fix(academy): type safety, cert persistence, regex guard, mixed-lesson video, shorts support

- Derive AcademyCertificate from db $inferSelect to prevent schema drift
- Add useCourseCertificate query hook; GET /api/academy/certificates now accepts courseId for authenticated lookup
- Use useCourseCertificate in CourseProgress so certificate state survives page refresh
- Guard new RegExp(valuePattern) in validation.ts with try/catch; log warn on invalid pattern
- Add logger.warn for custom validation rules so content authors are alerted
- Add YouTube Shorts URL support to LessonVideo (youtube.com/shorts/VIDEO_ID)
- Fix mixed-lesson video gap: render videoUrl above quiz when mixed has quiz but no exercise
- Add academy-scoped not-found.tsx with link back to /academy

Author: waleedlatif1

apps/sim/app/academy/(catalog)/[courseSlug]/components/course-progress.tsx

@@ -6,7 +6,7 @@ import Link from 'next/link'
 import { getCompletedLessons } from '@/lib/academy/local-progress'
 import type { Course } from '@/lib/academy/types'
 import { useSession } from '@/lib/auth/auth-client'
-import { useIssueCertificate } from '@/hooks/queries/academy'
+import { useCourseCertificate, useIssueCertificate } from '@/hooks/queries/academy'
 
 interface CourseProgressProps {
   course: Course
@@ -20,7 +20,10 @@ export function CourseProgress({ course, courseSlug }: CourseProgressProps) {
     setCompletedIds(getCompletedLessons())
   }, [])
   const { data: session } = useSession()
-  const { mutate: issueCertificate, isPending, data: certificate, error } = useIssueCertificate()
+  const { data: fetchedCert } = useCourseCertificate(session ? course.id : undefined)
+  const { mutate: issueCertificate, isPending, data: issuedCert, error } = useIssueCertificate()
+  // Prefer the server-fetched cert (survives page refresh) over the in-session mutation result.
+  const certificate = fetchedCert ?? issuedCert
 
   const allLessons = course.modules.flatMap((m) => m.lessons)
   const totalLessons = allLessons.length

apps/sim/app/academy/(catalog)/not-found.tsx

@@ -0,0 +1,19 @@
+import Link from 'next/link'
+
+export default function AcademyNotFound() {
+  return (
+    <main className='flex flex-1 flex-col items-center justify-center px-6 py-32 text-center'>
+      <p className='mb-2 font-mono text-[#555] text-[13px] uppercase tracking-widest'>404</p>
+      <h1 className='mb-3 font-[430] text-[#ECECEC] text-[28px] leading-[120%]'>Page not found</h1>
+      <p className='mb-8 text-[#666] text-[15px]'>
+        That course or lesson doesn't exist in the Academy.
+      </p>
+      <Link
+        href='/academy'
+        className='rounded-[5px] bg-[#ECECEC] px-5 py-2.5 font-[430] text-[#1C1C1C] text-[14px] transition-colors hover:bg-white'
+      >
+        Back to Academy
+      </Link>
+    </main>
+  )
+}

apps/sim/app/academy/[courseSlug]/[lessonSlug]/page.tsx

@@ -165,7 +165,8 @@ export default function LessonPage({ params }: LessonPageProps) {
             )}
             {!hasExercise && hasQuiz && (
               <div className='flex-1 overflow-y-auto p-8'>
-                <div className='mx-auto w-full max-w-xl'>
+                <div className='mx-auto w-full max-w-xl space-y-8'>
+                  {hasVideo && <LessonVideo url={lesson.videoUrl!} title={lesson.title} />}
                   <LessonQuiz
                     lessonId={lesson.id}
                     quizConfig={lesson.quizConfig!}

apps/sim/app/academy/components/lesson-video.tsx

@@ -37,6 +37,9 @@ function resolveEmbedUrl(url: string): string | null {
       return `https://www.youtube.com/embed${parsed.pathname}`
     }
     if (parsed.hostname.includes('youtube.com')) {
+      // Shorts: youtube.com/shorts/VIDEO_ID
+      const shortsMatch = parsed.pathname.match(/^\/shorts\/([^/?]+)/)
+      if (shortsMatch) return `https://www.youtube.com/embed/${shortsMatch[1]}`
       const v = parsed.searchParams.get('v')
       if (v) return `https://www.youtube.com/embed/${v}`
     }

apps/sim/app/api/academy/certificates/route.ts

@@ -135,27 +135,53 @@ export async function POST(req: NextRequest) {
 /**
  * GET /api/academy/certificates?certificateNumber=SIM-2026-00042
  * Public endpoint for verifying a certificate by its number.
+ *
+ * GET /api/academy/certificates?courseId=...
+ * Authenticated endpoint for looking up the current user's certificate for a course.
  */
 export async function GET(req: NextRequest) {
   try {
     const { searchParams } = new URL(req.url)
     const certificateNumber = searchParams.get('certificateNumber')
+    const courseId = searchParams.get('courseId')
 
-    if (!certificateNumber) {
-      return NextResponse.json({ error: 'certificateNumber is required' }, { status: 400 })
+    if (certificateNumber) {
+      const [certificate] = await db
+        .select()
+        .from(academyCertificate)
+        .where(eq(academyCertificate.certificateNumber, certificateNumber))
+        .limit(1)
+
+      if (!certificate) {
+        return NextResponse.json({ error: 'Certificate not found' }, { status: 404 })
+      }
+      return NextResponse.json({ certificate })
     }
 
-    const [certificate] = await db
-      .select()
-      .from(academyCertificate)
-      .where(eq(academyCertificate.certificateNumber, certificateNumber))
-      .limit(1)
+    if (courseId) {
+      const session = await getSession()
+      if (!session?.user?.id) {
+        return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+      }
 
