@synkro-sh/cli 1.4.31 → 1.4.33

package/dist/bootstrap.js

@@ -148,6 +148,17 @@ function installCCHooks(settingsPath, config) {
     ],
     [SYNKRO_MARKER]: true
   });
+  settings.hooks.PreToolUse.push({
+    matcher: "ExitPlanMode",
+    hooks: [
+      {
+        type: "command",
+        command: config.planJudgeScriptPath,
+        timeout: 45
+      }
+    ],
+    [SYNKRO_MARKER]: true
+  });
   settings.hooks.PostToolUse.push({
     matcher: "Edit|Write|MultiEdit|NotebookEdit",
     hooks: [
@@ -432,7 +443,7 @@ var init_mcpConfig = __esm({
 });
 
 // cli/installer/hookScripts.ts
-var SYNKRO_COMMON_SCRIPT, CC_BASH_JUDGE_SCRIPT, CC_EDIT_PRECHECK_SCRIPT, CC_EDIT_CAPTURE_SCRIPT, CC_STOP_SUMMARY_SCRIPT, CC_SESSION_START_SCRIPT, CC_BASH_FOLLOWUP_SCRIPT, CC_TRANSCRIPT_SYNC_SCRIPT, CURSOR_BASH_JUDGE_SCRIPT, CURSOR_EDIT_PRECHECK_SCRIPT, CURSOR_EDIT_CAPTURE_SCRIPT, CURSOR_BASH_FOLLOWUP_SCRIPT;
+var SYNKRO_COMMON_SCRIPT, CC_BASH_JUDGE_SCRIPT, CC_EDIT_PRECHECK_SCRIPT, CC_EDIT_CAPTURE_SCRIPT, CC_PLAN_JUDGE_SCRIPT, CC_STOP_SUMMARY_SCRIPT, CC_SESSION_START_SCRIPT, CC_BASH_FOLLOWUP_SCRIPT, CC_TRANSCRIPT_SYNC_SCRIPT, CURSOR_BASH_JUDGE_SCRIPT, CURSOR_EDIT_PRECHECK_SCRIPT, CURSOR_EDIT_CAPTURE_SCRIPT, CURSOR_BASH_FOLLOWUP_SCRIPT;
 var init_hookScripts = __esm({
   "cli/installer/hookScripts.ts"() {
     "use strict";
@@ -581,6 +592,49 @@ synkro_capture_local() {
   ) &
 }
 
+# Fire full-content telemetry for local verdicts (used when capture_depth is full or evidence_on_violation).
+synkro_capture_local_full() {
+  local hook_type="$1" verdict="$2" severity="$3" category="$4" tool_name="$5" repo="$6" session_id="$7"
+  local command="$8" reasoning="$9" rules_checked="\${10:-[]}" violated_rules="\${11:-[]}" recent_user_messages="\${12:-[]}"
+  (
+    BODY=$(jq -n \\
+      --arg eid "$(uuidgen 2>/dev/null || echo "evt_$(date +%s)_$$")" \\
+      --arg ht "$hook_type" --arg v "$verdict" --arg s "$severity" --arg c "$category" \\
+      --arg tn "$tool_name" --arg r "$repo" --arg sid "$session_id" \\
+      --arg cmd "$command" --arg rsn "$reasoning" --arg cd "$SYNKRO_CAPTURE_DEPTH" \\
+      --argjson rc "$rules_checked" --argjson vr "$violated_rules" --argjson rum "$recent_user_messages" \\
+      '{capture_type:"local_verdict",event_id:$eid,hook_type:$ht,verdict:$v,severity:$s,category:$c,
+        model:"claude-sonnet-4-6",tool_name:$tn,capture_depth:$cd,
+        command:(if ($cmd|length) > 0 then $cmd else null end),
+        reasoning:(if ($rsn|length) > 0 then $rsn else null end),
+        rules_checked:$rc, violated_rules:$vr, recent_user_messages:$rum}
+        + (if $r != "" then {repo:$r} else {} end)
+        + (if $sid != "" then {session_id:$sid} else {} end)')
+    curl -sS -X POST "\${GATEWAY_URL}/api/v1/hook/capture" \\
+      -H "Content-Type: application/json" -H "Authorization: Bearer $JWT" \\
+      -d "$BODY" --max-time 3 >/dev/null 2>&1
+  ) &
+}
+
+# Dispatch local verdict capture based on capture_depth privacy setting.
