npm - byterover-cli - Versions diffs - 2.4.0 → 2.5.0 - Mend

byterover-cli 2.4.0 → 2.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (35) hide show

package/dist/oclif/commands/providers/index.d.ts CHANGED Viewed

@@ -8,6 +8,7 @@ export default class Provider extends Command {
     };
     protected fetchActiveProvider(options?: DaemonClientOptions): Promise<{
         activeModel: string | undefined;
+        loginRequired: boolean | undefined;
         providerId: string;
         providerName: string;
     }>;

package/dist/oclif/commands/providers/index.js CHANGED Viewed

@@ -22,6 +22,7 @@ export default class Provider extends Command {
             const provider = providers.find((p) => p.id === active.activeProviderId);
             return {
                 activeModel: active.activeModel,
+                loginRequired: active.loginRequired,
                 providerId: active.activeProviderId,
                 providerName: provider?.name ?? active.activeProviderId,
             };
@@ -33,7 +34,11 @@ export default class Provider extends Command {
         try {
             const info = await this.fetchActiveProvider();
             if (format === 'json') {
-                writeJsonResponse({ command: 'providers', data: info, success: true });
+                const { loginRequired, ...rest } = info;
+                const data = loginRequired
+                    ? { ...rest, warning: "Not logged in. Run 'brv login' to authenticate." }
+                    : rest;
+                writeJsonResponse({ command: 'providers', data, success: true });
             }
             else {
                 this.log(`Provider: ${info.providerName} (${info.providerId})`);
@@ -45,6 +50,9 @@ export default class Provider extends Command {
                         this.log('Model: Not set. Run "brv model list" to see available models, or "brv model switch <model>" to set one.');
                     }
                 }
+                if (info.loginRequired) {
+                    this.log("Warning: Not logged in. Run 'brv login' to authenticate.");
+                }
             }
         }
         catch (error) {

package/dist/server/constants.d.ts CHANGED Viewed

@@ -55,7 +55,7 @@ export declare const SHUTDOWN_FORCE_EXIT_MS = 5000;
 export declare const AUTH_STATE_POLL_INTERVAL_MS = 5000;
 export declare const AGENT_MAX_CONCURRENT_TASKS = 5;
 export declare const AGENT_POOL_MAX_SIZE = 10;
-export declare const AGENT_PROCESS_READY_TIMEOUT_MS = 15000;
+export declare const AGENT_PROCESS_READY_TIMEOUT_MS = 30000;
 export declare const AGENT_PROCESS_STOP_TIMEOUT_MS = 5000;
 export declare const CURATE_LOG_DIR = "curate-log";
 export declare const CURATE_LOG_ID_PREFIX = "cur";

package/dist/server/constants.js CHANGED Viewed

@@ -75,7 +75,7 @@ export const AUTH_STATE_POLL_INTERVAL_MS = 5000; // Poll token store every 5s
 // Agent Pool (T6)
 export const AGENT_MAX_CONCURRENT_TASKS = 5; // Max parallel curate/query tasks per agent process
 export const AGENT_POOL_MAX_SIZE = 10;
-export const AGENT_PROCESS_READY_TIMEOUT_MS = 15_000; // 15s max wait for child process to register
+export const AGENT_PROCESS_READY_TIMEOUT_MS = 30_000; // 30s max wait for child process to register
 export const AGENT_PROCESS_STOP_TIMEOUT_MS = 5000; // 5s max wait for child process to stop gracefully
 // Curate log
 export const CURATE_LOG_DIR = 'curate-log';

package/dist/server/core/domain/entities/provider-config.js CHANGED Viewed

@@ -184,7 +184,7 @@ export class ProviderConfig {
     withProviderDisconnected(providerId) {
         // eslint-disable-next-line @typescript-eslint/no-unused-vars
         const { [providerId]: _removed, ...remainingProviders } = this.providers;
-        const newActiveProvider = this.activeProvider === providerId ? 'byterover' : this.activeProvider;
+        const newActiveProvider = this.activeProvider === providerId ? '' : this.activeProvider;
         return new ProviderConfig({
             activeProvider: newActiveProvider,
             providers: remainingProviders,

package/dist/server/core/domain/entities/provider-registry.js CHANGED Viewed

@@ -26,7 +26,7 @@ export const PROVIDER_REGISTRY = {
     byterover: {
         baseUrl: '',
         category: 'popular',
-        description: 'Built-in LLM, no API key required. Free tier available.',
+        description: 'Built-in LLM, logged-in ByteRover account required. Limited free usage.',
         headers: {},
         id: 'byterover',
         modelsEndpoint: '',

package/dist/server/core/domain/transport/schemas.d.ts CHANGED Viewed

@@ -465,6 +465,8 @@ export interface ProviderConfigResponse {
     activeProvider: string;
     /** How the provider was authenticated ('api-key' | 'oauth'). Undefined for internal providers. */
     authMethod?: 'api-key' | 'oauth';
+    /** True when the active provider requires login but the user is not logged in. */
+    loginRequired?: boolean;
     maxInputTokens?: number;
     openRouterApiKey?: string;
     provider?: string;

package/dist/server/infra/auth/oauth-service.js CHANGED Viewed

@@ -52,6 +52,7 @@ export class OAuthService {
                 },
                 httpAgent: ProxyConfig.getProxyAgent(),
                 httpsAgent: ProxyConfig.getProxyAgent(),
+                proxy: false,
             });
             return this.parseTokenResponse(response.data);
         }
@@ -97,6 +98,7 @@ export class OAuthService {
             }, {
                 httpAgent: ProxyConfig.getProxyAgent(),
                 httpsAgent: ProxyConfig.getProxyAgent(),
+                proxy: false,
             });
             return this.parseTokenResponse(response.data);
         }

