@vm0/cli 9.59.5 → 9.60.0

package/index.js

@@ -45,7 +45,7 @@ if (DSN) {
   Sentry.init({
     dsn: DSN,
     environment: process.env.SENTRY_ENVIRONMENT ?? "production",
-    release: "9.59.5",
+    release: "9.60.0",
     sendDefaultPii: false,
     tracesSampleRate: 0,
     shutdownTimeout: 500,
@@ -64,7 +64,7 @@ if (DSN) {
     }
   });
   Sentry.setContext("cli", {
-    version: "9.59.5",
+    version: "9.60.0",
     command: process.argv.slice(2).join(" ")
   });
   Sentry.setContext("runtime", {
@@ -83,7 +83,7 @@ process.stdout.on("error", handleEpipe);
 process.stderr.on("error", handleEpipe);
 
 // src/index.ts
-import { Command as Command91 } from "commander";
+import { Command as Command86 } from "commander";
 
 // src/lib/network/proxy.ts
 import { EnvHttpProxyAgent, setGlobalDispatcher } from "undici";
@@ -673,7 +673,7 @@ function getConfigPath() {
   return join2(homedir2(), ".vm0", "config.json");
 }
 var infoCommand = new Command6().name("info").description("Display environment and debug information").action(async () => {
-  console.log(chalk4.bold(`VM0 CLI v${"9.59.5"}`));
+  console.log(chalk4.bold(`VM0 CLI v${"9.60.0"}`));
   console.log();
   const config = await loadConfig();
   const hasEnvToken = !!process.env.VM0_TOKEN;
@@ -780,161 +780,9 @@ var apiErrorSchema = z2.object({
 });
 
 // ../../packages/core/src/contracts/composes.ts
-import { z as z4 } from "zod";
-
-// ../../packages/core/src/contracts/runners.ts
 import { z as z3 } from "zod";
 var c = initContract();
-var runnerGroupSchema = z3.string().regex(
-  /^[a-z0-9-]+\/[a-z0-9-]+$/,
-  "Runner group must be in org/name format (e.g., acme/production)"
-);
-var jobSchema = z3.object({
-  runId: z3.string().uuid(),
-  prompt: z3.string(),
-  agentComposeVersionId: z3.string().nullable(),
-  vars: z3.record(z3.string(), z3.string()).nullable(),
-  checkpointId: z3.string().uuid().nullable()
-});
-var runnersPollContract = c.router({
-  poll: {
-    method: "POST",
-    path: "/api/runners/poll",
-    headers: authHeadersSchema,
-    body: z3.object({
-      group: runnerGroupSchema
-    }),
-    responses: {
-      200: z3.object({
-        job: jobSchema.nullable()
-      }),
-      400: apiErrorSchema,
-      401: apiErrorSchema,
-      500: apiErrorSchema
-    },
-    summary: "Poll for pending jobs (long-polling with 30s timeout)"
-  }
-});
-var servicePermissionSchema = z3.object({
-  name: z3.string(),
-  description: z3.string().optional(),
-  rules: z3.array(z3.string())
-});
-var serviceApiEntrySchema = z3.object({
-  base: z3.string(),
-  auth: z3.object({
-    headers: z3.record(z3.string(), z3.string())
-  }),
-  permissions: z3.array(servicePermissionSchema).optional()
-});
-var serviceEntrySchema = z3.object({
-  name: z3.string(),
-  ref: z3.string(),
-  apis: z3.array(serviceApiEntrySchema)
-});
-var experimentalServicesSchema = z3.array(serviceEntrySchema);
-var storageEntrySchema = z3.object({
-  mountPath: z3.string(),
-  archiveUrl: z3.string().nullable()
-});
-var artifactEntrySchema = z3.object({
-  mountPath: z3.string(),
-  archiveUrl: z3.string().nullable(),
-  vasStorageName: z3.string(),
-  vasVersionId: z3.string()
-});
-var storageManifestSchema = z3.object({
-  storages: z3.array(storageEntrySchema),
-  artifact: artifactEntrySchema.nullable(),
-  memory: artifactEntrySchema.nullable()
-});
-var resumeSessionSchema = z3.object({
-  sessionId: z3.string(),
-  sessionHistory: z3.string()
-});
-var storedExecutionContextSchema = z3.object({
-  workingDir: z3.string(),
-  storageManifest: storageManifestSchema.nullable(),
-  environment: z3.record(z3.string(), z3.string()).nullable(),
-  resumeSession: resumeSessionSchema.nullable(),
-  encryptedSecrets: z3.string().nullable(),
-  // AES-256-GCM encrypted Record<string, string> (secret name → value)
-  // Maps secret names to OAuth connector types for runtime token refresh (e.g. { "GMAIL_ACCESS_TOKEN": "gmail" })
-  secretConnectorMap: z3.record(z3.string(), z3.string()).nullable().optional(),
-  cliAgentType: z3.string(),
-  // Debug flag to force real Claude in mock environments (internal use only)
-  debugNoMockClaude: z3.boolean().optional(),
-  // Dispatch timestamp for E2E timing metrics
-  apiStartTime: z3.number().optional(),
-  // User's timezone preference (IANA format, e.g., "Asia/Shanghai")
-  userTimezone: z3.string().optional(),
-  // Agent metadata for VM0_AGENT_NAME and VM0_AGENT_ORG env vars
-  agentName: z3.string().optional(),
-  agentOrgSlug: z3.string().optional(),
-  // Memory storage name (for first-run when manifest.memory is null)
-  memoryName: z3.string().optional(),
-  // Experimental services for proxy-side token replacement
-  experimentalServices: experimentalServicesSchema.optional()
-});
-var executionContextSchema = z3.object({
-  runId: z3.string().uuid(),
-  prompt: z3.string(),
-  agentComposeVersionId: z3.string().nullable(),
-  vars: z3.record(z3.string(), z3.string()).nullable(),
-  checkpointId: z3.string().uuid().nullable(),
-  sandboxToken: z3.string(),
-  // New fields for E2B parity:
-  workingDir: z3.string(),
-  storageManifest: storageManifestSchema.nullable(),
-  environment: z3.record(z3.string(), z3.string()).nullable(),
-  resumeSession: resumeSessionSchema.nullable(),
-  secretValues: z3.array(z3.string()).nullable(),
-  // AES-256-GCM encrypted Record<string, string> — passed through to mitm-addon for auth resolution
-  encryptedSecrets: z3.string().nullable(),
-  // Maps secret names to OAuth connector types for runtime token refresh
-  secretConnectorMap: z3.record(z3.string(), z3.string()).nullable().optional(),
-  cliAgentType: z3.string(),
-  // Debug flag to force real Claude in mock environments (internal use only)
-  debugNoMockClaude: z3.boolean().optional(),
-  // Dispatch timestamp for E2E timing metrics
-  apiStartTime: z3.number().optional(),
-  // User's timezone preference (IANA format, e.g., "Asia/Shanghai")
-  userTimezone: z3.string().optional(),
-  // Agent metadata
-  agentName: z3.string().optional(),
-  agentOrgSlug: z3.string().optional(),
-  // Memory storage name (for first-run when manifest.memory is null)
-  memoryName: z3.string().optional(),
-  // Experimental services for proxy-side token replacement
-  experimentalServices: experimentalServicesSchema.optional()
-});
-var runnersJobClaimContract = c.router({
-  claim: {
-    method: "POST",
-    path: "/api/runners/jobs/:id/claim",
-    headers: authHeadersSchema,
-    pathParams: z3.object({
-      id: z3.string().uuid()
-    }),
-    body: z3.object({}),
-    responses: {
-      200: executionContextSchema,
-      400: apiErrorSchema,
-      401: apiErrorSchema,
-      403: apiErrorSchema,
-      // Job does not belong to user
-      404: apiErrorSchema,
-      409: apiErrorSchema,
-      // Already claimed
-      500: apiErrorSchema
-    },
-    summary: "Claim a pending job for execution"
-  }
-});
-
-// ../../packages/core/src/contracts/composes.ts
-var c2 = initContract();
-var composeVersionQuerySchema = z4.string().min(1, "Missing version query parameter").regex(
+var composeVersionQuerySchema = z3.string().min(1, "Missing version query parameter").regex(
   /^[a-f0-9]{8,64}$|^latest$/i,
   "Version must be 8-64 hex characters or 'latest'"
 );
@@ -953,26 +801,31 @@ var VALID_CAPABILITIES = [
   "schedule:read",
   "schedule:write"
 ];
-var agentNameSchema = z4.string().min(3, "Agent name must be at least 3 characters").max(64, "Agent name must be 64 characters or less").regex(
+var firewallPermissionSchema = z3.object({
+  name: z3.string(),
+  description: z3.string().optional(),
+  rules: z3.array(z3.string())
+});
+var agentNameSchema = z3.string().min(3, "Agent name must be at least 3 characters").max(64, "Agent name must be 64 characters or less").regex(
   AGENT_NAME_REGEX,
   "Agent name must start and end with letter or number, and contain only letters, numbers, and hyphens"
 );
-var volumeConfigSchema = z4.object({
-  name: z4.string().min(1, "Volume name is required"),
-  version: z4.string().min(1, "Volume version is required"),
+var volumeConfigSchema = z3.object({
+  name: z3.string().min(1, "Volume name is required"),
+  version: z3.string().min(1, "Volume version is required"),
   /** When true, skip mounting without error if volume doesn't exist */
-  optional: z4.boolean().optional()
+  optional: z3.boolean().optional()
 });
-var agentDefinitionSchema = z4.object({
-  description: z4.string().optional(),
-  framework: z4.string().min(1, "Framework is required"),
-  volumes: z4.array(z4.string()).optional(),
-  environment: z4.record(z4.string(), z4.string()).optional(),
+var agentDefinitionSchema = z3.object({
+  description: z3.string().optional(),
+  framework: z3.string().min(1, "Framework is required"),
+  volumes: z3.array(z3.string()).optional(),
+  environment: z3.record(z3.string(), z3.string()).optional(),
   /**
    * Path to instructions file (e.g., AGENTS.md).
    * Auto-uploaded as volume and mounted at /home/user/.claude/CLAUDE.md
    */
-  instructions: z4.string().min(1, "Instructions path cannot be empty").refine(
+  instructions: z3.string().min(1, "Instructions path cannot be empty").refine(
     (val) => !val.includes("..") && !val.startsWith("/") && !val.startsWith("\\"),
     "Instructions path must be a relative path without '..' segments"
   ).optional(),
@@ -980,33 +833,33 @@ var agentDefinitionSchema = z4.object({
    * Array of GitHub tree URLs for agent skills.
    * Each skill is auto-downloaded and mounted at /home/user/.claude/skills/{skillName}/
    */
-  skills: z4.array(z4.string()).optional(),
+  skills: z3.array(z3.string()).optional(),
   /**
    * Route this agent to a self-hosted runner instead of E2B.
    * When specified, runs will be queued for the specified runner group.
    */
-  experimental_runner: z4.object({
-    group: z4.string().regex(
+  experimental_runner: z3.object({
+    group: z3.string().regex(
       /^[a-z0-9-]+\/[a-z0-9-]+$/,
       "Runner group must be in org/name format (e.g., acme/production)"
     )
   }).optional(),
   /**
-   * External services for proxy-side token replacement.
+   * External firewall rules for proxy-side token replacement.
    * CLI input: map format { slack: { permissions: [...] | "all" } }
-   * — expanded by CLI to full ExpandedServiceConfig[] before API call.
+   * — expanded by CLI to full ExpandedFirewallConfig[] before API call.
    */
-  experimental_services: z4.record(
-    z4.string(),
-    z4.object({
-      permissions: z4.union([z4.literal("all"), z4.array(z4.string()).min(1)])
+  experimental_firewall: z3.record(
+    z3.string(),
+    z3.object({
+      permissions: z3.union([z3.literal("all"), z3.array(z3.string()).min(1)])
     })
   ).optional(),
   /**
    * Capabilities that the agent is allowed to use.
    * Validated against VALID_CAPABILITIES at compose time.
    */
-  experimental_capabilities: z4.array(z4.enum(VALID_CAPABILITIES)).refine((arr) => new Set(arr).size === arr.length, {
+  experimental_capabilities: z3.array(z3.enum(VALID_CAPABILITIES)).refine((arr) => new Set(arr).size === arr.length, {
     message: "Duplicate capabilities are not allowed"
   }).optional(),
   /**
@@ -1014,68 +867,68 @@ var agentDefinitionSchema = z4.object({
    * - displayName: Human-readable name shown in the UI (preserves original casing).
    * - sound: Communication tone (e.g., "professional", "friendly").
    */
-  metadata: z4.object({
-    displayName: z4.string().optional(),
-    description: z4.string().optional(),
-    sound: z4.string().optional()
+  metadata: z3.object({
+    displayName: z3.string().optional(),
+    description: z3.string().optional(),
+    sound: z3.string().optional()
   }).optional(),
   /**
    * @deprecated Server-resolved field. User input is ignored.
    * @internal
    */
-  image: z4.string().optional(),
+  image: z3.string().optional(),
   /**
    * @deprecated Server-resolved field. User input is ignored.
    * @internal
    */
-  working_dir: z4.string().optional()
+  working_dir: z3.string().optional()
 });
-var agentComposeContentSchema = z4.object({
-  version: z4.string().min(1, "Version is required"),
-  agents: z4.record(z4.string(), agentDefinitionSchema),
-  volumes: z4.record(z4.string(), volumeConfigSchema).optional()
+var agentComposeContentSchema = z3.object({
+  version: z3.string().min(1, "Version is required"),
+  agents: z3.record(z3.string(), agentDefinitionSchema),
+  volumes: z3.record(z3.string(), volumeConfigSchema).optional()
 });
-var expandedServiceConfigSchema = z4.object({
-  name: z4.string(),
-  ref: z4.string(),
-  description: z4.string().optional(),
-  apis: z4.array(
-    z4.object({
-      base: z4.string(),
-      auth: z4.object({
-        headers: z4.record(z4.string(), z4.string())
+var expandedFirewallConfigSchema = z3.object({
+  name: z3.string(),
+  ref: z3.string(),
+  description: z3.string().optional(),
+  apis: z3.array(
+    z3.object({
+      base: z3.string(),
+      auth: z3.object({
+        headers: z3.record(z3.string(), z3.string())
       }),
-      permissions: z4.array(servicePermissionSchema).optional()
+      permissions: z3.array(firewallPermissionSchema).optional()
     })
   ),
-  placeholders: z4.record(z4.string(), z4.string()).optional()
+  placeholders: z3.record(z3.string(), z3.string()).optional()
 });
-var agentComposeApiContentSchema = z4.object({
-  version: z4.string().min(1, "Version is required"),
-  agents: z4.record(
-    z4.string(),
+var agentComposeApiContentSchema = z3.object({
+  version: z3.string().min(1, "Version is required"),
+  agents: z3.record(
+    z3.string(),
     agentDefinitionSchema.extend({
-      experimental_services: z4.array(expandedServiceConfigSchema).optional()
+      experimental_firewall: z3.array(expandedFirewallConfigSchema).optional()
     })
   ),
-  volumes: z4.record(z4.string(), volumeConfigSchema).optional()
+  volumes: z3.record(z3.string(), volumeConfigSchema).optional()
 });
-var composeResponseSchema = z4.object({
-  id: z4.string(),
-  name: z4.string(),
-  headVersionId: z4.string().nullable(),
+var composeResponseSchema = z3.object({
+  id: z3.string(),
+  name: z3.string(),
+  headVersionId: z3.string().nullable(),
   content: agentComposeApiContentSchema.nullable(),
-  createdAt: z4.string(),
-  updatedAt: z4.string()
+  createdAt: z3.string(),
+  updatedAt: z3.string()
 });
-var createComposeResponseSchema = z4.object({
-  composeId: z4.string(),
-  name: z4.string(),
-  versionId: z4.string(),
-  action: z4.enum(["created", "existing"]),
-  updatedAt: z4.string()
+var createComposeResponseSchema = z3.object({
+  composeId: z3.string(),
+  name: z3.string(),
+  versionId: z3.string(),
+  action: z3.enum(["created", "existing"]),
+  updatedAt: z3.string()
 });
-var composesMainContract = c2.router({
+var composesMainContract = c.router({
   /**
    * GET /api/agent/composes?name={name}&org={org}
    * Get agent compose by name with HEAD version content
@@ -1085,9 +938,9 @@ var composesMainContract = c2.router({
     method: "GET",
     path: "/api/agent/composes",
     headers: authHeadersSchema,
-    query: z4.object({
-      name: z4.string().min(1, "Missing name query parameter"),
-      org: z4.string().optional()
+    query: z3.object({
+      name: z3.string().min(1, "Missing name query parameter"),
+      org: z3.string().optional()
     }),
     responses: {
       200: composeResponseSchema,
@@ -1107,7 +960,7 @@ var composesMainContract = c2.router({
     method: "POST",
     path: "/api/agent/composes",
     headers: authHeadersSchema,
-    body: z4.object({
+    body: z3.object({
       content: agentComposeApiContentSchema
     }),
     responses: {
@@ -1119,7 +972,7 @@ var composesMainContract = c2.router({
     summary: "Create or update agent compose version"
   }
 });
-var composesByIdContract = c2.router({
+var composesByIdContract = c.router({
   /**
    * GET /api/agent/composes/:id
    * Get agent compose by ID with HEAD version content
@@ -1128,8 +981,8 @@ var composesByIdContract = c2.router({
     method: "GET",
     path: "/api/agent/composes/:id",
     headers: authHeadersSchema,
-    pathParams: z4.object({
-      id: z4.string().min(1, "Compose ID is required")
+    pathParams: z3.object({
+      id: z3.string().min(1, "Compose ID is required")
     }),
     responses: {
       200: composeResponseSchema,
@@ -1147,12 +1000,12 @@ var composesByIdContract = c2.router({
     method: "DELETE",
     path: "/api/agent/composes/:id",
     headers: authHeadersSchema,
-    pathParams: z4.object({
-      id: z4.string().uuid("Compose ID is required")
+    pathParams: z3.object({
+      id: z3.string().uuid("Compose ID is required")
     }),
-    body: c2.noBody(),
+    body: c.noBody(),
     responses: {
-      204: c2.noBody(),
+      204: c.noBody(),
       401: apiErrorSchema,
       404: apiErrorSchema,
       409: apiErrorSchema
@@ -1160,7 +1013,7 @@ var composesByIdContract = c2.router({
     summary: "Delete agent compose"
   }
 });
-var composesVersionsContract = c2.router({
+var composesVersionsContract = c.router({
   /**
    * GET /api/agent/composes/versions?composeId={id}&version={hash|tag}
    * Resolve a version specifier to a full version ID
@@ -1169,14 +1022,14 @@ var composesVersionsContract = c2.router({
     method: "GET",
     path: "/api/agent/composes/versions",
     headers: authHeadersSchema,
-    query: z4.object({
-      composeId: z4.string().min(1, "Missing composeId query parameter"),
+    query: z3.object({
+      composeId: z3.string().min(1, "Missing composeId query parameter"),
       version: composeVersionQuerySchema
     }),
     responses: {
-      200: z4.object({
-        versionId: z4.string(),
-        tag: z4.string().optional()
+      200: z3.object({
+        versionId: z3.string(),
+        tag: z3.string().optional()
       }),
       400: apiErrorSchema,
       401: apiErrorSchema,
@@ -1185,16 +1038,16 @@ var composesVersionsContract = c2.router({
     summary: "Resolve version specifier to full version ID"
   }
 });
-var composeListItemSchema = z4.object({
-  id: z4.string(),
-  name: z4.string(),
-  displayName: z4.string().nullable().optional(),
-  description: z4.string().nullable().optional(),
-  headVersionId: z4.string().nullable(),
-  updatedAt: z4.string(),
-  isOwner: z4.boolean()
+var composeListItemSchema = z3.object({
+  id: z3.string(),
+  name: z3.string(),
+  displayName: z3.string().nullable().optional(),
+  description: z3.string().nullable().optional(),
+  headVersionId: z3.string().nullable(),
+  updatedAt: z3.string(),
+  isOwner: z3.boolean()
 });
-var composesListContract = c2.router({
+var composesListContract = c.router({
   /**
    * GET /api/agent/composes/list?org={org}
    * List all agent composes for an org
@@ -1204,12 +1057,12 @@ var composesListContract = c2.router({
     method: "GET",
     path: "/api/agent/composes/list",
     headers: authHeadersSchema,
-    query: z4.object({
-      org: z4.string().optional()
+    query: z3.object({
+      org: z3.string().optional()
     }),
     responses: {
-      200: z4.object({
-        composes: z4.array(composeListItemSchema)
+      200: z3.object({
+        composes: z3.array(composeListItemSchema)
       }),
       400: apiErrorSchema,
       401: apiErrorSchema
@@ -1219,8 +1072,8 @@ var composesListContract = c2.router({
 });
 
