocalCoffeeSafeLocalCoffeeSafeLocal",
+  CHATGPT_ACCOUNT_ID: "ws_VM0_PLACEHOLDER_DO_NOT_TRUST",
+  CHATGPT_REFRESH_TOKEN: "rt_VM0_PLACEHOLDER_DO_NOT_TRUST"
+};
+var MODEL_PROVIDER_FIREWALL_PROVIDER_CONFIGS = {
+  "anthropic-api-key": {
+    framework: "claude-code",
+    secretName: "ANTHROPIC_API_KEY"
+  },
+  "claude-code-oauth-token": {
+    framework: "claude-code",
+    secretName: "CLAUDE_CODE_OAUTH_TOKEN"
+  },
+  "openrouter-api-key": {
+    framework: "claude-code",
+    secretName: "OPENROUTER_API_KEY",
+    anthropicBaseUrl: "https://openrouter.ai/api"
+  },
+  "moonshot-api-key": {
+    framework: "claude-code",
+    secretName: "MOONSHOT_API_KEY",
+    anthropicBaseUrl: "https://api.moonshot.ai/anthropic"
+  },
+  "minimax-api-key": {
+    framework: "claude-code",
+    secretName: "MINIMAX_API_KEY",
+    anthropicBaseUrl: "https://api.minimax.io/anthropic"
+  },
+  "deepseek-api-key": {
+    framework: "claude-code",
+    secretName: "DEEPSEEK_API_KEY",
+    anthropicBaseUrl: "https://api.deepseek.com/anthropic"
+  },
+  "zai-api-key": {
+    framework: "claude-code",
+    secretName: "ZAI_API_KEY",
+    anthropicBaseUrl: "https://api.z.ai/api/anthropic"
+  },
+  "vercel-ai-gateway": {
+    framework: "claude-code",
+    secretName: "VERCEL_AI_GATEWAY_API_KEY",
+    anthropicBaseUrl: "https://ai-gateway.vercel.sh"
+  },
+  "openrouter-codex": {
+    framework: "codex",
+    secretName: "OPENROUTER_API_KEY",
+    openaiBaseUrl: "https://openrouter.ai/api/v1"
+  },
+  "vercel-ai-gateway-codex": {
+    framework: "codex",
+    secretName: "VERCEL_AI_GATEWAY_API_KEY",
+    openaiBaseUrl: "https://ai-gateway.vercel.sh/v1"
+  },
+  "openai-api-key": {
+    framework: "codex",
+    secretName: "OPENAI_API_KEY"
+  }
+};
+var ANTHROPIC_API_BASE = "https://api.anthropic.com";
+function isLegacySingleSecretProvider(type) {
+  return type !== "codex-oauth-token";
+}
+function getFirewallBaseUrl(type) {
+  if (!isLegacySingleSecretProvider(type)) {
+    return "https://chatgpt.com/backend-api/codex";
+  }
+  const config3 = MODEL_PROVIDER_FIREWALL_PROVIDER_CONFIGS[type];
+  if (config3.framework === "codex") {
+    return config3.openaiBaseUrl?.replace(/\/+$/, "") ?? "https://api.openai.com/v1/responses";
+  }
+  const base = (config3.anthropicBaseUrl ?? ANTHROPIC_API_BASE).replace(
+    /\/+$/,
+    ""
+  );
+  return `${base}/v1/messages`;
+}
+function mpFirewall(type, authHeader, placeholderValue) {
+  const secretName = MODEL_PROVIDER_FIREWALL_PROVIDER_CONFIGS[type].secretName;
+  const secretRef = `\${{ secrets.${secretName} }}`;
+  const headerValue = authHeader.valuePrefix ? `${authHeader.valuePrefix} ${secretRef}` : secretRef;
+  return {
+    name: `model-provider:${type}`,
+    apis: [
+      {