package/dist/server/infra/auth/oidc-discovery-service.js CHANGED Viewed

@@ -79,6 +79,7 @@ export class OidcDiscoveryService {
             const response = await axios.get(wellKnownUrl, {
                 httpAgent: ProxyConfig.getProxyAgent(),
                 httpsAgent: ProxyConfig.getProxyAgent(),
+                proxy: false,
                 timeout: this.timeoutMs,
             });
             // Validate required fields

package/dist/server/infra/cogit/http-cogit-push-service.js CHANGED Viewed

@@ -99,6 +99,7 @@ export class HttpCogitPushService {
             },
             httpAgent: ProxyConfig.getProxyAgent(),
             httpsAgent: ProxyConfig.getProxyAgent(),
+            proxy: false,
             timeout: this.config.timeout,
         });
         return CogitPushResponse.fromJson(response.data);

package/dist/server/infra/daemon/agent-process.js CHANGED Viewed

@@ -38,6 +38,7 @@ import { QueryExecutor } from '../executor/query-executor.js';
 import { AgentInstanceDiscovery } from '../transport/agent-instance-discovery.js';
 import { createAgentLogger } from './agent-logger.js';
 import { resolveSessionId } from './session-resolver.js';
+import { validateProviderForTask } from './task-validation.js';
 // ============================================================================
 // Environment
 // ============================================================================
@@ -308,17 +309,9 @@ async function executeTask(task, curateExecutor, folderPackExecutor, queryExecut
     if (!transport || !agent)
         return;
     const freshProviderConfig = await transport.requestWithAck(TransportStateEventNames.GET_PROVIDER_CONFIG);
-    if (!freshProviderConfig.activeProvider) {
-        const error = serializeTaskError(new TaskError('No provider connected. Use /provider in the REPL to configure a provider.', TaskErrorCode.PROVIDER_NOT_CONFIGURED));
-        transport.request(TransportTaskEventNames.ERROR, { clientId, error, taskId });
-        return;
-    }
-    if (freshProviderConfig.providerKeyMissing) {
-        const modelInfo = freshProviderConfig.activeModel ? ` (model: ${freshProviderConfig.activeModel})` : '';
-        const credentialType = freshProviderConfig.authMethod === 'oauth' ? 'authentication has expired' : 'API key is missing';
-        const errorMessage = `${freshProviderConfig.activeProvider} ${credentialType}${modelInfo}. Use /provider in the REPL to reconnect.`;
-        const error = serializeTaskError(new TaskError(errorMessage, TaskErrorCode.PROVIDER_NOT_CONFIGURED));
-        transport.request(TransportTaskEventNames.ERROR, { clientId, error, taskId });
+    const validationError = validateProviderForTask(freshProviderConfig);
+    if (validationError) {
+        transport.request(TransportTaskEventNames.ERROR, { clientId, error: validationError, taskId });
         return;
     }
     activeTaskCount++;

package/dist/server/infra/daemon/brv-server.js CHANGED Viewed

@@ -204,7 +204,11 @@ async function main() {
         agentPool = new AgentPool({
             agentIdleTimeoutPolicy,
             agentProcessFactory(projectPath) {
-                return fork(agentProcessPath, [], {
+                // Prevent console window flash on Windows when forking agent processes.
+                // windowsHide is supported at runtime (fork delegates to spawn) but not in ForkOptions types,
+                // so we extract the options to a variable to bypass excess property checking.
+                const e2eStdio = ['ignore', 'inherit', 'inherit', 'ipc'];
+                const forkOptions = {
                     cwd: projectPath,
                     env: {
                         ...process.env,
@@ -212,8 +216,10 @@ async function main() {
                         BRV_AGENT_PROJECT_PATH: projectPath,
                     },
                     // In E2E mode, inherit stderr to see agent errors
-                    stdio: process.env.BRV_E2E_MODE === 'true' ? ['ignore', 'inherit', 'inherit', 'ipc'] : undefined,
-                });
+                    stdio: process.env.BRV_E2E_MODE === 'true' ? e2eStdio : undefined,
+                    windowsHide: true,
+                };
+                return fork(agentProcessPath, [], forkOptions);
             },
             log,
             transportServer,
@@ -353,7 +359,7 @@ async function main() {
         // is returned to the onboarding flow rather than hitting a cryptic API key error mid-task.
         await clearStaleProviderConfig(providerConfigStore, providerKeychainStore, providerOAuthTokenStore);
         // State endpoint: provider config — agents request this on startup and after provider:updated
-        transportServer.onRequest(TransportStateEventNames.GET_PROVIDER_CONFIG, async () => resolveProviderConfig(providerConfigStore, providerKeychainStore, tokenRefreshManager));
+        transportServer.onRequest(TransportStateEventNames.GET_PROVIDER_CONFIG, async () => resolveProviderConfig({ authStateStore, providerConfigStore, providerKeychainStore, tokenRefreshManager }));
         // Feature handlers (auth, init, status, push, pull, etc.) require async OIDC discovery.
         // Placed after daemon:getState so the debug endpoint is available immediately,
         // without waiting for OIDC discovery (~400ms).

