pullfrog 0.1.10 → 0.1.12

package/dist/internal/index.d.ts

@@ -3,7 +3,7 @@
  * Re-exports shared types, values, and utilities needed by the Next.js app.
  */
 export type { AuthorPermission, ModelAlias, ModelProvider, Payload, PayloadEvent, ProviderConfig, PushPermission, ShellPermission, ToolPermission, WriteablePayload, } from "../external.ts";
-export { getModelEnvVars, getModelManagedCredentials, getModelProvider, getProviderDisplayName, modelAliases, parseModel, providers, pullfrogMcpName, resolveCliModel, resolveDisplayAlias, resolveModelSlug, resolveOpenRouterModel, } from "../external.ts";
+export { DEFAULT_PROXY_MODEL, getModelEnvVars, getModelManagedCredentials, getModelProvider, getProviderDisplayName, modelAliases, parseModel, providers, pullfrogMcpName, resolveCliModel, resolveDisplayAlias, resolveModelSlug, resolveOpenRouterModel, } from "../external.ts";
 export type { Mode } from "../modes.ts";
 export { modes } from "../modes.ts";
 export type { BuildPullfrogFooterParams, WorkflowRunFooterInfo, } from "../utils/buildPullfrogFooter.ts";

package/dist/internal.js

@@ -257,6 +257,11 @@ var providers = {
         resolve: "opencode/kimi-k2.6",
         openRouterResolve: "openrouter/moonshotai/kimi-k2.6"
       },
+      "minimax-m2.5": {
+        displayName: "MiniMax M2.5",
+        resolve: "opencode/minimax-m2.5",
+        openRouterResolve: "openrouter/minimax/minimax-m2.5"
+      },
       "gpt-5-nano": {
         displayName: "GPT Nano",
         resolve: "opencode/gpt-5-nano",
@@ -273,7 +278,9 @@ var providers = {
         displayName: "MiniMax M2.5",
         resolve: "opencode/minimax-m2.5-free",
         envVars: [],
-        isFree: true
+        isFree: true,
+        fallback: "opencode/big-pickle",
+        hidden: true
       }
     }
   }),
@@ -291,6 +298,25 @@ var providers = {
       }
     }
   }),
+  vertex: provider({
+    displayName: "Google Vertex AI",
+    envVars: [
+      "VERTEX_SERVICE_ACCOUNT_JSON",
+      "GOOGLE_CLOUD_PROJECT",
+      "VERTEX_LOCATION",
+      "VERTEX_MODEL_ID"
+    ],
+    models: {
+      // single routing entry — the actual Vertex AI model ID is read from
+      // VERTEX_MODEL_ID at run time. see ModelRouting docs for why we don't
+      // catalog individual Vertex models.
+      byok: {
+        displayName: "Google Vertex AI",
+        resolve: "vertex",
+        routing: "vertex"
+      }
+    }
+  }),
   openrouter: provider({
     displayName: "OpenRouter",
     envVars: ["OPENROUTER_API_KEY"],
@@ -392,6 +418,11 @@ var providers = {
         displayName: "Kimi K2",
         resolve: "openrouter/moonshotai/kimi-k2.6",
         openRouterResolve: "openrouter/moonshotai/kimi-k2.6"
+      },
+      "minimax-m2.5": {
+        displayName: "MiniMax M2.5",
+        resolve: "openrouter/minimax/minimax-m2.5",
+        openRouterResolve: "openrouter/minimax/minimax-m2.5"
       }
     }
   })
@@ -445,6 +476,11 @@ var modelAliases = Object.entries(providers).flatMap(
     hidden: def.hidden ?? false
   }))
 );
+var defaultProxyAlias = modelAliases.find((a) => a.slug === "moonshotai/kimi-k2");
+if (!defaultProxyAlias?.openRouterResolve) {
+  throw new Error("DEFAULT_PROXY_MODEL: moonshotai/kimi-k2 missing openRouterResolve");
+}
+var DEFAULT_PROXY_MODEL = defaultProxyAlias.openRouterResolve;
 function resolveModelSlug(slug) {
   return modelAliases.find((a) => a.slug === slug)?.resolve;
 }
@@ -668,7 +704,25 @@ function computeModes(agentId) {
 
