npm - @synkro-sh/cli - Versions diffs - 1.0.2 → 1.0.4 - Mend

@synkro-sh/cli 1.0.2 → 1.0.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/bootstrap.js CHANGED Viewed

@@ -133,6 +133,16 @@ function installCCHooks(settingsPath, config) {
     ],
     [SYNKRO_MARKER]: true
   });
+  settings.hooks.PostToolUse.push({
+    matcher: "Bash",
+    hooks: [
+      {
+        type: "command",
+        command: config.bashFollowupScriptPath
+      }
+    ],
+    [SYNKRO_MARKER]: true
+  });
   settings.hooks.SessionEnd.push({
     hooks: [
       {
@@ -274,7 +284,7 @@ var init_mcpConfig = __esm({
 });
 // cli/installer/hookScripts.ts
-var CC_BASH_JUDGE_SCRIPT, CC_EDIT_PRECHECK_SCRIPT, CC_EDIT_CAPTURE_SCRIPT, CC_STOP_SUMMARY_SCRIPT, CC_SESSION_START_SCRIPT;
+var CC_BASH_JUDGE_SCRIPT, CC_EDIT_PRECHECK_SCRIPT, CC_EDIT_CAPTURE_SCRIPT, CC_STOP_SUMMARY_SCRIPT, CC_SESSION_START_SCRIPT, CC_BASH_FOLLOWUP_SCRIPT;
 var init_hookScripts = __esm({
   "cli/installer/hookScripts.ts"() {
     "use strict";
@@ -1183,6 +1193,48 @@ fi
 jq -n --arg sys_msg "$SYS_MSG" '{ systemMessage: $sys_msg }'
 exit 0
+`;
+    CC_BASH_FOLLOWUP_SCRIPT = `#!/bin/bash
+# Synkro PostToolUse Bash hook \u2014 minimal correction-followup fire.
+# No grading happens here; verdict already came from PreToolUse. This is just
+# the "user approved + agent ran it" capture.
+set -e
+CONFIG_FILE="$HOME/.synkro/config.env"
+if [ -f "$CONFIG_FILE" ]; then
+  set -a
+  # shellcheck disable=SC1090
+  . "$CONFIG_FILE"
+  set +a
+fi
+GATEWAY_URL="\${SYNKRO_GATEWAY_URL:-https://api.synkro.sh}"
+CREDS_PATH="\${SYNKRO_CREDENTIALS_PATH:-$HOME/.synkro/credentials.json}"
+if [ ! -f "$CREDS_PATH" ]; then echo '{}'; exit 0; fi
+JWT=$(jq -r '.access_token // empty' "$CREDS_PATH" 2>/dev/null)
+if [ -z "$JWT" ]; then echo '{}'; exit 0; fi
+PAYLOAD=$(cat)
+TOOL_NAME=$(echo "$PAYLOAD" | jq -r '.tool_name // empty' 2>/dev/null)
+if [ "$TOOL_NAME" != "Bash" ]; then echo '{}'; exit 0; fi
+SESSION_ID=$(echo "$PAYLOAD" | jq -r '.session_id // empty' 2>/dev/null)
+TOOL_USE_ID=$(echo "$PAYLOAD" | jq -r '.tool_use_id // empty' 2>/dev/null)
+if [ -z "$SESSION_ID" ] || [ -z "$TOOL_USE_ID" ]; then echo '{}'; exit 0; fi
+BODY=$(jq -n --arg sid "$SESSION_ID" --arg tid "$TOOL_USE_ID" \\
+  '{session_id: $sid, tool_use_id: $tid, decision: "allow"}')
+curl -sS -X POST "\${GATEWAY_URL}/api/v1/precheck-edit/correction-followup" \\
+  -H "Content-Type: application/json" \\
+  -H "Authorization: Bearer $JWT" \\
+  -d "$BODY" \\
+  --max-time 2 \\
+  >/dev/null 2>&1 || true
+echo '{}'
+exit 0
 `;
   }
 });
@@ -1543,22 +1595,26 @@ import { createServer } from "http";
 import { writeFileSync as writeFileSync3, readFileSync as readFileSync3, existsSync as existsSync4, mkdirSync as mkdirSync3, unlinkSync as unlinkSync2 } from "fs";
 import { homedir as homedir3, platform } from "os";
 import { join as join3, dirname as dirname3 } from "path";
-import { exec } from "child_process";
+import { execFile } from "child_process";
 import jwt from "jsonwebtoken";
 function openBrowser(url) {
   const os = platform();
-  let command;
+  let bin;
+  let args2;
   switch (os) {
     case "darwin":
-      command = `open "${url}"`;
+      bin = "open";
