@synkro-sh/cli 1.4.15 → 1.4.17

package/dist/bootstrap.js

@@ -495,6 +495,86 @@ synkro_detect_repo() {
   echo ""
 }
 
+synkro_channel_up() {
+  (exec 3<>/dev/tcp/127.0.0.1/\${SYNKRO_CHANNEL_PORT:-8929}) 2>/dev/null && exec 3<&- 3>&-
+}
+
+# Fetch hook config (cached 5min). Sets SYNKRO_CAPTURE_DEPTH, SYNKRO_TIER, SYNKRO_RULES, SYNKRO_GRADER_PRIMER_BASH, SYNKRO_GRADER_PRIMER_EDIT, SYNKRO_CLASSIFICATION_PROMPT.
+synkro_load_config() {
+  local cache="$HOME/.synkro/.hook-config-cache"
+  if [ -f "$cache" ] && find "$cache" -mmin -5 2>/dev/null | grep -q .; then
+    . "$cache" 2>/dev/null
+    return
+  fi
+  local resp
+  resp=$(curl -sS "\${GATEWAY_URL}/api/v1/hook/config\${1:+?$1}" -H "Authorization: Bearer $JWT" --max-time 4 2>/dev/null || echo "")
+  if [ -z "$resp" ]; then return; fi
+  SYNKRO_CAPTURE_DEPTH=$(echo "$resp" | jq -r '.capture_depth // "local_only"' 2>/dev/null)
+  SYNKRO_TIER=$(echo "$resp" | jq -r '.tier // "standard"' 2>/dev/null)
+  SYNKRO_RULES=$(echo "$resp" | jq -c '[.rules[]? | select(.hook_stage == "pre" or .hook_stage == "both" or .hook_stage == null) | {rule_id,text,severity,category,mode}]' 2>/dev/null || echo "[]")
+  # Cache the values
+  printf 'SYNKRO_CAPTURE_DEPTH="%s"\\nSYNKRO_TIER="%s"\\n' "$SYNKRO_CAPTURE_DEPTH" "$SYNKRO_TIER" > "$cache" 2>/dev/null || true
+}
+
+# Decide routing: "local" (grade on device) or "cloud" (POST to server)
+synkro_route() {
+  [ "$SYNKRO_CAPTURE_DEPTH" = "local_only" ] && echo "local" && return
+  synkro_channel_up && echo "local" && return
+  echo "cloud"
+}
+
+# Grade locally via synkro CLI or claude --print. Reads prompt from stdin.
+synkro_local_grade() {
+  local surface="$1"
+  if synkro_channel_up && [ -n "\${SYNKRO_CLI_BIN:-}" ] && [ -f "$SYNKRO_CLI_BIN" ] && command -v node >/dev/null 2>&1; then
+    node "$SYNKRO_CLI_BIN" grade "$surface" 2>/dev/null
+  elif synkro_channel_up && command -v synkro >/dev/null 2>&1; then
+    synkro grade "$surface" 2>/dev/null
+  elif command -v claude >/dev/null 2>&1; then
+    claude --print --model claude-sonnet-4-6 --no-session-persistence 2>/dev/null
+  fi
+}
+
+# Parse <synkro-verdict>...</synkro-verdict> XML from local grader output.
+# Sets LOCAL_OK, LOCAL_REASON, LOCAL_RULE_ID, LOCAL_SEV, LOCAL_CAT.
+synkro_parse_local_verdict() {
+  local resp="$1"
+  LOCAL_OK="true"; LOCAL_REASON=""; LOCAL_RULE_ID=""; LOCAL_SEV="low"; LOCAL_CAT="general"
+  local inner
+  inner=$(printf '%s' "$resp" | tr '\\n' ' ' | sed -nE 's|.*<synkro-verdict>(.*)</synkro-verdict>.*|\\1|p' | tail -1)
+  [ -z "$inner" ] && return
+  local ok_tag
+  ok_tag=$(printf '%s' "$inner" | sed -nE 's|.*<ok>(.*)</ok>.*|\\1|p' | head -1)
+  [ -n "$ok_tag" ] && LOCAL_OK="$ok_tag"
+  LOCAL_REASON=$(printf '%s' "$inner" | sed -nE 's|.*<reason>(.*)</reason>.*|\\1|p' | head -1)
+  if [ "$LOCAL_OK" = "false" ]; then
+    local fv
+    fv=$(printf '%s' "$inner" | awk -v RS='</violation>' '/<violation>/{print; exit}')
+    LOCAL_RULE_ID=$(printf '%s' "$fv" | sed -nE 's|.*<rule_id>(.*)</rule_id>.*|\\1|p' | head -1)
+    [ -z "$LOCAL_REASON" ] && LOCAL_REASON=$(printf '%s' "$fv" | sed -nE 's|.*<reason>(.*)</reason>.*|\\1|p' | head -1)
+    LOCAL_SEV=$(printf '%s' "$fv" | sed -nE 's|.*<severity>(.*)</severity>.*|\\1|p' | head -1)
+    LOCAL_CAT=$(printf '%s' "$fv" | sed -nE 's|.*<category>(.*)</category>.*|\\1|p' | head -1)
+    LOCAL_SEV="\${LOCAL_SEV:-high}"; LOCAL_CAT="\${LOCAL_CAT:-policy_violation}"
+  fi
+}
+
+# Fire anonymized telemetry for local verdicts. All args positional.
+synkro_capture_local() {
+  local hook_type="$1" verdict="$2" severity="$3" category="$4" tool_name="$5" repo="$6" session_id="$7"
+  (
+    BODY=$(jq -n \\
+      --arg eid "$(uuidgen 2>/dev/null || echo "evt_$(date +%s)_$$")" \\
+      --arg ht "$hook_type" --arg v "$verdict" --arg s "$severity" --arg c "$category" \\
+      --arg tn "$tool_name" --arg r "$repo" --arg sid "$session_id" \\
+      '{capture_type:"local_verdict",event_id:$eid,hook_type:$ht,verdict:$v,severity:$s,category:$c,model:"claude-sonnet-4-6",tool_name:$tn}
+        + (if $r != "" then {repo:$r} else {} end)
+        + (if $sid != "" then {session_id:$sid} else {} end)')
+    curl -sS -X POST "\${GATEWAY_URL}/api/v1/hook/capture" \\
+      -H "Content-Type: application/json" -H "Authorization: Bearer $JWT" \\
+      -d "$BODY" --max-time 2 >/dev/null 2>&1
+  ) &
+}
+
 synkro_post_with_retry() {
   local url="$1" body="$2" timeout="\${3:-8}"
   local resp
@@ -545,44 +625,57 @@ if [ -z "$COMMAND" ]; then echo '{}'; exit 0; fi
 CMD_SHORT=$(printf '%s' "$COMMAND" | head -c 80)
 synkro_log "bashGuard checking: $CMD_SHORT"
 