    Otherwise delegate the \`${REVIEWER_AGENT_NAME}\` subagent to review your diff with fresh eyes against YOUR TASK. The subagent's baked-in system prompt enforces a non-mutative + non-recursive contract: read-only file/search/web tools and read-only MCP queries only; no writes, shell side effects, state-changing MCP calls, or nested subagent dispatch. Enforcement is prose-only \u2014 restate the constraint in your dispatch instructions and do not relax it.
 
-   Provide the subagent with YOUR TASK, the output of \`git diff origin/<base-branch>\` (single-rev form, no \`HEAD\` \u2014 this compares the working tree against the remote base and captures committed + staged + unstaged work; \`main...HEAD\` and \`--cached\` both miss the uncommitted edits Build self-review runs on, since self-review happens BEFORE the commit), and a tight summary (not raw output) of any lint/typecheck/test failures you fixed during build \u2014 what broke, root cause, the fix \u2014 so it can check that fixes addressed root causes rather than suppressed symptoms; say "no build-phase failures" if the build path was clean. Instruct it to flag bugs, logic errors, missing edge cases, gaps between request and diff, and unintended changes.
+   Compose your \`${REVIEWER_AGENT_NAME}\` dispatch prompt using this template verbatim, substituting the \`<...>\` placeholders. The preamble aligns the orchestrator side of the dispatch contract with the reviewer's baked-in system prompt \u2014 both ends say the same thing about where the work lives and what to do on an empty diff.
+
+   \`\`\`
+   ## What you're reviewing
+   This is a PRE-COMMIT Build-mode self-review. The work to review lives in the working tree (uncommitted), NOT in committed history.
+
+   Branch: <branch> (off <base>)
+   Canonical diff command: git diff origin/<base>
+
+   If that command returns empty, treat it as "no changes \u2014 nothing to review" and stop per your system prompt. Do not search for the work elsewhere.
+
+   ## Your task
+   <YOUR TASK content>
+
+   ## Build-phase failures
+   <tight summary \u2014 what broke, root cause, the fix \u2014 or "no build-phase failures">
+   \`\`\`
+
+   Follow the template with the diff content (\`git diff origin/<base-branch>\`, single-rev form \u2014 \`main...HEAD\` and \`--cached\` both miss the uncommitted edits self-review runs on) and your task brief. Instruct the subagent to flag bugs, logic errors, missing edge cases, gaps between request and diff, and unintended changes.
 
    Delegation + research discipline (distilled from \`/anneal\` canonical \u2014 these are codified learnings from many review rounds, not theoretical best practices):
    - Do NOT summarize what you implemented \u2014 that biases the subagent toward validating the shape of your solution rather than questioning it.
@@ -1235,6 +1289,7 @@ function isValidTimeString(input) {
   return parseTimeString(input) !== null;
 }
 export {
+  DEFAULT_PROXY_MODEL,
   LEAPING_INTO_ACTION_PREFIX,
   MAX_LEARNINGS_LENGTH,
   PULLFROG_DIVIDER,

package/dist/mcp/checkout.d.ts

@@ -48,7 +48,7 @@ export type CheckoutPrResult = {
  * this is the core diff formatting logic, extracted for testability.
  */
 export declare function fetchAndFormatPrDiff(ctx: ToolContext, pullNumber: number): Promise<FetchAndFormatPrDiffResult>;
-import type { GitContext } from "../utils/setup.ts";
+import { type GitContext } from "../utils/setup.ts";
 export type PrData = {
     number: number;
     headSha: string;

