@vm0/cli 9.72.1 → 9.74.0

package/index.js

@@ -22,6 +22,8 @@ var OPERATIONAL_ERROR_PATTERNS = [
   // Rate limiting (expected operational condition)
   /rate limit/i,
   /concurrent run limit/i,
+  /insufficient.*credit/i,
+  /no model provider/i,
   // Network issues (transient, not bugs)
   /network error/i,
   /network issue/i,
@@ -45,7 +47,7 @@ if (DSN) {
   Sentry.init({
     dsn: DSN,
     environment: process.env.SENTRY_ENVIRONMENT ?? "production",
-    release: "9.72.1",
+    release: "9.74.0",
     sendDefaultPii: false,
     tracesSampleRate: 0,
     shutdownTimeout: 500,
@@ -64,7 +66,7 @@ if (DSN) {
     }
   });
   Sentry.setContext("cli", {
-    version: "9.72.1",
+    version: "9.74.0",
     command: process.argv.slice(2).join(" ")
   });
   Sentry.setContext("runtime", {
@@ -345,373 +347,6 @@ async function setupToken() {
 // src/lib/command/with-error-handler.ts
 import chalk2 from "chalk";
 
-// src/lib/api/core/client-factory.ts
-import { tsRestFetchApi } from "@ts-rest/core";
-var ApiRequestError = class extends Error {
-  constructor(message, code, status) {
-    super(message);
-    this.code = code;
-    this.status = status;
-    this.name = "ApiRequestError";
-  }
-};
-async function getHeaders() {
-  const token = await getActiveToken();
-  if (!token) {
-    throw new ApiRequestError("Not authenticated", "UNAUTHORIZED", 401);
-  }
-  const headers = {
-    Authorization: `Bearer ${token}`
-  };
-  const bypassSecret = process.env.VERCEL_AUTOMATION_BYPASS_SECRET;
-  if (bypassSecret) {
-    headers["x-vercel-protection-bypass"] = bypassSecret;
-  }
-  return headers;
-}
-async function getBaseUrl() {
-  const apiUrl = await getApiUrl();
-  if (!apiUrl) {
-    throw new Error("API URL not configured");
-  }
-  return apiUrl;
-}
-async function getClientConfig() {
-  const baseUrl = await getBaseUrl();
-  const baseHeaders = await getHeaders();
-  const activeOrg = await getActiveOrg();
-  if (!activeOrg) {
-    throw new Error(
-      "No active organization configured. Run: vm0 org use <slug>"
-    );
-  }
-  return {
-    baseUrl,
-    baseHeaders,
-    jsonQuery: false,
-    api: async (args) => {
-      const separator = args.path.includes("?") ? "&" : "?";
-      if (!args.path.includes("org=")) {
-        args.path = `${args.path}${separator}org=${encodeURIComponent(activeOrg)}`;
-      }
-      return tsRestFetchApi(args);
-    }
-  };
-}
-function handleError(result, defaultMessage) {
-  const errorBody = result.body;
-  const message = errorBody.error?.message || defaultMessage;
-  const code = errorBody.error?.code || "UNKNOWN";
-  throw new ApiRequestError(message, code, result.status);
-}
-
-// src/lib/command/with-error-handler.ts
-function withErrorHandler(fn) {
-  return async (...args) => {
-    try {
-      await fn(...args);
-    } catch (error) {
-      if (error instanceof ApiRequestError) {
-        if (error.code === "UNAUTHORIZED") {
-          console.error(chalk2.red("\u2717 Not authenticated"));
-          console.error(chalk2.dim("  Run: vm0 auth login"));
-        } else {
-          console.error(chalk2.red(`\u2717 ${error.status}: ${error.message}`));
-        }
-      } else if (error instanceof Error) {
-        console.error(chalk2.red(`\u2717 ${error.message}`));
-      } else {
-        console.error(chalk2.red("\u2717 An unexpected error occurred"));
-      }
-      if (error instanceof Error && error.cause instanceof Error) {
-        console.error(chalk2.dim(`  Cause: ${error.cause.message}`));
-      }
-      process.exit(1);
-    }
-  };
-}
-
-// src/commands/auth/login.ts
-var loginCommand = new Command().name("login").description("Log in to VM0 (use VM0_API_URL env var to set API URL)").action(
-  withErrorHandler(async () => {
-    await authenticate();
-  })
-);
-
-// src/commands/auth/logout.ts
-import { Command as Command2 } from "commander";
-var logoutCommand = new Command2().name("logout").description("Log out of VM0").action(
-  withErrorHandler(async () => {
-    await logout();
-  })
-);
-
-// src/commands/auth/status.ts
-import { Command as Command3 } from "commander";
-var statusCommand = new Command3().name("status").description("Show current authentication status").action(
-  withErrorHandler(async () => {
-    await checkAuthStatus();
-  })
-);
-
-// src/commands/auth/setup-token.ts
-import { Command as Command4 } from "commander";
-var setupTokenCommand = new Command4().name("setup-token").description("Output auth token for CI/CD environments").action(
-  withErrorHandler(async () => {
-    await setupToken();
-  })
-);
-
-// src/commands/auth/index.ts
-var authCommand = new Command5().name("auth").description("Authenticate vm0").addCommand(loginCommand).addCommand(logoutCommand).addCommand(statusCommand).addCommand(setupTokenCommand);
-
-// src/commands/info/index.ts
-import { Command as Command6 } from "commander";
-import chalk4 from "chalk";
-import { existsSync as existsSync2 } from "fs";
-import { homedir as homedir2, release as release2, type } from "os";
-import { join as join2 } from "path";
-
-// src/lib/utils/update-checker.ts
-import chalk3 from "chalk";
-
-// src/lib/utils/spawn.ts
-import { spawn } from "child_process";
-function safeSpawn(command, args, options) {
-  const isWindows = process.platform === "win32";
-  const resolvedCommand = isWindows ? `${command}.cmd` : command;
-  return spawn(resolvedCommand, args, {
-    ...options,
-    shell: isWindows
-  });
-}
-
-// src/lib/utils/update-checker.ts
-var PACKAGE_NAME = "@vm0/cli";
-var NPM_REGISTRY_URL = `https://registry.npmjs.org/${encodeURIComponent(PACKAGE_NAME)}/latest`;
-var TIMEOUT_MS = 5e3;
-var pendingUpgrade = null;
-function detectPackageManager() {
-  const execPath = process.argv[1] ?? "";
-  if (execPath.includes("pnpm")) {
-    return "pnpm";
-  }
-  if (execPath.includes("/.bun/") || execPath.includes("/bun/")) {
-    return "bun";
-  }
-  if (execPath.includes("/.yarn/") || execPath.includes("/yarn/")) {
-    return "yarn";
-  }
-  if (execPath.includes("/usr/local/") || // Homebrew on Intel Mac
-  execPath.includes("/opt/homebrew/") || // Homebrew on arm64 Mac
-  execPath.includes("/.nvm/") || execPath.includes("/.fnm/") || execPath.includes("/.volta/") || execPath.includes("/.nodenv/") || execPath.includes("/.n/") || execPath.includes("/node_modules/") || execPath.includes("\\npm\\") || // Windows: AppData\Roaming\npm
-  execPath.includes("\\nodejs\\")) {
-    return "npm";
-  }
-  return "unknown";
-}
-function isAutoUpgradeSupported(pm) {
-  return pm === "npm" || pm === "pnpm";
-}
-function getManualUpgradeCommand(pm) {
-  switch (pm) {
-    case "bun":
-      return `bun add -g ${PACKAGE_NAME}@latest`;
-    case "yarn":
-      return `yarn global add ${PACKAGE_NAME}@latest`;
-    case "pnpm":
-      return `pnpm add -g ${PACKAGE_NAME}@latest`;
-    case "npm":
-      return `npm install -g ${PACKAGE_NAME}@latest`;
-    case "unknown":
-      return `npm install -g ${PACKAGE_NAME}@latest`;
-  }
-}
-function escapeForShell(str) {
-  return `'${str.replace(/'/g, "'\\''")}'`;
-}
-function buildRerunCommand(prompt) {
-  if (prompt) {
-    return `vm0 cook ${escapeForShell(prompt)}`;
-  }
-  return "vm0 cook";
-}
-async function getLatestVersion() {
-  try {
-    const controller = new AbortController();
-    const timeoutId = setTimeout(() => controller.abort(), TIMEOUT_MS);
-    const response = await fetch(NPM_REGISTRY_URL, {
-      signal: controller.signal
-    });
-    clearTimeout(timeoutId);
-    if (!response.ok) {
-      return null;
-    }
-    const json = await response.json();
-    return json.version ?? null;
-  } catch {
-    return null;
-  }
-}
-function performUpgrade(packageManager) {
-  return new Promise((resolve2) => {
-    const args = packageManager === "pnpm" ? ["add", "-g", `${PACKAGE_NAME}@latest`] : ["install", "-g", `${PACKAGE_NAME}@latest`];
-    const child = safeSpawn(packageManager, args, {
-      stdio: "inherit"
-    });
-    child.on("close", (code) => {
-      resolve2(code === 0);
-    });
-    child.on("error", () => {
-      resolve2(false);
-    });
-  });
-}
-async function checkAndUpgrade(currentVersion, prompt) {
-  const latestVersion = await getLatestVersion();
-  if (latestVersion === null) {
-    console.log(chalk3.yellow("\u26A0 Could not check for updates"));
-    console.log();
-    return false;
-  }
-  if (latestVersion === currentVersion) {
-    return false;
-  }
-  console.log(chalk3.yellow("vm0 is currently in beta."));
-  console.log(
-    chalk3.yellow(
-      `Current version: ${currentVersion} -> Latest version: ${latestVersion}`
-    )
-  );
-  console.log(
-    chalk3.yellow(
-      "Please always use the latest version for best compatibility."
-    )
-  );
-  console.log();
-  const packageManager = detectPackageManager();
-  if (!isAutoUpgradeSupported(packageManager)) {
-    if (packageManager === "unknown") {
-      console.log(
-        chalk3.yellow("Could not detect your package manager for auto-upgrade.")
-      );
-    } else {
-      console.log(
-        chalk3.yellow(`Auto-upgrade is not supported for ${packageManager}.`)
-      );
-    }
-    console.log(chalk3.yellow("Please upgrade manually:"));
-    console.log(chalk3.cyan(`  ${getManualUpgradeCommand(packageManager)}`));
-    console.log();
-    return false;
-  }
-  console.log(`Upgrading via ${packageManager}...`);
-  const success = await performUpgrade(packageManager);
-  if (success) {
-    console.log(chalk3.green(`Upgraded to ${latestVersion}`));
-    console.log();
-    console.log("To continue, run:");
-    console.log(chalk3.cyan(`  ${buildRerunCommand(prompt)}`));
-    return true;
-  }
-  console.error();
-  console.error(chalk3.red("\u2717 Upgrade failed. Please run manually:"));
-  console.error(chalk3.cyan(`  ${getManualUpgradeCommand(packageManager)}`));
-  console.error();
-  console.error("Then re-run:");
-  console.error(chalk3.cyan(`  ${buildRerunCommand(prompt)}`));
-  return true;
-}
-async function startSilentUpgrade(currentVersion) {
-  pendingUpgrade = null;
-  const latestVersion = await getLatestVersion();
-  if (latestVersion === null || latestVersion === currentVersion) {
-    return;
-  }
-  const packageManager = detectPackageManager();
-  if (!isAutoUpgradeSupported(packageManager)) {
-    return;
-  }
-  const isWindows = process.platform === "win32";
-  const args = packageManager === "pnpm" ? ["add", "-g", `${PACKAGE_NAME}@latest`] : ["install", "-g", `${PACKAGE_NAME}@latest`];
-  const child = safeSpawn(packageManager, args, {
-    stdio: "pipe",
-    detached: !isWindows,
-    windowsHide: true
-  });
-  const promise = new Promise((resolve2) => {
-    child.on("close", (code) => resolve2(code === 0));
-    child.on("error", () => resolve2(false));
-  });
-  pendingUpgrade = { promise, child, packageManager };
-}
-async function waitForSilentUpgrade(timeout = TIMEOUT_MS) {
-  if (!pendingUpgrade) {
-    return;
-  }
-  const { promise, child, packageManager } = pendingUpgrade;
-  pendingUpgrade = null;
-  const result = await Promise.race([
-    promise,
-    new Promise((resolve2) => {
-      setTimeout(() => {
-        child.kill();
-        resolve2(false);
-      }, timeout);
-    })
-  ]);
-  if (!result) {
-    console.log(
-      chalk3.yellow(
-        `
-\u26A0 vm0 auto upgrade failed. Please run: ${getManualUpgradeCommand(packageManager)}`
-      )
-    );
-  }
-}
-
-// src/commands/info/index.ts
-function getConfigPath() {
-  return join2(homedir2(), ".vm0", "config.json");
-}
-var infoCommand = new Command6().name("info").description("Display environment and debug information").action(async () => {
-  console.log(chalk4.bold(`VM0 CLI v${"9.72.1"}`));
-  console.log();
-  const config = await loadConfig();
-  const hasEnvToken = !!process.env.VM0_TOKEN;
-  const hasConfigToken = !!config.token;
-  const isAuthenticated2 = hasEnvToken || hasConfigToken;
-  console.log(chalk4.bold("Authentication:"));
-  if (isAuthenticated2) {
-    const tokenSource = hasEnvToken ? "VM0_TOKEN env var" : "config file";
-    console.log(`  ${chalk4.green("\u2713")} Logged in (via ${tokenSource})`);
-  } else {
-    console.log(`  ${chalk4.red("\u2717")} Not authenticated`);
-  }
-  const configExists = existsSync2(getConfigPath());
-  const configDisplay = configExists ? `~/.vm0/config.json` : `~/.vm0/config.json (not found)`;
-  console.log(`  Config: ${configDisplay}`);
-  console.log();
-  const apiUrl = await getApiUrl();
-  console.log(chalk4.bold("API:"));
-  console.log(`  Host: ${apiUrl}`);
-  console.log();
-  console.log(chalk4.bold("System:"));
-  console.log(`  Node: ${process.version}`);
-  console.log(`  Platform: ${process.platform} (${process.arch})`);
-  console.log(`  OS: ${type()} ${release2()}`);
-  console.log(`  Shell: ${process.env.SHELL ?? "unknown"}`);
-  console.log(`  Package Manager: ${detectPackageManager()}`);
-});
-
-// src/commands/compose/index.ts
-import { Command as Command7, Option } from "commander";
-import chalk6 from "chalk";
-import { readFile as readFile4, rm as rm3 } from "fs/promises";
-import { existsSync as existsSync5 } from "fs";
-import { dirname as dirname2, join as join8 } from "path";
-import { parse as parseYaml3 } from "yaml";
-
 // ../../packages/core/src/variable-expander.ts
 var VARIABLE_PATTERN = /\$\{\{\s*(env|vars|secrets)\.([a-zA-Z_][a-zA-Z0-9_]*)\s*\}\}/g;
 function extractVariableReferencesFromString(value) {
@@ -780,6 +415,30 @@ var apiErrorSchema = z2.object({
     code: z2.string()
   })
 });
+var RUN_ERROR_GUIDANCE = {
+  NO_MODEL_PROVIDER: {
+    title: "No model provider configured",
+    guidance: "Configure a model provider to start running agents.",
+    cliHint: "vm0 org model-provider setup"
+  },
+  INSUFFICIENT_CREDITS: {
+    title: "Credits depleted",
+    guidance: "Add credits or configure your own API key to continue.",
+    cliHint: "vm0 org billing"
+  },
+  PROVIDER_INCOMPATIBLE: {
+    title: "Provider not compatible",
+    guidance: "This session was created with a different provider type."
+  },
+  PROVIDER_UNAVAILABLE: {
+    title: "Provider temporarily unavailable",
+    guidance: "The model provider is temporarily unavailable. Please try again later."
+  },
+  TOO_MANY_REQUESTS: {
+    title: "Concurrent run limit reached",
+    guidance: "Wait for your current run to complete before starting a new one."
+  }
+};
 