 // ../../packages/core/src/contracts/runs.ts
-import { z as z5 } from "zod";
-var c3 = initContract();
+import { z as z4 } from "zod";
+var c2 = initContract();
 var ALL_RUN_STATUSES = [
   "queued",
   "pending",
@@ -1230,94 +1083,94 @@ var ALL_RUN_STATUSES = [
   "timeout",
   "cancelled"
 ];
-var runStatusSchema = z5.enum(ALL_RUN_STATUSES);
-var unifiedRunRequestSchema = z5.object({
+var runStatusSchema = z4.enum(ALL_RUN_STATUSES);
+var unifiedRunRequestSchema = z4.object({
   // High-level shortcuts (mutually exclusive with each other)
-  checkpointId: z5.string().optional(),
-  sessionId: z5.string().optional(),
+  checkpointId: z4.string().optional(),
+  sessionId: z4.string().optional(),
   // Base parameters (can be used directly or overridden after shortcut expansion)
-  agentComposeId: z5.string().optional(),
-  agentComposeVersionId: z5.string().optional(),
-  conversationId: z5.string().optional(),
-  artifactName: z5.string().optional(),
-  artifactVersion: z5.string().optional(),
-  vars: z5.record(z5.string(), z5.string()).optional(),
-  secrets: z5.record(z5.string(), z5.string()).optional(),
-  volumeVersions: z5.record(z5.string(), z5.string()).optional(),
-  memoryName: z5.string().optional(),
+  agentComposeId: z4.string().optional(),
+  agentComposeVersionId: z4.string().optional(),
+  conversationId: z4.string().optional(),
+  artifactName: z4.string().optional(),
+  artifactVersion: z4.string().optional(),
+  vars: z4.record(z4.string(), z4.string()).optional(),
+  secrets: z4.record(z4.string(), z4.string()).optional(),
+  volumeVersions: z4.record(z4.string(), z4.string()).optional(),
+  memoryName: z4.string().optional(),
   // Debug flag to force real Claude in mock environments (internal use only)
-  debugNoMockClaude: z5.boolean().optional(),
+  debugNoMockClaude: z4.boolean().optional(),
   // Model provider for automatic secret injection
-  modelProvider: z5.string().optional(),
+  modelProvider: z4.string().optional(),
   // Environment validation flag - when true, validates secrets/vars before running
-  checkEnv: z5.boolean().optional(),
+  checkEnv: z4.boolean().optional(),
   // Required
-  prompt: z5.string().min(1, "Missing prompt")
+  prompt: z4.string().min(1, "Missing prompt")
 });
-var createRunResponseSchema = z5.object({
-  runId: z5.string(),
+var createRunResponseSchema = z4.object({
+  runId: z4.string(),
   status: runStatusSchema,
-  sandboxId: z5.string().optional(),
-  output: z5.string().optional(),
-  error: z5.string().optional(),
-  executionTimeMs: z5.number().optional(),
-  createdAt: z5.string()
+  sandboxId: z4.string().optional(),
+  output: z4.string().optional(),
+  error: z4.string().optional(),
+  executionTimeMs: z4.number().optional(),
+  createdAt: z4.string()
 });
-var getRunResponseSchema = z5.object({
-  runId: z5.string(),
-  agentComposeVersionId: z5.string().nullable(),
+var getRunResponseSchema = z4.object({
+  runId: z4.string(),
+  agentComposeVersionId: z4.string().nullable(),
   status: runStatusSchema,
-  prompt: z5.string(),
-  vars: z5.record(z5.string(), z5.string()).optional(),
-  sandboxId: z5.string().optional(),
-  result: z5.object({
-    output: z5.string(),
-    executionTimeMs: z5.number()
+  prompt: z4.string(),
+  vars: z4.record(z4.string(), z4.string()).optional(),
+  sandboxId: z4.string().optional(),
+  result: z4.object({
+    output: z4.string(),
+    executionTimeMs: z4.number()
   }).optional(),
-  error: z5.string().optional(),
-  createdAt: z5.string(),
-  startedAt: z5.string().optional(),
-  completedAt: z5.string().optional()
+  error: z4.string().optional(),
+  createdAt: z4.string(),
+  startedAt: z4.string().optional(),
+  completedAt: z4.string().optional()
 });
-var runEventSchema = z5.object({
-  sequenceNumber: z5.number(),
-  eventType: z5.string(),
-  eventData: z5.unknown(),
-  createdAt: z5.string()
+var runEventSchema = z4.object({
+  sequenceNumber: z4.number(),
+  eventType: z4.string(),
+  eventData: z4.unknown(),
+  createdAt: z4.string()
 });
-var runResultSchema = z5.object({
-  checkpointId: z5.string(),
-  agentSessionId: z5.string(),
-  conversationId: z5.string(),
-  artifact: z5.record(z5.string(), z5.string()).optional(),
+var runResultSchema = z4.object({
+  checkpointId: z4.string(),
+  agentSessionId: z4.string(),
+  conversationId: z4.string(),
+  artifact: z4.record(z4.string(), z4.string()).optional(),
   // optional when run has no artifact
-  volumes: z5.record(z5.string(), z5.string()).optional(),
-  memory: z5.record(z5.string(), z5.string()).optional()
+  volumes: z4.record(z4.string(), z4.string()).optional(),
+  memory: z4.record(z4.string(), z4.string()).optional()
 });
-var runStateSchema = z5.object({
+var runStateSchema = z4.object({
   status: runStatusSchema,
   result: runResultSchema.optional(),
-  error: z5.string().optional()
+  error: z4.string().optional()
 });
-var eventsResponseSchema = z5.object({
-  events: z5.array(runEventSchema),
-  hasMore: z5.boolean(),
-  nextSequence: z5.number(),
+var eventsResponseSchema = z4.object({
+  events: z4.array(runEventSchema),
+  hasMore: z4.boolean(),
+  nextSequence: z4.number(),
   run: runStateSchema,
-  framework: z5.string()
+  framework: z4.string()
 });
-var runListItemSchema = z5.object({
-  id: z5.string(),
-  agentName: z5.string(),
+var runListItemSchema = z4.object({
+  id: z4.string(),
+  agentName: z4.string(),
   status: runStatusSchema,
-  prompt: z5.string(),
-  createdAt: z5.string(),
-  startedAt: z5.string().nullable()
+  prompt: z4.string(),
+  createdAt: z4.string(),
+  startedAt: z4.string().nullable()
 });
-var runsListResponseSchema = z5.object({
-  runs: z5.array(runListItemSchema)
+var runsListResponseSchema = z4.object({
+  runs: z4.array(runListItemSchema)
 });
-var runsMainContract = c3.router({
+var runsMainContract = c2.router({
   /**
    * GET /api/agent/runs
    * List agent runs (pending and running by default)
@@ -1326,16 +1179,16 @@ var runsMainContract = c3.router({
     method: "GET",
     path: "/api/agent/runs",
     headers: authHeadersSchema,
-    query: z5.object({
-      status: z5.string().optional(),
+    query: z4.object({
+      status: z4.string().optional(),
       // comma-separated: "pending,running"
-      agent: z5.string().optional(),
+      agent: z4.string().optional(),
       // agent name filter
-      since: z5.string().optional(),
+      since: z4.string().optional(),
       // ISO timestamp
-      until: z5.string().optional(),
+      until: z4.string().optional(),
       // ISO timestamp
-      limit: z5.coerce.number().min(1).max(100).default(50)
+      limit: z4.coerce.number().min(1).max(100).default(50)
     }),
     responses: {
       200: runsListResponseSchema,
@@ -1362,7 +1215,7 @@ var runsMainContract = c3.router({
     summary: "Create and execute agent run"
   }
 });
-var runsByIdContract = c3.router({
+var runsByIdContract = c2.router({
   /**
    * GET /api/agent/runs/:id
    * Get agent run status and results
@@ -1371,8 +1224,8 @@ var runsByIdContract = c3.router({
     method: "GET",
     path: "/api/agent/runs/:id",
     headers: authHeadersSchema,
-    pathParams: z5.object({
-      id: z5.string().min(1, "Run ID is required")
+    pathParams: z4.object({
+      id: z4.string().min(1, "Run ID is required")
     }),
     responses: {
       200: getRunResponseSchema,
@@ -1383,12 +1236,12 @@ var runsByIdContract = c3.router({
     summary: "Get agent run by ID"
   }
 });
-var cancelRunResponseSchema = z5.object({
-  id: z5.string(),
-  status: z5.literal("cancelled"),
-  message: z5.string()
+var cancelRunResponseSchema = z4.object({
+  id: z4.string(),
+  status: z4.literal("cancelled"),
+  message: z4.string()
 });
-var runsCancelContract = c3.router({
+var runsCancelContract = c2.router({
   /**
    * POST /api/agent/runs/:id/cancel
    * Cancel a pending or running run
@@ -1397,10 +1250,10 @@ var runsCancelContract = c3.router({
     method: "POST",
     path: "/api/agent/runs/:id/cancel",
     headers: authHeadersSchema,
-    pathParams: z5.object({
-      id: z5.string().min(1, "Run ID is required")
+    pathParams: z4.object({
+      id: z4.string().min(1, "Run ID is required")
     }),
-    body: z5.undefined(),
+    body: z4.undefined(),
     responses: {
       200: cancelRunResponseSchema,
       400: apiErrorSchema,
@@ -1410,7 +1263,7 @@ var runsCancelContract = c3.router({
     summary: "Cancel a pending or running run"
   }
 });
-var runEventsContract = c3.router({
+var runEventsContract = c2.router({
   /**
    * GET /api/agent/runs/:id/events
    * Poll for agent run events with pagination
@@ -1419,12 +1272,12 @@ var runEventsContract = c3.router({
     method: "GET",
     path: "/api/agent/runs/:id/events",
     headers: authHeadersSchema,
-    pathParams: z5.object({
-      id: z5.string().min(1, "Run ID is required")
+    pathParams: z4.object({
+      id: z4.string().min(1, "Run ID is required")
     }),
-    query: z5.object({
-      since: z5.coerce.number().default(-1),
-      limit: z5.coerce.number().default(100)
+    query: z4.object({
+      since: z4.coerce.number().default(-1),
+      limit: z4.coerce.number().default(100)
     }),
     responses: {
       200: eventsResponseSchema,
@@ -1434,50 +1287,50 @@ var runEventsContract = c3.router({
     summary: "Get agent run events"
   }
 });
-var telemetryMetricSchema = z5.object({
-  ts: z5.string(),
-  cpu: z5.number(),
-  mem_used: z5.number(),
-  mem_total: z5.number(),
-  disk_used: z5.number(),
-  disk_total: z5.number()
+var telemetryMetricSchema = z4.object({
+  ts: z4.string(),
+  cpu: z4.number(),
+  mem_used: z4.number(),
+  mem_total: z4.number(),
+  disk_used: z4.number(),
+  disk_total: z4.number()
 });
-var systemLogResponseSchema = z5.object({
-  systemLog: z5.string(),
-  hasMore: z5.boolean()
+var systemLogResponseSchema = z4.object({
+  systemLog: z4.string(),
+  hasMore: z4.boolean()
 });
-var metricsResponseSchema = z5.object({
-  metrics: z5.array(telemetryMetricSchema),
-  hasMore: z5.boolean()
+var metricsResponseSchema = z4.object({
+  metrics: z4.array(telemetryMetricSchema),
+  hasMore: z4.boolean()
 });
-var agentEventsResponseSchema = z5.object({
-  events: z5.array(runEventSchema),
-  hasMore: z5.boolean(),
-  framework: z5.string()
+var agentEventsResponseSchema = z4.object({
+  events: z4.array(runEventSchema),
+  hasMore: z4.boolean(),
+  framework: z4.string()
 });
-var networkLogEntrySchema = z5.object({
-  timestamp: z5.string(),
-  mode: z5.literal("mitm").optional(),
-  action: z5.enum(["ALLOW", "DENY"]).optional(),
-  host: z5.string().optional(),
-  port: z5.number().optional(),
-  rule_matched: z5.string().nullable().optional(),
-  method: z5.string().optional(),
-  url: z5.string().optional(),
-  status: z5.number().optional(),
-  latency_ms: z5.number().optional(),
-  request_size: z5.number().optional(),
-  response_size: z5.number().optional()
+var networkLogEntrySchema = z4.object({
+  timestamp: z4.string(),
+  mode: z4.literal("mitm").optional(),
+  action: z4.enum(["ALLOW", "DENY"]).optional(),
+  host: z4.string().optional(),
+  port: z4.number().optional(),
+  rule_matched: z4.string().nullable().optional(),
+  method: z4.string().optional(),
+  url: z4.string().optional(),
+  status: z4.number().optional(),
+  latency_ms: z4.number().optional(),
+  request_size: z4.number().optional(),
+  response_size: z4.number().optional()
 });
-var networkLogsResponseSchema = z5.object({
-  networkLogs: z5.array(networkLogEntrySchema),
-  hasMore: z5.boolean()
+var networkLogsResponseSchema = z4.object({
+  networkLogs: z4.array(networkLogEntrySchema),
+  hasMore: z4.boolean()
 });
-var telemetryResponseSchema = z5.object({
-  systemLog: z5.string(),
-  metrics: z5.array(telemetryMetricSchema)
+var telemetryResponseSchema = z4.object({
+  systemLog: z4.string(),
+  metrics: z4.array(telemetryMetricSchema)
 });
-var runTelemetryContract = c3.router({
+var runTelemetryContract = c2.router({
   /**
    * GET /api/agent/runs/:id/telemetry
    * Get aggregated telemetry data for a run (legacy combined format)
@@ -1486,8 +1339,8 @@ var runTelemetryContract = c3.router({
     method: "GET",
     path: "/api/agent/runs/:id/telemetry",
     headers: authHeadersSchema,
-    pathParams: z5.object({
-      id: z5.string().min(1, "Run ID is required")
+    pathParams: z4.object({
+      id: z4.string().min(1, "Run ID is required")
     }),
     responses: {
       200: telemetryResponseSchema,
@@ -1497,7 +1350,7 @@ var runTelemetryContract = c3.router({
     summary: "Get run telemetry data"
   }
 });
-var runSystemLogContract = c3.router({
+var runSystemLogContract = c2.router({
   /**
    * GET /api/agent/runs/:id/telemetry/system-log
    * Get system log with pagination
@@ -1506,13 +1359,13 @@ var runSystemLogContract = c3.router({
     method: "GET",
     path: "/api/agent/runs/:id/telemetry/system-log",
     headers: authHeadersSchema,
-    pathParams: z5.object({
-      id: z5.string().min(1, "Run ID is required")
+    pathParams: z4.object({
+      id: z4.string().min(1, "Run ID is required")
     }),
-    query: z5.object({
-      since: z5.coerce.number().optional(),
-      limit: z5.coerce.number().min(1).max(100).default(5),
-      order: z5.enum(["asc", "desc"]).default("desc")
+    query: z4.object({
+      since: z4.coerce.number().optional(),
+      limit: z4.coerce.number().min(1).max(100).default(5),
+      order: z4.enum(["asc", "desc"]).default("desc")
     }),
     responses: {
       200: systemLogResponseSchema,
@@ -1522,7 +1375,7 @@ var runSystemLogContract = c3.router({
     summary: "Get system log with pagination"
   }
 });
-var runMetricsContract = c3.router({
+var runMetricsContract = c2.router({
   /**
    * GET /api/agent/runs/:id/telemetry/metrics
    * Get metrics with pagination
@@ -1531,13 +1384,13 @@ var runMetricsContract = c3.router({
     method: "GET",
     path: "/api/agent/runs/:id/telemetry/metrics",
     headers: authHeadersSchema,
-    pathParams: z5.object({
-      id: z5.string().min(1, "Run ID is required")
+    pathParams: z4.object({
+      id: z4.string().min(1, "Run ID is required")
     }),
-    query: z5.object({
-      since: z5.coerce.number().optional(),
-      limit: z5.coerce.number().min(1).max(100).default(5),
-      order: z5.enum(["asc", "desc"]).default("desc")
+    query: z4.object({
+      since: z4.coerce.number().optional(),
+      limit: z4.coerce.number().min(1).max(100).default(5),
+      order: z4.enum(["asc", "desc"]).default("desc")
     }),
     responses: {
       200: metricsResponseSchema,
@@ -1547,7 +1400,7 @@ var runMetricsContract = c3.router({
     summary: "Get metrics with pagination"
   }
 });
-var runAgentEventsContract = c3.router({
+var runAgentEventsContract = c2.router({
   /**
    * GET /api/agent/runs/:id/telemetry/agent
    * Get agent events with pagination (for vm0 logs default)
@@ -1556,13 +1409,13 @@ var runAgentEventsContract = c3.router({
     method: "GET",
     path: "/api/agent/runs/:id/telemetry/agent",
     headers: authHeadersSchema,
-    pathParams: z5.object({
-      id: z5.string().min(1, "Run ID is required")
+    pathParams: z4.object({
+      id: z4.string().min(1, "Run ID is required")
     }),
-    query: z5.object({
-      since: z5.coerce.number().optional(),
-      limit: z5.coerce.number().min(1).max(100).default(5),
-      order: z5.enum(["asc", "desc"]).default("desc")
+    query: z4.object({
+      since: z4.coerce.number().optional(),
+      limit: z4.coerce.number().min(1).max(100).default(5),
+      order: z4.enum(["asc", "desc"]).default("desc")
     }),
     responses: {
       200: agentEventsResponseSchema,
@@ -1572,7 +1425,7 @@ var runAgentEventsContract = c3.router({
     summary: "Get agent events with pagination"
   }
 });
-var runNetworkLogsContract = c3.router({
+var runNetworkLogsContract = c2.router({
   /**
    * GET /api/agent/runs/:id/telemetry/network
    * Get network logs with pagination (for vm0 logs --network)
@@ -1581,13 +1434,13 @@ var runNetworkLogsContract = c3.router({
     method: "GET",
     path: "/api/agent/runs/:id/telemetry/network",
     headers: authHeadersSchema,
-    pathParams: z5.object({
-      id: z5.string().min(1, "Run ID is required")
+    pathParams: z4.object({
+      id: z4.string().min(1, "Run ID is required")
     }),
-    query: z5.object({
-      since: z5.coerce.number().optional(),
-      limit: z5.coerce.number().min(1).max(100).default(5),
-      order: z5.enum(["asc", "desc"]).default("desc")
+    query: z4.object({
+      since: z4.coerce.number().optional(),
+      limit: z4.coerce.number().min(1).max(100).default(5),
+      order: z4.enum(["asc", "desc"]).default("desc")
     }),
     responses: {
       200: networkLogsResponseSchema,
@@ -1597,18 +1450,18 @@ var runNetworkLogsContract = c3.router({
     summary: "Get network logs with pagination"
   }
 });
-var searchResultSchema = z5.object({
-  runId: z5.string(),
-  agentName: z5.string(),
+var searchResultSchema = z4.object({
+  runId: z4.string(),
+  agentName: z4.string(),
   matchedEvent: runEventSchema,
-  contextBefore: z5.array(runEventSchema),
-  contextAfter: z5.array(runEventSchema)
+  contextBefore: z4.array(runEventSchema),
+  contextAfter: z4.array(runEventSchema)
 });
-var logsSearchResponseSchema = z5.object({
-  results: z5.array(searchResultSchema),
-  hasMore: z5.boolean()
+var logsSearchResponseSchema = z4.object({
+  results: z4.array(searchResultSchema),
+  hasMore: z4.boolean()
 });
-var logsSearchContract = c3.router({
+var logsSearchContract = c2.router({
   /**
    * GET /api/logs/search
    * Search agent events across runs using keyword matching
@@ -1617,14 +1470,14 @@ var logsSearchContract = c3.router({
     method: "GET",
     path: "/api/logs/search",
     headers: authHeadersSchema,
-    query: z5.object({
-      keyword: z5.string().min(1),
-      agent: z5.string().optional(),
-      runId: z5.string().optional(),
-      since: z5.coerce.number().optional(),
-      limit: z5.coerce.number().min(1).max(50).default(20),
-      before: z5.coerce.number().min(0).max(10).default(0),
-      after: z5.coerce.number().min(0).max(10).default(0)
+    query: z4.object({
+      keyword: z4.string().min(1),
+      agent: z4.string().optional(),
+      runId: z4.string().optional(),
+      since: z4.coerce.number().optional(),
+      limit: z4.coerce.number().min(1).max(50).default(20),
+      before: z4.coerce.number().min(0).max(10).default(0),
+      after: z4.coerce.number().min(0).max(10).default(0)
     }),
     responses: {
       200: logsSearchResponseSchema,
@@ -1635,19 +1488,19 @@ var logsSearchContract = c3.router({
 });
 
 // ../../packages/core/src/contracts/storages.ts
-import { z as z6 } from "zod";
-var c4 = initContract();
-var storageTypeSchema = z6.enum(["volume", "artifact", "memory"]);
-var versionQuerySchema = z6.string().regex(/^[a-f0-9]{8,64}$/i, "Version must be 8-64 hex characters").optional();
-var uploadStorageResponseSchema = z6.object({
-  name: z6.string(),
-  versionId: z6.string(),
-  size: z6.number(),
-  fileCount: z6.number(),
+import { z as z5 } from "zod";
+var c3 = initContract();
+var storageTypeSchema = z5.enum(["volume", "artifact", "memory"]);
+var versionQuerySchema = z5.string().regex(/^[a-f0-9]{8,64}$/i, "Version must be 8-64 hex characters").optional();
+var uploadStorageResponseSchema = z5.object({
+  name: z5.string(),
+  versionId: z5.string(),
+  size: z5.number(),
+  fileCount: z5.number(),
   type: storageTypeSchema,
-  deduplicated: z6.boolean()
+  deduplicated: z5.boolean()
 });
-var storagesContract = c4.router({
+var storagesContract = c3.router({
   /**
    * POST /api/storages
    * Upload a storage (tar.gz file)
@@ -1664,7 +1517,7 @@ var storagesContract = c4.router({
     path: "/api/storages",
     headers: authHeadersSchema,
     contentType: "multipart/form-data",
-    body: c4.type(),
+    body: c3.type(),
     responses: {
       200: uploadStorageResponseSchema,
       400: apiErrorSchema,
@@ -1687,15 +1540,15 @@ var storagesContract = c4.router({
     method: "GET",
     path: "/api/storages",
     headers: authHeadersSchema,
-    query: z6.object({
-      name: z6.string().min(1, "Storage name is required"),
+    query: z5.object({
+      name: z5.string().min(1, "Storage name is required"),
       version: versionQuerySchema
     }),
     responses: {
       // Binary response - actual handling done at route level
-      200: c4.otherResponse({
+      200: c3.otherResponse({
         contentType: "application/gzip",
-        body: c4.type()
+        body: c3.type()
       }),
       400: apiErrorSchema,
       401: apiErrorSchema,
@@ -1706,41 +1559,41 @@ var storagesContract = c4.router({
   }
 });
 var MAX_FILE_SIZE_BYTES = 104857600;
-var fileEntryWithHashSchema = z6.object({
-  path: z6.string().min(1, "File path is required"),
-  hash: z6.string().length(64, "Hash must be SHA-256 (64 hex chars)"),
-  size: z6.number().int().min(0, "Size must be non-negative").max(MAX_FILE_SIZE_BYTES, "File size exceeds 100MB limit")
+var fileEntryWithHashSchema = z5.object({
+  path: z5.string().min(1, "File path is required"),
+  hash: z5.string().length(64, "Hash must be SHA-256 (64 hex chars)"),
+  size: z5.number().int().min(0, "Size must be non-negative").max(MAX_FILE_SIZE_BYTES, "File size exceeds 100MB limit")
 });
-var storageChangesSchema = z6.object({
-  added: z6.array(z6.string()),
-  modified: z6.array(z6.string()),
-  deleted: z6.array(z6.string())
+var storageChangesSchema = z5.object({
+  added: z5.array(z5.string()),
+  modified: z5.array(z5.string()),
+  deleted: z5.array(z5.string())
 });
-var presignedUploadSchema = z6.object({
-  key: z6.string(),
-  presignedUrl: z6.string().url()
+var presignedUploadSchema = z5.object({
+  key: z5.string(),
+  presignedUrl: z5.string().url()
 });
-var storagesPrepareContract = c4.router({
+var storagesPrepareContract = c3.router({
   prepare: {
     method: "POST",
     path: "/api/storages/prepare",
     headers: authHeadersSchema,
-    body: z6.object({
-      storageName: z6.string().min(1, "Storage name is required"),
+    body: z5.object({
+      storageName: z5.string().min(1, "Storage name is required"),
       storageType: storageTypeSchema,
-      files: z6.array(fileEntryWithHashSchema),
-      force: z6.boolean().optional(),
-      runId: z6.string().optional(),
+      files: z5.array(fileEntryWithHashSchema),
+      force: z5.boolean().optional(),
+      runId: z5.string().optional(),
       // For sandbox auth
-      baseVersion: z6.string().optional(),
+      baseVersion: z5.string().optional(),
       // For incremental uploads
       changes: storageChangesSchema.optional()
     }),
     responses: {
-      200: z6.object({
-        versionId: z6.string(),
-        existing: z6.boolean(),
-        uploads: z6.object({
+      200: z5.object({
+        versionId: z5.string(),
+        existing: z5.boolean(),
+        uploads: z5.object({
           archive: presignedUploadSchema,
           manifest: presignedUploadSchema
         }).optional()
@@ -1754,27 +1607,27 @@ var storagesPrepareContract = c4.router({
     summary: "Prepare for direct S3 upload"
   }
 });
-var storagesCommitContract = c4.router({
+var storagesCommitContract = c3.router({
   commit: {
     method: "POST",
     path: "/api/storages/commit",
     headers: authHeadersSchema,
-    body: z6.object({
-      storageName: z6.string().min(1, "Storage name is required"),
+    body: z5.object({
+      storageName: z5.string().min(1, "Storage name is required"),
       storageType: storageTypeSchema,
-      versionId: z6.string().min(1, "Version ID is required"),
-      files: z6.array(fileEntryWithHashSchema),
-      runId: z6.string().optional(),
-      message: z6.string().optional()
+      versionId: z5.string().min(1, "Version ID is required"),
+      files: z5.array(fileEntryWithHashSchema),
+      runId: z5.string().optional(),
+      message: z5.string().optional()
     }),
     responses: {
-      200: z6.object({
-        success: z6.literal(true),
-        versionId: z6.string(),
-        storageName: z6.string(),
-        size: z6.number(),
-        fileCount: z6.number(),
-        deduplicated: z6.boolean().optional()
+      200: z5.object({
+        success: z5.literal(true),
+        versionId: z5.string(),
+        storageName: z5.string(),
+        size: z5.number(),
+        fileCount: z5.number(),
+        deduplicated: z5.boolean().optional()
       }),
       400: apiErrorSchema,
       401: apiErrorSchema,
@@ -1787,31 +1640,31 @@ var storagesCommitContract = c4.router({
     summary: "Commit uploaded storage"
   }
 });
-var storagesDownloadContract = c4.router({
+var storagesDownloadContract = c3.router({
   download: {
     method: "GET",
     path: "/api/storages/download",
     headers: authHeadersSchema,
-    query: z6.object({
-      name: z6.string().min(1, "Storage name is required"),
+    query: z5.object({
+      name: z5.string().min(1, "Storage name is required"),
       type: storageTypeSchema,
       version: versionQuerySchema
     }),
     responses: {
       // Normal response with presigned URL
-      200: z6.union([
-        z6.object({
-          url: z6.string().url(),
-          versionId: z6.string(),
-          fileCount: z6.number(),
-          size: z6.number()
+      200: z5.union([
+        z5.object({
+          url: z5.string().url(),
+          versionId: z5.string(),
+          fileCount: z5.number(),
+          size: z5.number()
         }),
         // Empty artifact response
-        z6.object({
-          empty: z6.literal(true),
-          versionId: z6.string(),
-          fileCount: z6.literal(0),
-          size: z6.literal(0)
+        z5.object({
+          empty: z5.literal(true),
+          versionId: z5.string(),
+          fileCount: z5.literal(0),
+          size: z5.literal(0)
         })
       ]),
       400: apiErrorSchema,
@@ -1822,21 +1675,21 @@ var storagesDownloadContract = c4.router({
     summary: "Get presigned download URL"
   }
 });
-var storagesListContract = c4.router({
+var storagesListContract = c3.router({
   list: {
     method: "GET",
     path: "/api/storages/list",
     headers: authHeadersSchema,
-    query: z6.object({
+    query: z5.object({
       type: storageTypeSchema
     }),
     responses: {
-      200: z6.array(
-        z6.object({
-          name: z6.string(),
-          size: z6.number(),
-          fileCount: z6.number(),
-          updatedAt: z6.string()
+      200: z5.array(
+        z5.object({
+          name: z5.string(),
+          size: z5.number(),
+          fileCount: z5.number(),
+          updatedAt: z5.string()
         })
       ),
       401: apiErrorSchema,
@@ -1847,24 +1700,24 @@ var storagesListContract = c4.router({
 });
 