-    if (!certificate) {
-      return NextResponse.json({ error: 'Certificate not found' }, { status: 404 })
+      const [certificate] = await db
+        .select()
+        .from(academyCertificate)
+        .where(
+          and(
+            eq(academyCertificate.userId, session.user.id),
+            eq(academyCertificate.courseId, courseId)
+          )
+        )
+        .limit(1)
+
+      return NextResponse.json({ certificate: certificate ?? null })
     }
 
-    return NextResponse.json({ certificate })
+    return NextResponse.json(
+      { error: 'certificateNumber or courseId query parameter is required' },
+      { status: 400 }
+    )
   } catch (error) {
     logger.error('Failed to verify certificate', { error })
     return NextResponse.json({ error: 'Failed to verify certificate' }, { status: 500 })

apps/sim/hooks/queries/academy.ts

@@ -1,10 +1,31 @@
-import { useMutation, useQueryClient } from '@tanstack/react-query'
+import { useMutation, useQuery, useQueryClient } from '@tanstack/react-query'
 import type { AcademyCertificate } from '@/lib/academy/types'
 import { fetchJson } from '@/hooks/selectors/helpers'
 
 export const academyKeys = {
   all: ['academy'] as const,
   certificates: () => [...academyKeys.all, 'certificate'] as const,
+  certificate: (courseId: string) => [...academyKeys.certificates(), courseId] as const,
+}
+
+async function fetchCourseCertificate(
+  courseId: string,
+  signal: AbortSignal
+): Promise<AcademyCertificate | null> {
+  const data = await fetchJson<{ certificate: AcademyCertificate | null }>(
+    `/api/academy/certificates?courseId=${encodeURIComponent(courseId)}`,
+    { signal }
+  )
+  return data.certificate
+}
+
+export function useCourseCertificate(courseId?: string) {
+  return useQuery({
+    queryKey: academyKeys.certificate(courseId ?? ''),
+    queryFn: ({ signal }) => fetchCourseCertificate(courseId as string, signal),
+    enabled: Boolean(courseId),
+    staleTime: 60 * 1000,
+  })
 }
 
 export function useIssueCertificate() {
@@ -16,8 +37,8 @@ export function useIssueCertificate() {
         headers: { 'Content-Type': 'application/json' },
         body: JSON.stringify(variables),
       }).then((d) => d.certificate),
-    onSettled: () => {
-      queryClient.invalidateQueries({ queryKey: academyKeys.certificates() })
+    onSettled: (_data, _error, variables) => {
+      queryClient.invalidateQueries({ queryKey: academyKeys.certificate(variables.courseId) })
     },
   })
 }

apps/sim/lib/academy/types.ts

@@ -2,6 +2,7 @@
  * Sim Academy — shared type definitions.
  * Course content is file-based (lib/academy/content/); only certificates are DB-backed.
  */
+import type { academyCertificate } from '@sim/db/schema'
 
 export type LessonType = 'video' | 'exercise' | 'quiz' | 'mixed'
 
@@ -38,25 +39,18 @@ export interface Lesson {
 
 export type AcademyCertStatus = 'active' | 'revoked' | 'expired'
 
-export interface AcademyCertificate {
-  id: string
-  userId: string
-  courseId: string
-  status: AcademyCertStatus
-  issuedAt: string
-  expiresAt: string | null
-  certificateNumber: string
-  metadata: CertificateMetadata | null
-  createdAt: string
-}
-
 export interface CertificateMetadata {
   /** Recipient name at time of issuance */
   recipientName: string
   /** Course title at time of issuance */
   courseTitle: string
 }
 
+/** Certificate record derived from the DB schema — metadata narrowed to its known shape. */
+export type AcademyCertificate = Omit<typeof academyCertificate.$inferSelect, 'metadata'> & {
+  metadata: CertificateMetadata | null
+}
+
 /**
  * Full configuration for an interactive canvas exercise.
  * Defined inline in each lesson file.

apps/sim/lib/academy/validation.ts

@@ -1,3 +1,4 @@
+import { createLogger } from '@sim/logger'
 import type {
   ExerciseBlockState,
   ExerciseEdgeState,
@@ -6,6 +7,8 @@ import type {
   ValidationRuleResult,
 } from '@/lib/academy/types'
 
+const logger = createLogger('AcademyValidation')
+
 /**
  * Validates a learner's exercise canvas state against a set of rules.
  * Runs identically on the client (real-time feedback) and server (progress recording).
@@ -47,8 +50,18 @@ function checkRule(
         const value = b.subBlocks?.[rule.subBlockId]
         if (rule.valueNotEmpty && (value === undefined || value === null || value === ''))
           return false
-        if (rule.valuePattern && !new RegExp(rule.valuePattern).test(String(value ?? '')))
-          return false
+        if (rule.valuePattern) {
+          let regex: RegExp
+          try {
+            regex = new RegExp(rule.valuePattern)
+          } catch {
+            logger.warn('Invalid valuePattern in block_configured rule', {
+              pattern: rule.valuePattern,
+            })
+            return false
+          }
+          if (!regex.test(String(value ?? ''))) return false
+        }
         return true
       })
     }
@@ -73,7 +86,11 @@ function checkRule(
     }
 
     case 'custom': {
-      // Custom validators run client-side via a registry; server always passes them
+      // Custom validators run client-side via a registry; server always passes them.
+      // Log a warning so content authors know if a custom validatorId is unrecognised.
+      logger.warn('Custom validation rule encountered — no client registry implementation', {
+        validatorId: rule.validatorId,
+      })
       return true
     }
   }