npm - @synkro-sh/cli - Versions diffs - 1.3.27 → 1.3.29 - Mend

@synkro-sh/cli 1.3.27 → 1.3.29

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/bootstrap.js CHANGED Viewed

@@ -571,34 +571,49 @@ refresh_jwt() {
   return 0
 }
-# Resolve tier (cached 60 min) \u2014 server is canonical via /cli/me; fallback free.
+# Resolve tier + capture_depth (cached 60 min) \u2014 server is canonical via /cli/me.
 TIER_CACHE_FILE="$HOME/.synkro/.tier-cache-\${SYNKRO_USER_ID:-default}"
+CD_CACHE_FILE="\${TIER_CACHE_FILE}.cd"
 SYNKRO_INFERENCE_TIER=""
+SYNKRO_CAPTURE_DEPTH=""
 if find "$TIER_CACHE_FILE" -mmin -60 2>/dev/null | grep -q .; then
   SYNKRO_INFERENCE_TIER=$(cat "$TIER_CACHE_FILE" 2>/dev/null)
+  SYNKRO_CAPTURE_DEPTH=$(cat "$CD_CACHE_FILE" 2>/dev/null)
 fi
 if [ -z "$SYNKRO_INFERENCE_TIER" ]; then
   ME_RESP=$(curl -sS "\${GATEWAY_URL}/api/v1/cli/me" -H "Authorization: Bearer $JWT" --max-time 2 2>/dev/null || echo "")
   if [ -n "$ME_RESP" ]; then
     SYNKRO_INFERENCE_TIER=$(echo "$ME_RESP" | jq -r '.tier // empty' 2>/dev/null)
     [ -n "$SYNKRO_INFERENCE_TIER" ] && printf '%s' "$SYNKRO_INFERENCE_TIER" > "$TIER_CACHE_FILE" 2>/dev/null || true
+    SYNKRO_CAPTURE_DEPTH=$(echo "$ME_RESP" | jq -r '.capture_depth // empty' 2>/dev/null)
+    [ -n "$SYNKRO_CAPTURE_DEPTH" ] && printf '%s' "$SYNKRO_CAPTURE_DEPTH" > "$CD_CACHE_FILE" 2>/dev/null || true
   fi
 fi
 SYNKRO_INFERENCE_TIER="\${SYNKRO_INFERENCE_TIER:-fast}"
+SYNKRO_CAPTURE_DEPTH="\${SYNKRO_CAPTURE_DEPTH:-full}"
+USE_LOCAL=false
+if [ "$SYNKRO_CAPTURE_DEPTH" = "local_only" ] && command -v claude >/dev/null 2>&1; then
+  USE_LOCAL=true
+elif [ "$SYNKRO_INFERENCE_TIER" = "free" ] && command -v claude >/dev/null 2>&1; then
+  USE_LOCAL=true
+fi
-if [ "$SYNKRO_INFERENCE_TIER" = "free" ] && command -v claude >/dev/null 2>&1; then
+if [ "$USE_LOCAL" = "true" ]; then
   # \u2500\u2500\u2500 FREE TIER: grade via the persistent claude daemon (mode=bash). \u2500\u2500\u2500
-  # Fetch org guardrail rules relevant to this command (same as edit hook).
-  ORG_RULES=$(printf '%s' "$COMMAND" | head -c 4000 \\
-    | jq -Rs '{content: .}' \\
-    | curl -sS "\${GATEWAY_URL}/api/v1/cli/pr-rules?top_k=15" \\
-    -X POST -H "Content-Type: application/json" \\
-    -H "Authorization: Bearer $JWT" \\
-    -d @- --max-time 2 2>/dev/null \\
-    | jq -c '[.rules[]? | {rule_id, text, severity, category}]' 2>/dev/null || echo "[]")
-  if [ -z "$ORG_RULES" ] || [ "$ORG_RULES" = "null" ]; then ORG_RULES="[]"; fi
+  # Fetch org guardrail rules relevant to this command (skip in local_only \u2014 no content leaves device).
