@synkro-sh/cli 1.4.14 → 1.4.16

package/dist/bootstrap.js

@@ -432,204 +432,256 @@ var init_mcpConfig = __esm({
 });
 
 // cli/installer/hookScripts.ts
-var CC_BASH_JUDGE_SCRIPT, CC_EDIT_PRECHECK_SCRIPT, CC_EDIT_CAPTURE_SCRIPT, CC_STOP_SUMMARY_SCRIPT, CC_SESSION_START_SCRIPT, CC_BASH_FOLLOWUP_SCRIPT, CC_TRANSCRIPT_SYNC_SCRIPT, SYNKRO_COMMON_SCRIPT, CURSOR_BASH_JUDGE_SCRIPT, CURSOR_EDIT_PRECHECK_SCRIPT, CURSOR_EDIT_CAPTURE_SCRIPT, CURSOR_BASH_FOLLOWUP_SCRIPT;
+var SYNKRO_COMMON_SCRIPT, CC_BASH_JUDGE_SCRIPT, CC_EDIT_PRECHECK_SCRIPT, CC_EDIT_CAPTURE_SCRIPT, CC_STOP_SUMMARY_SCRIPT, CC_SESSION_START_SCRIPT, CC_BASH_FOLLOWUP_SCRIPT, CC_TRANSCRIPT_SYNC_SCRIPT, CURSOR_BASH_JUDGE_SCRIPT, CURSOR_EDIT_PRECHECK_SCRIPT, CURSOR_EDIT_CAPTURE_SCRIPT, CURSOR_BASH_FOLLOWUP_SCRIPT;
 var init_hookScripts = __esm({
   "cli/installer/hookScripts.ts"() {
     "use strict";
-    CC_BASH_JUDGE_SCRIPT = `#!/bin/bash
-# Synkro PreToolUse Bash judge hook
-# Reads CC's hook payload from stdin, judges via Synkro gateway, returns verdict.
-# Auth: reads access_token from ~/.synkro/credentials.json, sends Authorization: Bearer.
-# No set -e: hook must ALWAYS produce JSON output. Silent death = CC timeout.
+    SYNKRO_COMMON_SCRIPT = `#!/bin/bash
+# Shared Synkro hook utilities \u2014 sourced by all hook scripts.
 
 synkro_log() { echo "[synkro] $1" >&2; }
 
-# True if anything is listening on the local-cc channel TCP port.
-synkro_channel_up() {
-  (exec 3<>/dev/tcp/127.0.0.1/\${SYNKRO_CHANNEL_PORT:-8929}) 2>/dev/null && exec 3<&- 3>&-
-}
-
 # Load config
-CONFIG_FILE="$HOME/.synkro/config.env"
-if [ -f "$CONFIG_FILE" ]; then
-  set -a
-  # shellcheck disable=SC1090
-  . "$CONFIG_FILE"
-  set +a
+_SYNKRO_CONFIG="$HOME/.synkro/config.env"
+if [ -f "$_SYNKRO_CONFIG" ]; then
+  set -a; . "$_SYNKRO_CONFIG"; set +a
 fi
 
 GATEWAY_URL="\${SYNKRO_GATEWAY_URL:-https://api.synkro.sh}"
 CREDS_PATH="\${SYNKRO_CREDENTIALS_PATH:-$HOME/.synkro/credentials.json}"
 
-# Fail open if not authed
-if [ ! -f "$CREDS_PATH" ]; then
+synkro_load_jwt() {
+  if [ ! -f "$CREDS_PATH" ]; then echo ""; return 1; fi
+  jq -r '.access_token // empty' "$CREDS_PATH" 2>/dev/null
+}
 
-  echo '{}'
-  exit 0
-fi
-JWT=$(jq -r '.access_token // empty' "$CREDS_PATH" 2>/dev/null)
-if [ -z "$JWT" ]; then
+synkro_refresh_jwt() {
+  local rt
+  rt=$(jq -r '.refresh_token // empty' "$CREDS_PATH" 2>/dev/null)
+  if [ -z "$rt" ]; then return 1; fi
+  local resp
+  resp=$(curl -sS -X POST "\${GATEWAY_URL}/api/auth/refresh" \\
+    -H "Content-Type: application/json" \\
+    -d "$(jq -n --arg rt "$rt" '{refresh_token:$rt}')" \\
+    --max-time 4 2>/dev/null)
+  local new_at
+  new_at=$(echo "$resp" | jq -r '.access_token // empty' 2>/dev/null)
+  if [ -z "$new_at" ]; then return 1; fi
+  local new_rt
+  new_rt=$(echo "$resp" | jq -r '.refresh_token // empty' 2>/dev/null)
+  [ -z "$new_rt" ] && new_rt="$rt"
+  local tmp="\${CREDS_PATH}.synkro.tmp"
+  jq --arg at "$new_at" --arg rt "$new_rt" '. + {access_token:$at,refresh_token:$rt}' "$CREDS_PATH" > "$tmp" 2>/dev/null && mv "$tmp" "$CREDS_PATH"
+  JWT="$new_at"
+}
 
-  echo '{}'
-  exit 0
-fi
+synkro_ensure_fresh_jwt() {
+  [ -z "$JWT" ] && return 1
+  local p exp now
+  p=$(printf '%s' "$JWT" | cut -d. -f2)
+  case $((\${#p} % 4)) in 2) p="\${p}==";; 3) p="\${p}=";; esac
+  exp=$(printf '%s' "$p" | tr '_-' '/+' | base64 -D 2>/dev/null | jq -r '.exp // 0' 2>/dev/null)
+  now=$(date -u +%s)
+  [ $((exp - now)) -lt 60 ] && synkro_refresh_jwt
+}
 
-# Read hook payload from stdin (CC sends a single JSON line)
-PAYLOAD=$(cat)
-if [ -z "$PAYLOAD" ]; then
-  echo '{}'
-  exit 0
-fi
+synkro_detect_repo() {
+  local cwd="\${1:-.}"
+  if command -v git >/dev/null 2>&1; then
+    local r
+    r=$(git -C "$cwd" remote get-url origin 2>/dev/null || true)
+    [ -n "$r" ] && echo "$r" | sed -E 's|^git@[^:]+:||; s|^https?://[^/]+/||; s|\\.git$||' && return
+  fi
+  echo ""
+}
 
-# Translate tool calls into a command string for the judge
-TOOL_NAME=$(echo "$PAYLOAD" | jq -r '.tool_name // empty' 2>/dev/null)
-case "$TOOL_NAME" in
-  Bash)
-    COMMAND=$(echo "$PAYLOAD" | jq -r '.tool_input.command // empty' 2>/dev/null)
-    ;;
-  Read)
-    FILE_PATH=$(echo "$PAYLOAD" | jq -r '.tool_input.file_path // empty' 2>/dev/null)
-    COMMAND="cat \${FILE_PATH}"
-    ;;
-  Grep)
-    PATTERN=$(echo "$PAYLOAD" | jq -r '.tool_input.pattern // empty' 2>/dev/null)
-    GREP_PATH=$(echo "$PAYLOAD" | jq -r '.tool_input.path // "."' 2>/dev/null)
-    COMMAND="grep -r '\${PATTERN}' \${GREP_PATH}"
-    ;;
-  Glob)
-    PATTERN=$(echo "$PAYLOAD" | jq -r '.tool_input.pattern // empty' 2>/dev/null)
-    COMMAND="find . -name '\${PATTERN}'"
-    ;;
-  *)
-    echo '{}'
-    exit 0
-    ;;
-esac
-if [ -z "$COMMAND" ]; then
-  echo '{}'
-  exit 0
-fi
+synkro_channel_up() {
+  (exec 3<>/dev/tcp/127.0.0.1/\${SYNKRO_CHANNEL_PORT:-8929}) 2>/dev/null && exec 3<&- 3>&-
+}
 
-CMD_SHORT=$(printf '%s' "$COMMAND" | head -c 80)
-synkro_log "bashGuard checking: $CMD_SHORT"
+# Fetch hook config (cached 5min). Sets SYNKRO_CAPTURE_DEPTH, SYNKRO_TIER, SYNKRO_RULES, SYNKRO_GRADER_PRIMER_BASH, SYNKRO_GRADER_PRIMER_EDIT, SYNKRO_CLASSIFICATION_PROMPT.
+synkro_load_config() {
+  local cache="$HOME/.synkro/.hook-config-cache"
+  if [ -f "$cache" ] && find "$cache" -mmin -5 2>/dev/null | grep -q .; then
+    eval "$(cat "$cache" 2>/dev/null)"
+    return
+  fi
+  local resp
+  resp=$(curl -sS "\${GATEWAY_URL}/api/v1/hook/config\${1:+?$1}" -H "Authorization: Bearer $JWT" --max-time 4 2>/dev/null || echo "")
+  if [ -z "$resp" ]; then return; fi
+  SYNKRO_CAPTURE_DEPTH=$(echo "$resp" | jq -r '.capture_depth // "local_only"' 2>/dev/null)
+  SYNKRO_TIER=$(echo "$resp" | jq -r '.tier // "standard"' 2>/dev/null)
+  SYNKRO_RULES=$(echo "$resp" | jq -c '[.rules[]? | select(.hook_stage == "pre" or .hook_stage == "both" or .hook_stage == null) | {rule_id,text,severity,category,mode}]' 2>/dev/null || echo "[]")
+  # Cache the values
+  printf 'SYNKRO_CAPTURE_DEPTH="%s"\\nSYNKRO_TIER="%s"\\n' "$SYNKRO_CAPTURE_DEPTH" "$SYNKRO_TIER" > "$cache" 2>/dev/null || true
+}
 
-# All commands are graded; no client-side regex gate.
+# Decide routing: "local" (grade on device) or "cloud" (POST to server)
+synkro_route() {
+  [ "$SYNKRO_CAPTURE_DEPTH" = "local_only" ] && echo "local" && return
+  synkro_channel_up && echo "local" && return
+  echo "cloud"
+}
+
+# Grade locally via synkro CLI or claude --print. Reads prompt from stdin.
+synkro_local_grade() {
+  local surface="$1"
+  if synkro_channel_up && [ -n "\${SYNKRO_CLI_BIN:-}" ] && [ -f "$SYNKRO_CLI_BIN" ] && command -v node >/dev/null 2>&1; then
+    node "$SYNKRO_CLI_BIN" grade "$surface" 2>/dev/null
+  elif synkro_channel_up && command -v synkro >/dev/null 2>&1; then
+    synkro grade "$surface" 2>/dev/null
+  elif command -v claude >/dev/null 2>&1; then
+    claude --print --model claude-sonnet-4-6 --no-session-persistence 2>/dev/null
+  fi
+}
+
+# Parse <synkro-verdict>...</synkro-verdict> XML from local grader output.
+# Sets LOCAL_OK, LOCAL_REASON, LOCAL_RULE_ID, LOCAL_SEV, LOCAL_CAT.
+synkro_parse_local_verdict() {
+  local resp="$1"
+  LOCAL_OK="true"; LOCAL_REASON=""; LOCAL_RULE_ID=""; LOCAL_SEV="low"; LOCAL_CAT="general"
+  local inner
+  inner=$(printf '%s' "$resp" | tr '\\n' ' ' | sed -nE 's|.*<synkro-verdict>(.*)</synkro-verdict>.*|\\1|p' | tail -1)
+  [ -z "$inner" ] && return
+  local ok_tag
+  ok_tag=$(printf '%s' "$inner" | sed -nE 's|.*<ok>(.*)</ok>.*|\\1|p' | head -1)
+  [ -n "$ok_tag" ] && LOCAL_OK="$ok_tag"
+  if [ "$LOCAL_OK" = "false" ]; then
+    local fv
+    fv=$(printf '%s' "$inner" | awk -v RS='</violation>' '/<violation>/{print; exit}')
+    LOCAL_RULE_ID=$(printf '%s' "$fv" | sed -nE 's|.*<rule_id>(.*)</rule_id>.*|\\1|p' | head -1)
+    LOCAL_REASON=$(printf '%s' "$fv" | sed -nE 's|.*<reason>(.*)</reason>.*|\\1|p' | head -1)
+    LOCAL_SEV=$(printf '%s' "$fv" | sed -nE 's|.*<severity>(.*)</severity>.*|\\1|p' | head -1)
+    LOCAL_CAT=$(printf '%s' "$fv" | sed -nE 's|.*<category>(.*)</category>.*|\\1|p' | head -1)
+    LOCAL_SEV="\${LOCAL_SEV:-high}"; LOCAL_CAT="\${LOCAL_CAT:-policy_violation}"
+  fi
+}
+
+# Fire anonymized telemetry for local verdicts. All args positional.
+synkro_capture_local() {
+  local hook_type="$1" verdict="$2" severity="$3" category="$4" tool_name="$5" repo="$6" session_id="$7"
+  (
+    BODY=$(jq -n \\
+      --arg eid "$(uuidgen 2>/dev/null || echo "evt_$(date +%s)_$$")" \\
+      --arg ht "$hook_type" --arg v "$verdict" --arg s "$severity" --arg c "$category" \\
+      --arg tn "$tool_name" --arg r "$repo" --arg sid "$session_id" \\
+      '{capture_type:"local_verdict",event_id:$eid,hook_type:$ht,verdict:$v,severity:$s,category:$c,model:"claude-sonnet-4-6",tool_name:$tn}
+        + (if $r != "" then {repo:$r} else {} end)
+        + (if $sid != "" then {session_id:$sid} else {} end)')
+    curl -sS -X POST "\${GATEWAY_URL}/api/v1/hook/capture" \\
+      -H "Content-Type: application/json" -H "Authorization: Bearer $JWT" \\
+      -d "$BODY" --max-time 2 >/dev/null 2>&1
+  ) &
+}
+
+synkro_post_with_retry() {
+  local url="$1" body="$2" timeout="\${3:-8}"
+  local resp
+  resp=$(curl -sS -X POST "$url" \\
+    -H "Content-Type: application/json" \\
+    -H "Authorization: Bearer $JWT" \\
+    -d "$body" --max-time "$timeout" 2>/dev/null || echo "")
+  if echo "$resp" | grep -qE '"detail":"Token has expired|"detail":"Invalid or expired token'; then
+    if synkro_refresh_jwt; then
+      resp=$(curl -sS -X POST "$url" \\
+        -H "Content-Type: application/json" \\
+        -H "Authorization: Bearer $JWT" \\
+        -d "$body" --max-time "$timeout" 2>/dev/null || echo "")
+    fi
+  fi
+  echo "$resp"
+}
+`;
+    CC_BASH_JUDGE_SCRIPT = `#!/bin/bash
+SCRIPT_DIR="$(cd "$(dirname "\${BASH_SOURCE[0]}")" && pwd)"
+. "$SCRIPT_DIR/_synkro-common.sh"
+
+JWT=$(synkro_load_jwt)
+if [ -z "$JWT" ]; then echo '{}'; exit 0; fi
+synkro_ensure_fresh_jwt
+
+PAYLOAD=$(cat)
+if [ -z "$PAYLOAD" ]; then echo '{}'; exit 0; fi
+
+TOOL_NAME=$(echo "$PAYLOAD" | jq -r '.tool_name // empty' 2>/dev/null)
+case "$TOOL_NAME" in Bash|Read|Grep|Glob) ;; *) echo '{}'; exit 0 ;; esac
 
-# Extract context from the transcript file
-TRANSCRIPT_PATH=$(echo "$PAYLOAD" | jq -r '.transcript_path // empty' 2>/dev/null)
 SESSION_ID=$(echo "$PAYLOAD" | jq -r '.session_id // empty' 2>/dev/null)
 TOOL_USE_ID=$(echo "$PAYLOAD" | jq -r '.tool_use_id // empty' 2>/dev/null)
 CWD=$(echo "$PAYLOAD" | jq -r '.cwd // empty' 2>/dev/null)
-TOOL_INPUT=$(echo "$PAYLOAD" | jq -c --arg cmd "$COMMAND" '.tool_input // {} | . + {command: $cmd}' 2>/dev/null)
-# Detect git remote origin \u2192 repo identity (e.g. "owner/repo")
-GIT_REPO=""
-if command -v git >/dev/null 2>&1; then
-  _REMOTE=$(git -C "\${CWD:-.}" remote get-url origin 2>/dev/null || true)
-  if [ -n "$_REMOTE" ]; then
-    GIT_REPO=$(echo "$_REMOTE" | sed -E 's|^git@[^:]+:||; s|^https?://[^/]+/||; s|\\.git$||')
-  fi
-fi
-# Headless detection \u2014 when no human is in the loop, ASK is a no-op so we
-# fail-closed by upgrading high-tier findings to deny.
+GIT_REPO=$(synkro_detect_repo "\${CWD:-.}")
 PERMISSION_MODE=$(echo "$PAYLOAD" | jq -r '.permission_mode // empty' 2>/dev/null)
-IS_HEADLESS=0
-case "$PERMISSION_MODE" in
-  acceptEdits|bypassPermissions|plan|auto) IS_HEADLESS=1 ;;
+
+# Translate tool calls to command string for logging
+case "$TOOL_NAME" in
+  Bash) COMMAND=$(echo "$PAYLOAD" | jq -r '.tool_input.command // empty' 2>/dev/null) ;;
+  Read) COMMAND="cat $(echo "$PAYLOAD" | jq -r '.tool_input.file_path // empty' 2>/dev/null)" ;;
+  Grep) COMMAND="grep -r '$(echo "$PAYLOAD" | jq -r '.tool_input.pattern // empty' 2>/dev/null)' $(echo "$PAYLOAD" | jq -r '.tool_input.path // "."' 2>/dev/null)" ;;
+  Glob) COMMAND="find . -name '$(echo "$PAYLOAD" | jq -r '.tool_input.pattern // empty' 2>/dev/null)'" ;;
 esac
-if [ "\${SYNKRO_HEADLESS:-0}" = "1" ]; then IS_HEADLESS=1; fi
+if [ -z "$COMMAND" ]; then echo '{}'; exit 0; fi
+
+CMD_SHORT=$(printf '%s' "$COMMAND" | head -c 80)
+synkro_log "bashGuard checking: $CMD_SHORT"
 
+TRANSCRIPT_PATH=$(echo "$PAYLOAD" | jq -r '.transcript_path // empty' 2>/dev/null)
 USER_INTENT=""
 RECENT_USER_MESSAGES="[]"
-RECENT_MESSAGES="[]"
-RECENT_ACTIONS="[]"
 if [ -n "$TRANSCRIPT_PATH" ] && [ -f "$TRANSCRIPT_PATH" ]; then
-  RECENT_USER_MESSAGES=$(tail -400 "$TRANSCRIPT_PATH" | jq -c -s '
-    [.[]
-      | select(.type == "user")
-      | (.message.content
-        | if type == "string" then .
-          else (map(.text? // "") | join(" "))
-          end)
-      | select(. != null and . != "")
-    ] | .[-5:]' 2>/dev/null || echo "[]")
+  RECENT_USER_MESSAGES=$(tail -400 "$TRANSCRIPT_PATH" | jq -c -s '[.[] | select(.type == "user") | (.message.content | if type == "string" then . else (map(.text? // "") | join(" ")) end) | select(. != null and . != "")] | .[-5:]' 2>/dev/null || echo "[]")
   USER_INTENT=$(echo "$RECENT_USER_MESSAGES" | jq -r '.[-1] // ""' 2>/dev/null || echo "")
-  # Interleaved assistant+user messages \u2014 lets the grader see what question
-  # each "yes" was answering (assistant text before user reply).
-  RECENT_MESSAGES=$(tail -400 "$TRANSCRIPT_PATH" | jq -c -s '
-    [.[]
-      | select(.type == "assistant" or .type == "user")
-      | {
-          role: .type,
-          text: (
-            if .type == "assistant" then
-              [.message.content[]? | select(type == "object" and .type == "text") | .text // ""] | join(" ") | .[0:500]
-            else
-              (.message.content
-                | if type == "string" then .[0:500]
-                  else ([.[]? | if type == "string" then . elif (type == "object" and .type == "text") then (.text // "") else "" end] | join(" ") | .[0:500])
-                  end)
-            end
-          )
-        }
-      | select(.text != "" and .text != null and (.text | length) > 0)
-    ] | .[-10:]' 2>/dev/null || echo "[]")
-  # Recent agent actions (last 5 tool_use blocks paired with results)
-  RECENT_ACTIONS=$(tail -400 "$TRANSCRIPT_PATH" | jq -c -s '
-    # tool_result blocks live in USER messages
-    ([ .[]
-       | select(.type == "user")
-       | .message.content[]?
-       | select(type == "object" and .type == "tool_result")
-       | { (.tool_use_id): (.content // "" | tostring | .[0:300]) }
-     ] | add // {}) as $results
-    |
-    [ .[]
-      | select(.type == "assistant")
-      | .message.content[]?
-      | select(.type == "tool_use")
-      | {
-          tool: .name,
-          input: (.input // {} | tostring | .[0:200]),
-          result: ($results[.id] // null)
-        }
-    ] | .[-5:]' 2>/dev/null || echo "[]")
 fi
 