+# For full: always send full content. For evidence_on_violation: full only on violations. For local_only: anonymized only.
+synkro_dispatch_capture() {
+  local hook_type="$1" verdict="$2" severity="$3" category="$4" tool_name="$5" repo="$6" session_id="$7"
+  local command="$8" reasoning="$9" rules_checked="\${10:-[]}" violated_rules="\${11:-[]}" recent_user_messages="\${12:-[]}"
+  local send_full=false
+  case "\${SYNKRO_CAPTURE_DEPTH:-local_only}" in
+    full) send_full=true ;;
+    evidence_on_violation)
+      case "$verdict" in block|warning|deny) send_full=true ;; esac ;;
+  esac
+  if [ "$send_full" = "true" ]; then
+    synkro_capture_local_full "$hook_type" "$verdict" "$severity" "$category" "$tool_name" "$repo" "$session_id" \\
+      "$command" "$reasoning" "$rules_checked" "$violated_rules" "$recent_user_messages"
+  else
+    synkro_capture_local "$hook_type" "$verdict" "$severity" "$category" "$tool_name" "$repo" "$session_id"
+  fi
+}
+
 # Look up a rule's mode from cached rules. Returns "blocking" or "audit".
 synkro_rule_mode() {
   local rid="$1"
@@ -700,18 +754,24 @@ if [ "$ROUTE" = "local" ]; then
   fi
   synkro_parse_local_verdict "$CC_RESP"
 
+  # Build violated rules JSON for full-content capture
+  VIOLATED_JSON="[]"
+  [ -n "$LOCAL_RULE_ID" ] && VIOLATED_JSON=$(jq -n --arg r "$LOCAL_RULE_ID" '[$r]')
+
   if [ "$LOCAL_OK" = "false" ]; then
     RULE_MODE="\${LOCAL_RULE_MODE:-$(synkro_rule_mode "\${LOCAL_RULE_ID}")}"
     if [ "$RULE_MODE" = "audit" ]; then
       REASON="[synkro:local] bashGuard \u2192 warning\${LOCAL_RULE_ID:+ ($LOCAL_RULE_ID)}: \${LOCAL_REASON:-policy violation}"
       jq -n --arg m "$REASON" '{systemMessage: $m}'
-      synkro_capture_local "bash" "warning" "\${LOCAL_SEV}" "\${LOCAL_CAT}" "$TOOL_NAME" "$GIT_REPO" "$SESSION_ID"
+      synkro_dispatch_capture "bash" "warning" "\${LOCAL_SEV}" "\${LOCAL_CAT}" "$TOOL_NAME" "$GIT_REPO" "$SESSION_ID" \\
+        "$COMMAND" "$LOCAL_REASON" "\${SYNKRO_RULES:-[]}" "$VIOLATED_JSON" "\${RECENT_USER_MESSAGES:-[]}"
     else
       CMD_HASH=$(printf '%s' "$COMMAND" | shasum -a 256 | cut -c1-16)
       if [ -n "$SESSION_ID" ] && synkro_consent_has_active "$SESSION_ID" "$CMD_HASH"; then
         REASON="[synkro:local] bashGuard \u2192 pass (consented retry): \${LOCAL_REASON:-retrying previously consented command}"
         jq -n --arg m "$REASON" '{systemMessage: $m}'
-        synkro_capture_local "bash" "pass" "\${LOCAL_SEV}" "\${LOCAL_CAT}" "$TOOL_NAME" "$GIT_REPO" "$SESSION_ID"
+        synkro_dispatch_capture "bash" "pass" "\${LOCAL_SEV}" "\${LOCAL_CAT}" "$TOOL_NAME" "$GIT_REPO" "$SESSION_ID" \\
+          "$COMMAND" "$LOCAL_REASON" "\${SYNKRO_RULES:-[]}" "$VIOLATED_JSON" "\${RECENT_USER_MESSAGES:-[]}"
