@synkro-sh/cli 1.3.42 → 1.3.43
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/bootstrap.js +80 -4
- package/dist/bootstrap.js.map +1 -1
- package/package.json +1 -1
package/dist/bootstrap.js
CHANGED
|
@@ -793,6 +793,26 @@ esac
|
|
|
793
793
|
# Fire-and-forget anonymized telemetry for local_only mode
|
|
794
794
|
if [ "$SYNKRO_CAPTURE_DEPTH" = "local_only" ] && [ -n "$VERDICT_KIND" ]; then
|
|
795
795
|
(
|
|
796
|
+
MECH_CAT=""
|
|
797
|
+
BIZ_CAT=""
|
|
798
|
+
# For violations, run OWASP classification on user's machine
|
|
799
|
+
if [ "$VERDICT_KIND" = "warn" ]; then
|
|
800
|
+
CLASS_CACHE="$HOME/.synkro/.classification-prompt"
|
|
801
|
+
CLASS_PROMPT=""
|
|
802
|
+
if [ -f "$CLASS_CACHE" ] && find "$CLASS_CACHE" -mmin -1440 2>/dev/null | grep -q .; then
|
|
803
|
+
CLASS_PROMPT=$(cat "$CLASS_CACHE" 2>/dev/null)
|
|
804
|
+
else
|
|
805
|
+
CLASS_PROMPT=$(curl -sS "\${GATEWAY_URL}/api/v1/cli/judge-prompts" \\
|
|
806
|
+
-H "Authorization: Bearer $JWT" --max-time 3 2>/dev/null | jq -r '.classification_prompt // empty')
|
|
807
|
+
[ -n "$CLASS_PROMPT" ] && echo "$CLASS_PROMPT" > "$CLASS_CACHE"
|
|
808
|
+
fi
|
|
809
|
+
if [ -n "$CLASS_PROMPT" ]; then
|
|
810
|
+
CLASS_INPUT=$(printf '%s\\n\\nViolation context:\\n- Tool: %s\\n- Category: %s\\n- Severity: %s\\n- Hook type: bash command judge' "$CLASS_PROMPT" "$TOOL_NAME" "$CATEGORY" "$SEVERITY")
|
|
811
|
+
CLASS_RESP=$(echo "$CLASS_INPUT" | claude --print --model claude-sonnet-4-6 --no-session-persistence 2>/dev/null || echo "")
|
|
812
|
+
MECH_CAT=$(echo "$CLASS_RESP" | jq -r '.mechanism_category // empty' 2>/dev/null)
|
|
813
|
+
BIZ_CAT=$(echo "$CLASS_RESP" | jq -r '.business_category // empty' 2>/dev/null)
|
|
814
|
+
fi
|
|
815
|
+
fi
|
|
796
816
|
ANON_BODY=$(jq -n \\
|
|
797
817
|
--arg event_id "$(uuidgen 2>/dev/null || echo "evt_$(date +%s)_$$")" \\
|
|
798
818
|
--arg timestamp "$(date -u +%Y-%m-%dT%H:%M:%SZ)" \\
|
|
@@ -804,6 +824,9 @@ if [ "$SYNKRO_CAPTURE_DEPTH" = "local_only" ] && [ -n "$VERDICT_KIND" ]; then
|
|
|
804
824
|
--arg model "\${CC_MODEL:-claude-sonnet-4-6}" \\
|
|
805
825
|
--arg tool_name "$TOOL_NAME" \\
|
|
806
826
|
--arg repo "\${GIT_REPO:-}" \\
|
|
827
|
+
--arg session_id "$SESSION_ID" \\
|
|
828
|
+
--arg mech_cat "$MECH_CAT" \\
|
|
829
|
+
--arg biz_cat "$BIZ_CAT" \\
|
|
807
830
|
'{
|
|
808
831
|
event_id: $event_id,
|
|
809
832
|
