@synkro-sh/cli 1.3.20 → 1.3.21

package/dist/bootstrap.js

@@ -2495,6 +2495,14 @@ var init_workflowTemplate = __esm({
 on:
   pull_request:
     types: [opened, synchronize, reopened]
+  workflow_dispatch:
+    inputs:
+      pr_number:
+        description: PR number to scan
+        required: true
+      sha:
+        description: Commit SHA to scan
+        required: true
 
 jobs:
   scan:
@@ -2507,6 +2515,7 @@ jobs:
       - uses: actions/checkout@v4
         with:
           fetch-depth: 0
+          ref: \${{ inputs.sha || github.event.pull_request.head.sha }}
 
       - name: Cache npm globals
         id: cache-npm-global
@@ -2527,9 +2536,9 @@ jobs:
           CLAUDE_CODE_OAUTH_TOKEN: \${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
           SYNKRO_API_KEY: \${{ secrets.SYNKRO_API_KEY }}
           GH_TOKEN: \${{ secrets.GITHUB_TOKEN }}
-          SYNKRO_PR_NUMBER: \${{ github.event.pull_request.number }}
+          SYNKRO_PR_NUMBER: \${{ inputs.pr_number || github.event.pull_request.number }}
           SYNKRO_REPO: \${{ github.repository }}
-          SYNKRO_SHA: \${{ github.event.pull_request.head.sha }}
+          SYNKRO_SHA: \${{ inputs.sha || github.event.pull_request.head.sha }}
           SYNKRO_GATEWAY_URL: \${{ vars.SYNKRO_GATEWAY_URL || 'https://api.synkro.sh' }}
 `;
     WORKFLOW_PATH = ".github/workflows/synkro.yml";
@@ -2721,14 +2730,14 @@ function waitForGithubToken() {
   });
 }
 function openBrowser2(url) {
-  const { execFile: execFile2 } = __require("child_process");
+  const { execFile: execFile3 } = __require("child_process");
   const plat = process.platform;
   const cb = (err) => {
     if (err) console.log(`  Open this URL manually: ${url}`);
   };
-  if (plat === "darwin") execFile2("open", [url], cb);
-  else if (plat === "win32") execFile2("cmd", ["/c", "start", "", url], cb);
-  else execFile2("xdg-open", [url], cb);
+  if (plat === "darwin") execFile3("open", [url], cb);
+  else if (plat === "win32") execFile3("cmd", ["/c", "start", "", url], cb);
+  else execFile3("xdg-open", [url], cb);
 }
 async function connectGithubAndSelectRepos() {
   const url = `${SYNKRO_WEB_AUTH_URL2}/cli-github?port=${GITHUB_PORT}`;
@@ -2868,8 +2877,9 @@ import { createInterface as createInterface2 } from "readline/promises";
 import { stdin as input, stdout as output } from "process";
 import { execSync as execSync3, spawn as nodeSpawn } from "child_process";
 import { existsSync as existsSync6, readFileSync as readFileSync4 } from "fs";
-import { homedir as homedir4 } from "os";
+import { homedir as homedir4, platform as platform2 } from "os";
 import { join as join5 } from "path";
+import { execFile as execFile2 } from "child_process";
 function readConfig() {
   if (!existsSync6(CONFIG_PATH)) return {};
   const out = {};
@@ -2897,9 +2907,7 @@ async function prompt(rl, q, opts = {}) {
           resolve2(chunk);
           return;
         }
-        if (s === "") {
-          process.exit(130);
-        }
+        if (s === "") process.exit(130);
         if (s === "\x7F" || s === "\b") {
           chunk = chunk.slice(0, -1);
           return;
@@ -2911,6 +2919,30 @@ async function prompt(rl, q, opts = {}) {
   }
   return await rl.question(q);
 }
+function openBrowser3(url) {
+  const os = platform2();
+  let bin;
+  let args2;
+  switch (os) {
+    case "darwin":
+      bin = "open";
+      args2 = [url];
+      break;
+    case "win32":
+      bin = "cmd";
+      args2 = ["/c", "start", "", url];
