@synkro-sh/cli 1.4.25 → 1.4.26
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/bootstrap.js +9 -8
- package/dist/bootstrap.js.map +1 -1
- package/package.json +1 -1
package/dist/bootstrap.js
CHANGED
|
@@ -529,10 +529,10 @@ synkro_local_grade() {
|
|
|
529
529
|
}
|
|
530
530
|
|
|
531
531
|
# Parse <synkro-verdict>...</synkro-verdict> XML from local grader output.
|
|
532
|
-
# Sets LOCAL_OK, LOCAL_REASON, LOCAL_RULE_ID, LOCAL_SEV, LOCAL_CAT.
|
|
532
|
+
# Sets LOCAL_OK, LOCAL_REASON, LOCAL_RULE_ID, LOCAL_RULE_MODE, LOCAL_SEV, LOCAL_CAT.
|
|
533
533
|
synkro_parse_local_verdict() {
|
|
534
534
|
local resp="$1"
|
|
535
|
-
LOCAL_OK="true"; LOCAL_REASON=""; LOCAL_RULE_ID=""; LOCAL_SEV="low"; LOCAL_CAT="general"
|
|
535
|
+
LOCAL_OK="true"; LOCAL_REASON=""; LOCAL_RULE_ID=""; LOCAL_RULE_MODE=""; LOCAL_SEV="low"; LOCAL_CAT="general"
|
|
536
536
|
local inner
|
|
537
537
|
inner=$(printf '%s' "$resp" | tr '\\n' ' ' | sed -nE 's|.*<synkro-verdict>(.*)</synkro-verdict>.*|\\1|p' | tail -1)
|
|
538
538
|
[ -z "$inner" ] && return
|
|
@@ -543,6 +543,7 @@ synkro_parse_local_verdict() {
|
|
|
543
543
|
[ -z "$LOCAL_REASON" ] && LOCAL_REASON=$(printf '%s' "$inner" | sed -nE 's|.*<reasoning>(.*)</reasoning>.*|\\1|p' | head -1)
|
|
544
544
|
if [ "$LOCAL_OK" = "false" ]; then
|
|
545
545
|
LOCAL_RULE_ID=$(printf '%s' "$inner" | sed -nE 's|.*<rule_id>(.*)</rule_id>.*|\\1|p' | head -1)
|
|
546
|
+
LOCAL_RULE_MODE=$(printf '%s' "$inner" | sed -nE 's|.*<rule_mode>(.*)</rule_mode>.*|\\1|p' | head -1)
|
|
546
547
|
LOCAL_SEV=$(printf '%s' "$inner" | sed -nE 's|.*<risk_level>(.*)</risk_level>.*|\\1|p' | head -1)
|
|
547
548
|
LOCAL_CAT=$(printf '%s' "$inner" | sed -nE 's|.*<category>(.*)</category>.*|\\1|p' | head -1)
|
|
548
549
|
if [ -z "$LOCAL_RULE_ID" ]; then
|
|
@@ -580,7 +581,7 @@ synkro_rule_mode() {
|
|
|
580
581
|
local rid="$1"
|
|
581
582
|
[ -z "$rid" ] || [ -z "\${SYNKRO_RULES:-}" ] && echo "blocking" && return
|
|
582
583
|
local m
|
|
583
|
-
m=$(printf '%s' "$SYNKRO_RULES" | jq -r --arg r "$rid" '[.[] | select(.rule_id == $r) | .mode] | .[0] // "blocking"' 2>/dev/null)
|
|
584
|
+
m=$(printf '%s' "$SYNKRO_RULES" | jq -r --arg r "$rid" '[.[] | select(.rule_id == $r) | .mode] | if any(. == "blocking") then "blocking" else .[0] // "blocking" end' 2>/dev/null)
|
|
584
585
|
[ -z "$m" ] || [ "$m" = "null" ] && m="blocking"
|
|
585
586
|
echo "$m"
|
|
586
587
|
}
|
|
@@ -691,7 +692,7 @@ if [ "$ROUTE" = "local" ]; then
|
|
|
691
692
|
synkro_parse_local_verdict "$CC_RESP"
|
|
692
693
|
|
|
693
694
|
if [ "$LOCAL_OK" = "false" ]; then
|
|
694
|
-
RULE_MODE
|
|
695
|
+
