socket 1.1.114 → 1.1.116

package/dist/types/commands/ci/fetch-default-org-slug.d.mts.map

@@ -1 +1 @@
-{"version":3,"file":"fetch-default-org-slug.d.mts","sourceRoot":"","sources":["../../../../src/commands/ci/fetch-default-org-slug.mts"],"names":[],"mappings":"AAMA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,iBAAiB,CAAA;AAE9C,sEAAsE;AACtE,wBAAsB,iBAAiB,CACrC,OAAO,CAAC,EAAE,OAAO,GAChB,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAoD1B"}
+{"version":3,"file":"fetch-default-org-slug.d.mts","sourceRoot":"","sources":["../../../../src/commands/ci/fetch-default-org-slug.mts"],"names":[],"mappings":"AAMA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,iBAAiB,CAAA;AAE9C,sEAAsE;AACtE,wBAAsB,iBAAiB,CACrC,OAAO,CAAC,EAAE,OAAO,GAChB,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAwD1B"}

package/dist/types/utils/dlx.d.mts.map

@@ -1 +1 @@
-{"version":3,"file":"dlx.d.mts","sourceRoot":"","sources":["../../../src/utils/dlx.mts"],"names":[],"mappings":"AA0CA,OAAO,KAAK,EAAE,gBAAgB,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAA;AAC/E,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,cAAc,CAAA;AAC3C,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,oCAAoC,CAAA;AAMpE,MAAM,MAAM,UAAU,GAAG,gBAAgB,GAAG;IAC1C,KAAK,CAAC,EAAE,OAAO,GAAG,SAAS,CAAA;IAC3B,KAAK,CAAC,EAAE,KAAK,GAAG,MAAM,GAAG,MAAM,GAAG,SAAS,CAAA;IAC3C,MAAM,CAAC,EAAE,OAAO,GAAG,SAAS,CAAA;CAC7B,CAAA;AAED,MAAM,MAAM,cAAc,GAAG;IAC3B,IAAI,EAAE,MAAM,CAAA;IACZ,OAAO,EAAE,MAAM,CAAA;CAChB,CAAA;AAQD;;;;GAIG;AACH,wBAAsB,QAAQ,CAC5B,WAAW,EAAE,cAAc,EAC3B,IAAI,EAAE,MAAM,EAAE,GAAG,SAAS,MAAM,EAAE,EAClC,OAAO,CAAC,EAAE,UAAU,GAAG,SAAS,EAChC,UAAU,CAAC,EAAE,UAAU,GAAG,SAAS,GAClC,OAAO,CAAC,eAAe,CAAC,CAwG1B;AAED,MAAM,MAAM,eAAe,GAAG,UAAU,GAAG;IACzC,YAAY,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;CAClC,CAAA;AAuKD;;;;;;;;;;;;;GAaG;AACH,wBAAsB,aAAa,CACjC,IAAI,EAAE,MAAM,EAAE,GAAG,SAAS,MAAM,EAAE,EAClC,OAAO,CAAC,EAAE,MAAM,EAChB,OAAO,CAAC,EAAE,eAAe,GAAG,SAAS,EACrC,UAAU,CAAC,EAAE,UAAU,GAAG,SAAS,GAClC,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAuI1B;AAsED;;GAEG;AACH,wBAAsB,cAAc,CAClC,IAAI,EAAE,MAAM,EAAE,GAAG,SAAS,MAAM,EAAE,EAClC,OAAO,CAAC,EAAE,UAAU,GAAG,SAAS,EAChC,UAAU,CAAC,EAAE,UAAU,GAAG,SAAS,GAClC,OAAO,CAAC,eAAe,CAAC,CAU1B;AAED;;GAEG;AACH,wBAAsB,YAAY,CAChC,IAAI,EAAE,MAAM,EAAE,GAAG,SAAS,MAAM,EAAE,EAClC,OAAO,CAAC,EAAE,UAAU,GAAG,SAAS,EAChC,UAAU,CAAC,EAAE,UAAU,GAAG,SAAS,GAClC,OAAO,CAAC,eAAe,CAAC,CAU1B"}
+{"version":3,"file":"dlx.d.mts","sourceRoot":"","sources":["../../../src/utils/dlx.mts"],"names":[],"mappings":"AA0CA,OAAO,KAAK,EAAE,gBAAgB,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAA;AAC/E,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,cAAc,CAAA;AAC3C,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,oCAAoC,CAAA;AAMpE,MAAM,MAAM,UAAU,GAAG,gBAAgB,GAAG;IAC1C,KAAK,CAAC,EAAE,OAAO,GAAG,SAAS,CAAA;IAC3B,KAAK,CAAC,EAAE,KAAK,GAAG,MAAM,GAAG,MAAM,GAAG,SAAS,CAAA;IAC3C,MAAM,CAAC,EAAE,OAAO,GAAG,SAAS,CAAA;CAC7B,CAAA;AAED,MAAM,MAAM,cAAc,GAAG;IAC3B,IAAI,EAAE,MAAM,CAAA;IACZ,OAAO,EAAE,MAAM,CAAA;CAChB,CAAA;AAQD;;;;GAIG;AACH,wBAAsB,QAAQ,CAC5B,WAAW,EAAE,cAAc,EAC3B,IAAI,EAAE,MAAM,EAAE,GAAG,SAAS,MAAM,EAAE,EAClC,OAAO,CAAC,EAAE,UAAU,GAAG,SAAS,EAChC,UAAU,CAAC,EAAE,UAAU,GAAG,SAAS,GAClC,OAAO,CAAC,eAAe,CAAC,CAwG1B;AAED,MAAM,MAAM,eAAe,GAAG,UAAU,GAAG;IACzC,YAAY,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;CAClC,CAAA;AAuKD;;;;;;;;;;;;;GAaG;AACH,wBAAsB,aAAa,CACjC,IAAI,EAAE,MAAM,EAAE,GAAG,SAAS,MAAM,EAAE,EAClC,OAAO,CAAC,EAAE,MAAM,EAChB,OAAO,CAAC,EAAE,eAAe,GAAG,SAAS,EACrC,UAAU,CAAC,EAAE,UAAU,GAAG,SAAS,GAClC,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAyJ1B;AAsHD;;GAEG;AACH,wBAAsB,cAAc,CAClC,IAAI,EAAE,MAAM,EAAE,GAAG,SAAS,MAAM,EAAE,EAClC,OAAO,CAAC,EAAE,UAAU,GAAG,SAAS,EAChC,UAAU,CAAC,EAAE,UAAU,GAAG,SAAS,GAClC,OAAO,CAAC,eAAe,CAAC,CAU1B;AAED;;GAEG;AACH,wBAAsB,YAAY,CAChC,IAAI,EAAE,MAAM,EAAE,GAAG,SAAS,MAAM,EAAE,EAClC,OAAO,CAAC,EAAE,UAAU,GAAG,SAAS,EAChC,UAAU,CAAC,EAAE,UAAU,GAAG,SAAS,GAClC,OAAO,CAAC,eAAe,CAAC,CAU1B"}

