pullfrog 0.1.9 → 0.1.11

package/dist/agents/shared.d.ts

@@ -90,6 +90,8 @@ export interface AgentRunContext {
     resolvedModel?: string | undefined;
     mcpServerUrl: string;
     tmpdir: string;
+    /** harness-owned secret paths that agent filesystem tools must never read. */
+    secretDenyPaths?: string[] | undefined;
     instructions: ResolvedInstructions;
     todoTracker?: TodoTracker | undefined;
     /**

package/dist/cli.mjs

@@ -97748,14 +97748,14 @@ var require_turndown_cjs = __commonJS({
         } else if (node2.nodeType === 1) {
           replacement = replacementForNode.call(self2, node2);
         }
-        return join20(output, replacement);
+        return join21(output, replacement);
       }, "");
     }
     function postProcess(output) {
       var self2 = this;
       this.rules.forEach(function(rule) {
         if (typeof rule.append === "function") {
-          output = join20(output, rule.append(self2.options));
+          output = join21(output, rule.append(self2.options));
         }
       });
       return output.replace(/^[\t\r\n]+/, "").replace(/[\t\r\n\s]+$/, "");
@@ -97767,7 +97767,7 @@ var require_turndown_cjs = __commonJS({
       if (whitespace.leading || whitespace.trailing) content = content.trim();
       return whitespace.leading + rule.replacement(content, node2, this.options) + whitespace.trailing;
     }
-    function join20(output, replacement) {
+    function join21(output, replacement) {
       var s1 = trimTrailingNewlines(output);
       var s2 = trimLeadingNewlines(replacement);
       var nls = Math.max(output.length - s1.length, replacement.length - s2.length);
@@ -100666,7 +100666,7 @@ import { dirname as dirname6 } from "node:path";
 // main.ts
 import { existsSync as existsSync7, readdirSync } from "node:fs";
 import { readFile as readFile4 } from "node:fs/promises";
-import { join as join19 } from "node:path";
+import { join as join20 } from "node:path";
 
 // node_modules/.pnpm/@ark+util@0.56.0/node_modules/@ark/util/out/arrays.js
 var liftArray = (data) => Array.isArray(data) ? data : [data];
@@ -109761,6 +109761,25 @@ var providers = {
       }
     }
   }),
+  vertex: provider({
+    displayName: "Google Vertex AI",
+    envVars: [
+      "VERTEX_SERVICE_ACCOUNT_JSON",
+      "GOOGLE_CLOUD_PROJECT",
+      "VERTEX_LOCATION",
+      "VERTEX_MODEL_ID"
+    ],
+    models: {
+      // single routing entry — the actual Vertex AI model ID is read from
+      // VERTEX_MODEL_ID at run time. see ModelRouting docs for why we don't
+      // catalog individual Vertex models.
+      byok: {
+        displayName: "Google Vertex AI",
+        resolve: "vertex",
+        routing: "vertex"
+      }
+    }
+  }),
   openrouter: provider({
     displayName: "OpenRouter",
     envVars: ["OPENROUTER_API_KEY"],
@@ -109924,9 +109943,13 @@ function resolveCliModel(slug2) {
   return resolveDisplayAlias(slug2)?.resolve;
 }
 var BEDROCK_MODEL_ID_ENV = "BEDROCK_MODEL_ID";
+var VERTEX_MODEL_ID_ENV = "VERTEX_MODEL_ID";
 function isBedrockAnthropicId(bedrockModelId) {
   return bedrockModelId.toLowerCase().split(/[./:]/).includes("anthropic");
 }
+function isVertexAnthropicId(vertexModelId) {
+  return /^claude-/i.test(vertexModelId.trim());
+}
 
 // utils/buildPullfrogFooter.ts
 var PULLFROG_DIVIDER = "<!-- PULLFROG_DIVIDER_DO_NOT_REMOVE_PLZ -->";
@@ -144209,7 +144232,7 @@ var import_semver = __toESM(require_semver2(), 1);
 // package.json
 var package_default = {
   name: "pullfrog",
-  version: "0.1.9",
+  version: "0.1.11",
   type: "module",
   bin: {
     pullfrog: "dist/cli.mjs",
@@ -148805,8 +148828,8 @@ function initToolState(params) {
 
 // agents/claude.ts
 import { execFileSync as execFileSync4 } from "node:child_process";
-import { mkdirSync as mkdirSync4, writeFileSync as writeFileSync8 } from "node:fs";
-import { join as join11 } from "node:path";
+import { mkdirSync as mkdirSync5, writeFileSync as writeFileSync9 } from "node:fs";
+import { join as join12 } from "node:path";
 import { performance as performance6 } from "node:perf_hooks";
 
