npm - @synkro-sh/cli - Versions diffs - 1.4.38 → 1.4.40 - Mend

@synkro-sh/cli 1.4.38 → 1.4.40

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/bootstrap.js CHANGED Viewed

@@ -654,6 +654,8 @@ synkro_rule_mode() {
 SYNKRO_CONSENT_FILE="$HOME/.synkro/.local-consent"
+_TAB=$(printf '\\t')
 synkro_consent_grant() {
   local sid="$1" hash="$2"
   printf '%s\\t%s\\tactive\\n' "$sid" "$hash" >> "$SYNKRO_CONSENT_FILE" 2>/dev/null || true
@@ -661,26 +663,28 @@ synkro_consent_grant() {
 synkro_consent_has_active() {
   local sid="$1" hash="$2"
-  grep -q "^$sid\\\\t$hash\\\\tactive$" "$SYNKRO_CONSENT_FILE" 2>/dev/null
+  grep -q "^\${sid}\${_TAB}\${hash}\${_TAB}active$" "$SYNKRO_CONSENT_FILE" 2>/dev/null
 }
 synkro_consent_consume() {
   local sid="$1" hash="$2"
   [ ! -f "$SYNKRO_CONSENT_FILE" ] && return
   local tmp="\${SYNKRO_CONSENT_FILE}.tmp"
-  sed "s/^$sid\\\\t$hash\\\\tactive$/$sid\\t$hash\\tconsumed/" "$SYNKRO_CONSENT_FILE" > "$tmp" 2>/dev/null && mv "$tmp" "$SYNKRO_CONSENT_FILE" 2>/dev/null || true
+  local pat="\${sid}\${_TAB}\${hash}\${_TAB}active"
+  local rep="\${sid}\${_TAB}\${hash}\${_TAB}consumed"
+  awk -v p="$pat" -v r="$rep" '{if($0==p)print r;else print}' "$SYNKRO_CONSENT_FILE" > "$tmp" 2>/dev/null && mv "$tmp" "$SYNKRO_CONSENT_FILE" 2>/dev/null || true
 }
 synkro_consent_has_consumed() {
   local sid="$1" hash="$2"
-  grep -q "^$sid\\\\t$hash\\\\tconsumed$" "$SYNKRO_CONSENT_FILE" 2>/dev/null
+  grep -q "^\${sid}\${_TAB}\${hash}\${_TAB}consumed$" "$SYNKRO_CONSENT_FILE" 2>/dev/null
 }
 synkro_consent_clear_consumed() {
   local sid="$1" hash="$2"
   [ ! -f "$SYNKRO_CONSENT_FILE" ] && return
   local tmp="\${SYNKRO_CONSENT_FILE}.tmp"
-  grep -v "^$sid\\\\t$hash\\\\tconsumed$" "$SYNKRO_CONSENT_FILE" > "$tmp" 2>/dev/null && mv "$tmp" "$SYNKRO_CONSENT_FILE" 2>/dev/null || true
+  grep -v "^\${sid}\${_TAB}\${hash}\${_TAB}consumed$" "$SYNKRO_CONSENT_FILE" > "$tmp" 2>/dev/null && mv "$tmp" "$SYNKRO_CONSENT_FILE" 2>/dev/null || true
 }
 synkro_post_with_retry() {
@@ -753,20 +757,13 @@ if [ "$SYNKRO_SILENT" = "true" ]; then
   exit 0
 fi
-# Pre-grade consent check: skip grading if user already approved this command in this session
-CMD_HASH=$(printf '%s' "$COMMAND" | shasum -a 256 | cut -c1-16)
-if [ -n "$SESSION_ID" ] && [ -n "$CMD_HASH" ] && synkro_consent_has_active "$SESSION_ID" "$CMD_HASH"; then
-  jq -n --arg m "$TAG bashGuard \u2192 pass (previously approved)" '{systemMessage: $m}'
-  exit 0
-fi
 ROUTE=$(synkro_route)
 if [ "$ROUTE" = "local" ]; then
   # \u2500\u2500\u2500 Local grading (local_only privacy or local-cc channel) \u2500\u2500\u2500
   GRADER_FILE=$(mktemp -t synkro-bash.XXXXXX)
   trap "rm -f \\"$GRADER_FILE\\"" EXIT
-  printf 'Command: %s\\nUser intent: %s\\nOrg rules: %s\\n' "$COMMAND" "\${USER_INTENT:-none stated}" "\${SYNKRO_RULES:-[]}" > "$GRADER_FILE"
+  printf 'Working directory: %s\\nRepo: %s\\nCommand: %s\\nUser intent (last human message): %s\\nOrg rules: %s\\n' "\${CWD:-.}" "\${GIT_REPO:-unknown}" "$COMMAND" "\${USER_INTENT:-none stated}" "\${SYNKRO_RULES:-[]}" > "$GRADER_FILE"
   CC_RESP=$(synkro_local_grade bash < "$GRADER_FILE" 2>&1)
   if [ $? -ne 0 ]; then
@@ -787,10 +784,9 @@ if [ "$ROUTE" = "local" ]; then
       synkro_dispatch_capture "bash" "warning" "\${LOCAL_SEV}" "\${LOCAL_CAT}" "$TOOL_NAME" "$GIT_REPO" "$SESSION_ID" \\
         "$COMMAND" "$LOCAL_REASON" "\${SYNKRO_RULES:-[]}" "$VIOLATED_JSON" "\${RECENT_USER_MESSAGES:-[]}"
     else
-      if [ "$IS_HEADLESS" = "1" ]; then DEC="deny"; else DEC="ask"; fi
-      REASON="$TAG bashGuard \u2192 block\${LOCAL_RULE_ID:+ ($LOCAL_RULE_ID)}: \${LOCAL_REASON:-policy violation}"
-      jq -n --arg dec "$DEC" --arg reason "$REASON" --arg ctx "$REASON" \\
-        '{systemMessage:$reason,hookSpecificOutput:{hookEventName:"PreToolUse",permissionDecision:$dec,permissionDecisionReason:$reason,additionalContext:$ctx}}'
+      REASON="$TAG bashGuard \u2192 blocked\${LOCAL_RULE_ID:+ ($LOCAL_RULE_ID)}: \${LOCAL_REASON:-policy violation}. Ask the user for explicit consent before retrying."
