@synkro-sh/cli 1.1.8 → 1.2.0

package/dist/bootstrap.js

@@ -301,6 +301,8 @@ var init_hookScripts = __esm({
 # Auth: reads access_token from ~/.synkro/credentials.json, sends Authorization: Bearer.
 set -e
 
+synkro_log() { echo "[synkro] $1" >&2; }
+
 # Load config
 CONFIG_FILE="$HOME/.synkro/config.env"
 if [ -f "$CONFIG_FILE" ]; then
@@ -315,11 +317,13 @@ CREDS_PATH="\${SYNKRO_CREDENTIALS_PATH:-$HOME/.synkro/credentials.json}"
 
 # Fail open if not authed
 if [ ! -f "$CREDS_PATH" ]; then
+
   echo '{}'
   exit 0
 fi
 JWT=$(jq -r '.access_token // empty' "$CREDS_PATH" 2>/dev/null)
 if [ -z "$JWT" ]; then
+
   echo '{}'
   exit 0
 fi
@@ -344,6 +348,9 @@ if [ -z "$COMMAND" ]; then
   exit 0
 fi
 
+CMD_SHORT=$(printf '%s' "$COMMAND" | head -c 80)
+synkro_log "bashGuard checking: $CMD_SHORT"
+
 # NO hard regex gate \u2014 server-side bashShapes runs the universal pattern set
 # (including HTTP-payload destructive shapes like graphql_destructive_mutation
 # and http_method_delete) and returns a "trivial" fast-path verdict for boring
@@ -357,6 +364,14 @@ SESSION_ID=$(echo "$PAYLOAD" | jq -r '.session_id // empty' 2>/dev/null)
 TOOL_USE_ID=$(echo "$PAYLOAD" | jq -r '.tool_use_id // empty' 2>/dev/null)
 CWD=$(echo "$PAYLOAD" | jq -r '.cwd // empty' 2>/dev/null)
 TOOL_INPUT=$(echo "$PAYLOAD" | jq -c '.tool_input // {}' 2>/dev/null)
+# Detect git remote origin \u2192 repo identity (e.g. "owner/repo")
+GIT_REPO=""
+if command -v git >/dev/null 2>&1; then
+  _REMOTE=$(git -C "\${CWD:-.}" remote get-url origin 2>/dev/null || true)
+  if [ -n "$_REMOTE" ]; then
+    GIT_REPO=$(echo "$_REMOTE" | sed -E 's|^git@[^:]+:||; s|^https?://[^/]+/||; s|\\.git$||')
+  fi
+fi
 # Headless detection \u2014 when no human is in the loop, ASK is a no-op so we
 # fail-closed by upgrading high-tier findings to deny.
 PERMISSION_MODE=$(echo "$PAYLOAD" | jq -r '.permission_mode // empty' 2>/dev/null)
@@ -404,6 +419,7 @@ BODY=$(jq -n \\
   --arg session_id "$SESSION_ID" \\
   --arg tool_use_id "$TOOL_USE_ID" \\
   --arg cwd "$CWD" \\
+  --arg repo "$GIT_REPO" \\
   '{
     kind: "bash_judge",
     tool_input: $tool_input,
@@ -412,7 +428,8 @@ BODY=$(jq -n \\
     recent_actions: $recent_actions,
     session_id: (if ($session_id | length) > 0 then $session_id else null end),
     tool_use_id: (if ($tool_use_id | length) > 0 then $tool_use_id else null end),
-    cwd: (if ($cwd | length) > 0 then $cwd else null end)
+    cwd: (if ($cwd | length) > 0 then $cwd else null end),
+    repo: (if ($repo | length) > 0 then $repo else null end)
   }')
 
 # Helper: refresh JWT via /api/auth/refresh and rewrite credentials.json.
@@ -464,28 +481,45 @@ if [ -z "$SYNKRO_INFERENCE_TIER" ]; then
 fi
 SYNKRO_INFERENCE_TIER="\${SYNKRO_INFERENCE_TIER:-free}"
 