 // utils/install.ts
@@ -149107,6 +149130,70 @@ var ThinkingTimer = class {
   }
 };
 
+// utils/vertex.ts
+import { randomUUID as randomUUID3 } from "node:crypto";
+import { mkdirSync as mkdirSync4, rmSync as rmSync2, writeFileSync as writeFileSync8 } from "node:fs";
+import { homedir } from "node:os";
+import { join as join11 } from "node:path";
+var VERTEX_SERVICE_ACCOUNT_JSON_ENV = "VERTEX_SERVICE_ACCOUNT_JSON";
+var GOOGLE_APPLICATION_CREDENTIALS_ENV = "GOOGLE_APPLICATION_CREDENTIALS";
+var GOOGLE_CLOUD_PROJECT_ENV = "GOOGLE_CLOUD_PROJECT";
+var VERTEX_LOCATION_ENV = "VERTEX_LOCATION";
+function hasEnvVar(name) {
+  const value2 = process.env[name];
+  return typeof value2 === "string" && value2.length > 0;
+}
+function isVertexRoute(model) {
+  const vertexId = process.env[VERTEX_MODEL_ID_ENV]?.trim();
+  return model !== void 0 && vertexId !== void 0 && vertexId === model;
+}
+function readProjectIdFromVertexServiceAccountJson() {
+  const blob = process.env[VERTEX_SERVICE_ACCOUNT_JSON_ENV];
+  if (!blob) return void 0;
+  try {
+    const parsed2 = JSON.parse(blob);
+    if (!parsed2 || typeof parsed2 !== "object" || !("project_id" in parsed2)) {
+      return void 0;
+    }
+    const projectId = parsed2.project_id;
+    return typeof projectId === "string" && projectId.length > 0 ? projectId : void 0;
+  } catch {
+    return void 0;
+  }
+}
+function createSecretDir() {
+  const base = process.env.PULLFROG_SECRET_HOME || process.env.HOME || homedir();
+  const secretDir = join11(base, ".pullfrog", "secrets", randomUUID3());
+  mkdirSync4(secretDir, { recursive: true, mode: 448 });
+  return secretDir;
+}
+function materializeVertexCredentials(params) {
+  if (!isVertexRoute(params.model)) return void 0;
+  const blob = process.env[VERTEX_SERVICE_ACCOUNT_JSON_ENV];
+  if (!blob) return void 0;
+  const secretDir = createSecretDir();
+  const credentialsPath = join11(secretDir, "vertex-sa.json");
+  writeFileSync8(credentialsPath, blob, { mode: 384 });
+  process.env[GOOGLE_APPLICATION_CREDENTIALS_ENV] = credentialsPath;
+  const projectId = readProjectIdFromVertexServiceAccountJson();
+  if (projectId && !hasEnvVar(GOOGLE_CLOUD_PROJECT_ENV)) {
+    process.env[GOOGLE_CLOUD_PROJECT_ENV] = projectId;
+  }
+  return { credentialsPath, secretDir };
+}
+function cleanupVertexCredentials(credentials) {
+  if (!credentials) return;
+  rmSync2(credentials.secretDir, { recursive: true, force: true });
+}
+function applyClaudeVertexEnv(env2) {
+  env2.CLAUDE_CODE_USE_VERTEX = "1";
+  env2.ANTHROPIC_VERTEX_PROJECT_ID ??= env2[GOOGLE_CLOUD_PROJECT_ENV];
+  env2.CLOUD_ML_REGION ??= env2[VERTEX_LOCATION_ENV];
+}
+function resolveVertexOpenCodeModel(model) {
+  return isVertexRoute(model) && model ? `google-vertex/${model}` : void 0;
+}
+
 // agents/postRun.ts
 import { readFile } from "node:fs/promises";
 function getUnsubmittedReview(toolState) {
@@ -149410,10 +149497,10 @@ async function installClaudeCli() {
   });
 }
 function writeMcpConfig(ctx) {
-  const configDir = join11(ctx.tmpdir, ".claude");
-  mkdirSync4(configDir, { recursive: true });
-  const configPath = join11(configDir, "mcp.json");
-  writeFileSync8(
+  const configDir = join12(ctx.tmpdir, ".claude");
+  mkdirSync5(configDir, { recursive: true });
+  const configPath = join12(configDir, "mcp.json");
+  writeFileSync9(
     configPath,
     JSON.stringify({
       mcpServers: {
@@ -149795,34 +149882,48 @@ ${stderrContext}`
 var MANAGED_SETTINGS_DIR = "/etc/claude-code";
 var MANAGED_SETTINGS_PATH = `${MANAGED_SETTINGS_DIR}/managed-settings.json`;
 var CODEX_AUTH_DENY_PATH = "~/.local/share/opencode/auth.json";
-var managedSettings = {
-  allowManagedPermissionRulesOnly: true,
-  allowManagedHooksOnly: true,
-  permissions: {
-    deny: [
-      "Read(//proc/**)",
-      "Read(//sys/**)",
-      "Grep(//proc/**)",
-      "Grep(//sys/**)",
-      "Edit(//proc/**)",