+        base: getFirewallBaseUrl(type),
+        auth: { headers: { [authHeader.name]: headerValue } },
+        permissions: []
+      }
+    ],
+    placeholders: { [secretName]: placeholderValue }
+  };
+}
+var MODEL_PROVIDER_FIREWALL_CONFIGS = {
+  "anthropic-api-key": mpFirewall(
+    "anthropic-api-key",
+    { name: "x-api-key" },
+    MODEL_PROVIDER_ENV_PLACEHOLDERS.ANTHROPIC_API_KEY
+  ),
+  "claude-code-oauth-token": mpFirewall(
+    "claude-code-oauth-token",
+    { name: "Authorization", valuePrefix: "Bearer" },
+    MODEL_PROVIDER_ENV_PLACEHOLDERS.CLAUDE_CODE_OAUTH_TOKEN
+  ),
+  "openrouter-api-key": mpFirewall(
+    "openrouter-api-key",
+    { name: "Authorization", valuePrefix: "Bearer" },
+    MODEL_PROVIDER_ENV_PLACEHOLDERS.ANTHROPIC_AUTH_TOKEN
+  ),
+  "moonshot-api-key": mpFirewall(
+    "moonshot-api-key",
+    { name: "Authorization", valuePrefix: "Bearer" },
+    MODEL_PROVIDER_ENV_PLACEHOLDERS.ANTHROPIC_AUTH_TOKEN
+  ),
+  "minimax-api-key": mpFirewall(
+    "minimax-api-key",
+    { name: "Authorization", valuePrefix: "Bearer" },
+    MODEL_PROVIDER_ENV_PLACEHOLDERS.ANTHROPIC_AUTH_TOKEN
+  ),
+  "deepseek-api-key": mpFirewall(
+    "deepseek-api-key",
+    { name: "Authorization", valuePrefix: "Bearer" },
+    MODEL_PROVIDER_ENV_PLACEHOLDERS.ANTHROPIC_AUTH_TOKEN
+  ),
+  "zai-api-key": mpFirewall(
+    "zai-api-key",
+    { name: "Authorization", valuePrefix: "Bearer" },
+    MODEL_PROVIDER_ENV_PLACEHOLDERS.ANTHROPIC_AUTH_TOKEN
+  ),
+  "vercel-ai-gateway": mpFirewall(
+    "vercel-ai-gateway",
+    { name: "Authorization", valuePrefix: "Bearer" },
+    MODEL_PROVIDER_ENV_PLACEHOLDERS.ANTHROPIC_AUTH_TOKEN
+  ),
+  // Codex-framework twin of openrouter-api-key. It reuses the same stored
+  // OpenRouter secret, but the sandbox env name is OPENAI_API_KEY because codex
+  // SDK hits OpenAI-compatible paths (/chat/completions, /responses) under
+  // https://openrouter.ai/api/v1.
+  "openrouter-codex": mpFirewall(
+    "openrouter-codex",
+    { name: "Authorization", valuePrefix: "Bearer" },
+    MODEL_PROVIDER_ENV_PLACEHOLDERS.OPENAI_API_KEY
+  ),
+  // Codex-framework twin of vercel-ai-gateway. It reuses the same stored Vercel
+  // secret, but the sandbox env name is OPENAI_API_KEY. Base URL is scoped to
+  // the /v1 prefix so codex can use either /chat/completions or /responses.
+  "vercel-ai-gateway-codex": mpFirewall(
+    "vercel-ai-gateway-codex",
+    { name: "Authorization", valuePrefix: "Bearer" },
+    MODEL_PROVIDER_ENV_PLACEHOLDERS.OPENAI_API_KEY
+  ),
+  "openai-api-key": mpFirewall(
+    "openai-api-key",
+    { name: "Authorization", valuePrefix: "Bearer" },
+    MODEL_PROVIDER_ENV_PLACEHOLDERS.OPENAI_API_KEY
+  ),
+  // ChatGPT OAuth provider: multi-header injection plus auth.openai.com deny.
