Environment
aac 0.11.0 (3b000d1), bw 2026.5.0, macOS 26.5.1 (arm64), Bitwarden provider.
Summary
When the Bitwarden CLI has a stale login (refresh token expired/revoked -- bw login says "You are already logged in" but bw sync fails with invalid_grant), aac listen starts normally, completes pairing and fingerprint verification, and only fails when a credential request arrives:
Credential request - domain: example.com
Vault is locked -- cannot look up credential for domain: example.com
Credential denied: (unknown)
Unlocking vault...
Unlock failed: You are not logged in.
The consumer just sees a denial (exit 4). The operator has no indication before the first request that the provider can never serve anything.
Suggestion
Run a provider health check (bw status, or a sync probe) at aac listen startup and refuse to listen -- or at least display a prominent warning -- when the underlying login is invalid. A /status indicator for provider readiness in the TUI would also help.
(The bw CLI's own unhandled rejection crash on invalid_grant sync is a bitwarden/clients matter; mentioning it here only as context.)
Environment
aac 0.11.0 (3b000d1), bw 2026.5.0, macOS 26.5.1 (arm64), Bitwarden provider.
Summary
When the Bitwarden CLI has a stale login (refresh token expired/revoked --
bw loginsays "You are already logged in" butbw syncfails withinvalid_grant),aac listenstarts normally, completes pairing and fingerprint verification, and only fails when a credential request arrives:The consumer just sees a denial (exit 4). The operator has no indication before the first request that the provider can never serve anything.
Suggestion
Run a provider health check (
bw status, or a sync probe) ataac listenstartup and refuse to listen -- or at least display a prominent warning -- when the underlying login is invalid. A/statusindicator for provider readiness in the TUI would also help.(The
bwCLI's own unhandled rejection crash oninvalid_grantsync is a bitwarden/clients matter; mentioning it here only as context.)