-      "Edit(//sys/**)",
-      "Glob(//proc/**)",
-      "Glob(//sys/**)",
-      `Read(${CODEX_AUTH_DENY_PATH})`,
-      `Grep(${CODEX_AUTH_DENY_PATH})`,
-      `Edit(${CODEX_AUTH_DENY_PATH})`,
-      `Glob(${CODEX_AUTH_DENY_PATH})`
-    ]
-  },
-  sandbox: {
-    filesystem: {
-      denyRead: ["/proc", "/sys", CODEX_AUTH_DENY_PATH]
+function buildManagedSettings(ctx) {
+  const secretDenyPaths = ctx.secretDenyPaths ?? [];
+  const toolDeny = secretDenyPaths.flatMap((path3) => [
+    `Read(${path3}/**)`,
+    `Read(/${path3}/**)`,
+    `Grep(${path3}/**)`,
+    `Grep(/${path3}/**)`,
+    `Edit(${path3}/**)`,
+    `Edit(/${path3}/**)`,
+    `Glob(${path3}/**)`,
+    `Glob(/${path3}/**)`
+  ]);
+  return {
+    allowManagedPermissionRulesOnly: true,
+    allowManagedHooksOnly: true,
+    permissions: {
+      deny: [
+        "Read(//proc/**)",
+        "Read(//sys/**)",
+        "Grep(//proc/**)",
+        "Grep(//sys/**)",
+        "Edit(//proc/**)",
+        "Edit(//sys/**)",
+        "Glob(//proc/**)",
+        "Glob(//sys/**)",
+        `Read(${CODEX_AUTH_DENY_PATH})`,
+        `Grep(${CODEX_AUTH_DENY_PATH})`,
+        `Edit(${CODEX_AUTH_DENY_PATH})`,
+        `Glob(${CODEX_AUTH_DENY_PATH})`,
+        ...toolDeny
+      ]
+    },
+    sandbox: {
+      filesystem: {
+        denyRead: ["/proc", "/sys", CODEX_AUTH_DENY_PATH, ...secretDenyPaths]
+      }
     }
-  }
-};
-function installManagedSettings() {
+  };
+}
+function installManagedSettings(ctx) {
   if (process.env.CI !== "true") return;
-  const content = JSON.stringify(managedSettings, null, 2);
+  const content = JSON.stringify(buildManagedSettings(ctx), null, 2);
   try {
     execFileSync4("sudo", ["mkdir", "-p", MANAGED_SETTINGS_DIR]);
     execFileSync4("sudo", ["tee", MANAGED_SETTINGS_PATH], {
@@ -149842,12 +149943,14 @@ var claude = agent({
     const specifier = ctx.payload.proxyModel ?? ctx.resolvedModel;
     const bedrockModelId = process.env[BEDROCK_MODEL_ID_ENV]?.trim();
     const isBedrockRoute = specifier !== void 0 && bedrockModelId !== void 0 && bedrockModelId === specifier && isBedrockAnthropicId(specifier);
-    const model = !specifier ? void 0 : isBedrockRoute ? specifier : stripProviderPrefix(specifier);
+    const vertexModelId = process.env[VERTEX_MODEL_ID_ENV]?.trim();
+    const isVertexRoute2 = specifier !== void 0 && vertexModelId !== void 0 && vertexModelId === specifier && isVertexAnthropicId(specifier);
+    const model = !specifier ? void 0 : isBedrockRoute ? specifier : isVertexRoute2 ? void 0 : stripProviderPrefix(specifier);
     const homeEnv = {
       HOME: ctx.tmpdir,
-      XDG_CONFIG_HOME: join11(ctx.tmpdir, ".config")
+      XDG_CONFIG_HOME: join12(ctx.tmpdir, ".config")
     };
-    mkdirSync4(join11(homeEnv.XDG_CONFIG_HOME, "claude"), { recursive: true });
+    mkdirSync5(join12(homeEnv.XDG_CONFIG_HOME, "claude"), { recursive: true });
     const agentBrowserVersion = getDevDependencyVersion("agent-browser");
     addSkill({
       ref: `vercel-labs/agent-browser@v${agentBrowserVersion}`,
@@ -149858,7 +149961,7 @@ var claude = agent({
     installBundledSkills({ home: homeEnv.HOME });
     const mcpConfigPath = writeMcpConfig(ctx);
     const effort = resolveEffort(model);
-    installManagedSettings();
+    installManagedSettings(ctx);
     const baseArgs = [
       cliPath,
       "--output-format",
@@ -149886,6 +149989,10 @@ var claude = agent({
     if (isBedrockRoute) {
       env2.CLAUDE_CODE_USE_BEDROCK = "1";
     }
+    if (isVertexRoute2) {
+      applyClaudeVertexEnv(env2);
+      env2.ANTHROPIC_MODEL = specifier;
+    }
     if (env2.CLAUDE_CODE_OAUTH_TOKEN && !isBedrockRoute && env2.ANTHROPIC_API_KEY) {
       log.debug(
         "\xBB CLAUDE_CODE_OAUTH_TOKEN present \u2014 stripping ANTHROPIC_API_KEY from Claude Code env so the OAuth subscription is used"
@@ -149927,8 +150034,8 @@ var claude = agent({
 