+  "codex-oauth-token": {
+    name: "model-provider:codex-oauth-token",
+    apis: [
+      {
+        base: "https://chatgpt.com/backend-api/codex",
+        auth: {
+          headers: {
+            Authorization: "Bearer ${{ secrets.CHATGPT_ACCESS_TOKEN }}",
+            "ChatGPT-Account-ID": "${{ secrets.CHATGPT_ACCOUNT_ID }}"
+          }
+        },
+        permissions: [
+          {
+            name: "codex:api",
+            rules: ["GET /{path*}", "POST /{path*}"]
+          }
+        ]
+      },
+      {
+        base: "https://auth.openai.com",
+        auth: { headers: {} },
+        permissions: [{ name: "denied", rules: ["ANY /*"] }]
+      }
+    ],
+    defaultPolicies: {
+      deny: ["denied"],
+      unknownPolicy: "deny"
+    },
+    placeholders: {
+      CHATGPT_ACCESS_TOKEN: MODEL_PROVIDER_ENV_PLACEHOLDERS.CHATGPT_ACCESS_TOKEN,
+      CHATGPT_ACCOUNT_ID: MODEL_PROVIDER_ENV_PLACEHOLDERS.CHATGPT_ACCOUNT_ID,
+      CHATGPT_REFRESH_TOKEN: MODEL_PROVIDER_ENV_PLACEHOLDERS.CHATGPT_REFRESH_TOKEN
+    }
+  }
+};
+
 // ../../packages/api-contracts/src/contracts/model-providers.ts
 var supportedRunModelSchema = external_exports.enum(SUPPORTED_RUN_MODELS);
 var modelProviderCredentialScopeSchema = external_exports.enum(["org", "member"]);
@@ -88553,28 +88765,6 @@ var HIDDEN_PROVIDER_LIST = ["aws-bedrock", "azure-foundry"];
 var HIDDEN_PROVIDER_TYPES = new Set(
   HIDDEN_PROVIDER_LIST
 );
-var MODEL_PROVIDER_ENV_PLACEHOLDERS = {
-  // Placeholder: sk-ant-api03-{93 word/hyphen chars}AA (108 chars total)
-  // Source: Semgrep regex \Bsk-ant-api03-[\w\-]{93}AA\B
-  //   https://semgrep.dev/blog/2025/secrets-story-and-prefixed-secrets/
-  ANTHROPIC_API_KEY: "sk-ant-api03-CoffeeSafeLocalCoffeeSafeLocalCoffeeSafeLocalCoffeeSafeLocalCoffeeSafeLocalCoffeeSafeLocalCofAA",
-  // Placeholder: sk-ant-oat01-{93 word/hyphen chars}AA (108 chars total)
-  // Source: same structure as API key; prefix from claude setup-token output
-  //   https://github.com/anthropics/claude-code/issues/18340
-  //   Example: sk-ant-oat01-xxxxx...xxxxx (1-year OAuth token)
-  CLAUDE_CODE_OAUTH_TOKEN: "sk-ant-oat01-CoffeeSafeLocalCoffeeSafeLocalCoffeeSafeLocalCoffeeSafeLocalCoffeeSafeLocalCoffeeSafeLocalCofAA",
-  // Generic bearer-token marker for Claude-compatible gateways that map
-  // provider-specific secrets into ANTHROPIC_AUTH_TOKEN.
-  ANTHROPIC_AUTH_TOKEN: "sk-CoffeeSafeLocalCoffeeSafeLocalCo",
-  // Placeholder: sk-proj-{chars}T3BlbkFJ{chars} (typical project key shape)
-  // Source: matches turbo/packages/connectors/src/firewalls/openai.generated.ts
-  OPENAI_API_KEY: "sk-proj-CoffeeSafeLocalCoffeeSafeLocalCoffeeSafeLocalCoffeeSafeLocaT3BlbkFJCoffeeSafeLocalCoffeeSafeLocalCoffeeSafeLocalCoffeeSafeLoca",
-  // Opaque fake marker, not a JWT. Codex ChatGPT mode reads auth.json, while
-  // firewall auth substitutes this marker at egress.
-  CHATGPT_ACCESS_TOKEN: "chatgpt-token-CoffeeSafeLocalCoffeeSafeLocalCoffeeSafeLocalCoffeeSafeLocal",
-  CHATGPT_ACCOUNT_ID: "ws_VM0_PLACEHOLDER_DO_NOT_TRUST",
-  CHATGPT_REFRESH_TOKEN: "rt_VM0_PLACEHOLDER_DO_NOT_TRUST"
-};
 function getSelectableProviderTypes() {
   return Object.keys(MODEL_PROVIDER_TYPES).filter(
     (type) => {
@@ -88582,162 +88772,6 @@ function getSelectableProviderTypes() {
     }
   );
 }
-var ANTHROPIC_API_BASE = "https://api.anthropic.com";
-function getFirewallBaseUrl(type) {
-  if (type === "codex-oauth-token") {
-    return "https://chatgpt.com/backend-api/codex";
-  }
-  if (getFrameworkForType(type) === "codex") {
-    const overrideBase = getModelProviderEnvBindings(type)?.OPENAI_BASE_URL;