+
 if [ "$SYNKRO_INFERENCE_TIER" = "free" ] && command -v claude >/dev/null 2>&1; then
   # \u2500\u2500\u2500 FREE TIER: grade via the persistent claude daemon (mode=bash). \u2500\u2500\u2500
+
+  # Fetch org guardrail rules relevant to this command (same as edit hook).
+  ORG_RULES=$(printf '%s' "$COMMAND" | head -c 4000 \\
+    | jq -Rs '{content: .}' \\
+    | curl -sS "\${GATEWAY_URL}/api/v1/cli/pr-rules?top_k=15" \\
+    -X POST -H "Content-Type: application/json" \\
+    -H "Authorization: Bearer $JWT" \\
+    -d @- --max-time 2 2>/dev/null \\
+    | jq -c '[.rules[]? | {rule_id, text, severity, category}]' 2>/dev/null || echo "[]")
+  if [ -z "$ORG_RULES" ] || [ "$ORG_RULES" = "null" ]; then ORG_RULES="[]"; fi
+
   GRADER_PROMPT_FILE=$(mktemp -t synkro-bash-prompt.XXXXXX)
   trap "rm -f \\"$GRADER_PROMPT_FILE\\"" EXIT
   printf 'Proposed command: %s\\n' "$COMMAND" > "$GRADER_PROMPT_FILE"
   printf 'User intent: %s\\n' "\${USER_INTENT:-none stated}" >> "$GRADER_PROMPT_FILE"
   printf 'Recent user messages: %s\\n' "$RECENT_USER_MESSAGES" >> "$GRADER_PROMPT_FILE"
   printf 'Recent actions: %s\\n' "$RECENT_ACTIONS" >> "$GRADER_PROMPT_FILE"
+  printf 'Org rules: %s\\n\\n' "$ORG_RULES" >> "$GRADER_PROMPT_FILE"
 
   if [ -x "$HOME/.synkro/bin/grader_daemon.py" ] && [ -f "$HOME/.synkro/grader-primer-bash.txt" ] && command -v python3 >/dev/null 2>&1; then
+
     CC_RESP=$(python3 "$HOME/.synkro/bin/grader_daemon.py" --mode bash grade "$HOME/.synkro/grader-primer-bash.txt" < "$GRADER_PROMPT_FILE" 2>/dev/null || echo "")
   else
+
     CC_RESP=$(claude --print --model claude-sonnet-4-6 --no-session-persistence < "$GRADER_PROMPT_FILE" 2>/dev/null || echo "")
   fi
   V_INNER=$(printf '%s' "$CC_RESP" | tr '\\n' ' ' | grep -oE '<synkro-verdict>[^<]*</synkro-verdict>' | tail -1 | sed -E 's|^<synkro-verdict>||; s|</synkro-verdict>$||')
   if [ -z "$V_INNER" ] || ! echo "$V_INNER" | jq -e '.severity' >/dev/null 2>&1; then
+    synkro_log "bashGuard $CMD_SHORT \u2192 error (no verdict)"
     echo '{}'
     exit 0
   fi
   VERDICT="$V_INNER"
 else
   # \u2500\u2500\u2500 FAST TIER: server-side Cerebras grading. \u2500\u2500\u2500
+
   VERDICT=$(curl -sS -X POST "\${GATEWAY_URL}/api/v1/judge" \\
     -H "Content-Type: application/json" \\
     -H "Authorization: Bearer $JWT" \\
@@ -493,6 +527,7 @@ else
     --max-time 6 2>/dev/null || echo "")
 
   if echo "$VERDICT" | grep -qE '"detail":"Token has expired|"detail":"Invalid or expired token'; then
+
     if refresh_jwt; then
       VERDICT=$(curl -sS -X POST "\${GATEWAY_URL}/api/v1/judge" \\
         -H "Content-Type: application/json" \\
@@ -504,6 +539,7 @@ else
 fi
 
 if [ -z "$VERDICT" ]; then
+  synkro_log "bashGuard $CMD_SHORT \u2192 error (timeout)"
   echo '{}'
   exit 0
 fi
@@ -529,6 +565,7 @@ CATEGORY=$(echo "$VERDICT" | jq -r '.category // "destructive_command"' 2>/dev/n
 
