coursecode 0.1.35 → 0.1.36

package/bin/cli.js

@@ -38,12 +38,14 @@ if (!process.env.NODE_EXTRA_CA_CERTS) {
   const certPath = await injectSystemCerts();
   if (certPath) {
     // macOS/Linux: re-exec with NODE_EXTRA_CA_CERTS pointing to PEM file
-    const { execFileSync } = await import('child_process');
-    execFileSync(process.execPath, process.argv.slice(1), {
+    const { spawnSync } = await import('child_process');
+    const result = spawnSync(process.execPath, process.argv.slice(1), {
       env: { ...process.env, NODE_EXTRA_CA_CERTS: certPath },
       stdio: 'inherit',
     });
-    process.exit(0);
+    if (result.error) throw result.error;
+    if (result.signal) process.kill(process.pid, result.signal);
+    process.exit(result.status ?? 0);
   }
   // Windows: win-ca already injected certs in-process — continue normally
 }
@@ -425,4 +427,37 @@ program
     await deleteCourse({ force: options.force, json: options.json, repairBinding: options.repairBinding });
   });
 
-program.parse();
+// Centralized failure handler for async command actions. Friendly errors
+// (anything thrown with a non-Node-internal `.message`) are printed as-is;
+// raw Node/undici errors are reduced to their message + code so users never
+// see deep internal stack frames.
+function reportFatal(err) {
+  if (!err) {
+    console.error('coursecode: command failed');
+    process.exit(1);
+  }
+  if (err.isUploadError) {
+    console.error('\n✗ ' + err.message + '\n');
+    process.exit(1);
+  }
+  const code = (err.cause && err.cause.code) || err.code;
+  const msg = err.message || String(err);
+  console.error('\n✗ ' + msg + (code ? `  (${code})` : ''));
+  if (process.env.COURSECODE_DEBUG) {
+    console.error('\n' + (err.stack || ''));
+    if (err.cause) console.error('Caused by:', err.cause);
+  } else {
+    console.error('  Re-run with COURSECODE_DEBUG=1 for a full stack trace.');
+  }
+  console.error('');
+  process.exit(1);
+}
+
+process.on('unhandledRejection', reportFatal);
+process.on('uncaughtException', reportFatal);
+
+if (process.argv.length <= 2) {
+  program.help();
+}
+
+program.parseAsync().catch(reportFatal);

package/lib/cloud.js

@@ -22,14 +22,9 @@ const packageJson = JSON.parse(fs.readFileSync(path.join(__dirname, '..', 'packa
 // CONSTANTS
 // =============================================================================
 
-const DEFAULT_CLOUD_URL = 'https://coursecodecloud.com';
-// Fallback URL used automatically when the primary domain is blocked by a
-// corporate web filter (e.g. Zscaler URL categorization). *.vercel.app is
-// in a trusted platform category and is unlikely to be categorized as unknown.
-const FALLBACK_CLOUD_URL = 'https://coursecode-cloud-web.vercel.app';
+const DEFAULT_CLOUD_URL = 'https://www.coursecodecloud.com';
 const LOCAL_CLOUD_URL = 'http://localhost:3000';
 let useLocal = false;
-let activeCloudUrl = null;
 const CREDENTIALS_DIR = path.join(os.homedir(), '.coursecode');
 const CREDENTIALS_PATH = path.join(CREDENTIALS_DIR, 'credentials.json');
 const PROJECT_CONFIG_DIR = '.coursecode';
@@ -88,26 +83,18 @@ function readCredentials() {
   }
 }
 
-function writeCredentials(token, cloudUrl = DEFAULT_CLOUD_URL) {
+function writeCredentials(token) {
   fs.mkdirSync(CREDENTIALS_DIR, { recursive: true });
-  const data = JSON.stringify({ token, cloud_url: cloudUrl }, null, 2);
+  const data = JSON.stringify({ token }, null, 2);
   fs.writeFileSync(getCredentialsPath(), data, { mode: 0o600 });
 }
 
