-cli
Star on GitHub
Docs · Safety

Safe defaults for autonomous work.

Trust ladder

Every command is classified T0–T3. The classification is readable from the command name and enforced before the network call.

Tier
Friction
Examples
T0
Silent read.
doctor, auth whoami, any list, any show, chat pending
T1
Audit only, no prompt.
chat create, msg send, env set (plain), project create
T2
TTY prompt or --yes. Exit 2 in JSON without.
deploy create, env list --decrypted, chat delete
T3
Single-use intent token. Exit 5 without.
hook delete, deploy delete, env delete (bulk)

Intent tokens

T3 operations require a single-use HMAC-SHA256 token bound to action + hash(params). Tokens expire after 15 minutes, can be used exactly once, and cannot be retargeted.

bash
# 1. Try a T3 op. Exit 5, intent_required.
v0 hook delete hook_abc --json
# → { "error": { "code": "intent_required", ... } }

# 2. Mint an intent bound to exact action + params
TOKEN=$(v0 intent issue --action hook.delete \
  --params '{"hookId":"hook_abc"}' --json | jq -r '.data.token')

# 3. Consume it once. Exit 0.
v0 hook delete hook_abc --confirm "$TOKEN" --json
# → { "data": { "id": "hook_abc", "deleted": true } }

# 4. Re-use same token. Exit 5, intent_consumed.
# 5. Use for a different action. Exit 5, intent_action_mismatch.

Killswitch

The killswitch is a file on disk that blocks every T2 and T3 operation instantly. Meant for the human supervisor: something went wrong, halt everything.

bash
v0 killswitch on       # flip it
v0 killswitch status   # check
v0 killswitch off      # release

Audit trail

Every write is logged to a JSONL file under $APP_HOME/audit/ in two phases: pending before the network call, final after. Crash-safe — if the CLI dies mid-call, the pending line survives for forensics.

bash
v0 audit tail --limit 20 --json
v0 audit tail --since 1h --failed --json
← Previous Agent mode Next → Reference
← Back to landing Star on GitHub ↗