 // agents/opencode_v2.ts
 var core2 = __toESM(require_core(), 1);
-import { mkdirSync as mkdirSync6, writeFileSync as writeFileSync10 } from "node:fs";
-import { join as join13 } from "node:path";
+import { mkdirSync as mkdirSync7, writeFileSync as writeFileSync11 } from "node:fs";
+import { join as join14 } from "node:path";
 import { performance as performance7 } from "node:perf_hooks";
 
 // utils/agentHangReport.ts
@@ -150027,9 +150134,9 @@ function formatBillingExhaustedBody(diagnostic) {
 }
 
 // utils/codexHome.ts
-import { mkdirSync as mkdirSync5, writeFileSync as writeFileSync9 } from "node:fs";
-import { homedir } from "node:os";
-import { join as join12 } from "node:path";
+import { mkdirSync as mkdirSync6, writeFileSync as writeFileSync10 } from "node:fs";
+import { homedir as homedir2 } from "node:os";
+import { join as join13 } from "node:path";
 var CODEX_AUTH_ENV = "CODEX_AUTH_JSON";
 function installCodexAuth() {
   const raw2 = process.env[CODEX_AUTH_ENV];
@@ -150039,9 +150146,9 @@ function installCodexAuth() {
     log.warning(`\xBB ${CODEX_AUTH_ENV} present but malformed; ignoring`);
     return null;
   }
-  const xdgDataHome = join12(homedir(), ".local", "share");
-  const opencodeDir = join12(xdgDataHome, "opencode");
-  const authPath = join12(opencodeDir, "auth.json");
+  const xdgDataHome = join13(homedir2(), ".local", "share");
+  const opencodeDir = join13(xdgDataHome, "opencode");
+  const authPath = join13(opencodeDir, "auth.json");
   const opencodeAuth = {
     openai: {
       type: "oauth",
@@ -150054,8 +150161,8 @@ function installCodexAuth() {
       ...blob.tokens.account_id ? { accountId: blob.tokens.account_id } : {}
     }
   };
-  mkdirSync5(opencodeDir, { recursive: true });
-  writeFileSync9(authPath, `${JSON.stringify(opencodeAuth, null, 2)}
+  mkdirSync6(opencodeDir, { recursive: true });
+  writeFileSync10(authPath, `${JSON.stringify(opencodeAuth, null, 2)}
 `, { mode: 384 });
   log.info(`\xBB installed Codex auth at ${authPath}`);
   return { authPath, xdgDataHome, originalRefresh: blob.tokens.refresh_token };
@@ -150711,16 +150818,17 @@ var opencode = agent({
     const rawModel = ctx.payload.proxyModel ?? ctx.resolvedModel ?? autoSelectModel(cliPath);
     const bedrockModelId = process.env[BEDROCK_MODEL_ID_ENV]?.trim();
     const isBedrockRoute = rawModel !== void 0 && bedrockModelId !== void 0 && bedrockModelId === rawModel;
-    const model = isBedrockRoute ? `amazon-bedrock/${rawModel}` : rawModel;
+    const vertexModel = resolveVertexOpenCodeModel(rawModel);
+    const model = vertexModel ?? (isBedrockRoute ? `amazon-bedrock/${rawModel}` : rawModel);
     const homeEnv = {
       HOME: ctx.tmpdir,
-      XDG_CONFIG_HOME: join13(ctx.tmpdir, ".config")
+      XDG_CONFIG_HOME: join14(ctx.tmpdir, ".config")
     };
-    mkdirSync6(join13(homeEnv.XDG_CONFIG_HOME, "opencode"), { recursive: true });
-    const opencodePluginDir = join13(homeEnv.XDG_CONFIG_HOME, "opencode", "plugin");
-    mkdirSync6(opencodePluginDir, { recursive: true });
-    writeFileSync10(
-      join13(opencodePluginDir, PULLFROG_OPENCODE_PLUGIN_FILENAME),
+    mkdirSync7(join14(homeEnv.XDG_CONFIG_HOME, "opencode"), { recursive: true });
+    const opencodePluginDir = join14(homeEnv.XDG_CONFIG_HOME, "opencode", "plugin");
+    mkdirSync7(opencodePluginDir, { recursive: true });
+    writeFileSync11(
+      join14(opencodePluginDir, PULLFROG_OPENCODE_PLUGIN_FILENAME),
       PULLFROG_OPENCODE_PLUGIN_SOURCE
     );
     const agentBrowserVersion = getDevDependencyVersion("agent-browser");
@@ -150790,15 +150898,18 @@ var opencode = agent({
 var agents = { claude, opencode };
 
