vercel connex list now defaults to clients linked to the current project. When no project is linked, it falls back to listing every Connex client in the team (same as --all-projects). Use --all-projects to force the team-wide view; the table includes a Projects column with the linked project names per client (with a + more suffix when truncated).--format=json support to vercel project token, direct token output to stdout instead of stderr.@vercel/cli-config, use @effect/schema for config validation.vc logs <deployment-url> to resolve the project from the deployment instead of requiring a linked local project, and include the current scope in related lookup errors.vercel firewall command for managing project firewall configuration. Supports custom rules (add, edit, delete, enable, disable, reorder), IP blocking, system bypass rules, attack challenge mode, and system mitigations.vercel connex create now accepts a --triggers flag. When passed, the request body includes triggers: { enabled: true } so the server wires webhook triggers into the created client. Without the flag, triggers: { enabled: false } is sent.--yes enable the browser recovery flow for vercel connex token even in non-TTY contexts (e.g., coding agents), so a single command can open the browser, poll, and return the token without round-tripping through the agent's chat.vercel deploy continue --error to mark manual deployments as failed with an optional error message.--filter/-f <NAME> flag to vercel project ls for filtering projects by name (substring match).vercel link --yes --project cross-team search, so team-scoped tokens can still link projects they can access.vercel link's cross-team auto-detect so it no longer forces device-code re-authentication for scopes the user did not explicitly choose. The project is still linked from any accessible team where it's found, and limited scopes remain available through the standard scope picker (selectOrg) or --scope <slug>.
vc env update failing when updating sensitive environment variables.SdkKey type so plaintext keyValue, tokenValue, and connectionString can no longer appear on list responses. flags sdk-keys ls --json already omitted these via an explicit allowlist; the type split makes the guarantee static. Create-time output from flags sdk-keys add is unaffected.--token from help output for commands that don't support it (login, switch).56880dd: vercel edge-config tokens <id-or-slug> --format json no longer includes plaintext token values. Each row now contains id, label, partialToken, and createdAt.
If your scripts read the token field to identify or remove a token, switch to id instead. For example, vercel edge-config tokens <id-or-slug> --remove <id> --yes.
Plaintext tokens are still printed once at creation via --add <label>.
4ae5eca: Adds vercel connex open <clientIdOrUid> — opens a Connex client's detail page in the Vercel dashboard. Gated behind FF_CONNEX_ENABLED.
scl_ client ID or a UID (e.g. slack/my-bot); resolves UIDs to the canonical scl_ ID via GET /v1/connex/clients/:id before building the dashboard URL (the dashboard route is a single [clientId] segment).--format=json (emits { "url": "..." }) and stdout.isTTY (non-TTY writes the URL to stdout so it can be piped).vercel integration open: presence-checks the client first so a bad id/uid fails fast with a CLI error instead of a 404 in the browser.d071a00: Add vercel connex remove command to delete a Connex client by id or uid. Refuses when projects are connected unless --disconnect-all is passed (mirrors vercel integration-resource remove); supports --yes and --format=json.
f0c17c0: Add masked token value column to vercel edge-config tokens table output.
bc302e4: vercel flags sdk-keys ls now surfaces the server-masked partialKeyValue preview (e.g. vf_server_abc********) in a new column of the default table output, between Label and Created. The --json output also includes partialKeyValue on each row.
c56f851: Upgrade to TypeScript 5.9
vercel connex commands so users are not re-prompted on every invocation. Personal-scope selections are rejected since connex clients are team-owned.vercel edge-config subcommands to the locally linked project's team by default, matching vercel env, vercel crons, etc. Falls back to the globally configured team when no project is linked.vc link --scope project lookup to the requested scope.vc whoami now shows both the logged-in user and the active team, and surfaces when the active team is set by a local project link rather than the globally-selected team.ae90f00: vercel edge-config tokens --remove <ID_OR_TOKEN> now accepts either a token id (as shown in the id column of vercel edge-config tokens <id-or-slug>) or a plaintext token string. The CLI transparently consults the store's own token list to classify each value and sends { ids }, { tokens }, or both to DELETE /v1/edge-config/:id/tokens accordingly.
