pullfrog 0.1.10 → 0.1.12

package/dist/cli.mjs

@@ -97748,14 +97748,14 @@ var require_turndown_cjs = __commonJS({
         } else if (node2.nodeType === 1) {
           replacement = replacementForNode.call(self2, node2);
         }
-        return join20(output, replacement);
+        return join21(output, replacement);
       }, "");
     }
     function postProcess(output) {
       var self2 = this;
       this.rules.forEach(function(rule) {
         if (typeof rule.append === "function") {
-          output = join20(output, rule.append(self2.options));
+          output = join21(output, rule.append(self2.options));
         }
       });
       return output.replace(/^[\t\r\n]+/, "").replace(/[\t\r\n\s]+$/, "");
@@ -97767,7 +97767,7 @@ var require_turndown_cjs = __commonJS({
       if (whitespace.leading || whitespace.trailing) content = content.trim();
       return whitespace.leading + rule.replacement(content, node2, this.options) + whitespace.trailing;
     }
-    function join20(output, replacement) {
+    function join21(output, replacement) {
       var s1 = trimTrailingNewlines(output);
       var s2 = trimLeadingNewlines(replacement);
       var nls = Math.max(output.length - s1.length, replacement.length - s2.length);
@@ -100664,9 +100664,9 @@ var import_arg2 = __toESM(require_arg(), 1);
 import { dirname as dirname6 } from "node:path";
 
 // main.ts
-import { existsSync as existsSync7, readdirSync } from "node:fs";
+import { existsSync as existsSync7, readdirSync as readdirSync2 } from "node:fs";
 import { readFile as readFile4 } from "node:fs/promises";
-import { join as join19 } from "node:path";
+import { join as join20 } from "node:path";
 
 // node_modules/.pnpm/@ark+util@0.56.0/node_modules/@ark/util/out/arrays.js
 var liftArray = (data) => Array.isArray(data) ? data : [data];
@@ -109727,6 +109727,11 @@ var providers = {
         resolve: "opencode/kimi-k2.6",
         openRouterResolve: "openrouter/moonshotai/kimi-k2.6"
       },
+      "minimax-m2.5": {
+        displayName: "MiniMax M2.5",
+        resolve: "opencode/minimax-m2.5",
+        openRouterResolve: "openrouter/minimax/minimax-m2.5"
+      },
       "gpt-5-nano": {
         displayName: "GPT Nano",
         resolve: "opencode/gpt-5-nano",
@@ -109743,7 +109748,9 @@ var providers = {
         displayName: "MiniMax M2.5",
         resolve: "opencode/minimax-m2.5-free",
         envVars: [],
-        isFree: true
+        isFree: true,
+        fallback: "opencode/big-pickle",
+        hidden: true
       }
     }
   }),
@@ -109761,6 +109768,25 @@ var providers = {
       }
     }
   }),
+  vertex: provider({
+    displayName: "Google Vertex AI",
+    envVars: [
+      "VERTEX_SERVICE_ACCOUNT_JSON",
+      "GOOGLE_CLOUD_PROJECT",
+      "VERTEX_LOCATION",
+      "VERTEX_MODEL_ID"
+    ],
+    models: {
+      // single routing entry — the actual Vertex AI model ID is read from
+      // VERTEX_MODEL_ID at run time. see ModelRouting docs for why we don't
+      // catalog individual Vertex models.
+      byok: {
+        displayName: "Google Vertex AI",
+        resolve: "vertex",
+        routing: "vertex"
+      }
+    }
+  }),
   openrouter: provider({
     displayName: "OpenRouter",
     envVars: ["OPENROUTER_API_KEY"],
@@ -109862,6 +109888,11 @@ var providers = {
         displayName: "Kimi K2",
         resolve: "openrouter/moonshotai/kimi-k2.6",
         openRouterResolve: "openrouter/moonshotai/kimi-k2.6"
+      },
+      "minimax-m2.5": {
+        displayName: "MiniMax M2.5",
+        resolve: "openrouter/minimax/minimax-m2.5",
+        openRouterResolve: "openrouter/minimax/minimax-m2.5"
       }
     }
   })
@@ -109906,6 +109937,11 @@ var modelAliases = Object.entries(providers).flatMap(
     hidden: def.hidden ?? false
   }))
 );
+var defaultProxyAlias = modelAliases.find((a) => a.slug === "moonshotai/kimi-k2");
+if (!defaultProxyAlias?.openRouterResolve) {
+  throw new Error("DEFAULT_PROXY_MODEL: moonshotai/kimi-k2 missing openRouterResolve");
+}
+var DEFAULT_PROXY_MODEL = defaultProxyAlias.openRouterResolve;
 var MAX_FALLBACK_DEPTH = 10;
 function resolveDisplayAlias(slug2) {
   let current = slug2;
@@ -109924,9 +109960,13 @@ function resolveCliModel(slug2) {
   return resolveDisplayAlias(slug2)?.resolve;
 }
 var BEDROCK_MODEL_ID_ENV = "BEDROCK_MODEL_ID";
+var VERTEX_MODEL_ID_ENV = "VERTEX_MODEL_ID";
 function isBedrockAnthropicId(bedrockModelId) {
   return bedrockModelId.toLowerCase().split(/[./:]/).includes("anthropic");
 }
+function isVertexAnthropicId(vertexModelId) {
+  return /^claude-/i.test(vertexModelId.trim());
+}
 
 // utils/buildPullfrogFooter.ts
 var PULLFROG_DIVIDER = "<!-- PULLFROG_DIVIDER_DO_NOT_REMOVE_PLZ -->";
@@ -144209,7 +144249,7 @@ var import_semver = __toESM(require_semver2(), 1);
 // package.json
 var package_default = {
   name: "pullfrog",
-  version: "0.1.10",
+  version: "0.1.12",
   type: "module",
   bin: {
     pullfrog: "dist/cli.mjs",
@@ -144407,8 +144447,8 @@ function closeBrowserDaemon(toolState) {
 
 // mcp/checkout.ts
 import { createHash as createHash2 } from "node:crypto";
-import { statSync, unlinkSync as unlinkSync2, writeFileSync as writeFileSync2 } from "node:fs";
-import { join as join4 } from "node:path";
+import { statSync, unlinkSync as unlinkSync3, writeFileSync as writeFileSync2 } from "node:fs";
+import { join as join5 } from "node:path";
 
 // utils/diffCoverage.ts
 import { isAbsolute, normalize as normalize2, resolve } from "node:path";
@@ -145920,6 +145960,183 @@ async function reportReviewNodeId(ctx, params) {
   await patchWorkflowRunFields(ctx, { reviewNodeId: params.nodeId });
 }
 