+  ORG_RULES="[]"
+  if [ "$SYNKRO_CAPTURE_DEPTH" != "local_only" ]; then
+    ORG_RULES=$(printf '%s' "$COMMAND" | head -c 4000 \\
+      | jq -Rs '{content: .}' \\
+      | curl -sS "\${GATEWAY_URL}/api/v1/cli/pr-rules?top_k=15" \\
+      -X POST -H "Content-Type: application/json" \\
+      -H "Authorization: Bearer $JWT" \\
+      -d @- --max-time 2 2>/dev/null \\
+      | jq -c '[.rules[]? | {rule_id, text, severity, category}]' 2>/dev/null || echo "[]")
+    if [ -z "$ORG_RULES" ] || [ "$ORG_RULES" = "null" ]; then ORG_RULES="[]"; fi
+  fi
   GRADER_PROMPT_FILE=$(mktemp -t synkro-bash-prompt.XXXXXX)
   trap "rm -f \\"$GRADER_PROMPT_FILE\\"" EXIT
@@ -711,6 +726,36 @@ case "$SEVERITY" in
     ;;
 esac
+# Fire-and-forget anonymized telemetry for local_only mode
+if [ "$SYNKRO_CAPTURE_DEPTH" = "local_only" ] && [ -n "$VERDICT_KIND" ]; then
+  (
+    ANON_BODY=$(jq -n \\
+      --arg event_id "$(uuidgen 2>/dev/null || echo "evt_$(date +%s)_$$")" \\
+      --arg timestamp "$(date -u +%Y-%m-%dT%H:%M:%SZ)" \\
+      --arg hook_type "bash" \\
+      --arg verdict "$VERDICT_KIND" \\
+      --arg severity "$SEVERITY" \\
+      --arg category "$CATEGORY" \\
+      --arg model "\${CC_MODEL:-claude-sonnet-4-6}" \\
+      --arg tool_name "$TOOL_NAME" \\
+      '{
+        event_id: $event_id,
+        timestamp: $timestamp,
+        hook_type: $hook_type,
+        verdict: $verdict,
+        severity: $severity,
+        category: $category,
+        model: $model,
+        tool_name: $tool_name
+      }')
+    curl -sS -X POST "\${GATEWAY_URL}/api/v1/events/local-verdict" \\
+      -H "Content-Type: application/json" \\
+      -H "Authorization: Bearer $JWT" \\
+      -d "$ANON_BODY" \\
+      --max-time 2 >/dev/null 2>&1
+  ) &
+fi
 exit 0
 `;
     CC_EDIT_PRECHECK_SCRIPT = `#!/bin/bash
@@ -938,31 +983,47 @@ refresh_jwt() {
 }
-# Resolve tier (cached 60 min) \u2014 server is canonical via /cli/me; fallback free.
+# Resolve tier + capture_depth (cached 60 min) \u2014 server is canonical via /cli/me.
 TIER_CACHE_FILE="$HOME/.synkro/.tier-cache-\${SYNKRO_USER_ID:-default}"
+CD_CACHE_FILE="\${TIER_CACHE_FILE}.cd"
 SYNKRO_INFERENCE_TIER=""
+SYNKRO_CAPTURE_DEPTH=""
 if find "$TIER_CACHE_FILE" -mmin -60 2>/dev/null | grep -q .; then
   SYNKRO_INFERENCE_TIER=$(cat "$TIER_CACHE_FILE" 2>/dev/null)
+  SYNKRO_CAPTURE_DEPTH=$(cat "$CD_CACHE_FILE" 2>/dev/null)
 fi
 if [ -z "$SYNKRO_INFERENCE_TIER" ]; then
   ME_RESP=$(curl -sS "\${GATEWAY_URL}/api/v1/cli/me" -H "Authorization: Bearer $JWT" --max-time 2 2>/dev/null || echo "")
   if [ -n "$ME_RESP" ]; then
     SYNKRO_INFERENCE_TIER=$(echo "$ME_RESP" | jq -r '.tier // empty' 2>/dev/null)
     [ -n "$SYNKRO_INFERENCE_TIER" ] && printf '%s' "$SYNKRO_INFERENCE_TIER" > "$TIER_CACHE_FILE" 2>/dev/null || true
+    SYNKRO_CAPTURE_DEPTH=$(echo "$ME_RESP" | jq -r '.capture_depth // empty' 2>/dev/null)
+    [ -n "$SYNKRO_CAPTURE_DEPTH" ] && printf '%s' "$SYNKRO_CAPTURE_DEPTH" > "$CD_CACHE_FILE" 2>/dev/null || true
   fi
 fi
 SYNKRO_INFERENCE_TIER="\${SYNKRO_INFERENCE_TIER:-fast}"
+SYNKRO_CAPTURE_DEPTH="\${SYNKRO_CAPTURE_DEPTH:-full}"
-if [ "$SYNKRO_INFERENCE_TIER" = "free" ] && command -v claude >/dev/null 2>&1; then
-  # \u2500\u2500\u2500 FREE TIER: grade via the persistent claude daemon (Python helper).