--remove, which is repeatable.vercel edge-config tokens my-store --remove <token-id> --yes
vercel edge-config tokens my-store --remove <plaintext-token> --yes
vercel edge-config tokens my-store --remove <id-mkdir -p call with Node's cross-platform mkdirSync(..., { recursive: true }), and by passing a token fixture as --token=<value> so values beginning with - are parsed correctly in non-interactive token tests.next.command suggestions from echoing auth tokens across CLI flows, not just tokens add. The CLI now strips --token / -t flags (including inline =value forms) before building suggested rerun commands, so automation output cannot leak credentials copied from invocation args; VERCEL_TOKEN from environment variables was not affected.reauthenticate now bails with an actionable error message when the token was supplied via --token, when it was supplied via the VERCEL_TOKEN environment variable, or when stdin is non-interactive (e.g. CI). In all three cases the user is told which token source needs a token authorized for the requested scope, instead of silently kicking off performDeviceCodeFlow.
vercel connex token command to fetch tokens for Connex clients, with auto-authorize / auto-install recovery on actionable 422 errors. (#16072)Add vercel env run example to the env command help output (#16072)
vercel env update now applies the same Development guards as vercel env add: (#16072)
--sensitive is used on a record that targets Development (regardless of policy). Sensitive is not allowed on Development.Other env update behavior is unchanged.
Normalize single-line stdin env values by removing a trailing newline before (#16072) saving them.
Updated dependencies [2aa78415831fe89d1b21dd89704706bd1ad5e78d, 2aa78415831fe89d1b21dd89704706bd1ad5e78d, 2aa78415831fe89d1b21dd89704706bd1ad5e78d]:
vercel env add now defaults Environment Variables to sensitive on Production and Preview. Sensitive values are encrypted at rest and cannot be retrieved later via the dashboard or CLI; they are still resolved for builds, deployments, vercel env pull, and runtime. (#16041)
Behavior per target:
sensitive. Pass --no-sensitive to opt back in to the previous encrypted behavior (value remains readable later).encrypted (sensitive is not supported by the Vercel API for Development). Passing --sensitive alongside a Development target now errors up-front instead of silently falling back.production + preview + development): errors and asks you to run vercel env add separately for Development, because Development cannot share a record type with Production/Preview.Flag summary:
--sensitive: unchanged in meaning (request a sensitive variable); now errors when combined with Development.--no-sensitive: new; opt out of the new default for Production/Preview.--sensitive --no-sensitive together: errors.On teams that enable the "Enforce Sensitive Environment Variables" policy in team settings, the CLI now reads the policy from the team object and notes in the output that the policy is active; the server already promotes Production/Preview variables to sensitive silently, and the CLI's own logs are now honest about it. Passing --no-sensitive on a policy-on team for Production/Preview now emits a warning — the flag is a no-op because the server promotes the variable regardless — and the CLI sends type: 'sensitive' so its own --debug output matches what gets stored.
c1866cf1add2107f91cae8292e38e4854bfe0aca]:
[detect-services] If a vercel.toml exists, update the vercel.toml (#15895)
Use correct filename in messages when config file is not vercel.json (#15893)
[services] move Python workers to v2beta triggers with private routing (#15920)
Include action and resource fields from API 403 responses in non-interactive agent error payloads. (#15940)
Use POST for vercel connex create with a browser registration fallback. (#16026)
Add table formatting for OpenAPI CLI responses. (#16011)
Renders API JSON responses as CLI tables and cards with relative timestamp formatting, null/undefined display as --, human-readable column headers, and configurable display columns via VercelCliTableDisplay.
Updated dependencies [93be6d188176cdd4451a6c62155f3ccd7dfa89e1, 0793b7d31e4ff21dd12ff727f2906be2fd63fe3e]:
055f6239a4fe763b9f3b33cfbb5baa2e0e214767]:
vercel connex list command (#16018)Add OpenAPI-driven subcommand fallback behind VERCEL_AUTO_API=1. (#15989)
When the env var is set, unrecognized CLI tokens are matched against OpenAPI tags and operation IDs from openapi.vercel.sh. This enables vercel <tag> <operationId> (e.g. vercel user getAuthUser) at the top level, and per-command fallthrough (e.g. vercel projects getProject) when a token doesn't match a native subcommand.
When x-vercel-cli.displayColumns is present in the OpenAPI response schema, results render as a card (single object) or table (array) instead of raw JSON.
[experimental-services] add new job service type support (#15944)
Add naming and formatting utilities for OpenAPI CLI integration. (#16010)
Introduces foldNamingStyle for case-insensitive matching across camelCase/kebab-case/snake_case, humanReadableColumnLabel for converting schema property paths to readable headers, and inferCliSubcommandAliases for auto-generating CLI aliases from HTTP methods.
