@vee3/upload 0.1.0 → 0.2.0

package/package.json

@@ -1,23 +1,31 @@
-{
-  "name": "@vee3/upload",
-  "version": "0.1.0",
-  "description": "Upload local files to Vee3.",
-  "type": "module",
-  "bin": {
-    "vee3-upload": "./src/index.js"
-  },
-  "files": ["src"],
-  "engines": {
-    "node": ">=18"
-  },
-  "publishConfig": {
-    "access": "public"
-  },
-  "repository": {
-    "type": "git",
-    "url": "https://github.com/vee3io/Vee3.git",
-    "directory": "packages/upload"
-  },
-  "keywords": ["vee3", "upload", "cli", "mcp"],
-  "license": "MIT"
-}
+{
+  "name": "@vee3/upload",
+  "version": "0.2.0",
+  "description": "Upload local files to Vee3.",
+  "homepage": "https://vee3.io",
+  "type": "module",
+  "bin": {
+    "vee3-upload": "./src/index.js"
+  },
+  "files": [
+    "src"
+  ],
+  "engines": {
+    "node": ">=18"
+  },
+  "publishConfig": {
+    "access": "public"
+  },
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/vee3io/Vee3.git",
+    "directory": "packages/upload"
+  },
+  "keywords": [
+    "vee3",
+    "upload",
+    "cli",
+    "mcp"
+  ],
+  "license": "MIT"
+}

package/src/api.js

@@ -1,34 +1,34 @@
-export const DEFAULT_API_BASE_URL = "https://api.vee3.io";
-
-async function formatApiError(response) {
-  const responseText = await response.text();
-  try {
-    const payload = JSON.parse(responseText);
-    if (payload && typeof payload.error === "object") {
-      const requestId = payload.error.request_id ? ` (request_id=${payload.error.request_id})` : "";
-      return `${payload.error.code}: ${payload.error.message}${requestId}`;
-    }
-  } catch {
-    // Fall through to raw response text.
-  }
-  return responseText || `HTTP ${response.status}`;
-}
-
-export async function resolveUpload({ apiBaseUrl, uploadCode, contentType }) {
-  const response = await fetch(`${apiBaseUrl.replace(/\/$/, "")}/v1/agent-uploads/resolve`, {
-    method: "POST",
-    headers: {
-      "Content-Type": "application/json"
-    },
-    body: JSON.stringify({
-      upload_code: uploadCode,
-      content_type: contentType
-    })
-  });
-
-  if (!response.ok) {
-    throw new Error(await formatApiError(response));
-  }
-
-  return await response.json();
-}
+export const DEFAULT_API_BASE_URL = "https://api.vee3.io";
+
+async function formatApiError(response) {
+  const responseText = await response.text();
+  try {
+    const payload = JSON.parse(responseText);
+    if (payload && typeof payload.error === "object") {
+      const requestId = payload.error.request_id ? ` (request_id=${payload.error.request_id})` : "";
+      return `${payload.error.code}: ${payload.error.message}${requestId}`;
+    }
+  } catch {
+    // Fall through to raw response text.
+  }
+  return responseText || `HTTP ${response.status}`;
+}
+
+export async function resolveUpload({ apiBaseUrl, uploadCode, contentType }) {
+  const response = await fetch(`${apiBaseUrl.replace(/\/$/, "")}/v1/agent-uploads/resolve`, {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/json"
+    },
+    body: JSON.stringify({
+      upload_code: uploadCode,
+      content_type: contentType
+    })
+  });
+
+  if (!response.ok) {
+    throw new Error(await formatApiError(response));
+  }
+
+  return await response.json();
+}

