npm - @synkro-sh/cli - Versions diffs - 1.4.45 → 1.4.47 - Mend

@synkro-sh/cli 1.4.45 → 1.4.47

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/bootstrap.js CHANGED Viewed

@@ -145,51 +145,40 @@ function installCCHooks(settingsPath, config) {
       {
         type: "command",
         command: config.editPrecheckScriptPath,
-        timeout: 15
+        timeout: 30
       }
     ],
     [SYNKRO_MARKER]: true
   });
   settings.hooks.PreToolUse.push({
-    matcher: "ExitPlanMode",
-    hooks: [
-      {
-        type: "command",
-        command: config.planJudgeScriptPath,
-        timeout: 45
-      }
-    ],
-    [SYNKRO_MARKER]: true
-  });
-  settings.hooks.PostToolUse.push({
     matcher: "Edit|Write|MultiEdit|NotebookEdit",
     hooks: [
       {
         type: "command",
-        command: config.editCaptureScriptPath,
-        timeout: 20
+        command: config.cwePrecheckScriptPath,
+        timeout: 30
       }
     ],
     [SYNKRO_MARKER]: true
   });
-  settings.hooks.PostToolUse.push({
+  settings.hooks.PreToolUse.push({
     matcher: "Edit|Write|MultiEdit|NotebookEdit",
     hooks: [
       {
         type: "command",
-        command: config.cveScanScriptPath,
+        command: config.cvePrecheckScriptPath,
         timeout: 10
       }
     ],
     [SYNKRO_MARKER]: true
   });
-  settings.hooks.PostToolUse.push({
-    matcher: "Edit|Write|MultiEdit|NotebookEdit",
+  settings.hooks.PreToolUse.push({
+    matcher: "ExitPlanMode",
     hooks: [
       {
         type: "command",
-        command: config.cweScanScriptPath,
-        timeout: 15
+        command: config.planJudgeScriptPath,
+        timeout: 45
       }
     ],
     [SYNKRO_MARKER]: true
@@ -250,7 +239,7 @@ function uninstallCCHooks(settingsPath) {
   if (!existsSync2(settingsPath)) return false;
   const settings = readSettings(settingsPath);
   if (!settings.hooks) return false;
-  const events = ["PreToolUse", "PostToolUse", "SessionEnd", "SessionStart", "Stop"];
+  const events = ["PreToolUse", "PostToolUse", "SessionEnd", "SessionStart", "Stop", "UserPromptSubmit"];
   for (const evt of events) {
     removeSynkroEntries(settings.hooks, evt);
   }
@@ -475,7 +464,7 @@ var init_mcpConfig = __esm({
 });
 // cli/installer/hookScripts.ts
-var SYNKRO_COMMON_SCRIPT, CC_BASH_JUDGE_SCRIPT, CC_EDIT_PRECHECK_SCRIPT, CC_EDIT_CAPTURE_SCRIPT, CC_PLAN_JUDGE_SCRIPT, CC_STOP_SUMMARY_SCRIPT, CC_SESSION_START_SCRIPT, CC_BASH_FOLLOWUP_SCRIPT, CC_CVE_SCAN_SCRIPT, CC_CWE_SCAN_SCRIPT, CC_TRANSCRIPT_SYNC_SCRIPT, CURSOR_BASH_JUDGE_SCRIPT, CURSOR_EDIT_PRECHECK_SCRIPT, CURSOR_EDIT_CAPTURE_SCRIPT, CURSOR_BASH_FOLLOWUP_SCRIPT, CC_USER_PROMPT_SUBMIT_SCRIPT;
+var SYNKRO_COMMON_SCRIPT, CURSOR_BASH_JUDGE_SCRIPT, CURSOR_EDIT_PRECHECK_SCRIPT, CURSOR_EDIT_CAPTURE_SCRIPT, CURSOR_BASH_FOLLOWUP_SCRIPT;
 var init_hookScripts = __esm({
   "cli/installer/hookScripts.ts"() {
     "use strict";
@@ -499,6 +488,25 @@ synkro_load_jwt() {
