vesper-wizard 2.0.4 → 2.0.5

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "vesper-wizard",
-  "version": "2.0.4",
+  "version": "2.0.5",
   "description": "Zero-friction setup wizard for Vesper — local MCP server, unified dataset API, and agent auto-config in 60 seconds",
   "bin": {
     "vesper-wizard": "wizard.js"

package/wizard.js

@@ -91,12 +91,34 @@ function httpJson(method, url, body) {
   });
 }
 
-async function canReachDeviceAuth(baseUrl) {
+async function probeDeviceAuth(baseUrl) {
   try {
     const res = await httpJson('POST', `${baseUrl}/api/auth/device/start`);
-    return res.status === 201 && !!res.body && !!res.body.code;
-  } catch {
-    return false;
+    if (res.status === 201 && !!res.body && !!res.body.code) {
+      return { baseUrl, status: 'ready', response: res.body };
+    }
+
+    if (res.status === 503 && res.body && res.body.requiresSetup) {
+      return {
+        baseUrl,
+        status: 'setup-required',
+        response: res.body,
+        message: res.body.error || 'Auth storage is not initialized.',
+      };
+    }
+
+    return {
+      baseUrl,
+      status: 'unreachable',
+      response: res.body,
+      message: typeof res.body === 'string' ? res.body : JSON.stringify(res.body),
+    };
+  } catch (error) {
+    return {
+      baseUrl,
+      status: 'unreachable',
+      message: error && error.message ? error.message : 'Request failed',
+    };
   }
 }
 
@@ -105,13 +127,20 @@ async function resolveVesperApiBaseUrl() {
     ? [VESPER_API_URL]
     : DEFAULT_VESPER_API_CANDIDATES;
 
+  let setupRequiredProbe = null;
+
   for (const candidate of candidates) {
-    if (await canReachDeviceAuth(candidate)) {
-      return candidate;
+    const probe = await probeDeviceAuth(candidate);
+    if (probe.status === 'ready') {
+      return probe;
+    }
+
+    if (!setupRequiredProbe && probe.status === 'setup-required') {
+      setupRequiredProbe = probe;
     }
   }
 
-  return null;
+  return setupRequiredProbe;
 }
 
 function openBrowser(url) {
@@ -149,16 +178,25 @@ async function deviceAuthFlow() {
     return null;
   }
 
-  console.log(`  ${dim('Auth endpoint:')} ${dim(resolvedApiBaseUrl)}\n`);
+  if (resolvedApiBaseUrl.status === 'setup-required') {
+    console.log(`  ${yellow('!')} ${yellow('Reached Vesper auth endpoint, but local auth storage is not initialized.')}`);
+    console.log(`      ${dim('Endpoint:')} ${dim(resolvedApiBaseUrl.baseUrl)}`);
+    console.log(`      ${dim('Reason:')} ${dim(resolvedApiBaseUrl.message || 'Apply Supabase migrations first.')}`);
+    console.log(`      ${dim('Run the SQL in supabase/migrations/001_device_auth.sql and 002_rate_limits.sql, then retry.')}`);
+    console.log(`      ${dim('Falling back to local-only mode.\n')}`);
+    return null;
+  }
+
+  console.log(`  ${dim('Auth endpoint:')} ${dim(resolvedApiBaseUrl.baseUrl)}\n`);
 
   // Step 1: Call /api/auth/device/start
   process.stdout.write(`  ${dim('Requesting device code...')}`);
   let startRes;
   try {
-    startRes = await httpJson('POST', `${resolvedApiBaseUrl}/api/auth/device/start`);
+    startRes = await httpJson('POST', `${resolvedApiBaseUrl.baseUrl}/api/auth/device/start`);
   } catch (err) {
     console.log(` ${red('✗')}`);
-    console.log(`      ${red('Could not reach Vesper API at')} ${dim(resolvedApiBaseUrl)}`);
+    console.log(`      ${red('Could not reach Vesper API at')} ${dim(resolvedApiBaseUrl.baseUrl)}`);
     console.log(`      ${dim('Falling back to local-only mode.\n')}`);
     return null;
   }
@@ -198,7 +236,7 @@ async function deviceAuthFlow() {
     process.stdout.write(`\r  ${cyan(frame)} Polling... (${polls})`);
 
     try {
-      const pollRes = await httpJson('GET', `${resolvedApiBaseUrl}/api/auth/device/poll?code=${code}`);
+      const pollRes = await httpJson('GET', `${resolvedApiBaseUrl.baseUrl}/api/auth/device/poll?code=${code}`);
 
       if (pollRes.body.status === 'confirmed' && pollRes.body.apiKey) {
         process.stdout.write(`\r  ${green('✓')} Device authenticated!            \n`);