@synkro-sh/cli 1.3.42 → 1.3.44

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/dist/bootstrap.js +80 -4
  2. package/dist/bootstrap.js.map +1 -1
  3. package/package.json +1 -1
package/dist/bootstrap.js CHANGED
@@ -793,6 +793,26 @@ esac
793
793
  # Fire-and-forget anonymized telemetry for local_only mode
794
794
  if [ "$SYNKRO_CAPTURE_DEPTH" = "local_only" ] && [ -n "$VERDICT_KIND" ]; then
795
795
  (
796
+ MECH_CAT=""
797
+ BIZ_CAT=""
798
+ # For violations, run OWASP classification on user's machine
799
+ if [ "$VERDICT_KIND" = "warn" ]; then
800
+ CLASS_CACHE="$HOME/.synkro/.classification-prompt"
801
+ CLASS_PROMPT=""
802
+ if [ -f "$CLASS_CACHE" ] && find "$CLASS_CACHE" -mmin -1440 2>/dev/null | grep -q .; then
803
+ CLASS_PROMPT=$(cat "$CLASS_CACHE" 2>/dev/null)
804
+ else
805
+ CLASS_PROMPT=$(curl -sS "\${GATEWAY_URL}/api/v1/cli/judge-prompts" \\
806
+ -H "Authorization: Bearer $JWT" --max-time 3 2>/dev/null | jq -r '.classification_prompt // empty')
807
+ [ -n "$CLASS_PROMPT" ] && echo "$CLASS_PROMPT" > "$CLASS_CACHE"
808
+ fi
809
+ if [ -n "$CLASS_PROMPT" ]; then
810
+ CLASS_INPUT=$(printf '%s\\n\\nViolation context:\\n- Tool: %s\\n- Category: %s\\n- Severity: %s\\n- Hook type: bash command judge' "$CLASS_PROMPT" "$TOOL_NAME" "$CATEGORY" "$SEVERITY")
811
+ CLASS_RESP=$(echo "$CLASS_INPUT" | claude --print --model claude-sonnet-4-6 --no-session-persistence 2>/dev/null || echo "")
812
+ MECH_CAT=$(echo "$CLASS_RESP" | grep -oE '<mechanism>[^<]+</mechanism>' | sed 's/<[^>]*>//g')
813
+ BIZ_CAT=$(echo "$CLASS_RESP" | grep -oE '<business>[^<]+</business>' | sed 's/<[^>]*>//g')
814
+ fi
815
+ fi
796
816
  ANON_BODY=$(jq -n \\
797
817
  --arg event_id "$(uuidgen 2>/dev/null || echo "evt_$(date +%s)_$$")" \\
798
818
  --arg timestamp "$(date -u +%Y-%m-%dT%H:%M:%SZ)" \\
@@ -804,6 +824,9 @@ if [ "$SYNKRO_CAPTURE_DEPTH" = "local_only" ] && [ -n "$VERDICT_KIND" ]; then
804
824
  --arg model "\${CC_MODEL:-claude-sonnet-4-6}" \\
805
825
  --arg tool_name "$TOOL_NAME" \\
806
826
  --arg repo "\${GIT_REPO:-}" \\
827
+ --arg session_id "$SESSION_ID" \\
828
+ --arg mech_cat "$MECH_CAT" \\
829
+ --arg biz_cat "$BIZ_CAT" \\
807
830
  '{
808
831
  event_id: $event_id,
809
832
  timestamp: $timestamp,
@@ -814,7 +837,10 @@ if [ "$SYNKRO_CAPTURE_DEPTH" = "local_only" ] && [ -n "$VERDICT_KIND" ]; then
814
837
  category: $category,
815
838
  model: $model,
816
839
  tool_name: $tool_name
817
- } + (if $repo != "" then {repo: $repo} else {} end)')
840
+ } + (if $repo != "" then {repo: $repo} else {} end)
841
+ + (if $session_id != "" then {session_id: $session_id} else {} end)
842
+ + (if $mech_cat != "" then {mechanism_category: $mech_cat} else {} end)
843
+ + (if $biz_cat != "" then {business_category: $biz_cat} else {} end)')
818
844
  curl -sS -X POST "\${GATEWAY_URL}/api/v1/events/local-verdict" \\
819
845
  -H "Content-Type: application/json" \\
820
846
  -H "Authorization: Bearer $JWT" \\