-CC_MODEL=""
-CC_USAGE="{}"
-if [ -n "$TRANSCRIPT_PATH" ] && [ -f "$TRANSCRIPT_PATH" ]; then
-  _LAST_ASSISTANT=$(grep '"type":"assistant"' "$TRANSCRIPT_PATH" 2>/dev/null | tail -1)
-  if [ -n "$_LAST_ASSISTANT" ]; then
-    CC_MODEL=$(echo "$_LAST_ASSISTANT" | jq -r '.message.model // empty' 2>/dev/null)
-    CC_USAGE=$(echo "$_LAST_ASSISTANT" | jq -c '{
-      input_tokens: .message.usage.input_tokens,
-      output_tokens: .message.usage.output_tokens,
-      cache_creation_input_tokens: .message.usage.cache_creation_input_tokens,
-      cache_read_input_tokens: .message.usage.cache_read_input_tokens,
-      service_tier: .message.usage.service_tier,
-      speed: .message.usage.speed
-    }' 2>/dev/null || echo "{}")
+# Headless detection
+IS_HEADLESS="\${SYNKRO_HEADLESS:-0}"
+case "$PERMISSION_MODE" in acceptEdits|bypassPermissions|plan|auto) IS_HEADLESS="1" ;; esac
+
+synkro_load_config
+ROUTE=$(synkro_route)
+
+if [ "$ROUTE" = "local" ]; then
+  # \u2500\u2500\u2500 Local grading (local_only privacy or local-cc channel) \u2500\u2500\u2500
+  GRADER_FILE=$(mktemp -t synkro-bash.XXXXXX)
+  trap "rm -f \\"$GRADER_FILE\\"" EXIT
+  printf 'Command: %s\\nUser intent: %s\\nOrg rules: %s\\n' "$COMMAND" "\${USER_INTENT:-none stated}" "\${SYNKRO_RULES:-[]}" > "$GRADER_FILE"
+
+  CC_RESP=$(synkro_local_grade bash < "$GRADER_FILE" || echo "")
+  synkro_parse_local_verdict "$CC_RESP"
+
+  if [ "$LOCAL_OK" = "false" ]; then
+    if [ "$IS_HEADLESS" = "1" ]; then DEC="deny"; else DEC="ask"; fi
+    REASON="[synkro:local] \${LOCAL_RULE_ID:+$LOCAL_RULE_ID: }\${LOCAL_REASON:-policy violation}"
+    jq -n --arg dec "$DEC" --arg reason "$REASON" --arg ctx "$REASON" \\
+      '{hookSpecificOutput:{hookEventName:"PreToolUse",permissionDecision:$dec,permissionDecisionReason:$reason,additionalContext:$ctx}}'
+    synkro_capture_local "bash" "warn" "\${LOCAL_SEV}" "\${LOCAL_CAT}" "$TOOL_NAME" "$GIT_REPO" "$SESSION_ID"
+  else
+    jq -n --arg m "[synkro:local] bashGuard \u2192 pass" '{systemMessage: $m}'
+    synkro_capture_local "bash" "allow" "audit" "\${LOCAL_CAT:-trivial_utility}" "$TOOL_NAME" "$GIT_REPO" "$SESSION_ID"
   fi
+  exit 0
 fi
 
-# Extract session summary from CC compaction (free broad context)
+# \u2500\u2500\u2500 Cloud grading \u2500\u2500\u2500
+CC_MODEL=""
+CC_USAGE="{}"
+RECENT_MESSAGES="[]"
+RECENT_ACTIONS="[]"
 SESSION_SUMMARY=""
 if [ -n "$TRANSCRIPT_PATH" ] && [ -f "$TRANSCRIPT_PATH" ]; then
-  _SUMMARY_LINE=$(grep -n '"This session is being continued' "$TRANSCRIPT_PATH" 2>/dev/null | tail -1 | cut -d: -f1)
-  if [ -n "$_SUMMARY_LINE" ]; then
-    SESSION_SUMMARY=$(sed -n "\${_SUMMARY_LINE}p" "$TRANSCRIPT_PATH" | jq -r '
-      .message.content
-      | if type == "string" then .[0:2000]
-        else ([.[]? | if type == "string" then . elif (type == "object" and .type == "text") then (.text // "") else "" end] | join(" ") | .[0:2000])
-        end' 2>/dev/null || echo "")
+  _LAST=$(grep '"type":"assistant"' "$TRANSCRIPT_PATH" 2>/dev/null | tail -1)
+  if [ -n "$_LAST" ]; then
+    CC_MODEL=$(echo "$_LAST" | jq -r '.message.model // empty' 2>/dev/null)
+    CC_USAGE=$(echo "$_LAST" | jq -c '{input_tokens:.message.usage.input_tokens,output_tokens:.message.usage.output_tokens,cache_creation_input_tokens:.message.usage.cache_creation_input_tokens,cache_read_input_tokens:.message.usage.cache_read_input_tokens}' 2>/dev/null || echo "{}")
   fi
+  RECENT_MESSAGES=$(tail -400 "$TRANSCRIPT_PATH" | jq -c -s '[.[] | select(.type == "user" or .type == "assistant") | {type, text: (.message.content | if type == "string" then .[0:500] else ([.[]? | (.text? // "") | .[0:300]] | join(" ")) end)}] | .[-10:]' 2>/dev/null || echo "[]")
+  RECENT_ACTIONS=$(tail -400 "$TRANSCRIPT_PATH" | jq -c -s '[.[] | select(.type == "assistant") | .message.content[]? | select(.type == "tool_use") | {tool: .name, input: (.input // {} | tostring | .[0:200])}] | .[-5:]' 2>/dev/null || echo "[]")
+  SESSION_SUMMARY=$(grep '"type":"summary"' "$TRANSCRIPT_PATH" 2>/dev/null | tail -1 | jq -r '.summary // empty' 2>/dev/null || echo "")
 fi
 
-# Build POST body \u2014 always emit all fields (use null for empty optionals)
-# Earlier version used \`select(length > 0)\` which made the entire object
-# evaluate to nothing when any optional was empty. Don't do that.
 BODY=$(jq -n \\
-  --argjson tool_input "$TOOL_INPUT" \\
+  --arg hook_event "PreToolUse" \\
+  --arg tool_name "$TOOL_NAME" \\
+  --argjson tool_input "$(echo "$PAYLOAD" | jq -c '.tool_input // {}')" \\
   --arg user_intent "$USER_INTENT" \\
   --argjson recent_user_messages "$RECENT_USER_MESSAGES" \\
   --argjson recent_messages "$RECENT_MESSAGES" \\
@@ -638,11 +690,13 @@ BODY=$(jq -n \\
   --arg tool_use_id "$TOOL_USE_ID" \\
   --arg cwd "$CWD" \\
   --arg repo "$GIT_REPO" \\
+  --arg permission_mode "$PERMISSION_MODE" \\
   --arg cc_model "$CC_MODEL" \\
   --argjson cc_usage "$CC_USAGE" \\
   --arg session_summary "$SESSION_SUMMARY" \\
   '{
-    kind: "bash_judge",
+    hook_event: $hook_event,
+    tool_name: $tool_name,
     tool_input: $tool_input,
     user_intent: (if ($user_intent | length) > 0 then $user_intent else null end),
     recent_user_messages: $recent_user_messages,
@@ -652,437 +706,69 @@ BODY=$(jq -n \\
     tool_use_id: (if ($tool_use_id | length) > 0 then $tool_use_id else null end),
     cwd: (if ($cwd | length) > 0 then $cwd else null end),
     repo: (if ($repo | length) > 0 then $repo else null end),
+    permission_mode: (if ($permission_mode | length) > 0 then $permission_mode else null end),
     cc_model: (if ($cc_model | length) > 0 then $cc_model else null end),
     cc_usage: $cc_usage,
     session_summary: (if ($session_summary | length) > 0 then $session_summary else null end)
   }')
 
-# Helper: refresh JWT via /api/auth/refresh and rewrite credentials.json.
-# Called when the gateway returns 401 (token expired).
-refresh_jwt() {
-  local refresh_token
-  refresh_token=$(jq -r '.refresh_token // empty' "$CREDS_PATH" 2>/dev/null)
-  if [ -z "$refresh_token" ]; then
-    return 1
-  fi
-  local refresh_resp
-  local refresh_body
-  refresh_body=$(jq -n --arg rt "$refresh_token" '{refresh_token:$rt}')
-  refresh_resp=$(curl -sS -X POST "\${GATEWAY_URL}/api/auth/refresh" \\
-    -H "Content-Type: application/json" \\
-    -d "$refresh_body" \\
-    --max-time 4 2>/dev/null)
-  local new_access
-  new_access=$(echo "$refresh_resp" | jq -r '.access_token // empty' 2>/dev/null)
-  if [ -z "$new_access" ]; then
-    return 1
-  fi
-  # Atomically rewrite credentials.json with the new tokens
-  local new_refresh
-  new_refresh=$(echo "$refresh_resp" | jq -r '.refresh_token // empty' 2>/dev/null)
-  if [ -z "$new_refresh" ]; then
-    new_refresh="$refresh_token"
-  fi
-  local tmp="\${CREDS_PATH}.synkro.tmp"
-  jq --arg at "$new_access" --arg rt "$new_refresh" \\
-    '. + {access_token: $at, refresh_token: $rt}' \\
-    "$CREDS_PATH" > "$tmp" 2>/dev/null && mv "$tmp" "$CREDS_PATH"
-  JWT="$new_access"
-  return 0
-}
+RESP=$(synkro_post_with_retry "\${GATEWAY_URL}/api/v1/hook/judge" "$BODY" 8)
 
-ensure_fresh_jwt() {
-  [ -z "$JWT" ] && return 1
-  local payload exp now remaining
-  payload=$(printf '%s' "$JWT" | cut -d. -f2)
-  case $((\${#payload} % 4)) in
-    2) payload="\${payload}==" ;;
-    3) payload="\${payload}=" ;;
-  esac
-  exp=$(printf '%s' "$payload" | tr '_-' '/+' | base64 -D 2>/dev/null | jq -r '.exp // 0' 2>/dev/null)
-  now=$(date -u +%s)
-  remaining=$((exp - now))
-  if [ "$remaining" -lt 60 ]; then
-    refresh_jwt
-  fi
-}
-
-ensure_fresh_jwt
-
-# Single fetch: /cli/hook-context returns me + rules in one call.
-HOOK_CTX=$(curl -sS "\${GATEWAY_URL}/api/v1/cli/hook-context" -H "Authorization: Bearer $JWT" --max-time 4 2>/dev/null || echo "")
-SYNKRO_INFERENCE_TIER=$(echo "$HOOK_CTX" | jq -r '.tier // empty' 2>/dev/null)
-SYNKRO_CAPTURE_DEPTH=$(echo "$HOOK_CTX" | jq -r '.capture_depth // empty' 2>/dev/null)
-SYNKRO_INFERENCE_TIER="\${SYNKRO_INFERENCE_TIER:-fast}"
-SYNKRO_CAPTURE_DEPTH="\${SYNKRO_CAPTURE_DEPTH:-local_only}"
-
-USE_LOCAL=false
-if command -v claude >/dev/null 2>&1; then
-  USE_LOCAL=true
-fi
-
-if synkro_channel_up || { [ "$SYNKRO_INFERENCE_TIER" = "free" ] && command -v claude >/dev/null 2>&1; }; then
-  RULES_CACHE="$HOME/.synkro/.rules-cache-bash"
-  RULES_JQ='[.rules[]? | select(.hook_stage == "pre" or .hook_stage == "both" or .hook_stage == null) | {rule_id, text, severity, category}]'
-  ORG_RULES=$(echo "$HOOK_CTX" | jq -c "$RULES_JQ" 2>/dev/null || echo "[]")
-  if [ -n "$ORG_RULES" ] && [ "$ORG_RULES" != "null" ] && [ "$ORG_RULES" != "[]" ]; then
-    printf '%s' "$ORG_RULES" > "$RULES_CACHE" 2>/dev/null || true
-  elif [ -f "$RULES_CACHE" ]; then
-    ORG_RULES=$(cat "$RULES_CACHE" 2>/dev/null || echo "[]")
-  fi
-  if [ -z "$ORG_RULES" ] || [ "$ORG_RULES" = "null" ]; then ORG_RULES="[]"; fi
-
-  GRADER_PROMPT_FILE=$(mktemp -t synkro-bash-prompt.XXXXXX)
-  trap "rm -f \\"$GRADER_PROMPT_FILE\\"" EXIT
-  printf 'Proposed command: %s\\n' "$COMMAND" > "$GRADER_PROMPT_FILE"
-  printf 'User intent: %s\\n' "\${USER_INTENT:-none stated}" >> "$GRADER_PROMPT_FILE"
-  printf 'Recent user messages: %s\\n' "$RECENT_USER_MESSAGES" >> "$GRADER_PROMPT_FILE"
-  printf 'Recent actions: %s\\n' "$RECENT_ACTIONS" >> "$GRADER_PROMPT_FILE"
-  printf 'Org rules: %s\\n\\n' "$ORG_RULES" >> "$GRADER_PROMPT_FILE"
-
-  ROUTE_TAG=""
-  if synkro_channel_up && [ -n "\${SYNKRO_CLI_BIN:-}" ] && [ -f "$SYNKRO_CLI_BIN" ] && command -v node >/dev/null 2>&1; then
-    ROUTE_TAG="local-cc"
-    CC_RESP=$(node "$SYNKRO_CLI_BIN" grade bash < "$GRADER_PROMPT_FILE" 2>/dev/null || echo "")
-  elif synkro_channel_up && command -v synkro >/dev/null 2>&1; then
-    ROUTE_TAG="local-cc-path"
-    CC_RESP=$(synkro grade bash < "$GRADER_PROMPT_FILE" 2>/dev/null || echo "")
-  else
-    # Channel unavailable \u2014 fall back to cold \`claude --print\` (free tier path).
-    ROUTE_TAG="cc-print"
-    CC_RESP=$(claude --print --model claude-sonnet-4-6 --no-session-persistence < "$GRADER_PROMPT_FILE" 2>/dev/null || echo "")
-  fi
-  # Wrapper extraction \u2014 greedy so it tolerates nested XML tags inside.
-  V_INNER=$(printf '%s' "$CC_RESP" | tr '\\n' ' ' | sed -nE 's|.*<synkro-verdict>(.*)</synkro-verdict>.*|\\1|p' | tail -1)
-
-  # Local primer emits XML tags. Parse into the same bash vars the
-  # downstream code expects \u2014 bypassing jq entirely (XML is faster on local
-  # claude --print than JSON-mode generation).
-  xtag() { printf '%s' "$1" | sed -nE "s|.*<$2>(.*)</$2>.*|\\1|p" | head -1; }
-  VERDICT_KIND=$(xtag "$V_INNER" verdict)
-  SEVERITY=$(xtag "$V_INNER" severity)
-  RISK_LEVEL=$(xtag "$V_INNER" risk_level)
-  CATEGORY=$(xtag "$V_INNER" category)
-  REASONING=$(xtag "$V_INNER" reasoning)
-  ALTERNATIVE=$(xtag "$V_INNER" alternative)
-
-  # Fail-open on no verdict \u2014 daemon handles cold fallback internally; if it
-  # still came back empty (grader unavailable), don't block the user.
-  if [ -z "$VERDICT_KIND" ] || [ -z "$SEVERITY" ]; then
-    synkro_log "bashGuard $CMD_SHORT \u2192 pass (grader unavailable)"
-    jq -n --arg m "[synkro] bashGuard \u2192 pass (grader unavailable)" '{systemMessage: $m}'
-    exit 0
-  fi
-  # Sentinel \u2014 tells the downstream parser to skip jq and use the bash vars
-  # already populated above. Server-side path (else branch) keeps using JSON.
-  VERDICT="__LOCAL_XML_PARSED__"
-else
-  # \u2500\u2500\u2500 Server-side grading. \u2500\u2500\u2500
-
-  VERDICT=$(curl -sS -X POST "\${GATEWAY_URL}/api/v1/judge" \\
-    -H "Content-Type: application/json" \\
-    -H "Authorization: Bearer $JWT" \\
-    -d "$BODY" \\
-    --max-time 6 2>/dev/null || echo "")
-
-  if echo "$VERDICT" | grep -qE '"detail":"Token has expired|"detail":"Invalid or expired token'; then
-
-    if refresh_jwt; then
-      VERDICT=$(curl -sS -X POST "\${GATEWAY_URL}/api/v1/judge" \\
-        -H "Content-Type: application/json" \\
-        -H "Authorization: Bearer $JWT" \\
-        -d "$BODY" \\
-        --max-time 6 2>/dev/null || echo "")
-    fi
-  fi
-fi
-
-if [ -z "$VERDICT" ]; then
+if [ -z "$RESP" ]; then
   synkro_log "bashGuard $CMD_SHORT \u2192 error (timeout)"
-  jq -n --arg m "[synkro:\${ROUTE_TAG:-cloud}] bashGuard \u2192 error (timeout)" '{systemMessage: $m}'
+  echo '{}'
   exit 0
 fi
 