Updated dependencies [44d519b8660185754d8280517adbe0ab7268f540, 2a6344e205910dafc05cb74a80f98165d95322d7]:
Improve Claude Code Vercel plugin install and update prompts across CLI commands. (#15921)
Updated dependencies [5219572d21a2ba4b49cc1c27d244c1ff5d76c591, 2babfa22946d80a92f1307a8d860a9039d695b09, 2babfa22946d80a92f1307a8d860a9039d695b09, adbe6f0a0152136aa26aa1277458f4578f62beeb]:
Add vercel connex create command (#15988)
Add vercel deploy-hooks command to create, list, and remove deploy hooks. (#15935)
Enable functions beta hint when flag is true (#15965)
Improve the vercel metrics CLI by making it generally available, simplifying metric selection, and cleaning up schema output. (#15904)
Updated dependencies [bb834e53bca374d44f86bda3892e77ded226a26a, bab75d7ff6b7a188167bbd7583a8b36d9d250d5a, 2243233194c6e38d75ed2a1ca040acaaf3b2e686, 232b45fd82adf4a8d538a853bfc1df7a5d16f4c9]:
Add vercel flags rollout for progressive rollouts. (#15963)
Examples:
vercel flags rollout redesigned-checkout \
--environment production \
--by user.userId \
--stage 5,6h \
--stage 10,6h \
--stage 25,12h \
--stage 50,1dvercel flags rollout redesigned-checkout \
--environment production \
Add vercel alerts inspect to fetch a single alert group by id with linked project, explicit --project, or --all scope. (#15850)
Add root to experimentalServices to set a service's working directory. (#15929)
Add a new flag to vercel deploy to let users deploy to hive (#15892)
Return 3xx responses directly in client.fetch() when redirect: 'manual' is passed, instead of entering the error/retry path. (#15953)
Add JSON feature flag support to the CLI so flags can be created, updated, listed, inspected, and set with JSON variant values just like existing boolean, string, and number kinds. (#15741)
This aligns the CLI with the recent API and dashboard changes for json flags, including parsing raw JSON inputs and preserving structured values in output.
Display case-insensitive feature flag rule comparisons correctly in the CLI. (#15743)
Updated dependencies [86d1f5b3cbd520af2632d4a3d6a1f24557448c0e, 1056be976b6ba9b42cc1e2ffe895d255ab6c9850, c27eedaa1b0e3f6e3770b578f62e5463d82f06e0]:
Add ai-gateway api-keys create command for creating AI Gateway API keys with optional quota limits (#15744)
Improve vercel blob list-stores with --json and --no-projects, exclude non-blob stores when the API returns a type field, and show a richer table for non-TTY output while keeping linked-project filtering, --all, and interactive store selection on TTY. (#14653)
Add a project rename command to rename projects from the CLI. (#15918)
Updated dependencies [8b77cdcd71ba645df4eed52cdccde9a2cbb913f8, 2d7d14db1c6448f716d1ccc30844b43f47e8e6ee, d731f1b69030ddcaa0b7f4f1854f79ea92671b1e, 4e62f6c2204dd148643f86f140f0ae7995778017, 45c8d4f54cc831695375794964a29145860fa45b, 42a70e1e6318615bd420933f9cc978bed3a43936]:
vercel domains price to show registrar purchase, renewal, and transfer pricing for a domain. (#15851)63a7bd6b8ce887f98bb6ee8c09e7196e7105e90d, 71e5dcc49d6b1eb3955ca7e18a52e76d18e8e8dc]:
feat(cli): CI-friendly flags for blob store commands (#15925)
blob list-stores --all: list all team stores regardless of project connection. Hints about --all when no stores are connected to the current project.blob delete-store --yes: skip confirmation prompt for CI/scripts.blob create-store --yes: auto-connect to linked project with all environments, skip prompts.blob create-store --environment: specify which environments to connect (repeatable, e.g. --environment production --environment preview).feat(cli): blob command improvements and breaking changes (#15375)
Breaking Changes:
--access flag is now required for put, copy, get, and create-store (no longer defaults to public)--force flag removed from blob put (use --allow-overwrite instead)blob store add|remove|get subcommands removed (use blob create-store, blob delete-store, blob get-store)New Features:
blob list-stores (ls-stores): browse blob stores interactively or pipe as a tableblob empty-store: delete all blobs in a store with confirmationblob get-store and blob list-stores now show a dashboard linkblob create-store interactive prompt now shows Private first with doc linksblob delete-store now shows connected projects in confirmation and auto-pulls .env.local after deletion6712eb87653784b99327f81ed3dbff44e30038c5]:
Add vercel oauth-apps to list installation requests, dismiss requests, install apps by OAuth client id, and remove installations. (#15846)