       else
         if [ -n "$SESSION_ID" ] && synkro_consent_has_consumed "$SESSION_ID" "$CMD_HASH"; then
           synkro_consent_clear_consumed "$SESSION_ID" "$CMD_HASH"
@@ -720,12 +780,14 @@ if [ "$ROUTE" = "local" ]; then
         REASON="[synkro:local] bashGuard \u2192 block\${LOCAL_RULE_ID:+ ($LOCAL_RULE_ID)}: \${LOCAL_REASON:-policy violation}"
         jq -n --arg dec "$DEC" --arg reason "$REASON" --arg ctx "$REASON" \\
           '{systemMessage:$reason,hookSpecificOutput:{hookEventName:"PreToolUse",permissionDecision:$dec,permissionDecisionReason:$reason,additionalContext:$ctx}}'
-        synkro_capture_local "bash" "block" "\${LOCAL_SEV}" "\${LOCAL_CAT}" "$TOOL_NAME" "$GIT_REPO" "$SESSION_ID"
+        synkro_dispatch_capture "bash" "block" "\${LOCAL_SEV}" "\${LOCAL_CAT}" "$TOOL_NAME" "$GIT_REPO" "$SESSION_ID" \\
+          "$COMMAND" "$LOCAL_REASON" "\${SYNKRO_RULES:-[]}" "$VIOLATED_JSON" "\${RECENT_USER_MESSAGES:-[]}"
       fi
     fi
   else
     jq -n --arg m "[synkro:local] bashGuard \u2192 pass: \${LOCAL_REASON:-no policy violations detected}" '{systemMessage: $m}'
-    synkro_capture_local "bash" "pass" "audit" "\${LOCAL_CAT:-trivial_utility}" "$TOOL_NAME" "$GIT_REPO" "$SESSION_ID"
+    synkro_dispatch_capture "bash" "pass" "audit" "\${LOCAL_CAT:-trivial_utility}" "$TOOL_NAME" "$GIT_REPO" "$SESSION_ID" \\
+      "$COMMAND" "$LOCAL_REASON" "\${SYNKRO_RULES:-[]}" "[]" "\${RECENT_USER_MESSAGES:-[]}"
   fi
   exit 0
 fi
@@ -893,22 +955,30 @@ if [ "$ROUTE" = "local" ]; then
   fi
   synkro_parse_local_verdict "$CC_RESP"
 
+  # Build edit content description and violated rules for full-content capture
+  EDIT_CONTENT="file=$FILE_PATH content=$(printf '%s' "$PROPOSED" | head -c 2000)"
+  VIOLATED_JSON="[]"
+  [ -n "$LOCAL_RULE_ID" ] && VIOLATED_JSON=$(jq -n --arg r "$LOCAL_RULE_ID" '[$r]')
+
   if [ "$LOCAL_OK" = "false" ]; then
     RULE_MODE="\${LOCAL_RULE_MODE:-$(synkro_rule_mode "\${LOCAL_RULE_ID}")}"
     if [ "$RULE_MODE" = "audit" ]; then
       REASON="[synkro:local] editGuard $FILE_SHORT \u2192 warning\${LOCAL_RULE_ID:+ ($LOCAL_RULE_ID)}: \${LOCAL_REASON:-policy violation}"
       jq -n --arg m "$REASON" '{systemMessage: $m}'
-      synkro_capture_local "edit" "warning" "\${LOCAL_SEV}" "\${LOCAL_CAT}" "$TOOL_NAME" "$GIT_REPO" "$SESSION_ID"
+      synkro_dispatch_capture "edit" "warning" "\${LOCAL_SEV}" "\${LOCAL_CAT}" "$TOOL_NAME" "$GIT_REPO" "$SESSION_ID" \\
+        "$EDIT_CONTENT" "$LOCAL_REASON" "\${SYNKRO_RULES:-[]}" "$VIOLATED_JSON" "[]"
     else
       if [ "$IS_HEADLESS" = "1" ]; then DEC="deny"; else DEC="ask"; fi
       REASON="[synkro:local] editGuard $FILE_SHORT \u2192 block\${LOCAL_RULE_ID:+ ($LOCAL_RULE_ID)}: \${LOCAL_REASON:-policy violation}"