+      args2 = [url];
       break;
     case "win32":
-      command = `start "" "${url}"`;
+      bin = "cmd";
+      args2 = ["/c", "start", "", url];
       break;
     default:
-      command = `xdg-open "${url}"`;
+      bin = "xdg-open";
+      args2 = [url];
   }
-  exec(command, (error) => {
+  execFile(bin, args2, (error) => {
     if (error) {
       console.error("Failed to open browser automatically.");
       console.log(`Please open this URL manually: ${url}`);
@@ -1585,14 +1641,30 @@ function loadCredentials() {
 }
 function createCallbackServer() {
   const CORS_HEADERS = {
-    "Access-Control-Allow-Origin": "*",
-    "Access-Control-Allow-Methods": "GET, OPTIONS",
-    "Access-Control-Allow-Headers": "*"
+    "Access-Control-Allow-Origin": SYNKRO_WEB_AUTH_URL,
+    "Access-Control-Allow-Methods": "POST, OPTIONS",
+    "Access-Control-Allow-Headers": "Content-Type",
+    "Vary": "Origin"
   };
   return new Promise((resolve2, reject) => {
     const server = createServer((req, res) => {
       if (req.method === "OPTIONS") {
-        res.writeHead(204, CORS_HEADERS);
+        const origin = req.headers.origin;
+        if (origin === SYNKRO_WEB_AUTH_URL) {
+          res.writeHead(204, CORS_HEADERS);
+        } else {
+          res.writeHead(204, {
+            "Access-Control-Allow-Methods": "POST, OPTIONS",
+            "Access-Control-Allow-Headers": "Content-Type",
+            "Vary": "Origin"
+          });
+        }
+        res.end();
+        return;
+      }
+      const reqOrigin = req.headers.origin;
+      if (reqOrigin && reqOrigin !== SYNKRO_WEB_AUTH_URL) {
+        res.writeHead(403, { "Vary": "Origin" });
         res.end();
         return;
       }
@@ -1607,35 +1679,78 @@ function createCallbackServer() {
         res.end();
         return;
       }
-      const token = url.searchParams.get("token");
-      const refreshToken = url.searchParams.get("refresh_token") || "";
-      const userId = url.searchParams.get("user_id") || "";
-      const email = url.searchParams.get("email") || "";
-      const orgId = url.searchParams.get("org_id") || "";
-      const state = url.searchParams.get("state") || "";
-      if (!token) {
-        res.writeHead(400, { ...CORS_HEADERS, "Content-Type": "text/html" });
+      if (req.method !== "POST") {
+        res.writeHead(405, { ...CORS_HEADERS, "Allow": "POST, OPTIONS", "Content-Type": "text/html" });
         res.end(ERROR_HTML);
-        setTimeout(() => {
-          server.close();
-          reject(new Error("Authentication failed: missing token in callback"));
-        }, 500);
         return;
       }
-      const authData = {
-        access_token: token,
-        refresh_token: refreshToken,
-        user_id: userId || void 0,
-        email: email || void 0,
-        org_id: orgId || void 0,
-        state: state || void 0
-      };
-      res.writeHead(200, { ...CORS_HEADERS, "Content-Type": "text/html" });
-      res.end(SUCCESS_HTML);
-      setTimeout(() => {
-        server.close();
-        resolve2(authData);
-      }, 500);
+      const MAX_BODY = 16 * 1024;
+      const chunks = [];
+      let total = 0;
+      let aborted = false;
+      req.on("data", (chunk) => {