+      jq -n --arg reason "$REASON" \\
+        '{systemMessage:$reason,hookSpecificOutput:{hookEventName:"PreToolUse",permissionDecision:"deny",permissionDecisionReason:$reason,additionalContext:$reason}}'
       synkro_dispatch_capture "bash" "block" "\${LOCAL_SEV}" "\${LOCAL_CAT}" "$TOOL_NAME" "$GIT_REPO" "$SESSION_ID" \\
         "$COMMAND" "$LOCAL_REASON" "\${SYNKRO_RULES:-[]}" "$VIOLATED_JSON" "\${RECENT_USER_MESSAGES:-[]}"
     fi
@@ -963,7 +959,7 @@ if [ "$ROUTE" = "local" ]; then
   # \u2500\u2500\u2500 Local grading (local_only privacy or local-cc channel) \u2500\u2500\u2500
   GRADER_FILE=$(mktemp -t synkro-edit.XXXXXX)
   trap "rm -f \\"$GRADER_FILE\\"" EXIT
-  printf 'File: %s\\nProposed content (first 4000 chars):\\n%s\\nUser intent: %s\\nOrg rules: %s\\n' "$FILE_PATH" "$(printf '%s' "$PROPOSED" | head -c 4000)" "\${USER_INTENT:-none stated}" "\${SYNKRO_RULES:-[]}" > "$GRADER_FILE"
+  printf 'Working directory: %s\\nRepo: %s\\nFile: %s\\nProposed content (first 4000 chars):\\n%s\\nUser intent (last human message): %s\\nOrg rules: %s\\n' "\${CWD:-.}" "\${GIT_REPO:-unknown}" "$FILE_PATH" "$(printf '%s' "$PROPOSED" | head -c 4000)" "\${USER_INTENT:-none stated}" "\${SYNKRO_RULES:-[]}" > "$GRADER_FILE"
   CC_RESP=$(synkro_local_grade edit < "$GRADER_FILE" 2>&1)
   if [ $? -ne 0 ]; then
@@ -985,10 +981,9 @@ if [ "$ROUTE" = "local" ]; then
       synkro_dispatch_capture "edit" "warning" "\${LOCAL_SEV}" "\${LOCAL_CAT}" "$TOOL_NAME" "$GIT_REPO" "$SESSION_ID" \\
         "$EDIT_CONTENT" "$LOCAL_REASON" "\${SYNKRO_RULES:-[]}" "$VIOLATED_JSON" "[]"
     else
-      if [ "$IS_HEADLESS" = "1" ]; then DEC="deny"; else DEC="ask"; fi
-      REASON="$TAG editGuard $FILE_SHORT \u2192 block\${LOCAL_RULE_ID:+ ($LOCAL_RULE_ID)}: \${LOCAL_REASON:-policy violation}"
-      jq -n --arg dec "$DEC" --arg reason "$REASON" --arg ctx "$REASON" \\
-        '{hookSpecificOutput:{hookEventName:"PreToolUse",permissionDecision:$dec,permissionDecisionReason:$reason,additionalContext:$ctx}}'
+      REASON="$TAG editGuard $FILE_SHORT \u2192 blocked\${LOCAL_RULE_ID:+ ($LOCAL_RULE_ID)}: \${LOCAL_REASON:-policy violation}. Ask the user for explicit consent before retrying."