-# Extract transcript context
 TRANSCRIPT_PATH=$(echo "$PAYLOAD" | jq -r '.transcript_path // empty' 2>/dev/null)
 USER_INTENT=""
 RECENT_USER_MESSAGES="[]"
-RECENT_MESSAGES="[]"
-RECENT_ACTIONS="[]"
 if [ -n "$TRANSCRIPT_PATH" ] && [ -f "$TRANSCRIPT_PATH" ]; then
-  RECENT_USER_MESSAGES=$(tail -400 "$TRANSCRIPT_PATH" | jq -c -s '
-    [.[] | select(.type == "user") | (.message.content
-      | if type == "string" then . else (map(.text? // "") | join(" ")) end)
-      | select(. != null and . != "")
-    ] | .[-5:]' 2>/dev/null || echo "[]")
+  RECENT_USER_MESSAGES=$(tail -400 "$TRANSCRIPT_PATH" | jq -c -s '[.[] | select(.type == "user") | (.message.content | if type == "string" then . else (map(.text? // "") | join(" ")) end) | select(. != null and . != "")] | .[-5:]' 2>/dev/null || echo "[]")
   USER_INTENT=$(echo "$RECENT_USER_MESSAGES" | jq -r '.[-1] // ""' 2>/dev/null || echo "")
-  RECENT_MESSAGES=$(tail -400 "$TRANSCRIPT_PATH" | jq -c -s '
-    [.[] | select(.type == "user" or .type == "assistant")
-      | {type, text: (.message.content | if type == "string" then .[0:500]
-          else ([.[]? | (.text? // "") | .[0:300]] | join(" ")) end)}
-    ] | .[-10:]' 2>/dev/null || echo "[]")
-  RECENT_ACTIONS=$(tail -400 "$TRANSCRIPT_PATH" | jq -c -s '
-    [.[] | select(.type == "assistant") | .message.content[]?
-      | select(.type == "tool_use") | {tool: .name, input: (.input // {} | tostring | .[0:200])}
-    ] | .[-5:]' 2>/dev/null || echo "[]")
 fi
 