@@ -1279,6 +1305,25 @@ if [ "$SYNKRO_CAPTURE_DEPTH" = "local_only" ] && [ -n "$DECISION" ]; then
1279
1305
  LOCAL_CATEGORY="edit_violation"
1280
1306
  fi
1281
1307
  (
1308
+ MECH_CAT=""
1309
+ BIZ_CAT=""
1310
+ if [ "$LOCAL_VERDICT" = "warn" ]; then
1311
+ CLASS_CACHE="$HOME/.synkro/.classification-prompt"
1312
+ CLASS_PROMPT=""
1313
+ if [ -f "$CLASS_CACHE" ] && find "$CLASS_CACHE" -mmin -1440 2>/dev/null | grep -q .; then
1314
+ CLASS_PROMPT=$(cat "$CLASS_CACHE" 2>/dev/null)
1315
+ else
1316
+ CLASS_PROMPT=$(curl -sS "\${GATEWAY_URL}/api/v1/cli/judge-prompts" \\
1317
+ -H "Authorization: Bearer $JWT" --max-time 3 2>/dev/null | jq -r '.classification_prompt // empty')
1318
+ [ -n "$CLASS_PROMPT" ] && echo "$CLASS_PROMPT" > "$CLASS_CACHE"
1319
+ fi
1320
+ if [ -n "$CLASS_PROMPT" ]; then
1321
+ CLASS_INPUT=$(printf '%s\\n\\nViolation context:\\n- Tool: %s\\n- Category: %s\\n- Severity: %s\\n- Hook type: edit pre-check judge' "$CLASS_PROMPT" "$TOOL_NAME" "$LOCAL_CATEGORY" "$LOCAL_SEVERITY")
1322
+ CLASS_RESP=$(echo "$CLASS_INPUT" | claude --print --model claude-sonnet-4-6 --no-session-persistence 2>/dev/null || echo "")
1323
+ MECH_CAT=$(echo "$CLASS_RESP" | grep -oE '<mechanism>[^<]+</mechanism>' | sed 's/<[^>]*>//g')
1324
+ BIZ_CAT=$(echo "$CLASS_RESP" | grep -oE '<business>[^<]+</business>' | sed 's/<[^>]*>//g')
1325
+ fi
1326
+ fi
1282
1327
  ANON_BODY=$(jq -n \\
1283
1328
  --arg event_id "$(uuidgen 2>/dev/null || echo "evt_$(date +%s)_$$")" \\
1284
1329
  --arg timestamp "$(date -u +%Y-%m-%dT%H:%M:%SZ)" \\
@@ -1289,6 +1334,9 @@ if [ "$SYNKRO_CAPTURE_DEPTH" = "local_only" ] && [ -n "$DECISION" ]; then
1289
1334
  --arg model "\${CC_MODEL:-claude-sonnet-4-6}" \\
1290
1335
  --arg tool_name "$TOOL_NAME" \\
1291
1336
  --arg repo "\${GIT_REPO:-}" \\
1337
+ --arg session_id "$SESSION_ID" \\
1338
+ --arg mech_cat "$MECH_CAT" \\
1339
+ --arg biz_cat "$BIZ_CAT" \\
1292
1340
  '{
1293
1341
  event_id: $event_id,
1294
1342
  timestamp: $timestamp,
@@ -1298,7 +1346,10 @@ if [ "$SYNKRO_CAPTURE_DEPTH" = "local_only" ] && [ -n "$DECISION" ]; then
1298
1346
  category: $category,
1299
1347
  model: $model,
1300
1348
  tool_name: $tool_name
1301
- } + (if $repo != "" then {repo: $repo} else {} end)')
1349
+ } + (if $repo != "" then {repo: $repo} else {} end)
1350
+ + (if $session_id != "" then {session_id: $session_id} else {} end)
1351
+ + (if $mech_cat != "" then {mechanism_category: $mech_cat} else {} end)
1352
+ + (if $biz_cat != "" then {business_category: $biz_cat} else {} end)')
1302
1353
  curl -sS -X POST "\${GATEWAY_URL}/api/v1/events/local-verdict" \\
1303
1354
  -H "Content-Type: application/json" \\
1304
1355
  -H "Authorization: Bearer $JWT" \\
@@ -1597,6 +1648,25 @@ if [ "$SYNKRO_CAPTURE_DEPTH" = "local_only" ]; then
1597
1648
  LOCAL_VERDICT="allow"; LOCAL_SEVERITY="audit"; LOCAL_RISK="low"
1598
1649
  fi
1599
1650
  (
1651
+ MECH_CAT=""
1652
+ BIZ_CAT=""
1653
+ if [ "$LOCAL_VERDICT" = "warn" ]; then