 }
 synkro_refresh_jwt() {
+  # Lock via mkdir (atomic on all Unix including macOS \u2014 no flock needed)
+  local lockdir="\${CREDS_PATH}.lockdir"
+  if ! mkdir "$lockdir" 2>/dev/null; then
+    # Another hook is refreshing \u2014 wait and re-read
+    local _w=0
+    while [ -d "$lockdir" ] && [ $_w -lt 5 ]; do sleep 0.5; _w=$((_w+1)); done
+    JWT=$(jq -r '.access_token // empty' "$CREDS_PATH" 2>/dev/null)
+    return 0
+  fi
+  trap "rmdir \\"$lockdir\\" 2>/dev/null" RETURN
+  # Re-check expiry \u2014 another hook may have just refreshed
+  local p2 exp2 now2
+  p2=$(printf '%s' "$JWT" | cut -d. -f2)
+  case $((\${#p2} % 4)) in 2) p2="\${p2}==";; 3) p2="\${p2}=";; esac
+  exp2=$(printf '%s' "$p2" | tr '_-' '/+' | base64 -D 2>/dev/null | jq -r '.exp // 0' 2>/dev/null)
+  now2=$(date -u +%s)
+  if [ $((exp2 - now2)) -ge 60 ]; then return 0; fi
   local rt
   rt=$(jq -r '.refresh_token // empty' "$CREDS_PATH" 2>/dev/null)
   if [ -z "$rt" ]; then return 1; fi
@@ -514,7 +522,12 @@ synkro_refresh_jwt() {
   new_rt=$(echo "$resp" | jq -r '.refresh_token // empty' 2>/dev/null)
   [ -z "$new_rt" ] && new_rt="$rt"
   local tmp="\${CREDS_PATH}.synkro.tmp"
-  jq --arg at "$new_at" --arg rt "$new_rt" '. + {access_token:$at,refresh_token:$rt}' "$CREDS_PATH" > "$tmp" 2>/dev/null && mv "$tmp" "$CREDS_PATH"
+  local existing
+  existing=$(cat "$CREDS_PATH" 2>/dev/null)
+  if [ -z "$existing" ] || ! echo "$existing" | jq -e '.' >/dev/null 2>&1; then
+    existing='{}'
+  fi
+  echo "$existing" | jq --arg at "$new_at" --arg rt "$new_rt" '. + {access_token:$at,refresh_token:$rt}' > "$tmp" 2>/dev/null && mv "$tmp" "$CREDS_PATH"
   JWT="$new_at"
 }
@@ -542,10 +555,6 @@ synkro_channel_up() {
   (exec 3<>/dev/tcp/127.0.0.1/\${SYNKRO_CHANNEL_PORT:-8929}) 2>/dev/null && exec 3<&- 3>&-
 }
-synkro_cwe_channel_up() {
-  (exec 3<>/dev/tcp/127.0.0.1/8930) 2>/dev/null && exec 3<&- 3>&-
-}
 # Fetch hook config. Sets SYNKRO_CAPTURE_DEPTH, SYNKRO_TIER, SYNKRO_RULES, SYNKRO_SILENT, SYNKRO_POLICY_NAME.
 synkro_load_config() {
   local resp
@@ -558,8 +567,6 @@ synkro_load_config() {
   SYNKRO_RULES=$(echo "$resp" | jq -c '[.rules[]? | select(.hook_stage == "pre" or .hook_stage == "both" or .hook_stage == null) | {rule_id,text,severity,category,mode}]' 2>/dev/null || echo "[]")
 }
-# Build the tag prefix: [synkro:route:ruleset] or [synkro:silent]
-# Accepts optional $1 = route override; otherwise calls synkro_route().
 synkro_tag() {
   if [ "$SYNKRO_SILENT" = "true" ]; then echo "[synkro:silent]"; return; fi
   local route="\${1:-$(synkro_route)}"
@@ -567,166 +574,12 @@ synkro_tag() {
   echo "[synkro:\${route}:\${rs}]"
 }
-# Decide routing: "local" (grade on device) or "cloud" (POST to server)
 synkro_route() {
   [ "$SYNKRO_CAPTURE_DEPTH" = "local_only" ] && echo "local" && return
   synkro_channel_up && echo "local" && return
   echo "cloud"
 }
-# Routing for CWE channel (port 8930).