 case "$SEVERITY" in
   critical)
+    synkro_log "bashGuard $CMD_SHORT \u2192 BLOCKED ($CATEGORY): $REASONING"
     SYS_MSG="[synkro] bashGuard \u2192 critical: \${REASONING}"
     if [ -n "$ALTERNATIVE" ] && [ "$ALTERNATIVE" != "null" ]; then
       SYS_MSG="\${SYS_MSG}\\n[synkro] suggested \u2192 \${ALTERNATIVE}"
@@ -553,6 +590,7 @@ case "$SEVERITY" in
       }'
     ;;
   high)
+    synkro_log "bashGuard $CMD_SHORT \u2192 FLAGGED ($CATEGORY): $REASONING"
     SYS_MSG="[synkro] bashGuard \u2192 high: \${REASONING}"
     if [ -n "$ALTERNATIVE" ] && [ "$ALTERNATIVE" != "null" ]; then
       SYS_MSG="\${SYS_MSG}\\n[synkro] suggested \u2192 \${ALTERNATIVE}"
@@ -584,6 +622,7 @@ case "$SEVERITY" in
     ;;
   *)
     # low / medium / anything else \u2192 silent allow
+    synkro_log "bashGuard $CMD_SHORT \u2192 pass"
     echo '{}'
     ;;
 esac
@@ -605,6 +644,8 @@ exit 0
 # Always exits 0 with valid JSON. Fails open on any error.
 set -e
 
+synkro_log() { echo "[synkro] $1" >&2; }
+
 CONFIG_FILE="$HOME/.synkro/config.env"
 if [ -f "$CONFIG_FILE" ]; then
   set -a
@@ -643,6 +684,14 @@ SESSION_ID=$(echo "$PAYLOAD" | jq -r '.session_id // empty' 2>/dev/null)
 TOOL_USE_ID=$(echo "$PAYLOAD" | jq -r '.tool_use_id // empty' 2>/dev/null)
 CWD=$(echo "$PAYLOAD" | jq -r '.cwd // empty' 2>/dev/null)
 TRANSCRIPT_PATH=$(echo "$PAYLOAD" | jq -r '.transcript_path // empty' 2>/dev/null)
+# Detect git remote origin \u2192 repo identity (e.g. "owner/repo")
+GIT_REPO=""
+if command -v git >/dev/null 2>&1; then
+  _REMOTE=$(git -C "\${CWD:-.}" remote get-url origin 2>/dev/null || true)
+  if [ -n "$_REMOTE" ]; then
+    GIT_REPO=$(echo "$_REMOTE" | sed -E 's|^git@[^:]+:||; s|^https?://[^/]+/||; s|\\.git$||')
+  fi
+fi
 # Headless / non-interactive detection \u2014 when CC won't actually prompt the
 # human, our "ask" verdict is a no-op. Server uses these to fall back to
 # "deny" so we fail-closed instead of silently letting findings through.
@@ -655,6 +704,9 @@ if [ -z "$FILE_PATH" ]; then
   exit 0
 fi
 
+FILE_SHORT=$(basename "$FILE_PATH")
+synkro_log "editGuard checking: $FILE_SHORT"
+
 # Pull conversation context from the transcript file. CC writes one JSON line
 # per message; we read the tail and extract the most recent user message + the
 # last 5 tool_use blocks. The server uses these as anchors for cosine ranking
@@ -758,6 +810,7 @@ BODY=$(jq -n \\
   --arg cwd "$CWD" \\
   --arg permission_mode "$PERMISSION_MODE" \\
   --arg headless_flag "$HEADLESS_FLAG" \\
+  --arg repo "$GIT_REPO" \\
   '{
     file_path: $file_path,
     tool_name: $tool_name,
@@ -770,7 +823,8 @@ BODY=$(jq -n \\
     tool_use_id: (if ($tool_use_id | length) > 0 then $tool_use_id else null end),
     cwd: (if ($cwd | length) > 0 then $cwd else null end),
     permission_mode: (if ($permission_mode | length) > 0 then $permission_mode else null end),
-    headless: ($headless_flag == "1")
+    headless: ($headless_flag == "1"),
+    repo: (if ($repo | length) > 0 then $repo else null end)
   }')
 