 // ../../packages/core/src/contracts/webhooks.ts
-import { z as z7 } from "zod";
-var c5 = initContract();
-var agentEventSchema = z7.object({
-  type: z7.string(),
-  sequenceNumber: z7.number().int().nonnegative()
+import { z as z6 } from "zod";
+var c4 = initContract();
+var agentEventSchema = z6.object({
+  type: z6.string(),
+  sequenceNumber: z6.number().int().nonnegative()
 }).passthrough();
-var artifactSnapshotSchema = z7.object({
-  artifactName: z7.string(),
-  artifactVersion: z7.string()
+var artifactSnapshotSchema = z6.object({
+  artifactName: z6.string(),
+  artifactVersion: z6.string()
 });
-var memorySnapshotSchema = z7.object({
-  memoryName: z7.string(),
-  memoryVersion: z7.string()
+var memorySnapshotSchema = z6.object({
+  memoryName: z6.string(),
+  memoryVersion: z6.string()
 });
-var volumeVersionsSnapshotSchema = z7.object({
-  versions: z7.record(z7.string(), z7.string())
+var volumeVersionsSnapshotSchema = z6.object({
+  versions: z6.record(z6.string(), z6.string())
 });
-var webhookEventsContract = c5.router({
+var webhookEventsContract = c4.router({
   /**
    * POST /api/webhooks/agent/events
    * Receive agent events from sandbox
@@ -1873,15 +1726,15 @@ var webhookEventsContract = c5.router({
     method: "POST",
     path: "/api/webhooks/agent/events",
     headers: authHeadersSchema,
-    body: z7.object({
-      runId: z7.string().min(1, "runId is required"),
-      events: z7.array(agentEventSchema).min(1, "events array cannot be empty")
+    body: z6.object({
+      runId: z6.string().min(1, "runId is required"),
+      events: z6.array(agentEventSchema).min(1, "events array cannot be empty")
     }),
     responses: {
-      200: z7.object({
-        received: z7.number(),
-        firstSequence: z7.number(),
-        lastSequence: z7.number()
+      200: z6.object({
+        received: z6.number(),
+        firstSequence: z6.number(),
+        lastSequence: z6.number()
       }),
       400: apiErrorSchema,
       401: apiErrorSchema,
@@ -1891,7 +1744,7 @@ var webhookEventsContract = c5.router({
     summary: "Receive agent events from sandbox"
   }
 });
-var webhookCompleteContract = c5.router({
+var webhookCompleteContract = c4.router({
   /**
    * POST /api/webhooks/agent/complete
    * Handle agent run completion (success or failure)
@@ -1900,15 +1753,15 @@ var webhookCompleteContract = c5.router({
     method: "POST",
     path: "/api/webhooks/agent/complete",
     headers: authHeadersSchema,
-    body: z7.object({
-      runId: z7.string().min(1, "runId is required"),
-      exitCode: z7.number(),
-      error: z7.string().optional()
+    body: z6.object({
+      runId: z6.string().min(1, "runId is required"),
+      exitCode: z6.number(),
+      error: z6.string().optional()
     }),
     responses: {
-      200: z7.object({
-        success: z7.boolean(),
-        status: z7.enum(["completed", "failed"])
+      200: z6.object({
+        success: z6.boolean(),
+        status: z6.enum(["completed", "failed"])
       }),
       400: apiErrorSchema,
       401: apiErrorSchema,
@@ -1918,7 +1771,7 @@ var webhookCompleteContract = c5.router({
     summary: "Handle agent run completion"
   }
 });
-var webhookCheckpointsContract = c5.router({
+var webhookCheckpointsContract = c4.router({
   /**
    * POST /api/webhooks/agent/checkpoints
    * Create checkpoint for completed agent run
@@ -1927,23 +1780,23 @@ var webhookCheckpointsContract = c5.router({
     method: "POST",
     path: "/api/webhooks/agent/checkpoints",
     headers: authHeadersSchema,
-    body: z7.object({
-      runId: z7.string().min(1, "runId is required"),
-      cliAgentType: z7.string().min(1, "cliAgentType is required"),
-      cliAgentSessionId: z7.string().min(1, "cliAgentSessionId is required"),
-      cliAgentSessionHistory: z7.string().min(1, "cliAgentSessionHistory is required"),
+    body: z6.object({
+      runId: z6.string().min(1, "runId is required"),
+      cliAgentType: z6.string().min(1, "cliAgentType is required"),
+      cliAgentSessionId: z6.string().min(1, "cliAgentSessionId is required"),
+      cliAgentSessionHistory: z6.string().min(1, "cliAgentSessionHistory is required"),
       artifactSnapshot: artifactSnapshotSchema.optional(),
       memorySnapshot: memorySnapshotSchema.optional(),
       volumeVersionsSnapshot: volumeVersionsSnapshotSchema.optional()
     }),
     responses: {
-      200: z7.object({
-        checkpointId: z7.string(),
-        agentSessionId: z7.string(),
-        conversationId: z7.string(),
+      200: z6.object({
+        checkpointId: z6.string(),
+        agentSessionId: z6.string(),
+        conversationId: z6.string(),
         artifact: artifactSnapshotSchema.optional(),
         memory: memorySnapshotSchema.optional(),
-        volumes: z7.record(z7.string(), z7.string()).optional()
+        volumes: z6.record(z6.string(), z6.string()).optional()
       }),
       400: apiErrorSchema,
       401: apiErrorSchema,
@@ -1953,7 +1806,7 @@ var webhookCheckpointsContract = c5.router({
     summary: "Create checkpoint for agent run"
   }
 });
-var webhookHeartbeatContract = c5.router({
+var webhookHeartbeatContract = c4.router({
   /**
    * POST /api/webhooks/agent/heartbeat
    * Receive heartbeat signals from sandbox
@@ -1962,12 +1815,12 @@ var webhookHeartbeatContract = c5.router({
     method: "POST",
     path: "/api/webhooks/agent/heartbeat",
     headers: authHeadersSchema,
-    body: z7.object({
-      runId: z7.string().min(1, "runId is required")
+    body: z6.object({
+      runId: z6.string().min(1, "runId is required")
     }),
     responses: {
-      200: z7.object({
-        ok: z7.boolean()
+      200: z6.object({
+        ok: z6.boolean()
       }),
       400: apiErrorSchema,
       401: apiErrorSchema,
@@ -1977,7 +1830,7 @@ var webhookHeartbeatContract = c5.router({
     summary: "Receive heartbeat from sandbox"
   }
 });
-var webhookStoragesContract = c5.router({
+var webhookStoragesContract = c4.router({
   /**
    * POST /api/webhooks/agent/storages
    * Create a new version of a storage from sandbox
@@ -1993,13 +1846,13 @@ var webhookStoragesContract = c5.router({
     path: "/api/webhooks/agent/storages",
     headers: authHeadersSchema,
     contentType: "multipart/form-data",
-    body: c5.type(),
+    body: c4.type(),
     responses: {
-      200: z7.object({
-        versionId: z7.string(),
-        storageName: z7.string(),
-        size: z7.number(),
-        fileCount: z7.number()
+      200: z6.object({
+        versionId: z6.string(),
+        storageName: z6.string(),
+        size: z6.number(),
+        fileCount: z6.number()
       }),
       400: apiErrorSchema,
       401: apiErrorSchema,
@@ -2009,7 +1862,7 @@ var webhookStoragesContract = c5.router({
     summary: "Upload storage version from sandbox"
   }
 });
-var webhookStoragesIncrementalContract = c5.router({
+var webhookStoragesIncrementalContract = c4.router({
   /**
    * POST /api/webhooks/agent/storages/incremental
    * Create a new version using incremental upload
@@ -2027,19 +1880,19 @@ var webhookStoragesIncrementalContract = c5.router({
     path: "/api/webhooks/agent/storages/incremental",
     headers: authHeadersSchema,
     contentType: "multipart/form-data",
-    body: c5.type(),
+    body: c4.type(),
     responses: {
-      200: z7.object({
-        versionId: z7.string(),
-        storageName: z7.string(),
-        size: z7.number(),
-        fileCount: z7.number(),
-        incrementalStats: z7.object({
-          addedFiles: z7.number(),
-          modifiedFiles: z7.number(),
-          deletedFiles: z7.number(),
-          unchangedFiles: z7.number(),
-          bytesUploaded: z7.number()
+      200: z6.object({
+        versionId: z6.string(),
+        storageName: z6.string(),
+        size: z6.number(),
+        fileCount: z6.number(),
+        incrementalStats: z6.object({
+          addedFiles: z6.number(),
+          modifiedFiles: z6.number(),
+          deletedFiles: z6.number(),
+          unchangedFiles: z6.number(),
+          bytesUploaded: z6.number()
         }).optional()
       }),
       400: apiErrorSchema,
@@ -2050,36 +1903,36 @@ var webhookStoragesIncrementalContract = c5.router({
     summary: "Upload storage version incrementally from sandbox"
   }
 });
-var metricDataSchema = z7.object({
-  ts: z7.string(),
-  cpu: z7.number(),
-  mem_used: z7.number(),
-  mem_total: z7.number(),
-  disk_used: z7.number(),
-  disk_total: z7.number()
+var metricDataSchema = z6.object({
+  ts: z6.string(),
+  cpu: z6.number(),
+  mem_used: z6.number(),
+  mem_total: z6.number(),
+  disk_used: z6.number(),
+  disk_total: z6.number()
 });
-var sandboxOperationSchema = z7.object({
-  ts: z7.string(),
-  action_type: z7.string(),
-  duration_ms: z7.number(),
-  success: z7.boolean(),
-  error: z7.string().optional()
+var sandboxOperationSchema = z6.object({
+  ts: z6.string(),
+  action_type: z6.string(),
+  duration_ms: z6.number(),
+  success: z6.boolean(),
+  error: z6.string().optional()
 });
-var networkLogSchema = z7.object({
-  timestamp: z7.string(),
-  mode: z7.literal("mitm").optional(),
-  action: z7.enum(["ALLOW", "DENY"]).optional(),
-  host: z7.string().optional(),
-  port: z7.number().optional(),
-  rule_matched: z7.string().nullable().optional(),
-  method: z7.string().optional(),
-  url: z7.string().optional(),
-  status: z7.number().optional(),
-  latency_ms: z7.number().optional(),
-  request_size: z7.number().optional(),
-  response_size: z7.number().optional()
+var networkLogSchema = z6.object({
+  timestamp: z6.string(),
+  mode: z6.literal("mitm").optional(),
+  action: z6.enum(["ALLOW", "DENY"]).optional(),
+  host: z6.string().optional(),
+  port: z6.number().optional(),
+  rule_matched: z6.string().nullable().optional(),
+  method: z6.string().optional(),
+  url: z6.string().optional(),
+  status: z6.number().optional(),
+  latency_ms: z6.number().optional(),
+  request_size: z6.number().optional(),
+  response_size: z6.number().optional()
 });
-var webhookTelemetryContract = c5.router({
+var webhookTelemetryContract = c4.router({
   /**
    * POST /api/webhooks/agent/telemetry
    * Receive telemetry data (system log, metrics, network logs, and sandbox operations) from sandbox
@@ -2088,17 +1941,17 @@ var webhookTelemetryContract = c5.router({
     method: "POST",
     path: "/api/webhooks/agent/telemetry",
     headers: authHeadersSchema,
-    body: z7.object({
-      runId: z7.string().min(1, "runId is required"),
-      systemLog: z7.string().optional(),
-      metrics: z7.array(metricDataSchema).optional(),
-      networkLogs: z7.array(networkLogSchema).optional(),
-      sandboxOperations: z7.array(sandboxOperationSchema).optional()
+    body: z6.object({
+      runId: z6.string().min(1, "runId is required"),
+      systemLog: z6.string().optional(),
+      metrics: z6.array(metricDataSchema).optional(),
+      networkLogs: z6.array(networkLogSchema).optional(),
+      sandboxOperations: z6.array(sandboxOperationSchema).optional()
     }),
     responses: {
-      200: z7.object({
-        success: z7.boolean(),
-        id: z7.string()
+      200: z6.object({
+        success: z6.boolean(),
+        id: z6.string()
       }),
       400: apiErrorSchema,
       401: apiErrorSchema,
@@ -2108,26 +1961,26 @@ var webhookTelemetryContract = c5.router({
     summary: "Receive telemetry data from sandbox"
   }
 });
-var webhookStoragesPrepareContract = c5.router({
+var webhookStoragesPrepareContract = c4.router({
   prepare: {
     method: "POST",
     path: "/api/webhooks/agent/storages/prepare",
     headers: authHeadersSchema,
-    body: z7.object({
-      runId: z7.string().min(1, "runId is required"),
+    body: z6.object({
+      runId: z6.string().min(1, "runId is required"),
       // Required for webhook auth
-      storageName: z7.string().min(1, "Storage name is required"),
+      storageName: z6.string().min(1, "Storage name is required"),
       storageType: storageTypeSchema,
-      files: z7.array(fileEntryWithHashSchema),
-      force: z7.boolean().optional(),
-      baseVersion: z7.string().optional(),
+      files: z6.array(fileEntryWithHashSchema),
+      force: z6.boolean().optional(),
+      baseVersion: z6.string().optional(),
       changes: storageChangesSchema.optional()
     }),
     responses: {
-      200: z7.object({
-        versionId: z7.string(),
-        existing: z7.boolean(),
-        uploads: z7.object({
+      200: z6.object({
+        versionId: z6.string(),
+        existing: z6.boolean(),
+        uploads: z6.object({
           archive: presignedUploadSchema,
           manifest: presignedUploadSchema
         }).optional()
@@ -2141,28 +1994,28 @@ var webhookStoragesPrepareContract = c5.router({
     summary: "Prepare for direct S3 upload from sandbox"
   }
 });
-var webhookStoragesCommitContract = c5.router({
+var webhookStoragesCommitContract = c4.router({
   commit: {
     method: "POST",
     path: "/api/webhooks/agent/storages/commit",
     headers: authHeadersSchema,
-    body: z7.object({
-      runId: z7.string().min(1, "runId is required"),
+    body: z6.object({
+      runId: z6.string().min(1, "runId is required"),
       // Required for webhook auth
-      storageName: z7.string().min(1, "Storage name is required"),
+      storageName: z6.string().min(1, "Storage name is required"),
       storageType: storageTypeSchema,
-      versionId: z7.string().min(1, "Version ID is required"),
-      files: z7.array(fileEntryWithHashSchema),
-      message: z7.string().optional()
+      versionId: z6.string().min(1, "Version ID is required"),
+      files: z6.array(fileEntryWithHashSchema),
+      message: z6.string().optional()
     }),
     responses: {
-      200: z7.object({
-        success: z7.literal(true),
-        versionId: z7.string(),
-        storageName: z7.string(),
-        size: z7.number(),
-        fileCount: z7.number(),
-        deduplicated: z7.boolean().optional()
+      200: z6.object({
+        success: z6.literal(true),
+        versionId: z6.string(),
+        storageName: z6.string(),
+        size: z6.number(),
+        fileCount: z6.number(),
+        deduplicated: z6.boolean().optional()
       }),
       400: apiErrorSchema,
       401: apiErrorSchema,
@@ -2177,13 +2030,13 @@ var webhookStoragesCommitContract = c5.router({
 });
 
 // ../../packages/core/src/contracts/cli-auth.ts
-import { z as z8 } from "zod";
-var c6 = initContract();
-var oauthErrorSchema = z8.object({
-  error: z8.string(),
-  error_description: z8.string()
+import { z as z7 } from "zod";
+var c5 = initContract();
+var oauthErrorSchema = z7.object({
+  error: z7.string(),
+  error_description: z7.string()
 });
-var cliAuthDeviceContract = c6.router({
+var cliAuthDeviceContract = c5.router({
   /**
    * POST /api/cli/auth/device
    * Initiate device authorization flow
@@ -2191,21 +2044,21 @@ var cliAuthDeviceContract = c6.router({
   create: {
     method: "POST",
     path: "/api/cli/auth/device",
-    body: z8.object({}).optional(),
+    body: z7.object({}).optional(),
     responses: {
-      200: z8.object({
-        device_code: z8.string(),
-        user_code: z8.string(),
-        verification_path: z8.string(),
-        expires_in: z8.number(),
-        interval: z8.number()
+      200: z7.object({
+        device_code: z7.string(),
+        user_code: z7.string(),
+        verification_path: z7.string(),
+        expires_in: z7.number(),
+        interval: z7.number()
       }),
       500: oauthErrorSchema
     },
     summary: "Initiate device authorization flow"
   }
 });
-var cliAuthTokenContract = c6.router({
+var cliAuthTokenContract = c5.router({
   /**
    * POST /api/cli/auth/token
    * Exchange device code for access token
@@ -2213,16 +2066,16 @@ var cliAuthTokenContract = c6.router({
   exchange: {
     method: "POST",
     path: "/api/cli/auth/token",
-    body: z8.object({
-      device_code: z8.string().min(1, "device_code is required")
+    body: z7.object({
+      device_code: z7.string().min(1, "device_code is required")
     }),
     responses: {
       // Success - token issued
-      200: z8.object({
-        access_token: z8.string(),
-        token_type: z8.literal("Bearer"),
-        expires_in: z8.number(),
-        org_slug: z8.string().optional()
+      200: z7.object({
+        access_token: z7.string(),
+        token_type: z7.literal("Bearer"),
+        expires_in: z7.number(),
+        org_slug: z7.string().optional()
       }),
       // Authorization pending
       202: oauthErrorSchema,
@@ -2235,9 +2088,9 @@ var cliAuthTokenContract = c6.router({
 });
 
 // ../../packages/core/src/contracts/auth.ts
-import { z as z9 } from "zod";
-var c7 = initContract();
-var authContract = c7.router({
+import { z as z8 } from "zod";
+var c6 = initContract();
+var authContract = c6.router({
   /**
    * GET /api/auth/me
    * Get current user information
@@ -2247,9 +2100,9 @@ var authContract = c7.router({
     path: "/api/auth/me",
     headers: authHeadersSchema,
     responses: {
-      200: z9.object({
-        userId: z9.string(),
-        email: z9.string()
+      200: z8.object({
+        userId: z8.string(),
+        email: z8.string()
       }),
       401: apiErrorSchema,
       404: apiErrorSchema,
@@ -2260,23 +2113,23 @@ var authContract = c7.router({
 });
 
 // ../../packages/core/src/contracts/cron.ts
-import { z as z10 } from "zod";
-var c8 = initContract();
-var cleanupResultSchema = z10.object({
-  runId: z10.string(),
-  sandboxId: z10.string().nullable(),
-  status: z10.enum(["cleaned", "error"]),
-  error: z10.string().optional(),
-  reason: z10.string().optional()
+import { z as z9 } from "zod";
+var c7 = initContract();
+var cleanupResultSchema = z9.object({
+  runId: z9.string(),
+  sandboxId: z9.string().nullable(),
+  status: z9.enum(["cleaned", "error"]),
+  error: z9.string().optional(),
+  reason: z9.string().optional()
 });
-var cleanupResponseSchema = z10.object({
-  cleaned: z10.number(),
-  errors: z10.number(),
-  results: z10.array(cleanupResultSchema),
-  composeJobsCleaned: z10.number(),
-  composeJobErrors: z10.number()
+var cleanupResponseSchema = z9.object({
+  cleaned: z9.number(),
+  errors: z9.number(),
+  results: z9.array(cleanupResultSchema),
+  composeJobsCleaned: z9.number(),
+  composeJobErrors: z9.number()
 });
-var cronCleanupSandboxesContract = c8.router({
+var cronCleanupSandboxesContract = c7.router({
   /**
    * GET /api/cron/cleanup-sandboxes
    * Cron job to cleanup sandboxes that have stopped sending heartbeats
@@ -2295,23 +2148,23 @@ var cronCleanupSandboxesContract = c8.router({
 });
 
 // ../../packages/core/src/contracts/orgs.ts
-import { z as z11 } from "zod";
-var c9 = initContract();
-var orgTierSchema = z11.enum(["free", "pro", "max"]);
-var orgSlugSchema = z11.string().min(3, "Org slug must be at least 3 characters").max(64, "Org slug must be at most 64 characters").regex(
+import { z as z10 } from "zod";
+var c8 = initContract();
+var orgTierSchema = z10.enum(["free", "pro", "max"]);
+var orgSlugSchema = z10.string().min(3, "Org slug must be at least 3 characters").max(64, "Org slug must be at most 64 characters").regex(
   /^[a-z0-9][a-z0-9-]*[a-z0-9]$|^[a-z0-9]{1,2}$/,
   "Org slug must contain only lowercase letters, numbers, and hyphens, and must start and end with an alphanumeric character"
 ).transform((s) => s.toLowerCase());
-var orgResponseSchema = z11.object({
-  id: z11.string(),
-  slug: z11.string(),
-  tier: z11.string().optional()
+var orgResponseSchema = z10.object({
+  id: z10.string(),
+  slug: z10.string(),
+  tier: z10.string().optional()
 });
-var updateOrgRequestSchema = z11.object({
+var updateOrgRequestSchema = z10.object({
   slug: orgSlugSchema,
-  force: z11.boolean().optional().default(false)
+  force: z10.boolean().optional().default(false)
 });
-var orgContract = c9.router({
+var orgContract = c8.router({
   /**
    * GET /api/org
    * Get current user's default org
@@ -2349,7 +2202,7 @@ var orgContract = c9.router({
     summary: "Update org slug"
   }
 });
-var orgDefaultAgentContract = c9.router({
+var orgDefaultAgentContract = c8.router({
   /**
    * PUT /api/orgs/default-agent?org={slug}
    * Set or unset the default agent for an org.
@@ -2360,15 +2213,15 @@ var orgDefaultAgentContract = c9.router({
     method: "PUT",
     path: "/api/orgs/default-agent",
     headers: authHeadersSchema,
-    query: z11.object({
-      org: z11.string().optional()
+    query: z10.object({
+      org: z10.string().optional()
     }),
-    body: z11.object({
-      agentComposeId: z11.string().uuid().nullable()
+    body: z10.object({
+      agentComposeId: z10.string().uuid().nullable()
     }),
     responses: {
-      200: z11.object({
-        agentComposeId: z11.string().uuid().nullable()
+      200: z10.object({
+        agentComposeId: z10.string().uuid().nullable()
       }),
       400: apiErrorSchema,
       401: apiErrorSchema,
@@ -2380,30 +2233,30 @@ var orgDefaultAgentContract = c9.router({
 });
 
 // ../../packages/core/src/contracts/secrets.ts
-import { z as z12 } from "zod";
-var c10 = initContract();
-var secretNameSchema = z12.string().min(1, "Secret name is required").max(255, "Secret name must be at most 255 characters").regex(
+import { z as z11 } from "zod";
+var c9 = initContract();
+var secretNameSchema = z11.string().min(1, "Secret name is required").max(255, "Secret name must be at most 255 characters").regex(
   /^[A-Z][A-Z0-9_]*$/,
   "Secret name must contain only uppercase letters, numbers, and underscores, and must start with a letter (e.g., MY_API_KEY)"
 );
-var secretTypeSchema = z12.enum(["user", "model-provider", "connector"]);
-var secretResponseSchema = z12.object({
-  id: z12.string().uuid(),
-  name: z12.string(),
-  description: z12.string().nullable(),
+var secretTypeSchema = z11.enum(["user", "model-provider", "connector"]);
+var secretResponseSchema = z11.object({
+  id: z11.string().uuid(),
+  name: z11.string(),
+  description: z11.string().nullable(),
   type: secretTypeSchema,
-  createdAt: z12.string(),
-  updatedAt: z12.string()
+  createdAt: z11.string(),
+  updatedAt: z11.string()
 });
-var secretListResponseSchema = z12.object({
-  secrets: z12.array(secretResponseSchema)
+var secretListResponseSchema = z11.object({
+  secrets: z11.array(secretResponseSchema)
 });
-var setSecretRequestSchema = z12.object({
+var setSecretRequestSchema = z11.object({
   name: secretNameSchema,
-  value: z12.string().min(1, "Secret value is required"),
-  description: z12.string().max(1e3).optional()
+  value: z11.string().min(1, "Secret value is required"),
+  description: z11.string().max(1e3).optional()
 });
-var secretsMainContract = c10.router({
+var secretsMainContract = c9.router({
   /**
    * GET /api/secrets
    * List all secrets for the current user's org (metadata only)
@@ -2438,7 +2291,7 @@ var secretsMainContract = c10.router({
     summary: "Create or update a secret"
   }
 });
-var secretsByNameContract = c10.router({
+var secretsByNameContract = c9.router({
   /**
    * GET /api/secrets/:name
    * Get a secret by name (metadata only)
@@ -2447,7 +2300,7 @@ var secretsByNameContract = c10.router({
     method: "GET",
     path: "/api/secrets/:name",
     headers: authHeadersSchema,
-    pathParams: z12.object({
+    pathParams: z11.object({
       name: secretNameSchema
     }),
     responses: {
@@ -2466,11 +2319,11 @@ var secretsByNameContract = c10.router({
     method: "DELETE",
     path: "/api/secrets/:name",
     headers: authHeadersSchema,
-    pathParams: z12.object({
+    pathParams: z11.object({
       name: secretNameSchema
     }),
     responses: {
-      204: c10.noBody(),
+      204: c9.noBody(),
       401: apiErrorSchema,
       404: apiErrorSchema,
       500: apiErrorSchema
@@ -2480,29 +2333,29 @@ var secretsByNameContract = c10.router({
 });
 
 // ../../packages/core/src/contracts/variables.ts
-import { z as z13 } from "zod";
-var c11 = initContract();
-var variableNameSchema = z13.string().min(1, "Variable name is required").max(255, "Variable name must be at most 255 characters").regex(
+import { z as z12 } from "zod";
+var c10 = initContract();
+var variableNameSchema = z12.string().min(1, "Variable name is required").max(255, "Variable name must be at most 255 characters").regex(
   /^[A-Z][A-Z0-9_]*$/,
   "Variable name must contain only uppercase letters, numbers, and underscores, and must start with a letter (e.g., MY_VAR)"
 );
-var variableResponseSchema = z13.object({
-  id: z13.string().uuid(),
-  name: z13.string(),
-  value: z13.string(),
-  description: z13.string().nullable(),
-  createdAt: z13.string(),
-  updatedAt: z13.string()
+var variableResponseSchema = z12.object({
+  id: z12.string().uuid(),
+  name: z12.string(),
+  value: z12.string(),
+  description: z12.string().nullable(),
+  createdAt: z12.string(),
+  updatedAt: z12.string()
 });
-var variableListResponseSchema = z13.object({
-  variables: z13.array(variableResponseSchema)
+var variableListResponseSchema = z12.object({
+  variables: z12.array(variableResponseSchema)
 });
-var setVariableRequestSchema = z13.object({
+var setVariableRequestSchema = z12.object({
   name: variableNameSchema,
-  value: z13.string().min(1, "Variable value is required"),
-  description: z13.string().max(1e3).optional()
+  value: z12.string().min(1, "Variable value is required"),
+  description: z12.string().max(1e3).optional()
 });
-var variablesMainContract = c11.router({
+var variablesMainContract = c10.router({
   /**
    * GET /api/variables
    * List all variables for the current user's org (includes values)
@@ -2537,7 +2390,7 @@ var variablesMainContract = c11.router({
     summary: "Create or update a variable"
   }
 });
-var variablesByNameContract = c11.router({
+var variablesByNameContract = c10.router({
   /**
    * GET /api/variables/:name
    * Get a variable by name (includes value)
@@ -2546,7 +2399,7 @@ var variablesByNameContract = c11.router({
     method: "GET",
     path: "/api/variables/:name",
     headers: authHeadersSchema,
-    pathParams: z13.object({
+    pathParams: z12.object({
       name: variableNameSchema
     }),
     responses: {
@@ -2565,11 +2418,11 @@ var variablesByNameContract = c11.router({
     method: "DELETE",
     path: "/api/variables/:name",
     headers: authHeadersSchema,
-    pathParams: z13.object({
+    pathParams: z12.object({
       name: variableNameSchema
     }),
     responses: {
-      204: c11.noBody(),
+      204: c10.noBody(),
       401: apiErrorSchema,
       404: apiErrorSchema,
       500: apiErrorSchema
@@ -2579,8 +2432,8 @@ var variablesByNameContract = c11.router({
 });
 
