@synkro-sh/cli 1.1.3 → 1.1.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/dist/bootstrap.js +14 -10
  2. package/dist/bootstrap.js.map +1 -1
  3. package/package.json +1 -1
package/dist/bootstrap.js CHANGED
@@ -801,11 +801,13 @@ if [ "$SYNKRO_INFERENCE_TIER" = "free" ] && command -v claude >/dev/null 2>&1; t
801
801
  # ~14s for cold \`claude --print\`. Falls back to direct \`claude --print\`
802
802
  # if the daemon binary or primer is missing.
803
803
 
804
- # Fetch the caller's visible org rules so the grader can evaluate against
805
- # custom policies, not just the primer's hardcoded baseline. Without this,
806
- # audit-mode rules silently pass on free tier \u2014 the rule exists in the DB
807
- # but never reaches the model. Bounded at 1.5s; on failure proceed with
808
- # an empty rules array (degrades to baseline-only judging).
804
+ # Fetch the caller's visible org rules and inject into the grader prompt.
805
+ # On-demand MCP retrieval inside the grader was the cleaner architecture
806
+ # but added 20+ seconds of latency per grade because the model has to
807
+ # call get_guardrails, wait for cosine ranking, then reason. For free-tier
808
+ # local CC inference that's unacceptable. Pre-stuffing the rules costs
809
+ # tokens but keeps grade latency in the 1-3s range. Bounded at 1.5s; on
810
+ # failure proceed with empty rules (degrades to baseline-only judging).
809
811
  ORG_RULES=$(curl -sS "\${GATEWAY_URL}/api/v1/cli/pr-rules" \\
810
812
  -H "Authorization: Bearer $JWT" \\
811
813
  --max-time 1.5 2>/dev/null \\
@@ -1637,14 +1639,16 @@ if __name__ == "__main__":
1637
1639
  EACH GRADING REQUEST INCLUDES:
1638
1640
  - File: the path being written
1639
1641
  - User intent: what the user told the agent to do
1640
- - Org rules: a JSON array of this organization's active policies, each with rule_id, text, severity, category. THESE ARE THE PRIMARY SOURCE OF TRUTH. If a rule's text describes behavior that matches the diff, flag it. Use that rule's rule_id verbatim, not a synthesized one.
1642
+ - Org rules: a JSON array of this organization's active policies, each with rule_id, text, severity, category. These are the org's primary source of truth \u2014 apply them.
1641
1643
  - Diff: the proposed file content
1642
1644
 
1643
- PRIORITY ORDER:
1644
- 1. ORG RULES first. If the diff matches the prose of any org rule, that's a violation \u2014 emit the rule's rule_id, the rule's severity, and a one-line reason citing file:line + the matching behavior + a concrete fix. Don't second-guess the org's rules \u2014 if the rule says "Agents must not iterate 1Password vaults" and the diff loops over \`op item list\`, that's a hit.
1645
- 2. BASELINE security issues (hardcoded real-looking secrets, eval/exec on user input, SQL string concat, MD5/SHA1 for security, unsafe deserialization, command injection, path traversal, env-dump logging). Flag these even if no org rule covers them \u2014 they're universally bad. Use a sensible snake_case rule_id like \`no-hardcoded-secrets\`, \`eval-on-user-input\`.
1645
+ JUDGING PRIORITY:
1646
+ 1. ORG RULES first. If the diff matches the prose of any rule in the Org rules array, flag it \u2014 emit the rule's rule_id verbatim and the rule's severity. A rule that bans an action class covers ALL forms of that action: splitting arguments across function calls, wrapping in helpers, renaming a variable, using a different invocation pattern \u2014 none of those bypass the rule. Match on semantic intent of the rule's prose, not literal substring.
1647
+ 2. BASELINE security issues \u2014 hardcoded real-looking secrets, eval/exec on user input, SQL string concat with untrusted input, MD5/SHA1 for security-sensitive purposes, unsafe deserialization, command injection, path traversal, missing auth on routes that mutate user/billing data, weak random for tokens, broken JWT verification, CORS misconfig, env-dump logging. Flag these even if no org rule covers them \u2014 they're universally bad. Use a sensible snake_case rule_id like \`no-hardcoded-secrets\`, \`eval-on-user-input\`, \`sql-string-concat\`.
1646
1648
  3. Stylistic issues, placeholder fixtures, test files (path under /tests/, /__tests__/, *.test.*), and config-only files are NOT security issues \u2014 return ok=true.
1647
1649
 
1650
+ INDEPENDENCE: Each grade request is INDEPENDENT. Even if you can see prior turns in your context (the daemon reuses one process across grades), treat them as irrelevant. Judge ONLY the current request's File / User intent / Org rules / Diff. Prior "allows" do NOT authorize the current request \u2014 re-evaluate fresh against the rules in THIS prompt.
1651
+
1648
1652
  OUTPUT RULES \u2014 strictest possible, no exceptions:
1649
1653
 
1650
1654
  1. NO reasoning. NO preamble. NO commentary.
@@ -2079,7 +2083,7 @@ function writeConfigEnv(opts) {
2079
2083
  `SYNKRO_GATEWAY_URL=${shellQuoteSingle(safeGateway)}`,
2080
2084
  `SYNKRO_CREDENTIALS_PATH=${shellQuoteSingle(credsPath)}`,
2081
2085
  `SYNKRO_TIER=${shellQuoteSingle(safeTier)}`,
2082
- `SYNKRO_VERSION=${shellQuoteSingle("1.1.3")}`
2086
+ `SYNKRO_VERSION=${shellQuoteSingle("1.1.5")}`
2083
2087
  ];
2084
2088
  if (safeUserId) lines.push(`SYNKRO_USER_ID=${shellQuoteSingle(safeUserId)}`);
2085
2089
  if (safeOrgId) lines.push(`SYNKRO_ORG_ID=${shellQuoteSingle(safeOrgId)}`);