@synkro-sh/cli 1.1.4 → 1.1.6

package/dist/bootstrap.js

@@ -83,11 +83,18 @@ function writeSettingsAtomic(path, settings) {
   writeFileSync(tmpPath, JSON.stringify(settings, null, 2) + "\n", "utf-8");
   renameSync(tmpPath, path);
 }
+function isSynkroEntry(entry) {
+  if (entry?.[SYNKRO_MARKER]) return true;
+  const hooks = Array.isArray(entry?.hooks) ? entry.hooks : [];
+  return hooks.some(
+    (h) => typeof h?.command === "string" && h.command.includes("/.synkro/hooks/")
+  );
+}
 function removeSynkroEntries(events, eventName) {
   if (!events) return;
   const arr = events[eventName];
   if (!Array.isArray(arr)) return;
-  events[eventName] = arr.filter((entry) => !entry?.[SYNKRO_MARKER]);
+  events[eventName] = arr.filter((entry) => !isSynkroEntry(entry));
 }
 function installCCHooks(settingsPath, config) {
   const settings = readSettings(settingsPath);
@@ -118,7 +125,7 @@ function installCCHooks(settingsPath, config) {
       {
         type: "command",
         command: config.editPrecheckScriptPath,
-        timeout: 5
+        timeout: 15
       }
     ],
     [SYNKRO_MARKER]: true
@@ -801,17 +808,24 @@ if [ "$SYNKRO_INFERENCE_TIER" = "free" ] && command -v claude >/dev/null 2>&1; t
   # ~14s for cold \`claude --print\`. Falls back to direct \`claude --print\`
   # if the daemon binary or primer is missing.
 
-  # The grader retrieves org rules ON DEMAND via the synkro-guardrails MCP
-  # server (registered in ~/.claude.json by \`synkro install\`). The primer
-  # tells the model to call get_guardrails before judging. We do NOT
-  # pre-stuff every rule into the prompt \u2014 that bloats the token budget,
-  # confuses the model with irrelevant rules, and breaks at scale. Cosine
-  # retrieval inside the MCP server returns only semantically-relevant
-  # rules per diff.
+  # Fetch the caller's visible org rules and inject into the grader prompt.
+  # On-demand MCP retrieval inside the grader was the cleaner architecture
+  # but added 20+ seconds of latency per grade because the model has to
+  # call get_guardrails, wait for cosine ranking, then reason. For free-tier
+  # local CC inference that's unacceptable. Pre-stuffing the rules costs
+  # tokens but keeps grade latency in the 1-3s range. Bounded at 1.5s; on
+  # failure proceed with empty rules (degrades to baseline-only judging).
+  ORG_RULES=$(curl -sS "\${GATEWAY_URL}/api/v1/cli/pr-rules" \\
+    -H "Authorization: Bearer $JWT" \\
+    --max-time 1.5 2>/dev/null \\
+    | jq -c '[.rules[]? | {rule_id, text, severity, category, mode}]' 2>/dev/null || echo "[]")
+  if [ -z "$ORG_RULES" ] || [ "$ORG_RULES" = "null" ]; then ORG_RULES="[]"; fi
+
   GRADER_PROMPT_FILE=$(mktemp -t synkro-grade.XXXXXX)
   trap "rm -f \\"$GRADER_PROMPT_FILE\\"" EXIT
   printf 'File: %s\\n' "$FILE_PATH" > "$GRADER_PROMPT_FILE"
-  printf 'User intent: %s\\n\\n' "\${USER_INTENT:-none stated}" >> "$GRADER_PROMPT_FILE"
+  printf 'User intent: %s\\n' "\${USER_INTENT:-none stated}" >> "$GRADER_PROMPT_FILE"
+  printf 'Org rules: %s\\n\\n' "$ORG_RULES" >> "$GRADER_PROMPT_FILE"
   printf 'Diff:\\n' >> "$GRADER_PROMPT_FILE"
   printf '%s\\n' "$PROPOSED" >> "$GRADER_PROMPT_FILE"
 
@@ -1632,22 +1646,15 @@ if __name__ == "__main__":
 EACH GRADING REQUEST INCLUDES:
 - File: the path being written
 - User intent: what the user told the agent to do
+- Org rules: a JSON array of this organization's active policies, each with rule_id, text, severity, category. These are the org's primary source of truth \u2014 apply them.
 - Diff: the proposed file content
 