-    if (overrideBase) {
-      return overrideBase.replace(/\/+$/, "");
-    }
-    return "https://api.openai.com/v1/responses";
-  }
-  const base = (getModelProviderEnvBindings(type)?.ANTHROPIC_BASE_URL ?? ANTHROPIC_API_BASE).replace(/\/+$/, "");
-  return `${base}/v1/messages`;
-}
-function mpFirewall(type, authHeader, placeholderValue) {
-  const secretName = MODEL_PROVIDER_TYPES[type].secretName;
-  const secretRef = `\${{ secrets.${secretName} }}`;
-  const headerValue = authHeader.valuePrefix ? `${authHeader.valuePrefix} ${secretRef}` : secretRef;
-  return {
-    name: `model-provider:${type}`,
-    apis: [
-      {
-        base: getFirewallBaseUrl(type),
-        auth: { headers: { [authHeader.name]: headerValue } },
-        permissions: []
-      }
-    ],
-    placeholders: { [secretName]: placeholderValue }
-  };
-}
-var MODEL_PROVIDER_FIREWALL_CONFIGS = {
-  "anthropic-api-key": mpFirewall(
-    "anthropic-api-key",
-    { name: "x-api-key" },
-    MODEL_PROVIDER_ENV_PLACEHOLDERS.ANTHROPIC_API_KEY
-  ),
-  "claude-code-oauth-token": mpFirewall(
-    "claude-code-oauth-token",
-    { name: "Authorization", valuePrefix: "Bearer" },
-    MODEL_PROVIDER_ENV_PLACEHOLDERS.CLAUDE_CODE_OAUTH_TOKEN
-  ),
-  "openrouter-api-key": mpFirewall(
-    "openrouter-api-key",
-    { name: "Authorization", valuePrefix: "Bearer" },
-    MODEL_PROVIDER_ENV_PLACEHOLDERS.ANTHROPIC_AUTH_TOKEN
-  ),
-  "moonshot-api-key": mpFirewall(
-    "moonshot-api-key",
-    { name: "Authorization", valuePrefix: "Bearer" },
-    MODEL_PROVIDER_ENV_PLACEHOLDERS.ANTHROPIC_AUTH_TOKEN
-  ),
-  "minimax-api-key": mpFirewall(
-    "minimax-api-key",
-    { name: "Authorization", valuePrefix: "Bearer" },
-    MODEL_PROVIDER_ENV_PLACEHOLDERS.ANTHROPIC_AUTH_TOKEN
-  ),
-  "deepseek-api-key": mpFirewall(
-    "deepseek-api-key",
-    { name: "Authorization", valuePrefix: "Bearer" },
-    MODEL_PROVIDER_ENV_PLACEHOLDERS.ANTHROPIC_AUTH_TOKEN
-  ),
-  "zai-api-key": mpFirewall(
-    "zai-api-key",
-    { name: "Authorization", valuePrefix: "Bearer" },
-    MODEL_PROVIDER_ENV_PLACEHOLDERS.ANTHROPIC_AUTH_TOKEN
-  ),
-  "vercel-ai-gateway": mpFirewall(
-    "vercel-ai-gateway",
-    { name: "Authorization", valuePrefix: "Bearer" },
-    MODEL_PROVIDER_ENV_PLACEHOLDERS.ANTHROPIC_AUTH_TOKEN
-  ),
-  // Codex-framework twin of openrouter-api-key. It reuses the same stored
-  // OpenRouter secret, but the sandbox env name is OPENAI_API_KEY because codex
-  // SDK hits OpenAI-compatible paths (/chat/completions, /responses) under
-  // https://openrouter.ai/api/v1, derived from the OPENAI_BASE_URL mapping by
-  // getFirewallBaseUrl.
-  "openrouter-codex": mpFirewall(
-    "openrouter-codex",
-    { name: "Authorization", valuePrefix: "Bearer" },
-    MODEL_PROVIDER_ENV_PLACEHOLDERS.OPENAI_API_KEY
-  ),
-  // Codex-framework twin of vercel-ai-gateway. It reuses the same stored Vercel
-  // secret, but the sandbox env name is OPENAI_API_KEY. Base URL is scoped to
-  // the /v1 prefix by getFirewallBaseUrl so codex can use either
-  // /chat/completions or /responses paths the gateway exposes.
-  "vercel-ai-gateway-codex": mpFirewall(
-    "vercel-ai-gateway-codex",
-    { name: "Authorization", valuePrefix: "Bearer" },
-    MODEL_PROVIDER_ENV_PLACEHOLDERS.OPENAI_API_KEY
-  ),
-  "openai-api-key": mpFirewall(
-    "openai-api-key",
-    { name: "Authorization", valuePrefix: "Bearer" },
-    MODEL_PROVIDER_ENV_PLACEHOLDERS.OPENAI_API_KEY
-  ),
-  // ChatGPT OAuth provider — multi-header injection + auth.openai.com deny.