 // utils/agent.ts
-function hasEnvVar(name) {
+function hasEnvVar2(name) {
   const val = process.env[name];
   return typeof val === "string" && val.length > 0;
 }
 function hasClaudeCodeAuth() {
-  return hasEnvVar("CLAUDE_CODE_OAUTH_TOKEN") || hasEnvVar("ANTHROPIC_API_KEY");
+  return hasEnvVar2("CLAUDE_CODE_OAUTH_TOKEN") || hasEnvVar2("ANTHROPIC_API_KEY");
 }
 function hasBedrockAuth() {
-  return hasEnvVar("AWS_BEARER_TOKEN_BEDROCK") || hasEnvVar("AWS_ACCESS_KEY_ID") && hasEnvVar("AWS_SECRET_ACCESS_KEY");
+  return hasEnvVar2("AWS_BEARER_TOKEN_BEDROCK") || hasEnvVar2("AWS_ACCESS_KEY_ID") && hasEnvVar2("AWS_SECRET_ACCESS_KEY");
+}
+function hasVertexAuth() {
+  return hasEnvVar2(VERTEX_SERVICE_ACCOUNT_JSON_ENV);
 }
 function resolveSlug(slug2) {
   const alias = resolveDisplayAlias(slug2);
@@ -150806,11 +150917,20 @@ function resolveSlug(slug2) {
     const bedrockId = process.env[BEDROCK_MODEL_ID_ENV]?.trim();
     if (!bedrockId) {
       throw new Error(
-        `${BEDROCK_MODEL_ID_ENV} env var is required when the model is set to "${slug2}". set it to an AWS Bedrock model ID (e.g. "us.anthropic.claude-opus-4-7", "amazon.nova-pro-v1:0"). see https://docs.pullfrog.com/bedrock for setup.`
+        `${BEDROCK_MODEL_ID_ENV} env var is required when the model is set to "${slug2}". set it to an AWS Bedrock model ID from the Bedrock console. see https://docs.pullfrog.com/bedrock for setup.`
       );
     }
     return bedrockId;
   }
+  if (alias?.routing === "vertex") {
+    const vertexId = process.env[VERTEX_MODEL_ID_ENV]?.trim();
+    if (!vertexId) {
+      throw new Error(
+        `${VERTEX_MODEL_ID_ENV} env var is required when the model is set to "${slug2}". set it to a Google Vertex AI model ID from Model Garden. see https://docs.pullfrog.com/vertex for setup.`
+      );
+    }
+    return vertexId;
+  }
   return resolveCliModel(slug2);
 }
 function resolveModel(ctx) {
@@ -150838,6 +150958,9 @@ function resolveAgent(ctx) {
   if (ctx.model && hasBedrockAuth() && process.env[BEDROCK_MODEL_ID_ENV]?.trim() === ctx.model) {
     return isBedrockAnthropicId(ctx.model) ? agents.claude : agents.opencode;
   }
+  if (ctx.model && hasVertexAuth() && process.env[VERTEX_MODEL_ID_ENV]?.trim() === ctx.model) {
+    return isVertexAnthropicId(ctx.model) ? agents.claude : agents.opencode;
+  }
   if (ctx.model) {
     try {
       const provider2 = getModelProvider(ctx.model);
@@ -150878,26 +151001,51 @@ add the missing secret(s) to your GitHub repository at ${githubSecretsUrl}, then
 