 # Refresh JWT on 401 (mirrors the bash judge pattern).
@@ -799,22 +853,9 @@ refresh_jwt() {
   return 0
 }
 
+
 if [ "$SYNKRO_INFERENCE_TIER" = "free" ] && command -v claude >/dev/null 2>&1; then
   # \u2500\u2500\u2500 FREE TIER: grade via the persistent claude daemon (Python helper).
-  # The daemon at $HOME/.synkro/bin/grader_daemon.py keeps one
-  # \`claude --print --input-format=stream-json\` process alive, primed once
-  # with the role/format. Hook ships a thin grading prompt over Unix socket
-  # and gets the verdict text back. Steady-state ~1.5\u20133s per grading vs
-  # ~14s for cold \`claude --print\`. Falls back to direct \`claude --print\`
-  # if the daemon binary or primer is missing.
-
-  # Fetch the caller's visible org rules and inject into the grader prompt.
-  # On-demand MCP retrieval inside the grader was the cleaner architecture
-  # but added 20+ seconds of latency per grade because the model has to
-  # call get_guardrails, wait for cosine ranking, then reason. For free-tier
-  # local CC inference that's unacceptable. Pre-stuffing the rules costs
-  # tokens but keeps grade latency in the 1-3s range. Bounded at 1.5s; on
-  # failure proceed with empty rules (degrades to baseline-only judging).
   ORG_RULES=$(printf '%s' "$PROPOSED" | head -c 8000 \\
     | jq -Rs '{content: .}' \\
     | curl -sS "\${GATEWAY_URL}/api/v1/cli/pr-rules?top_k=20" \\
@@ -867,6 +908,7 @@ if [ "$SYNKRO_INFERENCE_TIER" = "free" ] && command -v claude >/dev/null 2>&1; t
     --arg cwd "$CWD" \\
     --arg permission_mode "$PERMISSION_MODE" \\
     --arg headless_flag "$HEADLESS_FLAG" \\
+    --arg repo "$GIT_REPO" \\
     '{
       verdict: $verdict,
       file_path: $file_path,
@@ -880,7 +922,8 @@ if [ "$SYNKRO_INFERENCE_TIER" = "free" ] && command -v claude >/dev/null 2>&1; t
       tool_use_id: (if ($tool_use_id | length) > 0 then $tool_use_id else null end),
       cwd: (if ($cwd | length) > 0 then $cwd else null end),
       permission_mode: (if ($permission_mode | length) > 0 then $permission_mode else null end),
-      headless: ($headless_flag == "1")
+      headless: ($headless_flag == "1"),
+      repo: (if ($repo | length) > 0 then $repo else null end)
     }')
 
   RESP=$(curl -sS -X POST "\${GATEWAY_URL}/api/v1/precheck-edit/local-verdict" \\
@@ -917,20 +960,26 @@ else
   fi
 fi
 
-# Server returns the literal CC hook JSON shape ({} for allow, or
-# hookSpecificOutput.permissionDecision: "deny" + reason). If the call failed
-# entirely or returned non-JSON, fail open with empty {}.
 if [ -z "$RESP" ]; then
+  synkro_log "editGuard $FILE_SHORT \u2192 error (timeout)"
   echo '{}'
   exit 0
 fi
 
-# Cheap validation \u2014 only forward if it parses as a JSON object.
 if ! echo "$RESP" | jq -e 'type == "object"' >/dev/null 2>&1; then
+  synkro_log "editGuard $FILE_SHORT \u2192 error (bad response)"
   echo '{}'
   exit 0
 fi
 
+DECISION=$(echo "$RESP" | jq -r '.hookSpecificOutput.permissionDecision // "allow"' 2>/dev/null)
+if [ "$DECISION" = "deny" ]; then
+  DENY_REASON=$(echo "$RESP" | jq -r '.hookSpecificOutput.permissionDecisionReason // ""' 2>/dev/null)
+  synkro_log "editGuard $FILE_SHORT \u2192 BLOCKED: $DENY_REASON"
+else
+  synkro_log "editGuard $FILE_SHORT \u2192 pass"
+fi
+
 echo "$RESP"
 exit 0
 `;
@@ -950,6 +999,8 @@ exit 0
 # Always exits 0 with valid JSON \u2014 never breaks CC's flow.
 set -e
 