 // ../../packages/core/src/contracts/model-providers.ts
-import { z as z14 } from "zod";
-var c12 = initContract();
+import { z as z13 } from "zod";
+var c11 = initContract();
 var MODEL_PROVIDER_TYPES = {
   "claude-code-oauth-token": {
     framework: "claude-code",
@@ -2801,7 +2654,7 @@ var MODEL_PROVIDER_TYPES = {
     customModelPlaceholder: "anthropic.claude-sonnet-4-20250514-v1:0"
   }
 };
-var modelProviderTypeSchema = z14.enum([
+var modelProviderTypeSchema = z13.enum([
   "claude-code-oauth-token",
   "anthropic-api-key",
   "openrouter-api-key",
@@ -2812,7 +2665,7 @@ var modelProviderTypeSchema = z14.enum([
   "azure-foundry",
   "aws-bedrock"
 ]);
-var modelProviderFrameworkSchema = z14.enum(["claude-code", "codex"]);
+var modelProviderFrameworkSchema = z13.enum(["claude-code", "codex"]);
 function hasAuthMethods(type2) {
   const config = MODEL_PROVIDER_TYPES[type2];
   return "authMethods" in config;
@@ -2853,43 +2706,43 @@ function getCustomModelPlaceholder(type2) {
   const config = MODEL_PROVIDER_TYPES[type2];
   return "customModelPlaceholder" in config ? config.customModelPlaceholder : void 0;
 }
-var modelProviderResponseSchema = z14.object({
-  id: z14.string().uuid(),
+var modelProviderResponseSchema = z13.object({
+  id: z13.string().uuid(),
   type: modelProviderTypeSchema,
   framework: modelProviderFrameworkSchema,
-  secretName: z14.string().nullable(),
+  secretName: z13.string().nullable(),
   // Legacy single-secret (deprecated for multi-auth)
-  authMethod: z14.string().nullable(),
+  authMethod: z13.string().nullable(),
   // For multi-auth providers
-  secretNames: z14.array(z14.string()).nullable(),
+  secretNames: z13.array(z13.string()).nullable(),
   // For multi-auth providers
-  isDefault: z14.boolean(),
-  selectedModel: z14.string().nullable(),
-  createdAt: z14.string(),
-  updatedAt: z14.string()
+  isDefault: z13.boolean(),
+  selectedModel: z13.string().nullable(),
+  createdAt: z13.string(),
+  updatedAt: z13.string()
 });
-var modelProviderListResponseSchema = z14.object({
-  modelProviders: z14.array(modelProviderResponseSchema)
+var modelProviderListResponseSchema = z13.object({
+  modelProviders: z13.array(modelProviderResponseSchema)
 });
-var upsertModelProviderRequestSchema = z14.object({
+var upsertModelProviderRequestSchema = z13.object({
   type: modelProviderTypeSchema,
-  secret: z14.string().min(1).optional(),
+  secret: z13.string().min(1).optional(),
   // Legacy single secret
-  authMethod: z14.string().optional(),
+  authMethod: z13.string().optional(),
   // For multi-auth providers
-  secrets: z14.record(z14.string(), z14.string()).optional(),
+  secrets: z13.record(z13.string(), z13.string()).optional(),
   // For multi-auth providers
-  selectedModel: z14.string().optional()
+  selectedModel: z13.string().optional()
 });
-var upsertModelProviderResponseSchema = z14.object({
+var upsertModelProviderResponseSchema = z13.object({
   provider: modelProviderResponseSchema,
-  created: z14.boolean()
+  created: z13.boolean()
 });
-var checkSecretResponseSchema = z14.object({
-  exists: z14.boolean(),
-  secretName: z14.string()
+var checkSecretResponseSchema = z13.object({
+  exists: z13.boolean(),
+  secretName: z13.string()
 });
-var modelProvidersMainContract = c12.router({
+var modelProvidersMainContract = c11.router({
   list: {
     method: "GET",
     path: "/api/model-providers",
@@ -2917,12 +2770,12 @@ var modelProvidersMainContract = c12.router({
     summary: "Create or update a model provider"
   }
 });
-var modelProvidersCheckContract = c12.router({
+var modelProvidersCheckContract = c11.router({
   check: {
     method: "GET",
     path: "/api/model-providers/check/:type",
     headers: authHeadersSchema,
-    pathParams: z14.object({
+    pathParams: z13.object({
       type: modelProviderTypeSchema
     }),
     responses: {
@@ -2933,16 +2786,16 @@ var modelProvidersCheckContract = c12.router({
     summary: "Check if secret exists for a model provider type"
   }
 });
-var modelProvidersByTypeContract = c12.router({
+var modelProvidersByTypeContract = c11.router({
   delete: {
     method: "DELETE",
     path: "/api/model-providers/:type",
     headers: authHeadersSchema,
-    pathParams: z14.object({
+    pathParams: z13.object({
       type: modelProviderTypeSchema
     }),
     responses: {
-      204: c12.noBody(),
+      204: c11.noBody(),
       401: apiErrorSchema,
       404: apiErrorSchema,
       500: apiErrorSchema
@@ -2950,15 +2803,15 @@ var modelProvidersByTypeContract = c12.router({
     summary: "Delete a model provider"
   }
 });
-var modelProvidersConvertContract = c12.router({
+var modelProvidersConvertContract = c11.router({
   convert: {
     method: "POST",
     path: "/api/model-providers/:type/convert",
     headers: authHeadersSchema,
-    pathParams: z14.object({
+    pathParams: z13.object({
       type: modelProviderTypeSchema
     }),
-    body: z14.undefined(),
+    body: z13.undefined(),
     responses: {
       200: modelProviderResponseSchema,
       400: apiErrorSchema,
@@ -2969,15 +2822,15 @@ var modelProvidersConvertContract = c12.router({
     summary: "Convert existing user secret to model provider"
   }
 });
-var modelProvidersSetDefaultContract = c12.router({
+var modelProvidersSetDefaultContract = c11.router({
   setDefault: {
     method: "POST",
     path: "/api/model-providers/:type/set-default",
     headers: authHeadersSchema,
-    pathParams: z14.object({
+    pathParams: z13.object({
       type: modelProviderTypeSchema
     }),
-    body: z14.undefined(),
+    body: z13.undefined(),
     responses: {
       200: modelProviderResponseSchema,
       401: apiErrorSchema,
@@ -2987,15 +2840,15 @@ var modelProvidersSetDefaultContract = c12.router({
     summary: "Set a model provider as default for its framework"
   }
 });
-var updateModelRequestSchema = z14.object({
-  selectedModel: z14.string().optional()
+var updateModelRequestSchema = z13.object({
+  selectedModel: z13.string().optional()
 });
-var modelProvidersUpdateModelContract = c12.router({
+var modelProvidersUpdateModelContract = c11.router({
   updateModel: {
     method: "PATCH",
     path: "/api/model-providers/:type/model",
     headers: authHeadersSchema,
-    pathParams: z14.object({
+    pathParams: z13.object({
       type: modelProviderTypeSchema
     }),
     body: updateModelRequestSchema,
@@ -3010,53 +2863,53 @@ var modelProvidersUpdateModelContract = c12.router({
 });
 
 // ../../packages/core/src/contracts/sessions.ts
-import { z as z15 } from "zod";
-var c13 = initContract();
-var storedChatMessageSchema = z15.object({
-  role: z15.enum(["user", "assistant"]),
-  content: z15.string(),
-  runId: z15.string().optional(),
-  createdAt: z15.string()
+import { z as z14 } from "zod";
+var c12 = initContract();
+var storedChatMessageSchema = z14.object({
+  role: z14.enum(["user", "assistant"]),
+  content: z14.string(),
+  runId: z14.string().optional(),
+  createdAt: z14.string()
 });
-var sessionResponseSchema = z15.object({
-  id: z15.string(),
-  agentComposeId: z15.string(),
-  conversationId: z15.string().nullable(),
-  artifactName: z15.string().nullable(),
-  secretNames: z15.array(z15.string()).nullable(),
-  chatMessages: z15.array(storedChatMessageSchema).optional(),
-  createdAt: z15.string(),
-  updatedAt: z15.string()
+var sessionResponseSchema = z14.object({
+  id: z14.string(),
+  agentComposeId: z14.string(),
+  conversationId: z14.string().nullable(),
+  artifactName: z14.string().nullable(),
+  secretNames: z14.array(z14.string()).nullable(),
+  chatMessages: z14.array(storedChatMessageSchema).optional(),
+  createdAt: z14.string(),
+  updatedAt: z14.string()
 });
-var sessionListItemSchema = z15.object({
-  id: z15.string(),
-  createdAt: z15.string(),
-  updatedAt: z15.string(),
-  messageCount: z15.number(),
-  preview: z15.string().nullable()
+var sessionListItemSchema = z14.object({
+  id: z14.string(),
+  createdAt: z14.string(),
+  updatedAt: z14.string(),
+  messageCount: z14.number(),
+  preview: z14.string().nullable()
 });
-var agentComposeSnapshotSchema = z15.object({
-  agentComposeVersionId: z15.string(),
-  vars: z15.record(z15.string(), z15.string()).optional(),
-  secretNames: z15.array(z15.string()).optional()
+var agentComposeSnapshotSchema = z14.object({
+  agentComposeVersionId: z14.string(),
+  vars: z14.record(z14.string(), z14.string()).optional(),
+  secretNames: z14.array(z14.string()).optional()
 });
-var artifactSnapshotSchema2 = z15.object({
-  artifactName: z15.string(),
-  artifactVersion: z15.string()
+var artifactSnapshotSchema2 = z14.object({
+  artifactName: z14.string(),
+  artifactVersion: z14.string()
 });
-var volumeVersionsSnapshotSchema2 = z15.object({
-  versions: z15.record(z15.string(), z15.string())
+var volumeVersionsSnapshotSchema2 = z14.object({
+  versions: z14.record(z14.string(), z14.string())
 });
-var checkpointResponseSchema = z15.object({
-  id: z15.string(),
-  runId: z15.string(),
-  conversationId: z15.string(),
+var checkpointResponseSchema = z14.object({
+  id: z14.string(),
+  runId: z14.string(),
+  conversationId: z14.string(),
   agentComposeSnapshot: agentComposeSnapshotSchema,
   artifactSnapshot: artifactSnapshotSchema2.nullable(),
   volumeVersionsSnapshot: volumeVersionsSnapshotSchema2.nullable(),
-  createdAt: z15.string()
+  createdAt: z14.string()
 });
-var sessionsContract = c13.router({
+var sessionsContract = c12.router({
   /**
    * GET /api/agent/sessions?agentComposeId=X
    * List chat sessions for an agent
@@ -3065,17 +2918,17 @@ var sessionsContract = c13.router({
     method: "GET",
     path: "/api/agent/sessions",
     headers: authHeadersSchema,
-    query: z15.object({
-      agentComposeId: z15.string().min(1, "agentComposeId is required")
+    query: z14.object({
+      agentComposeId: z14.string().min(1, "agentComposeId is required")
     }),
     responses: {
-      200: z15.object({ sessions: z15.array(sessionListItemSchema) }),
+      200: z14.object({ sessions: z14.array(sessionListItemSchema) }),
       401: apiErrorSchema
     },
     summary: "List chat sessions for an agent"
   }
 });
-var sessionsByIdContract = c13.router({
+var sessionsByIdContract = c12.router({
   /**
    * GET /api/agent/sessions/:id
    * Get session by ID
@@ -3084,8 +2937,8 @@ var sessionsByIdContract = c13.router({
     method: "GET",
     path: "/api/agent/sessions/:id",
     headers: authHeadersSchema,
-    pathParams: z15.object({
-      id: z15.string().min(1, "Session ID is required")
+    pathParams: z14.object({
+      id: z14.string().min(1, "Session ID is required")
     }),
     responses: {
       200: sessionResponseSchema,
@@ -3096,7 +2949,7 @@ var sessionsByIdContract = c13.router({
     summary: "Get session by ID"
   }
 });
-var sessionMessagesContract = c13.router({
+var sessionMessagesContract = c12.router({
   /**
    * POST /api/agent/sessions/:id/messages
    * Append chat messages to a session
@@ -3105,20 +2958,20 @@ var sessionMessagesContract = c13.router({
     method: "POST",
     path: "/api/agent/sessions/:id/messages",
     headers: authHeadersSchema,
-    pathParams: z15.object({
-      id: z15.string().min(1, "Session ID is required")
+    pathParams: z14.object({
+      id: z14.string().min(1, "Session ID is required")
     }),
-    body: z15.object({
-      messages: z15.array(
-        z15.object({
-          role: z15.enum(["user", "assistant"]),
-          content: z15.string(),
-          runId: z15.string().optional()
+    body: z14.object({
+      messages: z14.array(
+        z14.object({
+          role: z14.enum(["user", "assistant"]),
+          content: z14.string(),
+          runId: z14.string().optional()
         })
       )
     }),
     responses: {
-      200: z15.object({ success: z15.literal(true) }),
+      200: z14.object({ success: z14.literal(true) }),
       401: apiErrorSchema,
       403: apiErrorSchema,
       404: apiErrorSchema
@@ -3126,7 +2979,7 @@ var sessionMessagesContract = c13.router({
     summary: "Append chat messages to a session"
   }
 });
-var checkpointsByIdContract = c13.router({
+var checkpointsByIdContract = c12.router({
   /**
    * GET /api/agent/checkpoints/:id
    * Get checkpoint by ID
@@ -3135,8 +2988,8 @@ var checkpointsByIdContract = c13.router({
     method: "GET",
     path: "/api/agent/checkpoints/:id",
     headers: authHeadersSchema,
-    pathParams: z15.object({
-      id: z15.string().min(1, "Checkpoint ID is required")
+    pathParams: z14.object({
+      id: z14.string().min(1, "Checkpoint ID is required")
     }),
     responses: {
       200: checkpointResponseSchema,
@@ -3148,6 +3001,155 @@ var checkpointsByIdContract = c13.router({
   }
 });
 
+// ../../packages/core/src/contracts/runners.ts
+import { z as z15 } from "zod";
+var c13 = initContract();
+var runnerGroupSchema = z15.string().regex(
+  /^[a-z0-9-]+\/[a-z0-9-]+$/,
+  "Runner group must be in org/name format (e.g., acme/production)"
+);
+var jobSchema = z15.object({
+  runId: z15.string().uuid(),
+  prompt: z15.string(),
+  agentComposeVersionId: z15.string().nullable(),
+  vars: z15.record(z15.string(), z15.string()).nullable(),
+  checkpointId: z15.string().uuid().nullable()
+});
+var runnersPollContract = c13.router({
+  poll: {
+    method: "POST",
+    path: "/api/runners/poll",
+    headers: authHeadersSchema,
+    body: z15.object({
+      group: runnerGroupSchema
+    }),
+    responses: {
+      200: z15.object({
+        job: jobSchema.nullable()
+      }),
+      400: apiErrorSchema,
+      401: apiErrorSchema,
+      500: apiErrorSchema
+    },
+    summary: "Poll for pending jobs (long-polling with 30s timeout)"
+  }
+});
+var firewallApiSchema = z15.object({
+  base: z15.string(),
+  auth: z15.object({
+    headers: z15.record(z15.string(), z15.string())
+  }),
+  permissions: z15.array(firewallPermissionSchema).optional()
+});
+var firewallSchema = z15.object({
+  name: z15.string(),
+  ref: z15.string(),
+  apis: z15.array(firewallApiSchema)
+});
+var experimentalFirewallSchema = z15.array(firewallSchema);
+var storageEntrySchema = z15.object({
+  mountPath: z15.string(),
+  archiveUrl: z15.string().nullable()
+});
+var artifactEntrySchema = z15.object({
+  mountPath: z15.string(),
+  archiveUrl: z15.string().nullable(),
+  vasStorageName: z15.string(),
+  vasVersionId: z15.string()
+});
+var storageManifestSchema = z15.object({
+  storages: z15.array(storageEntrySchema),
+  artifact: artifactEntrySchema.nullable(),
+  memory: artifactEntrySchema.nullable()
+});
+var resumeSessionSchema = z15.object({
+  sessionId: z15.string(),
+  sessionHistory: z15.string()
+});
+var storedExecutionContextSchema = z15.object({
+  workingDir: z15.string(),
+  storageManifest: storageManifestSchema.nullable(),
+  environment: z15.record(z15.string(), z15.string()).nullable(),
+  resumeSession: resumeSessionSchema.nullable(),
+  encryptedSecrets: z15.string().nullable(),
+  // AES-256-GCM encrypted Record<string, string> (secret name → value)
+  // Maps secret names to OAuth connector types for runtime token refresh (e.g. { "GMAIL_ACCESS_TOKEN": "gmail" })
+  secretConnectorMap: z15.record(z15.string(), z15.string()).nullable().optional(),
+  cliAgentType: z15.string(),
+  // Debug flag to force real Claude in mock environments (internal use only)
+  debugNoMockClaude: z15.boolean().optional(),
+  // Dispatch timestamp for E2E timing metrics
+  apiStartTime: z15.number().optional(),
+  // User's timezone preference (IANA format, e.g., "Asia/Shanghai")
+  userTimezone: z15.string().optional(),
+  // Agent metadata for VM0_AGENT_NAME and VM0_AGENT_ORG env vars
+  agentName: z15.string().optional(),
+  agentOrgSlug: z15.string().optional(),
+  // Memory storage name (for first-run when manifest.memory is null)
+  memoryName: z15.string().optional(),
+  // Experimental firewall for proxy-side token replacement
+  experimentalFirewall: experimentalFirewallSchema.optional(),
+  // Experimental capabilities for agent permission enforcement
+  experimentalCapabilities: z15.array(z15.enum(VALID_CAPABILITIES)).optional()
+});
+var executionContextSchema = z15.object({
+  runId: z15.string().uuid(),
+  prompt: z15.string(),
+  agentComposeVersionId: z15.string().nullable(),
+  vars: z15.record(z15.string(), z15.string()).nullable(),
+  checkpointId: z15.string().uuid().nullable(),
+  sandboxToken: z15.string(),
+  // New fields for E2B parity:
+  workingDir: z15.string(),
+  storageManifest: storageManifestSchema.nullable(),
+  environment: z15.record(z15.string(), z15.string()).nullable(),
+  resumeSession: resumeSessionSchema.nullable(),
+  secretValues: z15.array(z15.string()).nullable(),
+  // AES-256-GCM encrypted Record<string, string> — passed through to mitm-addon for auth resolution
+  encryptedSecrets: z15.string().nullable(),
+  // Maps secret names to OAuth connector types for runtime token refresh
+  secretConnectorMap: z15.record(z15.string(), z15.string()).nullable().optional(),
+  cliAgentType: z15.string(),
+  // Debug flag to force real Claude in mock environments (internal use only)
+  debugNoMockClaude: z15.boolean().optional(),
+  // Dispatch timestamp for E2E timing metrics
+  apiStartTime: z15.number().optional(),
+  // User's timezone preference (IANA format, e.g., "Asia/Shanghai")
+  userTimezone: z15.string().optional(),
+  // Agent metadata
+  agentName: z15.string().optional(),
+  agentOrgSlug: z15.string().optional(),
+  // Memory storage name (for first-run when manifest.memory is null)
+  memoryName: z15.string().optional(),
+  // Experimental firewall for proxy-side token replacement
+  experimentalFirewall: experimentalFirewallSchema.optional(),
+  // Experimental capabilities for agent permission enforcement
+  experimentalCapabilities: z15.array(z15.enum(VALID_CAPABILITIES)).optional()
+});
+var runnersJobClaimContract = c13.router({
+  claim: {
+    method: "POST",
+    path: "/api/runners/jobs/:id/claim",
+    headers: authHeadersSchema,
+    pathParams: z15.object({
+      id: z15.string().uuid()
+    }),
+    body: z15.object({}),
+    responses: {
+      200: executionContextSchema,
+      400: apiErrorSchema,
+      401: apiErrorSchema,
+      403: apiErrorSchema,
+      // Job does not belong to user
+      404: apiErrorSchema,
+      409: apiErrorSchema,
+      // Already claimed
+      500: apiErrorSchema
+    },
+    summary: "Claim a pending job for execution"
+  }
+});
+
 // ../../packages/core/src/contracts/schedules.ts
 import { z as z16 } from "zod";
 var c14 = initContract();
@@ -3196,7 +3198,10 @@ var deployScheduleRequestSchema = z16.object({
   // Resolved agent compose ID (CLI resolves org/name:version → composeId)
   composeId: z16.string().uuid("Invalid compose ID"),
   // Enable schedule immediately upon creation
-  enabled: z16.boolean().optional()
+  enabled: z16.boolean().optional(),
+  // Per-schedule notification control (AND'd with user global preferences)
+  notifyEmail: z16.boolean().optional(),
+  notifySlack: z16.boolean().optional()
 }).refine(
   (data) => {
     const triggers = [
@@ -3230,6 +3235,8 @@ var scheduleResponseSchema = z16.object({
   artifactVersion: z16.string().nullable(),
   volumeVersions: z16.record(z16.string(), z16.string()).nullable(),
   enabled: z16.boolean(),
+  notifyEmail: z16.boolean(),
+  notifySlack: z16.boolean(),
   nextRunAt: z16.string().nullable(),
   lastRunAt: z16.string().nullable(),
   retryStartedAt: z16.string().nullable(),
@@ -6449,7 +6456,7 @@ var computerConnectorContract = c18.router({
   }
 });
 
-// ../../packages/core/src/contracts/services.ts
+// ../../packages/core/src/contracts/firewall.ts
 function bearerAuth(secretName) {
   return { headers: { Authorization: `Bearer \${{ secrets.${secretName} }}` } };
 }
@@ -6460,7 +6467,7 @@ var FULL_ACCESS_PERMISSION = {
 function api(base, auth) {
   return { base, auth, permissions: [FULL_ACCESS_PERMISSION] };
 }
-var SERVICE_CONFIGS = {
+var FIREWALL_CONFIGS = {
   ahrefs: {
     apis: [api("https://api.ahrefs.com", bearerAuth("AHREFS_TOKEN"))]
   },
@@ -7027,13 +7034,13 @@ var SERVICE_CONFIGS = {
     ]
   }
 };
-function getServiceConfig(type2) {
-  const config = SERVICE_CONFIGS[type2];
+function getFirewallConfig(type2) {
+  const config = FIREWALL_CONFIGS[type2];
   if (!config) return void 0;
   return { ...config, name: type2 };
 }
 