package/dist/server/infra/daemon/task-validation.d.ts ADDED Viewed

@@ -0,0 +1,18 @@
+/**
+ * Pre-task Provider Validation
+ *
+ * Pure validation logic extracted from agent-process.ts for testability.
+ * Checks that the provider config is ready for task execution.
+ */
+import type { TaskErrorData } from '../../core/domain/errors/task-error.js';
+import type { ProviderConfigResponse } from '../../core/domain/transport/schemas.js';
+/**
+ * Validate provider config before executing a task.
+ * Returns a TaskErrorData if validation fails, undefined if all checks pass.
+ *
+ * Check order matters — most fundamental issues first:
+ * 1. No provider connected
+ * 2. Provider credential missing (API key or expired OAuth token)
+ * 3. Provider requires authentication (ByteRover auth gate)
+ */
+export declare const validateProviderForTask: (config: ProviderConfigResponse) => TaskErrorData | undefined;

package/dist/server/infra/daemon/task-validation.js ADDED Viewed

@@ -0,0 +1,42 @@
+/**
+ * Pre-task Provider Validation
+ *
+ * Pure validation logic extracted from agent-process.ts for testability.
+ * Checks that the provider config is ready for task execution.
+ */
+import { TaskErrorCode } from '../../core/domain/errors/task-error.js';
+/**
+ * Validate provider config before executing a task.
+ * Returns a TaskErrorData if validation fails, undefined if all checks pass.
+ *
+ * Check order matters — most fundamental issues first:
+ * 1. No provider connected
+ * 2. Provider credential missing (API key or expired OAuth token)
+ * 3. Provider requires authentication (ByteRover auth gate)
+ */
+export const validateProviderForTask = (config) => {
+    if (!config.activeProvider) {
+        return {
+            code: TaskErrorCode.PROVIDER_NOT_CONFIGURED,
+            message: 'No provider connected. Use /provider in the REPL to configure a provider.',
+            name: 'TaskError',
+        };
+    }
+    if (config.providerKeyMissing) {
+        const modelInfo = config.activeModel ? ` (model: ${config.activeModel})` : '';
+        const credentialType = config.authMethod === 'oauth' ? 'authentication has expired' : 'API key is missing';
+        return {
+            code: TaskErrorCode.PROVIDER_NOT_CONFIGURED,
+            message: `${config.activeProvider} ${credentialType}${modelInfo}. Use /provider in the REPL to reconnect.`,
+            name: 'TaskError',
+        };
+    }
+    if (config.loginRequired) {
+        return {
+            code: TaskErrorCode.PROVIDER_NOT_CONFIGURED,
+            message: 'Provider requires authentication. Run /login or brv login to sign in.',
+            name: 'TaskError',
+        };
+    }
+    return undefined;
+};

package/dist/server/infra/http/authenticated-http-client.js CHANGED Viewed

@@ -30,6 +30,7 @@ export class AuthenticatedHttpClient {
                 headers: this.buildHeaders(config?.headers),
                 httpAgent: ProxyConfig.getProxyAgent(),
                 httpsAgent: ProxyConfig.getProxyAgent(),
+                proxy: false,
                 timeout: config?.timeout,
             };
             const response = await axios.get(url, axiosConfig);
@@ -53,6 +54,7 @@ export class AuthenticatedHttpClient {
                 headers: this.buildHeaders(config?.headers),
                 httpAgent: ProxyConfig.getProxyAgent(),
                 httpsAgent: ProxyConfig.getProxyAgent(),
+                proxy: false,
                 timeout: config?.timeout,
             };
             const response = await axios.post(url, data, axiosConfig);
@@ -76,6 +78,7 @@ export class AuthenticatedHttpClient {
                 headers: this.buildHeaders(config?.headers),
                 httpAgent: ProxyConfig.getProxyAgent(),
                 httpsAgent: ProxyConfig.getProxyAgent(),
+                proxy: false,
                 timeout: config?.timeout,
             };
             const response = await axios.put(url, data, axiosConfig);

package/dist/server/infra/http/models-dev-client.js CHANGED Viewed

@@ -60,6 +60,7 @@ export class ModelsDevClient {
         const response = await axios.get(MODELS_DEV_URL, {
             httpAgent: ProxyConfig.getProxyAgent(),
             httpsAgent: ProxyConfig.getProxyAgent(),
+            proxy: false,
             timeout: FETCH_TIMEOUT_MS,
         });
         const { data } = response;

package/dist/server/infra/http/openrouter-api-client.js CHANGED Viewed

@@ -103,6 +103,7 @@ export class OpenRouterApiClient {
             },
             httpAgent: ProxyConfig.getProxyAgent(),
             httpsAgent: ProxyConfig.getProxyAgent(),
+            proxy: false,
             timeout: 30_000,
         });
         return response.data.data.map((model) => this.normalizeModel(model));

package/dist/server/infra/http/provider-model-fetchers.js CHANGED Viewed

@@ -349,6 +349,7 @@ export class OpenAICompatibleModelFetcher {
             headers: { Authorization: `Bearer ${apiKey}` },
             httpAgent: ProxyConfig.getProxyAgent(),
             httpsAgent: ProxyConfig.getProxyAgent(),
+            proxy: false,
             timeout: 30_000,
         });
         // Handle different response formats:
@@ -381,6 +382,7 @@ export class OpenAICompatibleModelFetcher {
                 headers: { Authorization: `Bearer ${apiKey}` },
                 httpAgent: ProxyConfig.getProxyAgent(),
                 httpsAgent: ProxyConfig.getProxyAgent(),
+                proxy: false,
                 timeout: 15_000,
             });
             return { isValid: true };
@@ -438,6 +440,7 @@ export class ChatBasedModelFetcher {
                 },
                 httpAgent: ProxyConfig.getProxyAgent(),
                 httpsAgent: ProxyConfig.getProxyAgent(),
+                proxy: false,
                 timeout: 15_000,
             });
             return { isValid: true };

package/dist/server/infra/hub/hub-install-service.js CHANGED Viewed

@@ -33,6 +33,7 @@ export class HubInstallService {
                 headers,
                 httpAgent: ProxyConfig.getProxyAgent(),
                 httpsAgent: ProxyConfig.getProxyAgent(),
+                proxy: false,
                 responseType: 'text',
                 timeout: 15_000,
             });

package/dist/server/infra/hub/hub-registry-service.js CHANGED Viewed

@@ -72,6 +72,7 @@ export class HubRegistryService {
                 headers,
                 httpAgent: ProxyConfig.getProxyAgent(),
                 httpsAgent: ProxyConfig.getProxyAgent(),
+                proxy: false,
                 timeout: this.timeoutMs,
             });
             const validated = this.parseRegistryResponse(response.data);

package/dist/server/infra/memory/http-memory-storage-service.js CHANGED Viewed

@@ -58,6 +58,7 @@ export class HttpMemoryStorageService {
                 },
                 httpAgent: ProxyConfig.getProxyAgent(),
                 httpsAgent: ProxyConfig.getProxyAgent(),
+                proxy: false,
                 timeout: this.config.timeout,
             });
         }

package/dist/server/infra/process/feature-handlers.js CHANGED Viewed

@@ -59,6 +59,7 @@ export async function setupFeatureHandlers({ authStateStore, broadcastToProject,
         userService,
     }).setup();
     new ProviderHandler({
+        authStateStore,
         browserLauncher: new SystemBrowserLauncher(),
         providerConfigStore,
         providerKeychainStore,

package/dist/server/infra/provider/provider-config-resolver.d.ts CHANGED Viewed

@@ -9,6 +9,7 @@ import type { IProviderConfigStore } from '../../core/interfaces/i-provider-conf
 import type { IProviderKeychainStore } from '../../core/interfaces/i-provider-keychain-store.js';
 import type { IProviderOAuthTokenStore } from '../../core/interfaces/i-provider-oauth-token-store.js';
 import type { ITokenRefreshManager } from '../../core/interfaces/i-token-refresh-manager.js';
+import type { IAuthStateStore } from '../../core/interfaces/state/i-auth-state-store.js';
 import { type ProviderConfigResponse } from '../../core/domain/transport/schemas.js';
 /**
  * Validate provider config integrity at startup.
@@ -29,4 +30,10 @@ export declare function clearStaleProviderConfig(providerConfigStore: IProviderC
  * the API key (keychain → env fallback), and maps provider-specific
  * fields (base URL, headers, location, etc.).
  */
-export declare function resolveProviderConfig(providerConfigStore: IProviderConfigStore, providerKeychainStore: IProviderKeychainStore, tokenRefreshManager?: ITokenRefreshManager): Promise<ProviderConfigResponse>;
+export type ResolveProviderConfigParams = {
+    authStateStore?: IAuthStateStore;
+    providerConfigStore: IProviderConfigStore;
+    providerKeychainStore: IProviderKeychainStore;
+    tokenRefreshManager?: ITokenRefreshManager;
+};
+export declare function resolveProviderConfig(params: ResolveProviderConfigParams): Promise<ProviderConfigResponse>;

package/dist/server/infra/provider/provider-config-resolver.js CHANGED Viewed

@@ -49,9 +49,9 @@ export async function clearStaleProviderConfig(providerConfigStore, providerKeyc
         for (const providerId of staleProviderIds) {
             newConfig = newConfig.withProviderDisconnected(providerId);
         }
-        // withProviderDisconnected() falls back to 'byterover' when the active provider is
-        // removed, which causes the TUI to show 'ready' and skip provider setup. Explicitly
-        // set activeProvider to '' so the user is returned to the provider setup flow.
+        // withProviderDisconnected() already sets activeProvider to '' when the active
+        // provider is removed. This call is a no-op but kept for readability — it makes
+        // the "clear active provider" intent explicit at the call site.
         if (staleProviderIds.includes(config.activeProvider)) {
             newConfig = newConfig.withActiveProvider('');
         }
@@ -67,19 +67,18 @@ export async function clearStaleProviderConfig(providerConfigStore, providerKeyc
         // The user will encounter a provider error when submitting a task instead.
     }
 }
-/**
- * Resolve the active provider's full configuration.
- *
- * Reads the active provider/model from the config store, resolves
- * the API key (keychain → env fallback), and maps provider-specific
- * fields (base URL, headers, location, etc.).
- */
-export async function resolveProviderConfig(providerConfigStore, providerKeychainStore, tokenRefreshManager) {
+export async function resolveProviderConfig(params) {
+    const { authStateStore, providerConfigStore, providerKeychainStore, tokenRefreshManager } = params;
     const config = await providerConfigStore.read();
     const { activeProvider } = config;
     const activeModel = config.getActiveModel(activeProvider);
     const maxInputTokens = config.getActiveModelContextLength(activeProvider);
-    if (!activeProvider || activeProvider === 'byterover') {
+    if (activeProvider === 'byterover') {
+        const authToken = authStateStore?.getToken();
+        const loginRequired = authStateStore ? !authToken || !authToken.isValid() : undefined;
+        return { activeModel, activeProvider, loginRequired: loginRequired ? true : undefined, maxInputTokens };
+    }
+    if (!activeProvider) {
         return { activeModel, activeProvider, maxInputTokens };
     }
     // Resolve API key: keychain first, then environment variable

package/dist/server/infra/provider-oauth/refresh-token-exchange.js CHANGED Viewed

@@ -23,6 +23,7 @@ export async function exchangeRefreshToken(params) {
             },
             httpAgent: ProxyConfig.getProxyAgent(),
             httpsAgent: ProxyConfig.getProxyAgent(),
+            proxy: false,
             timeout: 30_000,
         });
     }

package/dist/server/infra/provider-oauth/token-exchange.js CHANGED Viewed

@@ -28,6 +28,7 @@ export async function exchangeCodeForTokens(params) {
             },
             httpAgent: ProxyConfig.getProxyAgent(),
             httpsAgent: ProxyConfig.getProxyAgent(),
+            proxy: false,
             timeout: 30_000,
         });
     }

package/dist/server/infra/transport/handlers/provider-handler.d.ts CHANGED Viewed

@@ -2,10 +2,12 @@ import type { IProviderConfigStore } from '../../../core/interfaces/i-provider-c
 import type { IProviderKeychainStore } from '../../../core/interfaces/i-provider-keychain-store.js';
 import type { IProviderOAuthTokenStore } from '../../../core/interfaces/i-provider-oauth-token-store.js';
 import type { IBrowserLauncher } from '../../../core/interfaces/services/i-browser-launcher.js';
+import type { IAuthStateStore } from '../../../core/interfaces/state/i-auth-state-store.js';
 import type { ITransportServer } from '../../../core/interfaces/transport/i-transport-server.js';
 import type { PkceParameters, ProviderTokenResponse, TokenExchangeParams } from '../../provider-oauth/index.js';
 import { ProviderCallbackServer } from '../../provider-oauth/index.js';
 export interface ProviderHandlerDeps {
+    authStateStore: IAuthStateStore;
     browserLauncher: IBrowserLauncher;
     /** Factory for creating callback servers (injectable for testing) */
     createCallbackServer?: (options: {
@@ -26,6 +28,7 @@ export interface ProviderHandlerDeps {
  * Business logic for provider management — no terminal/UI calls.
  */
 export declare class ProviderHandler {
+    private readonly authStateStore;
     private readonly browserLauncher;
     private readonly createCallbackServer;
     private readonly exchangeCodeForTokens;
@@ -38,6 +41,7 @@ export declare class ProviderHandler {
     constructor(deps: ProviderHandlerDeps);
     setup(): void;
     private cleanupFlowsForClient;
+    private isByteRoverAuthSatisfied;
     private setupAwaitOAuthCallback;
     private setupCancelOAuth;
     private setupConnect;

package/dist/server/infra/transport/handlers/provider-handler.js CHANGED Viewed

@@ -10,6 +10,7 @@ import { computeExpiresAt, exchangeCodeForTokens as defaultExchangeCodeForTokens
  * Business logic for provider management — no terminal/UI calls.
  */
 export class ProviderHandler {
+    authStateStore;
     browserLauncher;
     createCallbackServer;
     exchangeCodeForTokens;
@@ -20,6 +21,7 @@ export class ProviderHandler {
     providerOAuthTokenStore;
     transport;
     constructor(deps) {
+        this.authStateStore = deps.authStateStore;
         this.browserLauncher = deps.browserLauncher;
         this.createCallbackServer = deps.createCallbackServer ?? ((options) => new ProviderCallbackServer(options));
         this.exchangeCodeForTokens = deps.exchangeCodeForTokens ?? defaultExchangeCodeForTokens;
@@ -53,6 +55,10 @@ export class ProviderHandler {
             }
         }
     }
+    isByteRoverAuthSatisfied() {
+        const token = this.authStateStore.getToken();
+        return token !== undefined && token.isValid();
+    }
     setupAwaitOAuthCallback() {
         this.transport.onRequest(ProviderEvents.AWAIT_OAUTH_CALLBACK, async (data) => {
             const flow = this.oauthFlows.get(data.providerId);
@@ -133,6 +139,9 @@ export class ProviderHandler {
     setupConnect() {
         this.transport.onRequest(ProviderEvents.CONNECT, async (data) => {
             const { apiKey, baseUrl, providerId } = data;
+            if (providerId === 'byterover' && !this.isByteRoverAuthSatisfied()) {
+                return { error: 'ByteRover Provider requires authentication. Run /login or brv login to sign in', success: false };
+            }
             // Store API key if provided (supports optional keys for openai-compatible)
             if (apiKey) {
                 await this.providerKeychainStore.setApiKey(providerId, apiKey);
@@ -161,7 +170,8 @@ export class ProviderHandler {
         this.transport.onRequest(ProviderEvents.GET_ACTIVE, async () => {
             const activeProviderId = await this.providerConfigStore.getActiveProvider();
             const activeModel = await this.providerConfigStore.getActiveModel(activeProviderId);
-            return { activeModel, activeProviderId };
+            const loginRequired = activeProviderId === 'byterover' && !this.isByteRoverAuthSatisfied();
+            return { activeModel, activeProviderId, loginRequired: loginRequired ? true : undefined };
         });
     }
     setupList() {
@@ -198,6 +208,9 @@ export class ProviderHandler {
     }
     setupSetActive() {
         this.transport.onRequest(ProviderEvents.SET_ACTIVE, async (data) => {
+            if (data.providerId === 'byterover' && !this.isByteRoverAuthSatisfied()) {
+                return { error: 'ByteRover Provider requires authentication. Run /login or brv login to sign in', success: false };
+            }
             await this.providerConfigStore.setActiveProvider(data.providerId);
             this.transport.broadcast(TransportDaemonEventNames.PROVIDER_UPDATED, {});
             return { success: true };

package/dist/shared/transport/events/provider-events.d.ts CHANGED Viewed

@@ -21,6 +21,7 @@ export interface ProviderConnectRequest {
     providerId: string;
 }
 export interface ProviderConnectResponse {
+    error?: string;
     success: boolean;
 }
 export interface ProviderDisconnectRequest {
@@ -40,11 +41,14 @@ export interface ProviderValidateApiKeyResponse {
 export interface ProviderGetActiveResponse {
     activeModel?: string;
     activeProviderId: string;
+    /** True when the active provider requires login but the user is not logged in. */
+    loginRequired?: boolean;
 }
 export interface ProviderSetActiveRequest {
     providerId: string;
 }
 export interface ProviderSetActiveResponse {
+    error?: string;
     success: boolean;
 }
 export interface ProviderCancelOAuthRequest {

package/dist/tui/features/onboarding/hooks/use-app-view-mode.d.ts CHANGED Viewed

@@ -5,7 +5,7 @@
  * This is the single source of truth for determining what UI to show.
  */
 /**
- * The 5 valid application view modes as a discriminated union.
+ * The valid application view modes as a discriminated union.
  */
 export type AppViewMode = {
     type: 'config-provider';
@@ -15,13 +15,28 @@ export type AppViewMode = {
     type: 'ready';
 };
 /**
- * Selector that derives the current view mode from stored state.
- * This is the ONLY way to determine what UI to show.
+ * Parameters for the pure view mode derivation function.
+ */
+export type DeriveAppViewModeParams = {
+    activeModel?: string;
+    activeProviderId?: string;
+    isAuthorized: boolean;
+    isLoading: boolean;
+};
+/**
+ * Pure decision logic for determining the app view mode.
+ * Extracted from useAppViewMode for testability.
  *
- * View mode decision tree:
- * 1. Loading auth or onboarding check -> 'loading'
- * 2. New user (hasDismissed) -> 'onboarding'
- * 3. Existing user, no provider config -> provider flow
- * 4. Otherwise -> 'ready'
+ * Decision tree:
+ * 1. Loading → 'loading'
+ * 2. ByteRover + unauthenticated → 'config-provider'
+ * 3. ByteRover + authenticated → 'ready'
+ * 4. Non-byterover + no active model → 'config-provider'
+ * 5. Otherwise → 'ready'
+ */
+export declare function deriveAppViewMode(params: DeriveAppViewModeParams): AppViewMode;
+/**
+ * React hook that derives the current view mode from stored state.
+ * Thin wrapper around deriveAppViewMode — reads from stores, delegates logic.
  */
 export declare function useAppViewMode(): AppViewMode;

package/dist/tui/features/onboarding/hooks/use-app-view-mode.js CHANGED Viewed

@@ -7,30 +7,42 @@
 import { useAuthStore } from '../../auth/stores/auth-store.js';
 import { useGetActiveProviderConfig } from '../../provider/api/get-active-provider-config.js';
 /**
- * Selector that derives the current view mode from stored state.
- * This is the ONLY way to determine what UI to show.
+ * Pure decision logic for determining the app view mode.
+ * Extracted from useAppViewMode for testability.
  *
- * View mode decision tree:
- * 1. Loading auth or onboarding check -> 'loading'
- * 2. New user (hasDismissed) -> 'onboarding'
- * 3. Existing user, no provider config -> provider flow
- * 4. Otherwise -> 'ready'
+ * Decision tree:
+ * 1. Loading → 'loading'
+ * 2. ByteRover + unauthenticated → 'config-provider'
+ * 3. ByteRover + authenticated → 'ready'
+ * 4. Non-byterover + no active model → 'config-provider'
+ * 5. Otherwise → 'ready'
  */
-export function useAppViewMode() {
-    const { isLoadingInitial: isLoadingAuth } = useAuthStore();
-    const { data: activeData, isLoading: isLoadingActive } = useGetActiveProviderConfig();
-    // Still loading auth or active provider check
-    if (isLoadingAuth || isLoadingActive) {
+export function deriveAppViewMode(params) {
+    if (params.isLoading) {
         return { type: 'loading' };
     }
-    // ByteRover is the default provider and doesn't require model config
-    if (activeData?.activeProviderId === 'byterover') {
+    if (params.activeProviderId === 'byterover' && !params.isAuthorized) {
+        return { type: 'config-provider' };
+    }
+    if (params.activeProviderId === 'byterover') {
         return { type: 'ready' };
     }
-    // No active model configured for non-byterover provider — need provider setup
-    if (!activeData?.activeModel) {
+    if (!params.activeModel) {
         return { type: 'config-provider' };
     }
-    // Normal app state
     return { type: 'ready' };
 }
+/**
+ * React hook that derives the current view mode from stored state.
+ * Thin wrapper around deriveAppViewMode — reads from stores, delegates logic.
+ */
+export function useAppViewMode() {
+    const { isAuthorized, isLoadingInitial: isLoadingAuth } = useAuthStore();
+    const { data: activeData, isLoading: isLoadingActive } = useGetActiveProviderConfig();
+    return deriveAppViewMode({
+        activeModel: activeData?.activeModel,
+        activeProviderId: activeData?.activeProviderId,
+        isAuthorized,
+        isLoading: isLoadingAuth || isLoadingActive,
+    });
+}

package/dist/tui/features/provider/components/provider-flow.d.ts CHANGED Viewed

@@ -2,7 +2,7 @@
  * ProviderFlow Component
  *
  * Multi-step React flow for the /providers command.
- * State machine: loading → select → provider_actions → api_key → connecting → done
+ * State machine: loading → select → login_prompt → login → provider_actions → api_key → connecting → done
  *
  * Owns the UX flow — fetches providers, renders selection,
  * handles API key input, and calls connect/setActive mutations.

package/dist/tui/features/provider/components/provider-flow.js CHANGED Viewed

@@ -3,7 +3,7 @@ import { jsx as _jsx, jsxs as _jsxs } from "react/jsx-runtime";
  * ProviderFlow Component
  *
  * Multi-step React flow for the /providers command.
- * State machine: loading → select → provider_actions → api_key → connecting → done
+ * State machine: loading → select → login_prompt → login → provider_actions → api_key → connecting → done
  *
  * Owns the UX flow — fetches providers, renders selection,
  * handles API key input, and calls connect/setActive mutations.
@@ -11,9 +11,12 @@ import { jsx as _jsx, jsxs as _jsxs } from "react/jsx-runtime";
  */
 import { Box, Text } from 'ink';
 import { useCallback, useEffect, useMemo, useState } from 'react';
+import { InlineConfirm } from '../../../components/inline-prompts/inline-confirm.js';
 import { SelectableList } from '../../../components/selectable-list.js';
 import { useTheme } from '../../../hooks/index.js';
 import { formatTransportError } from '../../../utils/index.js';
+import { LoginFlow } from '../../auth/components/login-flow.js';
+import { useAuthStore } from '../../auth/stores/auth-store.js';
 import { useConnectProvider } from '../api/connect-provider.js';
 import { useDisconnectProvider } from '../api/disconnect-provider.js';
 import { useGetProviders } from '../api/get-providers.js';
@@ -36,6 +39,7 @@ export const ProviderFlow = ({ hideCancelButton = false, isActive = true, onCanc
     const disconnectMutation = useDisconnectProvider();
     const setActiveMutation = useSetActiveProvider();
     const validateMutation = useValidateApiKey();
+    const isAuthorized = useAuthStore((s) => s.isAuthorized);
     const providers = data?.providers ?? [];
     // Exit gracefully when providers query fails — don't leave user stuck
     useEffect(() => {
@@ -98,6 +102,11 @@ export const ProviderFlow = ({ hideCancelButton = false, isActive = true, onCanc
     const handleSelect = useCallback(async (provider) => {
         setSelectedProvider(provider);
         setError(null);
+        // ByteRover requires authentication
+        if (provider.id === 'byterover' && !isAuthorized) {
+            setStep('login_prompt');
+            return;
+        }
         // ByteRover + already active → complete
         if (provider.id === 'byterover' && provider.isCurrent) {
             onComplete(`Connected to ${provider.name}`);
@@ -108,11 +117,12 @@ export const ProviderFlow = ({ hideCancelButton = false, isActive = true, onCanc
             setStep('provider_actions');
             return;
         }
-        // ByteRover + not connected → connect directly, no model select
+        // ByteRover + not connected → connect + activate directly, no model select
         if (provider.id === 'byterover') {
             setStep('connecting');
             try {
                 await connectMutation.mutateAsync({ providerId: provider.id });
+                await setActiveMutation.mutateAsync({ providerId: provider.id });
                 onComplete(`Connected to ${provider.name}`);
             }
             catch (error_) {
@@ -146,12 +156,16 @@ export const ProviderFlow = ({ hideCancelButton = false, isActive = true, onCanc
             setError(formatTransportError(error_));
             setStep('select');
         }
-    }, [connectMutation, onComplete]);
+    }, [connectMutation, isAuthorized, onComplete, setActiveMutation]);
     const handleAction = useCallback(async (action) => {
         if (!selectedProvider)
             return;
         switch (action.id) {
             case 'activate': {
+                if (selectedProvider.id === 'byterover' && !isAuthorized) {
+                    setStep('login_prompt');
+                    return;
+                }
                 setStep('connecting');
                 try {
                     await setActiveMutation.mutateAsync({ providerId: selectedProvider.id });
@@ -199,7 +213,14 @@ export const ProviderFlow = ({ hideCancelButton = false, isActive = true, onCanc
                 break;
             }
         }
-    }, [disconnectMutation, onComplete, selectedProvider, setActiveMutation]);
+    }, [disconnectMutation, isAuthorized, onComplete, selectedProvider, setActiveMutation]);
+    const handleLoginComplete = useCallback((message) => {
+        const nowAuthorized = useAuthStore.getState().isAuthorized;
+        if (!nowAuthorized) {
+            setError(message);
+        }
+        setStep('select');
+    }, []);
     const handleBaseUrlSubmit = useCallback((url) => {
         setBaseUrl(url);
         setStep('api_key');
@@ -285,6 +306,20 @@ export const ProviderFlow = ({ hideCancelButton = false, isActive = true, onCanc
         case 'connecting': {
             return (_jsx(Box, { children: _jsxs(Text, { color: colors.primary, children: ["Connecting to ", selectedProvider?.name, "..."] }) }));
         }
+        case 'login': {
+            return (_jsx(LoginFlow, { onCancel: () => { }, onComplete: handleLoginComplete }));
+        }
+        case 'login_prompt': {
+            return (_jsx(InlineConfirm, { default: true, message: "ByteRover requires authentication. Sign in now", onConfirm: (confirmed) => {
+                    if (confirmed) {
+                        setStep('login');
+                    }
+                    else {
+                        setStep('select');
+                        setSelectedProvider(null);
+                    }
+                } }));
+        }
         case 'model_select': {
             return selectedProvider ? (_jsx(ModelSelectStep, { isActive: isActive, onCancel: () => setStep('select'), onComplete: (modelName) => onComplete(`Connected to ${selectedProvider.name}, model set to ${modelName}`), providerId: selectedProvider.id, providerName: selectedProvider.name })) : null;
         }