RULE_MODE="\${LOCAL_RULE_MODE:-$(synkro_rule_mode "\${LOCAL_RULE_ID}")}"
|
|
695
696
|
if [ "$RULE_MODE" = "audit" ]; then
|
|
696
697
|
REASON="[synkro:local] bashGuard \u2192 warning\${LOCAL_RULE_ID:+ ($LOCAL_RULE_ID)}: \${LOCAL_REASON:-policy violation}"
|
|
697
698
|
jq -n --arg m "$REASON" '{systemMessage: $m}'
|
|
@@ -709,7 +710,7 @@ if [ "$ROUTE" = "local" ]; then
|
|
|
709
710
|
if [ "$IS_HEADLESS" = "1" ]; then DEC="deny"; else DEC="ask"; fi
|
|
710
711
|
REASON="[synkro:local] bashGuard \u2192 block\${LOCAL_RULE_ID:+ ($LOCAL_RULE_ID)}: \${LOCAL_REASON:-policy violation}"
|
|
711
712
|
jq -n --arg dec "$DEC" --arg reason "$REASON" --arg ctx "$REASON" \\
|
|
712
|
-
'{
|
|
713
|
+
'{hookSpecificOutput:{hookEventName:"PreToolUse",permissionDecision:$dec,permissionDecisionReason:$reason,additionalContext:$ctx}}'
|
|
713
714
|
synkro_capture_local "bash" "block" "\${LOCAL_SEV}" "\${LOCAL_CAT}" "$TOOL_NAME" "$GIT_REPO" "$SESSION_ID"
|
|
714
715
|
fi
|
|
715
716
|
fi
|
|
@@ -880,7 +881,7 @@ if [ "$ROUTE" = "local" ]; then
|
|
|
880
881
|
synkro_parse_local_verdict "$CC_RESP"
|
|
881
882
|
|
|
882
883
|
if [ "$LOCAL_OK" = "false" ]; then
|
|
883
|
-
RULE_MODE
|
|
884
|
+
RULE_MODE="\${LOCAL_RULE_MODE:-$(synkro_rule_mode "\${LOCAL_RULE_ID}")}"
|
|
884
885
|
if [ "$RULE_MODE" = "audit" ]; then
|
|
885
886
|
REASON="[synkro:local] editGuard $FILE_SHORT \u2192 warning\${LOCAL_RULE_ID:+ ($LOCAL_RULE_ID)}: \${LOCAL_REASON:-policy violation}"
|
|
886
887
|
jq -n --arg m "$REASON" '{systemMessage: $m}'
|
|
@@ -1029,7 +1030,7 @@ if [ "$ROUTE" = "local" ]; then
|
|
|
1029
1030
|
synkro_parse_local_verdict "$CC_RESP"
|
|
1030
1031
|
|
|
1031
1032
|
if [ "$LOCAL_OK" = "false" ]; then
|
|
1032
|
-
RULE_MODE
|
|
1033
|
+
RULE_MODE="\${LOCAL_RULE_MODE:-$(synkro_rule_mode "\${LOCAL_RULE_ID}")}"
|
|
1033
1034
|
if [ "$RULE_MODE" = "audit" ]; then
|
|
1034
1035
|
REASON="[synkro:local] editScan $BASENAME \u2192 warning\${LOCAL_RULE_ID:+ ($LOCAL_RULE_ID)}: \${LOCAL_REASON:-policy violation}"
|
|
1035
1036
|
jq -n --arg m "$REASON" '{systemMessage: $m}'
|
|
@@ -3669,7 +3670,7 @@ function writeConfigEnv(opts) {
|
|
|
3669
3670
|
`SYNKRO_CREDENTIALS_PATH=${shellQuoteSingle(credsPath)}`,
|
|
3670
3671
|
`SYNKRO_TIER=${shellQuoteSingle(safeTier)}`,
|
|
3671
3672
|
`SYNKRO_INFERENCE=${shellQuoteSingle(safeInference)}`,
|
|
3672
|
-
`SYNKRO_VERSION=${shellQuoteSingle("1.4.
|
|
3673
|
+
`SYNKRO_VERSION=${shellQuoteSingle("1.4.26")}`
|
|
3673
3674
|
];
|
|
3674
3675
|
if (safeSynkroBin) lines.push(`SYNKRO_CLI_BIN=${shellQuoteSingle(safeSynkroBin)}`);
|
|
3675
3676
|
if (safeUserId) lines.push(`SYNKRO_USER_ID=${shellQuoteSingle(safeUserId)}`);
|