@synkro-sh/cli 1.2.3 → 1.2.5

package/dist/bootstrap.js

@@ -135,7 +135,8 @@ function installCCHooks(settingsPath, config) {
     hooks: [
       {
         type: "command",
-        command: config.editCaptureScriptPath
+        command: config.editCaptureScriptPath,
+        timeout: 20
       }
     ],
     [SYNKRO_MARKER]: true
@@ -299,7 +300,7 @@ var init_hookScripts = __esm({
 # Synkro PreToolUse Bash judge hook
 # Reads CC's hook payload from stdin, judges via Synkro gateway, returns verdict.
 # Auth: reads access_token from ~/.synkro/credentials.json, sends Authorization: Bearer.
-set -e
+# No set -e: hook must ALWAYS produce JSON output. Silent death = CC timeout.
 
 synkro_log() { echo "[synkro] $1" >&2; }
 
@@ -563,24 +564,20 @@ CATEGORY=$(echo "$VERDICT" | jq -r '.category // "destructive_command"' 2>/dev/n
 # need to interrupt the user \u2014 surfacing them creates alert fatigue and
 # trains the user to click-through on warnings that turn out to be benign.
 
+ALT_SUFFIX=""
+if [ -n "$ALTERNATIVE" ] && [ "$ALTERNATIVE" != "null" ]; then
+  ALT_SUFFIX=" Suggested: \${ALTERNATIVE}"
+fi
+
 case "$SEVERITY" in
   critical)
-    synkro_log "bashGuard $CMD_SHORT \u2192 BLOCKED ($CATEGORY): $REASONING"
-    SYS_MSG="[synkro] bashGuard \u2192 critical: \${REASONING}"
-    if [ -n "$ALTERNATIVE" ] && [ "$ALTERNATIVE" != "null" ]; then
-      SYS_MSG="\${SYS_MSG}\\n[synkro] suggested \u2192 \${ALTERNATIVE}"
-    fi
-    ADDITIONAL_CTX="Synkro safety judge flagged this command (severity: critical, category: \${CATEGORY}). Reasoning: \${REASONING}."
-    if [ -n "$ALTERNATIVE" ] && [ "$ALTERNATIVE" != "null" ]; then
-      ADDITIONAL_CTX="\${ADDITIONAL_CTX} Suggested alternative: \${ALTERNATIVE}."
-    fi
-    PERMISSION_REASON="[synkro] BLOCKED \u2014 \${REASONING}. Severity: critical. Override only if you are certain."
+    synkro_log "bashGuard $CMD_SHORT \u2192 BLOCKED ($CATEGORY)"
+    PERMISSION_REASON="[synkro] BLOCKED \u2014 \${REASONING}\${ALT_SUFFIX}"
+    ADDITIONAL_CTX="Synkro safety judge (severity: critical, category: \${CATEGORY}).\${ALT_SUFFIX}"
     jq -n \\
-      --arg sys_msg "$SYS_MSG" \\
       --arg ctx "$ADDITIONAL_CTX" \\
       --arg reason "$PERMISSION_REASON" \\
       '{
-        systemMessage: $sys_msg,
         hookSpecificOutput: {
           hookEventName: "PreToolUse",
           permissionDecision: "deny",
@@ -590,28 +587,15 @@ case "$SEVERITY" in
       }'
     ;;
   high)
-    synkro_log "bashGuard $CMD_SHORT \u2192 FLAGGED ($CATEGORY): $REASONING"
-    SYS_MSG="[synkro] bashGuard \u2192 high: \${REASONING}"
-    if [ -n "$ALTERNATIVE" ] && [ "$ALTERNATIVE" != "null" ]; then
-      SYS_MSG="\${SYS_MSG}\\n[synkro] suggested \u2192 \${ALTERNATIVE}"
-    fi
-    ADDITIONAL_CTX="Synkro safety judge flagged this command (severity: high, category: \${CATEGORY}). Reasoning: \${REASONING}."
-    if [ -n "$ALTERNATIVE" ] && [ "$ALTERNATIVE" != "null" ]; then
-      ADDITIONAL_CTX="\${ADDITIONAL_CTX} Suggested alternative: \${ALTERNATIVE}."
-    fi
-    PERMISSION_REASON="[synkro] high: \${REASONING}"
-    if [ -n "$ALTERNATIVE" ] && [ "$ALTERNATIVE" != "null" ]; then
-      PERMISSION_REASON="\${PERMISSION_REASON} Alternative: \${ALTERNATIVE}"
-    fi
-    # Headless? Upgrade ask \u2192 deny so we fail-closed.
+    synkro_log "bashGuard $CMD_SHORT \u2192 FLAGGED ($CATEGORY)"
+    PERMISSION_REASON="[synkro] \${REASONING}\${ALT_SUFFIX}"
+    ADDITIONAL_CTX="Synkro safety judge (severity: high, category: \${CATEGORY}).\${ALT_SUFFIX}"
     if [ "$IS_HEADLESS" = "1" ]; then DECISION="deny"; else DECISION="ask"; fi
     jq -n \\
-      --arg sys_msg "$SYS_MSG" \\
       --arg ctx "$ADDITIONAL_CTX" \\
       --arg reason "$PERMISSION_REASON" \\
       --arg decision "$DECISION" \\
       '{
-        systemMessage: $sys_msg,
         hookSpecificOutput: {
           hookEventName: "PreToolUse",
           permissionDecision: $decision,
@@ -621,9 +605,15 @@ case "$SEVERITY" in
       }'
     ;;
   *)
-    # low / medium / anything else \u2192 allow
-    synkro_log "bashGuard $CMD_SHORT \u2192 pass"
-    jq -n --arg m "[synkro] bashGuard \u2192 pass" '{systemMessage: $m}'
+    synkro_log "bashGuard $CMD_SHORT \u2192 pass ($CATEGORY): $REASONING"
+    case "$CATEGORY" in
+      trivial_utility)
+        jq -n --arg m "[synkro] bashGuard \u2192 pass" '{systemMessage: $m}' ;;
+      judge_unavailable|judge_error|parse_error)
+        jq -n --arg m "[synkro] bashGuard \u2192 pass (grader unavailable)" '{systemMessage: $m}' ;;
+      *)
+        jq -n --arg m "[synkro] bashGuard \u2192 pass: \${REASONING}" '{systemMessage: $m}' ;;
+    esac
     ;;
 esac
 
