@corbat-tech/coco 2.28.5 → 2.30.0

package/dist/cli/index.js

@@ -1,4 +1,6 @@
 #!/usr/bin/env node
+import { execFile, execFileSync, execSync, spawn, exec } from 'child_process';
+import { setGlobalDispatcher, EnvHttpProxyAgent } from 'undici';
 import * as fs5 from 'fs';
 import fs5__default, { accessSync, readFileSync, constants as constants$1 } from 'fs';
 import * as path39 from 'path';
@@ -13,7 +15,6 @@ import JSON5 from 'json5';
 import * as crypto from 'crypto';
 import { randomUUID, randomBytes, createHash } from 'crypto';
 import * as http from 'http';
-import { execFile, execSync, spawn, execFileSync, exec } from 'child_process';
 import { promisify } from 'util';
 import * as p26 from '@clack/prompts';
 import chalk from 'chalk';
@@ -62,6 +63,167 @@ var __export = (target, all) => {
   for (var name in all)
     __defProp(target, name, { get: all[name], enumerable: true });
 };
+function getProxyFromEnv() {
+  for (const key of PROXY_ENV_VARS) {
+    const value = process.env[key];
+    if (value && value.trim().length > 0) {
+      return value.trim();
+    }
+  }
+  return null;
+}
+function maskProxyUrl(url) {
+  try {
+    const parsed = new URL(url);
+    if (parsed.password) {
+      parsed.password = "***";
+    }
+    return parsed.toString();
+  } catch {
+    return "[invalid proxy URL]";
+  }
+}
+function defaultRunner(cmd, args) {
+  try {
+    return execFileSync(cmd, args, {
+      encoding: "utf-8",
+      timeout: 2e3,
+      stdio: ["ignore", "pipe", "ignore"]
+    });
+  } catch {
+    return null;
+  }
+}
+function parseMacOsProxy(output) {
+  const getField = (name) => {
+    const re = new RegExp(`^\\s*${name}\\s*:\\s*(.+?)\\s*$`, "m");
+    return output.match(re)?.[1];
+  };
+  if (getField("ProxyAutoConfigEnable") === "1") {
+    return null;
+  }
+  const pick = (prefix) => {
+    if (getField(`${prefix}Enable`) !== "1") return null;
+    const host = getField(`${prefix}Proxy`);
+    const port = getField(`${prefix}Port`);
+    if (!host) return null;
+    return `http://${host}${port ? `:${port}` : ""}`;
+  };
+  const proxyUrl = pick("HTTPS") ?? pick("HTTP");
+  if (!proxyUrl) return null;
+  const exceptionsMatch = output.match(/ExceptionsList\s*:\s*<array>\s*\{([\s\S]*?)\}/);
+  const exceptions = [];
+  const exceptionsBody = exceptionsMatch?.[1];
+  if (exceptionsBody) {
+    for (const line of exceptionsBody.split("\n")) {
+      const entry = line.match(/^\s*\d+\s*:\s*(.+?)\s*$/)?.[1];
+      if (entry) exceptions.push(entry);
+    }
+  }
+  return {
+    proxyUrl,
+    noProxy: exceptions.length > 0 ? exceptions.join(",") : void 0
+  };
+}
+function parseWindowsProxy(output) {
+  if (/Direct access/i.test(output)) return null;
+  const raw = output.match(/Proxy\s+Server\(s\)\s*:\s*(\S.*?)\s*$/m)?.[1]?.trim();
+  if (!raw) return null;
+  let hostPort = raw;
+  if (raw.includes("=")) {
+    const parts = raw.split(";").map((p47) => p47.trim());
+    const httpsEntry = parts.find((p47) => p47.toLowerCase().startsWith("https="));
+    const httpEntry = parts.find((p47) => p47.toLowerCase().startsWith("http="));
+    const chosen = httpsEntry ?? httpEntry;
+    if (!chosen) return null;
+    hostPort = chosen.split("=", 2)[1]?.trim() ?? "";
+    if (!hostPort) return null;
+  }
+  const proxyUrl = /^https?:\/\//i.test(hostPort) ? hostPort : `http://${hostPort}`;
+  let noProxy;