+// utils/setup.ts
+import { execFileSync as execFileSync4, execSync as execSync2 } from "node:child_process";
+import { mkdtempSync as mkdtempSync2, readdirSync, realpathSync as realpathSync2, unlinkSync as unlinkSync2 } from "node:fs";
+import { tmpdir as tmpdir2 } from "node:os";
+import { join as join4 } from "node:path";
+function createTempDirectory() {
+  const sharedTempDir = mkdtempSync2(join4(tmpdir2(), "pullfrog-"));
+  process.env.PULLFROG_TEMP_DIR = sharedTempDir;
+  log.info(`\xBB created temp dir at ${sharedTempDir}`);
+  return sharedTempDir;
+}
+function wipeRunnerLeakSurface() {
+  const runnerTemp = process.env.RUNNER_TEMP;
+  if (!runnerTemp) return;
+  const preserve = /* @__PURE__ */ new Set();
+  for (const envVar of [
+    "GITHUB_OUTPUT",
+    "GITHUB_ENV",
+    "GITHUB_PATH",
+    "GITHUB_STATE",
+    "GITHUB_STEP_SUMMARY"
+  ]) {
+    const path3 = process.env[envVar];
+    if (!path3) continue;
+    try {
+      preserve.add(realpathSync2(path3));
+    } catch {
+      preserve.add(path3);
+    }
+  }
+  const wiped = [];
+  const tryUnlink = (path3) => {
+    let resolved = path3;
+    try {
+      resolved = realpathSync2(path3);
+    } catch {
+    }
+    if (preserve.has(resolved) || preserve.has(path3)) return;
+    try {
+      unlinkSync2(path3);
+      wiped.push(path3);
+    } catch {
+    }
+  };
+  const listDir = (dir) => {
+    try {
+      return readdirSync(dir);
+    } catch {
+      return [];
+    }
+  };
+  const fileCommandsDir = join4(runnerTemp, "_runner_file_commands");
+  for (const entry of listDir(fileCommandsDir)) {
+    tryUnlink(join4(fileCommandsDir, entry));
+  }
+  for (const entry of listDir(runnerTemp)) {
+    if (entry.endsWith(".sh") || /^git-credentials-.*\.config$/.test(entry)) {
+      tryUnlink(join4(runnerTemp, entry));
+    }
+  }
+  if (wiped.length > 0) {
+    log.info(`\xBB wiped ${wiped.length} leak-surface file(s) from $RUNNER_TEMP`);
+    log.debug(`\xBB wiped paths: ${wiped.join(", ")}`);
+  }
+}
+function envScopedToRepo() {
+  const scoped = { ...process.env };
+  for (const key of Object.keys(scoped)) {
+    if (key.startsWith("GIT_")) delete scoped[key];
+  }
+  return scoped;
+}
+function removeIncludeIfEntries(repoDir) {
+  const env2 = envScopedToRepo();
+  let configOutput;
+  try {
+    configOutput = execSync2("git config --local --get-regexp -z ^includeif\\.", {
+      cwd: repoDir,
+      encoding: "utf-8",
+      stdio: "pipe",
+      env: env2
+    });
+  } catch {
+    log.debug("\xBB no includeIf credential entries to remove");
+    return;
+  }
+  const seen = /* @__PURE__ */ new Set();
+  for (const entry of configOutput.split("\0")) {
+    if (!entry) continue;
+    const nl = entry.indexOf("\n");
+    const key = nl === -1 ? entry : entry.slice(0, nl);
+    if (!key || seen.has(key)) continue;
+    seen.add(key);
+    try {
+      execFileSync4("git", ["config", "--local", "--unset-all", key], {
+        cwd: repoDir,
+        stdio: "pipe",
+        env: env2
+      });
+    } catch (error49) {
+      log.debug(
+        `\xBB failed to unset ${key}: ${error49 instanceof Error ? error49.message : String(error49)}`
+      );
+    }
+  }
+  if (seen.size > 0)
+    log.info(
+      `\xBB removed ${seen.size} includeIf credential ${seen.size === 1 ? "entry" : "entries"}`
+    );
+}
+async function setupGit(params) {
+  const repoDir = process.cwd();
+  log.info("\xBB setting up git configuration...");
+  try {
+    let currentEmail = "";
+    try {
+      currentEmail = execSync2("git config user.email", {
+        cwd: repoDir,
+        stdio: "pipe",
+        encoding: "utf-8"
+      }).trim();
+    } catch {
+    }
+    const shouldSetDefaults = !currentEmail || currentEmail === "github-actions[bot]@users.noreply.github.com";
+    if (shouldSetDefaults) {
+      execSync2('git config --local user.email "226033991+pullfrog[bot]@users.noreply.github.com"', {
+        cwd: repoDir,
+        stdio: "pipe"
+      });
+      execSync2('git config --local user.name "pullfrog[bot]"', {
+        cwd: repoDir,
+        stdio: "pipe"
+      });
+      log.debug("\xBB git user configured (using defaults)");
+    } else {
+      log.debug(`\xBB git user already configured (${currentEmail}), skipping`);
+    }
+    if (params.shell === "disabled") {
+      execSync2("git config --local core.hooksPath /dev/null", {
+        cwd: repoDir,
+        stdio: "pipe"
+      });
+      log.debug("\xBB git hooks disabled (shell=disabled)");
+    }
+  } catch (error49) {
+    log.info(`Failed to set git config: ${error49 instanceof Error ? error49.message : String(error49)}`);
+  }
+  try {
+    execSync2("git config --local --unset-all http.https://github.com/.extraheader", {
+      cwd: repoDir,
+      stdio: "pipe"
+    });
+    log.info("\xBB removed existing authentication headers");
+  } catch {
+    log.debug("\xBB no existing authentication headers to remove");
+  }
+  removeIncludeIfEntries(repoDir);
+  const originUrl = `https://github.com/${params.owner}/${params.name}.git`;
+  $2("git", ["remote", "set-url", "origin", originUrl], { cwd: repoDir });
+  params.toolState.pushUrl = originUrl;
+  $2("git", ["config", "--local", "credential.helper", ""], { cwd: repoDir });
+  params.toolState.initialHead = captureInitialHead(repoDir);
+  log.info("\xBB git authentication configured");
+}
+function captureInitialHead(repoDir) {
+  try {
+    const name = $2("git", ["symbolic-ref", "--short", "HEAD"], {
+      cwd: repoDir,
+      log: false
+    }).trim();
+    if (name) return { kind: "branch", name };
+  } catch {
+  }
+  const sha = $2("git", ["rev-parse", "HEAD"], { cwd: repoDir, log: false }).trim();
+  return { kind: "detached", sha };
+}
+
 // mcp/checkout.ts
 function formatFilesWithLineNumbers(files) {
   const output = [];
@@ -146094,7 +146311,7 @@ function cleanupStaleGitLocks() {
     }
     if (now - mtimeMs < STALE_LOCK_AGE_MS) continue;
     try {
-      unlinkSync2(relPath);
+      unlinkSync3(relPath);
       log.warning(`\xBB removed stale ${relPath} from prior run`);
     } catch (e) {
       log.debug(
@@ -146253,6 +146470,15 @@ async function checkoutPrBranch(pr, params) {
   return { hookWarning: postCheckoutHook.warning };
 }
 var inFlightCheckouts = /* @__PURE__ */ new Map();
+function headsEqual(a, b) {
+  if (a.kind === "branch" && b.kind === "branch") return a.name === b.name;
+  if (a.kind === "detached" && b.kind === "detached") return a.sha === b.sha;
+  return false;
+}
+function describeHead(h) {
+  if (h.kind === "branch") return `branch \`${h.name}\``;
+  return `detached HEAD \`${h.sha}\``;
+}
 function CheckoutPrTool(ctx) {
   const runCheckout = async (pull_number) => {
     const prResponse = await ctx.octokit.rest.pulls.get({
@@ -146299,7 +146525,7 @@ function CheckoutPrTool(ctx) {
         headSha: ctx.toolState.checkoutSha
       });
       if (incremental) {
-        incrementalDiffPath = join4(
+        incrementalDiffPath = join5(
           tempDir,
           `pr-${pull_number}-${beforeShort}-${headShort}-incremental.diff`
         );
@@ -146313,7 +146539,7 @@ function CheckoutPrTool(ctx) {
     const diffPreview = formatResult.content.split("\n").slice(0, 100).join("\n");
     log.debug(`formatted diff preview (first 100 lines):
 ${diffPreview}`);
-    const diffPath = join4(tempDir, `pr-${pull_number}-${headShort}.diff`);
+    const diffPath = join5(tempDir, `pr-${pull_number}-${headShort}.diff`);
     writeFileSync2(diffPath, formatResult.content);
     log.debug(`wrote diff to ${diffPath} (${formatResult.content.length} bytes)`);
     ctx.toolState.diffCoverage = createDiffCoverageState({
@@ -146380,7 +146606,8 @@ ${diffPreview}`);
   };
   return tool({
     name: "checkout_pr",
-    description: "Checkout a pull request branch locally. This fetches the PR branch and sets up push configuration for fork PRs. Returns diffPath pointing to the formatted diff file. Example: `checkout_pr({ pull_number: 1234 })`. Transient fetch timeouts are common \u2014 retry the same call up to a few times before treating the failure as terminal. If the error mentions `.git/shallow.lock: File exists` or `.git/index.lock: File exists`, that's a stale lock from a prior timed-out fetch \u2014 remove it via the shell tool (`rm -f .git/shallow.lock .git/index.lock`) and retry.",
+    timeoutMs: 6e5,
+    description: "Checkout a pull request branch locally. This fetches the PR branch and sets up push configuration for fork PRs. Returns diffPath pointing to the formatted diff file. Example: `checkout_pr({ pull_number: 1234 })`. Large repos can take several minutes \u2014 wait for the call to finish; do not treat a slow response as failure. If you see `MCP error -32001: Request timed out`, retry the same call without touching git lock files first \u2014 that error is a client-side abort. If the retry then reports `.git/shallow.lock: File exists` or `.git/index.lock: File exists`, remove those lock files via the shell tool and retry again.",
     parameters: CheckoutPr,
     execute: execute(async ({ pull_number }) => {
       const inFlight = inFlightCheckouts.get(pull_number);
@@ -146388,13 +146615,23 @@ ${diffPreview}`);
         log.info(`\xBB checkout_pr({pull_number:${pull_number}}) already in flight \u2014 sharing result`);
         return inFlight;
       }
-      const currentBranch = $2("git", ["rev-parse", "--abbrev-ref", "HEAD"], { log: false }).trim();
-      if (currentBranch !== `pr-${pull_number}`) {
-        const dirty = $2("git", ["status", "--porcelain"], { log: false }).trim();
-        if (dirty) {
-          throw new Error(
-            `cannot checkout PR #${pull_number} while the working tree has uncommitted changes. commit, push, or discard them before switching. dirty paths:
+      const dirty = $2("git", ["status", "--porcelain"], { log: false }).trim();
+      if (dirty) {
+        throw new Error(
+          `cannot checkout PR #${pull_number} while the working tree has uncommitted changes. commit (then push if needed), or discard with \`git restore --staged --worktree .\` / \`git clean -fd\` before retrying. this refusal is unconditional \u2014 even re-checking-out the PR you're already on is refused, because shared-working-tree subagents make carry-forward edits unsafe. dirty paths:
 ${dirty}`
+        );
+      }
+      const initialHead = ctx.toolState.initialHead;
+      if (initialHead) {
+        const currentHead = captureInitialHead(process.cwd());
+        const targetBranch = `pr-${pull_number}`;
+        const onTarget = currentHead.kind === "branch" && currentHead.name === targetBranch;
+        const onInitial = headsEqual(currentHead, initialHead);
+        if (!onTarget && !onInitial) {
+          const recoverCmd = initialHead.kind === "branch" ? `git checkout ${initialHead.name}` : `git checkout ${initialHead.sha}`;
+          throw new Error(
+            `cannot checkout PR #${pull_number} from ${describeHead(currentHead)}. the only sanctioned HEAD positions for checkout_pr are the run-entry HEAD (${describeHead(initialHead)}) or the target PR's branch (\`${targetBranch}\`, idempotent re-checkout). recover with \`${recoverCmd}\` first \u2014 if that would carry uncommitted work along, commit or discard it (\`git restore --staged --worktree .\` / \`git clean -fd\`) before switching. routing around this via the \`git\` tool's \`checkout\`/\`switch\` subcommands is not sanctioned: this guard exists to prevent the shared-working-tree cross-PR clobber pattern from the zed-industries/cloud (2026-05-18) incident.`
           );
         }
       }
@@ -146411,7 +146648,7 @@ ${dirty}`
 