-# Extract CC model + usage from last assistant turn
+# Headless detection
+IS_HEADLESS="\${SYNKRO_HEADLESS:-0}"
+case "$PERMISSION_MODE" in acceptEdits|bypassPermissions|plan|auto) IS_HEADLESS="1" ;; esac
+
+synkro_load_config
+ROUTE=$(synkro_route)
+
+if [ "$ROUTE" = "local" ]; then
+  # \u2500\u2500\u2500 Local grading (local_only privacy or local-cc channel) \u2500\u2500\u2500
+  GRADER_FILE=$(mktemp -t synkro-bash.XXXXXX)
+  trap "rm -f \\"$GRADER_FILE\\"" EXIT
+  printf 'Command: %s\\nUser intent: %s\\nOrg rules: %s\\n' "$COMMAND" "\${USER_INTENT:-none stated}" "\${SYNKRO_RULES:-[]}" > "$GRADER_FILE"
+
+  CC_RESP=$(synkro_local_grade bash < "$GRADER_FILE" || echo "")
+  synkro_parse_local_verdict "$CC_RESP"
+
+  if [ "$LOCAL_OK" = "false" ]; then
+    if [ "$IS_HEADLESS" = "1" ]; then DEC="deny"; else DEC="ask"; fi
+    REASON="[synkro:local] bashGuard \u2192 block\${LOCAL_RULE_ID:+ ($LOCAL_RULE_ID)}: \${LOCAL_REASON:-policy violation}"
+    jq -n --arg dec "$DEC" --arg reason "$REASON" --arg ctx "$REASON" \\
+      '{hookSpecificOutput:{hookEventName:"PreToolUse",permissionDecision:$dec,permissionDecisionReason:$reason,additionalContext:$ctx}}'
+    synkro_capture_local "bash" "block" "\${LOCAL_SEV}" "\${LOCAL_CAT}" "$TOOL_NAME" "$GIT_REPO" "$SESSION_ID"
+  else
+    jq -n --arg m "[synkro:local] bashGuard \u2192 pass: \${LOCAL_REASON:-no policy violations detected}" '{systemMessage: $m}'
+    synkro_capture_local "bash" "allow" "audit" "\${LOCAL_CAT:-trivial_utility}" "$TOOL_NAME" "$GIT_REPO" "$SESSION_ID"
+  fi
+  exit 0
+fi
+
+# \u2500\u2500\u2500 Cloud grading \u2500\u2500\u2500
 CC_MODEL=""
 CC_USAGE="{}"
+RECENT_MESSAGES="[]"
+RECENT_ACTIONS="[]"
+SESSION_SUMMARY=""
 if [ -n "$TRANSCRIPT_PATH" ] && [ -f "$TRANSCRIPT_PATH" ]; then
   _LAST=$(grep '"type":"assistant"' "$TRANSCRIPT_PATH" 2>/dev/null | tail -1)
   if [ -n "$_LAST" ]; then
     CC_MODEL=$(echo "$_LAST" | jq -r '.message.model // empty' 2>/dev/null)
     CC_USAGE=$(echo "$_LAST" | jq -c '{input_tokens:.message.usage.input_tokens,output_tokens:.message.usage.output_tokens,cache_creation_input_tokens:.message.usage.cache_creation_input_tokens,cache_read_input_tokens:.message.usage.cache_read_input_tokens}' 2>/dev/null || echo "{}")
   fi
-fi
-
-# Session summary from last summary entry
-SESSION_SUMMARY=""
-if [ -n "$TRANSCRIPT_PATH" ] && [ -f "$TRANSCRIPT_PATH" ]; then
+  RECENT_MESSAGES=$(tail -400 "$TRANSCRIPT_PATH" | jq -c -s '[.[] | select(.type == "user" or .type == "assistant") | {type, text: (.message.content | if type == "string" then .[0:500] else ([.[]? | (.text? // "") | .[0:300]] | join(" ")) end)}] | .[-10:]' 2>/dev/null || echo "[]")
+  RECENT_ACTIONS=$(tail -400 "$TRANSCRIPT_PATH" | jq -c -s '[.[] | select(.type == "assistant") | .message.content[]? | select(.type == "tool_use") | {tool: .name, input: (.input // {} | tostring | .[0:200])}] | .[-5:]' 2>/dev/null || echo "[]")
   SESSION_SUMMARY=$(grep '"type":"summary"' "$TRANSCRIPT_PATH" 2>/dev/null | tail -1 | jq -r '.summary // empty' 2>/dev/null || echo "")
 fi
 