 // ../../packages/core/src/contracts/composes.ts
 import { z as z4 } from "zod";
@@ -826,7 +485,8 @@ var VALID_CAPABILITIES = [
   "agent-run:read",
   "agent-run:write",
   "schedule:read",
-  "schedule:write"
+  "schedule:write",
+  "integration-slack:write"
 ];
 var agentNameSchema = z4.string().min(3, "Agent name must be at least 3 characters").max(64, "Agent name must be 64 characters or less").regex(
   AGENT_NAME_REGEX,
@@ -1087,6 +747,59 @@ var composesListContract = c.router({
     summary: "List all agent composes for an org"
   }
 });
+var metadataUpdateSchema = z4.object({
+  displayName: z4.string().optional(),
+  description: z4.string().optional(),
+  sound: z4.string().optional()
+});
+var composesMetadataContract = c.router({
+  /**
+   * PATCH /api/agent/composes/:id/metadata
+   * Update agent compose metadata (displayName, description, sound)
+   */
+  updateMetadata: {
+    method: "PATCH",
+    path: "/api/agent/composes/:id/metadata",
+    headers: authHeadersSchema,
+    pathParams: z4.object({
+      id: z4.string().min(1, "Compose ID is required")
+    }),
+    body: metadataUpdateSchema,
+    responses: {
+      200: z4.object({ ok: z4.literal(true) }),
+      400: apiErrorSchema,
+      401: apiErrorSchema,
+      403: apiErrorSchema,
+      404: apiErrorSchema
+    },
+    summary: "Update agent compose metadata"
+  }
+});
+var composeInstructionsResponseSchema = z4.object({
+  content: z4.string().nullable(),
+  filename: z4.string().nullable()
+});
+var composesInstructionsContract = c.router({
+  /**
+   * GET /api/agent/composes/:id/instructions
+   * Get the instructions content for an agent compose
+   */
+  getInstructions: {
+    method: "GET",
+    path: "/api/agent/composes/:id/instructions",
+    headers: authHeadersSchema,
+    pathParams: z4.object({
+      id: z4.string().min(1, "Compose ID is required")
+    }),
+    responses: {
+      200: composeInstructionsResponseSchema,
+      401: apiErrorSchema,
+      403: apiErrorSchema,
+      404: apiErrorSchema
+    },
+    summary: "Get agent compose instructions content"
+  }
+});
 