1654
+ CLASS_CACHE="$HOME/.synkro/.classification-prompt"
1655
+ CLASS_PROMPT=""
1656
+ if [ -f "$CLASS_CACHE" ] && find "$CLASS_CACHE" -mmin -1440 2>/dev/null | grep -q .; then
1657
+ CLASS_PROMPT=$(cat "$CLASS_CACHE" 2>/dev/null)
1658
+ else
1659
+ CLASS_PROMPT=$(curl -sS "\${GATEWAY_URL}/api/v1/cli/judge-prompts" \\
1660
+ -H "Authorization: Bearer $JWT" --max-time 3 2>/dev/null | jq -r '.classification_prompt // empty')
1661
+ [ -n "$CLASS_PROMPT" ] && echo "$CLASS_PROMPT" > "$CLASS_CACHE"
1662
+ fi
1663
+ if [ -n "$CLASS_PROMPT" ]; then
1664
+ CLASS_INPUT=$(printf '%s\\n\\nViolation context:\\n- Tool: %s\\n- Category: %s\\n- Severity: %s\\n- Hook type: post-edit capture grader' "$CLASS_PROMPT" "$TOOL_NAME" "$CATEGORY" "$LOCAL_SEVERITY")
1665
+ CLASS_RESP=$(echo "$CLASS_INPUT" | claude --print --model claude-sonnet-4-6 --no-session-persistence 2>/dev/null || echo "")
1666
+ MECH_CAT=$(echo "$CLASS_RESP" | grep -oE '<mechanism>[^<]+</mechanism>' | sed 's/<[^>]*>//g')
1667
+ BIZ_CAT=$(echo "$CLASS_RESP" | grep -oE '<business>[^<]+</business>' | sed 's/<[^>]*>//g')
1668
+ fi
1669
+ fi
1600
1670
  ANON_BODY=$(jq -n \\
1601
1671
  --arg event_id "$(uuidgen 2>/dev/null || echo "evt_$(date +%s)_$$")" \\
1602
1672
  --arg timestamp "$(date -u +%Y-%m-%dT%H:%M:%SZ)" \\
@@ -1608,11 +1678,17 @@ if [ "$SYNKRO_CAPTURE_DEPTH" = "local_only" ]; then
1608
1678
  --arg model "\${CC_MODEL:-claude-sonnet-4-6}" \\
1609
1679
  --arg tool_name "$TOOL_NAME" \\
1610
1680
  --arg repo "\${GIT_REPO:-}" \\
1681
+ --arg session_id "$SESSION_ID" \\
1682
+ --arg mech_cat "$MECH_CAT" \\
1683
+ --arg biz_cat "$BIZ_CAT" \\
1611
1684
  '{
1612
1685
  event_id: $event_id, timestamp: $timestamp, hook_type: $hook_type,
1613
1686
  verdict: $verdict, severity: $severity, risk_level: $risk_level,
1614
1687
  category: $category, model: $model, tool_name: $tool_name
1615
- } + (if $repo != "" then {repo: $repo} else {} end)')
1688
+ } + (if $repo != "" then {repo: $repo} else {} end)
1689
+ + (if $session_id != "" then {session_id: $session_id} else {} end)
1690
+ + (if $mech_cat != "" then {mechanism_category: $mech_cat} else {} end)
1691
+ + (if $biz_cat != "" then {business_category: $biz_cat} else {} end)')
1616
1692
  curl -sS -X POST "\${GATEWAY_URL}/api/v1/events/local-verdict" \\
1617
1693
  -H "Content-Type: application/json" \\
1618
1694
  -H "Authorization: Bearer $JWT" \\
@@ -3783,7 +3859,7 @@ function writeConfigEnv(opts) {
3783
3859
  `SYNKRO_CREDENTIALS_PATH=${shellQuoteSingle(credsPath)}`,
3784
3860
  `SYNKRO_TIER=${shellQuoteSingle(safeTier)}`,
3785
3861
  `SYNKRO_INFERENCE=${shellQuoteSingle(safeInference)}`,
3786
- `SYNKRO_VERSION=${shellQuoteSingle("1.3.42")}`
3862
+ `SYNKRO_VERSION=${shellQuoteSingle("1.3.44")}`
3787
3863
  ];
3788
3864
  if (safeUserId) lines.push(`SYNKRO_USER_ID=${shellQuoteSingle(safeUserId)}`);
3789
3865
  if (safeOrgId) lines.push(`SYNKRO_ORG_ID=${shellQuoteSingle(safeOrgId)}`);