@synkro-sh/cli 1.1.7 → 1.1.8

package/dist/bootstrap.js

@@ -815,9 +815,12 @@ if [ "$SYNKRO_INFERENCE_TIER" = "free" ] && command -v claude >/dev/null 2>&1; t
   # local CC inference that's unacceptable. Pre-stuffing the rules costs
   # tokens but keeps grade latency in the 1-3s range. Bounded at 1.5s; on
   # failure proceed with empty rules (degrades to baseline-only judging).
-  ORG_RULES=$(curl -sS "\${GATEWAY_URL}/api/v1/cli/pr-rules" \\
+  ORG_RULES=$(printf '%s' "$PROPOSED" | head -c 8000 \\
+    | jq -Rs '{content: .}' \\
+    | curl -sS "\${GATEWAY_URL}/api/v1/cli/pr-rules?top_k=20" \\
+    -X POST -H "Content-Type: application/json" \\
     -H "Authorization: Bearer $JWT" \\
-    --max-time 1.5 2>/dev/null \\
+    -d @- --max-time 2 2>/dev/null \\
     | jq -c '[.rules[]? | {rule_id, text, severity, category, mode}]' 2>/dev/null || echo "[]")
   if [ -z "$ORG_RULES" ] || [ "$ORG_RULES" = "null" ]; then ORG_RULES="[]"; fi
 
@@ -1262,16 +1265,18 @@ if [ -z "$RESP" ]; then
   exit 0
 fi
 
+PLAN_NUDGE="Before implementing any multi-step plan, call the synkro-guardrails analyze_plan tool with your implementation plan to check for relevant org coding rules."
+
 OPEN=$(echo "$RESP" | jq -r '.open_count // 0' 2>/dev/null)
 if [ "$OPEN" = "0" ] || [ -z "$OPEN" ]; then
-  echo '{}'
+  jq -n --arg sys_msg "[synkro] $PLAN_NUDGE" '{ systemMessage: $sys_msg }'
   exit 0
 fi
 
 if [ "$OPEN" = "1" ]; then
-  SYS_MSG="[synkro] session start \u2192 1 open finding in this repo from a prior session"
+  SYS_MSG="[synkro] session start \u2192 1 open finding in this repo from a prior session. $PLAN_NUDGE"
 else
-  SYS_MSG="[synkro] session start \u2192 \${OPEN} open findings in this repo from prior sessions"
+  SYS_MSG="[synkro] session start \u2192 \${OPEN} open findings in this repo from prior sessions. $PLAN_NUDGE"
 fi
 
 jq -n --arg sys_msg "$SYS_MSG" '{ systemMessage: $sys_msg }'
@@ -1329,15 +1334,14 @@ var init_graderDaemon = __esm({
     "use strict";
     GRADER_DAEMON_PY = `#!/usr/bin/env python3
 """
-Synkro grader daemon \u2014 long-lived \`claude --print\` process with stream-json
-IPC, fronted by a Unix socket. Hook scripts ship grading prompts to it; it
-returns the assistant's response text. ONE CC startup (~3.5s) amortizes
-across N gradings.
+Synkro warm-pool grader \u2014 pre-warmed \`claude --print --system-prompt\` process
+pool fronted by a Unix socket. Each grade uses one warm process and kills it;
+a replacement is pre-warmed in the background.
+
+Zero context bloat: 1 grade per process, system prompt via --system-prompt flag
+(single inference call, no primer-as-conversation-turn overhead).
 
-Session bloat is bounded: the daemon rotates its claude subprocess every
-ROTATION_CALLS (default 10) gradings or ROTATION_AGE_SEC (default 1h),
-whichever comes first. Each rotation eats a one-time ~5s primer cost; calls
-in between target ~2-3s steady-state.
+Warm steady-state: ~2-3s per grade. Cold fallback: ~5-6s if pre-warm not ready.
 