-// ../../packages/core/src/contracts/service-expander.ts
+// ../../packages/core/src/contracts/firewall-expander.ts
 var VALID_RULE_METHODS = /* @__PURE__ */ new Set([
   "GET",
   "POST",
@@ -7048,23 +7055,23 @@ function validateRule(rule, permName, serviceName) {
   const parts = rule.split(" ", 2);
   if (parts.length !== 2 || !parts[1]) {
     throw new Error(
-      `Invalid rule "${rule}" in permission "${permName}" of service "${serviceName}": must be "METHOD /path"`
+      `Invalid rule "${rule}" in permission "${permName}" of firewall "${serviceName}": must be "METHOD /path"`
     );
   }
   const [method, path18] = parts;
   if (!VALID_RULE_METHODS.has(method)) {
     throw new Error(
-      `Invalid rule "${rule}" in permission "${permName}" of service "${serviceName}": unknown method "${method}" (must be uppercase)`
+      `Invalid rule "${rule}" in permission "${permName}" of firewall "${serviceName}": unknown method "${method}" (must be uppercase)`
     );
   }
   if (!path18.startsWith("/")) {
     throw new Error(
-      `Invalid rule "${rule}" in permission "${permName}" of service "${serviceName}": path must start with "/"`
+      `Invalid rule "${rule}" in permission "${permName}" of firewall "${serviceName}": path must start with "/"`
     );
   }
   if (path18.includes("?") || path18.includes("#")) {
     throw new Error(
-      `Invalid rule "${rule}" in permission "${permName}" of service "${serviceName}": path must not contain query string or fragment`
+      `Invalid rule "${rule}" in permission "${permName}" of firewall "${serviceName}": path must not contain query string or fragment`
     );
   }
   const segments = path18.split("/").filter(Boolean);
@@ -7076,18 +7083,18 @@ function validateRule(rule, permName, serviceName) {
       const baseName = name.endsWith("+") ? name.slice(0, -1) : name;
       if (!baseName) {
         throw new Error(
-          `Invalid rule "${rule}" in permission "${permName}" of service "${serviceName}": empty parameter name`
+          `Invalid rule "${rule}" in permission "${permName}" of firewall "${serviceName}": empty parameter name`
         );
       }
       if (paramNames.has(baseName)) {
         throw new Error(
-          `Invalid rule "${rule}" in permission "${permName}" of service "${serviceName}": duplicate parameter name "{${baseName}}"`
+          `Invalid rule "${rule}" in permission "${permName}" of firewall "${serviceName}": duplicate parameter name "{${baseName}}"`
         );
       }
       paramNames.add(baseName);
       if (name.endsWith("+") && i !== segments.length - 1) {
         throw new Error(
-          `Invalid rule "${rule}" in permission "${permName}" of service "${serviceName}": {${name}} must be the last segment`
+          `Invalid rule "${rule}" in permission "${permName}" of firewall "${serviceName}": {${name}} must be the last segment`
         );
       }
     }
@@ -7099,31 +7106,31 @@ function validateBaseUrl(base, serviceName) {
     url = new URL(base);
   } catch {
     throw new Error(
-      `Invalid base URL "${base}" in service "${serviceName}": not a valid URL`
+      `Invalid base URL "${base}" in firewall "${serviceName}": not a valid URL`
     );
   }
   if (url.search) {
     throw new Error(
-      `Invalid base URL "${base}" in service "${serviceName}": must not contain query string`
+      `Invalid base URL "${base}" in firewall "${serviceName}": must not contain query string`
     );
   }
   if (url.hash) {
     throw new Error(
-      `Invalid base URL "${base}" in service "${serviceName}": must not contain fragment`
+      `Invalid base URL "${base}" in firewall "${serviceName}": must not contain fragment`
     );
   }
 }
-function resolveServiceConfig(ref) {
+function resolveFirewallConfig(ref) {
   const parsed = connectorTypeSchema.safeParse(ref);
   if (!parsed.success) {
     throw new Error(
-      `Cannot resolve service ref "${ref}": no built-in service with this name`
+      `Cannot resolve firewall ref "${ref}": no built-in firewall config with this name`
     );
   }
-  const serviceConfig = getServiceConfig(parsed.data);
+  const serviceConfig = getFirewallConfig(parsed.data);
   if (!serviceConfig) {
     throw new Error(
-      `Service ref "${ref}" resolved to "${parsed.data}" but it does not support proxy-side token replacement`
+      `Firewall ref "${ref}" resolved to "${parsed.data}" but it does not support proxy-side token replacement`
     );
   }
   return serviceConfig;
@@ -7131,7 +7138,7 @@ function resolveServiceConfig(ref) {
 function collectAndValidatePermissions(ref, serviceConfig) {
   if (serviceConfig.apis.length === 0) {
     throw new Error(
-      `Service "${serviceConfig.name}" (ref "${ref}") has no api entries`
+      `Firewall "${serviceConfig.name}" (ref "${ref}") has no api entries`
     );
   }
   const available = /* @__PURE__ */ new Set();
@@ -7139,29 +7146,29 @@ function collectAndValidatePermissions(ref, serviceConfig) {
     validateBaseUrl(api2.base, serviceConfig.name);
     if (!api2.permissions || api2.permissions.length === 0) {
       throw new Error(
-        `API entry "${api2.base}" in service "${serviceConfig.name}" (ref "${ref}") has no permissions`
+        `API entry "${api2.base}" in firewall "${serviceConfig.name}" (ref "${ref}") has no permissions`
       );
     }
     const seen = /* @__PURE__ */ new Set();
     for (const perm of api2.permissions) {
       if (!perm.name) {
         throw new Error(
-          `Service "${serviceConfig.name}" (ref "${ref}") has a permission with empty name`
+          `Firewall "${serviceConfig.name}" (ref "${ref}") has a permission with empty name`
         );
       }
       if (perm.name === "all") {
         throw new Error(
-          `Service "${serviceConfig.name}" (ref "${ref}") has a permission named "all", which is a reserved keyword`
+          `Firewall "${serviceConfig.name}" (ref "${ref}") has a permission named "all", which is a reserved keyword`
         );
       }
       if (seen.has(perm.name)) {
         throw new Error(
-          `Duplicate permission name "${perm.name}" in API entry "${api2.base}" of service "${serviceConfig.name}" (ref "${ref}")`
+          `Duplicate permission name "${perm.name}" in API entry "${api2.base}" of firewall "${serviceConfig.name}" (ref "${ref}")`
         );
       }
       if (perm.rules.length === 0) {
         throw new Error(
-          `Permission "${perm.name}" in service "${serviceConfig.name}" (ref "${ref}") has no rules`
+          `Permission "${perm.name}" in firewall "${serviceConfig.name}" (ref "${ref}") has no rules`
         );
       }
       for (const rule of perm.rules) {
@@ -7173,16 +7180,16 @@ function collectAndValidatePermissions(ref, serviceConfig) {
   }
   return available;
 }
-function expandServiceConfigs(config) {
+function expandFirewallConfigs(config) {
   const compose = config;
   if (!compose?.agents) return;
   for (const agent of Object.values(compose.agents)) {
-    const services = agent.experimental_services;
-    if (!services) continue;
-    if (Array.isArray(services)) continue;
+    const configs = agent.experimental_firewall;
+    if (!configs) continue;
+    if (Array.isArray(configs)) continue;
     const expanded = [];
-    for (const [ref, selection] of Object.entries(services)) {
-      const serviceConfig = resolveServiceConfig(ref);
+    for (const [ref, selection] of Object.entries(configs)) {
+      const serviceConfig = resolveFirewallConfig(ref);
       const availablePermissions = collectAndValidatePermissions(
         ref,
         serviceConfig
@@ -7192,7 +7199,7 @@ function expandServiceConfigs(config) {
           if (!availablePermissions.has(name)) {
             const available = [...availablePermissions].join(", ");
             throw new Error(
-              `Permission "${name}" does not exist in service "${serviceConfig.name}" (ref "${ref}"). Available: ${available}`
+              `Permission "${name}" does not exist in firewall "${serviceConfig.name}" (ref "${ref}"). Available: ${available}`
             );
           }
         }
@@ -7214,7 +7221,7 @@ function expandServiceConfigs(config) {
         entry.placeholders = serviceConfig.placeholders;
       expanded.push(entry);
     }
-    agent.experimental_services = expanded;
+    agent.experimental_firewall = expanded;
   }
 }
 
@@ -7810,7 +7817,8 @@ var FEATURE_SWITCHES = {
   },
   ["zero" /* Zero */]: {
     maintainer: "ethan@vm0.ai",
-    enabled: false
+    enabled: false,
+    enabledUserHashes: STAFF_USER_HASHES
   }
 };
 async function isFeatureEnabled(key, userId) {
@@ -7998,15 +8006,6 @@ async function httpPost(path18, body) {
     body: JSON.stringify(body)
   });
 }
-async function httpDelete(path18) {
-  const baseUrl = await getBaseUrl();
-  const headers = await getRawHeaders();
-  const orgPath = await appendOrgParam(path18);
-  return fetch(`${baseUrl}${orgPath}`, {
-    method: "DELETE",
-    headers
-  });
-}
 
 // src/lib/api/domains/composes.ts
 import { initClient } from "@ts-rest/core";
@@ -9805,7 +9804,7 @@ async function finalizeCompose(config, agent, variables, options) {
     process.exit(0);
   }
   mergeSkillVariables(agent, variables);
-  expandServiceConfigs(config);
+  expandFirewallConfigs(config);
   if (!options.json) {
     console.log("Uploading compose...");
   }
@@ -9945,7 +9944,7 @@ var composeCommand = new Command7().name("compose").description("Create or updat
         options.autoUpdate = false;
       }
       if (options.autoUpdate !== false) {
-        await startSilentUpgrade("9.59.5");
+        await startSilentUpgrade("9.60.0");
       }
       try {
         let result;
@@ -11112,30 +11111,13 @@ var mainRunCommand = new Command8().name("run").description("Run an agent").argu
 ).option(
   "--model-provider <type>",
   "Override model provider (e.g., anthropic-api-key)"
-).option("--verbose", "Show full tool inputs and outputs").option(
-  "--experimental-shared-agent",
-  "Allow running agents shared by other users (required when running org/agent format)"
-).option("--check-env", "Validate secrets and vars before running").addOption(new Option2("--debug-no-mock-claude").hideHelp()).addOption(new Option2("--no-auto-update").hideHelp()).action(
+).option("--verbose", "Show full tool inputs and outputs").option("--check-env", "Validate secrets and vars before running").addOption(new Option2("--debug-no-mock-claude").hideHelp()).addOption(new Option2("--no-auto-update").hideHelp()).action(
   withErrorHandler(
     async (identifier, prompt, options) => {
       if (options.autoUpdate !== false) {
-        await startSilentUpgrade("9.59.5");
+        await startSilentUpgrade("9.60.0");
       }
       const { org, name, version } = parseIdentifier(identifier);
-      if (org && !options.experimentalSharedAgent) {
-        const defaultOrg = await getOrg();
-        const isOwnOrg = defaultOrg.slug === org;
-        if (!isOwnOrg) {
-          throw new Error(
-            "Running shared agents requires --experimental-shared-agent flag",
-            {
-              cause: new Error(
-                `Use: vm0 run ${identifier} --experimental-shared-agent "your prompt"`
-              )
-            }
-          );
-        }
-      }
       let composeId;
       let composeContent;
       if (isUUID(name)) {
@@ -12806,7 +12788,7 @@ var cookAction = new Command34().name("cook").description("Quick start: prepare,
   withErrorHandler(
     async (prompt, options) => {
       if (options.autoUpdate !== false) {
-        const shouldExit = await checkAndUpgrade("9.59.5", prompt);
+        const shouldExit = await checkAndUpgrade("9.60.0", prompt);
         if (shouldExit) {
           process.exit(0);
         }
@@ -14252,7 +14234,7 @@ var leaveCommand = new Command47().name("leave").description("Leave the current
 var orgCommand = new Command48().name("org").description("Manage your organization (namespace for agents)").addCommand(statusCommand5).addCommand(setCommand).addCommand(listCommand5).addCommand(useCommand).addCommand(membersCommand).addCommand(inviteCommand).addCommand(removeCommand).addCommand(leaveCommand);
 
 // src/commands/agent/index.ts
-import { Command as Command58 } from "commander";
+import { Command as Command53 } from "commander";
 
 // src/commands/agent/clone.ts
 import { Command as Command49 } from "commander";
@@ -14594,326 +14576,78 @@ function formatComposeOutput(name, versionId, content, variableSources) {
 }
 var statusCommand6 = new Command52().name("status").description("Show status of agent compose").argument(
   "<name[:version]>",
-  "Agent name with optional version (e.g., my-agent:latest or my-agent:a1b2c3d4)"
-).option("--no-sources", "Skip fetching skills to determine variable sources").action(
-  withErrorHandler(
-    async (argument, options) => {
-      const colonIndex = argument.lastIndexOf(":");
-      let name;
-      let version;
-      if (colonIndex === -1) {
-        name = argument;
-        version = "latest";
-      } else {
-        name = argument.slice(0, colonIndex);
-        version = argument.slice(colonIndex + 1) || "latest";
-      }
-      const compose = await getComposeByName(name);
-      if (!compose) {
-        throw new Error(`Agent compose not found: ${name}`, {
-          cause: new Error("Run: vm0 agent list")
-        });
-      }
-      let resolvedVersionId = compose.headVersionId;
-      if (version !== "latest" && compose.headVersionId) {
-        if (version.length < 64) {
-          try {
-            const versionInfo = await getComposeVersion(compose.id, version);
-            resolvedVersionId = versionInfo.versionId;
-          } catch (error) {
-            if (error instanceof Error && error.message.includes("not found")) {
-              throw new Error(`Version not found: ${version}`, {
-                cause: new Error(
-                  `HEAD version: ${compose.headVersionId?.slice(0, 8)}`
-                )
-              });
-            }
-            throw error;
-          }
-        } else {
-          resolvedVersionId = version;
-        }
-      }
-      if (!resolvedVersionId || !compose.content) {
-        throw new Error(`No version found for: ${name}`);
-      }
-      const content = compose.content;
-      let variableSources;
-      try {
-        variableSources = await deriveComposeVariableSources(content, {
-          skipNetwork: options.sources === false
-        });
-      } catch {
-        console.error(
-          chalk48.yellow(
-            "\u26A0 Warning: Failed to fetch skill sources, showing basic info"
-          )
-        );
-      }
-      formatComposeOutput(
-        compose.name,
-        resolvedVersionId,
-        content,
-        variableSources
-      );
-    }
-  )
-);
-
-// src/commands/agent/public.ts
-import { Command as Command53 } from "commander";
-import chalk49 from "chalk";
-var publicCommand = new Command53().name("public").description("Make an agent public (accessible to all authenticated users)").argument("<name>", "Agent name").option(
-  "--experimental-shared-agent",
-  "Enable experimental agent sharing feature"
-).action(
-  withErrorHandler(
-    async (name, options) => {
-      if (!options.experimentalSharedAgent) {
-        throw new Error(
-          "This command requires --experimental-shared-agent flag",
-          {
-            cause: new Error(
-              `Use: vm0 agent public ${name} --experimental-shared-agent`
-            )
-          }
-        );
-      }
-      const compose = await getComposeByName(name);
-      if (!compose) {
-        throw new Error(`Agent not found: ${name}`);
-      }
-      const org = await getOrg();
-      const response = await httpPost(
-        `/api/agent/composes/${compose.id}/permissions`,
-        { granteeType: "public" }
-      );
-      if (!response.ok) {
-        const error = await response.json();
-        if (response.status === 409) {
-          console.log(chalk49.yellow(`Agent "${name}" is already public`));
-          return;
-        }
-        throw new Error(
-          error.error?.message || "Failed to make agent public"
-        );
-      }
-      const fullName = `${org.slug}/${name}`;
-      console.log(chalk49.green(`\u2713 Agent "${name}" is now public`));
-      console.log();
-      console.log("Others can now run your agent with:");
-      console.log(
-        chalk49.cyan(
-          `  vm0 run ${fullName} --experimental-shared-agent "your prompt"`
-        )
-      );
-    }
-  )
-);
-
-// src/commands/agent/private.ts
-import { Command as Command54 } from "commander";
-import chalk50 from "chalk";
-var privateCommand = new Command54().name("private").description("Make an agent private (remove public access)").argument("<name>", "Agent name").option(
-  "--experimental-shared-agent",
-  "Enable experimental agent sharing feature"
-).action(
-  withErrorHandler(
-    async (name, options) => {
-      if (!options.experimentalSharedAgent) {
-        throw new Error(
-          "This command requires --experimental-shared-agent flag",
-          {
-            cause: new Error(
-              `Use: vm0 agent private ${name} --experimental-shared-agent`
-            )
-          }
-        );
-      }
-      const compose = await getComposeByName(name);
-      if (!compose) {
-        throw new Error(`Agent not found: ${name}`);
-      }
-      const response = await httpDelete(
-        `/api/agent/composes/${compose.id}/permissions?type=public`
-      );
-      if (!response.ok) {
-        const error = await response.json();
-        if (response.status === 404) {
-          console.log(chalk50.yellow(`Agent "${name}" is already private`));
-          return;
-        }
-        throw new Error(
-          error.error?.message || "Failed to make agent private"
-        );
-      }
-      console.log(chalk50.green(`\u2713 Agent "${name}" is now private`));
-    }
-  )
-);
-
-// src/commands/agent/share.ts
-import { Command as Command55 } from "commander";
-import chalk51 from "chalk";
-var shareCommand = new Command55().name("share").description("Share an agent with a user by email").argument("<name>", "Agent name").requiredOption("--email <email>", "Email address to share with").option(
-  "--experimental-shared-agent",
-  "Enable experimental agent sharing feature"
-).action(
+  "Agent name with optional version (e.g., my-agent:latest or my-agent:a1b2c3d4)"
+).option("--no-sources", "Skip fetching skills to determine variable sources").action(
   withErrorHandler(
-    async (name, options) => {
-      if (!options.experimentalSharedAgent) {
-        throw new Error(
-          "This command requires --experimental-shared-agent flag",
-          {
-            cause: new Error(
-              `Use: vm0 agent share ${name} --email ${options.email} --experimental-shared-agent`
-            )
-          }
-        );
+    async (argument, options) => {
+      const colonIndex = argument.lastIndexOf(":");
+      let name;
+      let version;
+      if (colonIndex === -1) {
+        name = argument;
+        version = "latest";
+      } else {
+        name = argument.slice(0, colonIndex);
+        version = argument.slice(colonIndex + 1) || "latest";
       }
       const compose = await getComposeByName(name);
       if (!compose) {
-        throw new Error(`Agent not found: ${name}`);
-      }
-      const org = await getOrg();
-      const response = await httpPost(
-        `/api/agent/composes/${compose.id}/permissions`,
-        { granteeType: "email", granteeEmail: options.email }
-      );
-      if (!response.ok) {
-        const error = await response.json();
-        if (response.status === 409) {
-          console.log(
-            chalk51.yellow(
-              `Agent "${name}" is already shared with ${options.email}`
-            )
-          );
-          return;
-        }
-        throw new Error(error.error?.message || "Failed to share agent");
+        throw new Error(`Agent compose not found: ${name}`, {
+          cause: new Error("Run: vm0 agent list")
+        });
       }
-      const fullName = `${org.slug}/${name}`;
-      console.log(
-        chalk51.green(`\u2713 Agent "${name}" shared with ${options.email}`)
-      );
-      console.log();
-      console.log("They can now run your agent with:");
-      console.log(
-        chalk51.cyan(
-          `  vm0 run ${fullName} --experimental-shared-agent "your prompt"`
-        )
-      );
-    }
-  )
-);
-
-// src/commands/agent/unshare.ts
-import { Command as Command56 } from "commander";
-import chalk52 from "chalk";
-var unshareCommand = new Command56().name("unshare").description("Remove sharing from a user").argument("<name>", "Agent name").requiredOption("--email <email>", "Email address to unshare").option(
-  "--experimental-shared-agent",
-  "Enable experimental agent sharing feature"
-).action(
-  withErrorHandler(
-    async (name, options) => {
-      if (!options.experimentalSharedAgent) {
-        throw new Error(
-          "This command requires --experimental-shared-agent flag",
-          {
-            cause: new Error(
-              `Use: vm0 agent unshare ${name} --email ${options.email} --experimental-shared-agent`
-            )
+      let resolvedVersionId = compose.headVersionId;
+      if (version !== "latest" && compose.headVersionId) {
+        if (version.length < 64) {
+          try {
+            const versionInfo = await getComposeVersion(compose.id, version);
+            resolvedVersionId = versionInfo.versionId;
+          } catch (error) {
+            if (error instanceof Error && error.message.includes("not found")) {
+              throw new Error(`Version not found: ${version}`, {
+                cause: new Error(
+                  `HEAD version: ${compose.headVersionId?.slice(0, 8)}`
+                )
+              });
+            }
+            throw error;
           }
-        );
-      }
-      const compose = await getComposeByName(name);
-      if (!compose) {
-        throw new Error(`Agent not found: ${name}`);
-      }
-      const response = await httpDelete(
-        `/api/agent/composes/${compose.id}/permissions?type=email&email=${encodeURIComponent(options.email)}`
-      );
-      if (!response.ok) {
-        const error = await response.json();
-        if (response.status === 404) {
-          console.log(
-            chalk52.yellow(
-              `Agent "${name}" is not shared with ${options.email}`
-            )
-          );
-          return;
+        } else {
+          resolvedVersionId = version;
         }
-        throw new Error(error.error?.message || "Failed to unshare agent");
-      }
-      console.log(
-        chalk52.green(`\u2713 Removed sharing of "${name}" from ${options.email}`)
-      );
-    }
-  )
-);
-
-// src/commands/agent/permission.ts
-import { Command as Command57 } from "commander";
-import chalk53 from "chalk";
-var permissionCommand = new Command57().name("permission").description("List all permissions for an agent").argument("<name>", "Agent name").option(
-  "--experimental-shared-agent",
-  "Enable experimental agent sharing feature"
-).action(
-  withErrorHandler(
-    async (name, options) => {
-      if (!options.experimentalSharedAgent) {
-        throw new Error(
-          "This command requires --experimental-shared-agent flag",
-          {
-            cause: new Error(
-              `Use: vm0 agent permission ${name} --experimental-shared-agent`
-            )
-          }
-        );
-      }
-      const compose = await getComposeByName(name);
-      if (!compose) {
-        throw new Error(`Agent not found: ${name}`);
       }
-      const response = await httpGet(
-        `/api/agent/composes/${compose.id}/permissions`
-      );
-      if (!response.ok) {
-        const error = await response.json();
-        throw new Error(error.error?.message || "Failed to list permissions");
+      if (!resolvedVersionId || !compose.content) {
+        throw new Error(`No version found for: ${name}`);
       }
-      const data = await response.json();
-      if (data.permissions.length === 0) {
-        console.log(chalk53.dim("No permissions set (private agent)"));
-        return;
+      const content = compose.content;
+      let variableSources;
+      try {
+        variableSources = await deriveComposeVariableSources(content, {
+          skipNetwork: options.sources === false
+        });
+      } catch {
+        console.error(
+          chalk48.yellow(
+            "\u26A0 Warning: Failed to fetch skill sources, showing basic info"
+          )
+        );
       }
-      console.log(
-        chalk53.dim(
-          "TYPE     EMAIL                          PERMISSION  GRANTED"
-        )
-      );
-      console.log(
-        chalk53.dim(
-          "-------  -----------------------------  ----------  ----------"
-        )
+      formatComposeOutput(
+        compose.name,
+        resolvedVersionId,
+        content,
+        variableSources
       );
-      for (const p of data.permissions) {
-        const type2 = p.granteeType.padEnd(7);
-        const email = (p.granteeEmail ?? "-").padEnd(29);
-        const permission = p.permission.padEnd(10);
-        const granted = formatRelativeTime(p.createdAt);
-        console.log(`${type2}  ${email}  ${permission}  ${granted}`);
-      }
     }
   )
 );
 
 // src/commands/agent/index.ts
-var agentCommand = new Command58().name("agent").description("Manage agent composes").addCommand(cloneCommand4).addCommand(deleteCommand).addCommand(listCommand6).addCommand(statusCommand6).addCommand(publicCommand).addCommand(privateCommand).addCommand(shareCommand).addCommand(unshareCommand).addCommand(permissionCommand);
+var agentCommand = new Command53().name("agent").description("Manage agent composes").addCommand(cloneCommand4).addCommand(deleteCommand).addCommand(listCommand6).addCommand(statusCommand6);
 
 // src/commands/init/index.ts
-import { Command as Command59 } from "commander";
-import chalk54 from "chalk";
+import { Command as Command54 } from "commander";
+import chalk49 from "chalk";
 import path17 from "path";
 import { existsSync as existsSync11 } from "fs";
 import { writeFile as writeFile7 } from "fs/promises";
@@ -14951,7 +14685,7 @@ function checkExistingFiles() {
   if (existsSync11(AGENTS_MD_FILE)) existingFiles.push(AGENTS_MD_FILE);
   return existingFiles;
 }
-var initCommand4 = new Command59().name("init").description("Initialize a new VM0 project in the current directory").option("-f, --force", "Overwrite existing files").option("-n, --name <name>", "Agent name (required in non-interactive mode)").action(
+var initCommand4 = new Command54().name("init").description("Initialize a new VM0 project in the current directory").option("-f, --force", "Overwrite existing files").option("-n, --name <name>", "Agent name (required in non-interactive mode)").action(
   withErrorHandler(async (options) => {
     const existingFiles = checkExistingFiles();
     if (existingFiles.length > 0 && !options.force) {
@@ -14980,7 +14714,7 @@ var initCommand4 = new Command59().name("init").description("Initialize a new VM
         }
       );
       if (name === void 0) {
-        console.log(chalk54.dim("Cancelled"));
+        console.log(chalk49.dim("Cancelled"));
         return;
       }
       agentName = name;
@@ -14994,33 +14728,33 @@ var initCommand4 = new Command59().name("init").description("Initialize a new VM
     }
     await writeFile7(VM0_YAML_FILE, generateVm0Yaml(agentName));
     const vm0Status = existingFiles.includes(VM0_YAML_FILE) ? " (overwritten)" : "";
-    console.log(chalk54.green(`\u2713 Created ${VM0_YAML_FILE}${vm0Status}`));
+    console.log(chalk49.green(`\u2713 Created ${VM0_YAML_FILE}${vm0Status}`));
     await writeFile7(AGENTS_MD_FILE, generateAgentsMd());
     const agentsStatus = existingFiles.includes(AGENTS_MD_FILE) ? " (overwritten)" : "";
-    console.log(chalk54.green(`\u2713 Created ${AGENTS_MD_FILE}${agentsStatus}`));
+    console.log(chalk49.green(`\u2713 Created ${AGENTS_MD_FILE}${agentsStatus}`));
     console.log();
     console.log("Next steps:");
     console.log(
-      `  1. Set up model provider (one-time): ${chalk54.cyan("vm0 model-provider setup")}`
+      `  1. Set up model provider (one-time): ${chalk49.cyan("vm0 model-provider setup")}`
     );
     console.log(
-      `  2. Edit ${chalk54.cyan("AGENTS.md")} to customize your agent's workflow`
+      `  2. Edit ${chalk49.cyan("AGENTS.md")} to customize your agent's workflow`
     );
     console.log(
-      `     Or install Claude plugin: ${chalk54.cyan(`vm0 setup-claude && claude "/vm0-agent let's build an agent"`)}`
+      `     Or install Claude plugin: ${chalk49.cyan(`vm0 setup-claude && claude "/vm0-agent let's build an agent"`)}`
     );
     console.log(
-      `  3. Run your agent: ${chalk54.cyan(`vm0 cook "let's start working"`)}`
+      `  3. Run your agent: ${chalk49.cyan(`vm0 cook "let's start working"`)}`
     );
   })
 );
 
 // src/commands/schedule/index.ts
-import { Command as Command66 } from "commander";
+import { Command as Command61 } from "commander";
 
 // src/commands/schedule/setup.ts
-import { Command as Command60 } from "commander";
-import chalk55 from "chalk";
+import { Command as Command55 } from "commander";
+import chalk50 from "chalk";
 