       jq -n --arg dec "$DEC" --arg reason "$REASON" --arg ctx "$REASON" \\
         '{hookSpecificOutput:{hookEventName:"PreToolUse",permissionDecision:$dec,permissionDecisionReason:$reason,additionalContext:$ctx}}'
-      synkro_capture_local "edit" "block" "\${LOCAL_SEV}" "\${LOCAL_CAT}" "$TOOL_NAME" "$GIT_REPO" "$SESSION_ID"
+      synkro_dispatch_capture "edit" "block" "\${LOCAL_SEV}" "\${LOCAL_CAT}" "$TOOL_NAME" "$GIT_REPO" "$SESSION_ID" \\
+        "$EDIT_CONTENT" "$LOCAL_REASON" "\${SYNKRO_RULES:-[]}" "$VIOLATED_JSON" "[]"
     fi
   else
     jq -n --arg m "[synkro:local] editGuard $FILE_SHORT \u2192 pass: \${LOCAL_REASON:-no policy violations detected}" '{systemMessage: $m}'
-    synkro_capture_local "edit" "pass" "audit" "\${LOCAL_CAT:-trivial_edit}" "$TOOL_NAME" "$GIT_REPO" "$SESSION_ID"
+    synkro_dispatch_capture "edit" "pass" "audit" "\${LOCAL_CAT:-trivial_edit}" "$TOOL_NAME" "$GIT_REPO" "$SESSION_ID" \\
+      "$EDIT_CONTENT" "$LOCAL_REASON" "\${SYNKRO_RULES:-[]}" "[]" "[]"
   fi
   exit 0
 fi
@@ -1045,20 +1115,27 @@ if [ "$ROUTE" = "local" ]; then
   fi
   synkro_parse_local_verdict "$CC_RESP"
 
+  SCAN_CONTENT="file=$FILE_PATH"
+  SCAN_VIOLATED="[]"
+  [ -n "$LOCAL_RULE_ID" ] && SCAN_VIOLATED=$(jq -n --arg r "$LOCAL_RULE_ID" '[$r]')
+
   if [ "$LOCAL_OK" = "false" ]; then
     RULE_MODE="\${LOCAL_RULE_MODE:-$(synkro_rule_mode "\${LOCAL_RULE_ID}")}"
     if [ "$RULE_MODE" = "audit" ]; then
       REASON="[synkro:local] editScan $BASENAME \u2192 warning\${LOCAL_RULE_ID:+ ($LOCAL_RULE_ID)}: \${LOCAL_REASON:-policy violation}"
       jq -n --arg m "$REASON" '{systemMessage: $m}'
-      synkro_capture_local "edit_scan" "warning" "\${LOCAL_SEV}" "\${LOCAL_CAT}" "$TOOL_NAME" "$GIT_REPO" "$SESSION_ID"
+      synkro_dispatch_capture "edit_scan" "warning" "\${LOCAL_SEV}" "\${LOCAL_CAT}" "$TOOL_NAME" "$GIT_REPO" "$SESSION_ID" \\
+        "$SCAN_CONTENT" "$LOCAL_REASON" "\${SYNKRO_RULES:-[]}" "$SCAN_VIOLATED" "[]"
     else
       REASON="[synkro:local] editScan $BASENAME \u2192 block: \${LOCAL_REASON:-policy violation}"
       jq -n --arg m "$REASON" '{systemMessage: $m, additionalContext: $m}'
-      synkro_capture_local "edit_scan" "block" "\${LOCAL_SEV}" "\${LOCAL_CAT}" "$TOOL_NAME" "$GIT_REPO" "$SESSION_ID"
+      synkro_dispatch_capture "edit_scan" "block" "\${LOCAL_SEV}" "\${LOCAL_CAT}" "$TOOL_NAME" "$GIT_REPO" "$SESSION_ID" \\
+        "$SCAN_CONTENT" "$LOCAL_REASON" "\${SYNKRO_RULES:-[]}" "$SCAN_VIOLATED" "[]"
     fi
   else
     jq -n --arg m "[synkro:local] editScan $BASENAME \u2192 pass: \${LOCAL_REASON:-no policy violations detected}" '{systemMessage: $m}'