 // mcp/checkSuite.ts
 import { mkdirSync, writeFileSync as writeFileSync3 } from "node:fs";
-import { join as join5 } from "node:path";
+import { join as join6 } from "node:path";
 var GetCheckSuiteLogs = type({
   check_suite_id: type.number.describe("the id from check_suite.id")
 });
@@ -146507,7 +146744,7 @@ function GetCheckSuiteLogsTool(ctx) {
       if (!tempDir) {
         throw new Error("PULLFROG_TEMP_DIR not set");
       }
-      const logsDir = join5(tempDir, "ci-logs");
+      const logsDir = join6(tempDir, "ci-logs");
       mkdirSync(logsDir, { recursive: true });
       const jobResults = [];
       for (const run4 of failedRuns) {
@@ -146534,7 +146771,7 @@ function GetCheckSuiteLogsTool(ctx) {
               );
             }
             const logsText = await logsResult.text();
-            const logPath = join5(logsDir, `job-${job.id}.log`);
+            const logPath = join6(logsDir, `job-${job.id}.log`);
             writeFileSync3(logPath, logsText);
             const analysis = analyzeLog(logsText, 80);
             const failedSteps = job.steps?.filter((s) => s.conclusion === "failure").map((s) => `Step ${s.number}: ${s.name}`) ?? [];
@@ -146584,7 +146821,7 @@ function GetCheckSuiteLogsTool(ctx) {
 
 // mcp/commitInfo.ts
 import { writeFileSync as writeFileSync4 } from "node:fs";
-import { join as join6 } from "node:path";
+import { join as join7 } from "node:path";
 var CommitInfo = type({
   sha: type.string.describe("the commit SHA (full or abbreviated) to fetch")
 });
@@ -146608,7 +146845,7 @@ function CommitInfoTool(ctx) {
           "PULLFROG_TEMP_DIR not set - get_commit_info must run in pullfrog action context"
         );
       }
-      const diffFile = join6(tempDir, `commit-${sha.slice(0, 7)}.diff`);
+      const diffFile = join7(tempDir, `commit-${sha.slice(0, 7)}.diff`);
       writeFileSync4(diffFile, formatResult.content);
       log.debug(`wrote commit diff to ${diffFile} (${formatResult.content.length} bytes)`);
       return {
@@ -147066,7 +147303,7 @@ function PullRequestInfoTool(ctx) {
 
 // mcp/reviewComments.ts
 import { writeFileSync as writeFileSync5 } from "node:fs";
-import { join as join7 } from "node:path";
+import { join as join8 } from "node:path";
 var REVIEW_THREADS_QUERY = `
 query ($owner: String!, $name: String!, $prNumber: Int!) {
   repository(owner: $owner, name: $name) {
@@ -147458,7 +147695,7 @@ function GetReviewCommentsTool(ctx) {
         throw new Error("PULLFROG_TEMP_DIR not set");
       }
       const filename = `review-${params.review_id}-threads.md`;
-      const commentsPath = join7(tempDir, filename);
+      const commentsPath = join8(tempDir, filename);
       writeFileSync5(commentsPath, formatted.content);
       log.debug(`wrote ${threadBlocks.length} threads to ${commentsPath}`);
       return {
@@ -147687,7 +147924,7 @@ import { spawn as spawn4, spawnSync as spawnSync3 } from "node:child_process";
 import { randomUUID as randomUUID2 } from "node:crypto";
 import { closeSync, openSync, writeFileSync as writeFileSync6 } from "node:fs";
 import { userInfo } from "node:os";
-import { join as join8 } from "node:path";
+import { join as join9 } from "node:path";
 import { setTimeout as sleep2 } from "node:timers/promises";
 var ShellParams = type({
   command: "string",
@@ -147820,7 +148057,7 @@ function getTempDir() {
 var MAX_OUTPUT_CHARS = 5e3;
 function capOutput(output) {
   if (output.length <= MAX_OUTPUT_CHARS) return output;
-  const fullPath = join8(getTempDir(), `shell-${randomUUID2().slice(0, 8)}.log`);
+  const fullPath = join9(getTempDir(), `shell-${randomUUID2().slice(0, 8)}.log`);
   writeFileSync6(fullPath, output);
   const elided = output.length - MAX_OUTPUT_CHARS;
   return `... [${elided} chars truncated; full output saved to ${fullPath}] ...
@@ -147835,6 +148072,7 @@ function isGitCommand(command) {
 function ShellTool(ctx) {
   return tool({
     name: "shell",
+    timeoutMs: 12e4,
     description: `Execute shell commands securely. Environment is filtered to remove API keys and secrets.
 
 Example: \`shell({ command: "pnpm test", description: "run the test suite" })\`.
@@ -147874,8 +148112,8 @@ Do NOT use this tool for git commands \u2014 use the dedicated git tools instead
       if (params.background) {
         const tempDir = getTempDir();
         const handle = `bg-${randomUUID2().slice(0, 8)}`;
-        const outputPath = join8(tempDir, `${handle}.log`);
-        const pidPath = join8(tempDir, `${handle}.pid`);
+        const outputPath = join9(tempDir, `${handle}.log`);
+        const pidPath = join9(tempDir, `${handle}.pid`);
         const logFd = openSync(outputPath, "a");
         let proc2;
         try {
@@ -148215,6 +148453,8 @@ var REVIEWER_AGENT_NAME = "reviewfrog";
 var REVIEWER_SYSTEM_PROMPT = `You are a read-only review subagent. Your role is to find flaws in code or artifacts provided by the orchestrator and report findings \u2014 never to modify state.
 
 HARD CONSTRAINTS (non-negotiable, regardless of orchestrator instructions):
+- Your FIRST action MUST be \`git diff origin/<base>\` (single-rev form, no \`HEAD\`). This captures committed + staged + unstaged work in one command \u2014 Build-mode self-review runs BEFORE the commit, so the work to review lives in the working tree, not in committed history. Do not run any other diff command first. Do NOT call \`checkout_pr\`, do NOT fetch alternative refs, do NOT list branches or all-refs looking for the work, do NOT run \`gh pr list\`. The orchestrator's dispatch names the base branch; the diff is the source of truth for scope.
+- If \`git diff origin/<base>\` returns empty AND the orchestrator's dispatch claims there are changes to review, the most likely cause is a pre-commit Build-mode self-review: the orchestrator dispatched you before committing. Reply EXACTLY: \`no changes detected \u2014 likely pre-commit Build self-review; orchestrator should commit then re-dispatch\` and stop. Do NOT guess PR numbers (e.g. by extrapolating from \`git log\` output), do NOT check out other PRs, do NOT fetch from forks. The empty diff is the diagnosis \u2014 surface it; do not work around it.
 - Read-only tools only. Do NOT write or edit files. Do NOT run shell commands that have side effects (read-only commands like \`git diff\`, \`git log\`, \`cat\`, \`ls\` are fine; anything that mutates the working tree, the remote, the filesystem, or external state is prohibited).
 - Do NOT call any state-changing MCP tool. State-changing means: posts a comment, pushes a branch, creates/updates a PR or issue, changes labels, resolves review threads, persists learnings, sets workflow output, installs dependencies, uploads files, kills processes, etc. Read-only MCP queries (\`get_*\`, \`list_*\`, log inspection, diff retrieval) are fine.
 - Do NOT spawn further subagents. You are a leaf reviewer; recursive dispatch pre-aggregates findings through an intermediate model and defeats the design.
@@ -148405,7 +148645,25 @@ function computeModes(agentId) {
 
    Otherwise delegate the \`${REVIEWER_AGENT_NAME}\` subagent to review your diff with fresh eyes against YOUR TASK. The subagent's baked-in system prompt enforces a non-mutative + non-recursive contract: read-only file/search/web tools and read-only MCP queries only; no writes, shell side effects, state-changing MCP calls, or nested subagent dispatch. Enforcement is prose-only \u2014 restate the constraint in your dispatch instructions and do not relax it.
 