-synkro_cwe_route() {
-  [ "$SYNKRO_CAPTURE_DEPTH" = "local_only" ] && echo "local" && return
-  synkro_cwe_channel_up && echo "local" && return
-  echo "cloud"
-}
-# Grade locally via synkro CLI channel. Reads prompt from stdin.
-synkro_local_grade() {
-  local surface="$1"
-  if ! synkro_channel_up; then
-    echo "SYNKRO_CHANNEL_DOWN" >&2
-    return 1
-  fi
-  if [ -n "\${SYNKRO_CLI_BIN:-}" ] && [ -f "$SYNKRO_CLI_BIN" ] && command -v node >/dev/null 2>&1; then
-    node "$SYNKRO_CLI_BIN" grade "$surface" 2>/dev/null
-  elif command -v synkro >/dev/null 2>&1; then
-    synkro grade "$surface" 2>/dev/null
-  else
-    echo "SYNKRO_CLI_NOT_FOUND" >&2
-    return 1
-  fi
-}
-# Grade CWE locally via channel 2 (port 8930). Reads prompt from stdin.
-synkro_local_grade_cwe() {
-  if ! synkro_cwe_channel_up; then
-    echo "SYNKRO_CHANNEL_DOWN" >&2
-    return 1
-  fi
-  if [ -n "\${SYNKRO_CLI_BIN:-}" ] && [ -f "$SYNKRO_CLI_BIN" ] && command -v node >/dev/null 2>&1; then
-    SYNKRO_CHANNEL_PORT=8930 node "$SYNKRO_CLI_BIN" grade cwe 2>/dev/null
-  elif command -v synkro >/dev/null 2>&1; then
-    SYNKRO_CHANNEL_PORT=8930 synkro grade cwe 2>/dev/null
-  else
-    echo "SYNKRO_CLI_NOT_FOUND" >&2
-    return 1
-  fi
-}
-# Extract the CC model from the current turn's transcript. Call after reading PAYLOAD.
-# Sets CC_MODEL to the model used in the most recent assistant message.
-synkro_detect_cc_model() {
-  CC_MODEL=""
-  local tp
-  tp=$(echo "\${1:-$PAYLOAD}" | jq -r '.transcript_path // empty' 2>/dev/null)
-  [ -z "$tp" ] || [ ! -f "$tp" ] && return
-  CC_MODEL=$(grep '"type":"assistant"' "$tp" 2>/dev/null | tail -1 | jq -r '.message.model // empty' 2>/dev/null)
-}
-# Parse <synkro-verdict>...</synkro-verdict> XML from local grader output.
-# Sets LOCAL_OK, LOCAL_REASON, LOCAL_RULE_ID, LOCAL_RULE_MODE, LOCAL_SEV, LOCAL_CAT.