package/dist/models.d.ts

@@ -10,15 +10,17 @@
  *
  * `"bedrock"` means the actual model ID comes from `BEDROCK_MODEL_ID`
  * (an AWS-canonical Bedrock model ID like `us.anthropic.claude-opus-4-7`
- * or `amazon.nova-pro-v1:0`). enterprise Bedrock customers self-select for
- * version control — silent alias bumps would break compliance review,
- * model-access enrollment, and provisioned-throughput contracts. so the
- * single `bedrock/byok` entry is a routing slug, not a model alias: the
- * harness reads `BEDROCK_MODEL_ID` and routes to claude-code (when the ID
- * contains "anthropic") or opencode (everything else, with an
- * `amazon-bedrock/` prefix).
+ * or `amazon.nova-pro-v1:0`). `"vertex"` means the actual model ID comes
+ * from `VERTEX_MODEL_ID` (a Vertex AI model ID like
+ * `claude-opus-4-1@20250805` or `gemini-2.5-pro`). enterprise hosted-model
+ * customers self-select for version control — silent alias bumps would break
+ * compliance review, model-access enrollment, and provisioned-throughput
+ * contracts. so the single `bedrock/byok` and `vertex/byok` entries are
+ * routing slugs, not model aliases: the harness reads the backend-specific
+ * env var and routes to claude-code for Anthropic IDs or opencode for
+ * everything else.
  */
-export type ModelRouting = "bedrock";
+export type ModelRouting = "bedrock" | "vertex";
 export interface ModelAlias {
     /** stable alias stored in DB, e.g. "anthropic/claude-opus" */
     slug: string;
@@ -84,6 +86,7 @@ export declare const providers: {
     moonshotai: ProviderConfig;
     opencode: ProviderConfig;
     bedrock: ProviderConfig;
+    vertex: ProviderConfig;
     openrouter: ProviderConfig;
 };
 export type ModelProvider = keyof typeof providers;
@@ -100,6 +103,7 @@ export declare function getModelEnvVars(slug: string): string[];
  * see `provider.managedCredentials` and wiki/codex-auth.md. */
 export declare function getModelManagedCredentials(slug: string): string[];
 export declare const modelAliases: ModelAlias[];
+export declare const DEFAULT_PROXY_MODEL: string;
 /** resolve a model slug to its concrete models.dev specifier (e.g. "anthropic/claude-opus-4-6") */
 export declare function resolveModelSlug(slug: string): string | undefined;
 /**
@@ -127,6 +131,8 @@ export declare function resolveCliModel(slug: string): string | undefined;
 export declare function resolveOpenRouterModel(slug: string): string | undefined;
 /** env var that supplies the Bedrock model ID for the `bedrock/byok` slug. */
 export declare const BEDROCK_MODEL_ID_ENV = "BEDROCK_MODEL_ID";
+/** env var that supplies the Vertex AI model ID for the `vertex/byok` slug. */
+export declare const VERTEX_MODEL_ID_ENV = "VERTEX_MODEL_ID";
 /**
  * the Bedrock model ID passed to claude-code or opencode is whatever the
  * user set in `BEDROCK_MODEL_ID` — Pullfrog never resolves or upgrades it.
@@ -153,4 +159,11 @@ export declare const BEDROCK_MODEL_ID_ENV = "BEDROCK_MODEL_ID";
  * include the foundation segment in the profile name.
  */
 export declare function isBedrockAnthropicId(bedrockModelId: string): boolean;
+/**
+ * Vertex Anthropic model IDs start with the Claude family name, e.g.
+ * `claude-opus-4-1@20250805`. partner-model resource paths can contain the
+ * substring "anthropic" elsewhere, so the Bedrock segment check does not
+ * transfer — anchor on the model ID prefix instead.
+ */
+export declare function isVertexAnthropicId(vertexModelId: string): boolean;
 export {};