+      break;
+    default:
+      bin = "xdg-open";
+      args2 = [url];
+      break;
+  }
+  execFile2(bin, args2, () => {
+  });
+}
+function sleep(ms) {
+  return new Promise((r) => setTimeout(r, ms));
+}
 function captureClaudeSetupToken() {
   return new Promise((resolve2, reject) => {
     const proc = nodeSpawn("script", ["-q", "/dev/null", "claude", "setup-token"], {
@@ -2936,6 +2968,21 @@ function captureClaudeSetupToken() {
     });
   });
 }
+async function apiCall(gatewayUrl, jwt2, path, opts = {}) {
+  const resp = await fetch(`${gatewayUrl}${path}`, {
+    ...opts,
+    headers: {
+      "Authorization": `Bearer ${jwt2}`,
+      "Content-Type": "application/json",
+      ...opts.headers || {}
+    }
+  });
+  if (!resp.ok) {
+    const text = await resp.text().catch(() => "");
+    throw new Error(`API ${resp.status}: ${text.slice(0, 200)}`);
+  }
+  return resp.json();
+}
 async function setupGithubCommand(opts = {}) {
   if (!isAuthenticated()) {
     console.error("Not authenticated. Run `synkro-cli login` first.");
@@ -2951,20 +2998,12 @@ async function setupGithubCommand(opts = {}) {
   console.log("Requesting CI API key from Synkro...");
   let synkroCiApiKey;
   try {
-    const resp = await fetch(`${gatewayUrl}/api/v1/cli/ci-api-key`, {
-      method: "POST",
-      headers: {
-        "Authorization": `Bearer ${jwt2}`,
-        "Content-Type": "application/json"
-      },
-      body: "{}"
-    });
-    if (!resp.ok) {
-      const errText = await resp.text().catch(() => "");
-      console.error(`Failed to mint CI API key (${resp.status}): ${errText.slice(0, 200)}`);
-      process.exit(1);
-    }
-    const minted = await resp.json();
+    const minted = await apiCall(
+      gatewayUrl,
+      jwt2,
+      "/api/v1/cli/ci-api-key",
+      { method: "POST", body: "{}" }
+    );
     synkroCiApiKey = minted.api_key;
     console.log(`  \u2713 Issued CI key (${synkroCiApiKey.slice(0, 18)}\u2026), expires ${minted.expires_at.slice(0, 10)}`);
   } catch (err) {
@@ -2976,23 +3015,78 @@ async function setupGithubCommand(opts = {}) {
     ghToken = opts.githubToken;
   } else if (opts.nonInteractive) {
     try {
-      ghToken = execSync3("gh auth token", { encoding: "utf-8", timeout: 5e3 }).trim();
+      const result = await apiCall(
+        gatewayUrl,
+        jwt2,
+        "/api/v1/cli/github-token"
+      );
+      if (result.connected && result.token) {
+        ghToken = result.token;
+      } else {
+        throw new Error("not connected");
+      }
     } catch {
-      console.error("Could not get GitHub token from `gh auth token`. Run `gh auth login` first.");
-      return;
+      try {
+        ghToken = execSync3("gh auth token", { encoding: "utf-8", timeout: 5e3 }).trim();
+      } catch {
+        console.error("GitHub not connected. Run `synkro-cli setup-github` interactively to connect.");
+        return;
+      }
     }
   } else {
-    const rl = createInterface2({ input, output });
-    console.log("Synkro PR scan setup\n");
-    console.log("Requirements:");
-    console.log("  \u2022 Claude Code installed and logged in (Pro, Max, Teams, or Enterprise)");
-    console.log("  \u2022 A GitHub personal access token with `repo` scope");
-    console.log("    (create at https://github.com/settings/tokens?type=beta)\n");
-    ghToken = (await prompt(rl, "GitHub token (paste): ", { silent: true })).trim();
-    rl.close();
-    if (!ghToken || !ghToken.startsWith("ghp_") && !ghToken.startsWith("github_pat_")) {