 Commands:
   start [primer-path]  - bring up daemon if not running
@@ -1346,13 +1350,10 @@ Commands:
   status               - print "running"/"stopped"
 """
 
-import os, sys, json, socket, time, atexit, signal, fcntl, re
+import os, sys, json, socket, time, signal, fcntl, re
 import subprocess, threading
 from pathlib import Path
 
-# Each "mode" gets its own daemon process: separate socket, pid, log.
-# Modes: "edit" (precheck + post-edit, schema {ok, severity, ...}) and "bash"
-# (schema {verdict, severity, ...}). Selected via --mode <name>; default "edit".
 ALLOWED_MODE_RE = re.compile(r"^[a-z][a-z0-9_-]{0,30}$")
 DAEMON_BASE = Path.home() / ".synkro" / "daemon"
 DAEMON_BASE.mkdir(parents=True, exist_ok=True, mode=0o700)
@@ -1365,11 +1366,10 @@ def mode_paths(mode):
 MODE = "edit"
 PID_FILE, SOCK_PATH, LOG_FILE = mode_paths(MODE)
 
-ROTATION_CALLS = int(os.environ.get("SYNKRO_DAEMON_ROTATE_CALLS", "10"))
-ROTATION_AGE_SEC = int(os.environ.get("SYNKRO_DAEMON_ROTATE_AGE", "3600"))
-GRADE_TIMEOUT_SEC = int(os.environ.get("SYNKRO_DAEMON_GRADE_TIMEOUT", "10"))
+GRADE_TIMEOUT_SEC = int(os.environ.get("SYNKRO_DAEMON_GRADE_TIMEOUT", "45"))
 DEFAULT_MODEL = os.environ.get("SYNKRO_DAEMON_MODEL", "claude-sonnet-4-6")
 MAX_PROMPT_BYTES = 4 * 1024 * 1024
+IDLE_SHUTDOWN_SEC = int(os.environ.get("SYNKRO_DAEMON_IDLE_TIMEOUT", "600"))
 
 
 def log(msg):
@@ -1380,146 +1380,139 @@ def log(msg):
         pass
 
 
-PREWARM_HEADROOM = 4
+def _read_response(proc, timeout=45):
+    acc = []
+    deadline = time.time() + timeout
+    while True:
+        if time.time() > deadline:
+            log("read timeout")
+            return ""
+        line = proc.stdout.readline()
+        if not line:
+            return ""
+        try:
+            obj = json.loads(line)
+        except json.JSONDecodeError:
+            continue
+        t = obj.get("type")
+        if t == "assistant":
+            for c in obj.get("message", {}).get("content", []):
+                if c.get("type") == "text":
+                    acc.append(c["text"])
+        elif t == "result":
+            return "".join(acc)
+
+
+def _send_msg(proc, text):
+    msg = json.dumps({
+        "type": "user",
+        "message": {"role": "user", "content": [{"type": "text", "text": text}]},
+        "parent_tool_use_id": None,
+        "session_id": "",
+    })
+    proc.stdin.write(msg + "\\n")
+    proc.stdin.flush()
+
 
-class GraderDaemon:
+class WarmGrader:
+    """
+    Keeps one pre-warmed claude process ready. Each grade pulls the warm
+    process, sends one prompt, reads the verdict, kills the process, and
+    starts pre-warming a replacement in the background.
+
+    The warm process has the system prompt loaded via --system-prompt and
+    its KV cache primed by a warmup turn. The actual grade is a single
+    inference call that benefits from the cached system prompt tokens.
+    """
     def __init__(self, primer):
         self.primer = primer or ""
-        self.proc = None
-        self.calls = 0
-        self.start_time = 0.0
-        self.lock = threading.Lock()
-        self._next_proc = None
-        self._prewarm_thread = None
-        self._spawn()
+        self._warm_proc = None
+        self._warm_thread = None
+        self._lock = threading.Lock()
+        self._total_grades = 0
+        self._start_prewarm()
 