package/src/index.js

@@ -1,96 +1,99 @@
-#!/usr/bin/env node
-
-import { stat } from "node:fs/promises";
-import { DEFAULT_API_BASE_URL, resolveUpload } from "./api.js";
-import { detectContentType } from "./detectContentType.js";
-import { uploadFileToSignedUrl } from "./uploadFile.js";
-
-function printUsage() {
-  console.error(
-    "Usage: vee3-upload <upload_code> <file_path> [--api-base-url https://api.vee3.io] [--json]"
-  );
-}
-
-function parseArguments(argumentsList) {
-  const positionalArguments = [];
-  let apiBaseUrl = DEFAULT_API_BASE_URL;
-  let outputJson = false;
-
-  for (let index = 0; index < argumentsList.length; index += 1) {
-    const argument = argumentsList[index];
-    if (argument === "--api-base-url") {
-      const nextArgument = argumentsList[index + 1];
-      if (!nextArgument) {
-        throw new Error("--api-base-url requires a value");
-      }
-      apiBaseUrl = nextArgument;
-      index += 1;
-      continue;
-    }
-    if (argument === "--json") {
-      outputJson = true;
-      continue;
-    }
-    positionalArguments.push(argument);
-  }
-
-  if (positionalArguments.length !== 2) {
-    throw new Error("Expected upload_code and file_path");
-  }
-
-  return {
-    uploadCode: positionalArguments[0],
-    filePath: positionalArguments[1],
-    apiBaseUrl,
-    outputJson
-  };
-}
-
-async function main() {
-  const { uploadCode, filePath, apiBaseUrl, outputJson } = parseArguments(
-    process.argv.slice(2)
-  );
-  const fileStat = await stat(filePath);
-  if (!fileStat.isFile()) {
-    throw new Error(`File path is not a file: ${filePath}`);
-  }
-
-  const contentType = await detectContentType(filePath);
-  const resolvedUpload = await resolveUpload({
-    apiBaseUrl,
-    uploadCode,
-    contentType
-  });
-
-  if (fileStat.size > resolvedUpload.max_bytes) {
-    throw new Error(
-      `File is too large: ${fileStat.size} bytes exceeds ${resolvedUpload.max_bytes} bytes`
-    );
-  }
-
-  await uploadFileToSignedUrl({
-    uploadUrl: resolvedUpload.upload_url,
-    filePath,
-    fileSizeBytes: fileStat.size,
-    requiredHeaders: resolvedUpload.required_headers
-  });
-
-  if (outputJson) {
-    console.log(
-      JSON.stringify({
-        upload_id: resolvedUpload.upload_id,
-        content_type: contentType,
-        size_bytes: fileStat.size
-      })
-    );
-    return;
-  }
-
-  console.log(resolvedUpload.upload_id);
-}
-
-main().catch((error) => {
-  printUsage();
-  console.error(error instanceof Error ? error.message : String(error));
-  process.exit(1);
-});
+#!/usr/bin/env node
+
+import { stat } from "node:fs/promises";
+import { DEFAULT_API_BASE_URL, resolveUpload } from "./api.js";
+import { detectContentType } from "./detectContentType.js";
+import { ensureSystemCertificateTrust } from "./systemCertificates.js";
+import { uploadFileToSignedUrl } from "./uploadFile.js";
+
+ensureSystemCertificateTrust();
+
+function printUsage() {
+  console.error(
+    "Usage: vee3-upload <upload_code> <file_path> [--api-base-url https://api.vee3.io] [--json]"
+  );
+}
+
+function parseArguments(argumentsList) {
+  const positionalArguments = [];
+  let apiBaseUrl = DEFAULT_API_BASE_URL;
+  let outputJson = false;
+
+  for (let index = 0; index < argumentsList.length; index += 1) {
+    const argument = argumentsList[index];
+    if (argument === "--api-base-url") {
+      const nextArgument = argumentsList[index + 1];
+      if (!nextArgument) {
+        throw new Error("--api-base-url requires a value");
+      }
+      apiBaseUrl = nextArgument;
+      index += 1;
+      continue;
+    }
+    if (argument === "--json") {
+      outputJson = true;
+      continue;
+    }
+    positionalArguments.push(argument);
+  }
+
+  if (positionalArguments.length !== 2) {
+    throw new Error("Expected upload_code and file_path");
+  }
+
+  return {
+    uploadCode: positionalArguments[0],
+    filePath: positionalArguments[1],
+    apiBaseUrl,
+    outputJson
+  };
+}
+
+async function main() {
+  const { uploadCode, filePath, apiBaseUrl, outputJson } = parseArguments(
+    process.argv.slice(2)
+  );
+  const fileStat = await stat(filePath);
+  if (!fileStat.isFile()) {
+    throw new Error(`File path is not a file: ${filePath}`);
+  }
+
+  const contentType = await detectContentType(filePath);
+  const resolvedUpload = await resolveUpload({
+    apiBaseUrl,
+    uploadCode,
+    contentType
+  });
+
+  if (fileStat.size > resolvedUpload.max_bytes) {
+    throw new Error(
+      `File is too large: ${fileStat.size} bytes exceeds ${resolvedUpload.max_bytes} bytes`
+    );
+  }
+
+  await uploadFileToSignedUrl({
+    uploadUrl: resolvedUpload.upload_url,
+    filePath,
+    fileSizeBytes: fileStat.size,
+    requiredHeaders: resolvedUpload.required_headers
+  });
+
+  if (outputJson) {
+    console.log(
+      JSON.stringify({
+        upload_id: resolvedUpload.upload_id,
+        content_type: contentType,
+        size_bytes: fileStat.size
+      })
+    );
+    return;
+  }
+
+  console.log(resolvedUpload.upload_id);
+}
+
+main().catch((error) => {
+  printUsage();
+  console.error(error instanceof Error ? error.message : String(error));
+  process.exit(1);
+});