-   Provide the subagent with YOUR TASK, the output of \`git diff origin/<base-branch>\` (single-rev form, no \`HEAD\` \u2014 this compares the working tree against the remote base and captures committed + staged + unstaged work; \`main...HEAD\` and \`--cached\` both miss the uncommitted edits Build self-review runs on, since self-review happens BEFORE the commit), and a tight summary (not raw output) of any lint/typecheck/test failures you fixed during build \u2014 what broke, root cause, the fix \u2014 so it can check that fixes addressed root causes rather than suppressed symptoms; say "no build-phase failures" if the build path was clean. Instruct it to flag bugs, logic errors, missing edge cases, gaps between request and diff, and unintended changes.
+   Compose your \`${REVIEWER_AGENT_NAME}\` dispatch prompt using this template verbatim, substituting the \`<...>\` placeholders. The preamble aligns the orchestrator side of the dispatch contract with the reviewer's baked-in system prompt \u2014 both ends say the same thing about where the work lives and what to do on an empty diff.
+
+   \`\`\`
+   ## What you're reviewing
+   This is a PRE-COMMIT Build-mode self-review. The work to review lives in the working tree (uncommitted), NOT in committed history.
+
+   Branch: <branch> (off <base>)
+   Canonical diff command: git diff origin/<base>
+
+   If that command returns empty, treat it as "no changes \u2014 nothing to review" and stop per your system prompt. Do not search for the work elsewhere.
+
+   ## Your task
+   <YOUR TASK content>
+
+   ## Build-phase failures
+   <tight summary \u2014 what broke, root cause, the fix \u2014 or "no build-phase failures">
+   \`\`\`
+
+   Follow the template with the diff content (\`git diff origin/<base-branch>\`, single-rev form \u2014 \`main...HEAD\` and \`--cached\` both miss the uncommitted edits self-review runs on) and your task brief. Instruct the subagent to flag bugs, logic errors, missing edge cases, gaps between request and diff, and unintended changes.
 
    Delegation + research discipline (distilled from \`/anneal\` canonical \u2014 these are codified learnings from many review rounds, not theoretical best practices):
    - Do NOT summarize what you implemented \u2014 that biases the subagent toward validating the shape of your solution rather than questioning it.
@@ -148804,21 +149062,21 @@ function initToolState(params) {
 }
 
 // agents/claude.ts
-import { execFileSync as execFileSync4 } from "node:child_process";
-import { mkdirSync as mkdirSync4, writeFileSync as writeFileSync8 } from "node:fs";
-import { join as join11 } from "node:path";
+import { execFileSync as execFileSync5 } from "node:child_process";
+import { mkdirSync as mkdirSync5, writeFileSync as writeFileSync9 } from "node:fs";
+import { join as join13 } from "node:path";
 import { performance as performance6 } from "node:perf_hooks";
 
 // utils/install.ts
 import { spawnSync as spawnSync4 } from "node:child_process";
 import { chmodSync, createWriteStream, existsSync as existsSync5, mkdirSync as mkdirSync2 } from "node:fs";
-import { join as join9 } from "node:path";
+import { join as join10 } from "node:path";
 import { pipeline } from "node:stream/promises";
 async function installFromNpmTarball(params) {
   const tempDir = process.env.PULLFROG_TEMP_DIR;
   if (!tempDir) throw new Error("PULLFROG_TEMP_DIR is not set");
-  const extractedDir = join9(tempDir, "package");
-  const cliPath = join9(extractedDir, params.executablePath);
+  const extractedDir = join10(tempDir, "package");
+  const cliPath = join10(extractedDir, params.executablePath);
   if (existsSync5(cliPath)) {
     log.debug(`\xBB using cached binary at ${cliPath}`);
     return cliPath;
@@ -148843,7 +149101,7 @@ async function installFromNpmTarball(params) {
     }
   }
   log.debug(`\xBB installing ${params.packageName}@${resolvedVersion}...`);
-  const tarballPath = join9(tempDir, "package.tgz");
+  const tarballPath = join10(tempDir, "package.tgz");
   const npmRegistry = process.env.NPM_REGISTRY || "https://registry.npmjs.org";
   let tarballUrl;
   if (params.packageName.startsWith("@")) {
@@ -148982,16 +149240,16 @@ function isRouterKeylimitExhaustedError(text) {
 // utils/skills.ts
 import { spawnSync as spawnSync5 } from "node:child_process";
 import { existsSync as existsSync6, mkdirSync as mkdirSync3, readFileSync as readFileSync5, writeFileSync as writeFileSync7 } from "node:fs";
-import { tmpdir as tmpdir2 } from "node:os";
-import { dirname as dirname2, join as join10 } from "node:path";
+import { tmpdir as tmpdir3 } from "node:os";
+import { dirname as dirname2, join as join11 } from "node:path";
 import { fileURLToPath } from "node:url";
 var skillsVersion = getDevDependencyVersion("skills");
 var BUNDLED_SKILL_NAMES = ["git-archaeology"];
 function resolveSkillPath(name) {
   const here = dirname2(fileURLToPath(import.meta.url));
   const candidates = [
-    join10(here, "..", "skills", name, "SKILL.md"),
-    join10(here, "skills", name, "SKILL.md")
+    join11(here, "..", "skills", name, "SKILL.md"),
+    join11(here, "skills", name, "SKILL.md")
   ];
   for (const candidate of candidates) {
     if (existsSync6(candidate)) return candidate;
@@ -149003,9 +149261,9 @@ function installBundledSkills(params) {
   for (const name of BUNDLED_SKILL_NAMES) {
     const content = readFileSync5(resolveSkillPath(name), "utf8");
     for (const targetDir of SKILL_TARGET_DIRS) {
-      const skillDir = join10(params.home, targetDir, name);
+      const skillDir = join11(params.home, targetDir, name);
       mkdirSync3(skillDir, { recursive: true });
-      writeFileSync7(join10(skillDir, "SKILL.md"), content);
+      writeFileSync7(join11(skillDir, "SKILL.md"), content);
     }
   }
   log.success(`installed bundled skills: ${BUNDLED_SKILL_NAMES.join(", ")}`);
@@ -149026,7 +149284,7 @@ function addSkill(params) {
       "-y"
     ],
     {
-      cwd: tmpdir2(),
+      cwd: tmpdir3(),
       env: { ...process.env, ...params.env },
       stdio: "pipe",
       timeout: 3e4
@@ -149107,6 +149365,71 @@ var ThinkingTimer = class {
   }
 };
 