timestamp: $timestamp,
|
|
@@ -814,7 +837,10 @@ if [ "$SYNKRO_CAPTURE_DEPTH" = "local_only" ] && [ -n "$VERDICT_KIND" ]; then
|
|
|
814
837
|
category: $category,
|
|
815
838
|
model: $model,
|
|
816
839
|
tool_name: $tool_name
|
|
817
|
-
} + (if $repo != "" then {repo: $repo} else {} end)
|
|
840
|
+
} + (if $repo != "" then {repo: $repo} else {} end)
|
|
841
|
+
+ (if $session_id != "" then {session_id: $session_id} else {} end)
|
|
842
|
+
+ (if $mech_cat != "" then {mechanism_category: $mech_cat} else {} end)
|
|
843
|
+
+ (if $biz_cat != "" then {business_category: $biz_cat} else {} end)')
|
|
818
844
|
curl -sS -X POST "\${GATEWAY_URL}/api/v1/events/local-verdict" \\
|
|
819
845
|
-H "Content-Type: application/json" \\
|
|
820
846
|
-H "Authorization: Bearer $JWT" \\
|
|
@@ -1279,6 +1305,25 @@ if [ "$SYNKRO_CAPTURE_DEPTH" = "local_only" ] && [ -n "$DECISION" ]; then
|
|
|
1279
1305
|
LOCAL_CATEGORY="edit_violation"
|
|
1280
1306
|
fi
|
|
1281
1307
|
(
|
|
1308
|
+
MECH_CAT=""
|
|
1309
|
+
BIZ_CAT=""
|
|
1310
|
+
if [ "$LOCAL_VERDICT" = "warn" ]; then
|
|
1311
|
+
CLASS_CACHE="$HOME/.synkro/.classification-prompt"
|
|
1312
|
+
CLASS_PROMPT=""
|
|
1313
|
+
if [ -f "$CLASS_CACHE" ] && find "$CLASS_CACHE" -mmin -1440 2>/dev/null | grep -q .; then
|
|
1314
|
+
CLASS_PROMPT=$(cat "$CLASS_CACHE" 2>/dev/null)
|
|
1315
|
+
else
|
|
1316
|
+
CLASS_PROMPT=$(curl -sS "\${GATEWAY_URL}/api/v1/cli/judge-prompts" \\
|
|
1317
|
+
-H "Authorization: Bearer $JWT" --max-time 3 2>/dev/null | jq -r '.classification_prompt // empty')
|
|
1318
|
+
[ -n "$CLASS_PROMPT" ] && echo "$CLASS_PROMPT" > "$CLASS_CACHE"
|
|
1319
|
+
fi
|
|
1320
|
+
if [ -n "$CLASS_PROMPT" ]; then
|
|
1321
|
+
CLASS_INPUT=$(printf '%s\\n\\nViolation context:\\n- Tool: %s\\n- Category: %s\\n- Severity: %s\\n- Hook type: edit pre-check judge' "$CLASS_PROMPT" "$TOOL_NAME" "$LOCAL_CATEGORY" "$LOCAL_SEVERITY")
|
|
1322
|
+
CLASS_RESP=$(echo "$CLASS_INPUT" | claude --print --model claude-sonnet-4-6 --no-session-persistence 2>/dev/null || echo "")
|
|
1323
|
+
MECH_CAT=$(echo "$CLASS_RESP" | jq -r '.mechanism_category // empty' 2>/dev/null)
|
|
1324
|
+
BIZ_CAT=$(echo "$CLASS_RESP" | jq -r '.business_category // empty' 2>/dev/null)
|
|
1325
|
+
fi
|
|
1326
|
+
fi
|
|
1282
1327
|
ANON_BODY=$(jq -n \\
|
|
1283
1328
|
--arg event_id "$(uuidgen 2>/dev/null || echo "evt_$(date +%s)_$$")" \\
|
|
1284
1329
|