 // src/lib/domain/schedule-utils.ts
 import { parse as parseYaml5 } from "yaml";
@@ -15391,6 +15125,29 @@ async function gatherPromptText(optionPrompt, existingPrompt) {
     existingPrompt || "let's start working."
   );
 }
+async function gatherNotificationPreferences(optionNotifyEmail, optionNotifySlack, existingSchedule) {
+  if (optionNotifyEmail !== void 0 && optionNotifySlack !== void 0) {
+    return {
+      notifyEmail: optionNotifyEmail,
+      notifySlack: optionNotifySlack
+    };
+  }
+  if (!isInteractive()) {
+    return {
+      notifyEmail: optionNotifyEmail,
+      notifySlack: optionNotifySlack
+    };
+  }
+  const notifyEmail = optionNotifyEmail ?? await promptConfirm(
+    "Enable email notifications?",
+    existingSchedule?.notifyEmail ?? true
+  );
+  const notifySlack = optionNotifySlack ?? await promptConfirm(
+    "Enable Slack notifications?",
+    existingSchedule?.notifySlack ?? true
+  );
+  return { notifyEmail, notifySlack };
+}
 async function resolveAgent(agentName, scheduleName) {
   const compose = await getComposeByName(agentName);
   if (!compose) {
@@ -15487,7 +15244,7 @@ async function buildAndDeploy(params) {
   }
   console.log(
     `
-Deploying schedule for agent ${chalk55.cyan(params.agentName)}...`
+Deploying schedule for agent ${chalk50.cyan(params.agentName)}...`
   );
   const deployResult = await deploySchedule({
     name: params.scheduleName,
@@ -15497,69 +15254,75 @@ Deploying schedule for agent ${chalk55.cyan(params.agentName)}...`
     intervalSeconds: params.intervalSeconds,
     timezone: params.timezone,
     prompt: params.prompt,
-    artifactName: params.artifactName
+    artifactName: params.artifactName,
+    ...params.notifyEmail !== void 0 && {
+      notifyEmail: params.notifyEmail
+    },
+    ...params.notifySlack !== void 0 && {
+      notifySlack: params.notifySlack
+    }
   });
   return deployResult;
 }
 function displayDeployResult(agentName, deployResult) {
   if (deployResult.created) {
     console.log(
-      chalk55.green(`\u2713 Created schedule for agent ${chalk55.cyan(agentName)}`)
+      chalk50.green(`\u2713 Created schedule for agent ${chalk50.cyan(agentName)}`)
     );
   } else {
     console.log(
-      chalk55.green(`\u2713 Updated schedule for agent ${chalk55.cyan(agentName)}`)
+      chalk50.green(`\u2713 Updated schedule for agent ${chalk50.cyan(agentName)}`)
     );
   }
-  console.log(chalk55.dim(`  Timezone: ${deployResult.schedule.timezone}`));
+  console.log(chalk50.dim(`  Timezone: ${deployResult.schedule.timezone}`));
   if (deployResult.schedule.triggerType === "loop" && deployResult.schedule.intervalSeconds != null) {
     console.log(
-      chalk55.dim(
+      chalk50.dim(
         `  Mode: Loop (interval ${deployResult.schedule.intervalSeconds}s)`
       )
     );
   } else if (deployResult.schedule.cronExpression) {
-    console.log(chalk55.dim(`  Cron: ${deployResult.schedule.cronExpression}`));
+    console.log(chalk50.dim(`  Cron: ${deployResult.schedule.cronExpression}`));
     if (deployResult.schedule.nextRunAt) {
       const nextRun = formatInTimezone(
         deployResult.schedule.nextRunAt,
         deployResult.schedule.timezone
       );
-      console.log(chalk55.dim(`  Next run: ${nextRun}`));
+      console.log(chalk50.dim(`  Next run: ${nextRun}`));
     }
   } else if (deployResult.schedule.atTime) {
     const atTimeFormatted = formatInTimezone(
       deployResult.schedule.atTime,
       deployResult.schedule.timezone
     );
-    console.log(chalk55.dim(`  At: ${atTimeFormatted}`));
+    console.log(chalk50.dim(`  At: ${atTimeFormatted}`));
   }
 }
 async function tryEnableSchedule(scheduleName, composeId, agentName) {
   try {
     await enableSchedule({ name: scheduleName, composeId });
     console.log(
-      chalk55.green(`\u2713 Enabled schedule for agent ${chalk55.cyan(agentName)}`)
+      chalk50.green(`\u2713 Enabled schedule for agent ${chalk50.cyan(agentName)}`)
     );
   } catch (error) {
-    console.error(chalk55.yellow("\u26A0 Failed to enable schedule"));
+    console.error(chalk50.yellow("\u26A0 Failed to enable schedule"));
     if (error instanceof ApiRequestError) {
       if (error.code === "SCHEDULE_PAST") {
-        console.error(chalk55.dim("  Scheduled time has already passed"));
+        console.error(chalk50.dim("  Scheduled time has already passed"));
       } else {
-        console.error(chalk55.dim(`  ${error.message}`));
+        console.error(chalk50.dim(`  ${error.message}`));
       }
     } else if (error instanceof Error) {
-      console.error(chalk55.dim(`  ${error.message}`));
+      console.error(chalk50.dim(`  ${error.message}`));
     }
     console.log(
-      `  To enable manually: ${chalk55.cyan(`vm0 schedule enable ${agentName}`)}`
+      `  To enable manually: ${chalk50.cyan(`vm0 schedule enable ${agentName}`)}`
     );
   }
 }
 function showEnableHint(agentName) {
   console.log();
-  console.log(`  To enable: ${chalk55.cyan(`vm0 schedule enable ${agentName}`)}`);
+  console.log(`  To enable: ${chalk50.cyan(`vm0 schedule enable ${agentName}`)}`);
 }
 async function handleScheduleEnabling(params) {
   const { scheduleName, composeId, agentName, enableFlag, shouldPromptEnable } = params;
@@ -15580,7 +15343,7 @@ async function handleScheduleEnabling(params) {
     showEnableHint(agentName);
   }
 }
-var setupCommand = new Command60().name("setup").description("Create or edit a schedule for an agent").argument("<agent-name>", "Agent name to configure schedule for").option("-n, --name <schedule-name>", 'Schedule name (default: "default")').option("-f, --frequency <type>", "Frequency: daily|weekly|monthly|once|loop").option("-t, --time <HH:MM>", "Time to run (24-hour format)").option("-d, --day <day>", "Day of week (mon-sun) or day of month (1-31)").option("-i, --interval <seconds>", "Interval in seconds for loop mode").option("-z, --timezone <tz>", "IANA timezone").option("-p, --prompt <text>", "Prompt to run").option("--artifact-name <name>", "Artifact name", "artifact").option("-e, --enable", "Enable schedule immediately after creation").action(
+var setupCommand = new Command55().name("setup").description("Create or edit a schedule for an agent").argument("<agent-name>", "Agent name to configure schedule for").option("-n, --name <schedule-name>", 'Schedule name (default: "default")').option("-f, --frequency <type>", "Frequency: daily|weekly|monthly|once|loop").option("-t, --time <HH:MM>", "Time to run (24-hour format)").option("-d, --day <day>", "Day of week (mon-sun) or day of month (1-31)").option("-i, --interval <seconds>", "Interval in seconds for loop mode").option("-z, --timezone <tz>", "IANA timezone").option("-p, --prompt <text>", "Prompt to run").option("--artifact-name <name>", "Artifact name", "artifact").option("-e, --enable", "Enable schedule immediately after creation").option("--notify-email", "Enable email notifications (default: true)").option("--no-notify-email", "Disable email notifications").option("--notify-slack", "Enable Slack notifications (default: true)").option("--no-notify-slack", "Disable Slack notifications").action(
   withErrorHandler(async (agentName, options) => {
     const { composeId, scheduleName } = await resolveAgent(
       agentName,
@@ -15591,7 +15354,7 @@ var setupCommand = new Command60().name("setup").description("Create or edit a s
       scheduleName
     );
     console.log(
-      chalk55.dim(
+      chalk50.dim(
         existingSchedule ? `Editing existing schedule for agent ${agentName}` : `Creating new schedule for agent ${agentName}`
       )
     );
@@ -15601,12 +15364,12 @@ var setupCommand = new Command60().name("setup").description("Create or edit a s
       defaults.frequency
     );
     if (!frequency) {
-      console.log(chalk55.dim("Cancelled"));
+      console.log(chalk50.dim("Cancelled"));
       return;
     }
     const timing = await gatherTiming(frequency, options, defaults);
     if (!timing) {
-      console.log(chalk55.dim("Cancelled"));
+      console.log(chalk50.dim("Cancelled"));
       return;
     }
     const { day, time, atTime, intervalSeconds } = timing;
@@ -15615,7 +15378,7 @@ var setupCommand = new Command60().name("setup").description("Create or edit a s
       existingSchedule?.timezone
     );
     if (!timezone) {
-      console.log(chalk55.dim("Cancelled"));
+      console.log(chalk50.dim("Cancelled"));
       return;
     }
     const promptText_ = await gatherPromptText(
@@ -15623,9 +15386,14 @@ var setupCommand = new Command60().name("setup").description("Create or edit a s
       existingSchedule?.prompt
     );
     if (!promptText_) {
-      console.log(chalk55.dim("Cancelled"));
+      console.log(chalk50.dim("Cancelled"));
       return;
     }
+    const { notifyEmail, notifySlack } = await gatherNotificationPreferences(
+      options.notifyEmail,
+      options.notifySlack,
+      existingSchedule
+    );
     const deployResult = await buildAndDeploy({
       scheduleName,
       composeId,
@@ -15637,7 +15405,9 @@ var setupCommand = new Command60().name("setup").description("Create or edit a s
       intervalSeconds,
       timezone,
       prompt: promptText_,
-      artifactName: options.artifactName
+      artifactName: options.artifactName,
+      notifyEmail,
+      notifySlack
     });
     displayDeployResult(agentName, deployResult);
     const shouldPromptEnable = deployResult.created || existingSchedule !== void 0 && !existingSchedule.enabled;
@@ -15652,15 +15422,15 @@ var setupCommand = new Command60().name("setup").description("Create or edit a s
 );
 
 // src/commands/schedule/list.ts
-import { Command as Command61 } from "commander";
-import chalk56 from "chalk";
-var listCommand7 = new Command61().name("list").alias("ls").description("List all schedules").action(
+import { Command as Command56 } from "commander";
+import chalk51 from "chalk";
+var listCommand7 = new Command56().name("list").alias("ls").description("List all schedules").action(
   withErrorHandler(async () => {
     const result = await listSchedules();
     if (result.schedules.length === 0) {
-      console.log(chalk56.dim("No schedules found"));
+      console.log(chalk51.dim("No schedules found"));
       console.log(
-        chalk56.dim("  Create one with: vm0 schedule setup <agent-name>")
+        chalk51.dim("  Create one with: vm0 schedule setup <agent-name>")
       );
       return;
     }
@@ -15685,10 +15455,10 @@ var listCommand7 = new Command61().name("list").alias("ls").description("List al
       "STATUS".padEnd(8),
       "NEXT RUN"
     ].join("  ");
-    console.log(chalk56.dim(header));
+    console.log(chalk51.dim(header));
     for (const schedule of result.schedules) {
       const trigger = schedule.cronExpression ? `${schedule.cronExpression} (${schedule.timezone})` : schedule.atTime || "-";
-      const status = schedule.enabled ? chalk56.green("enabled") : chalk56.yellow("disabled");
+      const status = schedule.enabled ? chalk51.green("enabled") : chalk51.yellow("disabled");
       const nextRun = schedule.enabled ? formatRelativeTime2(schedule.nextRunAt) : "-";
       const row = [
         schedule.composeName.padEnd(agentWidth),
@@ -15704,48 +15474,48 @@ var listCommand7 = new Command61().name("list").alias("ls").description("List al
 );
 
 // src/commands/schedule/status.ts
-import { Command as Command62 } from "commander";
-import chalk57 from "chalk";
+import { Command as Command57 } from "commander";
+import chalk52 from "chalk";
 function formatDateTimeStyled(dateStr) {
-  if (!dateStr) return chalk57.dim("-");
+  if (!dateStr) return chalk52.dim("-");
   const formatted = formatDateTime(dateStr);
-  return formatted.replace(/\(([^)]+)\)$/, chalk57.dim("($1)"));
+  return formatted.replace(/\(([^)]+)\)$/, chalk52.dim("($1)"));
 }
 function formatTrigger(schedule) {
   if (schedule.triggerType === "loop" && schedule.intervalSeconds !== null) {
-    return `interval ${schedule.intervalSeconds}s ${chalk57.dim("(loop)")}`;
+    return `interval ${schedule.intervalSeconds}s ${chalk52.dim("(loop)")}`;
   }
   if (schedule.cronExpression) {
     return schedule.cronExpression;
   }
   if (schedule.atTime) {
-    return `${schedule.atTime} ${chalk57.dim("(one-time)")}`;
+    return `${schedule.atTime} ${chalk52.dim("(one-time)")}`;
   }
-  return chalk57.dim("-");
+  return chalk52.dim("-");
 }
 function formatRunStatus2(status) {
   switch (status) {
     case "completed":
-      return chalk57.green(status);
+      return chalk52.green(status);
     case "failed":
     case "timeout":
-      return chalk57.red(status);
+      return chalk52.red(status);
     case "running":
-      return chalk57.cyan(status);
+      return chalk52.cyan(status);
     case "pending":
-      return chalk57.yellow(status);
+      return chalk52.yellow(status);
     default:
       return status;
   }
 }
 function printRunConfiguration(schedule) {
-  const statusText = schedule.enabled ? chalk57.green("enabled") : chalk57.yellow("disabled");
+  const statusText = schedule.enabled ? chalk52.green("enabled") : chalk52.yellow("disabled");
   console.log(`${"Status:".padEnd(16)}${statusText}`);
   console.log(
-    `${"Agent:".padEnd(16)}${schedule.composeName} ${chalk57.dim(`(${schedule.orgSlug})`)}`
+    `${"Agent:".padEnd(16)}${schedule.composeName} ${chalk52.dim(`(${schedule.orgSlug})`)}`
   );
   const promptPreview = schedule.prompt.length > 60 ? schedule.prompt.slice(0, 57) + "..." : schedule.prompt;
-  console.log(`${"Prompt:".padEnd(16)}${chalk57.dim(promptPreview)}`);
+  console.log(`${"Prompt:".padEnd(16)}${chalk52.dim(promptPreview)}`);
   if (schedule.vars && Object.keys(schedule.vars).length > 0) {
     console.log(
       `${"Variables:".padEnd(16)}${Object.keys(schedule.vars).join(", ")}`
@@ -15774,7 +15544,7 @@ function printTimeSchedule(schedule) {
     );
   }
   if (schedule.triggerType === "loop") {
-    const failureText = schedule.consecutiveFailures > 0 ? chalk57.yellow(`${schedule.consecutiveFailures}/3`) : chalk57.dim("0/3");
+    const failureText = schedule.consecutiveFailures > 0 ? chalk52.yellow(`${schedule.consecutiveFailures}/3`) : chalk52.dim("0/3");
     console.log(`${"Failures:".padEnd(16)}${failureText}`);
   }
 }
@@ -15790,7 +15560,7 @@ async function printRecentRuns(name, composeId, limit) {
       console.log();
       console.log("Recent Runs:");
       console.log(
-        chalk57.dim("RUN ID                                STATUS     CREATED")
+        chalk52.dim("RUN ID                                STATUS     CREATED")
       );
       for (const run of runs) {
         const id = run.id;
@@ -15801,10 +15571,10 @@ async function printRecentRuns(name, composeId, limit) {
     }
   } catch {
     console.log();
-    console.log(chalk57.dim("Recent Runs: (unable to fetch)"));
+    console.log(chalk52.dim("Recent Runs: (unable to fetch)"));
   }
 }
-var statusCommand7 = new Command62().name("status").description("Show detailed status of a schedule").argument("<agent-name>", "Agent name").option(
+var statusCommand7 = new Command57().name("status").description("Show detailed status of a schedule").argument("<agent-name>", "Agent name").option(
   "-n, --name <schedule-name>",
   "Schedule name (required when agent has multiple schedules)"
 ).option(
@@ -15818,8 +15588,8 @@ var statusCommand7 = new Command62().name("status").description("Show detailed s
       const { name, composeId } = resolved;
       const schedule = await getScheduleByName({ name, composeId });
       console.log();
-      console.log(`Schedule for agent: ${chalk57.cyan(agentName)}`);
-      console.log(chalk57.dim("\u2501".repeat(50)));
+      console.log(`Schedule for agent: ${chalk52.cyan(agentName)}`);
+      console.log(chalk52.dim("\u2501".repeat(50)));
       printRunConfiguration(schedule);
       printTimeSchedule(schedule);
       const parsed = parseInt(options.limit, 10);
@@ -15834,9 +15604,9 @@ var statusCommand7 = new Command62().name("status").description("Show detailed s
 );
 
 // src/commands/schedule/delete.ts
-import { Command as Command63 } from "commander";
-import chalk58 from "chalk";
-var deleteCommand2 = new Command63().name("delete").alias("rm").description("Delete a schedule").argument("<agent-name>", "Agent name").option(
+import { Command as Command58 } from "commander";
+import chalk53 from "chalk";
+var deleteCommand2 = new Command58().name("delete").alias("rm").description("Delete a schedule").argument("<agent-name>", "Agent name").option(
   "-n, --name <schedule-name>",
   "Schedule name (required when agent has multiple schedules)"
 ).option("-y, --yes", "Skip confirmation prompt").action(
@@ -15848,11 +15618,11 @@ var deleteCommand2 = new Command63().name("delete").alias("rm").description("Del
           throw new Error("--yes flag is required in non-interactive mode");
         }
         const confirmed = await promptConfirm(
-          `Delete schedule for agent ${chalk58.cyan(agentName)}?`,
+          `Delete schedule for agent ${chalk53.cyan(agentName)}?`,
           false
         );
         if (!confirmed) {
-          console.log(chalk58.dim("Cancelled"));
+          console.log(chalk53.dim("Cancelled"));
           return;
         }
       }
@@ -15861,16 +15631,16 @@ var deleteCommand2 = new Command63().name("delete").alias("rm").description("Del
         composeId: resolved.composeId
       });
       console.log(
-        chalk58.green(`\u2713 Deleted schedule for agent ${chalk58.cyan(agentName)}`)
+        chalk53.green(`\u2713 Deleted schedule for agent ${chalk53.cyan(agentName)}`)
       );
     }
   )
 );
 
 // src/commands/schedule/enable.ts
-import { Command as Command64 } from "commander";
-import chalk59 from "chalk";
-var enableCommand = new Command64().name("enable").description("Enable a schedule").argument("<agent-name>", "Agent name").option(
+import { Command as Command59 } from "commander";
+import chalk54 from "chalk";
+var enableCommand = new Command59().name("enable").description("Enable a schedule").argument("<agent-name>", "Agent name").option(
   "-n, --name <schedule-name>",
   "Schedule name (required when agent has multiple schedules)"
 ).action(
@@ -15881,15 +15651,15 @@ var enableCommand = new Command64().name("enable").description("Enable a schedul
       composeId: resolved.composeId
     });
     console.log(
-      chalk59.green(`\u2713 Enabled schedule for agent ${chalk59.cyan(agentName)}`)
+      chalk54.green(`\u2713 Enabled schedule for agent ${chalk54.cyan(agentName)}`)
     );
   })
 );
 
 // src/commands/schedule/disable.ts
-import { Command as Command65 } from "commander";
-import chalk60 from "chalk";
-var disableCommand = new Command65().name("disable").description("Disable a schedule").argument("<agent-name>", "Agent name").option(
+import { Command as Command60 } from "commander";
+import chalk55 from "chalk";
+var disableCommand = new Command60().name("disable").description("Disable a schedule").argument("<agent-name>", "Agent name").option(
   "-n, --name <schedule-name>",
   "Schedule name (required when agent has multiple schedules)"
 ).action(
@@ -15900,17 +15670,17 @@ var disableCommand = new Command65().name("disable").description("Disable a sche
       composeId: resolved.composeId
     });
     console.log(
-      chalk60.green(`\u2713 Disabled schedule for agent ${chalk60.cyan(agentName)}`)
+      chalk55.green(`\u2713 Disabled schedule for agent ${chalk55.cyan(agentName)}`)
     );
   })
 );
 
 // src/commands/schedule/index.ts
-var scheduleCommand = new Command66().name("schedule").description("Manage agent schedules").addCommand(setupCommand).addCommand(listCommand7).addCommand(statusCommand7).addCommand(deleteCommand2).addCommand(enableCommand).addCommand(disableCommand);
+var scheduleCommand = new Command61().name("schedule").description("Manage agent schedules").addCommand(setupCommand).addCommand(listCommand7).addCommand(statusCommand7).addCommand(deleteCommand2).addCommand(enableCommand).addCommand(disableCommand);
 
 // src/commands/usage/index.ts
-import { Command as Command67 } from "commander";
-import chalk61 from "chalk";
+import { Command as Command62 } from "commander";
+import chalk56 from "chalk";
 
 // src/lib/utils/duration-formatter.ts
 function formatDuration(ms) {
@@ -15983,7 +15753,7 @@ function fillMissingDates(daily, startDate, endDate) {
   result.sort((a, b) => b.date.localeCompare(a.date));
   return result;
 }
-var usageCommand = new Command67().name("usage").description("View usage statistics").option("--since <date>", "Start date (ISO format or relative: 7d, 30d)").option(
+var usageCommand = new Command62().name("usage").description("View usage statistics").option("--since <date>", "Start date (ISO format or relative: 7d, 30d)").option(
   "--until <date>",
   "End date (ISO format or relative, defaults to now)"
 ).action(
@@ -16035,19 +15805,19 @@ var usageCommand = new Command67().name("usage").description("View usage statist
     );
     console.log();
     console.log(
-      chalk61.bold(
+      chalk56.bold(
         `Usage Summary (${formatDateRange(usage.period.start, usage.period.end)})`
       )
     );
     console.log();
-    console.log(chalk61.dim("DATE        RUNS    RUN TIME"));
+    console.log(chalk56.dim("DATE        RUNS    RUN TIME"));
     for (const day of filledDaily) {
       const dateDisplay = formatDateDisplay(day.date).padEnd(10);
       const runsDisplay = String(day.run_count).padStart(6);
       const timeDisplay = formatDuration(day.run_time_ms);
       console.log(`${dateDisplay}${runsDisplay}    ${timeDisplay}`);
     }
-    console.log(chalk61.dim("\u2500".repeat(29)));
+    console.log(chalk56.dim("\u2500".repeat(29)));
     const totalRunsDisplay = String(usage.summary.total_runs).padStart(6);
     const totalTimeDisplay = formatDuration(usage.summary.total_run_time_ms);
     console.log(
@@ -16058,67 +15828,67 @@ var usageCommand = new Command67().name("usage").description("View usage statist
 );
 
 // src/commands/secret/index.ts
-import { Command as Command71 } from "commander";
+import { Command as Command66 } from "commander";
 
 // src/commands/secret/list.ts
-import { Command as Command68 } from "commander";
-import chalk62 from "chalk";
-var listCommand8 = new Command68().name("list").alias("ls").description("List all secrets").action(
+import { Command as Command63 } from "commander";
+import chalk57 from "chalk";
+var listCommand8 = new Command63().name("list").alias("ls").description("List all secrets").action(
   withErrorHandler(async () => {
     const result = await listSecrets();
     if (result.secrets.length === 0) {
-      console.log(chalk62.dim("No secrets found"));
+      console.log(chalk57.dim("No secrets found"));
       console.log();
       console.log("To add a secret:");
-      console.log(chalk62.cyan("  vm0 secret set MY_API_KEY --body <value>"));
+      console.log(chalk57.cyan("  vm0 secret set MY_API_KEY --body <value>"));
       return;
     }
-    console.log(chalk62.bold("Secrets:"));
+    console.log(chalk57.bold("Secrets:"));
     console.log();
     for (const secret of result.secrets) {
       let typeIndicator = "";
       let derivedLine = null;
       if (secret.type === "model-provider") {
-        typeIndicator = chalk62.dim(" [model-provider]");
+        typeIndicator = chalk57.dim(" [model-provider]");
       } else if (secret.type === "connector") {
         const derived = getConnectorDerivedNames(secret.name);
         if (derived) {
-          typeIndicator = chalk62.dim(` [${derived.connectorLabel} connector]`);
-          derivedLine = chalk62.dim(
+          typeIndicator = chalk57.dim(` [${derived.connectorLabel} connector]`);
+          derivedLine = chalk57.dim(
             `Available as: ${derived.envVarNames.join(", ")}`
           );
         } else {
-          typeIndicator = chalk62.dim(" [connector]");
+          typeIndicator = chalk57.dim(" [connector]");
         }
       } else if (secret.type === "user") {
         const derived = getConnectorDerivedNames(secret.name);
         if (derived) {
-          typeIndicator = chalk62.dim(` [${derived.connectorLabel} connector]`);
-          derivedLine = chalk62.dim(
+          typeIndicator = chalk57.dim(` [${derived.connectorLabel} connector]`);
+          derivedLine = chalk57.dim(
             `Available as: ${derived.envVarNames.join(", ")}`
           );
         }
       }
-      console.log(`  ${chalk62.cyan(secret.name)}${typeIndicator}`);
+      console.log(`  ${chalk57.cyan(secret.name)}${typeIndicator}`);
       if (derivedLine) {
         console.log(`    ${derivedLine}`);
       }
       if (secret.description) {
-        console.log(`    ${chalk62.dim(secret.description)}`);
+        console.log(`    ${chalk57.dim(secret.description)}`);
       }
       console.log(
-        `    ${chalk62.dim(`Updated: ${new Date(secret.updatedAt).toLocaleString()}`)}`
+        `    ${chalk57.dim(`Updated: ${new Date(secret.updatedAt).toLocaleString()}`)}`
       );
       console.log();
     }
-    console.log(chalk62.dim(`Total: ${result.secrets.length} secret(s)`));
+    console.log(chalk57.dim(`Total: ${result.secrets.length} secret(s)`));
   })
 );
 
 // src/commands/secret/set.ts
-import { Command as Command69 } from "commander";
-import chalk63 from "chalk";
-var setCommand2 = new Command69().name("set").description("Create or update a secret").argument("<name>", "Secret name (uppercase, e.g., MY_API_KEY)").option(
+import { Command as Command64 } from "commander";
+import chalk58 from "chalk";
+var setCommand2 = new Command64().name("set").description("Create or update a secret").argument("<name>", "Secret name (uppercase, e.g., MY_API_KEY)").option(
   "-b, --body <value>",
   "Secret value (required in non-interactive mode)"
 ).option("-d, --description <description>", "Optional description").action(
@@ -16157,19 +15927,19 @@ var setCommand2 = new Command69().name("set").description("Create or update a se
         }
         throw error;
       }
-      console.log(chalk63.green(`\u2713 Secret "${secret.name}" saved`));
+      console.log(chalk58.green(`\u2713 Secret "${secret.name}" saved`));
       console.log();
       console.log("Use in vm0.yaml:");
-      console.log(chalk63.cyan(`  environment:`));
-      console.log(chalk63.cyan(`    ${name}: \${{ secrets.${name} }}`));
+      console.log(chalk58.cyan(`  environment:`));
+      console.log(chalk58.cyan(`    ${name}: \${{ secrets.${name} }}`));
     }
   )
 );
 