+  const bypass = output.match(/Bypass\s+List\s*:\s*(\S.*?)\s*$/m)?.[1]?.trim();
+  if (bypass && !/\(none\)/i.test(bypass)) {
+    noProxy = bypass.replace(/;/g, ",");
+  }
+  return { proxyUrl, noProxy };
+}
+function getProxyFromSystem(platform = process.platform, run = defaultRunner) {
+  if (platform === "darwin") {
+    const out = run("scutil", ["--proxy"]);
+    return out ? parseMacOsProxy(out) : null;
+  }
+  if (platform === "win32") {
+    const out = run("netsh", ["winhttp", "show", "proxy"]);
+    return out ? parseWindowsProxy(out) : null;
+  }
+  return null;
+}
+function installProxyDispatcher(resolveSystem = () => getProxyFromSystem()) {
+  if (installed) {
+    const existing = getProxyFromEnv();
+    return existing ? maskProxyUrl(existing) : null;
+  }
+  const envProxy = getProxyFromEnv();
+  if (envProxy) {
+    return applyDispatcher(envProxy);
+  }
+  const sys = resolveSystem();
+  if (sys) {
+    seedEnv("HTTPS_PROXY", sys.proxyUrl);
+    seedEnv("HTTP_PROXY", sys.proxyUrl);
+    if (sys.noProxy && !process.env.NO_PROXY && !process.env.no_proxy) {
+      seedEnv("NO_PROXY", sys.noProxy);
+    }
+    return applyDispatcher(sys.proxyUrl);
+  }
+  return null;
+}
+function seedEnv(key, value) {
+  if (process.env[key] !== void 0) return;
+  process.env[key] = value;
+  seededEnvKeys.push(key);
+}
+function applyDispatcher(proxyUrl) {
+  try {
+    setGlobalDispatcher(new EnvHttpProxyAgent());
+    installed = true;
+    return maskProxyUrl(proxyUrl);
+  } catch {
+    return null;
+  }
+}
+function describeFetchError(error) {
+  if (!(error instanceof Error)) {
+    return {};
+  }
+  const cause = unwrapCause(error);
+  return {
+    code: cause?.code,
+    hostname: cause?.hostname
+  };
+}
+function unwrapCause(error) {
+  let current = error;
+  let depth = 0;
+  while (current && depth < 5) {
+    const next = current.cause;
+    if (!next) break;
+    current = next;
+    depth++;
+  }
+  if (current && typeof current === "object") {
+    return current;
+  }
+  return void 0;
+}
+var PROXY_ENV_VARS, installed, seededEnvKeys;
+var init_proxy = __esm({
+  "src/utils/proxy.ts"() {
+    PROXY_ENV_VARS = ["HTTPS_PROXY", "https_proxy", "HTTP_PROXY", "http_proxy"];
+    installed = false;
+    seededEnvKeys = [];
+  }
+});
 function findPackageJson() {
   let dir = dirname(fileURLToPath(import.meta.url));
   for (let i = 0; i < 10; i++) {
@@ -1944,8 +2106,15 @@ async function runBrowserOAuthFlow(provider) {
     const errorMsg = error instanceof Error ? error.message : String(error);
     console.log();
     console.log(chalk.yellow("   \u26A0 Browser authentication failed"));
-    const errorCategory = errorMsg.includes("timeout") || errorMsg.includes("Timeout") ? "Request timed out" : errorMsg.includes("network") || errorMsg.includes("ECONNREFUSED") || errorMsg.includes("fetch") ? "Network error" : errorMsg.includes("401") || errorMsg.includes("403") ? "Authorization denied" : errorMsg.includes("invalid_grant") || errorMsg.includes("invalid_client") ? "Invalid credentials" : "Authentication error (see debug logs for details)";
-    console.log(chalk.dim(`   Error: ${errorCategory}`));
+    const isNetwork = errorMsg.includes("fetch failed") || errorMsg.toLowerCase().includes("network error") || errorMsg.includes("ECONNREFUSED") || errorMsg.includes("ENOTFOUND") || errorMsg.includes("ETIMEDOUT");
+    if (isNetwork) {