--arg timestamp "$(date -u +%Y-%m-%dT%H:%M:%SZ)" \\
|
|
@@ -1289,6 +1334,9 @@ if [ "$SYNKRO_CAPTURE_DEPTH" = "local_only" ] && [ -n "$DECISION" ]; then
|
|
|
1289
1334
|
--arg model "\${CC_MODEL:-claude-sonnet-4-6}" \\
|
|
1290
1335
|
--arg tool_name "$TOOL_NAME" \\
|
|
1291
1336
|
--arg repo "\${GIT_REPO:-}" \\
|
|
1337
|
+
--arg session_id "$SESSION_ID" \\
|
|
1338
|
+
--arg mech_cat "$MECH_CAT" \\
|
|
1339
|
+
--arg biz_cat "$BIZ_CAT" \\
|
|
1292
1340
|
'{
|
|
1293
1341
|
event_id: $event_id,
|
|
1294
1342
|
timestamp: $timestamp,
|
|
@@ -1298,7 +1346,10 @@ if [ "$SYNKRO_CAPTURE_DEPTH" = "local_only" ] && [ -n "$DECISION" ]; then
|
|
|
1298
1346
|
category: $category,
|
|
1299
1347
|
model: $model,
|
|
1300
1348
|
tool_name: $tool_name
|
|
1301
|
-
} + (if $repo != "" then {repo: $repo} else {} end)
|
|
1349
|
+
} + (if $repo != "" then {repo: $repo} else {} end)
|
|
1350
|
+
+ (if $session_id != "" then {session_id: $session_id} else {} end)
|
|
1351
|
+
+ (if $mech_cat != "" then {mechanism_category: $mech_cat} else {} end)
|
|
1352
|
+
+ (if $biz_cat != "" then {business_category: $biz_cat} else {} end)')
|
|
1302
1353
|
curl -sS -X POST "\${GATEWAY_URL}/api/v1/events/local-verdict" \\
|
|
1303
1354
|
-H "Content-Type: application/json" \\
|
|
1304
1355
|
-H "Authorization: Bearer $JWT" \\
|
|
@@ -1597,6 +1648,25 @@ if [ "$SYNKRO_CAPTURE_DEPTH" = "local_only" ]; then
|
|
|
1597
1648
|
LOCAL_VERDICT="allow"; LOCAL_SEVERITY="audit"; LOCAL_RISK="low"
|
|
1598
1649
|
fi
|
|
1599
1650
|
(
|
|
1651
|
+
MECH_CAT=""
|
|
1652
|
+
BIZ_CAT=""
|
|
1653
|
+
if [ "$LOCAL_VERDICT" = "warn" ]; then
|
|
1654
|
+
CLASS_CACHE="$HOME/.synkro/.classification-prompt"
|
|
1655
|
+
CLASS_PROMPT=""
|
|
1656
|
+
if [ -f "$CLASS_CACHE" ] && find "$CLASS_CACHE" -mmin -1440 2>/dev/null | grep -q .; then
|
|
1657
|
+
CLASS_PROMPT=$(cat "$CLASS_CACHE" 2>/dev/null)
|
|
1658
|
+
else
|
|
1659
|
+
CLASS_PROMPT=$(curl -sS "\${GATEWAY_URL}/api/v1/cli/judge-prompts" \\
|
|
1660
|
+
-H "Authorization: Bearer $JWT" --max-time 3 2>/dev/null | jq -r '.classification_prompt // empty')
|
|
1661
|
+
[ -n "$CLASS_PROMPT" ] && echo "$CLASS_PROMPT" > "$CLASS_CACHE"
|
|
1662
|
+
fi
|
|
1663
|
+
if [ -n "$CLASS_PROMPT" ]; then
|
|
1664
|
+
CLASS_INPUT=$(printf '%s\\n\\nViolation context:\\n- Tool: %s\\n- Category: %s\\n- Severity: %s\\n- Hook type: post-edit capture grader' "$CLASS_PROMPT" "$TOOL_NAME" "$CATEGORY" "$LOCAL_SEVERITY")