 // src/commands/secret/delete.ts
-import { Command as Command70 } from "commander";
-import chalk64 from "chalk";
-var deleteCommand3 = new Command70().name("delete").description("Delete a secret").argument("<name>", "Secret name to delete").option("-y, --yes", "Skip confirmation prompt").action(
+import { Command as Command65 } from "commander";
+import chalk59 from "chalk";
+var deleteCommand3 = new Command65().name("delete").description("Delete a secret").argument("<name>", "Secret name to delete").option("-y, --yes", "Skip confirmation prompt").action(
   withErrorHandler(async (name, options) => {
     try {
       await getSecret(name);
@@ -16188,61 +15958,61 @@ var deleteCommand3 = new Command70().name("delete").description("Delete a secret
         false
       );
       if (!confirmed) {
-        console.log(chalk64.dim("Cancelled"));
+        console.log(chalk59.dim("Cancelled"));
         return;
       }
     }
     await deleteSecret(name);
-    console.log(chalk64.green(`\u2713 Secret "${name}" deleted`));
+    console.log(chalk59.green(`\u2713 Secret "${name}" deleted`));
   })
 );
 
 // src/commands/secret/index.ts
-var secretCommand = new Command71().name("secret").description("Manage stored secrets for agent runs").addCommand(listCommand8).addCommand(setCommand2).addCommand(deleteCommand3);
+var secretCommand = new Command66().name("secret").description("Manage stored secrets for agent runs").addCommand(listCommand8).addCommand(setCommand2).addCommand(deleteCommand3);
 
 // src/commands/variable/index.ts
-import { Command as Command75 } from "commander";
+import { Command as Command70 } from "commander";
 
 // src/commands/variable/list.ts
-import { Command as Command72 } from "commander";
-import chalk65 from "chalk";
+import { Command as Command67 } from "commander";
+import chalk60 from "chalk";
 function truncateValue(value, maxLength = 60) {
   if (value.length <= maxLength) {
     return value;
   }
   return value.slice(0, maxLength - 15) + "... [truncated]";
 }
-var listCommand9 = new Command72().name("list").alias("ls").description("List all variables").action(
+var listCommand9 = new Command67().name("list").alias("ls").description("List all variables").action(
   withErrorHandler(async () => {
     const result = await listVariables();
     if (result.variables.length === 0) {
-      console.log(chalk65.dim("No variables found"));
+      console.log(chalk60.dim("No variables found"));
       console.log();
       console.log("To add a variable:");
-      console.log(chalk65.cyan("  vm0 variable set MY_VAR <value>"));
+      console.log(chalk60.cyan("  vm0 variable set MY_VAR <value>"));
       return;
     }
-    console.log(chalk65.bold("Variables:"));
+    console.log(chalk60.bold("Variables:"));
     console.log();
     for (const variable of result.variables) {
       const displayValue = truncateValue(variable.value);
-      console.log(`  ${chalk65.cyan(variable.name)} = ${displayValue}`);
+      console.log(`  ${chalk60.cyan(variable.name)} = ${displayValue}`);
       if (variable.description) {
-        console.log(`    ${chalk65.dim(variable.description)}`);
+        console.log(`    ${chalk60.dim(variable.description)}`);
       }
       console.log(
-        `    ${chalk65.dim(`Updated: ${new Date(variable.updatedAt).toLocaleString()}`)}`
+        `    ${chalk60.dim(`Updated: ${new Date(variable.updatedAt).toLocaleString()}`)}`
       );
       console.log();
     }
-    console.log(chalk65.dim(`Total: ${result.variables.length} variable(s)`));
+    console.log(chalk60.dim(`Total: ${result.variables.length} variable(s)`));
   })
 );
 
 // src/commands/variable/set.ts
-import { Command as Command73 } from "commander";
-import chalk66 from "chalk";
-var setCommand3 = new Command73().name("set").description("Create or update a variable").argument("<name>", "Variable name (uppercase, e.g., MY_VAR)").argument("<value>", "Variable value").option("-d, --description <description>", "Optional description").action(
+import { Command as Command68 } from "commander";
+import chalk61 from "chalk";
+var setCommand3 = new Command68().name("set").description("Create or update a variable").argument("<name>", "Variable name (uppercase, e.g., MY_VAR)").argument("<value>", "Variable value").option("-d, --description <description>", "Optional description").action(
   withErrorHandler(
     async (name, value, options) => {
       let variable;
@@ -16262,19 +16032,19 @@ var setCommand3 = new Command73().name("set").description("Create or update a va
         }
         throw error;
       }
-      console.log(chalk66.green(`\u2713 Variable "${variable.name}" saved`));
+      console.log(chalk61.green(`\u2713 Variable "${variable.name}" saved`));
       console.log();
       console.log("Use in vm0.yaml:");
-      console.log(chalk66.cyan(`  environment:`));
-      console.log(chalk66.cyan(`    ${name}: \${{ vars.${name} }}`));
+      console.log(chalk61.cyan(`  environment:`));
+      console.log(chalk61.cyan(`    ${name}: \${{ vars.${name} }}`));
     }
   )
 );
 
 // src/commands/variable/delete.ts
-import { Command as Command74 } from "commander";
-import chalk67 from "chalk";
-var deleteCommand4 = new Command74().name("delete").description("Delete a variable").argument("<name>", "Variable name to delete").option("-y, --yes", "Skip confirmation prompt").action(
+import { Command as Command69 } from "commander";
+import chalk62 from "chalk";
+var deleteCommand4 = new Command69().name("delete").description("Delete a variable").argument("<name>", "Variable name to delete").option("-y, --yes", "Skip confirmation prompt").action(
   withErrorHandler(async (name, options) => {
     try {
       await getVariable(name);
@@ -16293,32 +16063,32 @@ var deleteCommand4 = new Command74().name("delete").description("Delete a variab
         false
       );
       if (!confirmed) {
-        console.log(chalk67.dim("Cancelled"));
+        console.log(chalk62.dim("Cancelled"));
         return;
       }
     }
     await deleteVariable(name);
-    console.log(chalk67.green(`\u2713 Variable "${name}" deleted`));
+    console.log(chalk62.green(`\u2713 Variable "${name}" deleted`));
   })
 );
 
 // src/commands/variable/index.ts
-var variableCommand = new Command75().name("variable").description("Manage stored variables for agent runs").addCommand(listCommand9).addCommand(setCommand3).addCommand(deleteCommand4);
+var variableCommand = new Command70().name("variable").description("Manage stored variables for agent runs").addCommand(listCommand9).addCommand(setCommand3).addCommand(deleteCommand4);
 
 // src/commands/model-provider/index.ts
-import { Command as Command80 } from "commander";
+import { Command as Command75 } from "commander";
 
 // src/commands/model-provider/list.ts
-import { Command as Command76 } from "commander";
-import chalk68 from "chalk";
-var listCommand10 = new Command76().name("list").alias("ls").description("List all model providers").action(
+import { Command as Command71 } from "commander";
+import chalk63 from "chalk";
+var listCommand10 = new Command71().name("list").alias("ls").description("List all model providers").action(
   withErrorHandler(async () => {
     const result = await listModelProviders();
     if (result.modelProviders.length === 0) {
-      console.log(chalk68.dim("No model providers configured"));
+      console.log(chalk63.dim("No model providers configured"));
       console.log();
       console.log("To add a model provider:");
-      console.log(chalk68.cyan("  vm0 model-provider setup"));
+      console.log(chalk63.cyan("  vm0 model-provider setup"));
       return;
     }
     const byFramework = result.modelProviders.reduce(
@@ -16332,16 +16102,16 @@ var listCommand10 = new Command76().name("list").alias("ls").description("List a
       },
       {}
     );
-    console.log(chalk68.bold("Model Providers:"));
+    console.log(chalk63.bold("Model Providers:"));
     console.log();
     for (const [framework, providers] of Object.entries(byFramework)) {
-      console.log(`  ${chalk68.cyan(framework)}:`);
+      console.log(`  ${chalk63.cyan(framework)}:`);
       for (const provider of providers) {
-        const defaultTag = provider.isDefault ? chalk68.green(" (default)") : "";
-        const modelTag = provider.selectedModel ? chalk68.dim(` [${provider.selectedModel}]`) : "";
+        const defaultTag = provider.isDefault ? chalk63.green(" (default)") : "";
+        const modelTag = provider.selectedModel ? chalk63.dim(` [${provider.selectedModel}]`) : "";
         console.log(`    ${provider.type}${defaultTag}${modelTag}`);
         console.log(
-          chalk68.dim(
+          chalk63.dim(
             `      Updated: ${new Date(provider.updatedAt).toLocaleString()}`
           )
         );
@@ -16349,14 +16119,14 @@ var listCommand10 = new Command76().name("list").alias("ls").description("List a
       console.log();
     }
     console.log(
-      chalk68.dim(`Total: ${result.modelProviders.length} provider(s)`)
+      chalk63.dim(`Total: ${result.modelProviders.length} provider(s)`)
     );
   })
 );
 
 // src/commands/model-provider/setup.ts
-import { Command as Command77 } from "commander";
-import chalk69 from "chalk";
+import { Command as Command72 } from "commander";
+import chalk64 from "chalk";
 import prompts2 from "prompts";
 function validateProviderType(typeStr) {
   if (!Object.keys(MODEL_PROVIDER_TYPES).includes(typeStr)) {
@@ -16540,7 +16310,7 @@ async function promptForModelSelection(type2) {
   if (selected === "__custom__") {
     const placeholder = getCustomModelPlaceholder(type2);
     if (placeholder) {
-      console.log(chalk69.dim(`Example: ${placeholder}`));
+      console.log(chalk64.dim(`Example: ${placeholder}`));
     }
     const customResponse = await prompts2(
       {
@@ -16590,7 +16360,7 @@ async function promptForSecrets(type2, authMethod) {
   const secrets = {};
   for (const [name, fieldConfig] of Object.entries(secretsConfig)) {
     if (fieldConfig.helpText) {
-      console.log(chalk69.dim(fieldConfig.helpText));
+      console.log(chalk64.dim(fieldConfig.helpText));
     }
     const isSensitive = isSensitiveSecret(name);
     const placeholder = "placeholder" in fieldConfig ? fieldConfig.placeholder : "";
@@ -16642,7 +16412,7 @@ async function handleInteractiveMode() {
         title = `${title} \u2713`;
       }
       if (isExperimental) {
-        title = `${title} ${chalk69.dim("(experimental)")}`;
+        title = `${title} ${chalk64.dim("(experimental)")}`;
       }
       return {
         title,
@@ -16689,7 +16459,7 @@ async function handleInteractiveMode() {
   }
   const config = MODEL_PROVIDER_TYPES[type2];
   console.log();
-  console.log(chalk69.dim(config.helpText));
+  console.log(chalk64.dim(config.helpText));
   console.log();
   if (hasAuthMethods(type2)) {
     const authMethod = await promptForAuthMethod(type2);
@@ -16730,13 +16500,13 @@ async function promptSetAsDefault(type2, framework, isDefault) {
   );
   if (response.setDefault) {
     await setModelProviderDefault(type2);
-    console.log(chalk69.green(`\u2713 Default for ${framework} set to "${type2}"`));
+    console.log(chalk64.green(`\u2713 Default for ${framework} set to "${type2}"`));
   }
 }
 function collectSecrets(value, previous) {
   return previous.concat([value]);
 }
-var setupCommand2 = new Command77().name("setup").description("Configure a model provider").option("-t, --type <type>", "Provider type (for non-interactive mode)").option(
+var setupCommand2 = new Command72().name("setup").description("Configure a model provider").option("-t, --type <type>", "Provider type (for non-interactive mode)").option(
   "-s, --secret <value>",
   "Secret value (can be used multiple times, supports VALUE or KEY=VALUE format)",
   collectSecrets,
@@ -16774,11 +16544,11 @@ var setupCommand2 = new Command77().name("setup").description("Configure a model
         const modelNote2 = provider2.selectedModel ? ` with model: ${provider2.selectedModel}` : "";
         if (!hasModelSelection(input.type)) {
           console.log(
-            chalk69.green(`\u2713 Model provider "${input.type}" unchanged`)
+            chalk64.green(`\u2713 Model provider "${input.type}" unchanged`)
           );
         } else {
           console.log(
-            chalk69.green(
+            chalk64.green(
               `\u2713 Model provider "${input.type}" updated${defaultNote2}${modelNote2}`
             )
           );
@@ -16803,7 +16573,7 @@ var setupCommand2 = new Command77().name("setup").description("Configure a model
       const defaultNote = provider.isDefault ? ` (default for ${provider.framework})` : "";
       const modelNote = provider.selectedModel ? ` with model: ${provider.selectedModel}` : "";
       console.log(
-        chalk69.green(
+        chalk64.green(
           `\u2713 Model provider "${input.type}" ${action}${defaultNote}${modelNote}`
         )
       );
@@ -16819,9 +16589,9 @@ var setupCommand2 = new Command77().name("setup").description("Configure a model
 );
 
 // src/commands/model-provider/delete.ts
-import { Command as Command78 } from "commander";
-import chalk70 from "chalk";
-var deleteCommand5 = new Command78().name("delete").description("Delete a model provider").argument("<type>", "Model provider type to delete").action(
+import { Command as Command73 } from "commander";
+import chalk65 from "chalk";
+var deleteCommand5 = new Command73().name("delete").description("Delete a model provider").argument("<type>", "Model provider type to delete").action(
   withErrorHandler(async (type2) => {
     if (!Object.keys(MODEL_PROVIDER_TYPES).includes(type2)) {
       const validTypes = Object.keys(MODEL_PROVIDER_TYPES).join(", ");
@@ -16830,14 +16600,14 @@ var deleteCommand5 = new Command78().name("delete").description("Delete a model
       });
     }
     await deleteModelProvider(type2);
-    console.log(chalk70.green(`\u2713 Model provider "${type2}" deleted`));
+    console.log(chalk65.green(`\u2713 Model provider "${type2}" deleted`));
   })
 );
 
 // src/commands/model-provider/set-default.ts
-import { Command as Command79 } from "commander";
-import chalk71 from "chalk";
-var setDefaultCommand = new Command79().name("set-default").description("Set a model provider as default for its framework").argument("<type>", "Model provider type to set as default").action(
+import { Command as Command74 } from "commander";
+import chalk66 from "chalk";
+var setDefaultCommand = new Command74().name("set-default").description("Set a model provider as default for its framework").argument("<type>", "Model provider type to set as default").action(
   withErrorHandler(async (type2) => {
     if (!Object.keys(MODEL_PROVIDER_TYPES).includes(type2)) {
       const validTypes = Object.keys(MODEL_PROVIDER_TYPES).join(", ");
@@ -16847,7 +16617,7 @@ var setDefaultCommand = new Command79().name("set-default").description("Set a m
     }
     const provider = await setModelProviderDefault(type2);
     console.log(
-      chalk71.green(
+      chalk66.green(
         `\u2713 Default for ${provider.framework} set to "${provider.type}"`
       )
     );
@@ -16855,14 +16625,14 @@ var setDefaultCommand = new Command79().name("set-default").description("Set a m
 );
 
 // src/commands/model-provider/index.ts
-var modelProviderCommand = new Command80().name("model-provider").description("Manage model providers for agent runs").addCommand(listCommand10).addCommand(setupCommand2).addCommand(deleteCommand5).addCommand(setDefaultCommand);
+var modelProviderCommand = new Command75().name("model-provider").description("Manage model providers for agent runs").addCommand(listCommand10).addCommand(setupCommand2).addCommand(deleteCommand5).addCommand(setDefaultCommand);
 
 // src/commands/connector/index.ts
-import { Command as Command85 } from "commander";
+import { Command as Command80 } from "commander";
 
 // src/commands/connector/connect.ts
-import { Command as Command81 } from "commander";
-import chalk73 from "chalk";
+import { Command as Command76 } from "commander";
+import chalk68 from "chalk";
 import { initClient as initClient13 } from "@ts-rest/core";
 
 // src/commands/connector/lib/computer/start-services.ts
@@ -16871,7 +16641,7 @@ import { access as access2, constants } from "fs/promises";
 import { createServer } from "net";
 import { homedir as homedir4 } from "os";
 import { join as join12 } from "path";
-import chalk72 from "chalk";
+import chalk67 from "chalk";
 
 // src/commands/connector/lib/computer/ngrok.ts
 import ngrok from "@ngrok/ngrok";
@@ -16945,7 +16715,7 @@ async function checkComputerDependencies() {
   }
 }
 async function startComputerServices(credentials) {
-  console.log(chalk72.cyan("Starting computer connector services..."));
+  console.log(chalk67.cyan("Starting computer connector services..."));
   const wsgidavBinary = await findBinary("wsgidav");
   if (!wsgidavBinary) {
     throw new Error(
@@ -16972,7 +16742,7 @@ async function startComputerServices(credentials) {
   );
   wsgidav.stdout?.on("data", (data) => process.stdout.write(data));
   wsgidav.stderr?.on("data", (data) => process.stderr.write(data));
-  console.log(chalk72.green("\u2713 WebDAV server started"));
+  console.log(chalk67.green("\u2713 WebDAV server started"));
   const chrome = spawn2(
     chromeBinary,
     [
@@ -16986,7 +16756,7 @@ async function startComputerServices(credentials) {
   );
   chrome.stdout?.on("data", (data) => process.stdout.write(data));
   chrome.stderr?.on("data", (data) => process.stderr.write(data));
-  console.log(chalk72.green("\u2713 Chrome started"));
+  console.log(chalk67.green("\u2713 Chrome started"));
   try {
     await startNgrokTunnels(
       credentials.ngrokToken,
@@ -16995,18 +16765,18 @@ async function startComputerServices(credentials) {
       cdpPort
     );
     console.log(
-      chalk72.green(
+      chalk67.green(
         `\u2713 ngrok tunnels: webdav.${credentials.domain}, chrome.${credentials.domain}`
       )
     );
     console.log();
-    console.log(chalk72.green("\u2713 Computer connector active"));
+    console.log(chalk67.green("\u2713 Computer connector active"));
     console.log(`  WebDAV:     ~/Downloads \u2192 webdav.${credentials.domain}`);
     console.log(
       `  Chrome CDP: port ${cdpPort}   \u2192 chrome.${credentials.domain}`
     );
     console.log();
-    console.log(chalk72.dim("Press ^C twice to disconnect"));
+    console.log(chalk67.dim("Press ^C twice to disconnect"));
     console.log();
     let sigintCount = 0;
     await new Promise((resolve2) => {
@@ -17020,7 +16790,7 @@ async function startComputerServices(credentials) {
       const onSigint = () => {
         sigintCount++;
         if (sigintCount === 1) {
-          console.log(chalk72.dim("\nPress ^C again to disconnect and exit..."));
+          console.log(chalk67.dim("\nPress ^C again to disconnect and exit..."));
         } else {
           done();
         }
@@ -17030,11 +16800,11 @@ async function startComputerServices(credentials) {
     });
   } finally {
     console.log();
-    console.log(chalk72.cyan("Stopping services..."));
+    console.log(chalk67.cyan("Stopping services..."));
     wsgidav.kill("SIGTERM");
     chrome.kill("SIGTERM");
     await stopNgrokTunnels();
-    console.log(chalk72.green("\u2713 Services stopped"));
+    console.log(chalk67.green("\u2713 Services stopped"));
   }
 }
 
@@ -17059,10 +16829,10 @@ async function getHeaders2() {
 function renderHelpText(text) {
   return text.replace(
     /\[([^\]]+)\]\(([^)]+)\)/g,
-    (_m, label, url) => `${label} (${chalk73.cyan(url)})`
-  ).replace(/\*\*([^*]+)\*\*/g, (_m, content) => chalk73.bold(content)).replace(
+    (_m, label, url) => `${label} (${chalk68.cyan(url)})`
+  ).replace(/\*\*([^*]+)\*\*/g, (_m, content) => chalk68.bold(content)).replace(
     /^> (.+)$/gm,
-    (_m, content) => chalk73.yellow(`  ${content}`)
+    (_m, content) => chalk68.yellow(`  ${content}`)
   );
 }
 async function connectViaApiToken(connectorType, tokenValue) {
@@ -17087,7 +16857,7 @@ async function connectViaApiToken(connectorType, tokenValue) {
     for (const [secretName, secretConfig] of secretEntries) {
       if (!secretConfig.required) continue;
       const value = await promptPassword(
-        `${secretConfig.label}${secretConfig.placeholder ? chalk73.dim(` (${secretConfig.placeholder})`) : ""}:`
+        `${secretConfig.label}${secretConfig.placeholder ? chalk68.dim(` (${secretConfig.placeholder})`) : ""}:`
       );
       if (!value) {
         throw new Error("Cancelled");
@@ -17103,13 +16873,13 @@ async function connectViaApiToken(connectorType, tokenValue) {
     });
   }
   console.log(
-    chalk73.green(`
+    chalk68.green(`
 \u2713 ${config.label} connected successfully via API token!`)
   );
 }
 async function connectComputer(apiUrl, headers) {
   await checkComputerDependencies();
-  console.log(chalk73.cyan("Setting up computer connector..."));
+  console.log(chalk68.cyan("Setting up computer connector..."));
   const computerClient = initClient13(computerConnectorContract, {
     baseUrl: apiUrl,
     baseHeaders: headers,
@@ -17124,9 +16894,9 @@ async function connectComputer(apiUrl, headers) {
   }
   const credentials = createResult.body;
   await startComputerServices(credentials);
-  console.log(chalk73.cyan("Disconnecting computer connector..."));
+  console.log(chalk68.cyan("Disconnecting computer connector..."));
   await deleteConnector("computer");
-  console.log(chalk73.green("\u2713 Disconnected computer"));
+  console.log(chalk68.green("\u2713 Disconnected computer"));
   process.exit(0);
 }
 async function resolveAuthMethod(connectorType, tokenFlag) {
@@ -17165,7 +16935,7 @@ async function resolveAuthMethod(connectorType, tokenFlag) {
   );
 }
 async function connectViaOAuth(connectorType, apiUrl, headers) {
-  console.log(`Connecting ${chalk73.cyan(connectorType)}...`);
+  console.log(`Connecting ${chalk68.cyan(connectorType)}...`);
   const sessionsClient = initClient13(connectorSessionsContract, {
     baseUrl: apiUrl,
     baseHeaders: headers,
@@ -17181,8 +16951,8 @@ async function connectViaOAuth(connectorType, apiUrl, headers) {
   }
   const session = createResult.body;
   const verificationUrl = `${apiUrl}${session.verificationUrl}`;
-  console.log(chalk73.green("\nSession created"));
-  console.log(chalk73.cyan(`
+  console.log(chalk68.green("\nSession created"));
+  console.log(chalk68.cyan(`
 To connect, visit: ${verificationUrl}`));
   console.log(
     `
@@ -17214,7 +16984,7 @@ The session expires in ${Math.floor(session.expiresIn / 60)} minutes.`
     switch (status.status) {
       case "complete":
         console.log(
-          chalk73.green(`
+          chalk68.green(`
 
 ${connectorType} connected successfully!`)
         );
@@ -17226,13 +16996,13 @@ ${connectorType} connected successfully!`)
           `Connection failed: ${status.errorMessage || "Unknown error"}`
         );
       case "pending":
-        process.stdout.write(chalk73.dim("."));
+        process.stdout.write(chalk68.dim("."));
         break;
     }
   }
   throw new Error("Session timed out, please try again");
 }
-var connectCommand = new Command81().name("connect").description("Connect a third-party service (e.g., GitHub)").argument("<type>", "Connector type (e.g., github)").option("--token <value>", "API token value (skip interactive prompt)").action(
+var connectCommand = new Command76().name("connect").description("Connect a third-party service (e.g., GitHub)").argument("<type>", "Connector type (e.g., github)").option("--token <value>", "API token value (skip interactive prompt)").action(
   withErrorHandler(async (type2, options) => {
     const parseResult = connectorTypeSchema.safeParse(type2);
     if (!parseResult.success) {
@@ -17257,9 +17027,9 @@ var connectCommand = new Command81().name("connect").description("Connect a thir
 );
 
 // src/commands/connector/list.ts
-import { Command as Command82 } from "commander";
-import chalk74 from "chalk";
-var listCommand11 = new Command82().name("list").alias("ls").description("List all connectors and their status").action(
+import { Command as Command77 } from "commander";
+import chalk69 from "chalk";
+var listCommand11 = new Command77().name("list").alias("ls").description("List all connectors and their status").action(
   withErrorHandler(async () => {
     const result = await listConnectors();
     const connectedMap = new Map(result.connectors.map((c24) => [c24.type, c24]));
@@ -17281,25 +17051,25 @@ var listCommand11 = new Command82().name("list").alias("ls").description("List a
       statusText.padEnd(statusWidth),
       "ACCOUNT"
     ].join("  ");
-    console.log(chalk74.dim(header));
+    console.log(chalk69.dim(header));
     for (const type2 of allTypes) {
       const connector = connectedMap.get(type2);
-      const status = connector ? chalk74.green("\u2713".padEnd(statusWidth)) : chalk74.dim("-".padEnd(statusWidth));
-      const account = connector?.externalUsername ? `@${connector.externalUsername}` : chalk74.dim("-");
+      const status = connector ? chalk69.green("\u2713".padEnd(statusWidth)) : chalk69.dim("-".padEnd(statusWidth));
+      const account = connector?.externalUsername ? `@${connector.externalUsername}` : chalk69.dim("-");
       const row = [type2.padEnd(typeWidth), status, account].join("  ");
       console.log(row);
     }
     console.log();
-    console.log(chalk74.dim("To connect a service:"));
-    console.log(chalk74.dim("  vm0 connector connect <type>"));
+    console.log(chalk69.dim("To connect a service:"));
+    console.log(chalk69.dim("  vm0 connector connect <type>"));
   })
 );
 