     def _make_proc(self):
+        cmd = [
+            "claude", "--print", "--model", DEFAULT_MODEL,
+            "--input-format=stream-json",
+            "--output-format=stream-json",
+            "--verbose",
+            "--no-session-persistence",
+        ]
+        if self.primer:
+            cmd += ["--system-prompt", self.primer]
         return subprocess.Popen(
-            [
-                "claude", "--print", "--model", DEFAULT_MODEL,
-                "--input-format=stream-json",
-                "--output-format=stream-json",
-                "--verbose",
-                "--no-session-persistence",
-            ],
+            cmd,
             stdin=subprocess.PIPE, stdout=subprocess.PIPE,
             stderr=subprocess.DEVNULL, text=True, bufsize=1,
         )
 
-    def _send_to(self, proc, text):
-        msg = json.dumps({
-            "type": "user",
-            "message": {"role": "user", "content": [{"type": "text", "text": text}]},
-            "parent_tool_use_id": None,
-            "session_id": "",
-        })
-        proc.stdin.write(msg + "\\n")
-        proc.stdin.flush()
-
-    def _recv_from(self, proc):
-        acc = []
-        deadline = time.time() + GRADE_TIMEOUT_SEC
-        while True:
-            if time.time() > deadline:
-                log("recv timeout")
-                return ""
-            line = proc.stdout.readline()
-            if not line:
-                return ""
-            try:
-                obj = json.loads(line)
-            except json.JSONDecodeError:
-                continue
-            t = obj.get("type")
-            if t == "assistant":
-                for c in obj.get("message", {}).get("content", []):
-                    if c.get("type") == "text":
-                        acc.append(c["text"])
-            elif t == "result":
-                return "".join(acc)
-
-    def _spawn(self):
-        if self.proc and self.proc.poll() is None:
-            try: self.proc.terminate(); self.proc.wait(timeout=3)
-            except Exception: self.proc.kill()
-        log("spawning claude subprocess")
-        self.proc = self._make_proc()
-        if self.primer:
-            self._send_to(self.proc, self.primer)
-            primer_resp = self._recv_from(self.proc)
-            log(f"primer ack: {primer_resp[:80]!r}")
-        self.calls = 0
-        self.start_time = time.time()
-        self._next_proc = None
-
-    def _prewarm_worker(self):
+    def _kill_proc(self, proc):
+        try: proc.stdin.close()
+        except Exception: pass
+        try: proc.kill(); proc.wait(timeout=2)
+        except Exception: pass
+
+    def _prewarm(self):
         try:
-            log("pre-warming next subprocess")
+            log("pre-warming process")
             proc = self._make_proc()
-            if self.primer:
-                self._send_to(proc, self.primer)
-                resp = self._recv_from(proc)
-                log(f"pre-warm ack: {resp[:80]!r}")
-            self._next_proc = proc
-            log("pre-warm ready")
+            _send_msg(proc, "Ready")
+            resp = _read_response(proc, timeout=30)
+            if resp:
+                with self._lock:
+                    old = self._warm_proc
+                    self._warm_proc = proc
+                if old:
+                    self._kill_proc(old)
+                log(f"pre-warm ready ({len(resp)} chars)")
+            else:
+                log("pre-warm response empty")
+                self._kill_proc(proc)
         except Exception as e:
             log(f"pre-warm failed: {e}")
-            self._next_proc = None
-
-    def _maybe_prewarm(self):
-        if self._prewarm_thread and self._prewarm_thread.is_alive():
-            return
-        if self._next_proc is not None:
-            return
-        if self.calls >= ROTATION_CALLS - PREWARM_HEADROOM:
-            self._prewarm_thread = threading.Thread(target=self._prewarm_worker, daemon=True)
-            self._prewarm_thread.start()
-
-    def _try_rotate(self):
-        if self._next_proc and self._next_proc.poll() is None:
-            log("hot-swapping to pre-warmed subprocess")
-            old = self.proc
-            self.proc = self._next_proc
-            self._next_proc = None
-            self._prewarm_thread = None
-            self.calls = 0
-            self.start_time = time.time()
-            if old and old.poll() is None:
-                threading.Thread(target=lambda: (old.terminate(), old.wait()), daemon=True).start()
-            return True
-        log("pre-warm not ready, deferring rotation")
-        return False
 