package/dist/utils.js

@@ -3821,7 +3821,12 @@ async function getDefaultOrgSlug(silence) {
       data: `No organization associated with the Socket API token. Unable to continue.`
     };
   }
-  const slug = organizations[keys[0]]?.name ?? undefined;
+
+  // Use the org's URL-safe `slug`, not its display `name`: this value is
+  // exported as SOCKET_ORG_SLUG for the Coana CLI, which resolves the org by
+  // slug. `name` is the human-readable display name (and may be null), so using
+  // it here produced a wrong/empty org identifier.
+  const slug = organizations[0]?.slug ?? undefined;
   if (!slug) {
     return {
       ok: false,
@@ -5469,6 +5474,18 @@ async function spawnCoanaDlx(args, orgSlug, options, spawnExtra) {
       cwd: dlxOptions.cwd
     }, spawnExtra);
   }
+
+  // `shadowNpmBase` (the dlx launcher) configures the child's stdio from its
+  // `options` arg, NOT from the registry-spawn `extra` arg — the latter only
+  // attaches metadata to the result. Callers that requested streaming via
+  // `spawnExtra` (the 4th arg), e.g. `{ stdio: 'inherit' }` from
+  // `socket manifest gradle`, were therefore silently ignored on this path:
+  // Coana ran piped and its output — including the real failure reason — never
+  // reached the user, leaving only an unhelpful "command failed". Promote the
+  // requested stdio into the dlx options so it is honored here too.
+  // `spawnCoanaScriptViaNode` already reads `spawnExtra.stdio` for the
+  // local-path and npm-install branches, so this aligns all three paths.
+  const requestedStdio = spawnExtra?.['stdio'] ?? require$$11.getOwn(dlxOptions, 'stdio');
   try {
     // Use npm/dlx version.
     const result = await spawnDlx({
@@ -5476,8 +5493,16 @@ async function spawnCoanaDlx(args, orgSlug, options, spawnExtra) {
       version: resolvedVersion
     }, args, {
       force: true,
-      silent: true,
+      // Do NOT silence the launcher. `--silent` (npm loglevel silent) hides
+      // npm's own download/registry/launch errors, so when npx/pnpm-dlx fails
+      // to fetch @coana-tech/cli the user is left with a bare exit code and no
+      // cause. shadowNpmBase defaults to `--loglevel error`, which keeps real
+      // launcher errors visible while staying quiet on success.
+      silent: false,
       ...dlxOptions,
+      ...(requestedStdio === undefined ? {} : {
+        stdio: requestedStdio
+      }),
       env: finalEnv,
       ipc: {
         [constants.default.SOCKET_CLI_SHADOW_ACCEPT_RISKS]: true,
@@ -5503,7 +5528,7 @@ async function spawnCoanaDlx(args, orgSlug, options, spawnExtra) {
     if (!shouldFallbackOnDlxError(e)) {
       return dlxError;
     }
-    logger.logger.warn('Coana dlx invocation failed before Coana started; falling back to `npm install` + `node`.');
+    logger.logger.warn('Coana dlx invocation failed; retrying via `npm install` + `node`.');
     const fallbackResult = await spawnCoanaViaNpmInstall(args, resolvedVersion, finalEnv, {
       cwd: dlxOptions.cwd
     }, spawnExtra);
@@ -5539,10 +5564,29 @@ async function spawnCoanaDlx(args, orgSlug, options, spawnExtra) {
  *    rather than blindly re-running Coana.
  */
 function shouldFallbackOnDlxError(e) {
-  const capturedStderr = String(e?.stderr ?? '');
-  if (capturedStderr && /Coana CLI version/i.test(capturedStderr)) {
+  // Coana clearly ran (its banner is in the captured stderr) → any later
+  // non-zero exit is a real Coana failure and retrying would hit it again.
+  if (coanaBannerSeen(e)) {
     return false;
   }
+  return dlxLauncherFailedBeforeCoana(e);
+}
+
+/**
+ * Heuristic: did the dlx launcher (npx / pnpm dlx / yarn dlx) fail BEFORE the
+ * Coana process itself started? True for spawn-level errors (a string `code`
+ * like ENOENT), signal kills, and exit codes >= 128 (conventionally
+ * signal-derived) — all cases where the launcher, not Coana, is the culprit
+ * (e.g. npx missing from PATH, or @coana-tech/cli failing to download). A small
+ * integer exit code is deliberately NOT treated as a launch failure: Coana's
+ * own exit codes are small integers too, so it is genuinely ambiguous.
+ *
+ * Caveat: a launcher that fails to download the package can also exit with a
+ * small integer (npm/npx often exit 1), which lands in the ambiguous bucket.
+ * We cannot disambiguate those from a real Coana exit without inspecting the
+ * launcher's output, so the npm-install fallback does not fire for them.
+ */
+function dlxLauncherFailedBeforeCoana(e) {
   const code = e?.code;
   // Spawn-level failure (e.g. ENOENT when npx is missing from PATH).
   if (typeof code === 'string') {
@@ -5554,10 +5598,18 @@ function shouldFallbackOnDlxError(e) {
   }
   // Exit codes >= 128 are conventionally signal-derived, and the observed
   // npx-launcher failures in the wild fall into this range (e.g. 249, 254).
-  if (typeof code === 'number' && code >= 128) {
-    return true;
-  }
-  return false;
+  return typeof code === 'number' && code >= 128;
+}
+
+/**
+ * Definitive proof Coana actually booted: its startup banner appears in the
+ * captured stderr. Only available when the launcher's output was piped
+ * (captured); with inherited stdio there is nothing to inspect, so this
+ * returns false (the failure is then classified by exit code / signal alone).
+ */
+function coanaBannerSeen(e) {
+  const capturedStderr = String(e?.stderr ?? '');
+  return !!capturedStderr && /Coana CLI version/i.test(capturedStderr);
 }
 
