@synkro-sh/cli 1.3.29 → 1.3.31

package/dist/bootstrap.js

@@ -602,9 +602,34 @@ fi
 if [ "$USE_LOCAL" = "true" ]; then
   # \u2500\u2500\u2500 FREE TIER: grade via the persistent claude daemon (mode=bash). \u2500\u2500\u2500
 
-  # Fetch org guardrail rules relevant to this command (skip in local_only \u2014 no content leaves device).
+  # Refresh primer if older than 24h (server-side IP, fetched on demand).
+  PRIMER_FILE="$HOME/.synkro/grader-primer-bash.txt"
+  if [ ! -f "$PRIMER_FILE" ] || ! find "$PRIMER_FILE" -mmin -1440 2>/dev/null | grep -q .; then
+    NEW_PRIMER=$(curl -sS "\${GATEWAY_URL}/api/v1/cli/judge-prompts" \\
+      -H "Authorization: Bearer $JWT" --max-time 3 2>/dev/null \\
+      | jq -r '.grader_primer_bash // empty' 2>/dev/null || echo "")
+    if [ -n "$NEW_PRIMER" ]; then
+      printf '%s' "$NEW_PRIMER" > "$PRIMER_FILE" 2>/dev/null || true
+      # Kill the daemon so it restarts with the fresh primer.
+      DAEMON_PID_FILE="$HOME/.synkro/daemon/bash/daemon.pid"
+      [ -f "$DAEMON_PID_FILE" ] && kill -TERM "$(cat "$DAEMON_PID_FILE" 2>/dev/null)" 2>/dev/null || true
+    fi
+  fi
+
+  # Fetch org guardrail rules. In local_only mode use GET (no command leaks);
+  # in other modes use POST with content for embedding-based top_k matching.
+  RULES_CACHE="$HOME/.synkro/.rules-cache-bash"
   ORG_RULES="[]"
-  if [ "$SYNKRO_CAPTURE_DEPTH" != "local_only" ]; then
+  if [ "$SYNKRO_CAPTURE_DEPTH" = "local_only" ]; then
+    if find "$RULES_CACHE" -mmin -60 2>/dev/null | grep -q .; then
+      ORG_RULES=$(cat "$RULES_CACHE" 2>/dev/null || echo "[]")
+    else
+      ORG_RULES=$(curl -sS "\${GATEWAY_URL}/api/v1/cli/pr-rules" \\
+        -H "Authorization: Bearer $JWT" --max-time 2 2>/dev/null \\
+        | jq -c '[.rules[]? | {rule_id, text, severity, category}]' 2>/dev/null || echo "[]")
+      [ -n "$ORG_RULES" ] && [ "$ORG_RULES" != "null" ] && printf '%s' "$ORG_RULES" > "$RULES_CACHE" 2>/dev/null || true
+    fi
+  else
     ORG_RULES=$(printf '%s' "$COMMAND" | head -c 4000 \\
       | jq -Rs '{content: .}' \\
       | curl -sS "\${GATEWAY_URL}/api/v1/cli/pr-rules?top_k=15" \\
@@ -612,8 +637,8 @@ if [ "$USE_LOCAL" = "true" ]; then
       -H "Authorization: Bearer $JWT" \\
       -d @- --max-time 2 2>/dev/null \\
       | jq -c '[.rules[]? | {rule_id, text, severity, category}]' 2>/dev/null || echo "[]")
-    if [ -z "$ORG_RULES" ] || [ "$ORG_RULES" = "null" ]; then ORG_RULES="[]"; fi
   fi
+  if [ -z "$ORG_RULES" ] || [ "$ORG_RULES" = "null" ]; then ORG_RULES="[]"; fi
 
   GRADER_PROMPT_FILE=$(mktemp -t synkro-bash-prompt.XXXXXX)
   trap "rm -f \\"$GRADER_PROMPT_FILE\\"" EXIT
@@ -670,6 +695,20 @@ VERDICT_KIND=$(echo "$VERDICT" | jq -r '.verdict // "warn"' 2>/dev/null)
 REASONING=$(echo "$VERDICT" | jq -r '.reasoning // "matched dangerous-verb regex"' 2>/dev/null)
 ALTERNATIVE=$(echo "$VERDICT" | jq -r '.alternative // ""' 2>/dev/null)
 CATEGORY=$(echo "$VERDICT" | jq -r '.category // "destructive_command"' 2>/dev/null)
+RISK_LEVEL=$(echo "$VERDICT" | jq -r '.risk_level // empty' 2>/dev/null)
+
+# Backwards-compat: if severity isn't block/audit, derive it from verdict_kind
+# and treat the original severity as the risk_level.
+case "$SEVERITY" in
+  block|audit) ;;
+  low|medium|high|critical)
+    [ -z "$RISK_LEVEL" ] && RISK_LEVEL="$SEVERITY"
+    if [ "$VERDICT_KIND" = "allow" ]; then SEVERITY="audit"; else SEVERITY="block"; fi
+    ;;
+  *)
+    if [ "$VERDICT_KIND" = "allow" ]; then SEVERITY="audit"; else SEVERITY="block"; fi
+    ;;
+esac
 