-synkro_parse_local_verdict() {
-  local resp="$1"
-  LOCAL_OK="true"; LOCAL_REASON=""; LOCAL_RULE_ID=""; LOCAL_RULE_MODE=""; LOCAL_SEV="low"; LOCAL_CAT="clean"
-  local inner
-  inner=$(printf '%s' "$resp" | tr '\\n' ' ' | sed -nE 's|.*<synkro-verdict>(.*)</synkro-verdict>.*|\\1|p' | tail -1)
-  [ -z "$inner" ] && return
-  local ok_tag
-  ok_tag=$(printf '%s' "$inner" | sed -nE 's|.*<ok>(.*)</ok>.*|\\1|p' | head -1)
-  [ -n "$ok_tag" ] && LOCAL_OK="$ok_tag"
-  LOCAL_REASON=$(printf '%s' "$inner" | sed -nE 's|.*<reason>(.*)</reason>.*|\\1|p' | head -1)
-  [ -z "$LOCAL_REASON" ] && LOCAL_REASON=$(printf '%s' "$inner" | sed -nE 's|.*<reasoning>(.*)</reasoning>.*|\\1|p' | head -1)
-  if [ "$LOCAL_OK" = "false" ]; then
-    LOCAL_RULE_ID=$(printf '%s' "$inner" | sed -nE 's|.*<rule_id>(.*)</rule_id>.*|\\1|p' | head -1)
-    LOCAL_RULE_MODE=$(printf '%s' "$inner" | sed -nE 's|.*<rule_mode>(.*)</rule_mode>.*|\\1|p' | head -1)
-    LOCAL_SEV=$(printf '%s' "$inner" | sed -nE 's|.*<risk_level>(.*)</risk_level>.*|\\1|p' | head -1)
-    if [ -z "$LOCAL_RULE_ID" ]; then
-      local fv
-      fv=$(printf '%s' "$inner" | awk -v RS='</violation>' '/<violation>/{print; exit}')
-      LOCAL_RULE_ID=$(printf '%s' "$fv" | sed -nE 's|.*<rule_id>(.*)</rule_id>.*|\\1|p' | head -1)
-      [ -z "$LOCAL_REASON" ] && LOCAL_REASON=$(printf '%s' "$fv" | sed -nE 's|.*<reason>(.*)</reason>.*|\\1|p' | head -1)
-      [ -z "$LOCAL_SEV" ] && LOCAL_SEV=$(printf '%s' "$fv" | sed -nE 's|.*<severity>(.*)</severity>.*|\\1|p' | head -1)
-    fi
-    LOCAL_SEV="\${LOCAL_SEV:-high}"
-    LOCAL_CAT=$(printf '%s' "$inner" | sed -nE 's|.*<category>(.*)</category>.*|\\1|p' | head -1)
-    LOCAL_CAT="\${LOCAL_CAT:-uncategorized}"
-    [ -z "$LOCAL_RULE_ID" ] && LOCAL_RULE_ID=$(printf '%s' "$LOCAL_REASON" | grep -oE '[Rr][0-9]{3}' | head -1)
-  fi
-}
-# Fire anonymized telemetry for local verdicts. All args positional.
-synkro_capture_local() {
-  local hook_type="$1" verdict="$2" severity="$3" category="$4" tool_name="$5" repo="$6" session_id="$7"
-  local cc_model="\${CC_MODEL:-unknown}"
-  (
-    BODY=$(jq -n \\
-      --arg eid "$(uuidgen 2>/dev/null || echo "evt_$(date +%s)_$$")" \\
-      --arg ht "$hook_type" --arg v "$verdict" --arg s "$severity" --arg c "$category" \\
-      --arg tn "$tool_name" --arg r "$repo" --arg sid "$session_id" --arg mdl "$cc_model" \\
-      '{capture_type:"local_verdict",event_id:$eid,hook_type:$ht,verdict:$v,severity:$s,category:$c,cc_model:$mdl,model:$mdl,tool_name:$tn}
-        + (if $r != "" then {repo:$r} else {} end)
-        + (if $sid != "" then {session_id:$sid} else {} end)')
-    curl -sS -X POST "\${GATEWAY_URL}/api/v1/hook/capture" \\
-      -H "Content-Type: application/json" -H "Authorization: Bearer $JWT" \\
-      -d "$BODY" --max-time 2 >/dev/null 2>&1
-  ) &
-}
-# Fire full-content telemetry for local verdicts (used when capture_depth is full or evidence_on_violation).