-      console.error("Invalid GitHub token format. Expected ghp_... or github_pat_...");
-      process.exit(1);
+    console.log("\nConnecting to GitHub...");
+    let connected = false;
+    try {
+      const result = await apiCall(
+        gatewayUrl,
+        jwt2,
+        "/api/v1/cli/github-token"
+      );
+      if (result.connected && result.token) {
+        ghToken = result.token;
+        connected = true;
+        console.log("  \u2713 GitHub already connected via Synkro.\n");
+      }
+    } catch {
+    }
+    if (!connected) {
+      console.log("  Opening browser to authorize GitHub...");
+      try {
+        const authResp = await apiCall(
+          gatewayUrl,
+          jwt2,
+          "/api/pipes-widget/authorize/github",
+          { method: "POST", body: "{}" }
+        );
+        openBrowser3(authResp.url);
+        console.log("  Waiting for authorization...");
+      } catch (err) {
+        console.error(`Failed to start GitHub authorization: ${err.message}`);
+        process.exit(1);
+      }
+      const deadline = Date.now() + 12e4;
+      ghToken = "";
+      while (Date.now() < deadline) {
+        await sleep(2e3);
+        try {
+          const result = await apiCall(
+            gatewayUrl,
+            jwt2,
+            "/api/v1/cli/github-token"
+          );
+          if (result.connected && result.token) {
+            ghToken = result.token;
+            break;
+          }
+        } catch {
+        }
+        process.stdout.write(".");
+      }
+      if (!ghToken) {
+        console.error("\n  Timed out waiting for GitHub authorization. Try again.");
+        process.exit(1);
+      }
+      console.log("\n  \u2713 GitHub connected!\n");
     }
   }
   let claudeToken;
@@ -3043,10 +3137,10 @@ async function setupGithubCommand(opts = {}) {
     selected = [{ owner, repo, full_name: currentFullName }];
     console.log(`  Auto-selected repo: ${currentFullName}`);
   } else {
-    console.log("\nFetching accessible repos...");
+    console.log("Fetching accessible repos...");
     const repos = await listAccessibleRepos({ token: ghToken });
     if (repos.length === 0) {
-      console.error("No accessible repos found. Verify the GitHub token has `repo` scope.");
+      console.error("No accessible repos found. Check your GitHub permissions.");
       process.exit(1);
     }
     console.log(`
@@ -3238,7 +3332,7 @@ function writeConfigEnv(opts) {
     `SYNKRO_CREDENTIALS_PATH=${shellQuoteSingle(credsPath)}`,
     `SYNKRO_TIER=${shellQuoteSingle(safeTier)}`,
     `SYNKRO_INFERENCE=${shellQuoteSingle(safeInference)}`,
-    `SYNKRO_VERSION=${shellQuoteSingle("1.3.20")}`
+    `SYNKRO_VERSION=${shellQuoteSingle("1.3.21")}`
   ];
   if (safeUserId) lines.push(`SYNKRO_USER_ID=${shellQuoteSingle(safeUserId)}`);
   if (safeOrgId) lines.push(`SYNKRO_ORG_ID=${shellQuoteSingle(safeOrgId)}`);
@@ -3258,10 +3352,48 @@ function collectLocalMetadata() {
   }
   try {
     const remote = execSync4("git remote get-url origin", { encoding: "utf-8", timeout: 3e3 }).trim();
-    const m = remote.match(/(?:github\.com)[:/](.+?)(?:\.git)?$/);
+    const sshMatch = remote.match(/^git@[^:]+:(.+?)(?:\.git)?$/);
+    const httpMatch = remote.match(/^https?:\/\/[^/]+\/(.+?)(?:\.git)?$/);
+    const m = sshMatch || httpMatch;
     if (m) meta.active_repo = m[1];
   } catch {
   }
+  try {
+    meta.cc_version = execSync4("claude --version", { encoding: "utf-8", timeout: 5e3 }).trim().split("\n")[0];