-    synkro_capture_local "edit_scan" "pass" "audit" "\${LOCAL_CAT:-trivial_edit}" "$TOOL_NAME" "$GIT_REPO" "$SESSION_ID"
+    synkro_dispatch_capture "edit_scan" "pass" "audit" "\${LOCAL_CAT:-trivial_edit}" "$TOOL_NAME" "$GIT_REPO" "$SESSION_ID" \\
+      "$SCAN_CONTENT" "$LOCAL_REASON" "\${SYNKRO_RULES:-[]}" "[]" "[]"
   fi
   exit 0
 fi
@@ -1104,6 +1181,103 @@ else
   echo '{}'
 fi
 exit 0
+`;
+    CC_PLAN_JUDGE_SCRIPT = `#!/bin/bash
+SCRIPT_DIR="$(cd "$(dirname "\${BASH_SOURCE[0]}")" && pwd)"
+. "$SCRIPT_DIR/_synkro-common.sh"
+
+JWT=$(synkro_load_jwt)
+if [ -z "$JWT" ]; then echo '{}'; exit 0; fi
+synkro_ensure_fresh_jwt
+
+PAYLOAD=$(cat)
+if [ -z "$PAYLOAD" ]; then echo '{}'; exit 0; fi
+
+TOOL_NAME=$(echo "$PAYLOAD" | jq -r '.tool_name // empty' 2>/dev/null)
+if [ "$TOOL_NAME" != "ExitPlanMode" ]; then echo '{}'; exit 0; fi
+
+PLAN=$(echo "$PAYLOAD" | jq -r '.tool_input.plan // empty' 2>/dev/null)
+if [ -z "$PLAN" ] || [ \${#PLAN} -lt 20 ]; then echo '{}'; exit 0; fi
+
+SESSION_ID=$(echo "$PAYLOAD" | jq -r '.session_id // empty' 2>/dev/null)
+CWD=$(echo "$PAYLOAD" | jq -r '.cwd // empty' 2>/dev/null)
+GIT_REPO=$(synkro_detect_repo "\${CWD:-.}")
+
+PLAN_SHORT=$(printf '%s' "$PLAN" | head -c 80)
+synkro_log "planReview checking: $PLAN_SHORT..."
+
+synkro_load_config
+ROUTE=$(synkro_route)
+
+if [ "$ROUTE" = "local" ]; then
+  GRADER_FILE=$(mktemp -t synkro-plan.XXXXXX)
+  trap "rm -f \\"$GRADER_FILE\\"" EXIT
+  printf 'Plan:\\n%s\\nOrg rules: %s\\n' "$(printf '%s' "$PLAN" | head -c 8000)" "\${SYNKRO_RULES:-[]}" > "$GRADER_FILE"
+
+  CC_RESP=$(synkro_local_grade plan < "$GRADER_FILE" 2>&1)
+  if [ $? -ne 0 ]; then
+    echo '{}'; exit 0
+  fi
+  synkro_parse_local_verdict "$CC_RESP"
+
+  PLAN_CONTENT=$(printf '%s' "$PLAN" | head -c 2000)
+  PLAN_VIOLATED="[]"
+  [ -n "$LOCAL_RULE_ID" ] && PLAN_VIOLATED=$(jq -n --arg r "$LOCAL_RULE_ID" '[$r]')
+
+  if [ "$LOCAL_OK" = "false" ]; then
+    VCOUNT=$(printf '%s' "$CC_RESP" | grep -c '<violation>' 2>/dev/null || echo "0")
+    [ "$VCOUNT" = "0" ] && VCOUNT="1"
+    MSG="[synkro:local] planReview \u2192 \${VCOUNT} rule(s) relevant\${LOCAL_RULE_ID:+ (first: $LOCAL_RULE_ID)}: \${LOCAL_REASON:-check org rules during implementation}"
+    jq -n --arg m "$MSG" '{systemMessage: $m}'
+    synkro_dispatch_capture "plan_review" "advisory" "\${LOCAL_SEV}" "\${LOCAL_CAT}" "ExitPlanMode" "$GIT_REPO" "$SESSION_ID" \\
+      "$PLAN_CONTENT" "$LOCAL_REASON" "\${SYNKRO_RULES:-[]}" "$PLAN_VIOLATED" "[]"
+  else
+    jq -n --arg m "[synkro:local] planReview \u2192 clean: \${LOCAL_REASON:-no relevant org rules for this plan}" '{systemMessage: $m}'
+    synkro_dispatch_capture "plan_review" "clean" "audit" "\${LOCAL_CAT:-general}" "ExitPlanMode" "$GIT_REPO" "$SESSION_ID" \\