-  ORG_RULES=$(printf '%s' "$PROPOSED" | head -c 8000 \\
-    | jq -Rs '{content: .}' \\
-    | curl -sS "\${GATEWAY_URL}/api/v1/cli/pr-rules?top_k=20" \\
-    -X POST -H "Content-Type: application/json" \\
-    -H "Authorization: Bearer $JWT" \\
-    -d @- --max-time 2 2>/dev/null \\
-    | jq -c '[.rules[]? | {rule_id, text, severity, category, mode}]' 2>/dev/null || echo "[]")
-  if [ -z "$ORG_RULES" ] || [ "$ORG_RULES" = "null" ]; then ORG_RULES="[]"; fi
+USE_LOCAL=false
+if [ "$SYNKRO_CAPTURE_DEPTH" = "local_only" ] && command -v claude >/dev/null 2>&1; then
+  USE_LOCAL=true
+elif [ "$SYNKRO_INFERENCE_TIER" = "free" ] && command -v claude >/dev/null 2>&1; then
+  USE_LOCAL=true
+fi
+if [ "$USE_LOCAL" = "true" ]; then
+  # \u2500\u2500\u2500 LOCAL GRADING: grade via the persistent claude daemon (Python helper).
+  ORG_RULES="[]"
+  if [ "$SYNKRO_CAPTURE_DEPTH" != "local_only" ]; then
+    ORG_RULES=$(printf '%s' "$PROPOSED" | head -c 8000 \\
+      | jq -Rs '{content: .}' \\
+      | curl -sS "\${GATEWAY_URL}/api/v1/cli/pr-rules?top_k=20" \\
+      -X POST -H "Content-Type: application/json" \\
+      -H "Authorization: Bearer $JWT" \\
+      -d @- --max-time 2 2>/dev/null \\
+      | jq -c '[.rules[]? | {rule_id, text, severity, category, mode}]' 2>/dev/null || echo "[]")
+    if [ -z "$ORG_RULES" ] || [ "$ORG_RULES" = "null" ]; then ORG_RULES="[]"; fi
+  fi
   GRADER_PROMPT_FILE=$(mktemp -t synkro-grade.XXXXXX)
   trap "rm -f \\"$GRADER_PROMPT_FILE\\"" EXIT
@@ -1088,6 +1149,44 @@ else
   echo "$RESP_WITH_MSG"
 fi
+# Fire-and-forget anonymized telemetry for local_only mode
+if [ "$SYNKRO_CAPTURE_DEPTH" = "local_only" ] && [ -n "$DECISION" ]; then
+  LOCAL_VERDICT="allow"
+  LOCAL_SEVERITY="audit"
+  LOCAL_CATEGORY="edit_pass"
+  if [ "$DECISION" = "deny" ]; then
+    LOCAL_VERDICT="warn"
+    LOCAL_SEVERITY="block"
+    LOCAL_CATEGORY="edit_violation"
+  fi
+  (
+    ANON_BODY=$(jq -n \\
+      --arg event_id "$(uuidgen 2>/dev/null || echo "evt_$(date +%s)_$$")" \\
+      --arg timestamp "$(date -u +%Y-%m-%dT%H:%M:%SZ)" \\
+      --arg hook_type "edit" \\
+      --arg verdict "$LOCAL_VERDICT" \\
+      --arg severity "$LOCAL_SEVERITY" \\
+      --arg category "$LOCAL_CATEGORY" \\
+      --arg model "\${CC_MODEL:-claude-sonnet-4-6}" \\
+      --arg tool_name "$TOOL_NAME" \\
+      '{
+        event_id: $event_id,
+        timestamp: $timestamp,
+        hook_type: $hook_type,
+        verdict: $verdict,
+        severity: $severity,
+        category: $category,
+        model: $model,
+        tool_name: $tool_name
+      }')
+    curl -sS -X POST "\${GATEWAY_URL}/api/v1/events/local-verdict" \\
+      -H "Content-Type: application/json" \\