-synkro_capture_local_full() {
-  local hook_type="$1" verdict="$2" severity="$3" category="$4" tool_name="$5" repo="$6" session_id="$7"
-  local command="$8" reasoning="$9" rules_checked="\${10:-[]}" violated_rules="\${11:-[]}" recent_user_messages="\${12:-[]}"
-  local cc_model="\${CC_MODEL:-unknown}"
-  (
-    BODY=$(jq -n \\
-      --arg eid "$(uuidgen 2>/dev/null || echo "evt_$(date +%s)_$$")" \\
-      --arg ht "$hook_type" --arg v "$verdict" --arg s "$severity" --arg c "$category" \\
-      --arg tn "$tool_name" --arg r "$repo" --arg sid "$session_id" --arg mdl "$cc_model" \\
-      --arg cmd "$command" --arg rsn "$reasoning" --arg cd "$SYNKRO_CAPTURE_DEPTH" \\
-      --argjson rc "$rules_checked" --argjson vr "$violated_rules" --argjson rum "$recent_user_messages" \\
-      '{capture_type:"local_verdict",event_id:$eid,hook_type:$ht,verdict:$v,severity:$s,category:$c,
-        cc_model:$mdl,model:$mdl,tool_name:$tn,capture_depth:$cd,
-        command:(if ($cmd|length) > 0 then $cmd else null end),
-        reasoning:(if ($rsn|length) > 0 then $rsn else null end),
-        rules_checked:$rc, violated_rules:$vr, recent_user_messages:$rum}
-        + (if $r != "" then {repo:$r} else {} end)
-        + (if $sid != "" then {session_id:$sid} else {} end)')
-    curl -sS -X POST "\${GATEWAY_URL}/api/v1/hook/capture" \\
-      -H "Content-Type: application/json" -H "Authorization: Bearer $JWT" \\
-      -d "$BODY" --max-time 3 >/dev/null 2>&1
-  ) &
-}
-# Dispatch local verdict capture based on capture_depth privacy setting.
-# For full: always send full content. For evidence_on_violation: full only on violations. For local_only: anonymized only.
-synkro_dispatch_capture() {
-  local hook_type="$1" verdict="$2" severity="$3" category="$4" tool_name="$5" repo="$6" session_id="$7"
-  local command="$8" reasoning="$9" rules_checked="\${10:-[]}" violated_rules="\${11:-[]}" recent_user_messages="\${12:-[]}"
-  local send_full=false
-  case "\${SYNKRO_CAPTURE_DEPTH:-local_only}" in
-    full) send_full=true ;;
-    evidence_on_violation)
-      case "$verdict" in block|warning|deny) send_full=true ;; esac ;;
-  esac
-  if [ "$send_full" = "true" ]; then
-    synkro_capture_local_full "$hook_type" "$verdict" "$severity" "$category" "$tool_name" "$repo" "$session_id" \\
-      "$command" "$reasoning" "$rules_checked" "$violated_rules" "$recent_user_messages"
-  else
-    synkro_capture_local "$hook_type" "$verdict" "$severity" "$category" "$tool_name" "$repo" "$session_id"
-  fi
-}
-# Look up a rule's mode from cached rules. Returns "blocking" or "audit".
-synkro_rule_mode() {
-  local rid="$1"
-  [ -z "$rid" ] || [ -z "\${SYNKRO_RULES:-}" ] && echo "blocking" && return
-  local m
-  m=$(printf '%s' "$SYNKRO_RULES" | jq -r --arg r "$rid" '[.[] | select(.rule_id == $r) | .mode] | if any(. == "blocking") then "blocking" else .[0] // "blocking" end' 2>/dev/null)
-  [ -z "$m" ] || [ "$m" = "null" ] && m="blocking"
-  echo "$m"
-}