package/dist/toolState.d.ts

@@ -57,6 +57,13 @@ export type CommentableLines = {
 export interface ToolState {
     pushUrl?: string;
     pushDest?: StoredPushDest;
+    initialHead?: {
+        kind: "branch";
+        name: string;
+    } | {
+        kind: "detached";
+        sha: string;
+    };
     issueNumber?: number;
     checkoutSha?: string;
     commentableLinesByFile?: Map<string, CommentableLines>;

package/dist/utils/byokFallback.d.ts

@@ -2,15 +2,14 @@
  * Slug we fall back to when a BYOK-required model is configured but the
  * runner has no provider key in env. Picked because it's free
  * (`isFree: true`, `envVars: []` — see `action/models.ts`), stable, and
- * currently the strongest free OpenCode model in the catalog. If a
- * smarter free model is added later, update this single constant.
+ * currently served by OpenCode Zen without a key.
  *
  * The slug is intentionally hard-coded and not a config knob — the
  * fallback is a safety net, not a user-facing preference, and adding a
  * config surface here would just push the same "what to fall back to"
  * decision into another setting that goes stale the same way.
  */
-export declare const FREE_FALLBACK_SLUG = "opencode/minimax-m2.5-free";
+export declare const FREE_FALLBACK_SLUG = "opencode/big-pickle";
 export type FallbackDecision = {
     fallback: false;
 } | {

package/dist/utils/codexHome.d.ts

@@ -13,11 +13,3 @@ export interface InstalledCodexAuth {
  * returns null when the env var is absent, malformed, or wrong auth mode —
  * caller treats null as "no codex auth, fall through to API key flow". */
 export declare function installCodexAuth(): InstalledCodexAuth | null;
-/** convert an on-disk OpenCode auth.json back to the Codex CLI shape so the
- * post-hook can write it to the Pullfrog secret store. returns null when the
- * file's `openai` entry is missing, has the wrong type, or hasn't actually
- * refreshed (refresh token unchanged from `originalRefresh`). */
-export declare function detectCodexRefresh(params: {
-    authFileContent: string;
-    originalRefresh: string;
-}): string | null;

package/dist/utils/runLifecycle.d.ts

@@ -24,7 +24,7 @@
 import type { AgentResult } from "../agents/shared.ts";
 import type { ToolContext } from "../mcp/server.ts";
 import type { ToolState } from "../toolState.ts";
-import type { RenderedRunError } from "./runErrorRenderer.ts";
+import { type RenderedRunError } from "./runErrorRenderer.ts";
 /**
  * Best-effort cleanup shared by both run-end paths:
  *   1. post-review cleanup (dispatch follow-up re-review on submitted reviews)
@@ -40,9 +40,12 @@ export declare function persistRunArtifacts(toolContext: ToolContext): Promise<v
  *
  *   1. shared best-effort cleanup via `persistRunArtifacts`
  *   2. when the harness returned `success=false` (e.g. unsubmitted-review
- *      gate exhausted retries, stop-hook persistently failing), surface
- *      the error in the progress comment so the user sees it instead of a
- *      deleted-comment void
+ *      gate exhausted retries, stop-hook persistently failing), render via
+ *      `renderRunError` and surface the error in BOTH the progress comment
+ *      (rendered.comment) and the Actions job summary (rendered.summary,
+ *      prepended below in step 4) — same classifier as the catch path so
+ *      the user sees it instead of a deleted-comment void / empty summary
+ *      tab
  *   3. when the run succeeded and the progress comment was never finalized
  *      via `report_progress`, delete it (three sub-cases — orphan
  *      "Leaping into action" comment, abandoned checklist, agent wrote