-# Parse verdict \u2014 fail open on any parse error.
-# Local XML path already populated the vars above; only parse JSON for the
-# server (BYOK) path.
-if [ "$VERDICT" != "__LOCAL_XML_PARSED__" ]; then
-  SEVERITY=$(echo "$VERDICT" | jq -r '.severity // "audit"' 2>/dev/null)
-  VERDICT_KIND=$(echo "$VERDICT" | jq -r '.verdict // "warn"' 2>/dev/null)
-  REASONING=$(echo "$VERDICT" | jq -r '.reasoning // "matched dangerous-verb regex"' 2>/dev/null)
-  ALTERNATIVE=$(echo "$VERDICT" | jq -r '.alternative // ""' 2>/dev/null)
-  CATEGORY=$(echo "$VERDICT" | jq -r '.category // "destructive_command"' 2>/dev/null)
-  RISK_LEVEL=$(echo "$VERDICT" | jq -r '.risk_level // empty' 2>/dev/null)
-  VIOLATED_RULES=$(echo "$VERDICT" | jq -c '.violated_rules // []' 2>/dev/null)
-fi
-VIOLATED_RULES="\${VIOLATED_RULES:-[]}"
-# Defaults if any var is empty (defensive \u2014 XML primer should always emit them).
-SEVERITY="\${SEVERITY:-audit}"
-VERDICT_KIND="\${VERDICT_KIND:-warn}"
-REASONING="\${REASONING:-matched dangerous-verb regex}"
-CATEGORY="\${CATEGORY:-destructive_command}"
-SYNKRO_PREFIX="[synkro:\${ROUTE_TAG:-cloud}]"
-
-# Backwards-compat: if severity isn't block/audit, derive it from verdict_kind
-# and treat the original severity as the risk_level.
-case "$SEVERITY" in
-  block|audit) ;;
-  low|medium|high|critical)
-    [ -z "$RISK_LEVEL" ] && RISK_LEVEL="$SEVERITY"
-    if [ "$VERDICT_KIND" = "allow" ]; then SEVERITY="audit"; else SEVERITY="block"; fi
-    ;;
-  *)
-    if [ "$VERDICT_KIND" = "allow" ]; then SEVERITY="audit"; else SEVERITY="block"; fi
-    ;;
-esac
-
-# Severity-driven surfacing:
-#   block \u2192 permissionDecision: "ask" (interactive) or "deny" (headless)
-#   audit \u2192 silent allow \u2014 logged but no interruption
-
-ALT_SUFFIX=""
-if [ -n "$ALTERNATIVE" ] && [ "$ALTERNATIVE" != "null" ]; then
-  ALT_SUFFIX=" Suggested: \${ALTERNATIVE}"
-fi
-
-case "$SEVERITY" in
-  block)
-    PERMISSION_REASON="\${SYNKRO_PREFIX} \${REASONING}\${ALT_SUFFIX}"
-    ADDITIONAL_CTX="Synkro safety judge (severity: \${SEVERITY}, category: \${CATEGORY}, route: \${ROUTE_TAG:-cloud}). Reasoning: \${REASONING}.\${ALT_SUFFIX}"
-    if [ "$IS_HEADLESS" = "1" ]; then DECISION="deny"; else DECISION="ask"; fi
-    jq -n \\
-      --arg ctx "$ADDITIONAL_CTX" \\
-      --arg reason "$PERMISSION_REASON" \\
-      --arg decision "$DECISION" \\
-      '{
-        hookSpecificOutput: {
-          hookEventName: "PreToolUse",
-          permissionDecision: $decision,
-          permissionDecisionReason: $reason,
-          additionalContext: $ctx
-        }
-      }'
-    ;;
-  audit)
-    synkro_log "bashGuard $CMD_SHORT \u2192 pass ($CATEGORY): $REASONING"
-    case "$CATEGORY" in
-      trivial_utility)
-        jq -n --arg m "\${SYNKRO_PREFIX} bashGuard \u2192 pass" '{systemMessage: $m}' ;;
-      judge_unavailable|judge_error|parse_error)
-        jq -n --arg m "\${SYNKRO_PREFIX} bashGuard \u2192 pass (grader unavailable)" '{systemMessage: $m}' ;;
-      *)
-        jq -n --arg m "\${SYNKRO_PREFIX} bashGuard \u2192 pass (\${CATEGORY}): \${REASONING}" '{systemMessage: $m}' ;;
-    esac
-    ;;
-  *)
-    synkro_log "bashGuard $CMD_SHORT \u2192 UNEXPECTED SEVERITY ($SEVERITY), blocking by default"
-    if [ "$IS_HEADLESS" = "1" ]; then DECISION="deny"; else DECISION="ask"; fi
-    jq -n \\
-      --arg decision "$DECISION" \\
-      --arg reason "\${SYNKRO_PREFIX} unexpected severity '\${SEVERITY}' \u2014 blocking by default. Please email team@synkro.sh to report this issue." \\
-      '{
-        hookSpecificOutput: {
-          hookEventName: "PreToolUse",
-          permissionDecision: $decision,
-          permissionDecisionReason: $reason,
-          additionalContext: "Synkro safety judge returned an unexpected severity value. This command has been blocked as a precaution. Please email team@synkro.sh with details of the command you were running."
-        }
-      }'
-    ;;
-esac
-
-# Fire-and-forget telemetry for locally-judged checks
-if [ "$USE_LOCAL" = "true" ] && [ -n "$VERDICT_KIND" ]; then
-  (
-    MECH_CAT=""
-    BIZ_CAT=""
-    # For violations, run OWASP classification on user's machine
-    if [ "$VERDICT_KIND" = "warn" ]; then
-      CLASS_CACHE="$HOME/.synkro/.classification-prompt"
-      CLASS_PROMPT=""
-      if [ -f "$CLASS_CACHE" ] && find "$CLASS_CACHE" -mmin -1440 2>/dev/null | grep -q .; then
-        CLASS_PROMPT=$(cat "$CLASS_CACHE" 2>/dev/null)
-      else
-        CLASS_PROMPT=$(curl -sS "\${GATEWAY_URL}/api/v1/cli/judge-prompts" \\
-          -H "Authorization: Bearer $JWT" --max-time 3 2>/dev/null | jq -r '.classification_prompt // empty')
-        [ -n "$CLASS_PROMPT" ] && echo "$CLASS_PROMPT" > "$CLASS_CACHE"
-      fi
-      if [ -n "$CLASS_PROMPT" ]; then
-        CLASS_INPUT=$(printf '%s\\n\\nViolation context:\\n- Tool: %s\\n- Category: %s\\n- Severity: %s\\n- Hook type: bash command judge' "$CLASS_PROMPT" "$TOOL_NAME" "$CATEGORY" "$SEVERITY")
-        CLASS_RESP=$(echo "$CLASS_INPUT" | claude --print --model claude-sonnet-4-6 --no-session-persistence 2>/dev/null || echo "")
-        MECH_CAT=$(echo "$CLASS_RESP" | grep -oE '<mechanism>[^<]+</mechanism>' | sed 's/<[^>]*>//g')
-        BIZ_CAT=$(echo "$CLASS_RESP" | grep -oE '<business>[^<]+</business>' | sed 's/<[^>]*>//g')
-      fi
-    fi
-    TEL_BODY=$(jq -n \\
-      --arg event_id "$(uuidgen 2>/dev/null || echo "evt_$(date +%s)_$$")" \\
-      --arg timestamp "$(date -u +%Y-%m-%dT%H:%M:%SZ)" \\
-      --arg hook_type "bash" \\
-      --arg verdict "$VERDICT_KIND" \\
-      --arg severity "$SEVERITY" \\
-      --arg risk_level "\${RISK_LEVEL:-low}" \\
-      --arg category "$CATEGORY" \\
-      --arg model "\${CC_MODEL:-claude-sonnet-4-6}" \\
-      --arg tool_name "$TOOL_NAME" \\
-      --arg repo "\${GIT_REPO:-}" \\
-      --arg session_id "$SESSION_ID" \\
-      --arg tool_use_id "\${TOOL_USE_ID:-}" \\
-      --arg cwd "\${CWD:-}" \\
-      --arg mech_cat "$MECH_CAT" \\
-      --arg biz_cat "$BIZ_CAT" \\
-      --arg capture_depth "$SYNKRO_CAPTURE_DEPTH" \\
-      --arg command "$COMMAND" \\
-      --arg reasoning "$REASONING" \\
-      --arg alternative "$ALTERNATIVE" \\
-      --argjson rules_checked "\${ORG_RULES:-[]}" \\
-      --argjson violated_rules "\${VIOLATED_RULES:-[]}" \\
-      --argjson recent_user_messages "\${RECENT_USER_MESSAGES:-[]}" \\
-      '{
-        event_id: $event_id,
-        timestamp: $timestamp,
-        hook_type: $hook_type,
-        verdict: $verdict,
-        severity: $severity,
-        risk_level: $risk_level,
-        category: $category,
-        model: $model,
-        tool_name: $tool_name,
-        capture_depth: $capture_depth,
-        rules_checked: $rules_checked,
-        violated_rules: $violated_rules
-      } + (if $repo != "" then {repo: $repo} else {} end)
-        + (if $session_id != "" then {session_id: $session_id} else {} end)
-        + (if $tool_use_id != "" then {tool_use_id: $tool_use_id} else {} end)
-        + (if $cwd != "" then {cwd: $cwd} else {} end)
-        + (if $mech_cat != "" then {mechanism_category: $mech_cat} else {} end)
-        + (if $biz_cat != "" then {business_category: $biz_cat} else {} end)
-        + (if $capture_depth != "local_only" then {command: $command, reasoning: $reasoning, recent_user_messages: $recent_user_messages} + (if $alternative != "" then {alternative: $alternative} else {} end) else {} end)')
-    curl -sS -X POST "\${GATEWAY_URL}/api/v1/events/local-verdict" \\
-      -H "Content-Type: application/json" \\
-      -H "Authorization: Bearer $JWT" \\
-      -d "$TEL_BODY" \\
-      --max-time 2 >/dev/null 2>&1
-  ) &
+if ! echo "$RESP" | jq -e '.hook_response' >/dev/null 2>&1; then
+  synkro_log "bashGuard $CMD_SHORT \u2192 pass (no hook_response)"
+  echo '{}'
+  exit 0
 fi
 
+echo "$RESP" | jq -c '.hook_response'
 exit 0
 `;
     CC_EDIT_PRECHECK_SCRIPT = `#!/bin/bash
-# Synkro PreToolUse Edit/Write/MultiEdit/NotebookEdit pre-check hook.
-# Always exits 0 with valid JSON. Fails open on any error.
-
-synkro_log() { echo "[synkro] $1" >&2; }
-
-# True if anything is listening on the local-cc channel TCP port.
-synkro_channel_up() {
-  (exec 3<>/dev/tcp/127.0.0.1/\${SYNKRO_CHANNEL_PORT:-8929}) 2>/dev/null && exec 3<&- 3>&-
-}
-
-CONFIG_FILE="$HOME/.synkro/config.env"
-if [ -f "$CONFIG_FILE" ]; then
-  set -a
-  # shellcheck disable=SC1090
-  . "$CONFIG_FILE"
-  set +a
-fi
-
-GATEWAY_URL="\${SYNKRO_GATEWAY_URL:-https://api.synkro.sh}"
-CREDS_PATH="\${SYNKRO_CREDENTIALS_PATH:-$HOME/.synkro/credentials.json}"
+SCRIPT_DIR="$(cd "$(dirname "\${BASH_SOURCE[0]}")" && pwd)"
+. "$SCRIPT_DIR/_synkro-common.sh"
 
-if [ ! -f "$CREDS_PATH" ]; then
-  echo '{}'
-  exit 0
-fi
-JWT=$(jq -r '.access_token // empty' "$CREDS_PATH" 2>/dev/null)
-if [ -z "$JWT" ]; then
-  echo '{}'
-  exit 0
-fi
+JWT=$(synkro_load_jwt)
+if [ -z "$JWT" ]; then echo '{}'; exit 0; fi
+synkro_ensure_fresh_jwt
 
 PAYLOAD=$(cat)
-if [ -z "$PAYLOAD" ]; then
-  echo '{}'
-  exit 0
-fi
+if [ -z "$PAYLOAD" ]; then echo '{}'; exit 0; fi
 
 TOOL_NAME=$(echo "$PAYLOAD" | jq -r '.tool_name // empty' 2>/dev/null)
-case "$TOOL_NAME" in
-  Edit|Write|MultiEdit|NotebookEdit) ;;
-  *) echo '{}'; exit 0 ;;
-esac
+case "$TOOL_NAME" in Edit|Write|MultiEdit|NotebookEdit) ;; *) echo '{}'; exit 0 ;; esac
 
 TOOL_INPUT=$(echo "$PAYLOAD" | jq -c '.tool_input // {}' 2>/dev/null)
 SESSION_ID=$(echo "$PAYLOAD" | jq -r '.session_id // empty' 2>/dev/null)
 TOOL_USE_ID=$(echo "$PAYLOAD" | jq -r '.tool_use_id // empty' 2>/dev/null)
 CWD=$(echo "$PAYLOAD" | jq -r '.cwd // empty' 2>/dev/null)
-# Detect git remote origin \u2192 repo identity (e.g. "owner/repo")
-GIT_REPO=""
-if command -v git >/dev/null 2>&1; then
-  _REMOTE=$(git -C "\${CWD:-.}" remote get-url origin 2>/dev/null || true)
-  if [ -n "$_REMOTE" ]; then
-    GIT_REPO=$(echo "$_REMOTE" | sed -E 's|^git@[^:]+:||; s|^https?://[^/]+/||; s|\\.git$||')
-  fi
-fi
-# Headless / non-interactive detection \u2014 when CC won't actually prompt the
-# human, our "ask" verdict is a no-op. Server uses these to fall back to
-# "deny" so we fail-closed instead of silently letting findings through.
+GIT_REPO=$(synkro_detect_repo "\${CWD:-.}")
 PERMISSION_MODE=$(echo "$PAYLOAD" | jq -r '.permission_mode // empty' 2>/dev/null)
-HEADLESS_FLAG="\${SYNKRO_HEADLESS:-0}"
 
 FILE_PATH=$(echo "$TOOL_INPUT" | jq -r '.file_path // .notebook_path // .path // empty' 2>/dev/null)
-if [ -z "$FILE_PATH" ]; then
-  echo '{}'
-  exit 0
-fi
+if [ -z "$FILE_PATH" ]; then echo '{}'; exit 0; fi
 
 FILE_SHORT=$(basename "$FILE_PATH")
 synkro_log "editGuard checking: $FILE_SHORT"
 
-# Pull conversation context from the transcript file. CC writes one JSON line
-# per message; we read the tail and extract the most recent user message + the
-# last 5 tool_use blocks. The server uses these as anchors for cosine ranking
-# AND as a suppression signal when the user explicitly asked for the unsafe
-# pattern. Same trick the bash judge uses.
-USER_INTENT=""
-RECENT_ACTIONS="[]"
-if [ -n "$TRANSCRIPT_PATH" ] && [ -f "$TRANSCRIPT_PATH" ]; then
-  USER_INTENT=$(tail -200 "$TRANSCRIPT_PATH" | jq -r 'select(.type == "user") | .message.content | if type == "string" then . else (map(.text? // "") | join(" ")) end' 2>/dev/null | tail -1 || echo "")
-  RECENT_ACTIONS=$(tail -200 "$TRANSCRIPT_PATH" | jq -c -s '
-    [.[]
-      | select(.type == "assistant")
-      | .message.content[]?
-      | select(.type == "tool_use")
-      | { tool: .name, input: (.input // {} | tostring | .[0:200]) }
-    ] | .[-5:]' 2>/dev/null || echo "[]")
-fi
+IS_HEADLESS="\${SYNKRO_HEADLESS:-0}"
+case "$PERMISSION_MODE" in acceptEdits|bypassPermissions|plan|auto) IS_HEADLESS="1" ;; esac
 
-# Read the on-disk file FIRST so the Edit/MultiEdit branches below can
-# reconstruct the full post-edit file (file_before with the diff applied).
-# Cap at 64KB. Must run before the case statement so PROPOSED can include
-# whole-file context, not just the diff hunk.
+# Read file before edit for reconstruction
 FILE_BEFORE=""
 if [ "$TOOL_NAME" != "Write" ] && [ -n "$FILE_PATH" ] && [ -f "$FILE_PATH" ]; then
   FILE_BEFORE=$(head -c 65536 "$FILE_PATH" 2>/dev/null || echo "")
 fi
 
-# Pull proposed content. Edit/MultiEdit reconstruct the full file via
-# bash parameter expansion against FILE_BEFORE; Write/NotebookEdit pass
-# the new content directly.
+# Reconstruct proposed content
 case "$TOOL_NAME" in
-  Write)
-    # Write replaces the entire file \u2014 content IS the full post-edit file.
-    PROPOSED=$(echo "$TOOL_INPUT" | jq -r '.content // ""' 2>/dev/null) ;;
+  Write) PROPOSED=$(echo "$TOOL_INPUT" | jq -r '.content // ""' 2>/dev/null) ;;
   Edit|MultiEdit)
-    # Reconstruct the full post-edit file by applying the diff to file_before.
-    # Sending only new_string (the diff hunk) blinds the local grader to
-    # violations elsewhere in the file \u2014 the grader needs whole-file context
-    # to identify multi-violation edits and cross-line patterns.
-    #
-    # We use python (already a daemon dependency) instead of bash parameter
-    # expansion because macOS ships bash 3.2, where the quoted-pattern form
-    # of \${var//PAT/REPL} leaks the quote characters into the result.
-    # Python's str.replace() handles arbitrary strings cleanly. Args go via
-    # env vars (not argv) so 64 KB file content doesn't trip ARG_MAX limits.
     if [ -n "$FILE_BEFORE" ] && command -v python3 >/dev/null 2>&1; then
       PROPOSED=$(FILE_BEFORE_LITERAL="$FILE_BEFORE" TOOL_INPUT_LITERAL="$TOOL_INPUT" python3 -c '
 import os, json, sys
@@ -1090,47 +776,69 @@ fb = os.environ.get("FILE_BEFORE_LITERAL", "")
 ti = json.loads(os.environ.get("TOOL_INPUT_LITERAL", "{}"))
 result = fb
 if "old_string" in ti and "new_string" in ti:
-    if ti["old_string"]:
-        result = result.replace(ti["old_string"], ti["new_string"], 1)
+    if ti["old_string"]: result = result.replace(ti["old_string"], ti["new_string"], 1)
 elif "edits" in ti and isinstance(ti["edits"], list):
     for e in ti["edits"]:
         old = e.get("old_string", "") if isinstance(e, dict) else ""
         new = e.get("new_string", "") if isinstance(e, dict) else ""
-        if old:
-            result = result.replace(old, new, 1)
+        if old: result = result.replace(old, new, 1)
 sys.stdout.write(result)
 ' 2>/dev/null)
     fi
-    # Fall back to the diff-hunk-only shape if reconstruction failed or
-    # file_before was empty (new file via Edit, etc.).
     if [ -z "$PROPOSED" ]; then
       if [ "$TOOL_NAME" = "MultiEdit" ]; then
         PROPOSED=$(echo "$TOOL_INPUT" | jq -r '[.edits[]?.new_string // ""] | join("\\n\\n--- chunk ---\\n\\n")' 2>/dev/null)
       else
         PROPOSED=$(echo "$TOOL_INPUT" | jq -r '.new_string // ""' 2>/dev/null)
       fi
-    fi
-    ;;
-  NotebookEdit)
-    PROPOSED=$(echo "$TOOL_INPUT" | jq -r '.new_source // ""' 2>/dev/null) ;;
+    fi ;;
+  NotebookEdit) PROPOSED=$(echo "$TOOL_INPUT" | jq -r '.new_source // ""' 2>/dev/null) ;;
 esac
-
-if [ -z "$PROPOSED" ]; then
-  echo '{}'
-  exit 0
-fi
+if [ -z "$PROPOSED" ]; then echo '{}'; exit 0; fi
 
 DIFF_FIELD=$(echo "$TOOL_INPUT" | jq -c '{old_string, new_string, edits} | with_entries(select(.value != null))' 2>/dev/null)
-if [ -z "$DIFF_FIELD" ] || [ "$DIFF_FIELD" = "null" ] || [ "$DIFF_FIELD" = "{}" ]; then
-  DIFF_FIELD="null"
+[ -z "$DIFF_FIELD" ] || [ "$DIFF_FIELD" = "null" ] || [ "$DIFF_FIELD" = "{}" ] && DIFF_FIELD="null"
+
+# Extract user intent from transcript
+USER_INTENT=""
+RECENT_ACTIONS="[]"
+TRANSCRIPT_PATH=$(echo "$PAYLOAD" | jq -r '.transcript_path // empty' 2>/dev/null)
+if [ -n "$TRANSCRIPT_PATH" ] && [ -f "$TRANSCRIPT_PATH" ]; then
+  USER_INTENT=$(tail -200 "$TRANSCRIPT_PATH" | jq -r 'select(.type == "user") | .message.content | if type == "string" then . else (map(.text? // "") | join(" ")) end' 2>/dev/null | tail -1 || echo "")
+  RECENT_ACTIONS=$(tail -200 "$TRANSCRIPT_PATH" | jq -c -s '[.[] | select(.type == "assistant") | .message.content[]? | select(.type == "tool_use") | {tool: .name, input: (.input // {} | tostring | .[0:200])}] | .[-5:]' 2>/dev/null || echo "[]")
 fi
 
-# FILE_BEFORE was read above (before the case statement) so this body
-# construction just references it; the duplicate read used to live here.
+synkro_load_config
+ROUTE=$(synkro_route)
+
+if [ "$ROUTE" = "local" ]; then
+  # \u2500\u2500\u2500 Local grading (local_only privacy or local-cc channel) \u2500\u2500\u2500
+  GRADER_FILE=$(mktemp -t synkro-edit.XXXXXX)
+  trap "rm -f \\"$GRADER_FILE\\"" EXIT
+  printf 'File: %s\\nProposed content (first 4000 chars):\\n%s\\nUser intent: %s\\nOrg rules: %s\\n' "$FILE_PATH" "$(printf '%s' "$PROPOSED" | head -c 4000)" "\${USER_INTENT:-none stated}" "\${SYNKRO_RULES:-[]}" > "$GRADER_FILE"
+
+  CC_RESP=$(synkro_local_grade edit < "$GRADER_FILE" || echo "")
+  synkro_parse_local_verdict "$CC_RESP"
 