-    def _send(self, text):
+    def _start_prewarm(self):
+        self._warm_thread = threading.Thread(target=self._prewarm, daemon=True)
+        self._warm_thread.start()
+
+    def grade(self, prompt):
+        if self._warm_thread:
+            self._warm_thread.join(timeout=60)
+
+        with self._lock:
+            proc = self._warm_proc
+            self._warm_proc = None
+
+        warm = True
+        if not proc or proc.poll() is not None:
+            log("no warm process, cold fallback")
+            proc = self._make_proc()
+            warm = False
+
+        t0 = time.time()
         try:
-            self._send_to(self.proc, text)
-        except (BrokenPipeError, OSError) as e:
-            log(f"send broke: {e}; respawn")
-            self._spawn()
-            self._send_to(self.proc, text)
-
-    def _recv(self):
-        resp = self._recv_from(self.proc)
-        if not resp and (not self.proc or self.proc.poll() is not None):
-            log("subprocess died; respawn")
-            self._spawn()
+            _send_msg(proc, prompt)
+            resp = _read_response(proc, timeout=GRADE_TIMEOUT_SEC)
+        except Exception as e:
+            log(f"grade error: {e}")
+            resp = ""
+        finally:
+            self._kill_proc(proc)
+
+        elapsed = (time.time() - t0) * 1000
+        self._total_grades += 1
+        log(f"grade #{self._total_grades} {'warm' if warm else 'cold'} elapsed={elapsed:.0f}ms resp={len(resp)}ch")
+
+        self._start_prewarm()
         return resp
 
-    def grade(self, prompt):
-        with self.lock:
-            t0 = time.time()
-            self._send(prompt)
-            resp = self._recv()
-            elapsed = (time.time() - t0) * 1000
-            self.calls += 1
-            log(f"grade #{self.calls} elapsed={elapsed:.0f}ms resp_chars={len(resp)}")
-            age = time.time() - self.start_time
-            if self.calls >= ROTATION_CALLS or age >= ROTATION_AGE_SEC:
-                if not self._try_rotate():
-                    self._maybe_prewarm()
-            else:
-                self._maybe_prewarm()
-            return resp
+    def shutdown(self):
+        with self._lock:
+            if self._warm_proc:
+                self._kill_proc(self._warm_proc)
+                self._warm_proc = None
 
 
 def serve(primer):
@@ -1533,7 +1526,7 @@ def serve(primer):
     os.write(pid_fd, f"{os.getpid()}\\n".encode())
     os.fsync(pid_fd)
 
-    daemon = GraderDaemon(primer)
+    grader = WarmGrader(primer)
 
     if SOCK_PATH.exists():
         SOCK_PATH.unlink()
@@ -1547,24 +1540,30 @@ def serve(primer):
         except Exception: pass
         try: PID_FILE.unlink()
         except Exception: pass
-        try: daemon.proc and daemon.proc.terminate()
-        except Exception: pass
+        grader.shutdown()
         sys.exit(0)
     signal.signal(signal.SIGTERM, cleanup)
     signal.signal(signal.SIGINT, cleanup)
 
-    log(f"daemon ready model={DEFAULT_MODEL} sock={SOCK_PATH}")
+    log(f"daemon ready model={DEFAULT_MODEL} idle_shutdown={IDLE_SHUTDOWN_SEC}s sock={SOCK_PATH}")
 
+    last_activity = time.time()
+    sock.settimeout(30)
     while True:
         try:
             conn, _ = sock.accept()
-            threading.Thread(target=_handle_conn, args=(conn, daemon), daemon=True).start()
+            last_activity = time.time()
+            threading.Thread(target=_handle_conn, args=(conn, grader), daemon=True).start()
+        except socket.timeout:
+            if time.time() - last_activity > IDLE_SHUTDOWN_SEC:
+                log(f"idle for {IDLE_SHUTDOWN_SEC}s, shutting down")
+                cleanup()
         except Exception as e:
             log(f"accept error: {e}")
             time.sleep(0.1)
 