|
|
1665
|
+
CLASS_RESP=$(echo "$CLASS_INPUT" | claude --print --model claude-sonnet-4-6 --no-session-persistence 2>/dev/null || echo "")
|
|
1666
|
+
MECH_CAT=$(echo "$CLASS_RESP" | jq -r '.mechanism_category // empty' 2>/dev/null)
|
|
1667
|
+
BIZ_CAT=$(echo "$CLASS_RESP" | jq -r '.business_category // empty' 2>/dev/null)
|
|
1668
|
+
fi
|
|
1669
|
+
fi
|
|
1600
1670
|
ANON_BODY=$(jq -n \\
|
|
1601
1671
|
--arg event_id "$(uuidgen 2>/dev/null || echo "evt_$(date +%s)_$$")" \\
|
|
1602
1672
|
--arg timestamp "$(date -u +%Y-%m-%dT%H:%M:%SZ)" \\
|
|
@@ -1608,11 +1678,17 @@ if [ "$SYNKRO_CAPTURE_DEPTH" = "local_only" ]; then
|
|
|
1608
1678
|
--arg model "\${CC_MODEL:-claude-sonnet-4-6}" \\
|
|
1609
1679
|
--arg tool_name "$TOOL_NAME" \\
|
|
1610
1680
|
--arg repo "\${GIT_REPO:-}" \\
|
|
1681
|
+
--arg session_id "$SESSION_ID" \\
|
|
1682
|
+
--arg mech_cat "$MECH_CAT" \\
|
|
1683
|
+
--arg biz_cat "$BIZ_CAT" \\
|
|
1611
1684
|
'{
|
|
1612
1685
|
event_id: $event_id, timestamp: $timestamp, hook_type: $hook_type,
|
|
1613
1686
|
verdict: $verdict, severity: $severity, risk_level: $risk_level,
|
|
1614
1687
|
category: $category, model: $model, tool_name: $tool_name
|
|
1615
|
-
} + (if $repo != "" then {repo: $repo} else {} end)
|
|
1688
|
+
} + (if $repo != "" then {repo: $repo} else {} end)
|
|
1689
|
+
+ (if $session_id != "" then {session_id: $session_id} else {} end)
|
|
1690
|
+
+ (if $mech_cat != "" then {mechanism_category: $mech_cat} else {} end)
|
|
1691
|
+
+ (if $biz_cat != "" then {business_category: $biz_cat} else {} end)')
|
|
1616
1692
|
curl -sS -X POST "\${GATEWAY_URL}/api/v1/events/local-verdict" \\
|
|
1617
1693
|
-H "Content-Type: application/json" \\
|
|
1618
1694
|
-H "Authorization: Bearer $JWT" \\
|
|
@@ -3783,7 +3859,7 @@ function writeConfigEnv(opts) {
|
|
|
3783
3859
|
`SYNKRO_CREDENTIALS_PATH=${shellQuoteSingle(credsPath)}`,
|
|
3784
3860
|
`SYNKRO_TIER=${shellQuoteSingle(safeTier)}`,
|
|
3785
3861
|
`SYNKRO_INFERENCE=${shellQuoteSingle(safeInference)}`,
|
|
3786
|
-
`SYNKRO_VERSION=${shellQuoteSingle("1.3.
|
|
3862
|
+
`SYNKRO_VERSION=${shellQuoteSingle("1.3.43")}`
|
|
3787
3863
|
];
|
|
3788
3864
|
if (safeUserId) lines.push(`SYNKRO_USER_ID=${shellQuoteSingle(safeUserId)}`);
|
|
3789
3865
|
if (safeOrgId) lines.push(`SYNKRO_ORG_ID=${shellQuoteSingle(safeOrgId)}`);
|