+synkro_log() { echo "[synkro] $1" >&2; }
+
 CONFIG_FILE="$HOME/.synkro/config.env"
 if [ -f "$CONFIG_FILE" ]; then
   set -a
@@ -987,6 +1038,14 @@ TOOL_INPUT=$(echo "$PAYLOAD" | jq -c '.tool_input // {}' 2>/dev/null)
 SESSION_ID=$(echo "$PAYLOAD" | jq -r '.session_id // empty' 2>/dev/null)
 TOOL_USE_ID=$(echo "$PAYLOAD" | jq -r '.tool_use_id // empty' 2>/dev/null)
 CWD=$(echo "$PAYLOAD" | jq -r '.cwd // empty' 2>/dev/null)
+# Detect git remote origin \u2192 repo identity (e.g. "owner/repo")
+GIT_REPO=""
+if command -v git >/dev/null 2>&1; then
+  _REMOTE=$(git -C "\${CWD:-.}" remote get-url origin 2>/dev/null || true)
+  if [ -n "$_REMOTE" ]; then
+    GIT_REPO=$(echo "$_REMOTE" | sed -E 's|^git@[^:]+:||; s|^https?://[^/]+/||; s|\\.git$||')
+  fi
+fi
 
 FILE_PATH=$(echo "$TOOL_INPUT" | jq -r '.file_path // .notebook_path // .path // empty' 2>/dev/null)
 if [ -z "$FILE_PATH" ] || [ ! -f "$FILE_PATH" ]; then
@@ -995,6 +1054,7 @@ if [ -z "$FILE_PATH" ] || [ ! -f "$FILE_PATH" ]; then
 fi
 
 BASENAME=$(basename "$FILE_PATH")
+synkro_log "editScan checking: $BASENAME"
 
 # Read post-edit file content (cap 64KB).
 FILE_CONTENT=$(head -c 65536 "$FILE_PATH" 2>/dev/null || echo "")
@@ -1015,13 +1075,15 @@ BODY=$(jq -n \\
   --arg session_id "$SESSION_ID" \\
   --arg tool_use_id "$TOOL_USE_ID" \\
   --arg cwd "$CWD" \\
+  --arg repo "$GIT_REPO" \\
   '{
     file_path: $file_path,
     content: $content,
     diff: $diff,
     session_id: (if ($session_id | length) > 0 then $session_id else null end),
     tool_use_id: (if ($tool_use_id | length) > 0 then $tool_use_id else null end),
-    cwd: (if ($cwd | length) > 0 then $cwd else null end)
+    cwd: (if ($cwd | length) > 0 then $cwd else null end),
+    repo: (if ($repo | length) > 0 then $repo else null end)
   }')
 
 refresh_jwt() {
@@ -1081,9 +1143,22 @@ SYNKRO_INFERENCE_TIER="\${SYNKRO_INFERENCE_TIER:-free}"
 
 if [ "$SYNKRO_INFERENCE_TIER" = "free" ] && command -v claude >/dev/null 2>&1; then
   # \u2500\u2500\u2500 FREE TIER: grade via the persistent claude daemon (mode=edit). \u2500\u2500\u2500
+
+  # Fetch org guardrail rules relevant to this file content.
+  ORG_RULES=$(printf '%s' "$FILE_CONTENT" | head -c 8000 \\
+    | jq -Rs '{content: .}' \\
+    | curl -sS "\${GATEWAY_URL}/api/v1/cli/pr-rules?top_k=20" \\
+    -X POST -H "Content-Type: application/json" \\
+    -H "Authorization: Bearer $JWT" \\
+    -d @- --max-time 2 2>/dev/null \\
+    | jq -c '[.rules[]? | {rule_id, text, severity, category}]' 2>/dev/null || echo "[]")
+  if [ -z "$ORG_RULES" ] || [ "$ORG_RULES" = "null" ]; then ORG_RULES="[]"; fi
+
   GRADER_PROMPT_FILE=$(mktemp -t synkro-edit-capture.XXXXXX)
   trap "rm -f \\"$GRADER_PROMPT_FILE\\"" EXIT
-  printf 'File: %s\\n\\nContent:\\n' "$FILE_PATH" > "$GRADER_PROMPT_FILE"
+  printf 'File: %s\\n' "$FILE_PATH" > "$GRADER_PROMPT_FILE"
+  printf 'Org rules: %s\\n\\n' "$ORG_RULES" >> "$GRADER_PROMPT_FILE"
+  printf 'Content:\\n' >> "$GRADER_PROMPT_FILE"
   printf '%s\\n' "$FILE_CONTENT" >> "$GRADER_PROMPT_FILE"
 