 // ../../packages/core/src/contracts/runs.ts
 import { z as z8 } from "zod";
@@ -1556,8 +1269,11 @@ var runsMainContract = c5.router({
       201: createRunResponseSchema,
       400: apiErrorSchema,
       401: apiErrorSchema,
+      402: apiErrorSchema,
       403: apiErrorSchema,
-      404: apiErrorSchema
+      404: apiErrorSchema,
+      422: apiErrorSchema,
+      503: apiErrorSchema
     },
     summary: "Create and execute agent run"
   }
@@ -1658,6 +1374,7 @@ var agentEventsResponseSchema = z8.object({
 });
 var networkLogEntrySchema = z8.object({
   timestamp: z8.string(),
+  type: z8.enum(["http", "tcp"]).optional(),
   action: z8.enum(["ALLOW", "DENY"]).optional(),
   host: z8.string().optional(),
   port: z8.number().optional(),
@@ -1673,7 +1390,8 @@ var networkLogEntrySchema = z8.object({
   firewall_permission: z8.string().optional(),
   firewall_rule_match: z8.string().optional(),
   firewall_params: z8.record(z8.string(), z8.string()).optional(),
-  firewall_error: z8.string().optional()
+  firewall_error: z8.string().optional(),
+  error: z8.string().optional()
 });
 var networkLogsResponseSchema = z8.object({
   networkLogs: z8.array(networkLogEntrySchema),
@@ -2326,17 +2044,24 @@ var sandboxOperationSchema = z10.object({
 });
 var networkLogSchema = z10.object({
   timestamp: z10.string(),
-  mode: z10.literal("mitm").optional(),
+  type: z10.enum(["http", "tcp"]).optional(),
   action: z10.enum(["ALLOW", "DENY"]).optional(),
   host: z10.string().optional(),
   port: z10.number().optional(),
-  rule_matched: z10.string().nullable().optional(),
   method: z10.string().optional(),
   url: z10.string().optional(),
   status: z10.number().optional(),
   latency_ms: z10.number().optional(),
   request_size: z10.number().optional(),
-  response_size: z10.number().optional()
+  response_size: z10.number().optional(),
+  firewall_base: z10.string().optional(),
+  firewall_name: z10.string().optional(),
+  firewall_ref: z10.string().optional(),
+  firewall_permission: z10.string().optional(),
+  firewall_rule_match: z10.string().optional(),
+  firewall_params: z10.record(z10.string(), z10.string()).optional(),
+  firewall_error: z10.string().optional(),
+  error: z10.string().optional()
 });
 var webhookTelemetryContract = c7.router({
   /**
@@ -3836,17 +3561,23 @@ var schedulesEnableContract = c16.router({
     pathParams: z20.object({
       name: z20.string().min(1, "Schedule name required")
     }),
+    query: z20.object({
+      org: z20.string().optional()
+    }),
     body: z20.object({
       composeId: z20.string().uuid("Compose ID required")
     }),
     responses: {
       200: scheduleResponseSchema,
+      400: apiErrorSchema,
       401: apiErrorSchema,
       403: apiErrorSchema,
       404: apiErrorSchema
     },
     summary: "Enable schedule"
-  },
+  }
+});
+var schedulesDisableContract = c16.router({
   /**
    * POST /api/agent/schedules/:name/disable
    * Disable an enabled schedule
@@ -3858,11 +3589,15 @@ var schedulesEnableContract = c16.router({
     pathParams: z20.object({
       name: z20.string().min(1, "Schedule name required")
     }),
+    query: z20.object({
+      org: z20.string().optional()
+    }),
     body: z20.object({
       composeId: z20.string().uuid("Compose ID required")
     }),
     responses: {
       200: scheduleResponseSchema,
+      400: apiErrorSchema,
       401: apiErrorSchema,
       403: apiErrorSchema,
       404: apiErrorSchema
@@ -3895,6 +3630,32 @@ var scheduleRunsContract = c16.router({
     summary: "List recent runs for a schedule"
   }
 });
+var agentMissingSecretsSchema = z20.object({
+  composeId: z20.string(),
+  agentName: z20.string(),
+  requiredSecrets: z20.array(z20.string()),
+  missingSecrets: z20.array(z20.string())
+});
+var schedulesMissingSecretsContract = c16.router({
+  /**
+   * GET /api/agent/schedules/missing-secrets
+   * Check agents for missing secrets
+   */
+  getMissingSecrets: {
+    method: "GET",
+    path: "/api/agent/schedules/missing-secrets",
+    headers: authHeadersSchema,
+    query: z20.object({
+      org: z20.string().optional()
+    }),
+    responses: {
+      200: z20.object({ agents: z20.array(agentMissingSecretsSchema) }),
+      401: apiErrorSchema,
+      403: apiErrorSchema
+    },
+    summary: "Check agents for missing secrets"
+  }
+});
 
 // ../../packages/core/src/contracts/realtime.ts
 import { z as z21 } from "zod";
@@ -8017,31 +7778,57 @@ var orgVariablesByNameContract = c25.router({
   }
 });
 
+// ../../packages/core/src/contracts/required-env.ts
+import { z as z30 } from "zod";
+var c26 = initContract();
+var agentRequiredEnvSchema = z30.object({
+  composeId: z30.string(),
+  agentName: z30.string(),
+  requiredSecrets: z30.array(z30.string()),
+  requiredVariables: z30.array(z30.string())
+});
+var requiredEnvContract = c26.router({
+  /**
+   * GET /api/agent/required-env
+   * Get required environment variables for user agents
+   */
+  getRequiredEnv: {
+    method: "GET",
+    path: "/api/agent/required-env",
+    headers: authHeadersSchema,
+    responses: {
+      200: z30.object({ agents: z30.array(agentRequiredEnvSchema) }),
+      401: apiErrorSchema
+    },
+    summary: "Get required environment variables for user agents"
+  }
+});
+
 // ../../packages/core/src/contracts/zero-agents.ts
-import { z as z30 } from "zod";
-var c26 = initContract();
-var zeroAgentResponseSchema = z30.object({
-  name: z30.string(),
-  agentComposeId: z30.string(),
-  description: z30.string().nullable(),
-  displayName: z30.string().nullable(),
-  sound: z30.string().nullable(),
-  connectors: z30.array(z30.string())
+import { z as z31 } from "zod";
+var c27 = initContract();
+var zeroAgentResponseSchema = z31.object({
+  name: z31.string(),
+  agentComposeId: z31.string(),
+  description: z31.string().nullable(),
+  displayName: z31.string().nullable(),
+  sound: z31.string().nullable(),
+  connectors: z31.array(z31.string())
 });
-var zeroAgentRequestSchema = z30.object({
-  description: z30.string().optional(),
-  displayName: z30.string().optional(),
-  sound: z30.string().optional(),
-  connectors: z30.array(z30.string())
+var zeroAgentRequestSchema = z31.object({
+  description: z31.string().optional(),
+  displayName: z31.string().optional(),
+  sound: z31.string().optional(),
+  connectors: z31.array(z31.string())
 });
-var zeroAgentInstructionsResponseSchema = z30.object({
-  content: z30.string().nullable(),
-  filename: z30.string().nullable()
+var zeroAgentInstructionsResponseSchema = z31.object({
+  content: z31.string().nullable(),
+  filename: z31.string().nullable()
 });
-var zeroAgentInstructionsRequestSchema = z30.object({
-  content: z30.string()
+var zeroAgentInstructionsRequestSchema = z31.object({
+  content: z31.string()
 });
-var zeroAgentsMainContract = c26.router({
+var zeroAgentsMainContract = c27.router({
   create: {
     method: "POST",
     path: "/api/zero/agents",
@@ -8056,12 +7843,12 @@ var zeroAgentsMainContract = c26.router({
     summary: "Create zero agent"
   }
 });
-var zeroAgentsByNameContract = c26.router({
+var zeroAgentsByNameContract = c27.router({
   get: {
     method: "GET",
     path: "/api/zero/agents/:name",
     headers: authHeadersSchema,
-    pathParams: z30.object({ name: z30.string() }),
+    pathParams: z31.object({ name: z31.string() }),
     responses: {
       200: zeroAgentResponseSchema,
       401: apiErrorSchema,
@@ -8073,7 +7860,7 @@ var zeroAgentsByNameContract = c26.router({
     method: "PUT",
     path: "/api/zero/agents/:name",
     headers: authHeadersSchema,
-    pathParams: z30.object({ name: z30.string() }),
+    pathParams: z31.object({ name: z31.string() }),
     body: zeroAgentRequestSchema,
     responses: {
       200: zeroAgentResponseSchema,
@@ -8085,12 +7872,12 @@ var zeroAgentsByNameContract = c26.router({
     summary: "Update zero agent"
   }
 });
-var zeroAgentInstructionsContract = c26.router({
+var zeroAgentInstructionsContract = c27.router({
   get: {
     method: "GET",
     path: "/api/zero/agents/:name/instructions",
     headers: authHeadersSchema,
-    pathParams: z30.object({ name: z30.string() }),
+    pathParams: z31.object({ name: z31.string() }),
     responses: {
       200: zeroAgentInstructionsResponseSchema,
       401: apiErrorSchema,
@@ -8102,7 +7889,7 @@ var zeroAgentInstructionsContract = c26.router({
     method: "PUT",
     path: "/api/zero/agents/:name/instructions",
     headers: authHeadersSchema,
-    pathParams: z30.object({ name: z30.string() }),
+    pathParams: z31.object({ name: z31.string() }),
     body: zeroAgentInstructionsRequestSchema,
     responses: {
       200: zeroAgentResponseSchema,
@@ -8115,9 +7902,9 @@ var zeroAgentInstructionsContract = c26.router({
 });
 