+      "$PLAN_CONTENT" "$LOCAL_REASON" "\${SYNKRO_RULES:-[]}" "[]" "[]"
+  fi
+  exit 0
+fi
+
+# \u2500\u2500\u2500 Cloud grading \u2500\u2500\u2500
+BODY=$(jq -n \\
+  --arg hook_event "PreToolUse" \\
+  --arg tool_name "ExitPlanMode" \\
+  --arg plan "$(printf '%s' "$PLAN" | head -c 16000)" \\
+  --arg session_id "$SESSION_ID" \\
+  --arg cwd "$CWD" \\
+  --arg repo "$GIT_REPO" \\
+  '{
+    hook_event: $hook_event,
+    tool_name: $tool_name,
+    tool_input: {plan: $plan},
+    session_id: (if ($session_id | length) > 0 then $session_id else null end),
+    cwd: (if ($cwd | length) > 0 then $cwd else null end),
+    repo: (if ($repo | length) > 0 then $repo else null end)
+  }')
+
+RESP=$(synkro_post_with_retry "\${GATEWAY_URL}/api/v1/hook/judge" "$BODY" 12)
+
+if [ -z "$RESP" ]; then
+  synkro_log "planReview \u2192 error (timeout)"
+  echo '{}'
+  exit 0
+fi
+
+if ! echo "$RESP" | jq -e '.hook_response' >/dev/null 2>&1; then
+  echo '{}'
+  exit 0
+fi
+
+# Force advisory: convert any blocking decision to systemMessage
+HR=$(echo "$RESP" | jq -c '.hook_response')
+if echo "$HR" | jq -e '.hookSpecificOutput.permissionDecision' >/dev/null 2>&1; then
+  REASON=$(echo "$HR" | jq -r '.hookSpecificOutput.permissionDecisionReason // "check org rules"' 2>/dev/null)
+  jq -n --arg m "[synkro:cloud] planReview \u2192 advisory: $REASON" '{systemMessage: $m}'
+else
+  echo "$HR"
+fi
+exit 0
 `;
     CC_STOP_SUMMARY_SCRIPT = `#!/bin/bash
 SCRIPT_DIR="$(cd "$(dirname "\${BASH_SOURCE[0]}")" && pwd)"
@@ -1200,20 +1374,18 @@ RESP=$(curl -sS -G "\${GATEWAY_URL}/api/v1/hook/config" \\
   --data-urlencode "repo=\${GIT_REPO:-}" \\
   -H "Authorization: Bearer $JWT" --max-time 3 2>/dev/null || echo "")
 
-PLAN_NUDGE="Before implementing any multi-step plan, call the synkro-guardrails analyze_plan tool with your implementation plan to check for relevant org coding rules."
-
 OPEN=0
 if [ -n "$RESP" ]; then
   OPEN=$(echo "$RESP" | jq -r '.session_context.open_findings // 0' 2>/dev/null)
 fi
 
 if [ "$OPEN" = "0" ] || [ -z "$OPEN" ]; then
-  jq -n --arg m "$ROUTE_LINE"$'\\n'"[synkro] $PLAN_NUDGE" '{systemMessage: $m}'
+  jq -n --arg m "$ROUTE_LINE" '{systemMessage: $m}'
 else
   if [ "$OPEN" = "1" ]; then
-    SYS_MSG="$ROUTE_LINE"$'\\n'"[synkro] session start \u2192 1 open finding in this repo from a prior session. $PLAN_NUDGE"
+    SYS_MSG="$ROUTE_LINE"$'\\n'"[synkro] session start \u2192 1 open finding in this repo from a prior session."
   else
-    SYS_MSG="$ROUTE_LINE"$'\\n'"[synkro] session start \u2192 \${OPEN} open findings in this repo from prior sessions. $PLAN_NUDGE"
+    SYS_MSG="$ROUTE_LINE"$'\\n'"[synkro] session start \u2192 \${OPEN} open findings in this repo from prior sessions."