 for full setup instructions, see https://docs.pullfrog.com/bedrock`;
 }
-function hasEnvVar2(name) {
+function buildVertexSetupError(params) {
+  const githubSecretsUrl = `https://github.com/${params.owner}/${params.name}/settings/secrets/actions`;
+  return `Google Vertex AI model selected but required configuration is missing: ${params.missing.join(", ")}.
+
+add the missing secret(s) to your GitHub repository at ${githubSecretsUrl}, then reference them in your workflow's \`env:\` block:
+
+  ${VERTEX_SERVICE_ACCOUNT_JSON_ENV}: \${{ secrets.${VERTEX_SERVICE_ACCOUNT_JSON_ENV} }}
+  ${GOOGLE_CLOUD_PROJECT_ENV}: my-project
+  ${VERTEX_LOCATION_ENV}: global
+  ${VERTEX_MODEL_ID_ENV}: <vertex-model-id>
+
+for full setup instructions, see https://docs.pullfrog.com/vertex`;
+}
+function hasEnvVar3(name) {
   const value2 = process.env[name];
   return typeof value2 === "string" && value2.length > 0;
 }
 function hasProviderKey(model) {
   const requiredVars = getModelEnvVars(model);
   if (requiredVars.length === 0) return true;
-  return requiredVars.some((v) => hasEnvVar2(v));
+  return requiredVars.some((v) => hasEnvVar3(v));
 }
 function validateBedrockSetup(params) {
-  const hasAuth = hasEnvVar2("AWS_BEARER_TOKEN_BEDROCK") || hasEnvVar2("AWS_ACCESS_KEY_ID") && hasEnvVar2("AWS_SECRET_ACCESS_KEY");
+  const hasAuth = hasEnvVar3("AWS_BEARER_TOKEN_BEDROCK") || hasEnvVar3("AWS_ACCESS_KEY_ID") && hasEnvVar3("AWS_SECRET_ACCESS_KEY");
   const missing = [];
   if (!hasAuth)
     missing.push("AWS_BEARER_TOKEN_BEDROCK (or AWS_ACCESS_KEY_ID + AWS_SECRET_ACCESS_KEY)");
-  if (!hasEnvVar2("AWS_REGION")) missing.push("AWS_REGION");
-  if (!hasEnvVar2(BEDROCK_MODEL_ID_ENV)) missing.push(BEDROCK_MODEL_ID_ENV);
+  if (!hasEnvVar3("AWS_REGION")) missing.push("AWS_REGION");
+  if (!hasEnvVar3(BEDROCK_MODEL_ID_ENV)) missing.push(BEDROCK_MODEL_ID_ENV);
   if (missing.length > 0) {
     throw new Error(buildBedrockSetupError({ owner: params.owner, name: params.name, missing }));
   }
 }
+function validateVertexSetup(params) {
+  const hasAuth = hasEnvVar3(VERTEX_SERVICE_ACCOUNT_JSON_ENV);
+  const hasProject = hasEnvVar3(GOOGLE_CLOUD_PROJECT_ENV) || readProjectIdFromVertexServiceAccountJson() !== void 0;
+  const missing = [];
+  if (!hasAuth) missing.push(VERTEX_SERVICE_ACCOUNT_JSON_ENV);
+  if (!hasProject) missing.push(GOOGLE_CLOUD_PROJECT_ENV);
+  if (!hasEnvVar3(VERTEX_LOCATION_ENV)) missing.push(VERTEX_LOCATION_ENV);
+  if (!hasEnvVar3(VERTEX_MODEL_ID_ENV)) missing.push(VERTEX_MODEL_ID_ENV);
+  if (missing.length > 0) {
+    throw new Error(buildVertexSetupError({ owner: params.owner, name: params.name, missing }));
+  }
+}
 function validateAgentApiKey(params) {
   if (params.model) {
     const alias = resolveDisplayAlias(params.model);
@@ -150905,16 +151053,24 @@ function validateAgentApiKey(params) {
       validateBedrockSetup({ owner: params.owner, name: params.name });
       return;
     }
+    if (alias?.routing === "vertex") {
+      validateVertexSetup({ owner: params.owner, name: params.name });
+      return;
+    }
     if (!params.model.includes("/")) {
+      if (process.env[VERTEX_MODEL_ID_ENV]?.trim() === params.model) {
+        validateVertexSetup({ owner: params.owner, name: params.name });
+        return;
+      }
       validateBedrockSetup({ owner: params.owner, name: params.name });
       return;
     }
     const requiredVars = getModelEnvVars(params.model);
     if (requiredVars.length === 0) return;
-    if (requiredVars.some((v) => hasEnvVar2(v))) return;
+    if (requiredVars.some((v) => hasEnvVar3(v))) return;
     throw new Error(buildMissingApiKeyError({ owner: params.owner, name: params.name }));
   }
-  const hasAnyKey = [...knownApiKeys].some((k) => hasEnvVar2(k));
+  const hasAnyKey = [...knownApiKeys].some((k) => hasEnvVar3(k));
   if (!hasAnyKey) {
     throw new Error(buildMissingApiKeyError({ owner: params.owner, name: params.name }));
   }
@@ -151049,10 +151205,10 @@ function selectFallbackModelIfNeeded(input) {
 }
 