   if [ -x "$HOME/.synkro/bin/grader_daemon.py" ] && [ -f "$HOME/.synkro/grader-primer-edit.txt" ] && command -v python3 >/dev/null 2>&1; then
@@ -1117,6 +1192,7 @@ else
 fi
 
 if [ -z "$RESP" ] || ! echo "$RESP" | jq -e 'type == "object"' >/dev/null 2>&1; then
+  synkro_log "editScan $BASENAME \u2192 error (no response)"
   if [ "\${SYNKRO_VERBOSE:-0}" = "1" ]; then
     SYS_MSG="[synkro] afterFileEdit \u2192 scanned \${BASENAME} (grader unavailable)"
     jq -n --arg sys_msg "$SYS_MSG" '{ systemMessage: $sys_msg }'
@@ -1132,6 +1208,7 @@ CATEGORY=$(echo "$RESP" | jq -r '.category // "unspecified"' 2>/dev/null)
 REASON=$(echo "$RESP" | jq -r '.reason // ""' 2>/dev/null)
 
 if [ "$OK" = "false" ] && [ -n "$REASON" ]; then
+  synkro_log "editScan $BASENAME \u2192 FAIL ($CATEGORY): $REASON"
   SYS_MSG="[synkro] afterFileEdit \u2192 Finding in \${BASENAME}: \${REASON}"
   ADDITIONAL_CTX="Synkro post-edit grader flagged \${BASENAME} (severity: \${SEVERITY}, category: \${CATEGORY}). Re-edit the file applying the retry guidance: \${REASON}"
   jq -n \\
@@ -1147,6 +1224,8 @@ if [ "$OK" = "false" ] && [ -n "$REASON" ]; then
   exit 0
 fi
 
+synkro_log "editScan $BASENAME \u2192 pass"
+
 if [ "\${SYNKRO_VERBOSE:-0}" = "1" ]; then
   SYS_MSG="[synkro] afterFileEdit \u2192 no issues in \${BASENAME}"
   jq -n --arg sys_msg "$SYS_MSG" '{ systemMessage: $sys_msg }'
@@ -2143,7 +2222,7 @@ function writeConfigEnv(opts) {
     `SYNKRO_GATEWAY_URL=${shellQuoteSingle(safeGateway)}`,
     `SYNKRO_CREDENTIALS_PATH=${shellQuoteSingle(credsPath)}`,
     `SYNKRO_TIER=${shellQuoteSingle(safeTier)}`,
-    `SYNKRO_VERSION=${shellQuoteSingle("1.1.8")}`
+    `SYNKRO_VERSION=${shellQuoteSingle("1.2.0")}`
   ];
   if (safeUserId) lines.push(`SYNKRO_USER_ID=${shellQuoteSingle(safeUserId)}`);
   if (safeOrgId) lines.push(`SYNKRO_ORG_ID=${shellQuoteSingle(safeOrgId)}`);
@@ -2473,6 +2552,15 @@ function statusCommand() {
   console.log(`  gateway:     ${config.SYNKRO_GATEWAY_URL ?? "(unset)"}`);
   console.log(`  credentials: ${config.SYNKRO_CREDENTIALS_PATH ?? "(unset)"}`);
   console.log(`  tier:        ${config.SYNKRO_TIER ?? "(unset)"}`);
+  const info2 = getUserInfo();
+  const userId = info2?.id ?? config.SYNKRO_USER_ID ?? "default";
+  const tierCacheFile = join5(SYNKRO_DIR2, `.tier-cache-${userId}`);
+  let inferenceTier = config.SYNKRO_INFERENCE_TIER || null;
+  if (!inferenceTier && existsSync6(tierCacheFile)) {
+    inferenceTier = readFileSync5(tierCacheFile, "utf-8").trim() || null;
+  }
+  const tierLabel = inferenceTier === "fast" ? "'fast' (server-side grading)" : inferenceTier === "free" ? "'free' (local daemon grading)" : "(unknown \u2014 fires on next hook)";
+  console.log(`  inference:   ${tierLabel}`);
   console.log(`  version:     ${config.SYNKRO_VERSION ?? "(unset)"}`);
   console.log();
   const agents = detectAgents();