+      -H "Authorization: Bearer $JWT" \\
+      -d "$ANON_BODY" \\
+      --max-time 2 >/dev/null 2>&1
+  ) &
+fi
 exit 0
 `;
     CC_EDIT_CAPTURE_SCRIPT = `#!/bin/bash
@@ -2373,7 +2472,7 @@ async function refreshToken() {
   const creds = loadCredentials();
   if (!creds?.refresh_token) return false;
   try {
-    const response = await fetch(`${SYNKRO_WEB_AUTH_URL}/api/auth/refresh`, {
+    const response = await fetch(`${SYNKRO_API_URL}/api/auth/refresh`, {
       method: "POST",
       headers: { "Content-Type": "application/json" },
       body: JSON.stringify({ refresh_token: creds.refresh_token })
@@ -2382,6 +2481,7 @@ async function refreshToken() {
     const data = await response.json();
     if (data.access_token) {
       saveCredentials({
+        ...creds,
         access_token: data.access_token,
         refresh_token: data.refresh_token || creds.refresh_token
       });
@@ -2413,7 +2513,7 @@ function clearCredentials() {
     unlinkSync2(AUTH_FILE);
   }
 }
-var PORT, RAW_WEB_AUTH_URL, SYNKRO_WEB_AUTH_URL, AUTH_FILE, ERROR_HTML, refreshPromise;
+var PORT, RAW_WEB_AUTH_URL, SYNKRO_WEB_AUTH_URL, AUTH_FILE, RAW_API_URL, SYNKRO_API_URL, ERROR_HTML, refreshPromise;
 var init_stub = __esm({
   "cli/auth/stub.ts"() {
     "use strict";
@@ -2421,6 +2521,8 @@ var init_stub = __esm({
     RAW_WEB_AUTH_URL = process.env.SYNKRO_WEB_AUTH_URL;
     SYNKRO_WEB_AUTH_URL = RAW_WEB_AUTH_URL && /^https?:\/\//.test(RAW_WEB_AUTH_URL) ? RAW_WEB_AUTH_URL : "https://app.synkro.sh";
     AUTH_FILE = process.env.SYNKRO_AUTH_FILE || join3(homedir3(), ".synkro", "credentials.json");
+    RAW_API_URL = process.env.SYNKRO_CRUD_URL || process.env.SYNKRO_API_URL;
+    SYNKRO_API_URL = RAW_API_URL && /^https?:\/\//.test(RAW_API_URL) ? RAW_API_URL : "https://api.synkro.sh";
     ERROR_HTML = `
 <!DOCTYPE html>
 <html>
@@ -3368,7 +3470,7 @@ function writeConfigEnv(opts) {
     `SYNKRO_CREDENTIALS_PATH=${shellQuoteSingle(credsPath)}`,
     `SYNKRO_TIER=${shellQuoteSingle(safeTier)}`,
     `SYNKRO_INFERENCE=${shellQuoteSingle(safeInference)}`,
-    `SYNKRO_VERSION=${shellQuoteSingle("1.3.27")}`
+    `SYNKRO_VERSION=${shellQuoteSingle("1.3.29")}`
   ];
   if (safeUserId) lines.push(`SYNKRO_USER_ID=${shellQuoteSingle(safeUserId)}`);
   if (safeOrgId) lines.push(`SYNKRO_ORG_ID=${shellQuoteSingle(safeOrgId)}`);
@@ -4035,6 +4137,7 @@ async function statusCommand() {
   const gatewayUrl = (config.SYNKRO_GATEWAY_URL || "https://api.synkro.sh").replace(/^['"]|['"]$/g, "");
   let serverTier = config.SYNKRO_TIER || "(unset)";
   let serverInference = config.SYNKRO_INFERENCE || "fast";
+  await ensureValidToken();
   const token = getAccessToken();
   if (token) {
     try {