+  } catch {
+  }
+  const claudeDir = join6(homedir5(), ".claude");
+  try {
+    const settings = JSON.parse(readFileSync5(join6(claudeDir, "settings.json"), "utf-8"));
+    const plugins = Object.keys(settings.enabledPlugins ?? {}).filter((k) => settings.enabledPlugins[k]);
+    if (plugins.length) meta.enabled_plugins = plugins;
+    if (settings.permissions?.defaultMode) meta.permissions_mode = settings.permissions.defaultMode;
+  } catch {
+  }
+  try {
+    const mcpCache = JSON.parse(readFileSync5(join6(claudeDir, "mcp-needs-auth-cache.json"), "utf-8"));
+    const mcpNames = Object.keys(mcpCache);
+    if (mcpNames.length) meta.mcp_servers = mcpNames;
+  } catch {
+  }
+  try {
+    const mcpList = execSync4("claude mcp list 2>/dev/null", { encoding: "utf-8", timeout: 1e4 });
+    const connected = mcpList.split("\n").filter((l) => l.includes("Connected")).map((l) => l.split(":")[0].trim()).filter(Boolean);
+    if (connected.length) meta.mcp_servers_connected = connected;
+  } catch {
+  }
+  try {
+    const sessionsDir = join6(claudeDir, "sessions");
+    const files = readdirSync(sessionsDir).filter((f) => f.endsWith(".json")).slice(-5);
+    for (const f of files) {
+      const s = JSON.parse(readFileSync5(join6(sessionsDir, f), "utf-8"));
+      if (s.version) {
+        meta.cc_version = meta.cc_version || s.version;
+        break;
+      }
+    }
+  } catch {
+  }
   return meta;
 }
 async function fetchUserProfile(gatewayUrl, token) {
@@ -4343,13 +4475,16 @@ ${hunks}`;
     });
   });
 }
-async function processInBatches(items, batchSize, fn) {
-  const results = [];
-  for (let i = 0; i < items.length; i += batchSize) {
-    const batch = items.slice(i, i + batchSize);
-    const batchResults = await Promise.all(batch.map(fn));
-    results.push(...batchResults);
+async function processInBatches(items, concurrency, fn) {
+  const results = new Array(items.length);
+  let next = 0;
+  async function worker() {
+    while (next < items.length) {
+      const idx = next++;
+      results[idx] = await fn(items[idx], idx, items.length);
+    }
   }
+  await Promise.all(Array.from({ length: Math.min(concurrency, items.length) }, () => worker()));
   return results;
 }
 function buildConsolidationPrompt(findings) {
@@ -4631,12 +4766,12 @@ async function scanPrCommand() {
     return;
   }
   const t0 = Date.now();
-  const results = await processInBatches(eligible, MAX_PARALLEL_FILES, async (file) => {
-    process.stdout.write(`Scanning ${file.filename}...`);
+  const results = await processInBatches(eligible, MAX_PARALLEL_FILES, async (file, idx, total) => {
+    process.stdout.write(`[${idx + 1}/${total}] ${file.filename}...`);
     const literalFindings = applyLiteralMatchNegative(literalNegativeRules, file);
     const llmResult = await spawnClaudeJudge(file, claudeToken, promptHeader);
     const merged = [...literalFindings, ...llmResult.findings];
-    console.log(` ${merged.length} finding(s) (${literalFindings.length} literal, ${llmResult.findings.length} llm; ${llmResult.latencyMs}ms)`);
+    console.log(` ${merged.length === 0 ? "clean" : `${merged.length} finding(s)`} (${(llmResult.latencyMs / 1e3).toFixed(1)}s)`);
     return { findings: merged, latencyMs: llmResult.latencyMs };
   });
   const totalLatencyMs = Date.now() - t0;
@@ -4690,7 +4825,7 @@ var init_scanPr = __esm({
       /go\.sum$/
     ];
     MAX_DIFF_LINES_PER_FILE = 1e3;
-    MAX_PARALLEL_FILES = 5;
+    MAX_PARALLEL_FILES = 10;
   }
 });