You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: AGENTS.md
+20-5Lines changed: 20 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -46,7 +46,16 @@ band auth profiles # list all stored profiles
46
46
band auth use admin # switch the active profile
47
47
```
48
48
49
-
If a credential's `acct_scope` is "All" (system-scope), it can access any account but the CLI will show guidance about passing `--account-id`. Always pass `--account-id` explicitly with system-scope credentials.
49
+
If your credentials are not bound to a specific account, the CLI will prompt you to pass `--account-id` explicitly. Always pass `--account-id` on every command in that case.
50
+
51
+
### Account Type and Capabilities
52
+
53
+
`band auth status --plain` returns structured JSON describing what the active account can do. The two fields agents care about most:
54
+
55
+
-**`build: true`** — this is a Bandwidth Build account. Voice-only, credit-based. Messaging, number ordering, sub-accounts, VCPs, 10DLC, and toll-free verification are not available; commands targeting those exit with code 4 and a clear message pointing at the upgrade path.
56
+
-**`capabilities`** — a derived map (`voice`, `messaging`, `numbers`, `vcp`, `campaign_management`, `tfv`, `app_management`) flipping `true`/`false` based on the credential's roles. Use this to gate work locally rather than discovering limits via 4xx errors.
57
+
58
+
Branch on these before attempting feature-gated work. The CLI also fails fast at the moment you try a restricted command, but checking capabilities up front avoids wasted setup.
50
59
51
60
### Account Hint
52
61
@@ -236,7 +245,7 @@ band auth status # confirm
236
245
237
246
After calling `band account register`, stop and tell the user they need to complete setup in their browser. Do not attempt to poll or wait — the next CLI step (`band auth login`) requires credentials that are only available after the human finishes the browser flow.
238
247
239
-
**After login, the account already has a voice app and a phone number.** Build accounts ship with both pre-provisioned. Run `band app list --plain`and `band number list --plain`to discover them — do **not** call `app create` or `number order` on a fresh Build account, you already have what you need to make a call.
248
+
**After login, the account already has a voice app and a phone number.** Build accounts ship with both pre-provisioned. Run `band app list --plain` to discover the voice app — do **not** call `app create` or `number order` on a fresh Build account, you already have what you need to make a call. (`band number list` doesn't work on Build yet; the pre-provisioned number is reachable via the account portal and already wired to the default voice app.)
240
249
241
250
---
242
251
@@ -460,10 +469,11 @@ band number list --plain # → all numbers on account
| 2 | Auth/permission error | 401/403 — bad credentials, token expired, or credential lacks a required role (e.g., VCP, Campaign Management, TFV). An agent's branching logic should treat exit code 2 as "try a different path or escalate" rather than only "re-authenticate"|
| 4 | Conflict |409 — duplicate resource or feature not enabled|
474
+
| 4 | Conflict / feature limit / payment required | 402, 409, or 403 due to a plan/role gate (e.g., Build account trying to message, missing VCP/Campaign Management/TFV role, out of credits, declined card). Non-retryable — stop and escalate to the user.|
466
475
| 5 | Timeout |`--wait` exceeded `--timeout`|
476
+
| 7 | Rate limited / quota exceeded | 429 or concurrent-resource ceiling. Back off and retry. |
467
477
468
478
**Use exit codes for control flow, not string parsing.**
469
479
@@ -475,9 +485,13 @@ band number list --plain # → all numbers on account
475
485
| "account ID not set" | 1 | No active account |`band auth switch <id>` or pass `--account-id`|
476
486
| "credential verification failed" | 2 | Bad client ID or secret | Check credentials |
| "API error 403" | 2 | Credential lacks permission | Check roles — VCP role for UP voice, Campaign Management role for `tendlc`, TFV role for `tfv`. Could also mean the account doesn't have the Registration Center feature enabled. Escalate to account manager if unclear |
488
+
| "...isn't available on Bandwidth Build accounts" | 4 | Build account hit a feature outside its plan (messaging, numbers, VCPs, 10DLC, TFV) | Stop and tell the user — non-retryable. Upgrade path: https://www.bandwidth.com/talk-to-an-expert/|
489
+
| "credential lacks the X role" | 4 | Credential lacks a role on a non-Build account | Escalate to the user's Bandwidth account manager to assign the role |
490
+
| "API error 402" / "Insufficient credits" | 4 | Out of credits, declined card, or no payment method on file | Stop and tell the user — non-retryable; they need to top up or fix billing |
491
+
| "API error 403" | 2 | True auth failure (token expired or invalid). Feature/role 403s now surface as exit 4 with a tailored message — see the rows above. | Re-run `band auth login`|
479
492
| "API error 404" | 3 | Resource doesn't exist | Verify the ID; check you're on the right account |
480
493
| "API error 409" | 4 | Conflict / duplicate | Use `--if-not-exists`; or feature not enabled on account |
494
+
| "API error 429" | 7 | Rate limited or quota exceeded | Back off and retry — eventually retryable |
481
495
| "HTTP voice feature is required" | 4 | Legacy voice not available | Try VCP path (UP account) or contact support |
482
496
| "required flag not set" | 1 | Missing a required flag | Check `--help` for required flags |
-**Bandwidth Build accounts are voice-only.** Detect via `band auth status --plain` (`build: true`). On a Build account, only voice and app-management commands work — `message send`, `number search`/`order`, `vcp *`, `subaccount *`, `tendlc *`, `tfv *` all exit 4 with a Build-aware message and an upgrade link. Pre-provisioned voice app and number ship with the account; `band number list` doesn't work yet (the number is reachable via the account portal). Build also has runtime limits not surfaced in `auth status` — verified-number-only outbound on Free Trial, a 30-min cap per call, a 5-concurrent-call ceiling. See [dev.bandwidth.com](https://dev.bandwidth.com/docs/voice/programmable-voice/build-free-trial) for current pricing and limits; treat any 402 (exit 4) as "out of credits, escalate" and any 429 (exit 7) as "back off and retry."
