fix(cli): register --server <unreachable> now fails with network_error (#72)

Chosen9115 · claude · web-flow · commit 8e02e63115e9 · 2026-06-11T23:37:05.000-04:00
cmd_register ran its own curl with `… || true`, throwing away curl's exit code. When the connection fails, `-w "%{http_code}"` prints "000"; both the fallback (4xx) and error (>= 400) checks are false for "000", so an unreachable --server fell through to the success path and exited 0 — the CLI silently claimed a registration that never happened. Capture curl's exit code (no `|| true`) and treat a non-zero exit OR an HTTP "000" as a network_error, on both the JSON-wrapped POST and the raw-YAML fallback. Mirrors api_call's existing handling. The regression test (U2a #10) is hardened: it isolates OPENSOP_HOME so --server is the only URL source (a developer's ~/.opensop would otherwise mask the failure and the test could pass for the wrong reason) and asserts the error code is network_error. Verified: pre-fix the test fails with the exact reported symptom ("got exit 0"); post-fix the suite is 289 PASS. Co-authored-by: Carlos <carlos> Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
diff --git a/cli/CHANGELOG.md b/cli/CHANGELOG.md
@@ -23,6 +23,18 @@ This project follows [Semantic Versioning](https://semver.org/) and the
   always returns 0. Added a source-level guard in `test/test.sh` forbidding standalone
   `(( var++ ))` / `(( var-- ))` increments so the footgun cannot reappear.
 
+- **`register --server <unreachable>` exited 0 instead of failing.**
+  `cmd_register` ran its own `curl` with `… || true`, discarding curl's exit
+  code, and `-w "%{http_code}"` prints `000` when no connection is made. Both
+  the fallback check (`4xx`) and the error check (`>= 400`) are false for `000`,
+  so an unreachable server fell through to the success path and exited 0 — the
+  CLI silently reported a registration that never happened. Now curl's exit code
+  is captured (no `|| true`) and a non-zero exit or an HTTP `000` code is treated
+  as a `network_error` (mirroring `api_call`), applied to both the JSON-wrapped
+  POST and the raw-YAML fallback. The regression test isolates `OPENSOP_HOME` so
+  `--server` is the only URL source and asserts the `network_error` code, rather
+  than passing for the wrong reason when a developer `~/.opensop` is present.
+
 ## [0.8.0] — 2026-06-11
 
 > **BREAKING:** The default backend is now **LOCAL**. Commands that previously hit a remote server by default now run locally (no server, no curl). Scripts relying on the old default-remote behaviour must add `--remote` (uses the configured `OPENSOP_URL`) or `--server <url>`. The `--local` flag is now a deprecated no-op and can be omitted — it is still accepted for script compatibility but prints a deprecation note to stderr.
diff --git a/cli/bin/opensop b/cli/bin/opensop
@@ -1662,7 +1662,17 @@ cmd_register() {
   [[ -n "${OPENSOP_TOKEN:-}" ]] && curl_args+=(-H "X-SOP-Token: $OPENSOP_TOKEN")
   curl_args+=(-d "$body")
 
-  status=$(curl "${curl_args[@]}" "$url" 2>/dev/null || true)
+  # A failed connection is a network error, NOT a success. curl exits non-zero
+  # (e.g. 7, connection refused) and `-w "%{http_code}"` prints "000" when no
+  # HTTP response was received. Capture curl's exit (don't `|| true` it away)
+  # and treat either signal as a network_error — otherwise an unreachable
+  # `--server` falls through to the success path and exits 0. Mirrors api_call.
+  local curl_rc=0
+  status=$(curl "${curl_args[@]}" "$url" 2>/dev/null) || curl_rc=$?
+  if (( curl_rc != 0 )) || [[ "$status" == "000" ]]; then
+    rm -f "$tmp_resp"
+    die "request failed: POST $url" "network_error" "is the server reachable at ${OPENSOP_URL%/}?"
+  fi
 
   if [[ "$status" -ge 400 && "$status" -lt 500 ]]; then
     # Fall back to raw YAML body.
@@ -1673,7 +1683,12 @@ cmd_register() {
       -w "%{http_code}")
     [[ -n "${OPENSOP_TOKEN:-}" ]] && curl_args+=(-H "X-SOP-Token: $OPENSOP_TOKEN")
     curl_args+=(--data-binary "@$file")
-    status=$(curl "${curl_args[@]}" "$url" 2>/dev/null || true)
+    curl_rc=0
+    status=$(curl "${curl_args[@]}" "$url" 2>/dev/null) || curl_rc=$?
+    if (( curl_rc != 0 )) || [[ "$status" == "000" ]]; then
+      rm -f "$tmp_resp"
+      die "request failed: POST $url" "network_error" "is the server reachable at ${OPENSOP_URL%/}?"
+    fi
   fi
 
   resp=$(cat "$tmp_resp")
diff --git a/cli/test/test.sh b/cli/test/test.sh
@@ -3475,13 +3475,19 @@ echo "$u2a_reg_out" | jq -r '.hint' | grep -q "\-\-remote\|\-\-server" \
 echo "PASS: U2a register no --remote — exits non-zero with usage_error, hint mentions --remote/--server"
 
 # --- (10) 'register --server http://127.0.0.1:1' → attempts remote (fails with network error) ---
+# OPENSOP_HOME isolates from any developer ~/.opensop config so --server is the
+# only URL source — otherwise a configured URL would mask the network failure
+# and the test could pass for the wrong reason. A curl that can't connect prints
+# HTTP code "000"; register must treat that as a network_error, not a success.
 set +e
-"$cli" --server http://127.0.0.1:1 register "$u2a_proc" --json >/dev/null 2>&1
+u2a_reg_server_out="$(OPENSOP_HOME="$u2a_home" "$cli" --server http://127.0.0.1:1 register "$u2a_proc" --json 2>&1)"
 u2a_reg_server_rc=$?
 set -e
 [ "$u2a_reg_server_rc" -ne 0 ] \
   || { echo "FAIL: U2a register --server <url> should fail (no server at 127.0.0.1:1), got exit 0"; exit 1; }
-echo "PASS: U2a register --server <url> — attempts remote (fails with network error, not usage_error)"
+echo "$u2a_reg_server_out" | jq -e '.error == "network_error"' >/dev/null \
+  || { echo "FAIL: U2a register --server <unreachable> should emit network_error (curl 000 must not be treated as success), got: $u2a_reg_server_out"; exit 1; }
+echo "PASS: U2a register --server <url> — unreachable server yields network_error (curl 000 not treated as success)"
 
 # --- (11) 'run' with NO flag, explicitly NO --local — the file path form ---
 # Exercise that the default-local path works when --local is ABSENT entirely.