 # Severity-driven surfacing:
 #   block \u2192 permissionDecision: "ask" (interactive) or "deny" (headless)
@@ -735,6 +774,7 @@ if [ "$SYNKRO_CAPTURE_DEPTH" = "local_only" ] && [ -n "$VERDICT_KIND" ]; then
       --arg hook_type "bash" \\
       --arg verdict "$VERDICT_KIND" \\
       --arg severity "$SEVERITY" \\
+      --arg risk_level "\${RISK_LEVEL:-low}" \\
       --arg category "$CATEGORY" \\
       --arg model "\${CC_MODEL:-claude-sonnet-4-6}" \\
       --arg tool_name "$TOOL_NAME" \\
@@ -744,6 +784,7 @@ if [ "$SYNKRO_CAPTURE_DEPTH" = "local_only" ] && [ -n "$VERDICT_KIND" ]; then
         hook_type: $hook_type,
         verdict: $verdict,
         severity: $severity,
+        risk_level: $risk_level,
         category: $category,
         model: $model,
         tool_name: $tool_name
@@ -1013,8 +1054,31 @@ fi
 
 if [ "$USE_LOCAL" = "true" ]; then
   # \u2500\u2500\u2500 LOCAL GRADING: grade via the persistent claude daemon (Python helper).
+
+  # Refresh primer if older than 24h (server-side IP, fetched on demand).
+  PRIMER_FILE="$HOME/.synkro/grader-primer-edit.txt"
+  if [ ! -f "$PRIMER_FILE" ] || ! find "$PRIMER_FILE" -mmin -1440 2>/dev/null | grep -q .; then
+    NEW_PRIMER=$(curl -sS "\${GATEWAY_URL}/api/v1/cli/judge-prompts" \\
+      -H "Authorization: Bearer $JWT" --max-time 3 2>/dev/null \\
+      | jq -r '.grader_primer_edit // empty' 2>/dev/null || echo "")
+    if [ -n "$NEW_PRIMER" ]; then
+      printf '%s' "$NEW_PRIMER" > "$PRIMER_FILE" 2>/dev/null || true
+      DAEMON_PID_FILE="$HOME/.synkro/daemon/edit/daemon.pid"
+      [ -f "$DAEMON_PID_FILE" ] && kill -TERM "$(cat "$DAEMON_PID_FILE" 2>/dev/null)" 2>/dev/null || true
+    fi
+  fi
+  RULES_CACHE="$HOME/.synkro/.rules-cache-edit"
   ORG_RULES="[]"
-  if [ "$SYNKRO_CAPTURE_DEPTH" != "local_only" ]; then
+  if [ "$SYNKRO_CAPTURE_DEPTH" = "local_only" ]; then
+    if find "$RULES_CACHE" -mmin -60 2>/dev/null | grep -q .; then
+      ORG_RULES=$(cat "$RULES_CACHE" 2>/dev/null || echo "[]")
+    else
+      ORG_RULES=$(curl -sS "\${GATEWAY_URL}/api/v1/cli/pr-rules" \\
+        -H "Authorization: Bearer $JWT" --max-time 2 2>/dev/null \\
+        | jq -c '[.rules[]? | {rule_id, text, severity, category, mode}]' 2>/dev/null || echo "[]")
+      [ -n "$ORG_RULES" ] && [ "$ORG_RULES" != "null" ] && printf '%s' "$ORG_RULES" > "$RULES_CACHE" 2>/dev/null || true
+    fi
+  else
     ORG_RULES=$(printf '%s' "$PROPOSED" | head -c 8000 \\
       | jq -Rs '{content: .}' \\
       | curl -sS "\${GATEWAY_URL}/api/v1/cli/pr-rules?top_k=20" \\
@@ -1022,8 +1086,8 @@ if [ "$USE_LOCAL" = "true" ]; then
       -H "Authorization: Bearer $JWT" \\
       -d @- --max-time 2 2>/dev/null \\
       | jq -c '[.rules[]? | {rule_id, text, severity, category, mode}]' 2>/dev/null || echo "[]")
-    if [ -z "$ORG_RULES" ] || [ "$ORG_RULES" = "null" ]; then ORG_RULES="[]"; fi
   fi
+  if [ -z "$ORG_RULES" ] || [ "$ORG_RULES" = "null" ]; then ORG_RULES="[]"; fi
 