Add vercel teams sso to show SAML/SSO configuration for the current team. (#15847)
Fetch check run logs inline and use checkRunLog deep-link for failed deployment checks. (#15906)
Add mount support for experimental services across config validation and service resolution. (#15882)
Updated dependencies [9b3ea340f23c1faad6d56c2a54d75bb2e77b0162, 4362505f1f5bf9b8fa0738dec2ad3189edc933b2]:
Add Deployment Checks support to deploy --prod. Shows "Running Checks..." spinner when checks are pending, detects check failures before alias promotion, and displays failed check run details with links to logs. (#15884)
Extend marketplace integration CLI parity: add vercel integration installations to list team installations (with optional --integration filter and JSON output), align vercel integration update argument parsing with other subcommands (parse only tokens after update, so the integration slug is the first positional), and ship related help/telemetry updates. (#15849)
Add vercel project protection actions for automation protection bypass via PATCH /v1/projects/.../protection-bypass (--protection-bypass). (#15862)
Add vercel project protection actions for customer support code visibility (--customer-support-code-visibility). (#15860)
Add vercel project protection actions for Git fork protection (--git-fork-protection). (#15861)
[services] migrate python workers to Queues V3 API (#15885)
[cli] Add vercel flags override subcommand to encrypt and decrypt flag override tokens for the vercel-flag-overrides cookie (#15875)
Persist CLI telemetry across invocations with bounded-time sessions, stable installation device IDs, and per-invocation identifiers. (#15872)
Update the vercel metrics CLI to use the V2 observability metrics API with --metric-based schema inspection and querying. (#15876)
Improve vercel integration add command to support fallback to the discover API and first-party integrations. (#15788)
refactor(cli): remove FF_AUTO_PROVISION_INSTALL feature flag and dead code from integration add (#15871)
Updated dependencies [5e02289f927050a6c1025cc0edb7eda607fd5e73, 2e15ee828f14de4a849a462429ca03feab161174, a31c84d1bda56a60da6d7bc6d611b0b18ba3bf57]:
Add vercel project protection actions for password deployment protection (--password). (#15858)
Add vercel project protection actions for skew protection via skewProtectionMaxAge (--skew). (#15859)
Add vercel project protection actions for SSO deployment protection (--sso). (#15857)
Support configuration via vercel.toml (#15750)
Add support for running Sandbox commands through vercel sandbox. (#15839)
Fixed VERCEL_TOKEN environment variable not being checked before the login prompt, causing the CLI to always ask for credentials even when the env var was set. (#15877)
Improve vc logs ergonomics by showing vc logs --help when invalid flags are provided, exiting successfully for explicit --help, and preserving the full nested logs[] array in JSON output so all request log messages remain available. (#15855)
Updated dependencies [aea2272ac976a2e13591e402b2a41173cf51f740, 42b6ff3113eb7ba5302b8469f8dd10070ecec6f0]:
Add vercel edge-config with list, add, get, update, remove, items, and tokens subcommands for Edge Config dashboard API parity. (#15822)
Add vercel project checks to list a project's deployment checks configuration (parity with dashboard), including --format json and non-interactive error payloads. (#15816)
Improve vercel teams request in non-interactive mode: validation, missing team scope, and API errors emit structured JSON on stdout with stable reason values and next[] commands that preserve global flags (for example --cwd and --non-interactive). (#15815)
Hide --search flag from vc logs --help output while continuing to accept it, and update the --query flag description to indicate advanced querying with filter syntax support. (#15854)
Updated dependencies [a80217a9ed60d7b7f3e98537b0468cc5488078c1]:
vercel flags rollout welcome-message \
--environment production \
--by user.userId \
--from-variant control \
--to-variant treatment \
--default-variant control \
--stage 10,2h \
--stage 50,12h \
--start 2026-04-16T09:00:00Zvercel flags rollout redesigned-checkout \
--environment production \
--stage 10,6h \
--stage 50,1d \
--message "Adjust production rollout schedule"Updated dependencies [16aca7dadcea2f877ffae79afa72c14a95f682e3, 1a7423debdd453e4c3a6297119fc8f7b4efc14c3, 2fd561868cd4b0960ba790deed54ca77263212ec, 44897297d569742e93725d71ca481803c9b0b9cc]: