umbrella-context 0.1.34 → 0.1.36

package/dist/adapters/umbrella-auth-runtime.d.ts

@@ -0,0 +1,5 @@
+import { type UmbrellaAuthSnapshot } from "../auth-state.js";
+export declare function getStoredUmbrellaAuthSnapshot(): UmbrellaAuthSnapshot;
+export declare function setUmbrellaAuthChecking(serverUrl: string, email?: string | null): UmbrellaAuthSnapshot;
+export declare function setUmbrellaAuthAuthorized(serverUrl: string, email: string | null, companiesVisible: number): UmbrellaAuthSnapshot;
+export declare function setUmbrellaAuthFailure(serverUrl: string, error: unknown, email?: string | null): UmbrellaAuthSnapshot;

package/dist/adapters/umbrella-auth-runtime.js

@@ -0,0 +1,116 @@
+import { configManager } from "../config.js";
+import { createDefaultUmbrellaAuthSnapshot, } from "../auth-state.js";
+import { UmbrellaRequestError } from "../umbrella.js";
+function nowIso() {
+    return new Date().toISOString();
+}
+function pathnameFor(url) {
+    try {
+        return new URL(url).pathname;
+    }
+    catch {
+        return url;
+    }
+}
+export function getStoredUmbrellaAuthSnapshot() {
+    return configManager.authSnapshot ?? createDefaultUmbrellaAuthSnapshot();
+}
+export function setUmbrellaAuthChecking(serverUrl, email) {
+    const snapshot = {
+        checkedAt: nowIso(),
+        companiesVisible: null,
+        email: email?.trim() || null,
+        hint: "Checking the live Umbrella sign-in flow.",
+        message: "Trying to sign in and validate company access.",
+        serverUrl,
+        status: "checking",
+    };
+    configManager.setAuthSnapshot(snapshot);
+    return snapshot;
+}
+export function setUmbrellaAuthAuthorized(serverUrl, email, companiesVisible) {
+    const snapshot = {
+        checkedAt: nowIso(),
+        companiesVisible,
+        email: email?.trim() || null,
+        hint: companiesVisible > 0
+            ? "This account can see companies and should be able to continue setup."
+            : "This account signed in, but no companies are visible yet.",
+        message: companiesVisible > 0
+            ? `Signed in successfully and loaded ${companiesVisible} compan${companiesVisible === 1 ? "y" : "ies"}.`
+            : "Signed in successfully, but this account does not currently see any companies.",
+        serverUrl,
+        status: "authorized",
+    };
+    configManager.setAuthSnapshot(snapshot);
+    return snapshot;
+}
+export function setUmbrellaAuthFailure(serverUrl, error, email) {
+    let snapshot;
+    if (error instanceof UmbrellaRequestError) {
+        const path = pathnameFor(error.url);
+        if (error.status === 401 && error.code === "INVALID_EMAIL_OR_PASSWORD") {
+            snapshot = {
+                checkedAt: nowIso(),
+                companiesVisible: null,
+                email: email?.trim() || null,
+                hint: "Double-check the email address and password on that other computer.",
+                message: "Umbrella rejected the email or password.",
+                serverUrl,
+                status: "unauthorized",
+            };
+            configManager.setAuthSnapshot(snapshot);
+            return snapshot;
+        }
+        if (error.status === 401 && path.endsWith("/api/auth/get-session")) {
+            snapshot = {
+                checkedAt: nowIso(),
+                companiesVisible: null,
+                email: email?.trim() || null,
+                hint: "The live app accepted the sign-in request, but it did not turn into a usable board session afterward.",
+                message: "The session was not established after sign-in.",
+                serverUrl,
+                status: "session_error",
+            };
+            configManager.setAuthSnapshot(snapshot);
+            return snapshot;
+        }
+        if (error.status === 403 && path.endsWith("/api/companies")) {
+            snapshot = {
+                checkedAt: nowIso(),
+                companiesVisible: null,
+                email: email?.trim() || null,
+                hint: "This usually means the account exists, but it still needs board ownership or company membership on the live Umbrella server.",
+                message: "Signed in reached Umbrella, but company access was blocked.",
+                serverUrl,
+                status: "forbidden",
+            };
+            configManager.setAuthSnapshot(snapshot);
+            return snapshot;
+        }
+        if (error.status === 403 && path.includes("/learning")) {
+            snapshot = {
+                checkedAt: nowIso(),
+                companiesVisible: null,
+                email: email?.trim() || null,
+                hint: "The account can reach Umbrella, but it is blocked from this company's Context area.",
+                message: "Company Context access was blocked.",
+                serverUrl,
+                status: "forbidden",
+            };
+            configManager.setAuthSnapshot(snapshot);
+            return snapshot;
+        }
+    }
+    snapshot = {
+        checkedAt: nowIso(),
+        companiesVisible: null,
+        email: email?.trim() || null,
+        hint: "Check the server URL and the live Umbrella deployment state.",
+        message: error instanceof Error ? error.message : "Unexpected auth failure",
+        serverUrl,
+        status: "session_error",
+    };
+    configManager.setAuthSnapshot(snapshot);
+    return snapshot;
+}

package/dist/auth-state.d.ts

@@ -0,0 +1,12 @@
+export type UmbrellaAuthStatus = "not_initialized" | "checking" | "unauthorized" | "authorized" | "forbidden" | "session_error";
+export interface UmbrellaAuthSnapshot {
+    checkedAt: string;
+    companiesVisible: number | null;
+    email: string | null;
+    hint: string | null;
+    message: string | null;
+    serverUrl: string | null;
+    status: UmbrellaAuthStatus;
+}
+export declare function createDefaultUmbrellaAuthSnapshot(): UmbrellaAuthSnapshot;
+export declare function formatUmbrellaAuthStatus(status: UmbrellaAuthStatus): "Checking" | "Unauthorized" | "Authorized" | "Access Blocked" | "Session Problem" | "Not initialized";

package/dist/auth-state.js

@@ -0,0 +1,27 @@
+export function createDefaultUmbrellaAuthSnapshot() {
+    return {
+        checkedAt: new Date(0).toISOString(),
+        companiesVisible: null,
+        email: null,
+        hint: null,
+        message: null,
+        serverUrl: null,
+        status: "not_initialized",
+    };
+}
+export function formatUmbrellaAuthStatus(status) {
+    switch (status) {
+        case "checking":
+            return "Checking";
+        case "unauthorized":
+            return "Unauthorized";
+        case "authorized":
+            return "Authorized";
+        case "forbidden":
+            return "Access Blocked";
+        case "session_error":
+            return "Session Problem";
+        default:
+            return "Not initialized";
+    }
+}

package/dist/commands/setup.js

@@ -1,6 +1,9 @@
 import chalk from "chalk";
 import prompts from "prompts";
+import { formatUmbrellaAuthStatus } from "../auth-state.js";
 import { configManager } from "../config.js";
+import { UmbrellaRequestError } from "../umbrella.js";
+import { setUmbrellaAuthAuthorized, setUmbrellaAuthChecking, setUmbrellaAuthFailure, } from "../adapters/umbrella-auth-runtime.js";
 import { checkUmbrellaOnboardingServer, connectUmbrellaDevice, createUmbrellaOnboardingCompany, createUmbrellaOnboardingSpace, loadUmbrellaOnboardingSpaces, normalizeUmbrellaServerUrl, signInUmbrellaOnboarding, } from "../adapters/umbrella-onboarding.js";
 const DEFAULT_UMBRELLA_SERVER_URL = "http://5.161.55.138:3100";
 function isLocalOnlyServerUrl(value) {
@@ -22,6 +25,35 @@ function printConnected(setup) {
     console.log(chalk.gray("   umbrella-context curate \"We learned that...\""));
     console.log(chalk.gray("   umbrella-context mcp"));
 }
+function describeSetupFailure(error) {
+    if (!(error instanceof UmbrellaRequestError)) {
+        return error instanceof Error ? error.message : "Unexpected setup failure";
+    }
+    const path = (() => {
+        try {
+            return new URL(error.url).pathname;
+        }
+        catch {
+            return error.url;
+        }
+    })();
+    if (error.status === 401 && error.code === "INVALID_EMAIL_OR_PASSWORD") {
+        return "Umbrella rejected that email or password. Double-check both and try again.";
+    }
+    if (error.status === 401 && path.endsWith("/api/auth/get-session")) {
+        return "Umbrella accepted the sign-in request, but no board session was established afterward. This usually means the live auth cookie is not being created the way the CLI expects.";
+    }
+    if (error.status === 403 && path.endsWith("/api/companies")) {
+        return "This account reached Umbrella, but it is not allowed to load companies yet. Usually that means the account is signed in but does not have board ownership or company access on the live server.";
+    }
+    if (error.status === 403 && path.includes("/learning")) {
+        return "This account can reach Umbrella, but it is blocked from that company's Context area. Usually that means the account is not attached to that company yet.";
+    }
+    if (error.status === 403) {
+        return `Umbrella refused this request with 403 Forbidden while calling ${path}. Usually that means this account is authenticated but does not have permission for that step yet.`;
+    }
+    return error.message;
+}
 async function chooseCompany(serverUrl, companies, cookie, initialCompanyId) {
     if (initialCompanyId) {
         const matched = companies.find((company) => company.id === initialCompanyId);
@@ -122,6 +154,7 @@ export function setupCommand(cli) {
         try {
             let cookie = null;
             let companies = [];
+            setUmbrellaAuthChecking(serverUrl);
             const serverCheck = await checkUmbrellaOnboardingServer(serverUrl);
             if (serverCheck.deploymentMode === "authenticated") {
                 const emailPrompt = await prompts({
@@ -143,8 +176,16 @@ export function setupCommand(cli) {
                 const signIn = await signInUmbrellaOnboarding(serverUrl, email, password);
                 cookie = signIn.cookie;
                 companies = signIn.companies;
+                const authSnapshot = setUmbrellaAuthAuthorized(serverUrl, email, companies.length);
+                console.log(chalk.gray(` Auth state: ${formatUmbrellaAuthStatus(authSnapshot.status)}`));
+                if (companies.length === 0) {
+                    console.log(chalk.yellow("\n Signed in, but this account does not currently see any companies. That usually means the account exists but has not been given board access or company membership yet."));
+                    console.log(chalk.yellow(" If this should be your main Umbrella account, it may still need the board-claim/admin step on the live server."));
+                }
             }
             else {
+                const authSnapshot = setUmbrellaAuthAuthorized(serverUrl, null, serverCheck.companies.length);
+                console.log(chalk.gray(` Auth state: ${formatUmbrellaAuthStatus(authSnapshot.status)}`));
                 console.log(chalk.gray(" Local trusted mode detected. Using the local board access path."));
                 companies = serverCheck.companies;
             }
@@ -167,7 +208,12 @@ export function setupCommand(cli) {
                 console.log(chalk.yellow("\n Hint: 127.0.0.1 points to this same computer only."));
                 console.log(chalk.yellow(" If Umbrella is running on another machine or server, re-run setup and enter that machine's real URL or IP."));
             }
-            console.log(chalk.red(`\n Error: ${err.message}`));
+            const authSnapshot = setUmbrellaAuthFailure(serverUrl, err, options.email?.trim() || null);
+            console.log(chalk.red(` Auth state: ${formatUmbrellaAuthStatus(authSnapshot.status)}`));
+            if (authSnapshot.hint) {
+                console.log(chalk.yellow(` Hint: ${authSnapshot.hint}`));
+            }
+            console.log(chalk.red(`\n Error: ${describeSetupFailure(err)}`));
         }
     });
 }

package/dist/commands/status.d.ts

@@ -1,4 +1,6 @@
+import { type UmbrellaAuthSnapshot } from "../auth-state.js";
 export type StatusSnapshot = {
+    authSnapshot: UmbrellaAuthSnapshot;
     companyName: string;
     spaceName: string;
     umbrellaUrl: string | null;

package/dist/commands/status.js

@@ -1,6 +1,8 @@
 import chalk from "chalk";
 import { promises as fs } from "fs";
 import path from "path";
+import { formatUmbrellaAuthStatus } from "../auth-state.js";
+import { getStoredUmbrellaAuthSnapshot } from "../adapters/umbrella-auth-runtime.js";
 import { configManager } from "../config.js";
 import { getConnectorRuns, getContextTreeState, getInstalledConnectors, getInstalledHubEntries, getPendingMemories, getPulledFixes, getPulledMemories, getRepoContext, ensureSessionState, getTransportState, } from "../repo-state.js";
 export async function getStatusSnapshot() {
@@ -44,6 +46,7 @@ export async function getStatusSnapshot() {
     if (hubEntries.length === 0)
         nextSteps.push('Browse reusable bundles with "umbrella-context hub list".');
     return {
+        authSnapshot: getStoredUmbrellaAuthSnapshot(),
         companyName: config.companyName,
         spaceName: config.projectName,
         umbrellaUrl: config.umbrellaUrl ?? null,
@@ -84,6 +87,15 @@ export async function statusCommandAction() {
         return;
     }
     console.log(chalk.bold("\n Umbrella Context Status\n"));
+    console.log(chalk.cyan(" Auth"));
+    console.log(`  State: ${formatUmbrellaAuthStatus(snapshot.authSnapshot.status)}`);
+    console.log(`  Checked At: ${snapshot.authSnapshot.checkedAt === new Date(0).toISOString() ? "Never" : snapshot.authSnapshot.checkedAt}`);
+    console.log(`  Auth Server: ${snapshot.authSnapshot.serverUrl ?? "Not checked yet"}`);
+    console.log(`  Email: ${snapshot.authSnapshot.email ?? "Not saved"}`);
+    console.log(`  Companies Visible: ${snapshot.authSnapshot.companiesVisible === null ? "Unknown" : String(snapshot.authSnapshot.companiesVisible)}`);
+    console.log(`  Auth Message: ${snapshot.authSnapshot.message ?? "No auth check has been saved yet"}`);
+    console.log(`  Auth Hint: ${snapshot.authSnapshot.hint ?? "No auth hint recorded yet"}`);
+    console.log("");
     console.log(chalk.cyan(" Connection"));
     console.log(`  Company: ${snapshot.companyName}`);
     console.log(`  Space: ${snapshot.spaceName}`);

package/dist/commands/tui.js

@@ -4,11 +4,13 @@ import { Box, render, Text, useApp, useInput } from "ink";
 import TextInput from "ink-text-input";
 import Spinner from "ink-spinner";
 import chalk from "chalk";
+import { formatUmbrellaAuthStatus } from "../auth-state.js";
 import { getUmbrellaContextRuntimeSummary, useUmbrellaContextRuntimeBridgeStore, hydrateUmbrellaContextRuntimeBridgeFromSnapshot, } from "../adapters/byterover-context-runtime-store.js";
 import { getUmbrellaTransportTaskBridgeSummary, useUmbrellaTransportTaskBridgeStore, hydrateUmbrellaTransportTaskBridgeFromSnapshot, } from "../adapters/byterover-transport-task-store.js";
 import { buildVendorRuntimeBridgeSnapshot, } from "../adapters/byterover-runtime-bridge.js";
 import { addPendingMemory, completeTask, createTask, ensureRepoContext, getContextTreeState, ensureSessionState, getConnectorRuns, getInstalledConnectors, getInstalledHubEntries, getPendingMemories, getPulledFixes, getPulledMemories, getRepoContext, getSessionState, getTasks, getTransportState, recordSessionEvent, setSessionPanel, summarizeLocalMemoryMatches, } from "../repo-state.js";
 import { configManager } from "../config.js";
+import { getStoredUmbrellaAuthSnapshot, setUmbrellaAuthAuthorized, setUmbrellaAuthChecking, setUmbrellaAuthFailure, } from "../adapters/umbrella-auth-runtime.js";
 import { checkUmbrellaOnboardingServer, connectUmbrellaDevice, createUmbrellaOnboardingCompany, createUmbrellaOnboardingSpace, loadUmbrellaOnboardingSpaces, signInUmbrellaOnboarding, } from "../adapters/umbrella-onboarding.js";
 import { buildProviderDraftValue, connectSavedProviderFromDraft, createEmptyProviderConnectDraft, UMBRELLA_PROVIDER_CHOICES, updateProviderDraftValue, } from "../adapters/umbrella-provider-runtime.js";
 import { connectorsCommandAction, listConnectorTemplates } from "./connectors.js";
@@ -200,8 +202,8 @@ function PanelShell({ activePanel, children, footer, message, selectedPanelIndex
                         }) }), _jsx(Box, { flexDirection: "column", flexGrow: 1, borderStyle: "round", paddingX: 1, paddingY: 1, children: children })] }), _jsxs(Box, { marginTop: 1, flexDirection: "column", children: [message ? _jsx(Text, { color: "green", children: message }) : null, _jsx(Text, { color: "gray", children: footer })] })] }));
 }
 function SetupView(props) {
-    const { busyLabel, companies, config, inputValue, message, onInputChange, selectedCompanyIndex, selectedSpaceIndex, serverUrl, spaces, step, } = props;
-    return (_jsxs(Box, { flexDirection: "column", children: [_jsx(Text, { bold: true, children: config ? "Connected Device" : "Connect This Device" }), _jsx(Text, { color: "gray", children: "Sign into Umbrella, choose a company, then choose the team space for this repo." }), _jsxs(Box, { marginTop: 1, flexDirection: "column", children: [_jsx(StatusLine, { label: "Server", value: serverUrl || "Not set" }), _jsx(StatusLine, { label: "Step", value: step }), config ? _jsx(StatusLine, { label: "Current link", value: `${config.companyName} / ${config.projectName}` }) : null] }), busyLabel ? (_jsx(Box, { marginTop: 1, children: _jsxs(Text, { color: "cyan", children: [_jsx(Spinner, { type: "dots" }), " ", busyLabel] }) })) : null, message ? (_jsx(Box, { marginTop: 1, children: _jsx(Text, { color: "green", children: message }) })) : null, (step === "server" || step === "email" || step === "password" || step === "company-create" || step === "space-create") ? (_jsxs(Box, { marginTop: 1, flexDirection: "column", children: [_jsx(Text, { color: "yellow", children: step === "server" ? "Server URL" :
+    const { busyLabel, companies, config, authSnapshot, inputValue, message, onInputChange, selectedCompanyIndex, selectedSpaceIndex, serverUrl, spaces, step, } = props;
+    return (_jsxs(Box, { flexDirection: "column", children: [_jsx(Text, { bold: true, children: config ? "Connected Device" : "Connect This Device" }), _jsx(Text, { color: "gray", children: "Sign into Umbrella, choose a company, then choose the team space for this repo." }), _jsxs(Box, { marginTop: 1, flexDirection: "column", children: [_jsx(StatusLine, { label: "Server", value: serverUrl || "Not set" }), _jsx(StatusLine, { label: "Step", value: step }), _jsx(StatusLine, { label: "Auth state", value: formatUmbrellaAuthStatus(authSnapshot.status) }), _jsx(StatusLine, { label: "Auth message", value: authSnapshot.message ?? "No auth check yet" }), _jsx(StatusLine, { label: "Auth hint", value: authSnapshot.hint ?? "No auth hint yet" }), config ? _jsx(StatusLine, { label: "Current link", value: `${config.companyName} / ${config.projectName}` }) : null] }), busyLabel ? (_jsx(Box, { marginTop: 1, children: _jsxs(Text, { color: "cyan", children: [_jsx(Spinner, { type: "dots" }), " ", busyLabel] }) })) : null, message ? (_jsx(Box, { marginTop: 1, children: _jsx(Text, { color: "green", children: message }) })) : null, (step === "server" || step === "email" || step === "password" || step === "company-create" || step === "space-create") ? (_jsxs(Box, { marginTop: 1, flexDirection: "column", children: [_jsx(Text, { color: "yellow", children: step === "server" ? "Server URL" :
                             step === "email" ? "Umbrella email" :
                                 step === "password" ? "Umbrella password" :
                                     step === "company-create" ? "New company name" :
@@ -224,6 +226,7 @@ function App() {
     const [setupStep, setSetupStep] = useState(configManager.config ? "done" : "server");
     const [serverUrl, setServerUrl] = useState(configManager.config?.umbrellaUrl ?? configManager.config?.serverUrl ?? "http://127.0.0.1:3100");
     const [setupEmail, setSetupEmail] = useState("");
+    const [authSnapshot, setAuthSnapshot] = useState(getStoredUmbrellaAuthSnapshot());
     const [setupCookie, setSetupCookie] = useState(null);
     const [companies, setCompanies] = useState([]);
     const [selectedCompanyIndex, setSelectedCompanyIndex] = useState(0);
@@ -254,6 +257,7 @@ function App() {
             if (configManager.config) {
                 await ensureRepoContext(configManager.config);
             }
+            setAuthSnapshot(getStoredUmbrellaAuthSnapshot());
             const vendorSnapshot = await buildVendorRuntimeBridgeSnapshot();
             hydrateUmbrellaTransportTaskBridgeFromSnapshot(vendorSnapshot);
             hydrateUmbrellaContextRuntimeBridgeFromSnapshot(vendorSnapshot);
@@ -499,18 +503,24 @@ function App() {
             setInputValue("");
             setBusyLabel("Checking Umbrella server...");
             try {
+                setAuthSnapshot(setUmbrellaAuthChecking(nextServer, setupEmail || null));
                 const serverCheck = await checkUmbrellaOnboardingServer(nextServer);
                 if (serverCheck.deploymentMode === "authenticated") {
                     setSetupStep("email");
+                    setMessage("Umbrella is reachable. Enter the email for the account you want to use on this device.");
                 }
                 else {
+                    setAuthSnapshot(setUmbrellaAuthAuthorized(nextServer, null, serverCheck.companies.length));
                     setCompanies(serverCheck.companies);
                     setSelectedCompanyIndex(0);
                     setSetupStep("company");
+                    setMessage("Umbrella is reachable and trusted mode is active. Choose a company next.");
                 }
             }
             catch (error) {
-                setMessage(`Could not reach Umbrella: ${error.message}`);
+                const snapshot = setUmbrellaAuthFailure(nextServer, error, setupEmail || null);
+                setAuthSnapshot(snapshot);
+                setMessage(`Could not reach Umbrella: ${snapshot.message}${snapshot.hint ? ` ${snapshot.hint}` : ""}`);
             }
             finally {
                 setBusyLabel(null);
@@ -527,14 +537,21 @@ function App() {
             setInputValue("");
             setBusyLabel("Signing into Umbrella...");
             try {
+                setAuthSnapshot(setUmbrellaAuthChecking(serverUrl, setupEmail));
                 const signIn = await signInUmbrellaOnboarding(serverUrl, setupEmail, nextValue);
                 setSetupCookie(signIn.cookie);
                 setCompanies(signIn.companies);
                 setSelectedCompanyIndex(0);
+                setAuthSnapshot(setUmbrellaAuthAuthorized(serverUrl, setupEmail, signIn.companies.length));
                 setSetupStep("company");
+                setMessage(signIn.companies.length > 0
+                    ? `Signed in successfully. Choose one of the ${signIn.companies.length} compan${signIn.companies.length === 1 ? "y" : "ies"} next.`
+                    : "Signed in successfully, but this account does not see any companies yet.");
             }
             catch (error) {
-                setMessage(`Sign-in failed: ${error.message}`);
+                const snapshot = setUmbrellaAuthFailure(serverUrl, error, setupEmail);
+                setAuthSnapshot(snapshot);
+                setMessage(`Sign-in failed: ${snapshot.message}${snapshot.hint ? ` ${snapshot.hint}` : ""}`);
             }
             finally {
                 setBusyLabel(null);
@@ -553,6 +570,7 @@ function App() {
                 setSelectedSpaceIndex(0);
                 setInputValue("");
                 setSetupStep("space");
+                setMessage(`Created ${company.name}. Choose the space this repo should use next.`);
             }
             catch (error) {
                 setMessage(`Could not create company: ${error.message}`);
@@ -571,6 +589,7 @@ function App() {
                 setSelectedSpaceIndex(Math.max(0, nextSpaces.findIndex((space) => space.id === created.activeSpaceId)));
                 setInputValue("");
                 setSetupStep("space");
+                setMessage("Space created. Confirm it to finish linking this device.");
             }
             catch (error) {
                 setMessage(`Could not create space: ${error.message}`);
@@ -597,6 +616,7 @@ function App() {
                 setSpaces(nextSpaces);
                 setSelectedSpaceIndex(0);
                 setSetupStep("space");
+                setMessage(`Loaded ${nextSpaces.length} space${nextSpaces.length === 1 ? "" : "s"} for ${company.name}.`);
             }
             catch (error) {
                 setMessage(`Could not load spaces: ${error.message}`);
@@ -626,6 +646,7 @@ function App() {
                     focus: setup.activeSpaceName,
                     status: "success",
                 });
+                setAuthSnapshot(setUmbrellaAuthAuthorized(serverUrl, setupEmail || null, companies.length));
                 setSetupStep("done");
                 setMessage(`Connected to ${setup.companyName} / ${setup.activeSpaceName}.`);
                 setActivePanel("home");
@@ -1214,7 +1235,7 @@ function App() {
     const config = configManager.config;
     let mainContent = null;
     if (activePanel === "setup") {
-        mainContent = (_jsx(SetupView, { busyLabel: busyLabel, companies: companies, config: config, inputValue: inputValue, message: message, onInputChange: setInputValue, selectedCompanyIndex: selectedCompanyIndex, selectedSpaceIndex: selectedSpaceIndex, serverUrl: serverUrl, spaces: spaces, step: setupStep }));
+        mainContent = (_jsx(SetupView, { authSnapshot: authSnapshot, busyLabel: busyLabel, companies: companies, config: config, inputValue: inputValue, message: message, onInputChange: setInputValue, selectedCompanyIndex: selectedCompanyIndex, selectedSpaceIndex: selectedSpaceIndex, serverUrl: serverUrl, spaces: spaces, step: setupStep }));
     }
     else if (!config || !refreshState) {
         mainContent = (_jsxs(Box, { flexDirection: "column", children: [_jsx(Text, { color: "yellow", children: "This device is not linked yet." }), _jsx(Text, { color: "gray", children: "Move to Setup and connect the repo to a company and space first." })] }));

package/dist/config.d.ts

@@ -1,3 +1,4 @@
+import type { UmbrellaAuthSnapshot } from "./auth-state.js";
 export interface AgentMemoryConfig {
     umbrellaUrl?: string;
     serverUrl: string;
@@ -25,6 +26,9 @@ export interface HubRegistry {
     url: string;
     updatedAt: string;
 }
+export interface StoredCliState {
+    authSnapshot?: UmbrellaAuthSnapshot;
+}
 export interface SavedLocation {
     repoRoot: string;
     companyId: string;
@@ -49,5 +53,8 @@ export declare class ConfigManager {
     get hubRegistries(): HubRegistry[];
     upsertHubRegistry(registry: HubRegistry): void;
     removeHubRegistry(id: string): void;
+    get authSnapshot(): UmbrellaAuthSnapshot | null;
+    setAuthSnapshot(snapshot: UmbrellaAuthSnapshot): void;
+    clearAuthSnapshot(): void;
 }
 export declare const configManager: ConfigManager;

package/dist/config.js

@@ -128,5 +128,14 @@ export class ConfigManager {
         const registries = this.hubRegistries.filter((entry) => entry.id !== id);
         this.conf.set("hubRegistries", registries);
     }
+    get authSnapshot() {
+        return this.conf.get("authSnapshot") ?? null;
+    }
+    setAuthSnapshot(snapshot) {
+        this.conf.set("authSnapshot", snapshot);
+    }
+    clearAuthSnapshot() {
+        this.conf.delete("authSnapshot");
+    }
 }
 export const configManager = new ConfigManager();

package/dist/index.d.ts

@@ -1 +1,2 @@
+#!/usr/bin/env node
 export {};

package/dist/index.js

@@ -66,7 +66,7 @@ cli.command("query [...args]", "Alias for search").action(async (args) => {
     await searchCommandAction(args.join(" "));
 });
 cli.help();
-cli.version("0.1.32");
+cli.version("0.1.36");
 const argv = process.argv.slice(2);
 if (argv[0] === "curate" && argv[1] === "view" && argv.length === 2) {
     await curateViewCommandAction();

package/dist/umbrella.d.ts

@@ -21,6 +21,18 @@ export type UmbrellaCliSetup = {
     baseUrl: string;
     apiKey: string;
 };
+type RequestFailureDetails = {
+    code?: string;
+    message?: string;
+    status: number;
+    url: string;
+};
+export declare class UmbrellaRequestError extends Error {
+    status: number;
+    code?: string;
+    url: string;
+    constructor(details: RequestFailureDetails);
+}
 export declare function getUmbrellaHealth(serverUrl: string): Promise<DeploymentHealth>;
 export declare function signInToUmbrella(serverUrl: string, email: string, password: string): Promise<{
     cookie: string | null;

package/dist/umbrella.js

@@ -1,3 +1,15 @@
+export class UmbrellaRequestError extends Error {
+    status;
+    code;
+    url;
+    constructor(details) {
+        super(details.message ?? `Request failed (${details.status})`);
+        this.name = "UmbrellaRequestError";
+        this.status = details.status;
+        this.code = details.code;
+        this.url = details.url;
+    }
+}
 function trimTrailingSlash(value) {
     return value.replace(/\/+$/, "");
 }
@@ -12,8 +24,12 @@ function isLocalOnlyUmbrellaUrl(value) {
     }
 }
 async function requestJson(url, options) {
+    const parsedUrl = new URL(url);
+    const requestOrigin = `${parsedUrl.protocol}//${parsedUrl.host}`;
     const headers = {
         Accept: "application/json",
+        Origin: requestOrigin,
+        Referer: `${requestOrigin}/`,
     };
     if (options?.body !== undefined) {
         headers["Content-Type"] = "application/json";
@@ -30,8 +46,7 @@ async function requestJson(url, options) {
         });
     }
     catch (error) {
-        const parsed = new URL(url);
-        const origin = `${parsed.protocol}//${parsed.host}`;
+        const origin = requestOrigin;
         const localHint = isLocalOnlyUmbrellaUrl(origin)
             ? " That address only works if Umbrella is running on this same computer. If Umbrella lives on another machine, use that machine's real URL or IP instead."
             : "";
@@ -47,21 +62,38 @@ async function requestJson(url, options) {
         .join("; ") || null;
     const payload = await response.json().catch(() => null);
     if (!response.ok) {
-        const message = payload && typeof payload === "object"
+        const details = payload && typeof payload === "object"
             ? (() => {
                 const record = payload;
                 const errorValue = record.error;
-                if (typeof errorValue === "string")
-                    return errorValue;
+                const codeValue = typeof record.code === "string" ? record.code : undefined;
+                const messageValue = typeof record.message === "string" ? record.message : undefined;
+                if (typeof errorValue === "string") {
+                    return {
+                        code: codeValue,
+                        message: errorValue,
+                    };
+                }
                 if (errorValue && typeof errorValue === "object") {
-                    const messageValue = errorValue.message;
-                    if (typeof messageValue === "string")
-                        return messageValue;
+                    const nestedMessageValue = errorValue.message;
+                    const nestedCodeValue = errorValue.code;
+                    return {
+                        code: typeof nestedCodeValue === "string" ? nestedCodeValue : codeValue,
+                        message: typeof nestedMessageValue === "string" ? nestedMessageValue : messageValue,
+                    };
                 }
-                return `Request failed (${response.status})`;
+                return {
+                    code: codeValue,
+                    message: messageValue,
+                };
             })()
-            : `Request failed (${response.status})`;
-        throw new Error(message);
+            : { code: undefined, message: undefined };
+        throw new UmbrellaRequestError({
+            code: details.code,
+            message: details.message ?? `Request failed (${response.status})`,
+            status: response.status,
+            url,
+        });
     }
     return {
         data: payload,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "umbrella-context",
-  "version": "0.1.34",
+  "version": "0.1.36",
   "description": "Umbrella Context CLI for connecting a device to company context spaces, querying saved context, and syncing MCP access.",
   "type": "module",
   "bin": {