+// utils/vertex.ts
+import { randomUUID as randomUUID3 } from "node:crypto";
+import { mkdirSync as mkdirSync4, rmSync as rmSync2, writeFileSync as writeFileSync8 } from "node:fs";
+import { homedir } from "node:os";
+import { join as join12 } from "node:path";
+var VERTEX_SERVICE_ACCOUNT_JSON_ENV = "VERTEX_SERVICE_ACCOUNT_JSON";
+var GOOGLE_APPLICATION_CREDENTIALS_ENV = "GOOGLE_APPLICATION_CREDENTIALS";
+var GOOGLE_CLOUD_PROJECT_ENV = "GOOGLE_CLOUD_PROJECT";
+var VERTEX_LOCATION_ENV = "VERTEX_LOCATION";
+function hasEnvVar(name) {
+  const value2 = process.env[name];
+  return typeof value2 === "string" && value2.length > 0;
+}
+function isVertexRoute(model) {
+  const vertexId = process.env[VERTEX_MODEL_ID_ENV]?.trim();
+  return model !== void 0 && vertexId !== void 0 && vertexId === model;
+}
+function readProjectIdFromVertexServiceAccountJson() {
+  const blob = process.env[VERTEX_SERVICE_ACCOUNT_JSON_ENV];
+  if (!blob) return void 0;
+  try {
+    const parsed2 = JSON.parse(blob);
+    if (!parsed2 || typeof parsed2 !== "object" || !("project_id" in parsed2)) {
+      return void 0;
+    }
+    const projectId = parsed2.project_id;
+    return typeof projectId === "string" && projectId.length > 0 ? projectId : void 0;
+  } catch {
+    return void 0;
+  }
+}
+function createSecretDir() {
+  const base = process.env.PULLFROG_SECRET_HOME || process.env.HOME || homedir();
+  const secretDir = join12(base, ".pullfrog", "secrets", randomUUID3());
+  mkdirSync4(secretDir, { recursive: true, mode: 448 });
+  return secretDir;
+}
+function materializeVertexCredentials(params) {
+  if (!isVertexRoute(params.model)) return void 0;
+  const blob = process.env[VERTEX_SERVICE_ACCOUNT_JSON_ENV];
+  if (!blob) return void 0;
+  const secretDir = createSecretDir();
+  const credentialsPath = join12(secretDir, "vertex-sa.json");
+  writeFileSync8(credentialsPath, blob, { mode: 384 });
+  process.env[GOOGLE_APPLICATION_CREDENTIALS_ENV] = credentialsPath;
+  const projectId = readProjectIdFromVertexServiceAccountJson();
+  if (projectId && !hasEnvVar(GOOGLE_CLOUD_PROJECT_ENV)) {
+    process.env[GOOGLE_CLOUD_PROJECT_ENV] = projectId;
+  }
+  return { credentialsPath, secretDir };
+}
+function cleanupVertexCredentials(credentials) {
+  if (!credentials) return;
+  rmSync2(credentials.secretDir, { recursive: true, force: true });
+  delete process.env[GOOGLE_APPLICATION_CREDENTIALS_ENV];
+}
+function applyClaudeVertexEnv(env2) {
+  env2.CLAUDE_CODE_USE_VERTEX = "1";
+  env2.ANTHROPIC_VERTEX_PROJECT_ID ??= env2[GOOGLE_CLOUD_PROJECT_ENV];
+  env2.CLOUD_ML_REGION ??= env2[VERTEX_LOCATION_ENV];
+}
+function resolveVertexOpenCodeModel(model) {
+  return isVertexRoute(model) && model ? `google-vertex/${model}` : void 0;
+}
+
 // agents/postRun.ts
 import { readFile } from "node:fs/promises";
 function getUnsubmittedReview(toolState) {
@@ -149410,10 +149733,10 @@ async function installClaudeCli() {
   });
 }
 function writeMcpConfig(ctx) {
-  const configDir = join11(ctx.tmpdir, ".claude");
-  mkdirSync4(configDir, { recursive: true });
-  const configPath = join11(configDir, "mcp.json");
-  writeFileSync8(
+  const configDir = join13(ctx.tmpdir, ".claude");
+  mkdirSync5(configDir, { recursive: true });
+  const configPath = join13(configDir, "mcp.json");
+  writeFileSync9(
     configPath,
     JSON.stringify({
       mcpServers: {
@@ -149795,37 +150118,51 @@ ${stderrContext}`
 var MANAGED_SETTINGS_DIR = "/etc/claude-code";
 var MANAGED_SETTINGS_PATH = `${MANAGED_SETTINGS_DIR}/managed-settings.json`;
 var CODEX_AUTH_DENY_PATH = "~/.local/share/opencode/auth.json";
-var managedSettings = {
-  allowManagedPermissionRulesOnly: true,
-  allowManagedHooksOnly: true,
-  permissions: {
-    deny: [
-      "Read(//proc/**)",
-      "Read(//sys/**)",
-      "Grep(//proc/**)",
-      "Grep(//sys/**)",
-      "Edit(//proc/**)",
-      "Edit(//sys/**)",
-      "Glob(//proc/**)",
-      "Glob(//sys/**)",
-      `Read(${CODEX_AUTH_DENY_PATH})`,
-      `Grep(${CODEX_AUTH_DENY_PATH})`,
-      `Edit(${CODEX_AUTH_DENY_PATH})`,
-      `Glob(${CODEX_AUTH_DENY_PATH})`
-    ]
-  },
-  sandbox: {
-    filesystem: {
-      denyRead: ["/proc", "/sys", CODEX_AUTH_DENY_PATH]
+function buildManagedSettings(ctx) {
+  const secretDenyPaths = ctx.secretDenyPaths ?? [];
+  const toolDeny = secretDenyPaths.flatMap((path3) => [
+    `Read(${path3}/**)`,
+    `Read(/${path3}/**)`,
+    `Grep(${path3}/**)`,
+    `Grep(/${path3}/**)`,
+    `Edit(${path3}/**)`,
+    `Edit(/${path3}/**)`,
+    `Glob(${path3}/**)`,
+    `Glob(/${path3}/**)`
+  ]);
+  return {
+    allowManagedPermissionRulesOnly: true,
+    allowManagedHooksOnly: true,
+    permissions: {
+      deny: [
+        "Read(//proc/**)",
+        "Read(//sys/**)",
+        "Grep(//proc/**)",
+        "Grep(//sys/**)",
+        "Edit(//proc/**)",
+        "Edit(//sys/**)",
+        "Glob(//proc/**)",
+        "Glob(//sys/**)",
+        `Read(${CODEX_AUTH_DENY_PATH})`,
+        `Grep(${CODEX_AUTH_DENY_PATH})`,
+        `Edit(${CODEX_AUTH_DENY_PATH})`,
+        `Glob(${CODEX_AUTH_DENY_PATH})`,
+        ...toolDeny
+      ]
+    },
+    sandbox: {
+      filesystem: {
+        denyRead: ["/proc", "/sys", CODEX_AUTH_DENY_PATH, ...secretDenyPaths]
+      }
     }
-  }
-};
-function installManagedSettings() {
+  };
+}
+function installManagedSettings(ctx) {
   if (process.env.CI !== "true") return;
-  const content = JSON.stringify(managedSettings, null, 2);
+  const content = JSON.stringify(buildManagedSettings(ctx), null, 2);
   try {
-    execFileSync4("sudo", ["mkdir", "-p", MANAGED_SETTINGS_DIR]);
-    execFileSync4("sudo", ["tee", MANAGED_SETTINGS_PATH], {
+    execFileSync5("sudo", ["mkdir", "-p", MANAGED_SETTINGS_DIR]);
+    execFileSync5("sudo", ["tee", MANAGED_SETTINGS_PATH], {
       input: content,
       stdio: ["pipe", "ignore", "pipe"]
     });
@@ -149842,23 +150179,25 @@ var claude = agent({
     const specifier = ctx.payload.proxyModel ?? ctx.resolvedModel;
     const bedrockModelId = process.env[BEDROCK_MODEL_ID_ENV]?.trim();
     const isBedrockRoute = specifier !== void 0 && bedrockModelId !== void 0 && bedrockModelId === specifier && isBedrockAnthropicId(specifier);
-    const model = !specifier ? void 0 : isBedrockRoute ? specifier : stripProviderPrefix(specifier);
+    const vertexModelId = process.env[VERTEX_MODEL_ID_ENV]?.trim();
+    const isVertexRoute2 = specifier !== void 0 && vertexModelId !== void 0 && vertexModelId === specifier && isVertexAnthropicId(specifier);
+    const model = !specifier ? void 0 : isBedrockRoute ? specifier : isVertexRoute2 ? void 0 : stripProviderPrefix(specifier);
     const homeEnv = {
       HOME: ctx.tmpdir,
-      XDG_CONFIG_HOME: join11(ctx.tmpdir, ".config")
+      XDG_CONFIG_HOME: join13(ctx.tmpdir, ".config")
     };
-    mkdirSync4(join11(homeEnv.XDG_CONFIG_HOME, "claude"), { recursive: true });
+    mkdirSync5(join13(homeEnv.XDG_CONFIG_HOME, "claude"), { recursive: true });
     const agentBrowserVersion = getDevDependencyVersion("agent-browser");
     addSkill({
       ref: `vercel-labs/agent-browser@v${agentBrowserVersion}`,
       skill: "agent-browser",
       env: homeEnv,
-      agent: "claude"
+      agent: "claude-code"
     });
     installBundledSkills({ home: homeEnv.HOME });
     const mcpConfigPath = writeMcpConfig(ctx);
     const effort = resolveEffort(model);
-    installManagedSettings();
+    installManagedSettings(ctx);
     const baseArgs = [
       cliPath,
       "--output-format",
@@ -149886,6 +150225,10 @@ var claude = agent({
     if (isBedrockRoute) {
       env2.CLAUDE_CODE_USE_BEDROCK = "1";
     }
+    if (isVertexRoute2) {
+      applyClaudeVertexEnv(env2);
+      env2.ANTHROPIC_MODEL = specifier;
+    }
     if (env2.CLAUDE_CODE_OAUTH_TOKEN && !isBedrockRoute && env2.ANTHROPIC_API_KEY) {
       log.debug(
         "\xBB CLAUDE_CODE_OAUTH_TOKEN present \u2014 stripping ANTHROPIC_API_KEY from Claude Code env so the OAuth subscription is used"
@@ -149927,8 +150270,8 @@ var claude = agent({
 
 // agents/opencode_v2.ts
 var core2 = __toESM(require_core(), 1);
-import { mkdirSync as mkdirSync6, writeFileSync as writeFileSync10 } from "node:fs";
-import { join as join13 } from "node:path";
+import { mkdirSync as mkdirSync7, writeFileSync as writeFileSync11 } from "node:fs";
+import { join as join15 } from "node:path";
 import { performance as performance7 } from "node:perf_hooks";
 
 // utils/agentHangReport.ts
@@ -150027,9 +150370,9 @@ function formatBillingExhaustedBody(diagnostic) {
 }
 
 // utils/codexHome.ts
-import { mkdirSync as mkdirSync5, writeFileSync as writeFileSync9 } from "node:fs";
-import { homedir } from "node:os";
-import { join as join12 } from "node:path";
+import { mkdirSync as mkdirSync6, writeFileSync as writeFileSync10 } from "node:fs";
+import { homedir as homedir2 } from "node:os";
+import { join as join14 } from "node:path";
 var CODEX_AUTH_ENV = "CODEX_AUTH_JSON";
 function installCodexAuth() {
   const raw2 = process.env[CODEX_AUTH_ENV];
@@ -150039,9 +150382,9 @@ function installCodexAuth() {
     log.warning(`\xBB ${CODEX_AUTH_ENV} present but malformed; ignoring`);
     return null;
   }
-  const xdgDataHome = join12(homedir(), ".local", "share");
-  const opencodeDir = join12(xdgDataHome, "opencode");
-  const authPath = join12(opencodeDir, "auth.json");
+  const xdgDataHome = join14(homedir2(), ".local", "share");
+  const opencodeDir = join14(xdgDataHome, "opencode");
+  const authPath = join14(opencodeDir, "auth.json");
   const opencodeAuth = {
     openai: {
       type: "oauth",
@@ -150054,8 +150397,8 @@ function installCodexAuth() {
       ...blob.tokens.account_id ? { accountId: blob.tokens.account_id } : {}
     }
   };
-  mkdirSync5(opencodeDir, { recursive: true });
-  writeFileSync9(authPath, `${JSON.stringify(opencodeAuth, null, 2)}
+  mkdirSync6(opencodeDir, { recursive: true });
+  writeFileSync10(authPath, `${JSON.stringify(opencodeAuth, null, 2)}
 `, { mode: 384 });
   log.info(`\xBB installed Codex auth at ${authPath}`);
   return { authPath, xdgDataHome, originalRefresh: blob.tokens.refresh_token };
@@ -150169,7 +150512,7 @@ export default async function pullfrogEventsPlugin() {
 `;
 
 // agents/opencodeShared.ts
-import { execFileSync as execFileSync5 } from "node:child_process";
+import { execFileSync as execFileSync6 } from "node:child_process";
 