 // ../../packages/core/src/contracts/zero-connectors.ts
-import { z as z31 } from "zod";
-var c27 = initContract();
-var zeroConnectorsMainContract = c27.router({
+import { z as z32 } from "zod";
+var c28 = initContract();
+var zeroConnectorsMainContract = c28.router({
   list: {
     method: "GET",
     path: "/api/zero/connectors",
@@ -8130,26 +7917,26 @@ var zeroConnectorsMainContract = c27.router({
     summary: "List all connectors (zero proxy)"
   }
 });
-var zeroConnectorsByTypeContract = c27.router({
+var zeroConnectorsByTypeContract = c28.router({
   delete: {
     method: "DELETE",
     path: "/api/zero/connectors/:type",
     headers: authHeadersSchema,
-    pathParams: z31.object({ type: connectorTypeSchema }),
+    pathParams: z32.object({ type: connectorTypeSchema }),
     responses: {
-      204: c27.noBody(),
+      204: c28.noBody(),
       401: apiErrorSchema,
       404: apiErrorSchema
     },
     summary: "Disconnect a connector (zero proxy)"
   }
 });
-var zeroConnectorScopeDiffContract = c27.router({
+var zeroConnectorScopeDiffContract = c28.router({
   getScopeDiff: {
     method: "GET",
     path: "/api/zero/connectors/:type/scope-diff",
     headers: authHeadersSchema,
-    pathParams: z31.object({ type: connectorTypeSchema }),
+    pathParams: z32.object({ type: connectorTypeSchema }),
     responses: {
       200: scopeDiffResponseSchema,
       401: apiErrorSchema,
@@ -8160,8 +7947,8 @@ var zeroConnectorScopeDiffContract = c27.router({
 });
 
 // ../../packages/core/src/contracts/zero-org.ts
-var c28 = initContract();
-var zeroOrgContract = c28.router({
+var c29 = initContract();
+var zeroOrgContract = c29.router({
   get: {
     method: "GET",
     path: "/api/zero/org",
@@ -8176,16 +7963,16 @@ var zeroOrgContract = c28.router({
 });
 
 // ../../packages/core/src/contracts/zero-composes.ts
-import { z as z32 } from "zod";
-var c29 = initContract();
-var zeroComposesMainContract = c29.router({
+import { z as z33 } from "zod";
+var c30 = initContract();
+var zeroComposesMainContract = c30.router({
   getByName: {
     method: "GET",
     path: "/api/zero/composes",
     headers: authHeadersSchema,
-    query: z32.object({
-      name: z32.string().min(1, "Missing name query parameter"),
-      org: z32.string().optional()
+    query: z33.object({
+      name: z33.string().min(1, "Missing name query parameter"),
+      org: z33.string().optional()
     }),
     responses: {
       200: composeResponseSchema,
@@ -8196,13 +7983,13 @@ var zeroComposesMainContract = c29.router({
     summary: "Get agent compose by name (zero proxy)"
   }
 });
-var zeroComposesByIdContract = c29.router({
+var zeroComposesByIdContract = c30.router({
   getById: {
     method: "GET",
     path: "/api/zero/composes/:id",
     headers: authHeadersSchema,
-    pathParams: z32.object({
-      id: z32.string().min(1, "Compose ID is required")
+    pathParams: z33.object({
+      id: z33.string().min(1, "Compose ID is required")
     }),
     responses: {
       200: composeResponseSchema,
@@ -8216,12 +8003,12 @@ var zeroComposesByIdContract = c29.router({
     method: "DELETE",
     path: "/api/zero/composes/:id",
     headers: authHeadersSchema,
-    pathParams: z32.object({
-      id: z32.string().uuid("Compose ID is required")
+    pathParams: z33.object({
+      id: z33.string().uuid("Compose ID is required")
     }),
-    body: c29.noBody(),
+    body: c30.noBody(),
     responses: {
-      204: c29.noBody(),
+      204: c30.noBody(),
       401: apiErrorSchema,
       403: apiErrorSchema,
       404: apiErrorSchema,
@@ -8230,17 +8017,17 @@ var zeroComposesByIdContract = c29.router({
     summary: "Delete agent compose (zero proxy)"
   }
 });
-var zeroComposesListContract = c29.router({
+var zeroComposesListContract = c30.router({
   list: {
     method: "GET",
     path: "/api/zero/composes/list",
     headers: authHeadersSchema,
-    query: z32.object({
-      org: z32.string().optional()
+    query: z33.object({
+      org: z33.string().optional()
     }),
     responses: {
-      200: z32.object({
-        composes: z32.array(composeListItemSchema)
+      200: z33.object({
+        composes: z33.array(composeListItemSchema)
       }),
       400: apiErrorSchema,
       401: apiErrorSchema,
@@ -8251,12 +8038,12 @@ var zeroComposesListContract = c29.router({
 });
 
 // ../../packages/core/src/contracts/zero-runs.ts
-import { z as z33 } from "zod";
+import { z as z34 } from "zod";
 var zeroRunRequestSchema = unifiedRunRequestSchema.omit({
   triggerSource: true
 });
-var c30 = initContract();
-var zeroRunsMainContract = c30.router({
+var c31 = initContract();
+var zeroRunsMainContract = c31.router({
   create: {
     method: "POST",
     path: "/api/zero/runs",
@@ -8272,13 +8059,13 @@ var zeroRunsMainContract = c30.router({
     summary: "Create and execute agent run (zero proxy)"
   }
 });
-var zeroRunsByIdContract = c30.router({
+var zeroRunsByIdContract = c31.router({
   getById: {
     method: "GET",
     path: "/api/zero/runs/:id",
     headers: authHeadersSchema,
-    pathParams: z33.object({
-      id: z33.string().min(1, "Run ID is required")
+    pathParams: z34.object({
+      id: z34.string().min(1, "Run ID is required")
     }),
     responses: {
       200: getRunResponseSchema,
@@ -8289,15 +8076,15 @@ var zeroRunsByIdContract = c30.router({
     summary: "Get agent run by ID (zero proxy)"
   }
 });
-var zeroRunsCancelContract = c30.router({
+var zeroRunsCancelContract = c31.router({
   cancel: {
     method: "POST",
     path: "/api/zero/runs/:id/cancel",
     headers: authHeadersSchema,
-    pathParams: z33.object({
-      id: z33.string().min(1, "Run ID is required")
+    pathParams: z34.object({
+      id: z34.string().min(1, "Run ID is required")
     }),
-    body: z33.undefined(),
+    body: z34.undefined(),
     responses: {
       200: cancelRunResponseSchema,
       400: apiErrorSchema,
@@ -8308,7 +8095,7 @@ var zeroRunsCancelContract = c30.router({
     summary: "Cancel a pending or running run (zero proxy)"
   }
 });
-var zeroRunsQueueContract = c30.router({
+var zeroRunsQueueContract = c31.router({
   getQueue: {
     method: "GET",
     path: "/api/zero/runs/queue",
@@ -8321,18 +8108,18 @@ var zeroRunsQueueContract = c30.router({
     summary: "Get org run queue status (zero proxy)"
   }
 });
-var zeroRunAgentEventsContract = c30.router({
+var zeroRunAgentEventsContract = c31.router({
   getAgentEvents: {
     method: "GET",
     path: "/api/zero/runs/:id/telemetry/agent",
     headers: authHeadersSchema,
-    pathParams: z33.object({
-      id: z33.string().min(1, "Run ID is required")
+    pathParams: z34.object({
+      id: z34.string().min(1, "Run ID is required")
     }),
-    query: z33.object({
-      since: z33.coerce.number().optional(),
-      limit: z33.coerce.number().min(1).max(100).default(5),
-      order: z33.enum(["asc", "desc"]).default("desc")
+    query: z34.object({
+      since: z34.coerce.number().optional(),
+      limit: z34.coerce.number().min(1).max(100).default(5),
+      order: z34.enum(["asc", "desc"]).default("desc")
     }),
     responses: {
       200: agentEventsResponseSchema,
@@ -8344,9 +8131,9 @@ var zeroRunAgentEventsContract = c30.router({
 });
 