package/dist/utils/setup.d.ts

@@ -8,6 +8,32 @@ export interface SetupOptions {
  * Create a shared temp directory for the action
  */
 export declare function createTempDirectory(): string;
+/**
+ * snapshot-and-delete the GHA runner's known credential leak surfaces inside
+ * `$RUNNER_TEMP` before the agent spawns. without this, a shell-capable agent
+ * can grep:
+ *   - `_runner_file_commands/set_output_*` for `core.setOutput('token', ghs_…)`
+ *     calls made by earlier composite-action steps (e.g.
+ *     pullfrog/pullfrog/get-installation-token);
+ *   - `<uuid>.sh` rendered step scripts whose `run: |` body embeds
+ *     `${{ steps.token.outputs.token }}` literally (GHA expands BEFORE writing);
+ *   - `git-credentials-*.config` written by `actions/checkout@v6` for the
+ *     workflow GITHUB_TOKEN.
+ *
+ * the running bash process already has its own `.sh` open via fd, so the
+ * unlink is safe — `unlink` removes the dirent, the kernel keeps reading.
+ *
+ * preserves every `_runner_file_commands/` file path the runner pre-allocated
+ * for OUR step — `$GITHUB_OUTPUT`, `$GITHUB_ENV`, `$GITHUB_PATH`,
+ * `$GITHUB_STATE`, `$GITHUB_STEP_SUMMARY`. those are read by the runner
+ * AFTER we exit (or by our own `post:` hook), and wiping them would break
+ * pullfrog's `result` output, `post:` state handoff, and job summary.
+ *
+ * silent no-op when `$RUNNER_TEMP` is unset (local dev, `pnpm play`).
+ * per-file errors are tolerated — the runner may delete files between
+ * our readdir and our unlink.
+ */
+export declare function wipeRunnerLeakSurface(): void;
 /**
  * Setup the test repository for running actions
  */
@@ -44,3 +70,21 @@ export type SetupGitParams = GitContext;
  * it is assumed to be potentially exfiltratable, so it has limited scope.
  */
 export declare function setupGit(params: SetupGitParams): Promise<void>;
+/**
+ * snapshot the current HEAD as either a branch name (when on a named branch)
+ * or a literal SHA (when detached). used by setupGit to pin the run-entry
+ * position and by checkout_pr to compare the live HEAD against it.
+ *
+ * splitting the two cases is load-bearing: `git rev-parse --abbrev-ref HEAD`
+ * returns the sentinel string `"HEAD"` on detached entry — which is the
+ * default `actions/checkout` state for `pull_request` events. storing that
+ * raw string would make any future detached state (including a subagent's
+ * `git checkout --detach <sha>`) compare equal.
+ */
+export declare function captureInitialHead(repoDir: string): {
+    kind: "branch";
+    name: string;
+} | {
+    kind: "detached";
+    sha: string;
+};

package/dist/utils/vertex.d.ts

@@ -0,0 +1,16 @@
+export declare const VERTEX_SERVICE_ACCOUNT_JSON_ENV = "VERTEX_SERVICE_ACCOUNT_JSON";
+export declare const GOOGLE_APPLICATION_CREDENTIALS_ENV = "GOOGLE_APPLICATION_CREDENTIALS";
+export declare const GOOGLE_CLOUD_PROJECT_ENV = "GOOGLE_CLOUD_PROJECT";
+export declare const VERTEX_LOCATION_ENV = "VERTEX_LOCATION";
+export type VertexCredentials = {
+    credentialsPath: string;
+    secretDir: string;
+};
+export declare function isVertexRoute(model: string | undefined): boolean;
+export declare function readProjectIdFromVertexServiceAccountJson(): string | undefined;
+export declare function materializeVertexCredentials(params: {
+    model: string | undefined;
+}): VertexCredentials | undefined;
+export declare function cleanupVertexCredentials(credentials: VertexCredentials | undefined): void;
+export declare function applyClaudeVertexEnv(env: Record<string, string | undefined>): void;
+export declare function resolveVertexOpenCodeModel(model: string | undefined): string | undefined;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "pullfrog",
-  "version": "0.1.10",
+  "version": "0.1.12",
   "type": "module",
   "bin": {
     "pullfrog": "dist/cli.mjs",