-function updateCredentialsCloudUrl(cloudUrl) {
-  const creds = readCredentials();
-  if (!creds?.token) return;
-  writeCredentials(creds.token, cloudUrl);
-}
-
 function deleteCredentials() {
   try { fs.unlinkSync(getCredentialsPath()); } catch { /* already gone */ }
 }
 
 function getCloudUrl() {
-  if (useLocal) return LOCAL_CLOUD_URL;
-  if (activeCloudUrl) return activeCloudUrl;
-  return readCredentials()?.cloud_url || DEFAULT_CLOUD_URL;
+  return useLocal ? LOCAL_CLOUD_URL : DEFAULT_CLOUD_URL;
 }
 
 /**
@@ -116,7 +103,6 @@ function getCloudUrl() {
  */
 export function setLocalMode() {
   useLocal = true;
-  activeCloudUrl = LOCAL_CLOUD_URL;
 }
 
 // =============================================================================
@@ -300,9 +286,6 @@ async function resolveStaleBinding({
  * Make an authenticated request to the Cloud API.
  * Handles User-Agent, Bearer token, and error formatting per §7.
  *
- * Automatically retries against FALLBACK_CLOUD_URL when the primary URL
- * returns an HTML block page (corporate web filter / Zscaler URL categorization).
- *
  * @param {string} urlPath - API path (e.g. '/api/cli/whoami')
  * @param {object} options - fetch options (method, body, headers, etc.)
  * @param {string} [token] - Override token (for unauthenticated requests)
@@ -316,68 +299,29 @@ async function cloudFetch(urlPath, options = {}, token = null) {
   };
   if (token) headers['Authorization'] = `Bearer ${token}`;
 
-  const attemptFetch = async (baseUrl) => {
-    const url = `${baseUrl}${urlPath}`;
-    try {
-      return await fetch(url, { ...options, headers });
-    } catch {
-      return null; // Connection failed
-    }
-  };
-
-  const primaryUrl = getCloudUrl();
-  const res = await attemptFetch(primaryUrl);
-
-  if (!res) {
-    // Primary unreachable — try fallback before giving up
-    if (!useLocal) {
-      const fallback = await attemptFetch(FALLBACK_CLOUD_URL);
-      if (fallback) {
-        activeCloudUrl = FALLBACK_CLOUD_URL;
-        return fallback;
-      }
-    }
-    console.error('\n❌ Could not connect to CourseCode Cloud. Check your internet connection.\n');
+  const baseUrl = getCloudUrl();
+  const url = `${baseUrl}${urlPath}`;
+  let res;
+  try {
+    res = await fetch(url, { ...options, headers });
+  } catch (err) {
+    const host = new URL(baseUrl).host;
+    const code = (err && err.cause && err.cause.code) || err?.code;
+    console.error(`\n❌ Could not connect to ${host}${code ? ` (${code})` : ''}.`);
+    console.error('   Check your internet connection. If on a corporate or school network,');
+    console.error(`   ask IT to whitelist ${host}.\n`);
     process.exit(1);
   }
 
-  // Peek at the body: if it's an HTML block page, silently retry on the fallback.
-  // We must buffer the text here since Response bodies can only be read once.
+  // Buffer the body once so handleResponse can re-read it, and so we can
+  // detect HTML block pages from corporate web filters (Zscaler, etc.).
   const text = await res.text();
 
-  // Token may be valid on the alternate cloud origin. Before triggering re-auth,
-  // retry authenticated 401s once on the other known origin.
-  if (res.status === 401 && token && !useLocal) {
-    const alternateUrl = primaryUrl === FALLBACK_CLOUD_URL ? DEFAULT_CLOUD_URL : FALLBACK_CLOUD_URL;
-    const alternateRes = await attemptFetch(alternateUrl);
-    if (alternateRes) {
-      const alternateText = await alternateRes.text();
-      if (!isBlockPage(alternateText) && alternateRes.status !== 401) {
-        activeCloudUrl = alternateUrl;
-        updateCredentialsCloudUrl(alternateUrl);
-        return syntheticResponse(alternateText, alternateRes.status);
-      }
-    }
-  }
-
-  if (isBlockPage(text) && !useLocal) {
-    const fallbackRes = await attemptFetch(FALLBACK_CLOUD_URL);
-    if (fallbackRes) {
-      const fallbackText = await fallbackRes.text();
-      if (!isBlockPage(fallbackText)) {
-        activeCloudUrl = FALLBACK_CLOUD_URL;
-        updateCredentialsCloudUrl(FALLBACK_CLOUD_URL);
-        // Fallback succeeded — return a synthetic Response with the buffered text
-        return syntheticResponse(fallbackText, fallbackRes.status);
-      }
-    }
-    // Both primary and fallback are blocked — surface the error
+  if (isBlockPage(text)) {
     reportBlockPage(text, res);
     process.exit(1);
   }
 