 // agents/subagentModels.ts
 function deriveSubagentModels(orchestratorSpec) {
@@ -150218,7 +150561,7 @@ async function installOpencodeCli(params) {
 var AUTO_SELECT_WARNING = "select a model explicitly in the Pullfrog console (https://pullfrog.com/console) to avoid this.";
 function getOpenCodeModels(cliPath) {
   try {
-    const output = execFileSync5(cliPath, ["models"], {
+    const output = execFileSync6(cliPath, ["models"], {
       encoding: "utf-8",
       timeout: 3e4,
       env: process.env
@@ -150711,16 +151054,17 @@ var opencode = agent({
     const rawModel = ctx.payload.proxyModel ?? ctx.resolvedModel ?? autoSelectModel(cliPath);
     const bedrockModelId = process.env[BEDROCK_MODEL_ID_ENV]?.trim();
     const isBedrockRoute = rawModel !== void 0 && bedrockModelId !== void 0 && bedrockModelId === rawModel;
-    const model = isBedrockRoute ? `amazon-bedrock/${rawModel}` : rawModel;
+    const vertexModel = resolveVertexOpenCodeModel(rawModel);
+    const model = vertexModel ?? (isBedrockRoute ? `amazon-bedrock/${rawModel}` : rawModel);
     const homeEnv = {
       HOME: ctx.tmpdir,
-      XDG_CONFIG_HOME: join13(ctx.tmpdir, ".config")
+      XDG_CONFIG_HOME: join15(ctx.tmpdir, ".config")
     };
-    mkdirSync6(join13(homeEnv.XDG_CONFIG_HOME, "opencode"), { recursive: true });
-    const opencodePluginDir = join13(homeEnv.XDG_CONFIG_HOME, "opencode", "plugin");
-    mkdirSync6(opencodePluginDir, { recursive: true });
-    writeFileSync10(
-      join13(opencodePluginDir, PULLFROG_OPENCODE_PLUGIN_FILENAME),
+    mkdirSync7(join15(homeEnv.XDG_CONFIG_HOME, "opencode"), { recursive: true });
+    const opencodePluginDir = join15(homeEnv.XDG_CONFIG_HOME, "opencode", "plugin");
+    mkdirSync7(opencodePluginDir, { recursive: true });
+    writeFileSync11(
+      join15(opencodePluginDir, PULLFROG_OPENCODE_PLUGIN_FILENAME),
       PULLFROG_OPENCODE_PLUGIN_SOURCE
     );
     const agentBrowserVersion = getDevDependencyVersion("agent-browser");
@@ -150790,15 +151134,18 @@ var opencode = agent({
 var agents = { claude, opencode };
 
 // utils/agent.ts
-function hasEnvVar(name) {
+function hasEnvVar2(name) {
   const val = process.env[name];
   return typeof val === "string" && val.length > 0;
 }
 function hasClaudeCodeAuth() {
-  return hasEnvVar("CLAUDE_CODE_OAUTH_TOKEN") || hasEnvVar("ANTHROPIC_API_KEY");
+  return hasEnvVar2("CLAUDE_CODE_OAUTH_TOKEN") || hasEnvVar2("ANTHROPIC_API_KEY");
 }
 function hasBedrockAuth() {
-  return hasEnvVar("AWS_BEARER_TOKEN_BEDROCK") || hasEnvVar("AWS_ACCESS_KEY_ID") && hasEnvVar("AWS_SECRET_ACCESS_KEY");
+  return hasEnvVar2("AWS_BEARER_TOKEN_BEDROCK") || hasEnvVar2("AWS_ACCESS_KEY_ID") && hasEnvVar2("AWS_SECRET_ACCESS_KEY");
+}
+function hasVertexAuth() {
+  return hasEnvVar2(VERTEX_SERVICE_ACCOUNT_JSON_ENV);
 }
 function resolveSlug(slug2) {
   const alias = resolveDisplayAlias(slug2);
@@ -150806,11 +151153,20 @@ function resolveSlug(slug2) {
     const bedrockId = process.env[BEDROCK_MODEL_ID_ENV]?.trim();
     if (!bedrockId) {
       throw new Error(
-        `${BEDROCK_MODEL_ID_ENV} env var is required when the model is set to "${slug2}". set it to an AWS Bedrock model ID (e.g. "us.anthropic.claude-opus-4-7", "amazon.nova-pro-v1:0"). see https://docs.pullfrog.com/bedrock for setup.`
+        `${BEDROCK_MODEL_ID_ENV} env var is required when the model is set to "${slug2}". set it to an AWS Bedrock model ID from the Bedrock console. see https://docs.pullfrog.com/bedrock for setup.`
       );
     }
     return bedrockId;
   }
+  if (alias?.routing === "vertex") {
+    const vertexId = process.env[VERTEX_MODEL_ID_ENV]?.trim();
+    if (!vertexId) {
+      throw new Error(
+        `${VERTEX_MODEL_ID_ENV} env var is required when the model is set to "${slug2}". set it to a Google Vertex AI model ID from Model Garden. see https://docs.pullfrog.com/vertex for setup.`
+      );
+    }
+    return vertexId;
+  }
   return resolveCliModel(slug2);
 }
 function resolveModel(ctx) {
@@ -150838,6 +151194,9 @@ function resolveAgent(ctx) {
   if (ctx.model && hasBedrockAuth() && process.env[BEDROCK_MODEL_ID_ENV]?.trim() === ctx.model) {
     return isBedrockAnthropicId(ctx.model) ? agents.claude : agents.opencode;
   }
+  if (ctx.model && hasVertexAuth() && process.env[VERTEX_MODEL_ID_ENV]?.trim() === ctx.model) {
+    return isVertexAnthropicId(ctx.model) ? agents.claude : agents.opencode;
+  }
   if (ctx.model) {
     try {
       const provider2 = getModelProvider(ctx.model);
@@ -150878,26 +151237,51 @@ add the missing secret(s) to your GitHub repository at ${githubSecretsUrl}, then
 
 for full setup instructions, see https://docs.pullfrog.com/bedrock`;
 }
-function hasEnvVar2(name) {
+function buildVertexSetupError(params) {
+  const githubSecretsUrl = `https://github.com/${params.owner}/${params.name}/settings/secrets/actions`;
+  return `Google Vertex AI model selected but required configuration is missing: ${params.missing.join(", ")}.
+
+add the missing secret(s) to your GitHub repository at ${githubSecretsUrl}, then reference them in your workflow's \`env:\` block:
+
+  ${VERTEX_SERVICE_ACCOUNT_JSON_ENV}: \${{ secrets.${VERTEX_SERVICE_ACCOUNT_JSON_ENV} }}
+  ${GOOGLE_CLOUD_PROJECT_ENV}: my-project
+  ${VERTEX_LOCATION_ENV}: global
+  ${VERTEX_MODEL_ID_ENV}: <vertex-model-id>
+
+for full setup instructions, see https://docs.pullfrog.com/vertex`;
+}
+function hasEnvVar3(name) {
   const value2 = process.env[name];
   return typeof value2 === "string" && value2.length > 0;
 }
 function hasProviderKey(model) {
   const requiredVars = getModelEnvVars(model);
   if (requiredVars.length === 0) return true;
-  return requiredVars.some((v) => hasEnvVar2(v));
+  return requiredVars.some((v) => hasEnvVar3(v));
 }
 function validateBedrockSetup(params) {
-  const hasAuth = hasEnvVar2("AWS_BEARER_TOKEN_BEDROCK") || hasEnvVar2("AWS_ACCESS_KEY_ID") && hasEnvVar2("AWS_SECRET_ACCESS_KEY");
+  const hasAuth = hasEnvVar3("AWS_BEARER_TOKEN_BEDROCK") || hasEnvVar3("AWS_ACCESS_KEY_ID") && hasEnvVar3("AWS_SECRET_ACCESS_KEY");
   const missing = [];
   if (!hasAuth)
     missing.push("AWS_BEARER_TOKEN_BEDROCK (or AWS_ACCESS_KEY_ID + AWS_SECRET_ACCESS_KEY)");
-  if (!hasEnvVar2("AWS_REGION")) missing.push("AWS_REGION");
-  if (!hasEnvVar2(BEDROCK_MODEL_ID_ENV)) missing.push(BEDROCK_MODEL_ID_ENV);
+  if (!hasEnvVar3("AWS_REGION")) missing.push("AWS_REGION");
+  if (!hasEnvVar3(BEDROCK_MODEL_ID_ENV)) missing.push(BEDROCK_MODEL_ID_ENV);
   if (missing.length > 0) {
     throw new Error(buildBedrockSetupError({ owner: params.owner, name: params.name, missing }));
   }
 }
+function validateVertexSetup(params) {
+  const hasAuth = hasEnvVar3(VERTEX_SERVICE_ACCOUNT_JSON_ENV);
+  const hasProject = hasEnvVar3(GOOGLE_CLOUD_PROJECT_ENV) || readProjectIdFromVertexServiceAccountJson() !== void 0;
+  const missing = [];
+  if (!hasAuth) missing.push(VERTEX_SERVICE_ACCOUNT_JSON_ENV);
+  if (!hasProject) missing.push(GOOGLE_CLOUD_PROJECT_ENV);
+  if (!hasEnvVar3(VERTEX_LOCATION_ENV)) missing.push(VERTEX_LOCATION_ENV);
+  if (!hasEnvVar3(VERTEX_MODEL_ID_ENV)) missing.push(VERTEX_MODEL_ID_ENV);
+  if (missing.length > 0) {
+    throw new Error(buildVertexSetupError({ owner: params.owner, name: params.name, missing }));
+  }
+}
 function validateAgentApiKey(params) {
   if (params.model) {
     const alias = resolveDisplayAlias(params.model);
@@ -150905,16 +151289,24 @@ function validateAgentApiKey(params) {
       validateBedrockSetup({ owner: params.owner, name: params.name });
       return;
     }
+    if (alias?.routing === "vertex") {
+      validateVertexSetup({ owner: params.owner, name: params.name });
+      return;
+    }
     if (!params.model.includes("/")) {
+      if (process.env[VERTEX_MODEL_ID_ENV]?.trim() === params.model) {
+        validateVertexSetup({ owner: params.owner, name: params.name });
+        return;
+      }
       validateBedrockSetup({ owner: params.owner, name: params.name });
       return;
     }
     const requiredVars = getModelEnvVars(params.model);
     if (requiredVars.length === 0) return;
-    if (requiredVars.some((v) => hasEnvVar2(v))) return;
+    if (requiredVars.some((v) => hasEnvVar3(v))) return;
     throw new Error(buildMissingApiKeyError({ owner: params.owner, name: params.name }));
   }
-  const hasAnyKey = [...knownApiKeys].some((k) => hasEnvVar2(k));
+  const hasAnyKey = [...knownApiKeys].some((k) => hasEnvVar3(k));
   if (!hasAnyKey) {
     throw new Error(buildMissingApiKeyError({ owner: params.owner, name: params.name }));
   }
@@ -151034,7 +151426,7 @@ async function fetchBodyHtml(ctx) {
 }
 