@@ -664,6 +757,9 @@ if [ -z "$FILE_PATH" ]; then echo '{}'; exit 0; fi
 FILE_SHORT=$(basename "$FILE_PATH")
 synkro_log "editGuard checking: $FILE_SHORT"
 
+IS_HEADLESS="\${SYNKRO_HEADLESS:-0}"
+case "$PERMISSION_MODE" in acceptEdits|bypassPermissions|plan|auto) IS_HEADLESS="1" ;; esac
+
 # Read file before edit for reconstruction
 FILE_BEFORE=""
 if [ "$TOOL_NAME" != "Write" ] && [ -n "$FILE_PATH" ] && [ -f "$FILE_PATH" ]; then
@@ -713,6 +809,32 @@ if [ -n "$TRANSCRIPT_PATH" ] && [ -f "$TRANSCRIPT_PATH" ]; then
   RECENT_ACTIONS=$(tail -200 "$TRANSCRIPT_PATH" | jq -c -s '[.[] | select(.type == "assistant") | .message.content[]? | select(.type == "tool_use") | {tool: .name, input: (.input // {} | tostring | .[0:200])}] | .[-5:]' 2>/dev/null || echo "[]")
 fi
 
+synkro_load_config
+ROUTE=$(synkro_route)
+
+if [ "$ROUTE" = "local" ]; then
+  # \u2500\u2500\u2500 Local grading (local_only privacy or local-cc channel) \u2500\u2500\u2500
+  GRADER_FILE=$(mktemp -t synkro-edit.XXXXXX)
+  trap "rm -f \\"$GRADER_FILE\\"" EXIT
+  printf 'File: %s\\nProposed content (first 4000 chars):\\n%s\\nUser intent: %s\\nOrg rules: %s\\n' "$FILE_PATH" "$(printf '%s' "$PROPOSED" | head -c 4000)" "\${USER_INTENT:-none stated}" "\${SYNKRO_RULES:-[]}" > "$GRADER_FILE"
+
+  CC_RESP=$(synkro_local_grade edit < "$GRADER_FILE" || echo "")
+  synkro_parse_local_verdict "$CC_RESP"
+
+  if [ "$LOCAL_OK" = "false" ]; then
+    if [ "$IS_HEADLESS" = "1" ]; then DEC="deny"; else DEC="ask"; fi
+    REASON="[synkro:local] editGuard $FILE_SHORT \u2192 block\${LOCAL_RULE_ID:+ ($LOCAL_RULE_ID)}: \${LOCAL_REASON:-policy violation}"
+    jq -n --arg dec "$DEC" --arg reason "$REASON" --arg ctx "$REASON" \\
+      '{hookSpecificOutput:{hookEventName:"PreToolUse",permissionDecision:$dec,permissionDecisionReason:$reason,additionalContext:$ctx}}'
+    synkro_capture_local "edit" "block" "\${LOCAL_SEV}" "\${LOCAL_CAT}" "$TOOL_NAME" "$GIT_REPO" "$SESSION_ID"
+  else
+    jq -n --arg m "[synkro:local] editGuard $FILE_SHORT \u2192 pass: \${LOCAL_REASON:-no policy violations detected}" '{systemMessage: $m}'
+    synkro_capture_local "edit" "pass" "audit" "\${LOCAL_CAT:-trivial_edit}" "$TOOL_NAME" "$GIT_REPO" "$SESSION_ID"
+  fi
+  exit 0
+fi
+
+# \u2500\u2500\u2500 Cloud grading \u2500\u2500\u2500
 BODY=$(jq -n \\
   --arg hook_event "PreToolUse" \\
   --arg tool_name "$TOOL_NAME" \\
@@ -829,6 +951,30 @@ while [ "$_PKG_DIR" != "/" ]; do
   _PKG_DIR=$(dirname "$_PKG_DIR")
 done
 