 // utils/gitAuthServer.ts
-import { randomUUID as randomUUID3 } from "node:crypto";
-import { writeFileSync as writeFileSync11 } from "node:fs";
+import { randomUUID as randomUUID4 } from "node:crypto";
+import { writeFileSync as writeFileSync12 } from "node:fs";
 import { createServer as createServer2 } from "node:http";
-import { join as join14 } from "node:path";
+import { join as join15 } from "node:path";
 var CODE_TTL_MS = 5 * 60 * 1e3;
 var TAMPER_WINDOW_MS = 6e4;
 function revokeGitHubToken(token) {
@@ -151112,7 +151268,7 @@ async function startGitAuthServer(tmpdir4) {
   const port = rawAddr.port;
   log.debug(`git auth server listening on 127.0.0.1:${port}`);
   function register4(token) {
-    const code = randomUUID3();
+    const code = randomUUID4();
     const timeout = setTimeout(() => {
       codes.delete(code);
       log.debug(`git auth code expired: ${code.slice(0, 8)}...`);
@@ -151122,9 +151278,9 @@ async function startGitAuthServer(tmpdir4) {
     return code;
   }
   function writeAskpassScript(code) {
-    const scriptId = randomUUID3();
+    const scriptId = randomUUID4();
     const scriptName = `askpass-${scriptId}.js`;
-    const scriptPath = join14(tmpdir4, scriptName);
+    const scriptPath = join15(tmpdir4, scriptName);
     const content = [
       `#!/usr/bin/env node`,
       `var a=process.argv[2]||"";`,
@@ -151139,7 +151295,7 @@ async function startGitAuthServer(tmpdir4) {
       `try{require("fs").unlinkSync("${scriptPath.replace(/\\/g, "\\\\")}")}catch(e){}`,
       `})}).on("error",function(){process.exit(1)})}`
     ].join("\n");
-    writeFileSync11(scriptPath, content, { mode: 448 });
+    writeFileSync12(scriptPath, content, { mode: 448 });
     return scriptPath;
   }
   async function close() {
@@ -151163,7 +151319,7 @@ async function startGitAuthServer(tmpdir4) {
 var core3 = __toESM(require_core(), 1);
 import { createSign } from "node:crypto";
 import { rename, writeFile } from "node:fs/promises";
-import { dirname as dirname3, join as join15 } from "node:path";
+import { dirname as dirname3, join as join16 } from "node:path";
 
 // node_modules/.pnpm/@octokit+plugin-throttling@11.0.3_@octokit+core@7.0.5/node_modules/@octokit/plugin-throttling/dist-bundle/index.js
 var import_light = __toESM(require_light(), 1);
@@ -155021,7 +155177,7 @@ function getGitHubUsageSummary() {
 }
 async function writeGitHubUsageSummaryToFile(path3) {
   const summary2 = getGitHubUsageSummary();
-  const tmpPath = join15(dirname3(path3), `.usage-summary-${process.pid}.tmp`);
+  const tmpPath = join16(dirname3(path3), `.usage-summary-${process.pid}.tmp`);
   await writeFile(tmpPath, JSON.stringify(summary2));
   await rename(tmpPath, path3);
 }
@@ -155421,7 +155577,7 @@ function resolveInstructions(ctx) {
 
 // utils/learnings.ts
 import { mkdir, readFile as readFile2, writeFile as writeFile2 } from "node:fs/promises";
-import { dirname as dirname4, join as join16 } from "node:path";
+import { dirname as dirname4, join as join17 } from "node:path";
 