 // utils/byokFallback.ts
-var FREE_FALLBACK_SLUG = "opencode/minimax-m2.5-free";
+var FREE_FALLBACK_SLUG = "opencode/big-pickle";
 function selectFallbackModelIfNeeded(input) {
   if (input.proxyModel) return { fallback: false };
   if (!input.resolvedModel) return { fallback: false };
@@ -151049,10 +151441,10 @@ function selectFallbackModelIfNeeded(input) {
 }
 
 // utils/gitAuthServer.ts
-import { randomUUID as randomUUID3 } from "node:crypto";
-import { writeFileSync as writeFileSync11 } from "node:fs";
+import { randomUUID as randomUUID4 } from "node:crypto";
+import { writeFileSync as writeFileSync12 } from "node:fs";
 import { createServer as createServer2 } from "node:http";
-import { join as join14 } from "node:path";
+import { join as join16 } from "node:path";
 var CODE_TTL_MS = 5 * 60 * 1e3;
 var TAMPER_WINDOW_MS = 6e4;
 function revokeGitHubToken(token) {
@@ -151112,7 +151504,7 @@ async function startGitAuthServer(tmpdir4) {
   const port = rawAddr.port;
   log.debug(`git auth server listening on 127.0.0.1:${port}`);
   function register4(token) {
-    const code = randomUUID3();
+    const code = randomUUID4();
     const timeout = setTimeout(() => {
       codes.delete(code);
       log.debug(`git auth code expired: ${code.slice(0, 8)}...`);
@@ -151122,9 +151514,9 @@ async function startGitAuthServer(tmpdir4) {
     return code;
   }
   function writeAskpassScript(code) {
-    const scriptId = randomUUID3();
+    const scriptId = randomUUID4();
     const scriptName = `askpass-${scriptId}.js`;
-    const scriptPath = join14(tmpdir4, scriptName);
+    const scriptPath = join16(tmpdir4, scriptName);
     const content = [
       `#!/usr/bin/env node`,
       `var a=process.argv[2]||"";`,
@@ -151139,7 +151531,7 @@ async function startGitAuthServer(tmpdir4) {
       `try{require("fs").unlinkSync("${scriptPath.replace(/\\/g, "\\\\")}")}catch(e){}`,
       `})}).on("error",function(){process.exit(1)})}`
     ].join("\n");
-    writeFileSync11(scriptPath, content, { mode: 448 });
+    writeFileSync12(scriptPath, content, { mode: 448 });
     return scriptPath;
   }
   async function close() {
@@ -151163,7 +151555,7 @@ async function startGitAuthServer(tmpdir4) {
 var core3 = __toESM(require_core(), 1);
 import { createSign } from "node:crypto";
 import { rename, writeFile } from "node:fs/promises";
-import { dirname as dirname3, join as join15 } from "node:path";
+import { dirname as dirname3, join as join17 } from "node:path";
 
 // node_modules/.pnpm/@octokit+plugin-throttling@11.0.3_@octokit+core@7.0.5/node_modules/@octokit/plugin-throttling/dist-bundle/index.js
 var import_light = __toESM(require_light(), 1);
@@ -155021,7 +155413,7 @@ function getGitHubUsageSummary() {
 }
 async function writeGitHubUsageSummaryToFile(path3) {
   const summary2 = getGitHubUsageSummary();
-  const tmpPath = join15(dirname3(path3), `.usage-summary-${process.pid}.tmp`);
+  const tmpPath = join17(dirname3(path3), `.usage-summary-${process.pid}.tmp`);
   await writeFile(tmpPath, JSON.stringify(summary2));
   await rename(tmpPath, path3);
 }
@@ -155072,7 +155464,7 @@ function createOctokit(token) {
 }
 
 // utils/instructions.ts
-import { execSync as execSync2 } from "node:child_process";
+import { execSync as execSync3 } from "node:child_process";
 function buildRuntimeContext(ctx) {
   const {
     "~pullfrog": _2,
@@ -155084,7 +155476,7 @@ function buildRuntimeContext(ctx) {
   } = ctx.payload;
   let gitStatus;
   try {
-    gitStatus = execSync2("git status --short", { encoding: "utf-8", stdio: "pipe" }).trim() || "(clean)";
+    gitStatus = execSync3("git status --short", { encoding: "utf-8", stdio: "pipe" }).trim() || "(clean)";
   } catch {
   }
   const data = {
@@ -155421,7 +155813,7 @@ function resolveInstructions(ctx) {
 
 // utils/learnings.ts
 import { mkdir, readFile as readFile2, writeFile as writeFile2 } from "node:fs/promises";
-import { dirname as dirname4, join as join16 } from "node:path";
+import { dirname as dirname4, join as join18 } from "node:path";
 
 // utils/learningsTruncate.ts
 var MAX_LEARNINGS_LENGTH = 1e5;
@@ -155438,7 +155830,7 @@ function truncateAtLineBoundary(body, cap) {
 // utils/learnings.ts
 var LEARNINGS_FILE_NAME = "pullfrog-learnings.md";
 function learningsFilePath(tmpdir4) {
-  return join16(tmpdir4, LEARNINGS_FILE_NAME);
+  return join18(tmpdir4, LEARNINGS_FILE_NAME);
 }
 async function seedLearningsFile(params) {
   const path3 = learningsFilePath(params.tmpdir);
@@ -156118,7 +156510,7 @@ async function runProxyResolution(ctx) {
 
 // utils/prSummary.ts
 import { mkdir as mkdir2, readFile as readFile3, writeFile as writeFile3 } from "node:fs/promises";
-import { dirname as dirname5, join as join17 } from "node:path";
+import { dirname as dirname5, join as join19 } from "node:path";
 var SUMMARY_FILE_NAME = "pullfrog-summary.md";
 var SUMMARY_SCAFFOLD = `# PR summary
 
@@ -156128,7 +156520,7 @@ var SUMMARY_SCAFFOLD = `# PR summary
 var MIN_SNAPSHOT_LENGTH = 60;
 var MAX_SNAPSHOT_LENGTH = 32768;
 function summaryFilePath(tmpdir4) {
-  return join17(tmpdir4, SUMMARY_FILE_NAME);
+  return join19(tmpdir4, SUMMARY_FILE_NAME);
 }
 async function seedSummaryFile(params) {
   const path3 = summaryFilePath(params.tmpdir);
@@ -156322,6 +156714,16 @@ async function resolveRunContextData(params) {
 }
 