+        if (aborted) return;
+        total += chunk.length;
+        if (total > MAX_BODY) {
+          aborted = true;
+          res.writeHead(413, CORS_HEADERS);
+          res.end();
+          return;
+        }
+        chunks.push(chunk);
+      });
+      req.on("end", () => {
+        if (aborted) return;
+        let parsed;
+        try {
+          parsed = JSON.parse(Buffer.concat(chunks).toString("utf8"));
+        } catch {
+          res.writeHead(400, { ...CORS_HEADERS, "Content-Type": "application/json" });
+          res.end(JSON.stringify({ error: "invalid_json" }));
+          setTimeout(() => {
+            server.close();
+            reject(new Error("Authentication failed: invalid JSON body"));
+          }, 200);
+          return;
+        }
+        const token = parsed?.token;
+        if (!token || typeof token !== "string") {
+          res.writeHead(400, { ...CORS_HEADERS, "Content-Type": "application/json" });
+          res.end(JSON.stringify({ error: "missing_token" }));
+          setTimeout(() => {
+            server.close();
+            reject(new Error("Authentication failed: missing token"));
+          }, 200);
+          return;
+        }
+        const authData = {
+          access_token: token,
+          refresh_token: typeof parsed.refresh_token === "string" ? parsed.refresh_token : "",
+          user_id: typeof parsed.user_id === "string" ? parsed.user_id : void 0,
+          email: typeof parsed.email === "string" ? parsed.email : void 0,
+          org_id: typeof parsed.org_id === "string" ? parsed.org_id : void 0,
+          state: typeof parsed.state === "string" ? parsed.state : void 0
+        };
+        res.writeHead(200, { ...CORS_HEADERS, "Content-Type": "application/json" });
+        res.end(JSON.stringify({ ok: true }));
+        setTimeout(() => {
+          server.close();
+          resolve2(authData);
+        }, 200);
+      });
+      req.on("error", (e) => {
+        if (aborted) return;
+        aborted = true;
+        try {
+          res.writeHead(500, CORS_HEADERS);
+          res.end();
+        } catch {
+        }
+        setTimeout(() => {
+          server.close();
+          reject(e);
+        }, 200);
+      });
     });
     server.listen(PORT);
     server.on("error", (error) => {
@@ -1713,80 +1828,13 @@ function clearCredentials() {
     unlinkSync2(AUTH_FILE);
   }
 }
-var PORT, SYNKRO_WEB_AUTH_URL, AUTH_FILE, SUCCESS_HTML, ERROR_HTML;
+var PORT, SYNKRO_WEB_AUTH_URL, AUTH_FILE, ERROR_HTML;
 var init_stub = __esm({
   "cli/auth/stub.ts"() {
     "use strict";
     PORT = 8100;
-    SYNKRO_WEB_AUTH_URL = process.env.SYNKRO_WEB_AUTH_URL || "http://localhost:4322";
+    SYNKRO_WEB_AUTH_URL = process.env.SYNKRO_WEB_AUTH_URL || "https://app.synkro.sh";
     AUTH_FILE = process.env.SYNKRO_AUTH_FILE || join3(homedir3(), ".synkro", "credentials.json");
-    SUCCESS_HTML = `
-<!DOCTYPE html>
-<html>
-<head>
-    <title>Authentication Successful - Synkro CLI</title>
-    <style>
-        body {
-            font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Oxygen, Ubuntu, Cantarell, sans-serif;
-            display: flex;
-            justify-content: center;