 // utils/learningsTruncate.ts
 var MAX_LEARNINGS_LENGTH = 1e5;
@@ -155438,7 +155594,7 @@ function truncateAtLineBoundary(body, cap) {
 // utils/learnings.ts
 var LEARNINGS_FILE_NAME = "pullfrog-learnings.md";
 function learningsFilePath(tmpdir4) {
-  return join16(tmpdir4, LEARNINGS_FILE_NAME);
+  return join17(tmpdir4, LEARNINGS_FILE_NAME);
 }
 async function seedLearningsFile(params) {
   const path3 = learningsFilePath(params.tmpdir);
@@ -156118,7 +156274,7 @@ async function runProxyResolution(ctx) {
 
 // utils/prSummary.ts
 import { mkdir as mkdir2, readFile as readFile3, writeFile as writeFile3 } from "node:fs/promises";
-import { dirname as dirname5, join as join17 } from "node:path";
+import { dirname as dirname5, join as join18 } from "node:path";
 var SUMMARY_FILE_NAME = "pullfrog-summary.md";
 var SUMMARY_SCAFFOLD = `# PR summary
 
@@ -156128,7 +156284,7 @@ var SUMMARY_SCAFFOLD = `# PR summary
 var MIN_SNAPSHOT_LENGTH = 60;
 var MAX_SNAPSHOT_LENGTH = 32768;
 function summaryFilePath(tmpdir4) {
-  return join17(tmpdir4, SUMMARY_FILE_NAME);
+  return join18(tmpdir4, SUMMARY_FILE_NAME);
 }
 async function seedSummaryFile(params) {
   const path3 = summaryFilePath(params.tmpdir);
@@ -156552,9 +156708,9 @@ function logRunStartup(ctx) {
 import { execFileSync as execFileSync6, execSync as execSync3 } from "node:child_process";
 import { mkdtempSync as mkdtempSync2 } from "node:fs";
 import { tmpdir as tmpdir3 } from "node:os";
-import { join as join18 } from "node:path";
+import { join as join19 } from "node:path";
 function createTempDirectory() {
-  const sharedTempDir = mkdtempSync2(join18(tmpdir3(), "pullfrog-"));
+  const sharedTempDir = mkdtempSync2(join19(tmpdir3(), "pullfrog-"));
   process.env.PULLFROG_TEMP_DIR = sharedTempDir;
   log.info(`\xBB created temp dir at ${sharedTempDir}`);
   return sharedTempDir;
@@ -156886,6 +157042,7 @@ async function main() {
     let toolContext;
     let progressCallbackDisabled = false;
     let todoTracker;
+    let vertexCredentials;
     try {
       var _stack = [];
       try {
@@ -156920,6 +157077,7 @@ async function main() {
           );
           toolState.modelFallback = { from: fallback.from };
         }
+        vertexCredentials = materializeVertexCredentials({ model: resolvedModel });
         const agent2 = resolveAgent({ model: resolvedModel });
         toolState.model = payload.proxyModel ?? resolvedModel ?? effectiveSlug;
         validateAgentApiKey({
@@ -157031,7 +157189,7 @@ ${instructions.user}` : null,
           log.info(instructions.full);
         });
         if (agentId === "opencode") {
-          const pluginDir = join19(process.cwd(), ".opencode", "plugin");
+          const pluginDir = join20(process.cwd(), ".opencode", "plugin");
           const hasPlugins = existsSync7(pluginDir) && readdirSync(pluginDir).some((f) => /\.[jt]sx?$/.test(f));
           if (hasPlugins && toolState.dependencyInstallation?.promise) {
             log.info(
@@ -157087,6 +157245,7 @@ ${instructions.user}` : null,
           resolvedModel,
           mcpServerUrl: mcpHttpServer.url,
           tmpdir: tmpdir4,
+          secretDenyPaths: vertexCredentials ? [vertexCredentials.secretDir] : [],
           instructions,
           todoTracker,
           stopScript: runContext.repoSettings.stopScript,
@@ -157190,6 +157349,7 @@ ${instructions.user}` : null,
           await patchWorkflowRunFields(toolContext, patch);
         }
       }
+      cleanupVertexCredentials(vertexCredentials);
     }
   } catch (_3) {
     var _error2 = _3, _hasError2 = true;
@@ -158078,7 +158238,7 @@ async function run2() {
 }
 
 // cli.ts
-var VERSION10 = "0.1.9";
+var VERSION10 = "0.1.11";
 var bin = basename2(process.argv[1] || "");
 var PROG = bin === "pf" || bin === "pullfrog" ? bin : "pullfrog";
 var rawArgs = process.argv.slice(2);