+  if [ "$LOCAL_OK" = "false" ]; then
+    if [ "$IS_HEADLESS" = "1" ]; then DEC="deny"; else DEC="ask"; fi
+    REASON="[synkro:local] \${LOCAL_RULE_ID:+$LOCAL_RULE_ID: }\${LOCAL_REASON:-policy violation}"
+    jq -n --arg dec "$DEC" --arg reason "$REASON" --arg ctx "$REASON" \\
+      '{hookSpecificOutput:{hookEventName:"PreToolUse",permissionDecision:$dec,permissionDecisionReason:$reason,additionalContext:$ctx}}'
+    synkro_capture_local "edit" "block" "\${LOCAL_SEV}" "\${LOCAL_CAT}" "$TOOL_NAME" "$GIT_REPO" "$SESSION_ID"
+  else
+    jq -n --arg m "[synkro:local] editGuard $FILE_SHORT \u2192 pass" '{systemMessage: $m}'
+    synkro_capture_local "edit" "pass" "audit" "\${LOCAL_CAT:-trivial_edit}" "$TOOL_NAME" "$GIT_REPO" "$SESSION_ID"
+  fi
+  exit 0
+fi
+
+# \u2500\u2500\u2500 Cloud grading \u2500\u2500\u2500
 BODY=$(jq -n \\
-  --arg file_path "$FILE_PATH" \\
+  --arg hook_event "PreToolUse" \\
   --arg tool_name "$TOOL_NAME" \\
+  --argjson tool_input "$TOOL_INPUT" \\
+  --arg file_path "$FILE_PATH" \\
   --arg content "$PROPOSED" \\
   --arg file_before "$FILE_BEFORE" \\
   --argjson diff "$DIFF_FIELD" \\
@@ -1139,12 +847,14 @@ BODY=$(jq -n \\
   --arg session_id "$SESSION_ID" \\
   --arg tool_use_id "$TOOL_USE_ID" \\
   --arg cwd "$CWD" \\
-  --arg permission_mode "$PERMISSION_MODE" \\
-  --arg headless_flag "$HEADLESS_FLAG" \\
   --arg repo "$GIT_REPO" \\
+  --arg permission_mode "$PERMISSION_MODE" \\
+  --arg headless_flag "\${SYNKRO_HEADLESS:-0}" \\
   '{
-    file_path: $file_path,
+    hook_event: $hook_event,
     tool_name: $tool_name,
+    tool_input: $tool_input,
+    file_path: $file_path,
     content: $content,
     file_before: (if ($file_before | length) > 0 then $file_before else null end),
     diff: $diff,
@@ -1153,844 +863,213 @@ BODY=$(jq -n \\
     session_id: (if ($session_id | length) > 0 then $session_id else null end),
     tool_use_id: (if ($tool_use_id | length) > 0 then $tool_use_id else null end),
     cwd: (if ($cwd | length) > 0 then $cwd else null end),
+    repo: (if ($repo | length) > 0 then $repo else null end),
     permission_mode: (if ($permission_mode | length) > 0 then $permission_mode else null end),
-    headless: ($headless_flag == "1"),
-    repo: (if ($repo | length) > 0 then $repo else null end)
+    headless: ($headless_flag == "1")
   }')
 
-# Refresh JWT on 401 (mirrors the bash judge pattern).
-refresh_jwt() {
-  local refresh_token
-  refresh_token=$(jq -r '.refresh_token // empty' "$CREDS_PATH" 2>/dev/null)
-  if [ -z "$refresh_token" ]; then return 1; fi
-  local resp
-  local refresh_body
-  refresh_body=$(jq -n --arg rt "$refresh_token" '{refresh_token:$rt}')
-  resp=$(curl -sS -X POST "\${GATEWAY_URL}/api/auth/refresh" \\
-    -H "Content-Type: application/json" \\
-    -d "$refresh_body" \\
-    --max-time 3 2>/dev/null)
-  local new_access
-  new_access=$(echo "$resp" | jq -r '.access_token // empty' 2>/dev/null)
-  if [ -z "$new_access" ]; then return 1; fi
-  local new_refresh
-  new_refresh=$(echo "$resp" | jq -r '.refresh_token // empty' 2>/dev/null)
-  if [ -z "$new_refresh" ]; then new_refresh="$refresh_token"; fi
-  local tmp="\${CREDS_PATH}.synkro.tmp"
-  jq --arg at "$new_access" --arg rt "$new_refresh" \\
-    '. + {access_token: $at, refresh_token: $rt}' \\
-    "$CREDS_PATH" > "$tmp" 2>/dev/null && mv "$tmp" "$CREDS_PATH"
-  JWT="$new_access"
-  return 0
-}
-
-ensure_fresh_jwt() {
-  [ -z "$JWT" ] && return 1
-  local payload exp now remaining
-  payload=$(printf '%s' "$JWT" | cut -d. -f2)
-  case $((\${#payload} % 4)) in
-    2) payload="\${payload}==" ;;
-    3) payload="\${payload}=" ;;
-  esac
-  exp=$(printf '%s' "$payload" | tr '_-' '/+' | base64 -D 2>/dev/null | jq -r '.exp // 0' 2>/dev/null)
-  now=$(date -u +%s)
-  remaining=$((exp - now))
-  if [ "$remaining" -lt 60 ]; then
-    refresh_jwt
-  fi
-}
-
-ensure_fresh_jwt
-
-
-# Single fetch: /cli/hook-context returns me + rules in one call.
-HOOK_CTX=$(curl -sS "\${GATEWAY_URL}/api/v1/cli/hook-context" -H "Authorization: Bearer $JWT" --max-time 4 2>/dev/null || echo "")
-SYNKRO_INFERENCE_TIER=$(echo "$HOOK_CTX" | jq -r '.tier // empty' 2>/dev/null)
-SYNKRO_CAPTURE_DEPTH=$(echo "$HOOK_CTX" | jq -r '.capture_depth // empty' 2>/dev/null)
-SYNKRO_INFERENCE_TIER="\${SYNKRO_INFERENCE_TIER:-fast}"
-SYNKRO_CAPTURE_DEPTH="\${SYNKRO_CAPTURE_DEPTH:-local_only}"
-
-if synkro_channel_up || { [ "$SYNKRO_INFERENCE_TIER" = "free" ] && command -v claude >/dev/null 2>&1; }; then
-  RULES_CACHE="$HOME/.synkro/.rules-cache-edit"
-  RULES_JQ='[.rules[]? | select(.hook_stage == "pre" or .hook_stage == "both" or .hook_stage == null) | {rule_id, text, severity, category, mode}]'
-  ORG_RULES=$(echo "$HOOK_CTX" | jq -c "$RULES_JQ" 2>/dev/null || echo "[]")
-  if [ -n "$ORG_RULES" ] && [ "$ORG_RULES" != "null" ] && [ "$ORG_RULES" != "[]" ]; then
-    printf '%s' "$ORG_RULES" > "$RULES_CACHE" 2>/dev/null || true
-  elif [ -f "$RULES_CACHE" ]; then
-    ORG_RULES=$(cat "$RULES_CACHE" 2>/dev/null || echo "[]")
-  fi
-  if [ -z "$ORG_RULES" ] || [ "$ORG_RULES" = "null" ]; then ORG_RULES="[]"; fi
-
-  GRADER_PROMPT_FILE=$(mktemp -t synkro-grade.XXXXXX)
-  trap "rm -f \\"$GRADER_PROMPT_FILE\\"" EXIT
-  printf 'File: %s\\n' "$FILE_PATH" > "$GRADER_PROMPT_FILE"
-  printf 'User intent: %s\\n' "\${USER_INTENT:-none stated}" >> "$GRADER_PROMPT_FILE"
-  printf 'Org rules: %s\\n\\n' "$ORG_RULES" >> "$GRADER_PROMPT_FILE"
-  printf 'Diff:\\n' >> "$GRADER_PROMPT_FILE"
-  printf '%s\\n' "$PROPOSED" >> "$GRADER_PROMPT_FILE"
-
-  ROUTE_TAG=""
-  if synkro_channel_up && [ -n "\${SYNKRO_CLI_BIN:-}" ] && [ -f "$SYNKRO_CLI_BIN" ] && command -v node >/dev/null 2>&1; then
-    ROUTE_TAG="local-cc"
-    synkro_log "editGuard $FILE_SHORT \u2192 routing via local-cc"
-    CC_RESP=$(node "$SYNKRO_CLI_BIN" grade edit < "$GRADER_PROMPT_FILE" 2>/dev/null || echo "")
-  elif synkro_channel_up && command -v synkro >/dev/null 2>&1; then
-    ROUTE_TAG="local-cc"
-    synkro_log "editGuard $FILE_SHORT \u2192 routing via local-cc (PATH)"
-    CC_RESP=$(synkro grade edit < "$GRADER_PROMPT_FILE" 2>/dev/null || echo "")
-  else
-    ROUTE_TAG="cc-print"
-    CC_RESP=$(claude --print --model claude-sonnet-4-6 --no-session-persistence < "$GRADER_PROMPT_FILE" 2>/dev/null || echo "")
-  fi
-  SYNKRO_PREFIX="[synkro:\${ROUTE_TAG:-cloud}]"
-
-  # Wrapper extraction (greedy \u2014 tolerates nested XML tags).
-  V_INNER=$(printf '%s' "$CC_RESP" | tr '\\n' ' ' | sed -nE 's|.*<synkro-verdict>(.*)</synkro-verdict>.*|\\1|p' | tail -1)
-
-  # Parse XML tags from local primer. Defaults to ok=true so the server's
-  # literal_match audit path still runs even if the grader returned nothing.
-  LOCAL_OK="true"
-  LOCAL_VIOLATION_REASON=""
-  LOCAL_VIOLATION_RULE_ID=""
-  if [ -n "$V_INNER" ]; then
-    OK_TAG=$(printf '%s' "$V_INNER" | sed -nE 's|.*<ok>(.*)</ok>.*|\\1|p' | head -1)
-    [ -n "$OK_TAG" ] && LOCAL_OK="$OK_TAG"
-    if [ "$LOCAL_OK" = "false" ]; then
-      # Extract first <violation>...</violation> block via awk (RS=closing tag),
-      # then xtag for fields. Handles < in content + multi-violation correctly.
-      FIRST_V=$(printf '%s' "$V_INNER" | awk -v RS='</violation>' '/<violation>/{print; exit}')
-      LOCAL_VIOLATION_RULE_ID=$(printf '%s' "$FIRST_V" | sed -nE 's|.*<rule_id>(.*)</rule_id>.*|\\1|p' | head -1)
-      LOCAL_VIOLATION_REASON=$(printf '%s' "$FIRST_V" | sed -nE 's|.*<reason>(.*)</reason>.*|\\1|p' | head -1)
-    fi
-  fi
-  # Build a JSON shape that downstream / server code already understands. This
-  # keeps the existing /precheck-edit/local-verdict POST format unchanged so
-  # the server-side literal_match path still works in non-local_only mode.
-  VERDICT_JSON=$(jq -n \\
-    --arg ok "$LOCAL_OK" \\
-    --arg reason "$LOCAL_VIOLATION_REASON" \\
-    --arg rule_id "$LOCAL_VIOLATION_RULE_ID" \\
-    'if $ok == "false" then
-       {ok: false, violations: [{rule_id: $rule_id, reason: $reason}]}
-     else
-       {ok: true, violations: []}
-     end')
-
-  if [ "$SYNKRO_CAPTURE_DEPTH" = "local_only" ]; then
-    # No file content / diff / intent / actions leave the device. Synthesize
-    # the hook response from the local verdict only.
-    if [ "$LOCAL_OK" = "false" ]; then
-      FIRST_REASON="\${LOCAL_VIOLATION_REASON:-policy violation}"
-      RULE_ID="\${LOCAL_VIOLATION_RULE_ID:-local_violation}"
-      if [ "$IS_HEADLESS" = "1" ]; then DEC="deny"; else DEC="ask"; fi
-      RESP=$(jq -n \\
-        --arg dec "$DEC" \\
-        --arg reason "[synkro] $RULE_ID: $FIRST_REASON" \\
-        '{ hookSpecificOutput: { hookEventName: "PreToolUse", permissionDecision: $dec, permissionDecisionReason: $reason, additionalContext: $reason }, reason: $reason }')
-    else
-      RESP=$(jq -n '{ hookSpecificOutput: { hookEventName: "PreToolUse", permissionDecision: "allow" }, reason: "" }')
-    fi
-  else
-    LOCAL_BODY=$(jq -n \\
-      --argjson verdict "$VERDICT_JSON" \\
-      --arg file_path "$FILE_PATH" \\
-      --arg tool_name "$TOOL_NAME" \\
-      --arg content "$PROPOSED" \\
-      --arg file_before "$FILE_BEFORE" \\
-      --argjson diff "$DIFF_FIELD" \\
-      --arg user_intent "$USER_INTENT" \\
-      --argjson recent_actions "$RECENT_ACTIONS" \\
-      --arg session_id "$SESSION_ID" \\
-      --arg tool_use_id "$TOOL_USE_ID" \\
-      --arg cwd "$CWD" \\
-      --arg permission_mode "$PERMISSION_MODE" \\
-      --arg headless_flag "$HEADLESS_FLAG" \\
-      --arg repo "$GIT_REPO" \\
-      '{
-        verdict: $verdict,
-        file_path: $file_path,
-        tool_name: $tool_name,
-        content: $content,
-        file_before: (if ($file_before | length) > 0 then $file_before else null end),
-        diff: $diff,
-        user_intent: (if ($user_intent | length) > 0 then $user_intent else null end),
-        recent_actions: $recent_actions,
-        session_id: (if ($session_id | length) > 0 then $session_id else null end),
-        tool_use_id: (if ($tool_use_id | length) > 0 then $tool_use_id else null end),
-        cwd: (if ($cwd | length) > 0 then $cwd else null end),
-        permission_mode: (if ($permission_mode | length) > 0 then $permission_mode else null end),
-        headless: ($headless_flag == "1"),
-        repo: (if ($repo | length) > 0 then $repo else null end)
-      }')
-
-    RESP=$(curl -sS -X POST "\${GATEWAY_URL}/api/v1/precheck-edit/local-verdict" \\
-      -H "Content-Type: application/json" \\
-      -H "Authorization: Bearer $JWT" \\
-      -d "$LOCAL_BODY" \\
-      --max-time 5 2>/dev/null || echo "")
-
-    if echo "$RESP" | grep -qE '"detail":"Token has expired|"detail":"Invalid or expired token'; then
-      if refresh_jwt; then
-        RESP=$(curl -sS -X POST "\${GATEWAY_URL}/api/v1/precheck-edit/local-verdict" \\
-          -H "Content-Type: application/json" \\
-          -H "Authorization: Bearer $JWT" \\
-          -d "$LOCAL_BODY" \\
-          --max-time 5 2>/dev/null || echo "")
-      fi
-    fi
-  fi
-else
-  # \u2500\u2500\u2500 Server-side grading. \u2500\u2500\u2500
-  SYNKRO_PREFIX="[synkro:cloud]"
-  RESP=$(curl -sS -X POST "\${GATEWAY_URL}/api/v1/precheck-edit" \\
-    -H "Content-Type: application/json" \\
-    -H "Authorization: Bearer $JWT" \\
-    -d "$BODY" \\
-    --max-time 3 2>/dev/null || echo "")
-
-  if echo "$RESP" | grep -qE '"detail":"Token has expired|"detail":"Invalid or expired token'; then
-    if refresh_jwt; then
-      RESP=$(curl -sS -X POST "\${GATEWAY_URL}/api/v1/precheck-edit" \\
-        -H "Content-Type: application/json" \\
-        -H "Authorization: Bearer $JWT" \\
-        -d "$BODY" \\
-        --max-time 3 2>/dev/null || echo "")
-    fi
-  fi
-fi
+RESP=$(synkro_post_with_retry "\${GATEWAY_URL}/api/v1/hook/judge" "$BODY" 8)
 
 if [ -z "$RESP" ]; then
   synkro_log "editGuard $FILE_SHORT \u2192 error (timeout)"
-  jq -n --arg m "$SYNKRO_PREFIX editGuard $FILE_SHORT \u2192 error (timeout)" '{systemMessage: $m}'
+  echo '{}'
   exit 0
 fi
 
 if ! echo "$RESP" | jq -e 'type == "object"' >/dev/null 2>&1; then
   synkro_log "editGuard $FILE_SHORT \u2192 error (bad response)"
-  jq -n --arg m "$SYNKRO_PREFIX editGuard $FILE_SHORT \u2192 error (bad response)" '{systemMessage: $m}'
+  echo '{}'
   exit 0
 fi
 
-DECISION=$(echo "$RESP" | jq -r '.hookSpecificOutput.permissionDecision // "allow"' 2>/dev/null)
-if [ "$DECISION" = "deny" ]; then
-  DENY_REASON=$(echo "$RESP" | jq -r '.hookSpecificOutput.permissionDecisionReason // ""' 2>/dev/null)
-  synkro_log "editGuard $FILE_SHORT \u2192 BLOCKED: $DENY_REASON"
-  echo "$RESP"
+DECISION=$(echo "$RESP" | jq -r '.hook_response.hookSpecificOutput.permissionDecision // "allow"' 2>/dev/null)
+if [ "$DECISION" = "deny" ] || [ "$DECISION" = "ask" ]; then
+  synkro_log "editGuard $FILE_SHORT \u2192 BLOCKED"
+  echo "$RESP" | jq -c '.hook_response'
 else
-  VERDICT_REASON=$(echo "$RESP" | jq -r '.reason // empty' 2>/dev/null)
-  if [ -n "$VERDICT_REASON" ]; then
-    synkro_log "editGuard $FILE_SHORT \u2192 pass: $VERDICT_REASON"
-    RESP_WITH_MSG=$(echo "$RESP" | jq --arg m "$SYNKRO_PREFIX editGuard $FILE_SHORT \u2192 pass: $VERDICT_REASON" '. + {systemMessage: $m}')
+  REASON=$(echo "$RESP" | jq -r '.hook_response.reason // empty' 2>/dev/null)
+  if [ -n "$REASON" ]; then
+    synkro_log "editGuard $FILE_SHORT \u2192 pass: $REASON"
   else
     synkro_log "editGuard $FILE_SHORT \u2192 pass"
-    RESP_WITH_MSG=$(echo "$RESP" | jq --arg m "$SYNKRO_PREFIX editGuard $FILE_SHORT \u2192 pass" '. + {systemMessage: $m}')
   fi
-  echo "$RESP_WITH_MSG"
+  echo "$RESP" | jq -c '.hook_response // {}'
 fi
-
-# Fire-and-forget anonymized telemetry for local_only mode
-if [ "$SYNKRO_CAPTURE_DEPTH" = "local_only" ] && [ -n "$DECISION" ]; then
-  LOCAL_VERDICT="allow"
-  LOCAL_SEVERITY="audit"
-  LOCAL_CATEGORY="edit_pass"
-  if [ "$DECISION" = "deny" ]; then
-    LOCAL_VERDICT="warn"
-    LOCAL_SEVERITY="block"
-    LOCAL_CATEGORY="edit_violation"
-  fi
-  (
-    MECH_CAT=""
-    BIZ_CAT=""
-    if [ "$LOCAL_VERDICT" = "warn" ]; then
-      CLASS_CACHE="$HOME/.synkro/.classification-prompt"
-      CLASS_PROMPT=""
-      if [ -f "$CLASS_CACHE" ] && find "$CLASS_CACHE" -mmin -1440 2>/dev/null | grep -q .; then
-        CLASS_PROMPT=$(cat "$CLASS_CACHE" 2>/dev/null)
-      else
-        CLASS_PROMPT=$(curl -sS "\${GATEWAY_URL}/api/v1/cli/judge-prompts" \\
-          -H "Authorization: Bearer $JWT" --max-time 3 2>/dev/null | jq -r '.classification_prompt // empty')
-        [ -n "$CLASS_PROMPT" ] && echo "$CLASS_PROMPT" > "$CLASS_CACHE"
-      fi
-      if [ -n "$CLASS_PROMPT" ]; then
-        CLASS_INPUT=$(printf '%s\\n\\nViolation context:\\n- Tool: %s\\n- Category: %s\\n- Severity: %s\\n- Hook type: edit pre-check judge' "$CLASS_PROMPT" "$TOOL_NAME" "$LOCAL_CATEGORY" "$LOCAL_SEVERITY")
-        CLASS_RESP=$(echo "$CLASS_INPUT" | claude --print --model claude-sonnet-4-6 --no-session-persistence 2>/dev/null || echo "")
-        MECH_CAT=$(echo "$CLASS_RESP" | grep -oE '<mechanism>[^<]+</mechanism>' | sed 's/<[^>]*>//g')
-        BIZ_CAT=$(echo "$CLASS_RESP" | grep -oE '<business>[^<]+</business>' | sed 's/<[^>]*>//g')
-      fi
-    fi
-    ANON_BODY=$(jq -n \\
-      --arg event_id "$(uuidgen 2>/dev/null || echo "evt_$(date +%s)_$$")" \\
-      --arg timestamp "$(date -u +%Y-%m-%dT%H:%M:%SZ)" \\
-      --arg hook_type "edit" \\
-      --arg verdict "$LOCAL_VERDICT" \\
-      --arg severity "$LOCAL_SEVERITY" \\
-      --arg category "$LOCAL_CATEGORY" \\
-      --arg model "claude-sonnet-4-6" \\
-      --arg tool_name "$TOOL_NAME" \\
-      --arg repo "\${GIT_REPO:-}" \\
-      --arg session_id "$SESSION_ID" \\
-      --arg mech_cat "$MECH_CAT" \\
-      --arg biz_cat "$BIZ_CAT" \\
-      '{
-        event_id: $event_id,
-        timestamp: $timestamp,
-        hook_type: $hook_type,
-        verdict: $verdict,
-        severity: $severity,
-        category: $category,
-        model: $model,
-        tool_name: $tool_name
-      } + (if $repo != "" then {repo: $repo} else {} end)
-        + (if $session_id != "" then {session_id: $session_id} else {} end)
-        + (if $mech_cat != "" then {mechanism_category: $mech_cat} else {} end)
-        + (if $biz_cat != "" then {business_category: $biz_cat} else {} end)')
-    curl -sS -X POST "\${GATEWAY_URL}/api/v1/events/local-verdict" \\
-      -H "Content-Type: application/json" \\
-      -H "Authorization: Bearer $JWT" \\
-      -d "$ANON_BODY" \\
-      --max-time 2 >/dev/null 2>&1
-  ) &
-fi
-
 exit 0
 `;
     CC_EDIT_CAPTURE_SCRIPT = `#!/bin/bash
-# Synkro PostToolUse Edit/Write afterFileEdit hook.
-# On ok=false, emits a system message that surfaces inline in CC.
-# Always exits 0 with valid JSON \u2014 never breaks CC's flow.
-
-synkro_log() { echo "[synkro] $1" >&2; }
-
-# True if anything is listening on the local-cc channel TCP port.
-synkro_channel_up() {
-  (exec 3<>/dev/tcp/127.0.0.1/\${SYNKRO_CHANNEL_PORT:-8929}) 2>/dev/null && exec 3<&- 3>&-
-}
-
-CONFIG_FILE="$HOME/.synkro/config.env"
-if [ -f "$CONFIG_FILE" ]; then
-  set -a
-  # shellcheck disable=SC1090
-  . "$CONFIG_FILE"
-  set +a
-fi
-
-GATEWAY_URL="\${SYNKRO_GATEWAY_URL:-https://api.synkro.sh}"
-CREDS_PATH="\${SYNKRO_CREDENTIALS_PATH:-$HOME/.synkro/credentials.json}"
+SCRIPT_DIR="$(cd "$(dirname "\${BASH_SOURCE[0]}")" && pwd)"
+. "$SCRIPT_DIR/_synkro-common.sh"
 
