icoa-cli 2.19.3 → 2.19.4

package/dist/commands/ai4ctf.js

@@ -36,7 +36,7 @@ export async function handleChatMessage(input) {
         chatActive = false;
         chatSession = null;
         // Anonymous stats
-        fetch('https://practice.icoa2026.au:9090/api/icoa/demo-stats', {
+        fetch('https://practice.icoa2026.au/api/icoa/demo-stats', {
             method: 'POST',
             headers: { 'Content-Type': 'application/json' },
             body: JSON.stringify({ type: 'ai4ctf', tokensUsed: chatTokensUsed, timestamp: new Date().toISOString() }),

package/dist/commands/ctf4ai-demo.js

@@ -73,7 +73,7 @@ export async function handleCtf4aiMessage(input) {
     if (input === 'exit' || input === 'back' || input === 'quit') {
         ctf4aiActive = false;
         ctf4aiSession = null;
-        fetch('https://practice.icoa2026.au:9090/api/icoa/demo-stats', {
+        fetch('https://practice.icoa2026.au/api/icoa/demo-stats', {
             method: 'POST',
             headers: { 'Content-Type': 'application/json' },
             body: JSON.stringify({ type: 'ctf4ai', solved: false, tokensUsed: ctf4aiTokens, timestamp: new Date().toISOString() }),
@@ -90,7 +90,7 @@ export async function handleCtf4aiMessage(input) {
         console.log(chalk.white('  The AI held its ground this time. 💪'));
         ctf4aiActive = false;
         ctf4aiSession = null;
-        fetch('https://practice.icoa2026.au:9090/api/icoa/demo-stats', {
+        fetch('https://practice.icoa2026.au/api/icoa/demo-stats', {
             method: 'POST',
             headers: { 'Content-Type': 'application/json' },
             body: JSON.stringify({ type: 'ctf4ai', solved: false, tokensUsed: ctf4aiTokens, timestamp: new Date().toISOString() }),
@@ -121,7 +121,7 @@ export async function handleCtf4aiMessage(input) {
             console.log(chalk.gray('  This is prompt injection — a real AI vulnerability.'));
             ctf4aiActive = false;
             ctf4aiSession = null;
-            fetch('https://practice.icoa2026.au:9090/api/icoa/demo-stats', {
+            fetch('https://practice.icoa2026.au/api/icoa/demo-stats', {
                 method: 'POST',
                 headers: { 'Content-Type': 'application/json' },
                 body: JSON.stringify({ type: 'ctf4ai', solved: true, tokensUsed: ctf4aiTokens, timestamp: new Date().toISOString() }),

package/dist/commands/exam.js

@@ -811,7 +811,7 @@ export function registerExamCommand(program) {
         console.log();
         drawProgress(0, 'Validating token...');
         try {
-            const res = await fetch(`${serverUrl}:9090/api/icoa/exam-token`, {
+            const res = await fetch(`${serverUrl}/api/icoa/exam-token`, {
                 method: 'POST',
                 headers: { 'Content-Type': 'application/json' },
                 body: JSON.stringify({ token: code.trim() }),

package/dist/lib/ctfd-client.js

@@ -137,22 +137,34 @@ export class CTFdClient {
         return destPath;
     }
     async getTokenViaIcoaApi(username, password) {
-        // Try ICOA token API (port 9090) first
+        const body = JSON.stringify({ name: username, password });
+        const headers = { 'Content-Type': 'application/json' };
+        // Try via nginx proxy first (same origin, no port)
+        try {
+            const res = await fetch(`${this.baseUrl}/api/icoa/token`, {
+                method: 'POST', headers, body,
+                signal: AbortSignal.timeout(5000),
+            });
+            if (res.ok) {
+                const json = await res.json();
+                if (json.success && json.data?.token)
+                    return json.data.token;
+            }
+        }
+        catch { /* proxy not available */ }
+        // Fallback: direct port 9090
         try {
             const res = await fetch(`${this.baseUrl}:9090/api/icoa/token`, {
-                method: 'POST',
-                headers: { 'Content-Type': 'application/json' },
-                body: JSON.stringify({ name: username, password }),
+                method: 'POST', headers, body,
                 signal: AbortSignal.timeout(5000),
             });
             if (res.ok) {
                 const json = await res.json();
-                if (json.success && json.data?.token) {
+                if (json.success && json.data?.token)
                     return json.data.token;
-                }
             }
         }
-        catch { /* API not available, try standard flow */ }
+        catch { /* API not available */ }
         return null;
     }
     async loginWithCredentials(username, password) {

package/dist/lib/exam-client.d.ts

@@ -4,6 +4,7 @@ export declare class ExamClient {
     private token;
     constructor(baseUrl: string, token: string);
     private request;
+    private _fetch;
     getExams(): Promise<ExamListItem[]>;
     startExam(examId: string): Promise<{
         session: ExamSession;

package/dist/lib/exam-client.js

@@ -6,7 +6,23 @@ export class ExamClient {
         this.token = token;
     }
     async request(method, path, body) {
-        const url = `${this.baseUrl}:9090/api/icoa/exams${path}`;
+        // Try nginx proxy first, fallback to direct port
+        const urls = [
+            `${this.baseUrl}/api/icoa/exams${path}`,
+            `${this.baseUrl}:9090/api/icoa/exams${path}`,
+        ];
+        let lastError = null;
+        for (const url of urls) {
+            try {
+                return await this._fetch(method, url, body);
+            }
+            catch (e) {
+                lastError = e;
+            }
+        }
+        throw lastError || new Error('Exam API unreachable');
+    }
+    async _fetch(method, url, body) {
         const res = await fetch(url, {
             method,
             headers: {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "icoa-cli",
-  "version": "2.19.3",
+  "version": "2.19.4",
   "description": "ICOA CLI — The world's first CLI-native CTF competition terminal",
   "type": "module",
   "bin": {