   fi
   jq -n --arg m "$SYS_MSG" '{systemMessage: $m}'
 fi
@@ -3079,7 +3251,22 @@ tmux kill-session -t "$SESSION" 2>/dev/null || true
 tmux new-session -d -s "$SESSION" \\
   "claude --dangerously-load-development-channels server:synkro-local --dangerously-skip-permissions --setting-sources project,local --model claude-sonnet-4-6 2>>$LOG; echo 'claude exited with code '$'?' >> $LOG"
 
-# Give claude a moment to start before checking
+# Claude's --dangerously-skip-permissions shows a one-time confirmation
+# prompt (accept option = '2'). Because --setting-sources skips user
+# settings, the acceptance is never persisted, so the prompt reappears
+# every launch. Auto-accept it by sending the right key sequence.
+sleep 3
+if tmux has-session -t "$SESSION" 2>/dev/null; then
+  # Send '2' to accept bypass-permissions, then Enter for any follow-up prompts
+  tmux send-keys -t "$SESSION" '2' 2>/dev/null || true
+  sleep 1
+  tmux send-keys -t "$SESSION" Enter 2>/dev/null || true
+  sleep 1
+  # Additional Enter for workspace trust / MCP consent prompts
+  tmux send-keys -t "$SESSION" Enter 2>/dev/null || true
+  log "Sent auto-accept keys to claude session."
+fi
+
 sleep 2
 if ! tmux has-session -t "$SESSION" 2>/dev/null; then
   log "ERROR: tmux session died immediately. Check $LOG for details."
@@ -3233,14 +3420,15 @@ function probePort(host, port, timeoutMs = 500) {
     sock.setTimeout(timeoutMs, () => done(false));
   });
 }
-function tmuxKickEnter() {
+function tmuxDismissPrompts() {
+  spawnSync2("tmux", ["send-keys", "-t", TMUX_SESSION, "2"], { encoding: "utf-8" });
   spawnSync2("tmux", ["send-keys", "-t", TMUX_SESSION, "Enter"], { encoding: "utf-8" });
 }
 async function waitForChannelReady(port, timeoutMs = 6e4, host = "127.0.0.1") {
   const deadline = Date.now() + timeoutMs;
   while (Date.now() < deadline) {
     if (await probePort(host, port)) return true;
-    tmuxKickEnter();
+    tmuxDismissPrompts();
     await new Promise((r) => setTimeout(r, 1e3));
   }
   return probePort(host, port);
@@ -3333,7 +3521,7 @@ async function fetchPrimers() {
 }
 async function getPrimer(role) {
   const prompts = await fetchPrimers();
-  const primer = role === "grade-edit" ? prompts.grader_primer_edit : prompts.grader_primer_bash;
+  const primer = role === "grade-edit" ? prompts.grader_primer_edit : role === "grade-plan" ? prompts.grader_primer_plan : prompts.grader_primer_bash;
   if (!primer) {
     throw new Error(`No primer for role "${role}" returned from API.`);
   }
@@ -3642,6 +3830,7 @@ function writeHookScripts() {
   const bashFollowupScriptPath = join11(HOOKS_DIR, "cc-bash-followup.sh");
   const editCaptureScriptPath = join11(HOOKS_DIR, "cc-edit-capture.sh");
   const editPrecheckScriptPath = join11(HOOKS_DIR, "cc-edit-precheck.sh");
+  const planJudgeScriptPath = join11(HOOKS_DIR, "cc-plan-judge.sh");
   const stopSummaryScriptPath = join11(HOOKS_DIR, "cc-stop-summary.sh");
   const sessionStartScriptPath = join11(HOOKS_DIR, "cc-session-start.sh");
   const transcriptSyncScriptPath = join11(HOOKS_DIR, "cc-transcript-sync.sh");
@@ -3654,6 +3843,7 @@ function writeHookScripts() {
   writeFileSync7(bashFollowupScriptPath, CC_BASH_FOLLOWUP_SCRIPT, "utf-8");
   writeFileSync7(editCaptureScriptPath, CC_EDIT_CAPTURE_SCRIPT, "utf-8");