-  // Primary response is fine — return a synthetic Response with the buffered text
-  activeCloudUrl = primaryUrl;
   return syntheticResponse(text, res.status);
 }
 
@@ -406,17 +350,18 @@ function syntheticResponse(text, status) {
  * @param {Response} res - The fetch Response object
  */
 function reportBlockPage(body, res) {
+  const host = new URL(getCloudUrl()).host;
   const lower = body.toLowerCase();
   if (lower.includes('zscaler')) {
-    console.error('\n❌ coursecodecloud.com is blocked by Zscaler on your network.');
+    console.error(`\n❌ ${host} is blocked by Zscaler on your network.`);
   } else if (lower.includes('forcepoint') || lower.includes('websense')) {
-    console.error('\n❌ coursecodecloud.com is blocked by Forcepoint on your network.');
+    console.error(`\n❌ ${host} is blocked by Forcepoint on your network.`);
   } else if (lower.includes('barracuda')) {
-    console.error('\n❌ coursecodecloud.com is blocked by Barracuda on your network.');
+    console.error(`\n❌ ${host} is blocked by Barracuda on your network.`);
   } else {
-    console.error(`\n❌ Your network blocked coursecodecloud.com (HTTP ${res.status}).`);
+    console.error(`\n❌ Your network blocked ${host} (HTTP ${res.status}).`);
   }
-  console.error('   Ask your IT team to whitelist: coursecodecloud.com\n');
+  console.error(`   Ask your IT team to whitelist: ${host}\n`);
 }
 
 /**
@@ -613,7 +558,7 @@ async function runLoginFlow({ jsonMode = false } = {}) {
     if (data.pending) continue;
 
     if (data.token) {
-      writeCredentials(data.token, activeCloudUrl || getCloudUrl());
+      writeCredentials(data.token);
       log('  ✓ Logged in successfully\n');
       return data.token;
     }
@@ -647,8 +592,7 @@ async function runLegacyLoginFlow() {
     process.exit(1);
   }
 
-  const effectiveCloudUrl = activeCloudUrl || initialCloudUrl;
-  const loginUrl = `${effectiveCloudUrl}/auth/connect?session=${nonce}`;
+  const loginUrl = `${initialCloudUrl}/auth/connect?session=${nonce}`;
   console.log('  → Opening browser for authentication...');
   openBrowser(loginUrl);
 
@@ -669,7 +613,7 @@ async function runLegacyLoginFlow() {
     if (data.pending) continue;
 
     if (data.token) {
-      writeCredentials(data.token, activeCloudUrl || initialCloudUrl);
+      writeCredentials(data.token);
       console.log('  ✓ Logged in successfully');
       return data.token;
     }
@@ -940,6 +884,60 @@ export async function listCourses(options = {}) {
   }
 }
 