package/src/systemCertificates.js

@@ -0,0 +1,61 @@
+import { spawnSync } from "node:child_process";
+
+const SYSTEM_CA_FLAG = "--use-system-ca";
+const REEXEC_GUARD_VARIABLE = "VEE3_UPLOAD_SYSTEM_CA_REEXEC";
+
+function systemCaFlagAlreadyActive() {
+  if (process.execArgv.includes(SYSTEM_CA_FLAG)) {
+    return true;
+  }
+  const nodeOptions = process.env.NODE_OPTIONS ?? "";
+  return nodeOptions.includes(SYSTEM_CA_FLAG);
+}
+
+function systemCaFlagSupported() {
+  try {
+    return process.allowedNodeEnvironmentFlags.has(SYSTEM_CA_FLAG);
+  } catch {
+    return false;
+  }
+}
+
+/**
+ * Networks that perform TLS inspection (corporate proxies, some antivirus
+ * products) present certificates signed by a private root CA that Node does not
+ * trust by default, so HTTPS requests fail with UNABLE_TO_VERIFY_LEAF_SIGNATURE.
+ * Re-executing with --use-system-ca makes Node trust the same roots the
+ * operating system already trusts, which is what browsers and OS HTTP clients
+ * use. On older Node versions without the flag we fall back to whatever
+ * NODE_EXTRA_CA_CERTS provides.
+ */
+export function ensureSystemCertificateTrust() {
+  if (process.env[REEXEC_GUARD_VARIABLE] === "1") {
+    return;
+  }
+  if (systemCaFlagAlreadyActive()) {
+    return;
+  }
+  if (!systemCaFlagSupported()) {
+    return;
+  }
+
+  const entryScript = process.argv[1];
+  if (!entryScript) {
+    return;
+  }
+
+  const result = spawnSync(
+    process.execPath,
+    [SYSTEM_CA_FLAG, entryScript, ...process.argv.slice(2)],
+    {
+      stdio: "inherit",
+      env: { ...process.env, [REEXEC_GUARD_VARIABLE]: "1" }
+    }
+  );
+
+  if (result.error) {
+    return;
+  }
+
+  process.exit(result.status ?? 0);
+}

package/src/uploadFile.js

@@ -1,25 +1,25 @@
-import { createReadStream } from "node:fs";
-
-export async function uploadFileToSignedUrl({
-  uploadUrl,
-  filePath,
-  fileSizeBytes,
-  requiredHeaders
-}) {
-  const headers = {
-    ...requiredHeaders,
-    "Content-Length": String(fileSizeBytes)
-  };
-
-  const response = await fetch(uploadUrl, {
-    method: "PUT",
-    headers,
-    body: createReadStream(filePath),
-    duplex: "half"
-  });
-
-  if (!response.ok) {
-    const responseText = await response.text();
-    throw new Error(responseText || `Upload failed with HTTP ${response.status}`);
-  }
-}
+import { createReadStream } from "node:fs";
+
+export async function uploadFileToSignedUrl({
+  uploadUrl,
+  filePath,
+  fileSizeBytes,
+  requiredHeaders
+}) {
+  const headers = {
+    ...requiredHeaders,
+    "Content-Length": String(fileSizeBytes)
+  };
+
+  const response = await fetch(uploadUrl, {
+    method: "PUT",
+    headers,
+    body: createReadStream(filePath),
+    duplex: "half"
+  });
+
+  if (!response.ok) {
+    const responseText = await response.text();
+    throw new Error(responseText || `Upload failed with HTTP ${response.status}`);
+  }
+}