+synkro_load_config
+ROUTE=$(synkro_route)
+
+if [ "$ROUTE" = "local" ]; then
+  # \u2500\u2500\u2500 Local edit scan (local_only privacy or local-cc channel) \u2500\u2500\u2500
+  GRADER_FILE=$(mktemp -t synkro-escan.XXXXXX)
+  trap "rm -f \\"$GRADER_FILE\\"" EXIT
+  printf 'File: %s\\nContent (first 4000 chars):\\n%s\\nOrg rules: %s\\n' "$FILE_PATH" "$(printf '%s' "$FILE_CONTENT" | head -c 4000)" "\${SYNKRO_RULES:-[]}" > "$GRADER_FILE"
+
+  CC_RESP=$(synkro_local_grade edit < "$GRADER_FILE" || echo "")
+  synkro_parse_local_verdict "$CC_RESP"
+
+  if [ "$LOCAL_OK" = "false" ]; then
+    REASON="[synkro:local] editScan $BASENAME \u2192 block: \${LOCAL_REASON:-policy violation}"
+    jq -n --arg m "$REASON" '{systemMessage: $m, additionalContext: $m}'
+    synkro_capture_local "edit_scan" "block" "\${LOCAL_SEV}" "\${LOCAL_CAT}" "$TOOL_NAME" "$GIT_REPO" "$SESSION_ID"
+  else
+    jq -n --arg m "[synkro:local] editScan $BASENAME \u2192 pass: \${LOCAL_REASON:-no policy violations detected}" '{systemMessage: $m}'
+    synkro_capture_local "edit_scan" "pass" "audit" "\${LOCAL_CAT:-trivial_edit}" "$TOOL_NAME" "$GIT_REPO" "$SESSION_ID"
+  fi
+  exit 0
+fi
+
+# \u2500\u2500\u2500 Cloud edit scan \u2500\u2500\u2500
 BODY=$(jq -n \\
   --arg hook_event "PostToolUse" \\
   --arg tool_name "$TOOL_NAME" \\
@@ -863,7 +1009,6 @@ if [ -z "$RESP" ] || ! echo "$RESP" | jq -e 'type == "object"' >/dev/null 2>&1;
   exit 0
 fi
 
-# Server returns {hook_response: {...}} \u2014 extract and echo
 if echo "$RESP" | jq -e '.hook_response' >/dev/null 2>&1; then
   echo "$RESP" | jq -c '.hook_response'
 else
@@ -3456,7 +3601,7 @@ function writeConfigEnv(opts) {
     `SYNKRO_CREDENTIALS_PATH=${shellQuoteSingle(credsPath)}`,
     `SYNKRO_TIER=${shellQuoteSingle(safeTier)}`,
     `SYNKRO_INFERENCE=${shellQuoteSingle(safeInference)}`,
-    `SYNKRO_VERSION=${shellQuoteSingle("1.4.15")}`
+    `SYNKRO_VERSION=${shellQuoteSingle("1.4.17")}`
   ];
   if (safeSynkroBin) lines.push(`SYNKRO_CLI_BIN=${shellQuoteSingle(safeSynkroBin)}`);
   if (safeUserId) lines.push(`SYNKRO_USER_ID=${shellQuoteSingle(safeUserId)}`);