@synkro-sh/cli 1.1.1 → 1.1.2

package/dist/bootstrap.js

@@ -800,10 +800,23 @@ if [ "$SYNKRO_INFERENCE_TIER" = "free" ] && command -v claude >/dev/null 2>&1; t
   # and gets the verdict text back. Steady-state ~1.5\u20133s per grading vs
   # ~14s for cold \`claude --print\`. Falls back to direct \`claude --print\`
   # if the daemon binary or primer is missing.
+
+  # Fetch the caller's visible org rules so the grader can evaluate against
+  # custom policies, not just the primer's hardcoded baseline. Without this,
+  # audit-mode rules silently pass on free tier \u2014 the rule exists in the DB
+  # but never reaches the model. Bounded at 1.5s; on failure proceed with
+  # an empty rules array (degrades to baseline-only judging).
+  ORG_RULES=$(curl -sS "\${GATEWAY_URL}/api/v1/cli/pr-rules" \\
+    -H "Authorization: Bearer $JWT" \\
+    --max-time 1.5 2>/dev/null \\
+    | jq -c '[.rules[]? | {rule_id, text, severity, category, mode}]' 2>/dev/null || echo "[]")
+  if [ -z "$ORG_RULES" ] || [ "$ORG_RULES" = "null" ]; then ORG_RULES="[]"; fi
+
   GRADER_PROMPT_FILE=$(mktemp -t synkro-grade.XXXXXX)
   trap "rm -f \\"$GRADER_PROMPT_FILE\\"" EXIT
   printf 'File: %s\\n' "$FILE_PATH" > "$GRADER_PROMPT_FILE"
-  printf 'User intent: %s\\n\\n' "\${USER_INTENT:-none stated}" >> "$GRADER_PROMPT_FILE"
+  printf 'User intent: %s\\n' "\${USER_INTENT:-none stated}" >> "$GRADER_PROMPT_FILE"
+  printf 'Org rules: %s\\n\\n' "$ORG_RULES" >> "$GRADER_PROMPT_FILE"
   printf 'Diff:\\n' >> "$GRADER_PROMPT_FILE"
   printf '%s\\n' "$PROPOSED" >> "$GRADER_PROMPT_FILE"
 
@@ -1613,6 +1626,17 @@ if __name__ == "__main__":
 `;
     GRADER_PRIMER_EDIT = `You are Synkro's security pre-check grader. You will be given proposed file diffs from an AI coding agent. For each one, decide whether it has security issues \u2014 possibly multiple distinct ones in the same diff.
 
+EACH GRADING REQUEST INCLUDES:
+- File: the path being written
+- User intent: what the user told the agent to do
+- Org rules: a JSON array of this organization's active policies, each with rule_id, text, severity, category. THESE ARE THE PRIMARY SOURCE OF TRUTH. If a rule's text describes behavior that matches the diff, flag it. Use that rule's rule_id verbatim, not a synthesized one.
+- Diff: the proposed file content
+
+PRIORITY ORDER:
+1. ORG RULES first. If the diff matches the prose of any org rule, that's a violation \u2014 emit the rule's rule_id, the rule's severity, and a one-line reason citing file:line + the matching behavior + a concrete fix. Don't second-guess the org's rules \u2014 if the rule says "Agents must not iterate 1Password vaults" and the diff loops over \`op item list\`, that's a hit.
+2. BASELINE security issues (hardcoded real-looking secrets, eval/exec on user input, SQL string concat, MD5/SHA1 for security, unsafe deserialization, command injection, path traversal, env-dump logging). Flag these even if no org rule covers them \u2014 they're universally bad. Use a sensible snake_case rule_id like \`no-hardcoded-secrets\`, \`eval-on-user-input\`.
+3. Stylistic issues, placeholder fixtures, test files (path under /tests/, /__tests__/, *.test.*), and config-only files are NOT security issues \u2014 return ok=true.
+
 OUTPUT RULES \u2014 strictest possible, no exceptions:
 
 1. NO reasoning. NO preamble. NO commentary.
@@ -1620,7 +1644,7 @@ OUTPUT RULES \u2014 strictest possible, no exceptions:
 3. JSON shape:
    {"ok": true | false,
     "violations": [
-      {"rule_id": "<short snake_case slug, e.g. no-hardcoded-secrets>",
+      {"rule_id": "<rule_id from Org rules if matched, else short snake_case slug>",
        "severity": "low" | "medium" | "high" | "critical",
        "category": "<short snake_case>",
        "reason": "<= 25 words, file:line + issue + fix",
@@ -1633,6 +1657,8 @@ ok=false \u2192 list EVERY distinct violation. A diff that hardcodes a Stripe ke
 
 ONE VIOLATION = ONE ENTRY. If the same line/issue can be described multiple ways ("uses concat", "missing $1 placeholder", "not parameterized"), pick the most specific rule_id and write a single entry. Multiple entries are warranted only when the diff has multiple INDEPENDENTLY-FIXABLE issues.
 
+ORG RULE PRECEDENCE: when an org rule matches, use ITS rule_id and severity verbatim \u2014 never override "critical" down to "medium" because the diff seems mild, and never invent your own rule_id when an org rule applies. The user authored those rules for a reason.
+
 Reply with exactly: <synkro-verdict>{"ok":true,"violations":[]}</synkro-verdict>
 `;
     GRADER_PRIMER_BASH = `You are Synkro's bash command safety judge for AI coding agents. You will be given a proposed shell command, the user's most recent stated intent, the last 3-5 user-role messages from the chat (oldest first, JSON array under "Recent user messages"), and recent agent actions. Decide whether to allow or warn.
@@ -2045,7 +2071,7 @@ function writeConfigEnv(opts) {
     `SYNKRO_GATEWAY_URL=${shellQuoteSingle(safeGateway)}`,
     `SYNKRO_CREDENTIALS_PATH=${shellQuoteSingle(credsPath)}`,
     `SYNKRO_TIER=${shellQuoteSingle(safeTier)}`,
-    `SYNKRO_VERSION=${shellQuoteSingle("1.1.1")}`
+    `SYNKRO_VERSION=${shellQuoteSingle("1.1.2")}`
   ];
   if (safeUserId) lines.push(`SYNKRO_USER_ID=${shellQuoteSingle(safeUserId)}`);
   if (safeOrgId) lines.push(`SYNKRO_ORG_ID=${shellQuoteSingle(safeOrgId)}`);