+      const { code } = describeFetchError(error);
+      console.log(chalk.dim("   Error: Network error"));
+      printNetworkTroubleshooting(code);
+    } else {
+      const errorCategory = errorMsg.includes("timeout") || errorMsg.includes("Timeout") ? "Request timed out" : errorMsg.includes("401") || errorMsg.includes("403") ? "Authorization denied" : errorMsg.includes("invalid_grant") || errorMsg.includes("invalid_client") ? "Invalid credentials" : "Authentication error (see debug logs for details)";
+      console.log(chalk.dim(`   Error: ${errorCategory}`));
+    }
     console.log();
     const fallbackOptions = [];
     if (config?.deviceAuthEndpoint) {
@@ -2235,14 +2404,38 @@ async function runCopilotDeviceFlow() {
       console.log(chalk.yellow("   \u26A0 Authentication timed out. Please try again."));
     } else if (errorMsg.includes("denied")) {
       console.log(chalk.yellow("   \u26A0 Access was denied."));
+    } else if (errorMsg.includes("fetch failed") || errorMsg.toLowerCase().includes("network")) {
+      const { code } = describeFetchError(error);
+      console.log(chalk.red("   \u2717 Network error reaching GitHub"));
+      printNetworkTroubleshooting(code);
     } else {
-      const category = errorMsg.includes("network") || errorMsg.includes("fetch") ? "Network error" : "Authentication error";
-      console.log(chalk.red(`   \u2717 ${category}`));
+      console.log(chalk.red("   \u2717 Authentication error \u2014 see debug logs for details"));
     }
     console.log();
     return null;
   }
 }
+function printNetworkTroubleshooting(code) {
+  const proxy = getProxyFromEnv();
+  if (proxy) {
+    console.log(chalk.dim(`   Proxy in use: ${maskProxyUrl(proxy)}`));
+    console.log(chalk.dim("   \u2192 Verify the proxy allows github.com and api.github.com."));
+  } else {
+    console.log(chalk.dim("   No HTTPS_PROXY / HTTP_PROXY env vars detected."));
+    console.log(chalk.dim("   \u2192 If you're behind a corporate proxy, set HTTPS_PROXY and retry."));
+  }
+  if (code === "SELF_SIGNED_CERT_IN_CHAIN" || code === "UNABLE_TO_VERIFY_LEAF_SIGNATURE") {
+    console.log(
+      chalk.dim(
+        "   \u2192 A TLS interceptor is rewriting certificates. Add your corp root CA to NODE_EXTRA_CA_CERTS."
+      )
+    );
+  } else if (code === "ENOTFOUND") {
+    console.log(chalk.dim("   \u2192 Check DNS: `nslookup github.com`"));
+  } else if (code === "ETIMEDOUT" || code === "UND_ERR_CONNECT_TIMEOUT") {
+    console.log(chalk.dim("   \u2192 A firewall may be dropping the connection silently."));
+  }
+}
 async function getOrRefreshOAuthToken(provider) {
   if (provider === "copilot") {
     const tokenResult = await getValidCopilotToken();
@@ -2273,6 +2466,7 @@ var init_flow = __esm({
     init_pkce();
     init_callback_server();
     init_platform();
+    init_proxy();
     init_copilot();
     execFileAsync2 = promisify(execFile);
   }
@@ -24937,6 +25131,7 @@ var init_input_echo = __esm({
 });
 
 // src/cli/index.ts
+init_proxy();
 init_version();
 
 // src/orchestrator/project.ts
@@ -56258,6 +56453,7 @@ ${stdinContent}
 // src/cli/index.ts
 init_env();
 init_errors();
+installProxyDispatcher();
 var program = new Command();
 program.name("coco").description("Corbat-Coco: Autonomous Coding Agent with Self-Review and Quality Convergence").version(VERSION, "-v, --version", "Output the current version");
 registerInitCommand(program);