-if [ ! -f "$CREDS_PATH" ]; then
-  echo '{}'
-  exit 0
-fi
-JWT=$(jq -r '.access_token // empty' "$CREDS_PATH" 2>/dev/null || true)
-if [ -z "$JWT" ]; then
-  echo '{}'
-  exit 0
-fi
+JWT=$(synkro_load_jwt)
+if [ -z "$JWT" ]; then echo '{}'; exit 0; fi
+synkro_ensure_fresh_jwt
 
 PAYLOAD=$(cat)
-if [ -z "$PAYLOAD" ]; then
-  echo '{}'
-  exit 0
-fi
+if [ -z "$PAYLOAD" ]; then echo '{}'; exit 0; fi
 
 TOOL_NAME=$(echo "$PAYLOAD" | jq -r '.tool_name // empty' 2>/dev/null)
-case "$TOOL_NAME" in
-  Edit|Write|MultiEdit|NotebookEdit) ;;
-  *) echo '{}'; exit 0 ;;
-esac
+case "$TOOL_NAME" in Edit|Write|MultiEdit|NotebookEdit) ;; *) echo '{}'; exit 0 ;; esac
 
 TOOL_INPUT=$(echo "$PAYLOAD" | jq -c '.tool_input // {}' 2>/dev/null)
 SESSION_ID=$(echo "$PAYLOAD" | jq -r '.session_id // empty' 2>/dev/null)
 TOOL_USE_ID=$(echo "$PAYLOAD" | jq -r '.tool_use_id // empty' 2>/dev/null)
 CWD=$(echo "$PAYLOAD" | jq -r '.cwd // empty' 2>/dev/null)
-# Detect git remote origin \u2192 repo identity (e.g. "owner/repo")
-GIT_REPO=""
-if command -v git >/dev/null 2>&1; then
-  _REMOTE=$(git -C "\${CWD:-.}" remote get-url origin 2>/dev/null || true)
-  if [ -n "$_REMOTE" ]; then
-    GIT_REPO=$(echo "$_REMOTE" | sed -E 's|^git@[^:]+:||; s|^https?://[^/]+/||; s|\\.git$||')
-  fi
+GIT_REPO=$(synkro_detect_repo "\${CWD:-.}")
+
+# Correction followup (backgrounded)
+if [ -n "$SESSION_ID" ] && [ -n "$TOOL_USE_ID" ]; then
+  (
+    BODY=$(jq -n --arg tid "$TOOL_USE_ID" --arg sid "$SESSION_ID" '{capture_type:"correction_followup",tool_use_id:$tid,session_id:$sid,decision:"allow"}')
+    curl -sS -X POST "\${GATEWAY_URL}/api/v1/hook/capture" \\
+      -H "Content-Type: application/json" -H "Authorization: Bearer $JWT" \\
+      -d "$BODY" --max-time 2 >/dev/null 2>&1
+  ) &
 fi
 
+# Fire-and-forget: POST edit scan to /v1/hook/judge (PostToolUse)
 FILE_PATH=$(echo "$TOOL_INPUT" | jq -r '.file_path // .notebook_path // .path // empty' 2>/dev/null)
-if [ -z "$FILE_PATH" ] || [ ! -f "$FILE_PATH" ]; then
-  echo '{}'
-  exit 0
-fi
+if [ -z "$FILE_PATH" ] || [ ! -f "$FILE_PATH" ]; then echo '{}'; exit 0; fi
 
 BASENAME=$(basename "$FILE_PATH")
-synkro_log "editScan checking: $BASENAME"
+synkro_log "editScan: $BASENAME"
 
-# Read post-edit file content (cap 64KB).
 FILE_CONTENT=$(head -c 65536 "$FILE_PATH" 2>/dev/null || echo "")
-if [ -z "$FILE_CONTENT" ]; then
-  echo '{}'
-  exit 0
-fi
+if [ -z "$FILE_CONTENT" ]; then echo '{}'; exit 0; fi
 
 DIFF_FIELD=$(echo "$TOOL_INPUT" | jq -c '{old_string, new_string, edits} | with_entries(select(.value != null))' 2>/dev/null || echo "null")
-if [ -z "$DIFF_FIELD" ] || [ "$DIFF_FIELD" = "null" ] || [ "$DIFF_FIELD" = "{}" ]; then
-  DIFF_FIELD="null"
-fi
+[ -z "$DIFF_FIELD" ] || [ "$DIFF_FIELD" = "null" ] || [ "$DIFF_FIELD" = "{}" ] && DIFF_FIELD="null"
 
-# Resolve dependency versions + CVE config from nearest package.json / .synkro.json
 DEPS_JSON="{}"
-CVE_ALLOWLIST="[]"
-CVE_MIN_SEVERITY="null"
 _PKG_DIR=$(dirname "$FILE_PATH")
 while [ "$_PKG_DIR" != "/" ]; do
   if [ -f "$_PKG_DIR/package.json" ]; then
-    DEPS_JSON=$(jq -s '.[0] * .[1]' \\
-      <(jq '.dependencies // {}' "$_PKG_DIR/package.json" 2>/dev/null || echo "{}") \\
-      <(jq '.devDependencies // {}' "$_PKG_DIR/package.json" 2>/dev/null || echo "{}") 2>/dev/null || echo "{}")
-    if [ -f "$_PKG_DIR/.synkro.json" ]; then
-      CVE_ALLOWLIST=$(jq '.cve_allowlist // []' "$_PKG_DIR/.synkro.json" 2>/dev/null || echo "[]")
-      CVE_MIN_SEVERITY=$(jq '.cve_min_severity // null' "$_PKG_DIR/.synkro.json" 2>/dev/null || echo "null")
-    fi
+    DEPS_JSON=$(jq -c '(.dependencies // {}) + (.devDependencies // {})' "$_PKG_DIR/package.json" 2>/dev/null || echo "{}")
     break
   fi
-  _PKG_DIR=$(dirname "$_PKG_DIR")
-done
+  _PKG_DIR=$(dirname "$_PKG_DIR")
+done
+
+synkro_load_config
+ROUTE=$(synkro_route)
+
+if [ "$ROUTE" = "local" ]; then
+  # \u2500\u2500\u2500 Local edit scan (local_only privacy or local-cc channel) \u2500\u2500\u2500
+  GRADER_FILE=$(mktemp -t synkro-escan.XXXXXX)
+  trap "rm -f \\"$GRADER_FILE\\"" EXIT
+  printf 'File: %s\\nContent (first 4000 chars):\\n%s\\nOrg rules: %s\\n' "$FILE_PATH" "$(printf '%s' "$FILE_CONTENT" | head -c 4000)" "\${SYNKRO_RULES:-[]}" > "$GRADER_FILE"
+
+  CC_RESP=$(synkro_local_grade edit < "$GRADER_FILE" || echo "")
+  synkro_parse_local_verdict "$CC_RESP"
+
+  if [ "$LOCAL_OK" = "false" ]; then
+    REASON="[synkro:local] editScan $BASENAME \u2192 block: \${LOCAL_REASON:-policy violation}"
+    jq -n --arg m "$REASON" '{systemMessage: $m, additionalContext: $m}'
+    synkro_capture_local "edit_scan" "block" "\${LOCAL_SEV}" "\${LOCAL_CAT}" "$TOOL_NAME" "$GIT_REPO" "$SESSION_ID"
+  else
+    jq -n --arg m "[synkro:local] editScan $BASENAME \u2192 pass" '{systemMessage: $m}'
+    synkro_capture_local "edit_scan" "pass" "audit" "\${LOCAL_CAT:-trivial_edit}" "$TOOL_NAME" "$GIT_REPO" "$SESSION_ID"
+  fi
+  exit 0
+fi
 
+# \u2500\u2500\u2500 Cloud edit scan \u2500\u2500\u2500
 BODY=$(jq -n \\
+  --arg hook_event "PostToolUse" \\
+  --arg tool_name "$TOOL_NAME" \\
+  --argjson tool_input "$TOOL_INPUT" \\
   --arg file_path "$FILE_PATH" \\
   --arg content "$FILE_CONTENT" \\
   --argjson diff "$DIFF_FIELD" \\
-  --argjson deps "$DEPS_JSON" \\
-  --argjson cve_allowlist "$CVE_ALLOWLIST" \\
-  --argjson cve_min_severity "$CVE_MIN_SEVERITY" \\
+  --argjson dependencies "$DEPS_JSON" \\
   --arg session_id "$SESSION_ID" \\
   --arg tool_use_id "$TOOL_USE_ID" \\
   --arg cwd "$CWD" \\
   --arg repo "$GIT_REPO" \\
   '{
+    hook_event: $hook_event,
+    tool_name: $tool_name,
+    tool_input: $tool_input,
     file_path: $file_path,
     content: $content,
     diff: $diff,
-    dependencies: $deps,
-    cve_allowlist: $cve_allowlist,
-    cve_min_severity: $cve_min_severity,
+    dependencies: $dependencies,
     session_id: (if ($session_id | length) > 0 then $session_id else null end),
     tool_use_id: (if ($tool_use_id | length) > 0 then $tool_use_id else null end),
     cwd: (if ($cwd | length) > 0 then $cwd else null end),
     repo: (if ($repo | length) > 0 then $repo else null end)
-  }' 2>/dev/null || true)
-
-if [ -z "$BODY" ] || ! echo "$BODY" | jq -e 'type == "object"' >/dev/null 2>&1; then
-  jq -n --arg m "[synkro] editScan $BASENAME \u2192 error (body construction failed)" '{systemMessage: $m}'
-  exit 0
-fi
-
-refresh_jwt() {
-  local refresh_token
-  refresh_token=$(jq -r '.refresh_token // empty' "$CREDS_PATH" 2>/dev/null)
-  if [ -z "$refresh_token" ]; then return 1; fi
-  local resp
-  local refresh_body
-  refresh_body=$(jq -n --arg rt "$refresh_token" '{refresh_token:$rt}')
-  resp=$(curl -sS -X POST "\${GATEWAY_URL}/api/auth/refresh" \\
-    -H "Content-Type: application/json" \\
-    -d "$refresh_body" \\
-    --max-time 3 2>/dev/null)
-  local new_access
-  new_access=$(echo "$resp" | jq -r '.access_token // empty' 2>/dev/null)
-  if [ -z "$new_access" ]; then return 1; fi
-  local new_refresh
-  new_refresh=$(echo "$resp" | jq -r '.refresh_token // empty' 2>/dev/null)
-  if [ -z "$new_refresh" ]; then new_refresh="$refresh_token"; fi
-  local tmp="\${CREDS_PATH}.synkro.tmp"
-  jq --arg at "$new_access" --arg rt "$new_refresh" \\
-    '. + {access_token: $at, refresh_token: $rt}' \\
-    "$CREDS_PATH" > "$tmp" 2>/dev/null && mv "$tmp" "$CREDS_PATH"
-  JWT="$new_access"
-  return 0
-}
-
-ensure_fresh_jwt() {
-  [ -z "$JWT" ] && return 1
-  local payload exp now remaining
-  payload=$(printf '%s' "$JWT" | cut -d. -f2)
-  case $((\${#payload} % 4)) in
-    2) payload="\${payload}==" ;;
-    3) payload="\${payload}=" ;;
-  esac
-  exp=$(printf '%s' "$payload" | tr '_-' '/+' | base64 -D 2>/dev/null | jq -r '.exp // 0' 2>/dev/null)
-  now=$(date -u +%s)
-  remaining=$((exp - now))
-  if [ "$remaining" -lt 60 ]; then
-    refresh_jwt
-  fi
-}
-
-ensure_fresh_jwt
-
-# Fire-and-forget correction-followup (backgrounded \u2014 must not block grading).
-if [ -n "$SESSION_ID" ] && [ -n "$TOOL_USE_ID" ]; then
-  (
-    FOLLOWUP_BODY=$(jq -n \\
-      --arg sid "$SESSION_ID" \\
-      --arg tid "$TOOL_USE_ID" \\
-      '{session_id: $sid, tool_use_id: $tid, decision: "allow"}')
-    curl -sS -X POST "\${GATEWAY_URL}/api/v1/precheck-edit/correction-followup" \\
-      -H "Content-Type: application/json" \\
-      -H "Authorization: Bearer $JWT" \\
-      -d "$FOLLOWUP_BODY" \\
-      --max-time 2 \\
-      >/dev/null 2>&1
-  ) &
-fi
-
-# Single fetch: /cli/hook-context returns me + rules in one call.
-HOOK_CTX=$(curl -sS "\${GATEWAY_URL}/api/v1/cli/hook-context" -H "Authorization: Bearer $JWT" --max-time 4 2>/dev/null || echo "")
-SYNKRO_INFERENCE_TIER=$(echo "$HOOK_CTX" | jq -r '.tier // empty' 2>/dev/null)
-SYNKRO_CAPTURE_DEPTH=$(echo "$HOOK_CTX" | jq -r '.capture_depth // empty' 2>/dev/null)
-SYNKRO_INFERENCE_TIER="\${SYNKRO_INFERENCE_TIER:-fast}"
-SYNKRO_CAPTURE_DEPTH="\${SYNKRO_CAPTURE_DEPTH:-local_only}"
-
-if synkro_channel_up || { [ "$SYNKRO_INFERENCE_TIER" = "free" ] && command -v claude >/dev/null 2>&1; }; then
-  RULES_CACHE="$HOME/.synkro/.rules-cache-edit-capture"
-  ORG_RULES=$(echo "$HOOK_CTX" | jq -c '[.rules[]? | select(.hook_stage == "post" or .hook_stage == "both" or .hook_stage == null) | {rule_id, text, severity, category}]' 2>/dev/null || echo "[]")
-  if [ -n "$ORG_RULES" ] && [ "$ORG_RULES" != "null" ] && [ "$ORG_RULES" != "[]" ]; then
-    printf '%s' "$ORG_RULES" > "$RULES_CACHE" 2>/dev/null || true
-  elif [ -f "$RULES_CACHE" ]; then
-    ORG_RULES=$(cat "$RULES_CACHE" 2>/dev/null || echo "[]")
-  fi
-  if [ -z "$ORG_RULES" ] || [ "$ORG_RULES" = "null" ]; then ORG_RULES="[]"; fi
-
-  # Extract CVE config from hook-context response (allowlist + min_severity)
-  CVE_ALLOWLIST=$(echo "$HOOK_CTX" | jq -c '.cve_config.allowlist // []' 2>/dev/null || echo "[]")
-  CVE_MIN_SEVERITY=$(echo "$HOOK_CTX" | jq '.cve_config.min_severity // null' 2>/dev/null || echo "null")
-
-  # CVE scan \u2014 runs server-side in parallel with local LLM grading
-  CVE_RESULT_FILE=$(mktemp -t synkro-cve.XXXXXX)
-  (
-    CVE_BODY=$(jq -n --arg fp "$FILE_PATH" --arg c "$FILE_CONTENT" --argjson deps "$DEPS_JSON" --argjson al "$CVE_ALLOWLIST" --argjson ms "$CVE_MIN_SEVERITY" '{file_path: $fp, content: $c, dependencies: $deps, cve_allowlist: $al, cve_min_severity: $ms}')
-    curl -sS -X POST "\${GATEWAY_URL}/api/v1/cve-scan" \\
-      -H "Content-Type: application/json" \\
-      -H "Authorization: Bearer $JWT" \\
-      -d "$CVE_BODY" --max-time 4 2>/dev/null > "$CVE_RESULT_FILE"
-  ) &
-  CVE_PID=$!
-
-  GRADER_PROMPT_FILE=$(mktemp -t synkro-edit-capture.XXXXXX)
-  trap "rm -f \\"$GRADER_PROMPT_FILE\\" \\"$CVE_RESULT_FILE\\"" EXIT
-  printf 'File: %s\\n' "$FILE_PATH" > "$GRADER_PROMPT_FILE"
-  printf 'Org rules: %s\\n\\n' "$ORG_RULES" >> "$GRADER_PROMPT_FILE"
-  printf 'Content:\\n' >> "$GRADER_PROMPT_FILE"
-  printf '%s\\n' "$FILE_CONTENT" >> "$GRADER_PROMPT_FILE"
-
-  ROUTE_TAG=""
-  if synkro_channel_up && [ -n "\${SYNKRO_CLI_BIN:-}" ] && [ -f "$SYNKRO_CLI_BIN" ] && command -v node >/dev/null 2>&1; then
-    ROUTE_TAG="local-cc"
-    synkro_log "editGuard $BASENAME \u2192 routing via local-cc"
-    CC_RESP=$(node "$SYNKRO_CLI_BIN" grade edit < "$GRADER_PROMPT_FILE" 2>/dev/null || echo "")
-  elif synkro_channel_up && command -v synkro >/dev/null 2>&1; then
-    ROUTE_TAG="local-cc"
-    synkro_log "editGuard $BASENAME \u2192 routing via local-cc (PATH)"
-    CC_RESP=$(synkro grade edit < "$GRADER_PROMPT_FILE" 2>/dev/null || echo "")
-  else
-    ROUTE_TAG="cc-print"
-    CC_RESP=$(claude --print --model claude-sonnet-4-6 --no-session-persistence < "$GRADER_PROMPT_FILE" 2>/dev/null || echo "")
-  fi
-  SYNKRO_PREFIX="[synkro:\${ROUTE_TAG:-cloud}]"
-
-  # Wait for CVE scan
-  wait $CVE_PID 2>/dev/null
-  CVE_TEXT=""
-  CVE_FINDINGS_JSON="[]"
-  if [ -s "$CVE_RESULT_FILE" ]; then
-    # Only flag CVEs for packages introduced by THIS edit, not pre-existing imports.
-    # Extract new_string from the diff \u2014 if the import existed in old_string too, skip it.
-    EDIT_NEW=$(echo "$DIFF_FIELD" | jq -r '.new_string // empty' 2>/dev/null)
-    EDIT_OLD=$(echo "$DIFF_FIELD" | jq -r '.old_string // empty' 2>/dev/null)
-    if [ -n "$EDIT_NEW" ] && [ "$DIFF_FIELD" != "null" ]; then
-      CVE_FINDINGS_JSON=$(jq -c --arg new_s "$EDIT_NEW" --arg old_s "$EDIT_OLD" '
-        [.findings[]? | . as $f |
-          select(
-            ($new_s | test($f.package; "i")) and
-            (($old_s | length) == 0 or ($old_s | test($f.package; "i") | not))
-          ) | {package, version, cve: .id, severity, score}]
-      ' "$CVE_RESULT_FILE" 2>/dev/null || echo "[]")
-    else
-      CVE_FINDINGS_JSON=$(jq -c '[.findings[]? | {package: .package, version: .version, cve: .id, severity: .severity, score: .score}]' "$CVE_RESULT_FILE" 2>/dev/null || echo "[]")
-    fi
-    # Regenerate summary from filtered findings only
-    if [ "$CVE_FINDINGS_JSON" != "[]" ] && [ -n "$CVE_FINDINGS_JSON" ]; then
-      CVE_TEXT=$(echo "$CVE_FINDINGS_JSON" | jq -r '
-        group_by(.package) | map(
-          (.[0].package) + " (" + (length | tostring) + " CVEs, max CVSS " +
-          ([.[].score // 0] | max | tostring) + ": " +
-          ([.[].cve] | join(", ")) + ")"
-        ) | join("; ")
-      ' 2>/dev/null || echo "")
-    fi
-  fi
-
-  # Wrapper extraction (greedy \u2014 tolerates nested XML tags).
-  V_INNER=$(printf '%s' "$CC_RESP" | tr '\\n' ' ' | sed -nE 's|.*<synkro-verdict>(.*)</synkro-verdict>.*|\\1|p' | tail -1)
-  if [ -n "$V_INNER" ]; then
-    LOCAL_OK=$(printf '%s' "$V_INNER" | sed -nE 's|.*<ok>(.*)</ok>.*|\\1|p' | head -1)
-    LOCAL_OK="\${LOCAL_OK:-true}"
-    # Top-level <reason> (clean diff). Skip text inside <violation>...</violation>
-    # by stripping those blocks first so the regex doesn't grab a violation reason.
-    OUTER_V=$(printf '%s' "$V_INNER" | sed -E 's|<violation>[^<]*(<[^/]+>[^<]*</[^>]+>[^<]*)*</violation>||g')
-    OUTER_REASON=$(printf '%s' "$OUTER_V" | sed -nE 's|.*<reason>(.*)</reason>.*|\\1|p' | head -1)
-    # First violation block fields (when ok=false).
-    FIRST_V=$(printf '%s' "$V_INNER" | awk -v RS='</violation>' '/<violation>/{print; exit}')
-    LOCAL_SEV=$(printf '%s' "$FIRST_V" | sed -nE 's|.*<severity>(.*)</severity>.*|\\1|p' | head -1)
-    LOCAL_CAT=$(printf '%s' "$FIRST_V" | sed -nE 's|.*<category>(.*)</category>.*|\\1|p' | head -1)
-    LOCAL_REASON=$(printf '%s' "$FIRST_V" | sed -nE 's|.*<reason>(.*)</reason>.*|\\1|p' | head -1)
-    # Merge CVE findings
-    if [ -n "$CVE_TEXT" ]; then
-      if [ "$LOCAL_OK" = "false" ]; then
-        LOCAL_REASON="\${LOCAL_REASON}. Vulnerable dependencies: \${CVE_TEXT}"
-      else
-        LOCAL_OK="false"
-        LOCAL_SEV="block"
-        LOCAL_CAT="vulnerable_dependency"
-        LOCAL_REASON="Vulnerable dependencies detected: \${CVE_TEXT}"
-      fi
-    fi
-    # Convert to JSON shape downstream code expects.
-    RESP=$(jq -n \\
-      --arg ok "$LOCAL_OK" \\
-      --arg sev "\${LOCAL_SEV:-low}" \\
-      --arg cat "\${LOCAL_CAT:-unspecified}" \\
-      --arg reason "$LOCAL_REASON" \\
-      --arg outer_reason "$OUTER_REASON" \\
-      'if $ok == "false" then
-         {ok: false, severity: $sev, category: $cat, reason: $reason}
-       else
-         {ok: true, severity: "low", category: "clean", reason: $outer_reason}
-       end')
-  else
-    RESP=""
-    if [ -n "$CVE_TEXT" ]; then
-      RESP=$(jq -n --arg reason "Vulnerable dependencies detected: $CVE_TEXT" \\
-        '{ok: false, severity: "block", category: "vulnerable_dependency", reason: $reason}')
-    fi
-  fi
-else
-  # \u2500\u2500\u2500 Server-side grading. \u2500\u2500\u2500
-  SYNKRO_PREFIX="[synkro:cloud]"
-  RESP=$(curl -sS -X POST "\${GATEWAY_URL}/api/v1/judge-edit" \\
-    -H "Content-Type: application/json" \\
-    -H "Authorization: Bearer $JWT" \\
-    -d "$BODY" \\
-    --max-time 12 2>/dev/null || echo "")
+  }')
 