 // ../../packages/core/src/contracts/zero-schedules.ts
-import { z as z34 } from "zod";
-var c31 = initContract();
-var zeroSchedulesMainContract = c31.router({
+import { z as z35 } from "zod";
+var c32 = initContract();
+var zeroSchedulesMainContract = c32.router({
   deploy: {
     method: "POST",
     path: "/api/zero/schedules",
@@ -8374,19 +8161,19 @@ var zeroSchedulesMainContract = c31.router({
     summary: "List all schedules (zero proxy)"
   }
 });
-var zeroSchedulesByNameContract = c31.router({
+var zeroSchedulesByNameContract = c32.router({
   delete: {
     method: "DELETE",
     path: "/api/zero/schedules/:name",
     headers: authHeadersSchema,
-    pathParams: z34.object({
-      name: z34.string().min(1, "Schedule name required")
+    pathParams: z35.object({
+      name: z35.string().min(1, "Schedule name required")
     }),
-    query: z34.object({
-      composeId: z34.string().uuid("Compose ID required")
+    query: z35.object({
+      composeId: z35.string().uuid("Compose ID required")
     }),
     responses: {
-      204: c31.noBody(),
+      204: c32.noBody(),
       401: apiErrorSchema,
       403: apiErrorSchema,
       404: apiErrorSchema
@@ -8394,16 +8181,16 @@ var zeroSchedulesByNameContract = c31.router({
     summary: "Delete schedule (zero proxy)"
   }
 });
-var zeroSchedulesEnableContract = c31.router({
+var zeroSchedulesEnableContract = c32.router({
   enable: {
     method: "POST",
     path: "/api/zero/schedules/:name/enable",
     headers: authHeadersSchema,
-    pathParams: z34.object({
-      name: z34.string().min(1, "Schedule name required")
+    pathParams: z35.object({
+      name: z35.string().min(1, "Schedule name required")
     }),
-    body: z34.object({
-      composeId: z34.string().uuid("Compose ID required")
+    body: z35.object({
+      composeId: z35.string().uuid("Compose ID required")
     }),
     responses: {
       200: scheduleResponseSchema,
@@ -8418,11 +8205,11 @@ var zeroSchedulesEnableContract = c31.router({
     method: "POST",
     path: "/api/zero/schedules/:name/disable",
     headers: authHeadersSchema,
-    pathParams: z34.object({
-      name: z34.string().min(1, "Schedule name required")
+    pathParams: z35.object({
+      name: z35.string().min(1, "Schedule name required")
     }),
-    body: z34.object({
-      composeId: z34.string().uuid("Compose ID required")
+    body: z35.object({
+      composeId: z35.string().uuid("Compose ID required")
     }),
     responses: {
       200: scheduleResponseSchema,
@@ -8436,9 +8223,9 @@ var zeroSchedulesEnableContract = c31.router({
 });
 
 // ../../packages/core/src/contracts/zero-model-providers.ts
-import { z as z35 } from "zod";
-var c32 = initContract();
-var zeroModelProvidersMainContract = c32.router({
+import { z as z36 } from "zod";
+var c33 = initContract();
+var zeroModelProvidersMainContract = c33.router({
   list: {
     method: "GET",
     path: "/api/zero/model-providers",
@@ -8466,16 +8253,16 @@ var zeroModelProvidersMainContract = c32.router({
     summary: "Create or update an org-level model provider (admin only)"
   }
 });
-var zeroModelProvidersByTypeContract = c32.router({
+var zeroModelProvidersByTypeContract = c33.router({
   delete: {
     method: "DELETE",
     path: "/api/zero/model-providers/:type",
     headers: authHeadersSchema,
-    pathParams: z35.object({
+    pathParams: z36.object({
       type: modelProviderTypeSchema
     }),
     responses: {
-      204: c32.noBody(),
+      204: c33.noBody(),
       401: apiErrorSchema,
       403: apiErrorSchema,
       404: apiErrorSchema,
@@ -8484,15 +8271,15 @@ var zeroModelProvidersByTypeContract = c32.router({
     summary: "Delete an org-level model provider (admin only)"
   }
 });
-var zeroModelProvidersDefaultContract = c32.router({
+var zeroModelProvidersDefaultContract = c33.router({
   setDefault: {
     method: "POST",
     path: "/api/zero/model-providers/:type/default",
     headers: authHeadersSchema,
-    pathParams: z35.object({
+    pathParams: z36.object({
       type: modelProviderTypeSchema
     }),
-    body: z35.undefined(),
+    body: z36.undefined(),
     responses: {
       200: modelProviderResponseSchema,
       401: apiErrorSchema,
@@ -8505,8 +8292,8 @@ var zeroModelProvidersDefaultContract = c32.router({
 });
 
 // ../../packages/core/src/contracts/zero-user-preferences.ts
-var c33 = initContract();
-var zeroUserPreferencesContract = c33.router({
+var c34 = initContract();
+var zeroUserPreferencesContract = c34.router({
   get: {
     method: "GET",
     path: "/api/zero/user-preferences",
@@ -8534,8 +8321,8 @@ var zeroUserPreferencesContract = c33.router({
 });
 
 // ../../packages/core/src/contracts/zero-secrets.ts
-var c34 = initContract();
-var zeroSecretsContract = c34.router({
+var c35 = initContract();
+var zeroSecretsContract = c35.router({
   set: {
     method: "POST",
     path: "/api/zero/secrets",
@@ -8551,7 +8338,7 @@ var zeroSecretsContract = c34.router({
     summary: "Create or update a secret"
   }
 });
-var zeroVariablesContract = c34.router({
+var zeroVariablesContract = c35.router({
   set: {
     method: "POST",
     path: "/api/zero/variables",
@@ -8569,15 +8356,15 @@ var zeroVariablesContract = c34.router({
 });
 
 // ../../packages/core/src/contracts/zero-sessions.ts
-import { z as z36 } from "zod";
-var c35 = initContract();
-var zeroSessionsByIdContract = c35.router({
+import { z as z37 } from "zod";
+var c36 = initContract();
+var zeroSessionsByIdContract = c36.router({
   getById: {
     method: "GET",
     path: "/api/zero/sessions/:id",
     headers: authHeadersSchema,
-    pathParams: z36.object({
-      id: z36.string().min(1, "Session ID is required")
+    pathParams: z37.object({
+      id: z37.string().min(1, "Session ID is required")
     }),
     responses: {
       200: sessionResponseSchema,
@@ -8589,6 +8376,35 @@ var zeroSessionsByIdContract = c35.router({
   }
 });
 