 // src/commands/connector/status.ts
-import { Command as Command83 } from "commander";
-import chalk75 from "chalk";
+import { Command as Command78 } from "commander";
+import chalk70 from "chalk";
 var LABEL_WIDTH = 16;
-var statusCommand8 = new Command83().name("status").description("Show detailed status of a connector").argument("<type>", "Connector type (e.g., github)").action(
+var statusCommand8 = new Command78().name("status").description("Show detailed status of a connector").argument("<type>", "Connector type (e.g., github)").action(
   withErrorHandler(async (type2) => {
     const parseResult = connectorTypeSchema.safeParse(type2);
     if (!parseResult.success) {
@@ -17309,11 +17079,11 @@ var statusCommand8 = new Command83().name("status").description("Show detailed s
       });
     }
     const connector = await getConnector(parseResult.data);
-    console.log(`Connector: ${chalk75.cyan(type2)}`);
+    console.log(`Connector: ${chalk70.cyan(type2)}`);
     console.log();
     if (connector) {
       console.log(
-        `${"Status:".padEnd(LABEL_WIDTH)}${chalk75.green("connected")}`
+        `${"Status:".padEnd(LABEL_WIDTH)}${chalk70.green("connected")}`
       );
       console.log(
         `${"Account:".padEnd(LABEL_WIDTH)}@${connector.externalUsername}`
@@ -17335,23 +17105,23 @@ var statusCommand8 = new Command83().name("status").description("Show detailed s
         );
       }
       console.log();
-      console.log(chalk75.dim("To disconnect:"));
-      console.log(chalk75.dim(`  vm0 connector disconnect ${type2}`));
+      console.log(chalk70.dim("To disconnect:"));
+      console.log(chalk70.dim(`  vm0 connector disconnect ${type2}`));
     } else {
       console.log(
-        `${"Status:".padEnd(LABEL_WIDTH)}${chalk75.dim("not connected")}`
+        `${"Status:".padEnd(LABEL_WIDTH)}${chalk70.dim("not connected")}`
       );
       console.log();
-      console.log(chalk75.dim("To connect:"));
-      console.log(chalk75.dim(`  vm0 connector connect ${type2}`));
+      console.log(chalk70.dim("To connect:"));
+      console.log(chalk70.dim(`  vm0 connector connect ${type2}`));
     }
   })
 );
 
 // src/commands/connector/disconnect.ts
-import { Command as Command84 } from "commander";
-import chalk76 from "chalk";
-var disconnectCommand = new Command84().name("disconnect").description("Disconnect a third-party service").argument("<type>", "Connector type to disconnect (e.g., github)").action(
+import { Command as Command79 } from "commander";
+import chalk71 from "chalk";
+var disconnectCommand = new Command79().name("disconnect").description("Disconnect a third-party service").argument("<type>", "Connector type to disconnect (e.g., github)").action(
   withErrorHandler(async (type2) => {
     const parseResult = connectorTypeSchema.safeParse(type2);
     if (!parseResult.success) {
@@ -17362,33 +17132,33 @@ var disconnectCommand = new Command84().name("disconnect").description("Disconne
     }
     const connectorType = parseResult.data;
     await deleteConnector(connectorType);
-    console.log(chalk76.green(`\u2713 Disconnected ${type2}`));
+    console.log(chalk71.green(`\u2713 Disconnected ${type2}`));
   })
 );
 
 // src/commands/connector/index.ts
-var connectorCommand = new Command85().name("connector").description("Manage third-party service connections").addCommand(listCommand11).addCommand(statusCommand8).addCommand(connectCommand).addCommand(disconnectCommand);
+var connectorCommand = new Command80().name("connector").description("Manage third-party service connections").addCommand(listCommand11).addCommand(statusCommand8).addCommand(connectCommand).addCommand(disconnectCommand);
 
 // src/commands/onboard/index.ts
-import { Command as Command86 } from "commander";
-import chalk80 from "chalk";
+import { Command as Command81 } from "commander";
+import chalk75 from "chalk";
 import { mkdir as mkdir8 } from "fs/promises";
 import { existsSync as existsSync12 } from "fs";
 
 // src/lib/ui/welcome-box.ts
-import chalk77 from "chalk";
+import chalk72 from "chalk";
 var gradientColors = [
-  chalk77.hex("#FFAB5E"),
+  chalk72.hex("#FFAB5E"),
   // Line 1 - lightest
-  chalk77.hex("#FF9642"),
+  chalk72.hex("#FF9642"),
   // Line 2
-  chalk77.hex("#FF8228"),
+  chalk72.hex("#FF8228"),
   // Line 3
-  chalk77.hex("#FF6D0A"),
+  chalk72.hex("#FF6D0A"),
   // Line 4
-  chalk77.hex("#E85D00"),
+  chalk72.hex("#E85D00"),
   // Line 5
-  chalk77.hex("#CC4E00")
+  chalk72.hex("#CC4E00")
   // Line 6 - darkest
 ];
 var vm0LogoLines = [
@@ -17410,15 +17180,15 @@ function renderVm0Banner() {
 function renderOnboardWelcome() {
   renderVm0Banner();
   console.log(`  Build agentic workflows using natural language.`);
-  console.log(`  ${chalk77.dim("Currently in beta, enjoy it free")}`);
+  console.log(`  ${chalk72.dim("Currently in beta, enjoy it free")}`);
   console.log(
-    `  ${chalk77.dim("Star us on GitHub: https://github.com/vm0-ai/vm0")}`
+    `  ${chalk72.dim("Star us on GitHub: https://github.com/vm0-ai/vm0")}`
   );
   console.log();
 }
 
 // src/lib/ui/step-runner.ts
-import chalk78 from "chalk";
+import chalk73 from "chalk";
 function createStepRunner(options = true) {
   const opts = typeof options === "boolean" ? { interactive: options } : options;
   const interactive = opts.interactive ?? true;
@@ -17433,25 +17203,25 @@ function createStepRunner(options = true) {
     }
     for (const [i, step] of completedSteps.entries()) {
       if (step.failed) {
-        console.log(chalk78.red(`\u2717 ${step.label}`));
+        console.log(chalk73.red(`\u2717 ${step.label}`));
       } else {
-        console.log(chalk78.green(`\u25CF ${step.label}`));
+        console.log(chalk73.green(`\u25CF ${step.label}`));
       }
       const isLastStep = i === completedSteps.length - 1;
       if (!isLastStep || !isFinal) {
-        console.log(chalk78.dim("\u2502"));
+        console.log(chalk73.dim("\u2502"));
       }
     }
   }
   async function executeStep(label, fn, isFinal) {
     let stepFailed = false;
-    console.log(chalk78.yellow(`\u25CB ${label}`));
+    console.log(chalk73.yellow(`\u25CB ${label}`));
     const ctx = {
       connector() {
-        console.log(chalk78.dim("\u2502"));
+        console.log(chalk73.dim("\u2502"));
       },
       detail(message) {
-        console.log(`${chalk78.dim("\u2502")} ${message}`);
+        console.log(`${chalk73.dim("\u2502")} ${message}`);
       },
       async prompt(promptFn) {
         return await promptFn();
@@ -17468,12 +17238,12 @@ function createStepRunner(options = true) {
         redrawCompletedSteps(isFinal);
       } else {
         if (stepFailed) {
-          console.log(chalk78.red(`\u2717 ${label}`));
+          console.log(chalk73.red(`\u2717 ${label}`));
         } else {
-          console.log(chalk78.green(`\u25CF ${label}`));
+          console.log(chalk73.green(`\u25CF ${label}`));
         }
         if (!isFinal) {
-          console.log(chalk78.dim("\u2502"));
+          console.log(chalk73.dim("\u2502"));
         }
       }
     }
@@ -17633,7 +17403,7 @@ async function setupModelProvider(type2, secret, options) {
 
 // src/lib/domain/onboard/claude-setup.ts
 import { spawn as spawn3 } from "child_process";
-import chalk79 from "chalk";
+import chalk74 from "chalk";
 var MARKETPLACE_NAME = "vm0-skills";
 var MARKETPLACE_REPO = "vm0-ai/vm0-skills";
 var PLUGIN_ID = "vm0@vm0-skills";
@@ -17670,12 +17440,12 @@ async function runClaudeCommand(args, cwd) {
 }
 function handlePluginError(error, context) {
   const displayContext = context ?? "Claude plugin";
-  console.error(chalk79.red(`\u2717 Failed to install ${displayContext}`));
+  console.error(chalk74.red(`\u2717 Failed to install ${displayContext}`));
   if (error instanceof Error) {
-    console.error(chalk79.red(`\u2717 ${error.message}`));
+    console.error(chalk74.red(`\u2717 ${error.message}`));
   }
   console.error(
-    chalk79.dim("Please ensure Claude CLI is installed and accessible.")
+    chalk74.dim("Please ensure Claude CLI is installed and accessible.")
   );
   process.exit(1);
 }
@@ -17718,7 +17488,7 @@ async function updateMarketplace() {
   ]);
   if (!result.success) {
     console.warn(
-      chalk79.yellow(
+      chalk74.yellow(
         `Warning: Could not update marketplace: ${result.error ?? "unknown error"}`
       )
     );
@@ -17764,9 +17534,9 @@ async function handleAuthentication(ctx) {
       onInitiating: () => {
       },
       onDeviceCodeReady: (url, code, expiresIn) => {
-        step.detail(`Copy code: ${chalk80.cyan.bold(code)}`);
-        step.detail(`Open: ${chalk80.cyan(url)}`);
-        step.detail(chalk80.dim(`Expires in ${expiresIn} minutes`));
+        step.detail(`Copy code: ${chalk75.cyan.bold(code)}`);
+        step.detail(`Open: ${chalk75.cyan(url)}`);
+        step.detail(chalk75.dim(`Expires in ${expiresIn} minutes`));
       },
       onPolling: () => {
       },
@@ -17806,14 +17576,14 @@ async function handleModelProvider(ctx) {
     const selectedChoice = choices.find((c24) => c24.type === providerType);
     if (selectedChoice?.helpText) {
       for (const line of selectedChoice.helpText.split("\n")) {
-        step.detail(chalk80.dim(line));
+        step.detail(chalk75.dim(line));
       }
     }
     const secret = await step.prompt(
       () => promptPassword(`Enter your ${selectedChoice?.secretLabel ?? "secret"}:`)
     );
     if (!secret) {
-      console.log(chalk80.dim("Cancelled"));
+      console.log(chalk75.dim("Cancelled"));
       process.exit(0);
     }
     let selectedModel;
@@ -17832,7 +17602,7 @@ async function handleModelProvider(ctx) {
         () => promptSelect("Select model:", modelChoices)
       );
       if (modelSelection === void 0) {
-        console.log(chalk80.dim("Cancelled"));
+        console.log(chalk75.dim("Cancelled"));
         process.exit(0);
       }
       selectedModel = modelSelection === "" ? void 0 : modelSelection;
@@ -17842,7 +17612,7 @@ async function handleModelProvider(ctx) {
     });
     const modelNote = result.provider.selectedModel ? ` with model: ${result.provider.selectedModel}` : "";
     step.detail(
-      chalk80.green(
+      chalk75.green(
         `${providerType} ${result.created ? "created" : "updated"}${result.isDefault ? ` (default for ${result.framework})` : ""}${modelNote}`
       )
     );
@@ -17873,7 +17643,7 @@ async function handleAgentCreation(ctx) {
         agentName = inputName;
         if (existsSync12(agentName)) {
           step.detail(
-            chalk80.yellow(`${agentName}/ already exists, choose another name`)
+            chalk75.yellow(`${agentName}/ already exists, choose another name`)
           );
         } else {
           folderExists = false;
@@ -17894,7 +17664,7 @@ async function handleAgentCreation(ctx) {
       }
     }
     await mkdir8(agentName, { recursive: true });
-    step.detail(chalk80.green(`Created ${agentName}/`));
+    step.detail(chalk75.green(`Created ${agentName}/`));
   });
   return agentName;
 }
@@ -17910,7 +17680,7 @@ async function handlePluginInstallation(ctx, agentName) {
       shouldInstall = confirmed ?? true;
     }
     if (!shouldInstall) {
-      step.detail(chalk80.dim("Skipped"));
+      step.detail(chalk75.dim("Skipped"));
       return;
     }
     const scope = "project";
@@ -17918,7 +17688,7 @@ async function handlePluginInstallation(ctx, agentName) {
       const agentDir = `${process.cwd()}/${agentName}`;
       const result = await installVm0Plugin(scope, agentDir);
       step.detail(
-        chalk80.green(`Installed ${result.pluginId} (scope: ${result.scope})`)
+        chalk75.green(`Installed ${result.pluginId} (scope: ${result.scope})`)
       );
       pluginInstalled = true;
     } catch (error) {
@@ -17929,18 +17699,18 @@ async function handlePluginInstallation(ctx, agentName) {
 }
 function printNextSteps(agentName, pluginInstalled) {
   console.log();
-  console.log(chalk80.bold("Next step:"));
+  console.log(chalk75.bold("Next step:"));
   console.log();
   if (pluginInstalled) {
     console.log(
-      `  ${chalk80.cyan(`cd ${agentName} && claude "/${PRIMARY_SKILL_NAME} let's build an agent"`)}`
+      `  ${chalk75.cyan(`cd ${agentName} && claude "/${PRIMARY_SKILL_NAME} let's build an agent"`)}`
     );
   } else {
-    console.log(`  ${chalk80.cyan(`cd ${agentName} && vm0 init`)}`);
+    console.log(`  ${chalk75.cyan(`cd ${agentName} && vm0 init`)}`);
   }
   console.log();
 }
-var onboardCommand = new Command86().name("onboard").description("Guided setup for new VM0 users").option("-y, --yes", "Skip confirmation prompts").option("--name <name>", `Agent name (default: ${DEFAULT_AGENT_NAME})`).action(
+var onboardCommand = new Command81().name("onboard").description("Guided setup for new VM0 users").option("-y, --yes", "Skip confirmation prompts").option("--name <name>", `Agent name (default: ${DEFAULT_AGENT_NAME})`).action(
   withErrorHandler(async (options) => {
     const interactive = isInteractive();
     if (interactive) {
@@ -17965,21 +17735,21 @@ var onboardCommand = new Command86().name("onboard").description("Guided setup f
 );
 
 // src/commands/setup-claude/index.ts
-import { Command as Command87 } from "commander";
-import chalk81 from "chalk";
-var setupClaudeCommand = new Command87().name("setup-claude").description("Install VM0 Claude Plugin").option("--agent-dir <dir>", "Agent directory to run install in").option("--scope <scope>", "Installation scope (user or project)", "project").action(
+import { Command as Command82 } from "commander";
+import chalk76 from "chalk";
+var setupClaudeCommand = new Command82().name("setup-claude").description("Install VM0 Claude Plugin").option("--agent-dir <dir>", "Agent directory to run install in").option("--scope <scope>", "Installation scope (user or project)", "project").action(
   withErrorHandler(async (options) => {
-    console.log(chalk81.dim("Installing VM0 Claude Plugin..."));
+    console.log(chalk76.dim("Installing VM0 Claude Plugin..."));
     const scope = options.scope === "user" ? "user" : "project";
     const result = await installVm0Plugin(scope, options.agentDir);
     console.log(
-      chalk81.green(`\u2713 Installed ${result.pluginId} (scope: ${result.scope})`)
+      chalk76.green(`\u2713 Installed ${result.pluginId} (scope: ${result.scope})`)
     );
     console.log();
     console.log("Next step:");
     const cdPrefix = options.agentDir ? `cd ${options.agentDir} && ` : "";
     console.log(
-      chalk81.cyan(
+      chalk76.cyan(
         `  ${cdPrefix}claude "/${PRIMARY_SKILL_NAME} let's build a workflow"`
       )
     );
@@ -17987,36 +17757,36 @@ var setupClaudeCommand = new Command87().name("setup-claude").description("Insta
 );
 
 // src/commands/dashboard/index.ts
-import { Command as Command88 } from "commander";
-import chalk82 from "chalk";
-var dashboardCommand = new Command88().name("dashboard").description("Quick reference for common query commands").action(() => {
+import { Command as Command83 } from "commander";
+import chalk77 from "chalk";
+var dashboardCommand = new Command83().name("dashboard").description("Quick reference for common query commands").action(() => {
   console.log();
-  console.log(chalk82.bold("VM0 Dashboard"));
+  console.log(chalk77.bold("VM0 Dashboard"));
   console.log();
-  console.log(chalk82.bold("Agents"));
-  console.log(chalk82.dim("  List agents:      ") + "vm0 agent list");
+  console.log(chalk77.bold("Agents"));
+  console.log(chalk77.dim("  List agents:      ") + "vm0 agent list");
   console.log();
-  console.log(chalk82.bold("Runs"));
-  console.log(chalk82.dim("  Recent runs:      ") + "vm0 run list");
-  console.log(chalk82.dim("  View run logs:    ") + "vm0 logs <run-id>");
+  console.log(chalk77.bold("Runs"));
+  console.log(chalk77.dim("  Recent runs:      ") + "vm0 run list");
+  console.log(chalk77.dim("  View run logs:    ") + "vm0 logs <run-id>");
   console.log();
-  console.log(chalk82.bold("Schedules"));
-  console.log(chalk82.dim("  List schedules:   ") + "vm0 schedule list");
+  console.log(chalk77.bold("Schedules"));
+  console.log(chalk77.dim("  List schedules:   ") + "vm0 schedule list");
   console.log();
-  console.log(chalk82.bold("Account"));
-  console.log(chalk82.dim("  Usage stats:      ") + "vm0 usage");
-  console.log(chalk82.dim("  List secrets:     ") + "vm0 secret list");
-  console.log(chalk82.dim("  List variables:   ") + "vm0 variable list");
+  console.log(chalk77.bold("Account"));
+  console.log(chalk77.dim("  Usage stats:      ") + "vm0 usage");
+  console.log(chalk77.dim("  List secrets:     ") + "vm0 secret list");
+  console.log(chalk77.dim("  List variables:   ") + "vm0 variable list");
   console.log();
   console.log(
-    chalk82.dim("Not logged in? Run: ") + chalk82.cyan("vm0 auth login")
+    chalk77.dim("Not logged in? Run: ") + chalk77.cyan("vm0 auth login")
   );
   console.log();
 });
 
 // src/commands/preference/index.ts
-import { Command as Command89 } from "commander";
-import chalk83 from "chalk";
+import { Command as Command84 } from "commander";
+import chalk78 from "chalk";
 function detectTimezone2() {
   return Intl.DateTimeFormat().resolvedOptions().timeZone;
 }
@@ -18037,15 +17807,15 @@ function parseOnOff(flag, value) {
   );
 }
 function displayPreferences(prefs) {
-  console.log(chalk83.bold("Current preferences:"));
+  console.log(chalk78.bold("Current preferences:"));
   console.log(
-    `  Timezone:      ${prefs.timezone ? chalk83.cyan(prefs.timezone) : chalk83.dim("not set")}`
+    `  Timezone:      ${prefs.timezone ? chalk78.cyan(prefs.timezone) : chalk78.dim("not set")}`
   );
   console.log(
-    `  Email notify:  ${prefs.notifyEmail ? chalk83.green("on") : chalk83.dim("off")}`
+    `  Email notify:  ${prefs.notifyEmail ? chalk78.green("on") : chalk78.dim("off")}`
   );
   console.log(
-    `  Slack notify:  ${prefs.notifySlack ? chalk83.green("on") : chalk83.dim("off")}`
+    `  Slack notify:  ${prefs.notifySlack ? chalk78.green("on") : chalk78.dim("off")}`
   );
 }
 function buildUpdates(opts) {
@@ -18075,21 +17845,21 @@ function buildUpdates(opts) {
 function printUpdateResult(updates, result) {
   if (updates.timezone !== void 0) {
     console.log(
-      chalk83.green(
-        `Timezone set to ${chalk83.cyan(result.timezone ?? updates.timezone)}`
+      chalk78.green(
+        `Timezone set to ${chalk78.cyan(result.timezone ?? updates.timezone)}`
       )
     );
   }
   if (updates.notifyEmail !== void 0) {
     console.log(
-      chalk83.green(
+      chalk78.green(
         `Email notifications ${result.notifyEmail ? "enabled" : "disabled"}`
       )
     );
   }
   if (updates.notifySlack !== void 0) {
     console.log(
-      chalk83.green(
+      chalk78.green(
         `Slack notifications ${result.notifySlack ? "enabled" : "disabled"}`
       )
     );
@@ -18098,7 +17868,7 @@ function printUpdateResult(updates, result) {
 async function interactiveSetup(prefs) {
   if (!prefs.timezone) {
     const detectedTz = detectTimezone2();
-    console.log(chalk83.dim(`
+    console.log(chalk78.dim(`
 System timezone detected: ${detectedTz}`));
     const tz = await promptText(
       "Set timezone? (enter timezone or leave empty to skip)",
@@ -18109,7 +17879,7 @@ System timezone detected: ${detectedTz}`));
         throw new Error(`Invalid timezone: ${tz.trim()}`);
       }
       await updateUserPreferences({ timezone: tz.trim() });
-      console.log(chalk83.green(`Timezone set to ${chalk83.cyan(tz.trim())}`));
+      console.log(chalk78.green(`Timezone set to ${chalk78.cyan(tz.trim())}`));
     }
   }
   if (!prefs.notifyEmail) {
@@ -18119,11 +17889,11 @@ System timezone detected: ${detectedTz}`));
     );
     if (enable) {
       await updateUserPreferences({ notifyEmail: true });
-      console.log(chalk83.green("Email notifications enabled"));
+      console.log(chalk78.green("Email notifications enabled"));
     }
   }
 }
-var preferenceCommand = new Command89().name("preference").description("View or update your preferences").option("--timezone <timezone>", "IANA timezone (e.g., America/New_York)").option("--notify-email <on|off>", "Enable or disable email notifications").option("--notify-slack <on|off>", "Enable or disable Slack notifications").action(
+var preferenceCommand = new Command84().name("preference").description("View or update your preferences").option("--timezone <timezone>", "IANA timezone (e.g., America/New_York)").option("--notify-email <on|off>", "Enable or disable email notifications").option("--notify-slack <on|off>", "Enable or disable Slack notifications").action(
   withErrorHandler(async (opts) => {
     const updates = buildUpdates(opts);
     if (updates) {
@@ -18138,32 +17908,32 @@ var preferenceCommand = new Command89().name("preference").description("View or
     } else if (!prefs.timezone) {
       console.log();
       console.log(
-        `To set timezone: ${chalk83.cyan("vm0 preference --timezone <timezone>")}`
+        `To set timezone: ${chalk78.cyan("vm0 preference --timezone <timezone>")}`
       );
       console.log(
-        chalk83.dim("Example: vm0 preference --timezone America/New_York")
+        chalk78.dim("Example: vm0 preference --timezone America/New_York")
       );
     }
   })
 );
 
 // src/commands/upgrade/index.ts
-import { Command as Command90 } from "commander";
-import chalk84 from "chalk";
-var upgradeCommand = new Command90().name("upgrade").description("Upgrade vm0 CLI to the latest version").action(
+import { Command as Command85 } from "commander";
+import chalk79 from "chalk";
+var upgradeCommand = new Command85().name("upgrade").description("Upgrade vm0 CLI to the latest version").action(
   withErrorHandler(async () => {
     console.log("Checking for updates...");
     const latestVersion = await getLatestVersion();
     if (latestVersion === null) {
       throw new Error("Could not check for updates. Please try again later.");
     }
-    if (latestVersion === "9.59.5") {
-      console.log(chalk84.green(`\u2713 Already up to date (${"9.59.5"})`));
+    if (latestVersion === "9.60.0") {
+      console.log(chalk79.green(`\u2713 Already up to date (${"9.60.0"})`));
       return;
     }
     console.log(
-      chalk84.yellow(
-        `Current version: ${"9.59.5"} -> Latest version: ${latestVersion}`
+      chalk79.yellow(
+        `Current version: ${"9.60.0"} -> Latest version: ${latestVersion}`
       )
     );
     console.log();
@@ -18171,26 +17941,26 @@ var upgradeCommand = new Command90().name("upgrade").description("Upgrade vm0 CL
     if (!isAutoUpgradeSupported(packageManager)) {
       if (packageManager === "unknown") {
         console.log(
-          chalk84.yellow(
+          chalk79.yellow(
             "Could not detect your package manager for auto-upgrade."
           )
         );
       } else {
         console.log(
-          chalk84.yellow(
+          chalk79.yellow(
             `Auto-upgrade is not supported for ${packageManager}.`
           )
         );
       }
-      console.log(chalk84.yellow("Please upgrade manually:"));
-      console.log(chalk84.cyan(`  ${getManualUpgradeCommand(packageManager)}`));
+      console.log(chalk79.yellow("Please upgrade manually:"));
+      console.log(chalk79.cyan(`  ${getManualUpgradeCommand(packageManager)}`));
       return;
     }
     console.log(`Upgrading via ${packageManager}...`);
     const success = await performUpgrade(packageManager);
     if (success) {
       console.log(
-        chalk84.green(`\u2713 Upgraded from ${"9.59.5"} to ${latestVersion}`)
+        chalk79.green(`\u2713 Upgraded from ${"9.60.0"} to ${latestVersion}`)
       );
       return;
     }
@@ -18203,8 +17973,8 @@ var upgradeCommand = new Command90().name("upgrade").description("Upgrade vm0 CL
 );
 
 // src/index.ts
-var program = new Command91();
-program.name("vm0").description("VM0 CLI - Build and run agents with natural language").version("9.59.5");
+var program = new Command86();
+program.name("vm0").description("VM0 CLI - Build and run agents with natural language").version("9.60.0");
 program.addCommand(authCommand);
 program.addCommand(infoCommand);
 program.addCommand(composeCommand);