688
703
-**No real-time call control.** The CLI can initiate calls and query state, but cannot receive or respond to mid-call callbacks. Dynamic call control requires a separate callback-handling server.
689
704
-**No message delivery confirmation.** The CLI verifies your setup is correct before sending (app-location link, callback URL, campaign), but it cannot confirm whether a message was actually delivered. Delivery status (`message-delivered`, `message-failed`) arrives via webhooks on your callback server. The CLI's `message get` and `message list` return metadata only — not delivery status.
690
705
-**No message content retrieval.** Bandwidth does not store message bodies. After sending, the message text is gone forever. `message get` and `message list` return timestamps, direction, and segment counts only.
Copy file name to clipboardExpand all lines: README.md
+5-6Lines changed: 5 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -97,11 +97,9 @@ Then complete setup in your browser:
97
97
98
98
Once your credentials are ready, run `band auth login` and you're off.
99
99
100
-
**What you get:** Every Build account ships with a voice application and a phone number already provisioned — no need to create them yourself. After login, run`band app list`and `band number list` to see them, and skip straight to [make a call](#make-a-call).
100
+
**What you get:** Every Build account ships with a voice application and a phone number already provisioned. Run `band auth status`to confirm your account type and capabilities, then`band app list`to see your pre-provisioned voice app — then you're ready to [make a call](#make-a-call). (Your pre-provisioned number is also visible in the Bandwidth App.)
101
101
102
-
**Important note**: a Bandwidth Build account is for our Voice API **only**. Usage limits and terms and conditions apply. If you would like to send
103
-
messages, order numbers, and more, you will need a full Bandwidth Account. [Talk to an expert](https://www.bandwidth.com/talk-to-an-expert/) to start
104
-
your onboarding process today.
102
+
**Build is voice-only.** Messaging, number ordering, sub-accounts, VCPs, 10DLC, and toll-free verification all require a full Bandwidth account. If you try one of those commands on a Build account, the CLI fails fast (exit code 4) and points you at the upgrade path. For current Build pricing, credit costs, and trial limits, see [dev.bandwidth.com](https://dev.bandwidth.com/docs/voice/programmable-voice/build-free-trial). [Talk to an expert](https://www.bandwidth.com/talk-to-an-expert/) when you're ready to upgrade.
105
103
106
104
---
107
105
@@ -528,8 +526,9 @@ Sub-accounts (formerly known as sites) are the top-level container. Locations (f
528
526
| 1 | Bad input or unexpected error |
529
527
| 2 | Authentication or permission problem |
530
528
| 3 | Resource not found |
531
-
| 4 | Conflict(duplicate resource or missing feature) |
529
+
| 4 | Conflict, feature limit, or payment required (duplicate resource, missing role, plan limit, out of credits) |
532
530
| 5 | Timed out waiting |
531
+
| 7 | Rate limited or quota exceeded (back off and retry) |
533
532
534
533
---
535
534
@@ -564,7 +563,7 @@ This CLI is agent-native — not just "agent-compatible." The design principles:
564
563
-**`--plain` everywhere.** Flat, stable JSON output. Auto-enabled when stdout is piped, so agents in pipelines don't need the flag.
565
564
-**`--if-not-exists` for idempotency.** Create commands can be retried safely without duplicating resources.
566
565
-**`--wait` for async operations.** Agents can't poll. `--wait` blocks until the number is active, the call completes, or the transcription is ready.
567
-
-**Structured exit codes.** 0 success, 2 auth, 3 not found, 4 conflict, 5 timeout. Use exit codes for control flow, not string parsing.
566
+
-**Structured exit codes.** 0 success, 2 auth, 3 not found, 4 conflict/feature limit, 5 timeout, 7 rate limit. Use exit codes for control flow, not string parsing.
568
567
-**Env-var-driven auth.**`BW_CLIENT_ID` + `BW_CLIENT_SECRET` — no interactive prompts required.
569
568
570
569
For the full agent reference — dependency chains, provisioning workflows, error patterns, and copy-pasteable scripts — see [AGENTS.md](AGENTS.md).
0 commit comments