+// ../../packages/core/src/contracts/integrations.ts
+import { z as z38 } from "zod";
+var c37 = initContract();
+var integrationsSlackMessageContract = c37.router({
+  sendMessage: {
+    method: "POST",
+    path: "/api/agent/integrations/slack/message",
+    headers: authHeadersSchema,
+    body: z38.object({
+      channel: z38.string().min(1, "Channel ID is required"),
+      text: z38.string().optional(),
+      threadTs: z38.string().optional(),
+      blocks: z38.array(z38.object({ type: z38.string() }).passthrough()).optional()
+    }),
+    responses: {
+      200: z38.object({
+        ok: z38.literal(true),
+        ts: z38.string().optional(),
+        channel: z38.string().optional()
+      }),
+      400: apiErrorSchema,
+      401: apiErrorSchema,
+      403: apiErrorSchema,
+      404: apiErrorSchema
+    },
+    summary: "Send a Slack message via org bot token"
+  }
+});
+
 // ../../packages/core/src/storage-names.ts
 function getInstructionsStorageName(agentName) {
   return `agent-instructions@${agentName}`;
@@ -8848,46 +8664,422 @@ var FEATURE_SWITCHES = {
     enabled: false,
     enabledUserHashes: STAFF_USER_HASHES
   }
-};
-async function isFeatureEnabled(key, userId, email) {
-  const featureSwitch = FEATURE_SWITCHES[key];
-  if (featureSwitch.enabled) {
-    return true;
+};
+async function isFeatureEnabled(key, userId, email) {
+  const featureSwitch = FEATURE_SWITCHES[key];
+  if (featureSwitch.enabled) {
+    return true;
+  }
+  if (userId && featureSwitch.enabledUserHashes?.length) {
+    const hash = await sha1(userId);
+    if (featureSwitch.enabledUserHashes.includes(hash)) return true;
+  }
+  if (email && featureSwitch.enabledEmailHashes?.length) {
+    const hash = await sha1(email.toLowerCase());
+    if (featureSwitch.enabledEmailHashes.includes(hash)) return true;
+  }
+  return false;
+}
+
+// ../../packages/core/src/skill-frontmatter.ts
+import { parse as parseYaml2 } from "yaml";
+function parseSkillFrontmatter(content) {
+  const frontmatterMatch = content.match(/^---\r?\n([\s\S]*?)\r?\n---/);
+  if (!frontmatterMatch) {
+    return {};
+  }
+  const yamlContent = frontmatterMatch[1];
+  if (!yamlContent) {
+    return {};
+  }
+  const parsed = parseYaml2(yamlContent);
+  if (!parsed || typeof parsed !== "object") {
+    return {};
+  }
+  const data = parsed;
+  return {
+    name: typeof data.name === "string" ? data.name : void 0,
+    description: typeof data.description === "string" ? data.description : void 0,
+    vm0_secrets: Array.isArray(data.vm0_secrets) ? data.vm0_secrets.filter((s) => typeof s === "string") : void 0,
+    vm0_vars: Array.isArray(data.vm0_vars) ? data.vm0_vars.filter((s) => typeof s === "string") : void 0
+  };
+}
+
+// src/lib/api/core/client-factory.ts
+import { tsRestFetchApi } from "@ts-rest/core";
+var ApiRequestError = class extends Error {
+  constructor(message, code, status) {
+    super(message);
+    this.code = code;
+    this.status = status;
+    this.name = "ApiRequestError";
+  }
+};
+async function getHeaders() {
+  const token = await getActiveToken();
+  if (!token) {
+    throw new ApiRequestError("Not authenticated", "UNAUTHORIZED", 401);
+  }
+  const headers = {
+    Authorization: `Bearer ${token}`
+  };
+  const bypassSecret = process.env.VERCEL_AUTOMATION_BYPASS_SECRET;
+  if (bypassSecret) {
+    headers["x-vercel-protection-bypass"] = bypassSecret;
+  }
+  return headers;
+}
+async function getBaseUrl() {
+  const apiUrl = await getApiUrl();
+  if (!apiUrl) {
+    throw new Error("API URL not configured");
+  }
+  return apiUrl;
+}
+async function getClientConfig() {
+  const baseUrl = await getBaseUrl();
+  const baseHeaders = await getHeaders();
+  const activeOrg = await getActiveOrg();
+  if (!activeOrg) {
+    throw new Error(
+      "No active organization configured. Run: vm0 org use <slug>"
+    );
+  }
+  return {
+    baseUrl,
+    baseHeaders,
+    jsonQuery: false,
+    api: async (args) => {
+      const separator = args.path.includes("?") ? "&" : "?";
+      if (!args.path.includes("org=")) {
+        args.path = `${args.path}${separator}org=${encodeURIComponent(activeOrg)}`;
+      }
+      return tsRestFetchApi(args);
+    }
+  };
+}
+function handleError(result, defaultMessage) {
+  const errorBody = result.body;
+  const message = errorBody.error?.message || defaultMessage;
+  const code = errorBody.error?.code || "UNKNOWN";
+  throw new ApiRequestError(message, code, result.status);
+}
+
+// src/lib/command/with-error-handler.ts
+function withErrorHandler(fn) {
+  return async (...args) => {
+    try {
+      await fn(...args);
+    } catch (error) {
+      if (error instanceof ApiRequestError) {
+        if (error.code === "UNAUTHORIZED") {
+          console.error(chalk2.red("\u2717 Not authenticated"));
+          console.error(chalk2.dim("  Run: vm0 auth login"));
+        } else {
+          const guidance = RUN_ERROR_GUIDANCE[error.code];
+          if (guidance) {
+            console.error(chalk2.red(`\u2717 ${guidance.title}`));
+            console.error(chalk2.dim(`  ${guidance.guidance}`));
+            if (guidance.cliHint) {
+              console.error(chalk2.dim(`  Run: ${guidance.cliHint}`));
+            }
+          } else {
+            console.error(chalk2.red(`\u2717 ${error.status}: ${error.message}`));
+          }
+        }
+      } else if (error instanceof Error) {
+        console.error(chalk2.red(`\u2717 ${error.message}`));
+      } else {
+        console.error(chalk2.red("\u2717 An unexpected error occurred"));
+      }
+      if (error instanceof Error && error.cause instanceof Error) {
+        console.error(chalk2.dim(`  Cause: ${error.cause.message}`));
+      }
+      process.exit(1);
+    }
+  };
+}
+
+// src/commands/auth/login.ts
+var loginCommand = new Command().name("login").description("Log in to VM0 (use VM0_API_URL env var to set API URL)").action(
+  withErrorHandler(async () => {
+    await authenticate();
+  })
+);
+
+// src/commands/auth/logout.ts
+import { Command as Command2 } from "commander";
+var logoutCommand = new Command2().name("logout").description("Log out of VM0").action(
+  withErrorHandler(async () => {
+    await logout();
+  })
+);
+
+// src/commands/auth/status.ts
+import { Command as Command3 } from "commander";
+var statusCommand = new Command3().name("status").description("Show current authentication status").action(
+  withErrorHandler(async () => {
+    await checkAuthStatus();
+  })
+);
+
+// src/commands/auth/setup-token.ts
+import { Command as Command4 } from "commander";
+var setupTokenCommand = new Command4().name("setup-token").description("Output auth token for CI/CD environments").action(
+  withErrorHandler(async () => {
+    await setupToken();
+  })
+);
+
+// src/commands/auth/index.ts
+var authCommand = new Command5().name("auth").description("Authenticate vm0").addCommand(loginCommand).addCommand(logoutCommand).addCommand(statusCommand).addCommand(setupTokenCommand);
+
+// src/commands/info/index.ts
+import { Command as Command6 } from "commander";
+import chalk4 from "chalk";
+import { existsSync as existsSync2 } from "fs";
+import { homedir as homedir2, release as release2, type } from "os";
+import { join as join2 } from "path";
+
+// src/lib/utils/update-checker.ts
+import chalk3 from "chalk";
+
+// src/lib/utils/spawn.ts
+import { spawn } from "child_process";
+function safeSpawn(command, args, options) {
+  const isWindows = process.platform === "win32";
+  const resolvedCommand = isWindows ? `${command}.cmd` : command;
+  return spawn(resolvedCommand, args, {
+    ...options,
+    shell: isWindows
+  });
+}
+
+// src/lib/utils/update-checker.ts
+var PACKAGE_NAME = "@vm0/cli";
+var NPM_REGISTRY_URL = `https://registry.npmjs.org/${encodeURIComponent(PACKAGE_NAME)}/latest`;
+var TIMEOUT_MS = 5e3;
+var pendingUpgrade = null;
+function detectPackageManager() {
+  const execPath = process.argv[1] ?? "";
+  if (execPath.includes("pnpm")) {
+    return "pnpm";
+  }
+  if (execPath.includes("/.bun/") || execPath.includes("/bun/")) {
+    return "bun";
   }
-  if (userId && featureSwitch.enabledUserHashes?.length) {
-    const hash = await sha1(userId);
-    if (featureSwitch.enabledUserHashes.includes(hash)) return true;
+  if (execPath.includes("/.yarn/") || execPath.includes("/yarn/")) {