-  if echo "$RESP" | grep -qE '"detail":"Token has expired|"detail":"Invalid or expired token'; then
-    if refresh_jwt; then
-      RESP=$(curl -sS -X POST "\${GATEWAY_URL}/api/v1/judge-edit" \\
-        -H "Content-Type: application/json" \\
-        -H "Authorization: Bearer $JWT" \\
-        -d "$BODY" \\
-        --max-time 12 2>/dev/null || echo "")
-    fi
-  fi
-fi
+RESP=$(synkro_post_with_retry "\${GATEWAY_URL}/api/v1/hook/judge" "$BODY" 12)
 
 if [ -z "$RESP" ] || ! echo "$RESP" | jq -e 'type == "object"' >/dev/null 2>&1; then
   synkro_log "editScan $BASENAME \u2192 error (no response)"
-  jq -n --arg m "$SYNKRO_PREFIX editScan $BASENAME \u2192 error (no response)" '{systemMessage: $m}'
-  exit 0
-fi
-
-OK=$(echo "$RESP" | jq -r 'if .ok == false then "false" else "true" end' 2>/dev/null)
-SEVERITY=$(echo "$RESP" | jq -r '.severity // "low"' 2>/dev/null)
-CATEGORY=$(echo "$RESP" | jq -r '.category // "unspecified"' 2>/dev/null)
-REASON=$(echo "$RESP" | jq -r '.reason // ""' 2>/dev/null)
-
-# Fire-and-forget anonymized telemetry for local_only mode (post-edit grading verdict).
-if [ "$SYNKRO_CAPTURE_DEPTH" = "local_only" ]; then
-  if [ "$OK" = "false" ]; then
-    LOCAL_VERDICT="warn"; LOCAL_SEVERITY="block"; LOCAL_RISK="high"
-  else
-    LOCAL_VERDICT="allow"; LOCAL_SEVERITY="audit"; LOCAL_RISK="low"
-  fi
-  (
-    MECH_CAT=""
-    BIZ_CAT=""
-    if [ "$LOCAL_VERDICT" = "warn" ]; then
-      CLASS_CACHE="$HOME/.synkro/.classification-prompt"
-      CLASS_PROMPT=""
-      if [ -f "$CLASS_CACHE" ] && find "$CLASS_CACHE" -mmin -1440 2>/dev/null | grep -q .; then
-        CLASS_PROMPT=$(cat "$CLASS_CACHE" 2>/dev/null)
-      else
-        CLASS_PROMPT=$(curl -sS "\${GATEWAY_URL}/api/v1/cli/judge-prompts" \\
-          -H "Authorization: Bearer $JWT" --max-time 3 2>/dev/null | jq -r '.classification_prompt // empty')
-        [ -n "$CLASS_PROMPT" ] && echo "$CLASS_PROMPT" > "$CLASS_CACHE"
-      fi
-      if [ -n "$CLASS_PROMPT" ]; then
-        CLASS_INPUT=$(printf '%s\\n\\nViolation context:\\n- Tool: %s\\n- Category: %s\\n- Severity: %s\\n- Hook type: post-edit capture grader' "$CLASS_PROMPT" "$TOOL_NAME" "$CATEGORY" "$LOCAL_SEVERITY")
-        CLASS_RESP=$(echo "$CLASS_INPUT" | claude --print --model claude-sonnet-4-6 --no-session-persistence 2>/dev/null || echo "")
-        MECH_CAT=$(echo "$CLASS_RESP" | grep -oE '<mechanism>[^<]+</mechanism>' | sed 's/<[^>]*>//g')
-        BIZ_CAT=$(echo "$CLASS_RESP" | grep -oE '<business>[^<]+</business>' | sed 's/<[^>]*>//g')
-      fi
-    fi
-    ANON_BODY=$(jq -n \\
-      --arg event_id "$(uuidgen 2>/dev/null || echo "evt_$(date +%s)_$$")" \\
-      --arg timestamp "$(date -u +%Y-%m-%dT%H:%M:%SZ)" \\
-      --arg hook_type "edit_capture" \\
-      --arg verdict "$LOCAL_VERDICT" \\
-      --arg severity "$LOCAL_SEVERITY" \\
-      --arg risk_level "$LOCAL_RISK" \\
-      --arg category "$CATEGORY" \\
-      --arg model "claude-sonnet-4-6" \\
-      --arg tool_name "$TOOL_NAME" \\
-      --arg repo "\${GIT_REPO:-}" \\
-      --arg session_id "$SESSION_ID" \\
-      --arg mech_cat "$MECH_CAT" \\
-      --arg biz_cat "$BIZ_CAT" \\
-      --argjson cve_findings "\${CVE_FINDINGS_JSON:-[]}" \\
-      '{
-        event_id: $event_id, timestamp: $timestamp, hook_type: $hook_type,
-        verdict: $verdict, severity: $severity, risk_level: $risk_level,
-        category: $category, model: $model, tool_name: $tool_name
-      } + (if $repo != "" then {repo: $repo} else {} end)
-        + (if $session_id != "" then {session_id: $session_id} else {} end)
-        + (if $mech_cat != "" then {mechanism_category: $mech_cat} else {} end)
-        + (if $biz_cat != "" then {business_category: $biz_cat} else {} end)
-        + (if ($cve_findings | length) > 0 then {cve_findings: $cve_findings} else {} end)')
-    curl -sS -X POST "\${GATEWAY_URL}/api/v1/events/local-verdict" \\
-      -H "Content-Type: application/json" \\
-      -H "Authorization: Bearer $JWT" \\
-      -d "$ANON_BODY" --max-time 2 >/dev/null 2>&1
-  ) &
-fi
-
-if [ "$OK" = "false" ] && [ -n "$REASON" ]; then
-  synkro_log "editScan $BASENAME \u2192 FAIL ($CATEGORY): $REASON"
-  SYS_MSG="$SYNKRO_PREFIX editScan $BASENAME \u2192 FAIL: \${REASON}"
-  ADDITIONAL_CTX="Synkro post-edit grader flagged \${BASENAME} (severity: \${SEVERITY}, category: \${CATEGORY}, route: \${ROUTE_TAG:-cloud}). Re-edit the file applying the retry guidance: \${REASON}"
-  jq -n \\
-    --arg sys_msg "$SYS_MSG" \\
-    --arg ctx "$ADDITIONAL_CTX" \\
-    '{
-      systemMessage: $sys_msg,
-      hookSpecificOutput: {
-        hookEventName: "PostToolUse",
-        additionalContext: $ctx
-      }
-    }'
+  echo '{}'
   exit 0
 fi
 
-if [ -n "$REASON" ]; then
-  synkro_log "editScan $BASENAME \u2192 pass ($CATEGORY): $REASON"
-  jq -n --arg m "$SYNKRO_PREFIX editScan $BASENAME \u2192 pass ($CATEGORY): $REASON" '{systemMessage: $m}'
+if echo "$RESP" | jq -e '.hook_response' >/dev/null 2>&1; then
+  echo "$RESP" | jq -c '.hook_response'
 else
-  synkro_log "editScan $BASENAME \u2192 pass"
-  jq -n --arg m "$SYNKRO_PREFIX editScan $BASENAME \u2192 pass" '{systemMessage: $m}'
+  echo '{}'
 fi
 exit 0
 `;
     CC_STOP_SUMMARY_SCRIPT = `#!/bin/bash
-# Synkro Stop hook \u2014 emits "[synkro] stop \u2192 N findings: X auto-fixed, Y open"
-# as a final summary line when the CC session ends. Reads guard_checks rows
-# for the session via /api/v1/cli/session-summary.
-# No set -e: hook must ALWAYS produce JSON output. Silent death = CC timeout.
-
-CONFIG_FILE="$HOME/.synkro/config.env"
-if [ -f "$CONFIG_FILE" ]; then
-  set -a
-  # shellcheck disable=SC1090
-  . "$CONFIG_FILE"
-  set +a
-fi
-
-GATEWAY_URL="\${SYNKRO_GATEWAY_URL:-https://api.synkro.sh}"
-CREDS_PATH="\${SYNKRO_CREDENTIALS_PATH:-$HOME/.synkro/credentials.json}"
+SCRIPT_DIR="$(cd "$(dirname "\${BASH_SOURCE[0]}")" && pwd)"
+. "$SCRIPT_DIR/_synkro-common.sh"
 
-if [ ! -f "$CREDS_PATH" ]; then
-  echo '{}'
-  exit 0
-fi
-JWT=$(jq -r '.access_token // empty' "$CREDS_PATH" 2>/dev/null)
-if [ -z "$JWT" ]; then
-  echo '{}'
-  exit 0
-fi
+JWT=$(synkro_load_jwt)
+if [ -z "$JWT" ]; then echo '{}'; exit 0; fi
 
 PAYLOAD=$(cat)
 SESSION_ID=$(echo "$PAYLOAD" | jq -r '.session_id // empty' 2>/dev/null)
-if [ -z "$SESSION_ID" ]; then
-  echo '{}'
-  exit 0
-fi
+if [ -z "$SESSION_ID" ]; then echo '{}'; exit 0; fi
 
-TRANSCRIPT_PATH=$(echo "$PAYLOAD" | jq -r '.transcript_path // empty' 2>/dev/null)
 CWD=$(echo "$PAYLOAD" | jq -r '.cwd // empty' 2>/dev/null)
+TRANSCRIPT_PATH=$(echo "$PAYLOAD" | jq -r '.transcript_path // empty' 2>/dev/null)
+GIT_REPO=$(synkro_detect_repo "\${CWD:-.}")
 
-GIT_REPO=""
-if command -v git >/dev/null 2>&1; then
-  _REMOTE=$(git -C "\${CWD:-.}" remote get-url origin 2>/dev/null || true)
-  if [ -n "$_REMOTE" ]; then
-    GIT_REPO=$(echo "$_REMOTE" | sed -E 's|^git@[^:]+:||; s|^https?://[^/]+/||; s|\\.git$||')
-  fi
-fi
-
-# Fire-and-forget usage telemetry \u2014 runs every turn via Stop hook
+# Fire-and-forget usage telemetry
 if [ -n "$TRANSCRIPT_PATH" ] && [ -f "$TRANSCRIPT_PATH" ]; then
   (
-    _LAST_ASSISTANT=$(grep '"type":"assistant"' "$TRANSCRIPT_PATH" 2>/dev/null | tail -1)
-    if [ -n "$_LAST_ASSISTANT" ]; then
-      CC_MODEL=$(echo "$_LAST_ASSISTANT" | jq -r '.message.model // empty' 2>/dev/null)
-      CC_USAGE=$(echo "$_LAST_ASSISTANT" | jq -c '{
-        input_tokens: .message.usage.input_tokens,
-        output_tokens: .message.usage.output_tokens,
-        cache_creation_input_tokens: .message.usage.cache_creation_input_tokens,
-        cache_read_input_tokens: .message.usage.cache_read_input_tokens
-      }' 2>/dev/null || echo "{}")
+    _LAST=$(grep '"type":"assistant"' "$TRANSCRIPT_PATH" 2>/dev/null | tail -1)
+    if [ -n "$_LAST" ]; then
+      CC_MODEL=$(echo "$_LAST" | jq -r '.message.model // empty' 2>/dev/null)
+      CC_USAGE=$(echo "$_LAST" | jq -c '{input_tokens:.message.usage.input_tokens,output_tokens:.message.usage.output_tokens,cache_creation_input_tokens:.message.usage.cache_creation_input_tokens,cache_read_input_tokens:.message.usage.cache_read_input_tokens}' 2>/dev/null || echo "{}")
       HAS_TOKENS=$(echo "$CC_USAGE" | jq '(.input_tokens // 0) + (.output_tokens // 0)' 2>/dev/null)
       if [ -n "$HAS_TOKENS" ] && [ "$HAS_TOKENS" != "0" ]; then
-        USAGE_BODY=$(jq -n \\
+        BODY=$(jq -n \\
           --arg event_id "usage_$(date +%s)_$$" \\
-          --arg hook_type "stop" \\
-          --arg verdict "allow" \\
-          --arg severity "none" \\
+          --arg hook_type "stop" --arg verdict "allow" --arg severity "none" \\
           --arg model "\${CC_MODEL:-claude-sonnet-4-6}" \\
           --arg cc_model "\${CC_MODEL:-}" \\
-          --arg repo "\${GIT_REPO:-}" \\
-          --arg session_id "$SESSION_ID" \\
+          --arg repo "\${GIT_REPO:-}" --arg session_id "$SESSION_ID" \\
           --argjson cc_usage "$CC_USAGE" \\
-          '{
-            event_id: $event_id, hook_type: $hook_type,
-            verdict: $verdict, severity: $severity,
-            model: $model, cc_usage: $cc_usage
-          } + (if $repo != "" then {repo: $repo} else {} end)
-            + (if $session_id != "" then {session_id: $session_id} else {} end)
-            + (if $cc_model != "" then {cc_model: $cc_model} else {} end)')
-        curl -sS -X POST "\${GATEWAY_URL}/api/v1/events/local-verdict" \\
-          -H "Content-Type: application/json" \\
-          -H "Authorization: Bearer $JWT" \\
-          -d "$USAGE_BODY" --max-time 2 >/dev/null 2>&1
+          '{capture_type:"local_verdict",event_id:$event_id,hook_type:$hook_type,verdict:$verdict,severity:$severity,model:$model,cc_usage:$cc_usage}
+            + (if $repo != "" then {repo:$repo} else {} end)
+            + (if $session_id != "" then {session_id:$session_id} else {} end)
+            + (if $cc_model != "" then {cc_model:$cc_model} else {} end)')
+        curl -sS -X POST "\${GATEWAY_URL}/api/v1/hook/capture" \\
+          -H "Content-Type: application/json" -H "Authorization: Bearer $JWT" \\
+          -d "$BODY" --max-time 2 >/dev/null 2>&1
       fi
     fi
   ) &
 fi
 