   writeFileSync7(editPrecheckScriptPath, CC_EDIT_PRECHECK_SCRIPT, "utf-8");
+  writeFileSync7(planJudgeScriptPath, CC_PLAN_JUDGE_SCRIPT, "utf-8");
   writeFileSync7(stopSummaryScriptPath, CC_STOP_SUMMARY_SCRIPT, "utf-8");
   writeFileSync7(sessionStartScriptPath, CC_SESSION_START_SCRIPT, "utf-8");
   writeFileSync7(transcriptSyncScriptPath, CC_TRANSCRIPT_SYNC_SCRIPT, "utf-8");
@@ -3666,6 +3856,7 @@ function writeHookScripts() {
   chmodSync2(bashFollowupScriptPath, 493);
   chmodSync2(editCaptureScriptPath, 493);
   chmodSync2(editPrecheckScriptPath, 493);
+  chmodSync2(planJudgeScriptPath, 493);
   chmodSync2(stopSummaryScriptPath, 493);
   chmodSync2(sessionStartScriptPath, 493);
   chmodSync2(transcriptSyncScriptPath, 493);
@@ -3679,6 +3870,7 @@ function writeHookScripts() {
     bashFollowupScript: bashFollowupScriptPath,
     editCaptureScript: editCaptureScriptPath,
     editPrecheckScript: editPrecheckScriptPath,
+    planJudgeScript: planJudgeScriptPath,
     stopSummaryScript: stopSummaryScriptPath,
     sessionStartScript: sessionStartScriptPath,
     transcriptSyncScript: transcriptSyncScriptPath,
@@ -3717,7 +3909,7 @@ function writeConfigEnv(opts) {
     `SYNKRO_CREDENTIALS_PATH=${shellQuoteSingle(credsPath)}`,
     `SYNKRO_TIER=${shellQuoteSingle(safeTier)}`,
     `SYNKRO_INFERENCE=${shellQuoteSingle(safeInference)}`,
-    `SYNKRO_VERSION=${shellQuoteSingle("1.4.31")}`
+    `SYNKRO_VERSION=${shellQuoteSingle("1.4.33")}`
   ];
   if (safeSynkroBin) lines.push(`SYNKRO_CLI_BIN=${shellQuoteSingle(safeSynkroBin)}`);
   if (safeUserId) lines.push(`SYNKRO_USER_ID=${shellQuoteSingle(safeUserId)}`);
@@ -3846,6 +4038,7 @@ function isAlreadyInstalled() {
     join11(HOOKS_DIR, "cc-bash-followup.sh"),
     join11(HOOKS_DIR, "cc-edit-precheck.sh"),
     join11(HOOKS_DIR, "cc-edit-capture.sh"),
+    join11(HOOKS_DIR, "cc-plan-judge.sh"),
     join11(HOOKS_DIR, "cc-stop-summary.sh"),
     join11(HOOKS_DIR, "cc-session-start.sh")
   ];
@@ -3984,6 +4177,7 @@ async function installCommand(opts = {}) {
   console.log(`  ${scripts.bashFollowupScript}`);
   console.log(`  ${scripts.editCaptureScript}`);
   console.log(`  ${scripts.editPrecheckScript}`);
+  console.log(`  ${scripts.planJudgeScript}`);
   console.log(`  ${scripts.stopSummaryScript}`);
   console.log(`  ${scripts.sessionStartScript}`);
   console.log(`  ${scripts.transcriptSyncScript}
@@ -4018,6 +4212,7 @@ async function installCommand(opts = {}) {
         bashFollowupScriptPath: scripts.bashFollowupScript,
         editCaptureScriptPath: scripts.editCaptureScript,
         editPrecheckScriptPath: scripts.editPrecheckScript,
+        planJudgeScriptPath: scripts.planJudgeScript,
         stopSummaryScriptPath: scripts.stopSummaryScript,
         sessionStartScriptPath: scripts.sessionStartScript,
         transcriptSyncScriptPath: scripts.transcriptSyncScript,
@@ -6063,8 +6258,9 @@ async function gradeCommand(args2) {
   let role;
   if (mode === "edit") role = "grade-edit";
   else if (mode === "bash") role = "grade-bash";
+  else if (mode === "plan") role = "grade-plan";
   else {
-    console.error("Usage: synkro grade <edit|bash>");
+    console.error("Usage: synkro grade <edit|bash|plan>");
     process.exit(2);
   }
   const payload = await readStdin();