 /**
@@ -5566,6 +5618,7 @@ function shouldFallbackOnDlxError(e) {
  */
 function buildDlxErrorResult(e) {
   const stderr = e?.stderr;
+  const stdout = e?.stdout;
   const exitCode = e?.code;
   const signal = e?.signal;
   const cause = getErrorCause(e);
@@ -5577,7 +5630,29 @@ function buildDlxErrorResult(e) {
     details.push(`signal ${signal}`);
   }
   const detailSuffix = details.length ? ` (${details.join(', ')})` : '';
-  const message = stderr ? `Coana command failed${detailSuffix}: ${stderr}` : `Coana command failed${detailSuffix}: ${cause}`;
+  // Prefer captured stderr, then stdout, then the generic spawn error. Coana
+  // logs some failures (e.g. unresolved Gradle dependencies) to stdout, so
+  // without the stdout fallback a piped failure collapsed to an unhelpful
+  // "command failed" even when the real reason was captured.
+  const detail = stderr || stdout || cause;
+  // Be honest about WHERE the failure happened. On the dlx path the spawned
+  // process is the package-manager launcher (npx / pnpm dlx / yarn dlx), which
+  // downloads @coana-tech/cli and only then runs it — so a failure may be the
+  // launcher dying before Coana ever started, not Coana itself. We can only be
+  // CERTAIN of that for a spawn-level error (a string `code` like ENOENT: the
+  // launcher binary could not start, so Coana provably never ran). A non-zero
+  // exit or signal is genuinely ambiguous — Coana may have started, streamed
+  // output, and then died (e.g. OOM), or the launcher may have failed to fetch
+  // the package — and with inherited stdio there is no captured output to tell
+  // them apart, so we must not assert either way.
+  let message;
+  if (coanaBannerSeen(e)) {
+    message = `Coana command failed${detailSuffix}: ${detail}`;
+  } else if (typeof e?.code === 'string') {
+    message = `Failed to launch Coana via the package manager${detailSuffix} — the npx/pnpm-dlx/yarn-dlx launcher could not start (e.g. it is missing from PATH): ${detail}`;
+  } else {
+    message = `Coana failed to run via the package manager${detailSuffix}: ${detail}`;
+  }
   return {
     ok: false,
     data: e,
@@ -8280,5 +8355,5 @@ exports.updateConfigValue = updateConfigValue;
 exports.walkNestedMap = walkNestedMap;
 exports.webLink = webLink;
 exports.writeSocketJson = writeSocketJson;
-//# debugId=3b36bb48-c24b-4b38-abfd-00291354493e
+//# debugId=94ef2183-dca4-487d-a212-97d72c67367e
 //# sourceMappingURL=utils.js.map