-# Tight timeout \u2014 the user already finished their session, don't make them wait.
 RESP=$(curl -sS -G "\${GATEWAY_URL}/api/v1/cli/session-summary" \\
   --data-urlencode "session_id=$SESSION_ID" \\
-  -H "Authorization: Bearer $JWT" \\
-  --max-time 2 2>/dev/null || echo "")
+  -H "Authorization: Bearer $JWT" --max-time 2 2>/dev/null || echo "")
 
-if [ -z "$RESP" ]; then
-  echo '{}'
-  exit 0
-fi
+if [ -z "$RESP" ]; then echo '{}'; exit 0; fi
 
 EDITS=$(echo "$RESP" | jq -r '.edits_scanned // 0' 2>/dev/null)
 FINDINGS=$(echo "$RESP" | jq -r '.findings // 0' 2>/dev/null)
 AUTO_FIXED=$(echo "$RESP" | jq -r '.auto_fixed // 0' 2>/dev/null)
 OPEN=$(echo "$RESP" | jq -r '.open // 0' 2>/dev/null)
 
-# Stay silent if the session never touched files we scanned.
-if [ "$EDITS" = "0" ] || [ -z "$EDITS" ]; then
-  echo '{}'
-  exit 0
-fi
+if [ "$EDITS" = "0" ] || [ -z "$EDITS" ]; then echo '{}'; exit 0; fi
 
 if [ "$FINDINGS" = "0" ] || [ -z "$FINDINGS" ]; then
   SYS_MSG="[synkro] stop \u2192 0 issues across \${EDITS} edit(s), session complete"
@@ -1998,29 +1077,16 @@ else
   SYS_MSG="[synkro] stop \u2192 \${FINDINGS} finding(s): \${AUTO_FIXED} auto-fixed, \${OPEN} open"
 fi
 
-jq -n --arg sys_msg "$SYS_MSG" '{ systemMessage: $sys_msg }'
+jq -n --arg m "$SYS_MSG" '{systemMessage: $m}'
 exit 0
 `;
     CC_SESSION_START_SCRIPT = `#!/bin/bash
-# Synkro SessionStart hook \u2014 when the user opens a fresh CC session in a repo
-# we have findings on, surface "[synkro] session start \u2192 N open finding(s) in
-# this repo" so they have context. Silent when there's nothing to report.
-# No set -e: hook must ALWAYS produce JSON output. Silent death = CC timeout.
-
-CONFIG_FILE="$HOME/.synkro/config.env"
-if [ -f "$CONFIG_FILE" ]; then
-  set -a
-  # shellcheck disable=SC1090
-  . "$CONFIG_FILE"
-  set +a
-fi
+SCRIPT_DIR="$(cd "$(dirname "\${BASH_SOURCE[0]}")" && pwd)"
+. "$SCRIPT_DIR/_synkro-common.sh"
 
-GATEWAY_URL="\${SYNKRO_GATEWAY_URL:-https://api.synkro.sh}"
-CREDS_PATH="\${SYNKRO_CREDENTIALS_PATH:-$HOME/.synkro/credentials.json}"
+JWT=$(synkro_load_jwt)
 
-# Route preamble \u2014 tell the user (and CC) which inference path will be used.
-# We probe the local-cc TCP listener directly so the line reflects ground truth
-# rather than just the persisted toggle.
+# Route preamble
 SYNKRO_PORT="\${SYNKRO_CHANNEL_PORT:-8929}"
 if (exec 3<>/dev/tcp/127.0.0.1/"$SYNKRO_PORT") 2>/dev/null; then
   exec 3<&- 3>&- 2>/dev/null || true
@@ -2029,78 +1095,45 @@ else
   ROUTE_LINE="[synkro] inference: cloud (local-cc channel not reachable)"
 fi
 
-if [ ! -f "$CREDS_PATH" ]; then
-  jq -n --arg m "$ROUTE_LINE" '{ systemMessage: $m }'
-  exit 0
-fi
-JWT=$(jq -r '.access_token // empty' "$CREDS_PATH" 2>/dev/null)
 if [ -z "$JWT" ]; then
-  jq -n --arg m "$ROUTE_LINE" '{ systemMessage: $m }'
+  jq -n --arg m "$ROUTE_LINE" '{systemMessage: $m}'
   exit 0
 fi
 
 PAYLOAD=$(cat)
 CWD=$(echo "$PAYLOAD" | jq -r '.cwd // empty' 2>/dev/null)
-if [ -z "$CWD" ]; then
-  jq -n --arg m "$ROUTE_LINE" '{ systemMessage: $m }'
-  exit 0
-fi
-
-GIT_REPO=""
-if command -v git >/dev/null 2>&1; then
-  _REMOTE=$(git -C "\${CWD:-.}" remote get-url origin 2>/dev/null || true)
-  if [ -n "$_REMOTE" ]; then
-    GIT_REPO=$(echo "$_REMOTE" | sed -E 's|^git@[^:]+:||; s|^https?://[^/]+/||; s|\\.git$||')
-  fi
-fi
-
-RESP=$(curl -sS -G "\${GATEWAY_URL}/api/v1/cli/session-context" \\
-  --data-urlencode "cwd=$CWD" \\
-  --data-urlencode "repo=$GIT_REPO" \\
-  -H "Authorization: Bearer $JWT" \\
-  --max-time 2 2>/dev/null || echo "")
+SESSION_ID=$(echo "$PAYLOAD" | jq -r '.session_id // empty' 2>/dev/null)
+GIT_REPO=$(synkro_detect_repo "\${CWD:-.}")
 
-if [ -z "$RESP" ]; then
-  jq -n --arg m "$ROUTE_LINE" '{ systemMessage: $m }'
-  exit 0
-fi
+RESP=$(curl -sS -G "\${GATEWAY_URL}/api/v1/hook/config" \\
+  --data-urlencode "session_id=\${SESSION_ID:-}" \\
+  --data-urlencode "repo=\${GIT_REPO:-}" \\
+  -H "Authorization: Bearer $JWT" --max-time 3 2>/dev/null || echo "")
 
 PLAN_NUDGE="Before implementing any multi-step plan, call the synkro-guardrails analyze_plan tool with your implementation plan to check for relevant org coding rules."
 
-OPEN=$(echo "$RESP" | jq -r '.open_count // 0' 2>/dev/null)
-if [ "$OPEN" = "0" ] || [ -z "$OPEN" ]; then
-  jq -n --arg sys_msg "$ROUTE_LINE"$'\\n'"[synkro] $PLAN_NUDGE" '{ systemMessage: $sys_msg }'
-  exit 0
+OPEN=0
+if [ -n "$RESP" ]; then
+  OPEN=$(echo "$RESP" | jq -r '.session_context.open_findings // 0' 2>/dev/null)
 fi
 
-if [ "$OPEN" = "1" ]; then
-  SYS_MSG="$ROUTE_LINE"$'\\n'"[synkro] session start \u2192 1 open finding in this repo from a prior session. $PLAN_NUDGE"
+if [ "$OPEN" = "0" ] || [ -z "$OPEN" ]; then
+  jq -n --arg m "$ROUTE_LINE"$'\\n'"[synkro] $PLAN_NUDGE" '{systemMessage: $m}'
 else
-  SYS_MSG="$ROUTE_LINE"$'\\n'"[synkro] session start \u2192 \${OPEN} open findings in this repo from prior sessions. $PLAN_NUDGE"
+  if [ "$OPEN" = "1" ]; then
+    SYS_MSG="$ROUTE_LINE"$'\\n'"[synkro] session start \u2192 1 open finding in this repo from a prior session. $PLAN_NUDGE"
+  else
+    SYS_MSG="$ROUTE_LINE"$'\\n'"[synkro] session start \u2192 \${OPEN} open findings in this repo from prior sessions. $PLAN_NUDGE"
+  fi
+  jq -n --arg m "$SYS_MSG" '{systemMessage: $m}'
 fi
-
-jq -n --arg sys_msg "$SYS_MSG" '{ systemMessage: $sys_msg }'
 exit 0
 `;
     CC_BASH_FOLLOWUP_SCRIPT = `#!/bin/bash
-# Synkro PostToolUse Bash hook \u2014 minimal correction-followup fire.
-# No grading happens here; verdict already came from PreToolUse. This is just
-# the "user approved + agent ran it" capture.
-# No set -e: hook must ALWAYS produce JSON output. Silent death = CC timeout.
-
-CONFIG_FILE="$HOME/.synkro/config.env"
-if [ -f "$CONFIG_FILE" ]; then
-  set -a
-  # shellcheck disable=SC1090
-  . "$CONFIG_FILE"
-  set +a
-fi
-
-GATEWAY_URL="\${SYNKRO_GATEWAY_URL:-https://api.synkro.sh}"
-CREDS_PATH="\${SYNKRO_CREDENTIALS_PATH:-$HOME/.synkro/credentials.json}"
+SCRIPT_DIR="$(cd "$(dirname "\${BASH_SOURCE[0]}")" && pwd)"
+. "$SCRIPT_DIR/_synkro-common.sh"
 
-if [ ! -f "$CREDS_PATH" ]; then echo '{}'; exit 0; fi
-JWT=$(jq -r '.access_token // empty' "$CREDS_PATH" 2>/dev/null)
+JWT=$(synkro_load_jwt)
 if [ -z "$JWT" ]; then echo '{}'; exit 0; fi
 
 PAYLOAD=$(cat)
@@ -2112,47 +1145,22 @@ TOOL_USE_ID=$(echo "$PAYLOAD" | jq -r '.tool_use_id // empty' 2>/dev/null)
 if [ -z "$SESSION_ID" ] || [ -z "$TOOL_USE_ID" ]; then echo '{}'; exit 0; fi
 
 BODY=$(jq -n --arg sid "$SESSION_ID" --arg tid "$TOOL_USE_ID" \\
-  '{session_id: $sid, tool_use_id: $tid, decision: "allow"}')
+  '{capture_type:"bash_followup",session_id:$sid,tool_use_id:$tid}')
 
-curl -sS -X POST "\${GATEWAY_URL}/api/v1/precheck-edit/correction-followup" \\
-  -H "Content-Type: application/json" \\
-  -H "Authorization: Bearer $JWT" \\
-  -d "$BODY" \\
-  --max-time 2 \\
-  >/dev/null 2>&1 || true
+curl -sS -X POST "\${GATEWAY_URL}/api/v1/hook/capture" \\
+  -H "Content-Type: application/json" -H "Authorization: Bearer $JWT" \\
+  -d "$BODY" --max-time 2 >/dev/null 2>&1 || true
 
 echo '{}'
 exit 0
 `;
     CC_TRANSCRIPT_SYNC_SCRIPT = `#!/bin/bash
-# Synkro Stop hook \u2014 incremental transcript sync.
-# Reads new lines from the CC transcript since last sync, POSTs them to
-# /api/v1/cli/sync-transcripts in the background. Completely invisible
-# to the user \u2014 no systemMessage, no blocking.
-# No set -e: hook must ALWAYS produce JSON output.
-
-CONFIG_FILE="$HOME/.synkro/config.env"
-if [ -f "$CONFIG_FILE" ]; then
-  set -a
-  # shellcheck disable=SC1090
-  . "$CONFIG_FILE"
-  set +a
-fi
-
-GATEWAY_URL="\${SYNKRO_GATEWAY_URL:-https://api.synkro.sh}"
-CREDS_PATH="\${SYNKRO_CREDENTIALS_PATH:-$HOME/.synkro/credentials.json}"
-
-if [ ! -f "$CREDS_PATH" ]; then echo '{}'; exit 0; fi
-if [ "\${SYNKRO_TRANSCRIPT_CONSENT:-yes}" = "no" ]; then echo '{}'; exit 0; fi
+SCRIPT_DIR="$(cd "$(dirname "\${BASH_SOURCE[0]}")" && pwd)"
+. "$SCRIPT_DIR/_synkro-common.sh"
 
-JWT=$(jq -r '.access_token // empty' "$CREDS_PATH" 2>/dev/null)
+JWT=$(synkro_load_jwt)
 if [ -z "$JWT" ]; then echo '{}'; exit 0; fi
-
-# Hard-skip in local_only privacy mode \u2014 conversation content must never leave the device.
-ME_RESP=$(curl -sS "\${GATEWAY_URL}/api/v1/cli/me" -H "Authorization: Bearer $JWT" --max-time 3 2>/dev/null || echo "")
-SYNKRO_CAPTURE_DEPTH=$(echo "$ME_RESP" | jq -r '.capture_depth // empty' 2>/dev/null)
-SYNKRO_CAPTURE_DEPTH="\${SYNKRO_CAPTURE_DEPTH:-local_only}"
-if [ "$SYNKRO_CAPTURE_DEPTH" = "local_only" ]; then echo '{}'; exit 0; fi
+if [ "\${SYNKRO_TRANSCRIPT_CONSENT:-yes}" = "no" ]; then echo '{}'; exit 0; fi
 
 PAYLOAD=$(cat)
 SESSION_ID=$(echo "$PAYLOAD" | jq -r '.session_id // empty' 2>/dev/null)
@@ -2160,200 +1168,64 @@ TRANSCRIPT_PATH=$(echo "$PAYLOAD" | jq -r '.transcript_path // empty' 2>/dev/nul
 CWD=$(echo "$PAYLOAD" | jq -r '.cwd // empty' 2>/dev/null)
 
 if [ -z "$SESSION_ID" ] || [ -z "$TRANSCRIPT_PATH" ] || [ ! -f "$TRANSCRIPT_PATH" ]; then
-  echo '{}'
-  exit 0
+  echo '{}'; exit 0
 fi
 
-# Detect git repo
-GIT_REPO=""
-if command -v git >/dev/null 2>&1; then
-  _REMOTE=$(git -C "\${CWD:-.}" remote get-url origin 2>/dev/null || true)
-  if [ -n "$_REMOTE" ]; then
-    GIT_REPO=$(echo "$_REMOTE" | sed -E 's|^git@[^:]+:||; s|^https?://[^/]+/||; s|\\.git$||')
-  fi
-fi
+GIT_REPO=$(synkro_detect_repo "\${CWD:-.}")
 if [ -z "$GIT_REPO" ]; then echo '{}'; exit 0; fi
 
-# Read offset (last synced line count)
+# Check capture depth \u2014 skip in local_only
+CONFIG_RESP=$(curl -sS "\${GATEWAY_URL}/api/v1/hook/config" -H "Authorization: Bearer $JWT" --max-time 3 2>/dev/null || echo "")
+CAPTURE_DEPTH=$(echo "$CONFIG_RESP" | jq -r '.capture_depth // "local_only"' 2>/dev/null)
+if [ "$CAPTURE_DEPTH" = "local_only" ]; then echo '{}'; exit 0; fi
+
 OFFSET_DIR="$HOME/.synkro/.transcript-offsets"
 mkdir -p "$OFFSET_DIR" 2>/dev/null || true
 OFFSET_FILE="$OFFSET_DIR/$SESSION_ID"
 OFFSET=0
-if [ -f "$OFFSET_FILE" ]; then
-  OFFSET=$(cat "$OFFSET_FILE" 2>/dev/null || echo "0")
-fi
+[ -f "$OFFSET_FILE" ] && OFFSET=$(cat "$OFFSET_FILE" 2>/dev/null || echo "0")
 
 TOTAL_LINES=$(wc -l < "$TRANSCRIPT_PATH" 2>/dev/null | tr -d ' ')
-if [ -z "$TOTAL_LINES" ] || [ "$TOTAL_LINES" -le "$OFFSET" ] 2>/dev/null; then
-  echo '{}'
-  exit 0
-fi
+if [ -z "$TOTAL_LINES" ] || [ "$TOTAL_LINES" -le "$OFFSET" ] 2>/dev/null; then echo '{}'; exit 0; fi
 
 DELTA=$((TOTAL_LINES - OFFSET))
 START_LINE=$((OFFSET + 1))
+[ "$DELTA" -gt 200 ] && START_LINE=$((TOTAL_LINES - 199))
 
-# Cap at 200 lines per sync
-if [ "$DELTA" -gt 200 ]; then
-  START_LINE=$((TOTAL_LINES - 199))
-fi
-
-# Parse new transcript lines into structured messages
 MESSAGES=$(tail -n +"$START_LINE" "$TRANSCRIPT_PATH" 2>/dev/null | jq -c --argjson base_idx "$((START_LINE - 1))" '
   . as $line |
   if ($line.type == "user" or $line.type == "assistant") then
     {
       message_index: (input_line_number + $base_idx),
       type: $line.type,
-      content: (
-        if $line.type == "user" then
-          ($line.message.content
-            | if type == "string" then .[0:8000]
-              else ([.[]? | if type == "string" then . elif (type == "object" and .type == "text") then (.text // "") else "" end] | join(" ") | .[0:8000])
-              end)
-        else
-          ([$line.message.content[]? | select(type == "object" and .type == "text") | .text // ""] | join(" ") | .[0:8000])
-        end
-      ),
-      tool_calls: (
-        if $line.type == "assistant" then
-          [$line.message.content[]? | select(.type == "tool_use") | {name, input: (.input | tostring | .[0:500]), id}]
-        else null end
-        | if . == null or length == 0 then null else . end
-      ),
+      content: (if $line.type == "user" then ($line.message.content | if type == "string" then .[0:8000] else ([.[]? | if type == "string" then . elif (type == "object" and .type == "text") then (.text // "") else "" end] | join(" ") | .[0:8000]) end) else ([$line.message.content[]? | select(type == "object" and .type == "text") | .text // ""] | join(" ") | .[0:8000]) end),
+      tool_calls: (if $line.type == "assistant" then [$line.message.content[]? | select(.type == "tool_use") | {name, input: (.input | tostring | .[0:500]), id}] else null end | if . == null or length == 0 then null else . end),
       model: ($line.message.model // null),
-      usage: (
-        if $line.type == "assistant" and $line.message.usage then
-          {
-            input_tokens: $line.message.usage.input_tokens,
-            output_tokens: $line.message.usage.output_tokens,
-            cache_creation_input_tokens: $line.message.usage.cache_creation_input_tokens,
-            cache_read_input_tokens: $line.message.usage.cache_read_input_tokens
-          }
-        else null end
-      )
+      usage: (if $line.type == "assistant" and $line.message.usage then {input_tokens: $line.message.usage.input_tokens, output_tokens: $line.message.usage.output_tokens, cache_creation_input_tokens: $line.message.usage.cache_creation_input_tokens, cache_read_input_tokens: $line.message.usage.cache_read_input_tokens} else null end)
     }
   else empty end
 ' 2>/dev/null | jq -s '.' 2>/dev/null)
 
 if [ -z "$MESSAGES" ] || [ "$MESSAGES" = "[]" ] || [ "$MESSAGES" = "null" ]; then
   printf '%s' "$TOTAL_LINES" > "$OFFSET_FILE" 2>/dev/null || true
-  echo '{}'
-  exit 0
+  echo '{}'; exit 0
 fi
 
-BODY=$(jq -n \\
-  --arg repo "$GIT_REPO" \\
-  --arg sid "$SESSION_ID" \\
-  --argjson messages "$MESSAGES" \\
+BODY=$(jq -n --arg repo "$GIT_REPO" --arg sid "$SESSION_ID" --argjson messages "$MESSAGES" \\
   '{repo: $repo, sessions: [{cc_session_id: $sid, messages: $messages}]}')
 
-# Fire-and-forget \u2014 background the curl so we don't block the user
 (
   curl -sS -X POST "\${GATEWAY_URL}/api/v1/cli/sync-transcripts" \\
-    -H "Content-Type: application/json" \\
-    -H "Authorization: Bearer $JWT" \\
-    -d "$BODY" \\
-    --max-time 10 \\
-    >/dev/null 2>&1
+    -H "Content-Type: application/json" -H "Authorization: Bearer $JWT" \\
+    -d "$BODY" --max-time 10 >/dev/null 2>&1
 ) &
 disown 2>/dev/null || true
 