 // utils/runErrorRenderer.ts
+function isProviderModelNotFoundError(message) {
+  return message.includes("ProviderModelNotFoundError");
+}
+function formatProviderModelNotFoundSummary(input) {
+  return `Pullfrog's free fallback model is no longer available in OpenCode's catalog. Add an API key for your configured model in the Pullfrog console for \`${input.owner}/${input.name}\`, or contact support if this persists.
+
+\`\`\`
+${input.raw}
+\`\`\``;
+}
 function renderRunError(input) {
   const billingError = isRouterKeylimitExhaustedError(input.errorMessage) ? new BillingError(input.errorMessage, { code: "router_keylimit_exhausted" }) : null;
   if (billingError) {
@@ -156343,6 +156745,14 @@ function renderRunError(input) {
   if (apiKeyErrorSummary) {
     return { summary: apiKeyErrorSummary, comment: apiKeyErrorSummary };
   }
+  if (isProviderModelNotFoundError(input.errorMessage)) {
+    const body = formatProviderModelNotFoundSummary({
+      owner: input.repo.owner,
+      name: input.repo.name,
+      raw: input.errorMessage
+    });
+    return { summary: body, comment: body };
+  }
   if (hangBody) {
     return {
       summary: `### \u274C Pullfrog failed
@@ -156444,16 +156854,17 @@ async function persistRunArtifacts(toolContext) {
 }
 async function finalizeSuccessRun(input) {
   await persistRunArtifacts(input.toolContext);
-  if (!input.result.success && input.toolState.progressComment) {
-    const rawError = input.result.error || "agent run failed";
-    const errorBody = isApiKeyAuthError(rawError) ? formatApiKeyErrorSummary({
-      owner: input.repo.owner,
-      name: input.repo.name,
-      raw: rawError
-    }) : rawError;
-    await reportErrorToComment({ toolState: input.toolState, error: errorBody }).catch((error49) => {
-      log.debug(`failure error report failed: ${error49}`);
-    });
+  const rendered = !input.result.success ? renderRunError({
+    errorMessage: input.result.error || "agent run failed",
+    repo: input.repo,
+    agentDiagnostic: input.toolState.agentDiagnostic
+  }) : null;
+  if (rendered && input.toolState.progressComment) {
+    await reportErrorToComment({ toolState: input.toolState, error: rendered.comment }).catch(
+      (error49) => {
+        log.debug(`failure error report failed: ${error49}`);
+      }
+    );
   }
   if (input.result.success && input.toolState.progressComment && !input.toolState.finalSummaryWritten) {
     await deleteProgressComment(input.toolContext).catch((error49) => {
@@ -156463,7 +156874,7 @@ async function finalizeSuccessRun(input) {
   try {
     const usageSummary = formatUsageSummary(input.toolState.usageEntries);
     const body = input.toolState.lastProgressBody || input.result.output;
-    const parts = [body, usageSummary].filter(Boolean);
+    const parts = [rendered?.summary, body, usageSummary].filter(Boolean);
     if (parts.length > 0) {
       await writeSummary(parts.join("\n\n"));
     }
@@ -156548,116 +156959,6 @@ function logRunStartup(ctx) {
   log.info(`\xBB timeout: ${resolveTimeoutForLog(ctx.payload.timeout)}`);
 }
 
-// utils/setup.ts
-import { execFileSync as execFileSync6, execSync as execSync3 } from "node:child_process";
-import { mkdtempSync as mkdtempSync2 } from "node:fs";
-import { tmpdir as tmpdir3 } from "node:os";
-import { join as join18 } from "node:path";
-function createTempDirectory() {
-  const sharedTempDir = mkdtempSync2(join18(tmpdir3(), "pullfrog-"));
-  process.env.PULLFROG_TEMP_DIR = sharedTempDir;
-  log.info(`\xBB created temp dir at ${sharedTempDir}`);
-  return sharedTempDir;
-}
-function envScopedToRepo() {
-  const scoped = { ...process.env };
-  for (const key of Object.keys(scoped)) {
-    if (key.startsWith("GIT_")) delete scoped[key];
-  }
-  return scoped;
-}
-function removeIncludeIfEntries(repoDir) {
-  const env2 = envScopedToRepo();
-  let configOutput;
-  try {
-    configOutput = execSync3("git config --local --get-regexp -z ^includeif\\.", {
-      cwd: repoDir,
-      encoding: "utf-8",
-      stdio: "pipe",
-      env: env2
-    });
-  } catch {
-    log.debug("\xBB no includeIf credential entries to remove");
-    return;
-  }
-  const seen = /* @__PURE__ */ new Set();
-  for (const entry of configOutput.split("\0")) {
-    if (!entry) continue;
-    const nl = entry.indexOf("\n");
-    const key = nl === -1 ? entry : entry.slice(0, nl);
-    if (!key || seen.has(key)) continue;
-    seen.add(key);
-    try {
-      execFileSync6("git", ["config", "--local", "--unset-all", key], {
-        cwd: repoDir,
-        stdio: "pipe",
-        env: env2
-      });
-    } catch (error49) {
-      log.debug(
-        `\xBB failed to unset ${key}: ${error49 instanceof Error ? error49.message : String(error49)}`
-      );
-    }
-  }
-  if (seen.size > 0)
-    log.info(
-      `\xBB removed ${seen.size} includeIf credential ${seen.size === 1 ? "entry" : "entries"}`
-    );
-}
-async function setupGit(params) {
-  const repoDir = process.cwd();
-  log.info("\xBB setting up git configuration...");
-  try {
-    let currentEmail = "";
-    try {
-      currentEmail = execSync3("git config user.email", {
-        cwd: repoDir,
-        stdio: "pipe",
-        encoding: "utf-8"
-      }).trim();
-    } catch {
-    }
-    const shouldSetDefaults = !currentEmail || currentEmail === "github-actions[bot]@users.noreply.github.com";
-    if (shouldSetDefaults) {
-      execSync3('git config --local user.email "226033991+pullfrog[bot]@users.noreply.github.com"', {
-        cwd: repoDir,
-        stdio: "pipe"
-      });
-      execSync3('git config --local user.name "pullfrog[bot]"', {
-        cwd: repoDir,
-        stdio: "pipe"
-      });
-      log.debug("\xBB git user configured (using defaults)");
-    } else {
-      log.debug(`\xBB git user already configured (${currentEmail}), skipping`);
-    }
-    if (params.shell === "disabled") {
-      execSync3("git config --local core.hooksPath /dev/null", {
-        cwd: repoDir,
-        stdio: "pipe"
-      });
-      log.debug("\xBB git hooks disabled (shell=disabled)");
-    }
-  } catch (error49) {
-    log.info(`Failed to set git config: ${error49 instanceof Error ? error49.message : String(error49)}`);
-  }
-  try {
-    execSync3("git config --local --unset-all http.https://github.com/.extraheader", {
-      cwd: repoDir,
-      stdio: "pipe"
-    });
-    log.info("\xBB removed existing authentication headers");
-  } catch {
-    log.debug("\xBB no existing authentication headers to remove");
-  }
-  removeIncludeIfEntries(repoDir);
-  const originUrl = `https://github.com/${params.owner}/${params.name}.git`;
-  $2("git", ["remote", "set-url", "origin", originUrl], { cwd: repoDir });
-  params.toolState.pushUrl = originUrl;
-  $2("git", ["config", "--local", "credential.helper", ""], { cwd: repoDir });
-  log.info("\xBB git authentication configured");
-}
-
 // utils/todoTracking.ts
 function isValidTodoStatus(value2) {
   return value2 === "pending" || value2 === "in_progress" || value2 === "completed" || value2 === "cancelled";
@@ -156865,6 +157166,7 @@ async function main() {
       toolState.beforeSha = payload.event.before_sha;
     }
     const tokenRef = __using(_stack2, await resolveTokens({ push: payload.push }), true);
+    wipeRunnerLeakSurface();
     const oidcCredentials = process.env.ACTIONS_ID_TOKEN_REQUEST_URL && process.env.ACTIONS_ID_TOKEN_REQUEST_TOKEN ? {
       requestUrl: process.env.ACTIONS_ID_TOKEN_REQUEST_URL,
       requestToken: process.env.ACTIONS_ID_TOKEN_REQUEST_TOKEN
@@ -156886,6 +157188,7 @@ async function main() {
     let toolContext;
     let progressCallbackDisabled = false;
     let todoTracker;
+    let vertexCredentials;
     try {
       var _stack = [];
       try {
@@ -156920,6 +157223,7 @@ async function main() {
           );
           toolState.modelFallback = { from: fallback.from };
         }
+        vertexCredentials = materializeVertexCredentials({ model: resolvedModel });
         const agent2 = resolveAgent({ model: resolvedModel });
         toolState.model = payload.proxyModel ?? resolvedModel ?? effectiveSlug;
         validateAgentApiKey({
@@ -157031,8 +157335,8 @@ ${instructions.user}` : null,
           log.info(instructions.full);
         });
         if (agentId === "opencode") {
-          const pluginDir = join19(process.cwd(), ".opencode", "plugin");
-          const hasPlugins = existsSync7(pluginDir) && readdirSync(pluginDir).some((f) => /\.[jt]sx?$/.test(f));
+          const pluginDir = join20(process.cwd(), ".opencode", "plugin");
+          const hasPlugins = existsSync7(pluginDir) && readdirSync2(pluginDir).some((f) => /\.[jt]sx?$/.test(f));
           if (hasPlugins && toolState.dependencyInstallation?.promise) {
             log.info(
               "\xBB .opencode/plugin/ detected \u2014 awaiting dependency installation before agent start"
@@ -157087,6 +157391,7 @@ ${instructions.user}` : null,
           resolvedModel,
           mcpServerUrl: mcpHttpServer.url,
           tmpdir: tmpdir4,
+          secretDenyPaths: vertexCredentials ? [vertexCredentials.secretDir] : [],
           instructions,
           todoTracker,
           stopScript: runContext.repoSettings.stopScript,
@@ -157190,6 +157495,7 @@ ${instructions.user}` : null,
           await patchWorkflowRunFields(toolContext, patch);
         }
       }
+      cleanupVertexCredentials(vertexCredentials);
     }
   } catch (_3) {
     var _error2 = _3, _hasError2 = true;
@@ -158078,7 +158384,7 @@ async function run2() {
 }
 
 // cli.ts
-var VERSION10 = "0.1.10";
+var VERSION10 = "0.1.12";
 var bin = basename2(process.argv[1] || "");
 var PROG = bin === "pf" || bin === "pullfrog" ? bin : "pullfrog";
 var rawArgs = process.argv.slice(2);