 SYNKRO_CONSENT_FILE="$HOME/.synkro/.local-consent"
 _TAB=$(printf '\\t')
@@ -750,25 +603,6 @@ synkro_consent_consume() {
   awk -v p="$pat" -v r="$rep" '{if($0==p)print r;else print}' "$SYNKRO_CONSENT_FILE" > "$tmp" 2>/dev/null && mv "$tmp" "$SYNKRO_CONSENT_FILE" 2>/dev/null || true
 }
-synkro_consent_has_consumed() {
-  local sid="$1" hash="$2"
-  grep -q "^\${sid}\${_TAB}\${hash}\${_TAB}consumed$" "$SYNKRO_CONSENT_FILE" 2>/dev/null
-}
-synkro_consent_clear_consumed() {
-  local sid="$1" hash="$2"
-  [ ! -f "$SYNKRO_CONSENT_FILE" ] && return
-  local tmp="\${SYNKRO_CONSENT_FILE}.tmp"
-  grep -v "^\${sid}\${_TAB}\${hash}\${_TAB}consumed$" "$SYNKRO_CONSENT_FILE" > "$tmp" 2>/dev/null && mv "$tmp" "$SYNKRO_CONSENT_FILE" 2>/dev/null || true
-}
-SYNKRO_LAST_PROMPT_FILE="$HOME/.synkro/.last-prompt"
-synkro_read_last_prompt() {
-  [ -f "$SYNKRO_LAST_PROMPT_FILE" ] || return
-  cat "$SYNKRO_LAST_PROMPT_FILE" 2>/dev/null
-}
 synkro_post_with_retry() {
   local url="$1" body="$2" timeout="\${3:-8}"
   local resp
@@ -787,7 +621,7 @@ synkro_post_with_retry() {
   echo "$resp"
 }
 `;
-    CC_BASH_JUDGE_SCRIPT = `#!/bin/bash
+    CURSOR_BASH_JUDGE_SCRIPT = `#!/bin/bash
 SCRIPT_DIR="$(cd "$(dirname "\${BASH_SOURCE[0]}")" && pwd)"
 . "$SCRIPT_DIR/_synkro-common.sh"
@@ -798,159 +632,52 @@ synkro_ensure_fresh_jwt
 PAYLOAD=$(cat)
 if [ -z "$PAYLOAD" ]; then echo '{}'; exit 0; fi
-TOOL_NAME=$(echo "$PAYLOAD" | jq -r '.tool_name // empty' 2>/dev/null)
-case "$TOOL_NAME" in Bash|Read|Grep|Glob) ;; *) echo '{}'; exit 0 ;; esac
+COMMAND=$(echo "$PAYLOAD" | jq -r '.command // empty' 2>/dev/null)
+if [ -z "$COMMAND" ]; then echo '{}'; exit 0; fi
-SESSION_ID=$(echo "$PAYLOAD" | jq -r '.session_id // empty' 2>/dev/null)
-TOOL_USE_ID=$(echo "$PAYLOAD" | jq -r '.tool_use_id // empty' 2>/dev/null)
 CWD=$(echo "$PAYLOAD" | jq -r '.cwd // empty' 2>/dev/null)
+SESSION_ID=$(echo "$PAYLOAD" | jq -r '.conversation_id // empty' 2>/dev/null)
 GIT_REPO=$(synkro_detect_repo "\${CWD:-.}")
-PERMISSION_MODE=$(echo "$PAYLOAD" | jq -r '.permission_mode // empty' 2>/dev/null)
-synkro_detect_cc_model
-# Translate tool calls to command string for logging
-case "$TOOL_NAME" in
-  Bash) COMMAND=$(echo "$PAYLOAD" | jq -r '.tool_input.command // empty' 2>/dev/null) ;;
-  Read) COMMAND="cat $(echo "$PAYLOAD" | jq -r '.tool_input.file_path // empty' 2>/dev/null)" ;;
-  Grep) COMMAND="grep -r '$(echo "$PAYLOAD" | jq -r '.tool_input.pattern // empty' 2>/dev/null)' $(echo "$PAYLOAD" | jq -r '.tool_input.path // "."' 2>/dev/null)" ;;
-  Glob) COMMAND="find . -name '$(echo "$PAYLOAD" | jq -r '.tool_input.pattern // empty' 2>/dev/null)'" ;;
-esac
-if [ -z "$COMMAND" ]; then echo '{}'; exit 0; fi
 CMD_SHORT=$(printf '%s' "$COMMAND" | head -c 80)
 synkro_log "bashGuard checking: $CMD_SHORT"
-TRANSCRIPT_PATH=$(echo "$PAYLOAD" | jq -r '.transcript_path // empty' 2>/dev/null)
-USER_INTENT=""
-RECENT_USER_MESSAGES="[]"
-if [ -n "$TRANSCRIPT_PATH" ] && [ -f "$TRANSCRIPT_PATH" ]; then