-            align-items: center;
-            height: 100vh;
-            margin: 0;
-            background: linear-gradient(135deg, #667eea 0%, #764ba2 100%);
-        }
-        .container {
-            background: white;
-            padding: 3rem;
-            border-radius: 1rem;
-            box-shadow: 0 20px 60px rgba(0,0,0,0.3);
-            text-align: center;
-            max-width: 400px;
-        }
-        .checkmark {
-            width: 80px;
-            height: 80px;
-            border-radius: 50%;
-            background: #10b981;
-            margin: 0 auto 1.5rem;
-            display: flex;
-            align-items: center;
-            justify-content: center;
-        }
-        .checkmark svg {
-            width: 50px;
-            height: 50px;
-            stroke: white;
-        }
-        h1 {
-            color: #1f2937;
-            margin: 0 0 0.5rem;
-        }
-        p {
-            color: #6b7280;
-            margin: 0;
-        }
-        .close-note {
-            margin-top: 1.5rem;
-            font-size: 0.875rem;
-            color: #9ca3af;
-        }
-    </style>
-</head>
-<body>
-    <div class="container">
-        <div class="checkmark">
-            <svg fill="none" stroke="currentColor" viewBox="0 0 24 24">
-                <path stroke-linecap="round" stroke-linejoin="round" stroke-width="3" d="M5 13l4 4L19 7"></path>
-            </svg>
-        </div>
-        <h1>Authentication Successful!</h1>
-        <p>Your Synkro CLI has been authenticated.</p>
-        <p class="close-note">You can close this window and return to your terminal.</p>
-    </div>
-</body>
-</html>
-`;
     ERROR_HTML = `
 <!DOCTYPE html>
 <html>
@@ -1865,22 +1913,26 @@ function writeGraderDaemon() {
 }
 function writeHookScripts() {
   const bashScriptPath = join4(HOOKS_DIR, "cc-bash-judge.sh");
+  const bashFollowupScriptPath = join4(HOOKS_DIR, "cc-bash-followup.sh");
   const editCaptureScriptPath = join4(HOOKS_DIR, "cc-edit-capture.sh");
   const editPrecheckScriptPath = join4(HOOKS_DIR, "cc-edit-precheck.sh");
   const stopSummaryScriptPath = join4(HOOKS_DIR, "cc-stop-summary.sh");
   const sessionStartScriptPath = join4(HOOKS_DIR, "cc-session-start.sh");
   writeFileSync4(bashScriptPath, CC_BASH_JUDGE_SCRIPT, "utf-8");
+  writeFileSync4(bashFollowupScriptPath, CC_BASH_FOLLOWUP_SCRIPT, "utf-8");
   writeFileSync4(editCaptureScriptPath, CC_EDIT_CAPTURE_SCRIPT, "utf-8");
   writeFileSync4(editPrecheckScriptPath, CC_EDIT_PRECHECK_SCRIPT, "utf-8");
   writeFileSync4(stopSummaryScriptPath, CC_STOP_SUMMARY_SCRIPT, "utf-8");
   writeFileSync4(sessionStartScriptPath, CC_SESSION_START_SCRIPT, "utf-8");
   chmodSync(bashScriptPath, 493);
+  chmodSync(bashFollowupScriptPath, 493);
   chmodSync(editCaptureScriptPath, 493);
   chmodSync(editPrecheckScriptPath, 493);
   chmodSync(stopSummaryScriptPath, 493);
   chmodSync(sessionStartScriptPath, 493);
   return {
     bashScript: bashScriptPath,
+    bashFollowupScript: bashFollowupScriptPath,
     editCaptureScript: editCaptureScriptPath,
     editPrecheckScript: editPrecheckScriptPath,
     stopSummaryScript: stopSummaryScriptPath,
@@ -1910,7 +1962,7 @@ function writeConfigEnv(opts) {