+    return "yarn";
   }
-  if (email && featureSwitch.enabledEmailHashes?.length) {
-    const hash = await sha1(email.toLowerCase());
-    if (featureSwitch.enabledEmailHashes.includes(hash)) return true;
+  if (execPath.includes("/usr/local/") || // Homebrew on Intel Mac
+  execPath.includes("/opt/homebrew/") || // Homebrew on arm64 Mac
+  execPath.includes("/.nvm/") || execPath.includes("/.fnm/") || execPath.includes("/.volta/") || execPath.includes("/.nodenv/") || execPath.includes("/.n/") || execPath.includes("/node_modules/") || execPath.includes("\\npm\\") || // Windows: AppData\Roaming\npm
+  execPath.includes("\\nodejs\\")) {
+    return "npm";
   }
-  return false;
+  return "unknown";
 }
-
-// ../../packages/core/src/skill-frontmatter.ts
-import { parse as parseYaml2 } from "yaml";
-function parseSkillFrontmatter(content) {
-  const frontmatterMatch = content.match(/^---\r?\n([\s\S]*?)\r?\n---/);
-  if (!frontmatterMatch) {
-    return {};
+function isAutoUpgradeSupported(pm) {
+  return pm === "npm" || pm === "pnpm";
+}
+function getManualUpgradeCommand(pm) {
+  switch (pm) {
+    case "bun":
+      return `bun add -g ${PACKAGE_NAME}@latest`;
+    case "yarn":
+      return `yarn global add ${PACKAGE_NAME}@latest`;
+    case "pnpm":
+      return `pnpm add -g ${PACKAGE_NAME}@latest`;
+    case "npm":
+      return `npm install -g ${PACKAGE_NAME}@latest`;
+    case "unknown":
+      return `npm install -g ${PACKAGE_NAME}@latest`;
   }
-  const yamlContent = frontmatterMatch[1];
-  if (!yamlContent) {
-    return {};
+}
+function escapeForShell(str) {
+  return `'${str.replace(/'/g, "'\\''")}'`;
+}
+function buildRerunCommand(prompt) {
+  if (prompt) {
+    return `vm0 cook ${escapeForShell(prompt)}`;
   }
-  const parsed = parseYaml2(yamlContent);
-  if (!parsed || typeof parsed !== "object") {
-    return {};
+  return "vm0 cook";
+}
+async function getLatestVersion() {
+  try {
+    const controller = new AbortController();
+    const timeoutId = setTimeout(() => controller.abort(), TIMEOUT_MS);
+    const response = await fetch(NPM_REGISTRY_URL, {
+      signal: controller.signal
+    });
+    clearTimeout(timeoutId);
+    if (!response.ok) {
+      return null;
+    }
+    const json = await response.json();
+    return json.version ?? null;
+  } catch {
+    return null;
   }
-  const data = parsed;
-  return {
-    name: typeof data.name === "string" ? data.name : void 0,
-    description: typeof data.description === "string" ? data.description : void 0,
-    vm0_secrets: Array.isArray(data.vm0_secrets) ? data.vm0_secrets.filter((s) => typeof s === "string") : void 0,
-    vm0_vars: Array.isArray(data.vm0_vars) ? data.vm0_vars.filter((s) => typeof s === "string") : void 0
-  };
 }
+function performUpgrade(packageManager) {
+  return new Promise((resolve2) => {
+    const args = packageManager === "pnpm" ? ["add", "-g", `${PACKAGE_NAME}@latest`] : ["install", "-g", `${PACKAGE_NAME}@latest`];
+    const child = safeSpawn(packageManager, args, {
+      stdio: "inherit"
+    });
+    child.on("close", (code) => {
+      resolve2(code === 0);
+    });
+    child.on("error", () => {
+      resolve2(false);
+    });
+  });
+}
+async function checkAndUpgrade(currentVersion, prompt) {
+  const latestVersion = await getLatestVersion();
+  if (latestVersion === null) {
+    console.log(chalk3.yellow("\u26A0 Could not check for updates"));
+    console.log();
+    return false;
+  }
+  if (latestVersion === currentVersion) {
+    return false;
+  }
+  console.log(chalk3.yellow("vm0 is currently in beta."));
+  console.log(
+    chalk3.yellow(
+      `Current version: ${currentVersion} -> Latest version: ${latestVersion}`
+    )
+  );
+  console.log(
+    chalk3.yellow(
+      "Please always use the latest version for best compatibility."
+    )
+  );
+  console.log();
+  const packageManager = detectPackageManager();
+  if (!isAutoUpgradeSupported(packageManager)) {
+    if (packageManager === "unknown") {
+      console.log(
+        chalk3.yellow("Could not detect your package manager for auto-upgrade.")
+      );
+    } else {
+      console.log(
+        chalk3.yellow(`Auto-upgrade is not supported for ${packageManager}.`)
+      );
+    }
+    console.log(chalk3.yellow("Please upgrade manually:"));
+    console.log(chalk3.cyan(`  ${getManualUpgradeCommand(packageManager)}`));
+    console.log();
+    return false;
+  }
+  console.log(`Upgrading via ${packageManager}...`);
+  const success = await performUpgrade(packageManager);
+  if (success) {
+    console.log(chalk3.green(`Upgraded to ${latestVersion}`));
+    console.log();
+    console.log("To continue, run:");
+    console.log(chalk3.cyan(`  ${buildRerunCommand(prompt)}`));
+    return true;
+  }
+  console.error();
+  console.error(chalk3.red("\u2717 Upgrade failed. Please run manually:"));
+  console.error(chalk3.cyan(`  ${getManualUpgradeCommand(packageManager)}`));
+  console.error();
+  console.error("Then re-run:");
+  console.error(chalk3.cyan(`  ${buildRerunCommand(prompt)}`));
+  return true;
+}
+async function startSilentUpgrade(currentVersion) {
+  pendingUpgrade = null;
+  const latestVersion = await getLatestVersion();
+  if (latestVersion === null || latestVersion === currentVersion) {
+    return;
+  }
+  const packageManager = detectPackageManager();
+  if (!isAutoUpgradeSupported(packageManager)) {
+    return;
+  }
+  const isWindows = process.platform === "win32";
+  const args = packageManager === "pnpm" ? ["add", "-g", `${PACKAGE_NAME}@latest`] : ["install", "-g", `${PACKAGE_NAME}@latest`];
+  const child = safeSpawn(packageManager, args, {
+    stdio: "pipe",
+    detached: !isWindows,
+    windowsHide: true
+  });
+  const promise = new Promise((resolve2) => {
+    child.on("close", (code) => resolve2(code === 0));
+    child.on("error", () => resolve2(false));
+  });
+  pendingUpgrade = { promise, child, packageManager };
+}
+async function waitForSilentUpgrade(timeout = TIMEOUT_MS) {
+  if (!pendingUpgrade) {
+    return;
+  }
+  const { promise, child, packageManager } = pendingUpgrade;
+  pendingUpgrade = null;
+  const result = await Promise.race([
+    promise,
+    new Promise((resolve2) => {
+      setTimeout(() => {
+        child.kill();
+        resolve2(false);
+      }, timeout);
+    })
+  ]);
+  if (!result) {
+    console.log(
+      chalk3.yellow(
+        `
+\u26A0 vm0 auto upgrade failed. Please run: ${getManualUpgradeCommand(packageManager)}`
+      )
+    );
+  }
+}
+
+// src/commands/info/index.ts
+function getConfigPath() {
+  return join2(homedir2(), ".vm0", "config.json");
+}
+var infoCommand = new Command6().name("info").description("Display environment and debug information").action(async () => {
+  console.log(chalk4.bold(`VM0 CLI v${"9.74.0"}`));
+  console.log();
+  const config = await loadConfig();
+  const hasEnvToken = !!process.env.VM0_TOKEN;
+  const hasConfigToken = !!config.token;
+  const isAuthenticated2 = hasEnvToken || hasConfigToken;
+  console.log(chalk4.bold("Authentication:"));
+  if (isAuthenticated2) {
+    const tokenSource = hasEnvToken ? "VM0_TOKEN env var" : "config file";
+    console.log(`  ${chalk4.green("\u2713")} Logged in (via ${tokenSource})`);
+  } else {
+    console.log(`  ${chalk4.red("\u2717")} Not authenticated`);
+  }
+  const configExists = existsSync2(getConfigPath());
+  const configDisplay = configExists ? `~/.vm0/config.json` : `~/.vm0/config.json (not found)`;
+  console.log(`  Config: ${configDisplay}`);
+  console.log();
+  const apiUrl = await getApiUrl();
+  console.log(chalk4.bold("API:"));
+  console.log(`  Host: ${apiUrl}`);
+  console.log();
+  console.log(chalk4.bold("System:"));
+  console.log(`  Node: ${process.version}`);
+  console.log(`  Platform: ${process.platform} (${process.arch})`);
+  console.log(`  OS: ${type()} ${release2()}`);
+  console.log(`  Shell: ${process.env.SHELL ?? "unknown"}`);
+  console.log(`  Package Manager: ${detectPackageManager()}`);
+});
+
+// src/commands/compose/index.ts
+import { Command as Command7, Option } from "commander";
+import chalk6 from "chalk";
+import { readFile as readFile4, rm as rm3 } from "fs/promises";
+import { existsSync as existsSync5 } from "fs";
+import { dirname as dirname2, join as join8 } from "path";
+import { parse as parseYaml3 } from "yaml";
 