+      jq -n --arg reason "$REASON" \\
+        '{systemMessage:$reason,hookSpecificOutput:{hookEventName:"PreToolUse",permissionDecision:"deny",permissionDecisionReason:$reason,additionalContext:$reason}}'
       synkro_dispatch_capture "edit" "block" "\${LOCAL_SEV}" "\${LOCAL_CAT}" "$TOOL_NAME" "$GIT_REPO" "$SESSION_ID" \\
         "$EDIT_CONTENT" "$LOCAL_REASON" "\${SYNKRO_RULES:-[]}" "$VIOLATED_JSON" "[]"
     fi
@@ -1130,7 +1125,7 @@ if [ "$ROUTE" = "local" ]; then
   # \u2500\u2500\u2500 Local edit scan (local_only privacy or local-cc channel) \u2500\u2500\u2500
   GRADER_FILE=$(mktemp -t synkro-escan.XXXXXX)
   trap "rm -f \\"$GRADER_FILE\\"" EXIT
-  printf 'File: %s\\nContent (first 4000 chars):\\n%s\\nOrg rules: %s\\n' "$FILE_PATH" "$(printf '%s' "$FILE_CONTENT" | head -c 4000)" "\${SYNKRO_RULES:-[]}" > "$GRADER_FILE"
+  printf 'Working directory: %s\\nRepo: %s\\nFile: %s\\nContent (first 4000 chars):\\n%s\\nOrg rules: %s\\n' "\${CWD:-.}" "\${GIT_REPO:-unknown}" "$FILE_PATH" "$(printf '%s' "$FILE_CONTENT" | head -c 4000)" "\${SYNKRO_RULES:-[]}" > "$GRADER_FILE"
   CC_RESP=$(synkro_local_grade edit < "$GRADER_FILE" 2>&1)
   if [ $? -ne 0 ]; then
@@ -1242,7 +1237,7 @@ ROUTE=$(synkro_route)
 if [ "$ROUTE" = "local" ]; then
   GRADER_FILE=$(mktemp -t synkro-plan.XXXXXX)
   trap "rm -f \\"$GRADER_FILE\\"" EXIT
-  printf 'Plan:\\n%s\\nOrg rules: %s\\n' "$(printf '%s' "$PLAN" | head -c 8000)" "\${SYNKRO_RULES:-[]}" > "$GRADER_FILE"
+  printf 'Working directory: %s\\nRepo: %s\\nPlan:\\n%s\\nOrg rules: %s\\n' "\${CWD:-.}" "\${GIT_REPO:-unknown}" "$(printf '%s' "$PLAN" | head -c 8000)" "\${SYNKRO_RULES:-[]}" > "$GRADER_FILE"
   CC_RESP=$(synkro_local_grade plan < "$GRADER_FILE" 2>&1)
   if [ $? -ne 0 ]; then
@@ -1468,10 +1463,14 @@ BODY=$(jq -n --arg sid "$SESSION_ID" --arg tid "$TOOL_USE_ID" \\
 # Local consent tracking: command ran = user consented
 # On success \u2192 consume (next attempt blocks fresh)
 # On failure \u2192 grant active (retry allowed)
-# Command ran (user approved it) \u2014 grant persistent consent for this session
+# Consent tracking: on success \u2192 consume (next run blocks fresh), on error \u2192 grant (retry allowed)
 if [ -n "$CMD_HASH" ] && [ -n "$SESSION_ID" ]; then
-  if ! synkro_consent_has_active "$SESSION_ID" "$CMD_HASH"; then
-    synkro_consent_grant "$SESSION_ID" "$CMD_HASH"
+  if [ "$IS_ERROR" = "false" ]; then
+    synkro_consent_consume "$SESSION_ID" "$CMD_HASH"
+  else
+    if ! synkro_consent_has_active "$SESSION_ID" "$CMD_HASH"; then
+      synkro_consent_grant "$SESSION_ID" "$CMD_HASH"
+    fi
   fi
 fi
@@ -1768,8 +1767,12 @@ if [ -n "$CMD" ]; then
 fi
 if [ -n "$CMD_HASH" ] && [ -n "$SESSION_ID" ]; then
-  if ! synkro_consent_has_active "$SESSION_ID" "$CMD_HASH"; then
-    synkro_consent_grant "$SESSION_ID" "$CMD_HASH"
+  if [ "$IS_ERROR" = "false" ]; then
+    synkro_consent_consume "$SESSION_ID" "$CMD_HASH"
+  else
+    if ! synkro_consent_has_active "$SESSION_ID" "$CMD_HASH"; then
+      synkro_consent_grant "$SESSION_ID" "$CMD_HASH"
+    fi
   fi
 fi
@@ -3982,7 +3985,7 @@ function writeConfigEnv(opts) {
     `SYNKRO_CREDENTIALS_PATH=${shellQuoteSingle(credsPath)}`,
     `SYNKRO_TIER=${shellQuoteSingle(safeTier)}`,
     `SYNKRO_INFERENCE=${shellQuoteSingle(safeInference)}`,
-    `SYNKRO_VERSION=${shellQuoteSingle("1.4.38")}`
+    `SYNKRO_VERSION=${shellQuoteSingle("1.4.40")}`
   ];
   if (safeSynkroBin) lines.push(`SYNKRO_CLI_BIN=${shellQuoteSingle(safeSynkroBin)}`);
   if (safeUserId) lines.push(`SYNKRO_USER_ID=${shellQuoteSingle(safeUserId)}`);