   GRADER_PROMPT_FILE=$(mktemp -t synkro-grade.XXXXXX)
   trap "rm -f \\"$GRADER_PROMPT_FILE\\"" EXIT
@@ -2199,7 +2263,12 @@ OUTPUT RULES \u2014 strictest possible, no exceptions:
 
 1. NO reasoning. NO preamble. NO commentary.
 2. Your reply is exactly one <synkro-verdict>JSON</synkro-verdict> block. Nothing else.
-3. JSON shape: {"verdict": "warn"|"allow", "severity": "low|medium|high|critical", "category": "snake_case", "reasoning": "<= 25 words, cites intent + match/mismatch", "alternative": "safer command or null"}
+3. JSON shape: {"verdict": "warn"|"allow", "severity": "block"|"audit", "risk_level": "low"|"medium"|"high"|"critical", "category": "snake_case", "reasoning": "<= 25 words, cites intent + match/mismatch", "alternative": "safer command or null"}
+
+SEVERITY MAPPING (strict):
+- verdict="warn" \u2192 severity="block"
+- verdict="allow" \u2192 severity="audit"
+risk_level always reflects the underlying danger level (low/medium/high/critical), independent of the routing decision.
 
 Rules:
 - WARN if destructive/irreversible AND not aligned with user intent, OR has wildly disproportionate blast radius vs the request.
@@ -3407,12 +3476,27 @@ function ensureSynkroDir() {
   mkdirSync5(BIN_DIR, { recursive: true });
   mkdirSync5(OFFSETS_DIR, { recursive: true });
 }
-function writeGraderDaemon() {
+async function fetchGraderPrimers(gatewayUrl, token) {
+  try {
+    const resp = await fetch(`${gatewayUrl}/api/v1/cli/judge-prompts`, {
+      headers: { "Authorization": `Bearer ${token}` }
+    });
+    if (!resp.ok) throw new Error(`status ${resp.status}`);
+    const data = await resp.json();
+    if (!data.grader_primer_bash || !data.grader_primer_edit) throw new Error("missing primer fields");
+    return { bash: data.grader_primer_bash, edit: data.grader_primer_edit };
+  } catch (err) {
+    console.warn(`[synkro] primer fetch failed (${err.message}); using bundled fallback`);
+    return { bash: GRADER_PRIMER_BASH, edit: GRADER_PRIMER_EDIT };
+  }
+}
+async function writeGraderDaemon(gatewayUrl, token) {
   writeFileSync5(GRADER_DAEMON_PATH, GRADER_DAEMON_PY, "utf-8");
   chmodSync(GRADER_DAEMON_PATH, 493);
-  writeFileSync5(GRADER_PRIMER_EDIT_PATH, GRADER_PRIMER_EDIT, "utf-8");
+  const primers = await fetchGraderPrimers(gatewayUrl, token);
+  writeFileSync5(GRADER_PRIMER_EDIT_PATH, primers.edit, "utf-8");
   chmodSync(GRADER_PRIMER_EDIT_PATH, 420);
-  writeFileSync5(GRADER_PRIMER_BASH_PATH, GRADER_PRIMER_BASH, "utf-8");
+  writeFileSync5(GRADER_PRIMER_BASH_PATH, primers.bash, "utf-8");
   chmodSync(GRADER_PRIMER_BASH_PATH, 420);
 }
 function writeHookScripts() {
@@ -3470,7 +3554,7 @@ function writeConfigEnv(opts) {
     `SYNKRO_CREDENTIALS_PATH=${shellQuoteSingle(credsPath)}`,
     `SYNKRO_TIER=${shellQuoteSingle(safeTier)}`,
     `SYNKRO_INFERENCE=${shellQuoteSingle(safeInference)}`,
-    `SYNKRO_VERSION=${shellQuoteSingle("1.3.29")}`
+    `SYNKRO_VERSION=${shellQuoteSingle("1.3.31")}`
   ];
   if (safeUserId) lines.push(`SYNKRO_USER_ID=${shellQuoteSingle(safeUserId)}`);
   if (safeOrgId) lines.push(`SYNKRO_ORG_ID=${shellQuoteSingle(safeOrgId)}`);
@@ -3698,7 +3782,7 @@ async function installCommand(opts = {}) {
   console.log(`  ${scripts.sessionStartScript}`);
   console.log(`  ${scripts.transcriptSyncScript}
 `);
-  writeGraderDaemon();
+  await writeGraderDaemon(gatewayUrl, token);
   for (const mode of ["edit", "bash"]) {
     const pidFile = join6(SYNKRO_DIR2, "daemon", mode, "daemon.pid");
     try {