-  // Sandbox holds placeholder strings; firewall replaces them with real
-  // tokens at egress. The auth.openai.com entry is defense-in-depth: codex's
-  // CODEX_REFRESH_TOKEN_URL_OVERRIDE already prevents in-sandbox refreshes,
-  // but if codex ever ignores it, this firewall denies the egress at the
-  // proxy layer.
-  //
-  // Placeholder values are opaque markers, NOT JWTs — codex doesn't read
-  // CHATGPT_ACCESS_TOKEN from env in ChatGPT mode; it reads the real JWT
-  // from ~/.codex/auth.json built by guest-agent (#11877). The placeholder
-  // here only needs to be a stable, non-empty string the firewall can match
-  // and substitute. Account-id placeholder still equals #11877's literal
-  // since the architectural relationship across the two surfaces matters.
-  "codex-oauth-token": {
-    name: "model-provider:codex-oauth-token",
-    apis: [
-      {
-        base: "https://chatgpt.com/backend-api/codex",
-        auth: {
-          headers: {
-            Authorization: "Bearer ${{ secrets.CHATGPT_ACCESS_TOKEN }}",
-            "ChatGPT-Account-ID": "${{ secrets.CHATGPT_ACCOUNT_ID }}"
-          }
-        },
-        permissions: [
-          {
-            name: "codex:api",
-            // Subtree-wildcard the codex backend: codex's path surface keeps
-            // growing (#12099 added /responses, then /responses/compact 403'd
-            // again). Method narrowing to GET/POST is the actual safety net —
-            // it blocks accidental DELETE/PUT/PATCH on the user's ChatGPT
-            // account if codex is ever prompt-injected. Base is already
-            // locked to /backend-api/codex, so the blast radius is just
-            // codex's own surface area.
-            rules: ["GET /{path*}", "POST /{path*}"]
-          }
-        ]
-      },
-      {
-        base: "https://auth.openai.com",
-        auth: { headers: {} },
-        permissions: [{ name: "denied", rules: ["ANY /*"] }]
-      }
-    ],
-    defaultPolicies: {
-      deny: ["denied"],
-      unknownPolicy: "deny"
-    },
-    placeholders: {
-      CHATGPT_ACCESS_TOKEN: MODEL_PROVIDER_ENV_PLACEHOLDERS.CHATGPT_ACCESS_TOKEN,
-      CHATGPT_ACCOUNT_ID: MODEL_PROVIDER_ENV_PLACEHOLDERS.CHATGPT_ACCOUNT_ID,
-      // refresh_token written by guest-agent into ~/.codex/auth.json (#12077).
-      // Kept in this map so the firewall can substitute it on egress if codex
-      // ever tries to use it directly — defense-in-depth alongside
-      // CODEX_REFRESH_TOKEN_URL_OVERRIDE which redirects refresh attempts to
-      // localhost. The sandbox never gets the real refresh_token (#7365).
-      CHATGPT_REFRESH_TOKEN: MODEL_PROVIDER_ENV_PLACEHOLDERS.CHATGPT_REFRESH_TOKEN
-    }
-  }
-};
 var modelProviderTypeSchema = external_exports.enum([
   "claude-code-oauth-token",
   "anthropic-api-key",
@@ -88756,9 +88790,6 @@ var modelProviderTypeSchema = external_exports.enum([
   "vm0"
 ]);
 var modelProviderFrameworkSchema = external_exports.enum(["claude-code", "codex"]);
-function getFrameworkForType(type) {
-  return MODEL_PROVIDER_TYPES[type]?.framework ?? "claude-code";
-}
 function hasAuthMethods(type) {
   const config3 = MODEL_PROVIDER_TYPES[type];
   if (!config3) return false;
@@ -88781,10 +88812,6 @@ function getSecretsForAuthMethod(type, authMethod) {
   const method = authMethods[authMethod];
   return method?.secrets;
 }
-function getModelProviderEnvBindings(type) {
-  const config3 = MODEL_PROVIDER_TYPES[type];
-  return "envBindings" in config3 ? config3.envBindings : void 0;
-}
 var modelProviderResponseSchema = external_exports.object({
   id: external_exports.uuid(),
   type: modelProviderTypeSchema,
@@ -114107,4 +114134,4 @@ undici/lib/web/fetch/body.js:
 undici/lib/web/websocket/frame.js:
   (*! ws. MIT License. Einar Otto Stangvik <einaros@gmail.com> *)
 */
-//# sourceMappingURL=chunk-24KXQB23.js.map
+//# sourceMappingURL=chunk-HJC27CUJ.js.map