package/oclif.manifest.json CHANGED Viewed

@@ -1083,6 +1083,104 @@
         "switch.js"
       ]
     },
+    "space:list": {
+      "aliases": [],
+      "args": {},
+      "description": "List all teams and spaces",
+      "examples": [
+        "<%= config.bin %> space list",
+        "<%= config.bin %> space list --format json"
+      ],
+      "flags": {
+        "format": {
+          "char": "f",
+          "description": "Output format",
+          "name": "format",
+          "default": "text",
+          "hasDynamicHelp": false,
+          "multiple": false,
+          "options": [
+            "text",
+            "json"
+          ],
+          "type": "option"
+        }
+      },
+      "hasDynamicHelp": false,
+      "hiddenAliases": [],
+      "id": "space:list",
+      "pluginAlias": "byterover-cli",
+      "pluginName": "byterover-cli",
+      "pluginType": "core",
+      "strict": true,
+      "enableJsonFlag": false,
+      "isESM": true,
+      "relativePath": [
+        "dist",
+        "oclif",
+        "commands",
+        "space",
+        "list.js"
+      ]
+    },
+    "space:switch": {
+      "aliases": [],
+      "args": {},
+      "description": "Switch to a different space",
+      "examples": [
+        "<%= config.bin %> space switch --team acme --name my-space",
+        "<%= config.bin %> space switch --team acme --name my-space --format json"
+      ],
+      "flags": {
+        "format": {
+          "char": "f",
+          "description": "Output format",
+          "name": "format",
+          "default": "text",
+          "hasDynamicHelp": false,
+          "multiple": false,
+          "options": [
+            "text",
+            "json"
+          ],
+          "type": "option"
+        },
+        "name": {
+          "char": "n",
+          "description": "Name of the space to switch to",
+          "name": "name",
+          "required": true,
+          "hasDynamicHelp": false,
+          "multiple": false,
+          "type": "option"
+        },
+        "team": {
+          "char": "t",
+          "description": "Team name",
+          "name": "team",
+          "required": true,
+          "hasDynamicHelp": false,
+          "multiple": false,
+          "type": "option"
+        }
+      },
+      "hasDynamicHelp": false,
+      "hiddenAliases": [],
+      "id": "space:switch",
+      "pluginAlias": "byterover-cli",
+      "pluginName": "byterover-cli",
+      "pluginType": "core",
+      "strict": true,
+      "enableJsonFlag": false,
+      "isESM": true,
+      "relativePath": [
+        "dist",
+        "oclif",
+        "commands",
+        "space",
+        "switch.js"
+      ]
+    },
     "providers:connect": {
       "aliases": [],
       "args": {
@@ -1339,104 +1437,6 @@
         "switch.js"
       ]
     },
-    "space:list": {
-      "aliases": [],
-      "args": {},
-      "description": "List all teams and spaces",
-      "examples": [
-        "<%= config.bin %> space list",
-        "<%= config.bin %> space list --format json"
-      ],
-      "flags": {
-        "format": {
-          "char": "f",
-          "description": "Output format",
-          "name": "format",
-          "default": "text",
-          "hasDynamicHelp": false,
-          "multiple": false,
-          "options": [
-            "text",
-            "json"
-          ],
-          "type": "option"
-        }
-      },
-      "hasDynamicHelp": false,
-      "hiddenAliases": [],
-      "id": "space:list",
-      "pluginAlias": "byterover-cli",
-      "pluginName": "byterover-cli",
-      "pluginType": "core",
-      "strict": true,
-      "enableJsonFlag": false,
-      "isESM": true,
-      "relativePath": [
-        "dist",
-        "oclif",
-        "commands",
-        "space",
-        "list.js"
-      ]
-    },
-    "space:switch": {
-      "aliases": [],
-      "args": {},
-      "description": "Switch to a different space",
-      "examples": [
-        "<%= config.bin %> space switch --team acme --name my-space",
-        "<%= config.bin %> space switch --team acme --name my-space --format json"
-      ],
-      "flags": {
-        "format": {
-          "char": "f",
-          "description": "Output format",
-          "name": "format",
-          "default": "text",
-          "hasDynamicHelp": false,
-          "multiple": false,
-          "options": [
-            "text",
-            "json"
-          ],
-          "type": "option"
-        },
-        "name": {
-          "char": "n",
-          "description": "Name of the space to switch to",
-          "name": "name",
-          "required": true,
-          "hasDynamicHelp": false,
-          "multiple": false,
-          "type": "option"
-        },
-        "team": {
-          "char": "t",
-          "description": "Team name",
-          "name": "team",
-          "required": true,
-          "hasDynamicHelp": false,
-          "multiple": false,
-          "type": "option"
-        }
-      },
-      "hasDynamicHelp": false,
-      "hiddenAliases": [],
-      "id": "space:switch",
-      "pluginAlias": "byterover-cli",
-      "pluginName": "byterover-cli",
-      "pluginType": "core",
-      "strict": true,
-      "enableJsonFlag": false,
-      "isESM": true,
-      "relativePath": [
-        "dist",
-        "oclif",
-        "commands",
-        "space",
-        "switch.js"
-      ]
-    },
     "hub:registry:add": {
       "aliases": [],
       "args": {
@@ -1636,5 +1636,5 @@
       ]
     }
   },
-  "version": "2.4.0"
+  "version": "2.5.0"
 }

package/package.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "name": "byterover-cli",
   "description": "ByteRover's CLI",
-  "version": "2.4.0",
+  "version": "2.5.0",
   "author": "ByteRover",
   "bin": {
     "brv": "./bin/run.js"