-# Update offset
 printf '%s' "$TOTAL_LINES" > "$OFFSET_FILE" 2>/dev/null || true
-
-echo '{}'
-exit 0
-`;
-    SYNKRO_COMMON_SCRIPT = `#!/bin/bash
-# Shared Synkro hook utilities \u2014 sourced by IDE-specific adapter scripts.
-# Provides: auth, JWT refresh, config loading, API helpers, git detection.
-
-synkro_log() { echo "[synkro] $1" >&2; }
-
-synkro_channel_up() {
-  (exec 3<>/dev/tcp/127.0.0.1/\${SYNKRO_CHANNEL_PORT:-8929}) 2>/dev/null && exec 3<&- 3>&-
-}
-
-# Load config
-_SYNKRO_CONFIG="$HOME/.synkro/config.env"
-if [ -f "$_SYNKRO_CONFIG" ]; then
-  set -a
-  # shellcheck disable=SC1090
-  . "$_SYNKRO_CONFIG"
-  set +a
-fi
-
-GATEWAY_URL="\${SYNKRO_GATEWAY_URL:-https://api.synkro.sh}"
-CREDS_PATH="\${SYNKRO_CREDENTIALS_PATH:-$HOME/.synkro/credentials.json}"
-
-synkro_load_jwt() {
-  if [ ! -f "$CREDS_PATH" ]; then
-    echo ""
-    return 1
-  fi
-  jq -r '.access_token // empty' "$CREDS_PATH" 2>/dev/null
-}
-
-synkro_refresh_jwt() {
-  local refresh_token
-  refresh_token=$(jq -r '.refresh_token // empty' "$CREDS_PATH" 2>/dev/null)
-  if [ -z "$refresh_token" ]; then return 1; fi
-  local refresh_body
-  refresh_body=$(jq -n --arg rt "$refresh_token" '{refresh_token:$rt}')
-  local refresh_resp
-  refresh_resp=$(curl -sS -X POST "\${GATEWAY_URL}/api/auth/refresh" \\
-    -H "Content-Type: application/json" \\
-    -d "$refresh_body" \\
-    --max-time 4 2>/dev/null)
-  local new_access
-  new_access=$(echo "$refresh_resp" | jq -r '.access_token // empty' 2>/dev/null)
-  if [ -z "$new_access" ]; then return 1; fi
-  local new_refresh
-  new_refresh=$(echo "$refresh_resp" | jq -r '.refresh_token // empty' 2>/dev/null)
-  if [ -z "$new_refresh" ]; then new_refresh="$refresh_token"; fi
-  local tmp="\${CREDS_PATH}.synkro.tmp"
-  jq --arg at "$new_access" --arg rt "$new_refresh" \\
-    '. + {access_token: $at, refresh_token: $rt}' \\
-    "$CREDS_PATH" > "$tmp" 2>/dev/null && mv "$tmp" "$CREDS_PATH"
-  JWT="$new_access"
-  return 0
-}
-
-synkro_ensure_fresh_jwt() {
-  [ -z "$JWT" ] && return 1
-  local payload exp now remaining
-  payload=$(printf '%s' "$JWT" | cut -d. -f2)
-  case $((\${#payload} % 4)) in
-    2) payload="\${payload}==" ;;
-    3) payload="\${payload}=" ;;
-  esac
-  exp=$(printf '%s' "$payload" | tr '_-' '/+' | base64 -D 2>/dev/null | jq -r '.exp // 0' 2>/dev/null)
-  now=$(date -u +%s)
-  remaining=$((exp - now))
-  if [ "$remaining" -lt 60 ]; then
-    synkro_refresh_jwt
-  fi
-}
-
-synkro_detect_repo() {
-  local cwd="\${1:-.}"
-  if command -v git >/dev/null 2>&1; then
-    local remote
-    remote=$(git -C "$cwd" remote get-url origin 2>/dev/null || true)
-    if [ -n "$remote" ]; then
-      echo "$remote" | sed -E 's|^git@[^:]+:||; s|^https?://[^/]+/||; s|\\.git$||'
-      return
-    fi
-  fi
-  echo ""
-}
+echo '{}'; exit 0
 `;
     CURSOR_BASH_JUDGE_SCRIPT = `#!/bin/bash
-# Synkro beforeShellExecution hook for Cursor.
-# Reads Cursor's stdin payload, judges via Synkro gateway, returns Cursor-format verdict.
-
 SCRIPT_DIR="$(cd "$(dirname "\${BASH_SOURCE[0]}")" && pwd)"
-# shellcheck disable=SC1091
 . "$SCRIPT_DIR/_synkro-common.sh"
 
 JWT=$(synkro_load_jwt)
@@ -2373,95 +1245,38 @@ GIT_REPO=$(synkro_detect_repo "\${CWD:-.}")
 CMD_SHORT=$(printf '%s' "$COMMAND" | head -c 80)
 synkro_log "bashGuard checking: $CMD_SHORT"
 
-TOOL_INPUT=$(jq -n --arg cmd "$COMMAND" '{command: $cmd}')
-
 BODY=$(jq -n \\
-  --argjson tool_input "$TOOL_INPUT" \\
+  --arg cmd "$COMMAND" \\
   --arg session_id "$SESSION_ID" \\
   --arg cwd "$CWD" \\
   --arg repo "$GIT_REPO" \\
   '{
-    kind: "bash_judge",
-    tool_input: $tool_input,
-    user_intent: null,
-    recent_user_messages: [],
-    recent_messages: [],
-    recent_actions: [],
+    hook_event: "PreToolUse",
+    tool_name: "Bash",
+    tool_input: {command: $cmd},
+    response_format: "cursor",
     session_id: (if ($session_id | length) > 0 then $session_id else null end),
     cwd: (if ($cwd | length) > 0 then $cwd else null end),
-    repo: (if ($repo | length) > 0 then $repo else null end),
-    ide: "cursor"
+    repo: (if ($repo | length) > 0 then $repo else null end)
   }')
 
-VERDICT=$(curl -sS -X POST "\${GATEWAY_URL}/api/v1/judge" \\
-  -H "Content-Type: application/json" \\
-  -H "Authorization: Bearer $JWT" \\
-  -d "$BODY" \\
-  --max-time 6 2>/dev/null || echo "")
-
-if echo "$VERDICT" | grep -qE '"detail":"Token has expired|"detail":"Invalid or expired token'; then
-  if synkro_refresh_jwt; then
-    VERDICT=$(curl -sS -X POST "\${GATEWAY_URL}/api/v1/judge" \\
-      -H "Content-Type: application/json" \\
-      -H "Authorization: Bearer $JWT" \\
-      -d "$BODY" \\
-      --max-time 6 2>/dev/null || echo "")
-  fi
-fi
+RESP=$(synkro_post_with_retry "\${GATEWAY_URL}/api/v1/hook/judge" "$BODY" 6)
 
-if [ -z "$VERDICT" ]; then
+if [ -z "$RESP" ]; then
   synkro_log "bashGuard $CMD_SHORT \u2192 error (timeout)"
-  echo '{}'
-  exit 0
+  echo '{}'; exit 0
 fi
 
-SEVERITY=$(echo "$VERDICT" | jq -r '.severity // "audit"' 2>/dev/null)
-REASONING=$(echo "$VERDICT" | jq -r '.reasoning // ""' 2>/dev/null)
-ALTERNATIVE=$(echo "$VERDICT" | jq -r '.alternative // ""' 2>/dev/null)
-CATEGORY=$(echo "$VERDICT" | jq -r '.category // ""' 2>/dev/null)
-VERDICT_KIND=$(echo "$VERDICT" | jq -r '.verdict // "warn"' 2>/dev/null)
-
-case "$SEVERITY" in
-  block|audit) ;;
-  low|medium|high|critical)
-    if [ "$VERDICT_KIND" = "allow" ]; then SEVERITY="audit"; else SEVERITY="block"; fi
-    ;;
-  *)
-    if [ "$VERDICT_KIND" = "allow" ]; then SEVERITY="audit"; else SEVERITY="block"; fi
-    ;;
-esac
-
-ALT_SUFFIX=""
-if [ -n "$ALTERNATIVE" ] && [ "$ALTERNATIVE" != "null" ]; then
-  ALT_SUFFIX=" Suggested: \${ALTERNATIVE}"
+# Server returns cursor-format directly in hook_response
+if echo "$RESP" | jq -e '.hook_response' >/dev/null 2>&1; then
+  echo "$RESP" | jq -c '.hook_response'
+else
+  echo '{}'
 fi
-
-case "$SEVERITY" in
-  block)
-    synkro_log "bashGuard $CMD_SHORT \u2192 BLOCK: $REASONING"
-    jq -n \\
-      --arg user "Synkro safety judge blocked this command: \${REASONING}\${ALT_SUFFIX}" \\
-      --arg agent "Synkro safety judge (severity: \${SEVERITY}, category: \${CATEGORY}). Reasoning: \${REASONING}.\${ALT_SUFFIX}" \\
-      '{permission: "deny", user_message: $user, agent_message: $agent}'
-    ;;
-  audit)
-    synkro_log "bashGuard $CMD_SHORT \u2192 pass (\${CATEGORY})"
-    echo '{}'
-    ;;
-  *)
-    synkro_log "bashGuard $CMD_SHORT \u2192 BLOCK (unexpected severity)"
-    jq -n \\
-      --arg user "Synkro safety judge blocked this command (unexpected severity)." \\
-      '{permission: "deny", user_message: $user}'
-    ;;
-esac
+exit 0
 `;
     CURSOR_EDIT_PRECHECK_SCRIPT = `#!/bin/bash
-# Synkro preToolUse hook for Cursor \u2014 pre-check edits against org rules.
-# Only acts on edit-like tool names; passes through everything else.
-
 SCRIPT_DIR="$(cd "$(dirname "\${BASH_SOURCE[0]}")" && pwd)"
-# shellcheck disable=SC1091
 . "$SCRIPT_DIR/_synkro-common.sh"
 
 JWT=$(synkro_load_jwt)
@@ -2472,16 +1287,12 @@ PAYLOAD=$(cat)
 if [ -z "$PAYLOAD" ]; then echo '{}'; exit 0; fi
 
 TOOL_NAME=$(echo "$PAYLOAD" | jq -r '.tool_name // empty' 2>/dev/null)
-
 CWD=$(echo "$PAYLOAD" | jq -r '.cwd // empty' 2>/dev/null)
 SESSION_ID=$(echo "$PAYLOAD" | jq -r '.conversation_id // empty' 2>/dev/null)
 GIT_REPO=$(synkro_detect_repo "\${CWD:-.}")
 
 FILE_PATH=$(echo "$PAYLOAD" | jq -r '.tool_input.file_path // .tool_input.path // .tool_input.target_file // empty' 2>/dev/null)
 CONTENT=$(echo "$PAYLOAD" | jq -r '.tool_input.content // .tool_input.new_string // .tool_input.code_edit // empty' 2>/dev/null)
-
-# Skip non-edit tools \u2014 if there's no file path in tool_input, this isn't a file edit
-if [ -z "$FILE_PATH" ]; then echo '{}'; exit 0; fi
 if [ -z "$FILE_PATH" ]; then echo '{}'; exit 0; fi
 
 BASENAME=$(basename "$FILE_PATH" 2>/dev/null || echo "$FILE_PATH")
@@ -2494,46 +1305,33 @@ BODY=$(jq -n \\
   --arg cwd "$CWD" \\
   --arg repo "$GIT_REPO" \\
   '{
+    hook_event: "PreToolUse",
+    tool_name: "Edit",
+    tool_input: {file_path: $file_path, content: $content},
     file_path: $file_path,
     content: $content,
+    response_format: "cursor",
     session_id: (if ($session_id | length) > 0 then $session_id else null end),
     cwd: (if ($cwd | length) > 0 then $cwd else null end),
-    repo: (if ($repo | length) > 0 then $repo else null end),
-    ide: "cursor"
+    repo: (if ($repo | length) > 0 then $repo else null end)
   }')
 
-RESP=$(curl -sS -X POST "\${GATEWAY_URL}/api/v1/precheck-edit" \\
-  -H "Content-Type: application/json" \\
-  -H "Authorization: Bearer $JWT" \\
-  -d "$BODY" \\
-  --max-time 8 2>/dev/null || echo "")
+RESP=$(synkro_post_with_retry "\${GATEWAY_URL}/api/v1/hook/judge" "$BODY" 8)
 
 if [ -z "$RESP" ]; then
   synkro_log "editGuard $BASENAME \u2192 error (timeout)"
-  echo '{}'
-  exit 0
+  echo '{}'; exit 0
 fi
 
-DECISION=$(echo "$RESP" | jq -r '.hookSpecificOutput.permissionDecision // "allow"' 2>/dev/null)
-case "$DECISION" in
-  deny|ask)
-    REASON=$(echo "$RESP" | jq -r '.hookSpecificOutput.permissionDecisionReason // "Blocked by Synkro"' 2>/dev/null)
-    synkro_log "editGuard $BASENAME \u2192 BLOCK: $REASON"
-    jq -n --arg user "$REASON" --arg agent "$REASON" \\
-      '{permission: "deny", user_message: $user, agent_message: $agent}'
-    ;;
-  *)
-    synkro_log "editGuard $BASENAME \u2192 pass"
-    echo '{}'
-    ;;
-esac
+if echo "$RESP" | jq -e '.hook_response' >/dev/null 2>&1; then
+  echo "$RESP" | jq -c '.hook_response'
+else
+  echo '{}'
+fi
+exit 0
 `;
     CURSOR_EDIT_CAPTURE_SCRIPT = `#!/bin/bash
-# Synkro afterFileEdit hook for Cursor \u2014 fire-and-forget telemetry + CVE scan.
-# Cannot block (Cursor afterFileEdit is observational only).
-
 SCRIPT_DIR="$(cd "$(dirname "\${BASH_SOURCE[0]}")" && pwd)"
-# shellcheck disable=SC1091
 . "$SCRIPT_DIR/_synkro-common.sh"
 
 JWT=$(synkro_load_jwt)
@@ -2550,19 +1348,11 @@ SESSION_ID=$(echo "$PAYLOAD" | jq -r '.conversation_id // empty' 2>/dev/null)
 GIT_REPO=$(synkro_detect_repo "\${CWD:-.}")
 BASENAME=$(basename "$FILE_PATH" 2>/dev/null || echo "$FILE_PATH")
 
-# Read full file content for edit scan
+FULL_PATH="$FILE_PATH"
+[ -n "$CWD" ] && FULL_PATH="$CWD/$FILE_PATH"
 FULL_CONTENT=""
-FULL_PATH=""
-if [ -n "$CWD" ]; then
-  FULL_PATH="$CWD/$FILE_PATH"
-else
-  FULL_PATH="$FILE_PATH"
-fi
-if [ -f "$FULL_PATH" ]; then
-  FULL_CONTENT=$(head -c 50000 "$FULL_PATH" 2>/dev/null || true)
-fi
+[ -f "$FULL_PATH" ] && FULL_CONTENT=$(head -c 50000 "$FULL_PATH" 2>/dev/null || true)
 
-# Extract deps from nearest package.json
 DEPS_JSON="{}"
 _PKG_DIR="\${CWD:-.}"
 while [ "$_PKG_DIR" != "/" ]; do
@@ -2575,30 +1365,18 @@ done
 
 synkro_log "editScan $BASENAME"
 
-# Fire-and-forget: edit scan + CVE scan in background
 (
   BODY=$(jq -n \\
-    --arg file_path "$FILE_PATH" \\
-    --arg content "$FULL_CONTENT" \\
-    --arg session_id "$SESSION_ID" \\
-    --arg cwd "$CWD" \\
-    --arg repo "$GIT_REPO" \\
+    --arg file_path "$FILE_PATH" --arg content "$FULL_CONTENT" \\
+    --arg session_id "$SESSION_ID" --arg cwd "$CWD" --arg repo "$GIT_REPO" \\
     --argjson deps "$DEPS_JSON" \\
-    '{
-      file_path: $file_path,
-      content: $content,
-      dependencies: $deps,
-      session_id: (if ($session_id | length) > 0 then $session_id else null end),
-      cwd: (if ($cwd | length) > 0 then $cwd else null end),
-      repo: (if ($repo | length) > 0 then $repo else null end),
-      ide: "cursor"
-    }')
-
-  curl -sS -X POST "\${GATEWAY_URL}/api/v1/events/edit-scan" \\
-    -H "Content-Type: application/json" \\
-    -H "Authorization: Bearer $JWT" \\
-    -d "$BODY" \\
-    --max-time 10 >/dev/null 2>&1 || true
+    '{capture_type:"edit_scan",tool_input:{file_path:$file_path,content:$content},edit_verdict:{ok:true},dependencies:$deps}
+      + (if ($session_id | length) > 0 then {session_id:$session_id} else {} end)
+      + (if ($cwd | length) > 0 then {cwd:$cwd} else {} end)
+      + (if ($repo | length) > 0 then {repo:$repo} else {} end)')
+  curl -sS -X POST "\${GATEWAY_URL}/api/v1/hook/capture" \\
+    -H "Content-Type: application/json" -H "Authorization: Bearer $JWT" \\
+    -d "$BODY" --max-time 10 >/dev/null 2>&1 || true
 ) &
 disown 2>/dev/null || true
 
@@ -2606,24 +1384,15 @@ echo '{}'
 exit 0
 `;
     CURSOR_BASH_FOLLOWUP_SCRIPT = `#!/bin/bash
-# Synkro postToolUse hook for Cursor \u2014 fire-and-forget follow-up telemetry.
-# Marks bash judgments as "allowed" after successful execution.
-
 SCRIPT_DIR="$(cd "$(dirname "\${BASH_SOURCE[0]}")" && pwd)"
-# shellcheck disable=SC1091
 . "$SCRIPT_DIR/_synkro-common.sh"
 
 JWT=$(synkro_load_jwt)
 if [ -z "$JWT" ]; then echo '{}'; exit 0; fi
 
 PAYLOAD=$(cat)
-if [ -z "$PAYLOAD" ]; then echo '{}'; exit 0; fi
-
 TOOL_NAME=$(echo "$PAYLOAD" | jq -r '.tool_name // empty' 2>/dev/null)
-case "$TOOL_NAME" in
-  Shell|Bash|terminal|run_terminal_cmd|execute_command) ;;
-  *) echo '{}'; exit 0 ;;
-esac
+case "$TOOL_NAME" in Shell|Bash|terminal|run_terminal_cmd|execute_command) ;; *) echo '{}'; exit 0 ;; esac
 
 SESSION_ID=$(echo "$PAYLOAD" | jq -r '.conversation_id // empty' 2>/dev/null)
 TOOL_USE_ID=$(echo "$PAYLOAD" | jq -r '.tool_use_id // empty' 2>/dev/null)
@@ -2631,12 +1400,10 @@ TOOL_USE_ID=$(echo "$PAYLOAD" | jq -r '.tool_use_id // empty' 2>/dev/null)
 if [ -n "$SESSION_ID" ] && [ -n "$TOOL_USE_ID" ]; then
   (
     BODY=$(jq -n --arg sid "$SESSION_ID" --arg tid "$TOOL_USE_ID" \\
-      '{session_id: $sid, tool_use_id: $tid, decision: "allow"}')
-    curl -sS -X POST "\${GATEWAY_URL}/api/v1/events/bash-followup" \\
-      -H "Content-Type: application/json" \\
-      -H "Authorization: Bearer $JWT" \\
-      -d "$BODY" \\
-      --max-time 3 >/dev/null 2>&1 || true
+      '{capture_type:"bash_followup",session_id:$sid,tool_use_id:$tid}')
+    curl -sS -X POST "\${GATEWAY_URL}/api/v1/hook/capture" \\
+      -H "Content-Type: application/json" -H "Authorization: Bearer $JWT" \\
+      -d "$BODY" --max-time 3 >/dev/null 2>&1 || true
   ) &
   disown 2>/dev/null || true
 fi
@@ -4833,7 +3600,7 @@ function writeConfigEnv(opts) {
     `SYNKRO_CREDENTIALS_PATH=${shellQuoteSingle(credsPath)}`,
     `SYNKRO_TIER=${shellQuoteSingle(safeTier)}`,
     `SYNKRO_INFERENCE=${shellQuoteSingle(safeInference)}`,
-    `SYNKRO_VERSION=${shellQuoteSingle("1.4.14")}`
+    `SYNKRO_VERSION=${shellQuoteSingle("1.4.16")}`
   ];
   if (safeSynkroBin) lines.push(`SYNKRO_CLI_BIN=${shellQuoteSingle(safeSynkroBin)}`);
   if (safeUserId) lines.push(`SYNKRO_USER_ID=${shellQuoteSingle(safeUserId)}`);