@@ -642,7 +632,7 @@ exit 0
 # Synkro's COGS = ~$0.00001 per edit (one Gemini embedding call).
 #
 # Always exits 0 with valid JSON. Fails open on any error.
-set -e
+# No set -e: hook must ALWAYS produce JSON output. Silent death = CC timeout.
 
 synkro_log() { echo "[synkro] $1" >&2; }
 
@@ -1014,7 +1004,7 @@ exit 0
 # edit lands (cross-file shapes, real disk state, post-edit semantic effects).
 #
 # Always exits 0 with valid JSON \u2014 never breaks CC's flow.
-set -e
+# No set -e: hook must ALWAYS produce JSON output. Silent death = CC timeout.
 
 synkro_log() { echo "[synkro] $1" >&2; }
 
@@ -1033,7 +1023,7 @@ if [ ! -f "$CREDS_PATH" ]; then
   echo '{}'
   exit 0
 fi
-JWT=$(jq -r '.access_token // empty' "$CREDS_PATH" 2>/dev/null)
+JWT=$(jq -r '.access_token // empty' "$CREDS_PATH" 2>/dev/null || true)
 if [ -z "$JWT" ]; then
   echo '{}'
   exit 0
@@ -1080,7 +1070,7 @@ if [ -z "$FILE_CONTENT" ]; then
   exit 0
 fi
 
-DIFF_FIELD=$(echo "$TOOL_INPUT" | jq -c '{old_string, new_string, edits} | with_entries(select(.value != null))' 2>/dev/null)
+DIFF_FIELD=$(echo "$TOOL_INPUT" | jq -c '{old_string, new_string, edits} | with_entries(select(.value != null))' 2>/dev/null || echo "null")
 if [ -z "$DIFF_FIELD" ] || [ "$DIFF_FIELD" = "null" ] || [ "$DIFF_FIELD" = "{}" ]; then
   DIFF_FIELD="null"
 fi
@@ -1101,7 +1091,12 @@ BODY=$(jq -n \\
     tool_use_id: (if ($tool_use_id | length) > 0 then $tool_use_id else null end),
     cwd: (if ($cwd | length) > 0 then $cwd else null end),
     repo: (if ($repo | length) > 0 then $repo else null end)
-  }')
+  }' 2>/dev/null || true)
+
+if [ -z "$BODY" ] || ! echo "$BODY" | jq -e 'type == "object"' >/dev/null 2>&1; then
+  jq -n --arg m "[synkro] editScan $BASENAME \u2192 error (body construction failed)" '{systemMessage: $m}'
+  exit 0
+fi
 
 refresh_jwt() {
   local refresh_token
@@ -1128,31 +1123,32 @@ refresh_jwt() {
   return 0
 }
 
-# Fire-and-forget correction-followup. PostToolUse means the edit landed \u2192
-# flip any pending precheck-correction for this tool_use_id to 'allow'.
+# Fire-and-forget correction-followup (backgrounded \u2014 must not block grading).
 if [ -n "$SESSION_ID" ] && [ -n "$TOOL_USE_ID" ]; then
-  FOLLOWUP_BODY=$(jq -n \\
-    --arg sid "$SESSION_ID" \\
-    --arg tid "$TOOL_USE_ID" \\
-    '{session_id: $sid, tool_use_id: $tid, decision: "allow"}')
-  curl -sS -X POST "\${GATEWAY_URL}/api/v1/precheck-edit/correction-followup" \\
-    -H "Content-Type: application/json" \\
-    -H "Authorization: Bearer $JWT" \\
-    -d "$FOLLOWUP_BODY" \\
-    --max-time 2 \\
-    >/dev/null 2>&1 || true
+  (
+    FOLLOWUP_BODY=$(jq -n \\
+      --arg sid "$SESSION_ID" \\
+      --arg tid "$TOOL_USE_ID" \\
+      '{session_id: $sid, tool_use_id: $tid, decision: "allow"}')
+    curl -sS -X POST "\${GATEWAY_URL}/api/v1/precheck-edit/correction-followup" \\
+      -H "Content-Type: application/json" \\
+      -H "Authorization: Bearer $JWT" \\
+      -d "$FOLLOWUP_BODY" \\
+      --max-time 2 \\
+      >/dev/null 2>&1
+  ) &
 fi
 