 // src/lib/api/core/http.ts
 async function appendOrgParam(path18) {
@@ -9286,7 +9478,7 @@ async function enableSchedule(params) {
 }
 async function disableSchedule(params) {
   const config = await getClientConfig();
-  const client = initClient6(schedulesEnableContract, config);
+  const client = initClient6(schedulesDisableContract, config);
   const result = await client.disable({
     params: { name: params.name },
     body: { composeId: params.composeId }
@@ -9641,8 +9833,8 @@ async function resolveSkills(skillUrls) {
 }
 
 // src/lib/domain/yaml-validator.ts
-import { z as z37 } from "zod";
-var cliAgentNameSchema = z37.string().min(3, "Agent name must be at least 3 characters").max(64, "Agent name must be 64 characters or less").regex(
+import { z as z39 } from "zod";
+var cliAgentNameSchema = z39.string().min(3, "Agent name must be at least 3 characters").max(64, "Agent name must be 64 characters or less").regex(
   /^[a-zA-Z0-9]([a-zA-Z0-9-]{0,62}[a-zA-Z0-9])?$/,
   "Agent name must start and end with letter or number, and contain only letters, numbers, and hyphens"
 );
@@ -9656,7 +9848,7 @@ var cliAgentDefinitionSchema = agentDefinitionSchema.superRefine(
             resolveSkillRef(skillRef);
           } catch (error) {
             ctx.addIssue({
-              code: z37.ZodIssueCode.custom,
+              code: z39.ZodIssueCode.custom,
               message: error instanceof Error ? error.message : `Invalid skill reference: ${skillRef}`,
               path: ["skills", i]
             });
@@ -9666,15 +9858,15 @@ var cliAgentDefinitionSchema = agentDefinitionSchema.superRefine(
     }
   }
 );
-var cliComposeSchema = z37.object({
-  version: z37.string().min(1, "Missing config.version"),
-  agents: z37.record(cliAgentNameSchema, cliAgentDefinitionSchema),
-  volumes: z37.record(z37.string(), volumeConfigSchema).optional()
+var cliComposeSchema = z39.object({
+  version: z39.string().min(1, "Missing config.version"),
+  agents: z39.record(cliAgentNameSchema, cliAgentDefinitionSchema),
+  volumes: z39.record(z39.string(), volumeConfigSchema).optional()
 }).superRefine((config, ctx) => {
   const agentKeys = Object.keys(config.agents);
   if (agentKeys.length === 0) {
     ctx.addIssue({
-      code: z37.ZodIssueCode.custom,
+      code: z39.ZodIssueCode.custom,
       message: "agents must have at least one agent defined",
       path: ["agents"]
     });
@@ -9682,7 +9874,7 @@ var cliComposeSchema = z37.object({
   }
   if (agentKeys.length > 1) {
     ctx.addIssue({
-      code: z37.ZodIssueCode.custom,
+      code: z39.ZodIssueCode.custom,
       message: "Multiple agents not supported yet. Only one agent allowed.",
       path: ["agents"]
     });
@@ -9694,7 +9886,7 @@ var cliComposeSchema = z37.object({
   if (agentVolumes && agentVolumes.length > 0) {
     if (!config.volumes) {
       ctx.addIssue({
-        code: z37.ZodIssueCode.custom,
+        code: z39.ZodIssueCode.custom,
         message: "Agent references volumes but no volumes section defined. Each volume must have explicit name and version.",
         path: ["volumes"]
       });
@@ -9704,7 +9896,7 @@ var cliComposeSchema = z37.object({
       const parts = volDeclaration.split(":");
       if (parts.length !== 2) {
         ctx.addIssue({
-          code: z37.ZodIssueCode.custom,
+          code: z39.ZodIssueCode.custom,
           message: `Invalid volume declaration: ${volDeclaration}. Expected format: volume-key:/mount/path`,
           path: ["agents", agentName, "volumes"]
         });
@@ -9713,7 +9905,7 @@ var cliComposeSchema = z37.object({
       const volumeKey = parts[0].trim();
       if (!config.volumes[volumeKey]) {
         ctx.addIssue({
-          code: z37.ZodIssueCode.custom,
+          code: z39.ZodIssueCode.custom,
           message: `Volume "${volumeKey}" is not defined in volumes section. Each volume must have explicit name and version.`,
           path: ["volumes", volumeKey]
         });
@@ -10912,7 +11104,7 @@ var composeCommand = new Command7().name("compose").description("Create or updat
         options.autoUpdate = false;
       }
       if (options.autoUpdate !== false) {
-        await startSilentUpgrade("9.72.1");
+        await startSilentUpgrade("9.74.0");
       }
       try {
         let result;
@@ -11668,6 +11860,10 @@ async function pollEvents(runId, options) {
         chalk9.dim(`  (use "vm0 logs ${runId} --system" to view system logs)`)
       );
       result = { succeeded: false, runId };
+    } else if (runStatus === "cancelled") {
+      complete = true;
+      console.error(chalk9.yellow("\n\u2717 Run cancelled"));
+      result = { succeeded: false, runId };
     }
     if (!complete) {
       await new Promise((resolve2) => setTimeout(resolve2, pollIntervalMs));
@@ -11743,7 +11939,7 @@ var mainRunCommand = new Command8().name("run").description("Run an agent").argu
   withErrorHandler(
     async (identifier, prompt, options) => {
       if (options.autoUpdate !== false) {
-        await startSilentUpgrade("9.72.1");
+        await startSilentUpgrade("9.74.0");
       }
       const { org, name, version } = parseIdentifier(identifier);
       let composeId;
@@ -13499,7 +13695,7 @@ var cookAction = new Command35().name("cook").description("Quick start: prepare,
   withErrorHandler(
     async (prompt, options) => {
       if (options.autoUpdate !== false) {
-        const shouldExit = await checkAndUpgrade("9.72.1", prompt);
+        const shouldExit = await checkAndUpgrade("9.74.0", prompt);
         if (shouldExit) {
           process.exit(0);
         }
@@ -14170,7 +14366,7 @@ var ApiClient = class {
   async disableSchedule(params) {
     const baseUrl = await this.getBaseUrl();
     const headers = await this.getHeaders();
-    const client = initClient14(schedulesEnableContract, {
+    const client = initClient14(schedulesDisableContract, {
       baseUrl,
       baseHeaders: headers,
       jsonQuery: false
@@ -14512,7 +14708,17 @@ function formatNetworkRequest(entry) {
   const error = entry.firewall_error ? ` ${chalk36.red(entry.firewall_error)}` : "";
   return `[${entry.timestamp}] ${method.padEnd(6)} ${statusColor(status)} ${latencyColor(latencyMs + "ms")} ${formatBytes(requestSize)}/${formatBytes(responseSize)} ${chalk36.dim(url)}${firewall}${error}`;
 }
+function formatNetworkTcp(entry) {
+  const host = entry.host || "unknown";
+  const port = entry.port || 0;
+  const requestSize = entry.request_size || 0;
+  const responseSize = entry.response_size || 0;
+  const latencyMs = entry.latency_ms || 0;
+  const error = entry.error ? ` ${chalk36.red(entry.error)}` : "";
+  return `[${entry.timestamp}] ${chalk36.blue("TCP")}   ${latencyMs}ms ${formatBytes(requestSize)}/${formatBytes(responseSize)} ${chalk36.dim(`${host}:${port}`)}${error}`;
+}
 function formatNetworkLog(entry) {
+  if (entry.type === "tcp") return formatNetworkTcp(entry);
   if (entry.action === "DENY") return formatNetworkDeny(entry);
   return formatNetworkRequest(entry);
 }
@@ -15863,7 +16069,7 @@ var listCommand9 = new Command65().name("list").alias("ls").description("List al
       );
       return;
     }
-    const nameWidth = Math.max(4, ...data.composes.map((c36) => c36.name.length));
+    const nameWidth = Math.max(4, ...data.composes.map((c38) => c38.name.length));
     const header = ["NAME".padEnd(nameWidth), "VERSION", "UPDATED"].join(
       "  "
     );
@@ -16464,7 +16670,7 @@ async function gatherFrequency(optionFrequency, existingFrequency) {
   if (!isInteractive()) {
     throw new Error("--frequency is required (daily|weekly|monthly|once|loop)");
   }
-  const defaultIndex = existingFrequency ? FREQUENCY_CHOICES.findIndex((c36) => c36.value === existingFrequency) : 0;
+  const defaultIndex = existingFrequency ? FREQUENCY_CHOICES.findIndex((c38) => c38.value === existingFrequency) : 0;
   frequency = await promptSelect(
     "Schedule frequency",
     FREQUENCY_CHOICES,
@@ -16489,7 +16695,7 @@ async function gatherDay(frequency, optionDay, existingDay) {
     throw new Error("--day is required for weekly/monthly");
   }
   if (frequency === "weekly") {
-    const defaultDayIndex = existingDay !== void 0 ? DAY_OF_WEEK_CHOICES.findIndex((c36) => c36.value === existingDay) : 0;
+    const defaultDayIndex = existingDay !== void 0 ? DAY_OF_WEEK_CHOICES.findIndex((c38) => c38.value === existingDay) : 0;
     const day2 = await promptSelect(
       "Day of week",
       DAY_OF_WEEK_CHOICES,
@@ -17939,7 +18145,7 @@ import chalk76 from "chalk";
 var listCommand13 = new Command86().name("list").alias("ls").description("List all connectors and their status").action(
   withErrorHandler(async () => {
     const result = await listConnectors();
-    const connectedMap = new Map(result.connectors.map((c36) => [c36.type, c36]));
+    const connectedMap = new Map(result.connectors.map((c38) => [c38.type, c38]));
     const allTypesRaw = Object.keys(CONNECTOR_TYPES);
     const allTypes = [];
     for (const type2 of allTypesRaw) {
@@ -18500,16 +18706,16 @@ async function handleModelProvider(ctx) {
     const providerType = await step.prompt(
       () => promptSelect(
         "Select provider type:",
-        choices.map((c36) => ({
-          title: c36.label,
-          value: c36.type
+        choices.map((c38) => ({
+          title: c38.label,
+          value: c38.type
         }))
       )
     );
     if (!providerType) {
       process.exit(0);
     }
-    const selectedChoice = choices.find((c36) => c36.type === providerType);
+    const selectedChoice = choices.find((c38) => c38.type === providerType);
     if (selectedChoice?.helpText) {
       for (const line of selectedChoice.helpText.split("\n")) {
         step.detail(chalk82.dim(line));
@@ -18863,13 +19069,13 @@ var upgradeCommand = new Command94().name("upgrade").description("Upgrade vm0 CL
     if (latestVersion === null) {
       throw new Error("Could not check for updates. Please try again later.");
     }
-    if (latestVersion === "9.72.1") {
-      console.log(chalk86.green(`\u2713 Already up to date (${"9.72.1"})`));
+    if (latestVersion === "9.74.0") {
+      console.log(chalk86.green(`\u2713 Already up to date (${"9.74.0"})`));
       return;
     }
     console.log(
       chalk86.yellow(
-        `Current version: ${"9.72.1"} -> Latest version: ${latestVersion}`
+        `Current version: ${"9.74.0"} -> Latest version: ${latestVersion}`
       )
     );
     console.log();
@@ -18896,7 +19102,7 @@ var upgradeCommand = new Command94().name("upgrade").description("Upgrade vm0 CL
     const success = await performUpgrade(packageManager);
     if (success) {
       console.log(
-        chalk86.green(`\u2713 Upgraded from ${"9.72.1"} to ${latestVersion}`)
+        chalk86.green(`\u2713 Upgraded from ${"9.74.0"} to ${latestVersion}`)
       );
       return;
     }
@@ -18970,7 +19176,7 @@ var whoamiCommand = new Command95().name("whoami").description("Show current ide
 
 // src/index.ts
 var program = new Command96();
-program.name("vm0").description("VM0 CLI - Build and run agents with natural language").version("9.72.1");
+program.name("vm0").description("VM0 CLI - Build and run agents with natural language").version("9.74.0");
 program.addCommand(authCommand);
 program.addCommand(infoCommand);
 program.addCommand(composeCommand);