--debug writes to stderr, so structured stdout remains parseable.
Authentication failed (exit 3)
The OAuth grant or API key is missing, expired, invalid, or revoked. Re-authenticate in the browser, then validate:Authorization failed (exit 4)
The credential is valid but lacks the required scope or role. Compare the command with the scope table, then sign in again or create a narrowly scoped API key.--yes, --json, and --agent never grant access.
Resource not found (exit 5)
Confirm the resource ID and selected workspace withwhoami. The API returns
the same not-found response for a missing resource and a resource in another
workspace, so it never leaks cross-workspace existence.
Repository binding mismatch
The selected profile’s workspace differs from.gleanfeed.json.
workspaceId; it is derived and read-only. Select
the correct authenticated profile and rerun init.
Invalid or unsupported config
Version 1 is the current schema. Back up an unversioned or older file and rerungleanfeed init. If the file declares a future version, update the CLI instead
of guessing a migration.
Board is required
Feedback creation needs an explicit board slug or UUID unless the repository hasdefaultBoard:
Rate limited (exit 6)
Wait before retrying and honor the API’s retry interval. Keep list pages small, reuse idempotency keys for retried creates, and avoid parallel retry storms.Remote service failure (exit 7)
Check network access tohttps://app.gleanfeed.com, then retry the same
idempotent read. GitHub imports can return partial success with
continuation.retryArgs; retry only those failed issue numbers.
Agent configuration exists but MCP is disconnected
agent install writes only the endpoint. Complete OAuth in the client:
- Codex:
codex mcp login glean-feed - Claude Code:
/mcp, then selectglean-feed - Cursor: Cursor Settings → MCP
- VS Code: MCP: List Servers, then start
glean-feed
A write will not run in JSON or CI
Customer-visible and external writes require confirmation. Noninteractive callers must add--yes to the specific reviewed command. The CLI still applies
authentication, scopes, workspace isolation, input validation, and idempotency.
If the problem persists, send support the CLI version, command name, exit code,
and redacted debug output. Never send a token, API key, or raw credential store.