 # Resolve tier (cached 60 min) \u2014 same logic as the other hooks.
 TIER_CACHE_FILE="$HOME/.synkro/.tier-cache-\${SYNKRO_USER_ID:-default}"
 SYNKRO_INFERENCE_TIER=""
 if find "$TIER_CACHE_FILE" -mmin -60 2>/dev/null | grep -q .; then
-  SYNKRO_INFERENCE_TIER=$(cat "$TIER_CACHE_FILE" 2>/dev/null)
+  SYNKRO_INFERENCE_TIER=$(cat "$TIER_CACHE_FILE" 2>/dev/null || true)
 fi
 if [ -z "$SYNKRO_INFERENCE_TIER" ]; then
   ME_RESP=$(curl -sS "\${GATEWAY_URL}/api/v1/cli/me" -H "Authorization: Bearer $JWT" --max-time 2 2>/dev/null || echo "")
   if [ -n "$ME_RESP" ]; then
-    SYNKRO_INFERENCE_TIER=$(echo "$ME_RESP" | jq -r '.tier // empty' 2>/dev/null)
+    SYNKRO_INFERENCE_TIER=$(echo "$ME_RESP" | jq -r '.tier // empty' 2>/dev/null || true)
     [ -n "$SYNKRO_INFERENCE_TIER" ] && printf '%s' "$SYNKRO_INFERENCE_TIER" > "$TIER_CACHE_FILE" 2>/dev/null || true
   fi
 fi
@@ -1195,7 +1191,7 @@ else
     -H "Content-Type: application/json" \\
     -H "Authorization: Bearer $JWT" \\
     -d "$BODY" \\
-    --max-time 5 2>/dev/null || echo "")
+    --max-time 12 2>/dev/null || echo "")
 
   if echo "$RESP" | grep -qE '"detail":"Token has expired|"detail":"Invalid or expired token'; then
     if refresh_jwt; then
@@ -1203,7 +1199,7 @@ else
         -H "Content-Type: application/json" \\
         -H "Authorization: Bearer $JWT" \\
         -d "$BODY" \\
-        --max-time 5 2>/dev/null || echo "")
+        --max-time 12 2>/dev/null || echo "")
     fi
   fi
 fi
@@ -1244,7 +1240,7 @@ exit 0
 # Synkro Stop hook \u2014 emits "[synkro] stop \u2192 N findings: X auto-fixed, Y open"
 # as a final summary line when the CC session ends. Reads guard_checks rows
 # for the session via /api/v1/cli/session-summary.
-set -e
+# No set -e: hook must ALWAYS produce JSON output. Silent death = CC timeout.
 
 CONFIG_FILE="$HOME/.synkro/config.env"
 if [ -f "$CONFIG_FILE" ]; then
@@ -1309,7 +1305,7 @@ exit 0
 # Synkro SessionStart hook \u2014 when the user opens a fresh CC session in a repo
 # we have findings on, surface "[synkro] session start \u2192 N open finding(s) in
 # this repo" so they have context. Silent when there's nothing to report.
-set -e
+# No set -e: hook must ALWAYS produce JSON output. Silent death = CC timeout.
 
 CONFIG_FILE="$HOME/.synkro/config.env"
 if [ -f "$CONFIG_FILE" ]; then
@@ -1370,7 +1366,7 @@ exit 0
 # Synkro PostToolUse Bash hook \u2014 minimal correction-followup fire.
 # No grading happens here; verdict already came from PreToolUse. This is just
 # the "user approved + agent ran it" capture.
-set -e
+# No set -e: hook must ALWAYS produce JSON output. Silent death = CC timeout.
 
 CONFIG_FILE="$HOME/.synkro/config.env"
 if [ -f "$CONFIG_FILE" ]; then
@@ -2225,7 +2221,7 @@ function writeConfigEnv(opts) {
     `SYNKRO_GATEWAY_URL=${shellQuoteSingle(safeGateway)}`,
     `SYNKRO_CREDENTIALS_PATH=${shellQuoteSingle(credsPath)}`,
     `SYNKRO_TIER=${shellQuoteSingle(safeTier)}`,
-    `SYNKRO_VERSION=${shellQuoteSingle("1.2.3")}`
+    `SYNKRO_VERSION=${shellQuoteSingle("1.2.5")}`
   ];
   if (safeUserId) lines.push(`SYNKRO_USER_ID=${shellQuoteSingle(safeUserId)}`);
   if (safeOrgId) lines.push(`SYNKRO_ORG_ID=${shellQuoteSingle(safeOrgId)}`);