     `SYNKRO_GATEWAY_URL=${shellQuoteSingle(safeGateway)}`,
     `SYNKRO_CREDENTIALS_PATH=${shellQuoteSingle(credsPath)}`,
     `SYNKRO_TIER=${shellQuoteSingle(safeTier)}`,
-    `SYNKRO_VERSION='1.0.0'`
+    `SYNKRO_VERSION=${shellQuoteSingle("1.0.4")}`
   ];
   if (safeUserId) lines.push(`SYNKRO_USER_ID=${shellQuoteSingle(safeUserId)}`);
   if (safeOrgId) lines.push(`SYNKRO_ORG_ID=${shellQuoteSingle(safeOrgId)}`);
@@ -1942,7 +1994,7 @@ function assertGatewayAllowed(gatewayUrl) {
   }
 }
 async function installCommand(opts = {}) {
-  const gatewayUrl = opts.gatewayUrl || process.env.SYNKRO_GATEWAY_URL || "http://localhost:8788";
+  const gatewayUrl = opts.gatewayUrl || process.env.SYNKRO_GATEWAY_URL || "https://api.synkro.sh";
   try {
     assertGatewayAllowed(gatewayUrl);
   } catch (err) {
@@ -1972,7 +2024,7 @@ async function installCommand(opts = {}) {
       }
     });
     if (!result) {
-      console.error("Authentication failed. Make sure the Synkro web app is running on http://localhost:4322 (or set SYNKRO_WEB_AUTH_URL).");
+      console.error("Authentication failed. If you are running a self-hosted dashboard, set SYNKRO_WEB_AUTH_URL to its origin.");
       process.exit(1);
     }
   }
@@ -1995,6 +2047,7 @@ async function installCommand(opts = {}) {
   const scripts = writeHookScripts();
   console.log("Wrote hook scripts:");
   console.log(`  ${scripts.bashScript}`);
+  console.log(`  ${scripts.bashFollowupScript}`);
   console.log(`  ${scripts.editCaptureScript}`);
   console.log(`  ${scripts.editPrecheckScript}`);
   console.log(`  ${scripts.stopSummaryScript}`);
@@ -2012,6 +2065,7 @@ async function installCommand(opts = {}) {
       hasClaudeCode = true;
       installCCHooks(agent.settingsPath, {
         bashJudgeScriptPath: scripts.bashScript,
+        bashFollowupScriptPath: scripts.bashFollowupScript,
         editCaptureScriptPath: scripts.editCaptureScript,
         editPrecheckScriptPath: scripts.editPrecheckScript,
         stopSummaryScriptPath: scripts.stopSummaryScript,
@@ -2233,11 +2287,15 @@ function statusCommand() {
   }
   console.log();
   const bashScript = join5(SYNKRO_DIR2, "hooks", "cc-bash-judge.sh");
+  const bashFollowupScript = join5(SYNKRO_DIR2, "hooks", "cc-bash-followup.sh");
+  const editPrecheckScript = join5(SYNKRO_DIR2, "hooks", "cc-edit-precheck.sh");
   const editCaptureScript = join5(SYNKRO_DIR2, "hooks", "cc-edit-capture.sh");
   const stopSummaryScript = join5(SYNKRO_DIR2, "hooks", "cc-stop-summary.sh");
   const sessionStartScript = join5(SYNKRO_DIR2, "hooks", "cc-session-start.sh");
   console.log("Hook scripts:");
   console.log(`  ${existsSync6(bashScript) ? "\u2713" : "\u2717"} ${bashScript}`);
+  console.log(`  ${existsSync6(bashFollowupScript) ? "\u2713" : "\u2717"} ${bashFollowupScript}`);
+  console.log(`  ${existsSync6(editPrecheckScript) ? "\u2713" : "\u2717"} ${editPrecheckScript}`);
   console.log(`  ${existsSync6(editCaptureScript) ? "\u2713" : "\u2717"} ${editCaptureScript}`);
   console.log(`  ${existsSync6(stopSummaryScript) ? "\u2713" : "\u2717"} ${stopSummaryScript}`);
   console.log(`  ${existsSync6(sessionStartScript) ? "\u2713" : "\u2717"} ${sessionStartScript}`);