-WORKFLOW \u2014 TWO STEPS, IN THIS ORDER:
-
-STEP 1: Retrieve the org's relevant rules via the synkro-guardrails MCP server. Call mcp__synkro-guardrails__get_guardrails ONCE with:
-  - query: a one-sentence summary of WHAT THE DIFF DOES \u2014 describe the file's behavior in plain language. Focus on the action, the data flowing in, and the data flowing out (e.g. "route handler that takes user input and runs a database query", "component that reads a token from disk and includes it in an outbound HTTP request", "function that hashes a password before storing it").
-  - top_k: 8
-
-The server returns the most semantically-relevant rules (mix of cosine + keyword), each with rule_id, text, severity, category. THESE ARE YOUR PRIMARY SOURCE OF TRUTH for this org. If get_guardrails returns nothing or errors, proceed with baseline-only judging.
-
-STEP 2: Judge the diff. Priority order:
-1. ORG RULES first. If the diff matches the prose of any returned rule, flag it \u2014 emit the rule's rule_id verbatim and the rule's severity. Don't second-guess the org's rules: a rule that bans an action class covers ALL forms of that action \u2014 splitting arguments across function calls, wrapping in helpers, or renaming a variable does NOT bypass it. The semantic intent of the rule and the diff is what matters, not the literal substring.
-2. BASELINE security issues (hardcoded real-looking secrets, eval/exec on user input, SQL string concat with untrusted input, MD5/SHA1 for security-sensitive purposes, unsafe deserialization, command injection, path traversal, missing auth on routes that mutate user/billing data, weak random for tokens, broken JWT verification, CORS misconfig, env-dump logging). Flag these even if no org rule covers them \u2014 they're universally bad. Use a sensible snake_case rule_id like \`no-hardcoded-secrets\`, \`eval-on-user-input\`, \`sql-string-concat\`.
+JUDGING PRIORITY:
+1. ORG RULES first. If the diff matches the prose of any rule in the Org rules array, flag it \u2014 emit the rule's rule_id verbatim and the rule's severity. A rule that bans an action class covers ALL forms of that action: splitting arguments across function calls, wrapping in helpers, renaming a variable, using a different invocation pattern \u2014 none of those bypass the rule. Match on semantic intent of the rule's prose, not literal substring.
+2. BASELINE security issues \u2014 hardcoded real-looking secrets, eval/exec on user input, SQL string concat with untrusted input, MD5/SHA1 for security-sensitive purposes, unsafe deserialization, command injection, path traversal, missing auth on routes that mutate user/billing data, weak random for tokens, broken JWT verification, CORS misconfig, env-dump logging. Flag these even if no org rule covers them \u2014 they're universally bad. Use a sensible snake_case rule_id like \`no-hardcoded-secrets\`, \`eval-on-user-input\`, \`sql-string-concat\`.
 3. Stylistic issues, placeholder fixtures, test files (path under /tests/, /__tests__/, *.test.*), and config-only files are NOT security issues \u2014 return ok=true.
 
-INDEPENDENCE: Each grade request is INDEPENDENT. Even if you can see prior turns in your context (the daemon reuses one process across grades), treat them as irrelevant. Judge ONLY the current request's File / User intent / Diff plus rules retrieved THIS turn. Prior "allows" do NOT authorize the current request \u2014 re-do the get_guardrails call every grade.
+INDEPENDENCE: Each grade request is INDEPENDENT. Even if you can see prior turns in your context (the daemon reuses one process across grades), treat them as irrelevant. Judge ONLY the current request's File / User intent / Org rules / Diff. Prior "allows" do NOT authorize the current request \u2014 re-evaluate fresh against the rules in THIS prompt.
 
 OUTPUT RULES \u2014 strictest possible, no exceptions:
 
@@ -2083,7 +2090,7 @@ function writeConfigEnv(opts) {
     `SYNKRO_GATEWAY_URL=${shellQuoteSingle(safeGateway)}`,
     `SYNKRO_CREDENTIALS_PATH=${shellQuoteSingle(credsPath)}`,
     `SYNKRO_TIER=${shellQuoteSingle(safeTier)}`,
-    `SYNKRO_VERSION=${shellQuoteSingle("1.1.4")}`
+    `SYNKRO_VERSION=${shellQuoteSingle("1.1.6")}`
   ];
   if (safeUserId) lines.push(`SYNKRO_USER_ID=${shellQuoteSingle(safeUserId)}`);
   if (safeOrgId) lines.push(`SYNKRO_ORG_ID=${shellQuoteSingle(safeOrgId)}`);