 
-def _handle_conn(conn, daemon):
+def _handle_conn(conn, grader):
     try:
         with conn:
             length_bytes = b""
@@ -1581,7 +1580,7 @@ def _handle_conn(conn, daemon):
                 chunk = conn.recv(min(65536, length - len(prompt)))
                 if not chunk: break
                 prompt += chunk
-            response = daemon.grade(prompt.decode("utf-8", errors="replace"))
+            response = grader.grade(prompt.decode("utf-8", errors="replace"))
             resp_bytes = response.encode("utf-8")
             conn.sendall(len(resp_bytes).to_bytes(8, "big"))
             conn.sendall(resp_bytes)
@@ -1708,7 +1707,7 @@ JUDGING PRIORITY:
 2. BASELINE security issues \u2014 hardcoded real-looking secrets, eval/exec on user input, SQL string concat with untrusted input, MD5/SHA1 for security-sensitive purposes, unsafe deserialization, command injection, path traversal, missing auth on routes that mutate user/billing data, weak random for tokens, broken JWT verification, CORS misconfig, env-dump logging. Flag these even if no org rule covers them \u2014 they're universally bad. Use a sensible snake_case rule_id like \`no-hardcoded-secrets\`, \`eval-on-user-input\`, \`sql-string-concat\`.
 3. Stylistic issues, placeholder fixtures, test files (path under /tests/, /__tests__/, *.test.*), and config-only files are NOT security issues \u2014 return ok=true.
 
-INDEPENDENCE: Each grade request is INDEPENDENT. Even if you can see prior turns in your context (the daemon reuses one process across grades), treat them as irrelevant. Judge ONLY the current request's File / User intent / Org rules / Diff. Prior "allows" do NOT authorize the current request \u2014 re-evaluate fresh against the rules in THIS prompt.
+INDEPENDENCE: Each grade request is INDEPENDENT. Judge ONLY the current request's File / User intent / Org rules / Diff. Prior "allows" do NOT authorize the current request \u2014 re-evaluate fresh against the rules in THIS prompt.
 
 OUTPUT RULES \u2014 strictest possible, no exceptions:
 
@@ -2144,7 +2143,7 @@ function writeConfigEnv(opts) {
     `SYNKRO_GATEWAY_URL=${shellQuoteSingle(safeGateway)}`,
     `SYNKRO_CREDENTIALS_PATH=${shellQuoteSingle(credsPath)}`,
     `SYNKRO_TIER=${shellQuoteSingle(safeTier)}`,
-    `SYNKRO_VERSION=${shellQuoteSingle("1.1.7")}`
+    `SYNKRO_VERSION=${shellQuoteSingle("1.1.8")}`
   ];
   if (safeUserId) lines.push(`SYNKRO_USER_ID=${shellQuoteSingle(safeUserId)}`);
   if (safeOrgId) lines.push(`SYNKRO_ORG_ID=${shellQuoteSingle(safeOrgId)}`);
@@ -2269,6 +2268,17 @@ async function installCommand(opts = {}) {
   console.log(`  ${scripts.sessionStartScript}
 `);
   writeGraderDaemon();
+  for (const mode of ["edit", "bash"]) {
+    const pidFile = join4(SYNKRO_DIR, "daemon", mode, "daemon.pid");
+    try {
+      const pid = parseInt(readFileSync4(pidFile, "utf-8").trim(), 10);
+      if (pid > 0) {
+        process.kill(pid, "SIGTERM");
+        console.log(`Stopped stale ${mode} daemon (pid ${pid})`);
+      }
+    } catch {
+    }
+  }
   console.log("Wrote local-tier grader daemon:");
   console.log(`  ${GRADER_DAEMON_PATH}`);
   console.log(`  ${GRADER_PRIMER_EDIT_PATH}`);