+/**
+ * Translate low-level fetch/undici errors from R2 PUTs into a friendly,
+ * actionable CLI error. Identifies the failing file and host, and attaches
+ * a hint when the cause is a known network condition (connect timeout, DNS,
+ * reset, TLS). The original error is preserved on `.cause`.
+ */
+function wrapUploadError(err, item) {
+  let host = '';
+  try { host = new URL(item.uploadUrl).host; } catch {}
+  const cause = err && err.cause;
+  const code = (cause && cause.code) || err.code || err.name;
+
+  let summary = `Failed to upload ${item.filePath}`;
+  let hint = '';
+
+  switch (code) {
+    case 'UND_ERR_CONNECT_TIMEOUT':
+    case 'ETIMEDOUT':
+    case 'TimeoutError':
+      summary += ` — could not reach ${host} (connect timeout)`;
+      hint = [
+        'This is a network problem between your machine and Cloudflare R2, not the Cloud service.',
+        'Try:',
+        '  • If on VPN or a corporate/school network, disconnect or whitelist *.r2.cloudflarestorage.com',
+        '  • Re-run with IPv4 first:  NODE_OPTIONS=--dns-result-order=ipv4first coursecode deploy',
+        '  • Test connectivity:       curl -v https://' + host + '/',
+      ].join('\n  ');
+      break;
+    case 'ENOTFOUND':
+    case 'EAI_AGAIN':
+      summary += ` — DNS lookup failed for ${host}`;
+      hint = 'Check your internet connection and DNS settings (e.g. switch to 1.1.1.1 or 8.8.8.8).';
+      break;
+    case 'ECONNRESET':
+    case 'UND_ERR_SOCKET':
+      summary += ` — connection to ${host} was reset mid-transfer`;
+      hint = 'Likely a flaky network or proxy interfering with the upload. Re-run the deploy.';
+      break;
+    case 'CERT_HAS_EXPIRED':
+    case 'UNABLE_TO_VERIFY_LEAF_SIGNATURE':
+    case 'SELF_SIGNED_CERT_IN_CHAIN':
+      summary += ` — TLS handshake with ${host} failed (${code})`;
+      hint = 'A SSL-inspecting proxy (e.g. Zscaler) is intercepting the connection. Trust the corporate root CA or whitelist *.r2.cloudflarestorage.com.';
+      break;
+    default:
+      summary += ` — ${err.message || code || 'unknown error'}`;
+  }
+
+  const wrapped = new Error(hint ? `${summary}\n  ${hint}` : summary);
+  wrapped.cause = err;
+  wrapped.isUploadError = true;
+  return wrapped;
+}
+
 /**
  * coursecode deploy — build, read files, batch presign + upload + finalize
  */
@@ -1147,22 +1145,34 @@ export async function deploy(options = {}) {
   for (const chunk of chunks) {
     await Promise.all(chunk.map(async (item) => {
       const fileData = fs.readFileSync(item.filePath);
+      let lastErr = null;
       for (let attempt = 0; attempt < MAX_RETRIES; attempt++) {
         try {
+          // 60s per attempt covers slow links; default undici connect timeout
+          // is only 10s which can fail spuriously on flaky networks/VPNs.
           const putRes = await fetch(item.uploadUrl, {
             method: 'PUT',
             headers: { 'Content-Type': item.contentType },
             body: fileData,
+            signal: AbortSignal.timeout(60_000),
           });
           if (!putRes.ok) {
-            throw new Error(`PUT failed: ${putRes.status}`);
+            throw new Error(`R2 responded ${putRes.status} ${putRes.statusText}`);
           }
+          lastErr = null;
           break;
         } catch (err) {
-          if (attempt === MAX_RETRIES - 1) throw err;
-          await new Promise(r => setTimeout(r, 500 * (attempt + 1)));
+          lastErr = err;
+          if (attempt === MAX_RETRIES - 1) break;
+          // Exponential backoff with jitter: ~1s, ~2s, ~4s.
+          const base = 1000 * Math.pow(2, attempt);
+          const jitter = Math.floor(Math.random() * 500);
+          await new Promise(r => setTimeout(r, base + jitter));
         }
       }
+      if (lastErr) {
+        throw wrapUploadError(lastErr, item);
+      }
       uploaded++;
       emitProgress('uploading', uploaded, distFiles.length);
       if (!options.json && process.stdout.isTTY) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "coursecode",
-  "version": "0.1.35",
+  "version": "0.1.36",
   "description": "Multi-format course authoring framework with CLI tools (SCORM 2004, SCORM 1.2, cmi5, LTI 1.3)",
   "type": "module",
   "bin": {