-  RECENT_USER_MESSAGES=$(tail -400 "$TRANSCRIPT_PATH" | jq -c -s '[.[] | select(.type == "user") | (.message.content | if type == "string" then . else (map(.text? // "") | join(" ")) end) | select(. != null and . != "")] | .[-5:]' 2>/dev/null || echo "[]")
-  USER_INTENT=$(echo "$RECENT_USER_MESSAGES" | jq -r '.[-1] // ""' 2>/dev/null || echo "")
-fi
-# Headless detection
-IS_HEADLESS="\${SYNKRO_HEADLESS:-0}"
-case "$PERMISSION_MODE" in acceptEdits|bypassPermissions|plan|auto) IS_HEADLESS="1" ;; esac
-LAST_PROMPT=$(synkro_read_last_prompt)
 synkro_load_config
-ROUTE=$(synkro_route)
-TAG=$(synkro_tag "$ROUTE")
 if [ "$SYNKRO_SILENT" = "true" ]; then
-  jq -n --arg m "$TAG bashGuard \u2192 skipped (silent mode)" '{systemMessage: $m}'
-  exit 0
-fi
-if [ "$ROUTE" = "local" ]; then
-  # \u2500\u2500\u2500 Local grading (local_only privacy or local-cc channel) \u2500\u2500\u2500
-  GRADER_FILE=$(mktemp -t synkro-bash.XXXXXX)
-  trap "rm -f \\"$GRADER_FILE\\"" EXIT
-  printf 'Working directory: %s\\nRepo: %s\\nCommand: %s\\nUser intent (last human message): %s\\nLast user prompt: %s\\nOrg rules: %s\\n' "\${CWD:-.}" "\${GIT_REPO:-unknown}" "$COMMAND" "\${USER_INTENT:-none stated}" "\${LAST_PROMPT:-none}" "\${SYNKRO_RULES:-[]}" > "$GRADER_FILE"
-  CC_RESP=$(synkro_local_grade bash < "$GRADER_FILE" 2>&1)
-  if [ $? -ne 0 ]; then
-    jq -n --arg m "$TAG bashGuard \u2192 pass: local grader unavailable (run synkro local-cc start)" '{systemMessage: $m}'
-    exit 0
-  fi
-  synkro_parse_local_verdict "$CC_RESP"
-  # Build violated rules JSON for full-content capture
-  VIOLATED_JSON="[]"
-  [ -n "$LOCAL_RULE_ID" ] && VIOLATED_JSON=$(jq -n --arg r "$LOCAL_RULE_ID" '[$r]')
-  if [ "$LOCAL_OK" = "false" ]; then
-    RULE_MODE="\${LOCAL_RULE_MODE:-$(synkro_rule_mode "\${LOCAL_RULE_ID}")}"
-    if [ "$RULE_MODE" = "audit" ]; then
-      REASON="$TAG bashGuard \u2192 warning\${LOCAL_RULE_ID:+ ($LOCAL_RULE_ID)}: \${LOCAL_REASON:-policy violation}"
-      jq -n --arg m "$REASON" '{systemMessage: $m}'
-      synkro_dispatch_capture "bash" "warning" "\${LOCAL_SEV}" "\${LOCAL_CAT}" "$TOOL_NAME" "$GIT_REPO" "$SESSION_ID" \\
-        "$COMMAND" "$LOCAL_REASON" "\${SYNKRO_RULES:-[]}" "$VIOLATED_JSON" "\${RECENT_USER_MESSAGES:-[]}"
-    else
-      REASON="$TAG bashGuard \u2192 blocked\${LOCAL_RULE_ID:+ ($LOCAL_RULE_ID)}: \${LOCAL_REASON:-policy violation}. Ask the user for explicit consent before retrying."
-      jq -n --arg reason "$REASON" \\
-        '{systemMessage:$reason,hookSpecificOutput:{hookEventName:"PreToolUse",permissionDecision:"deny",permissionDecisionReason:$reason,additionalContext:$reason}}'
-      synkro_dispatch_capture "bash" "block" "\${LOCAL_SEV}" "\${LOCAL_CAT}" "$TOOL_NAME" "$GIT_REPO" "$SESSION_ID" \\
-        "$COMMAND" "$LOCAL_REASON" "\${SYNKRO_RULES:-[]}" "$VIOLATED_JSON" "\${RECENT_USER_MESSAGES:-[]}"
-    fi
-  else
-    jq -n --arg m "$TAG bashGuard \u2192 pass: \${LOCAL_REASON:-no policy violations detected}" '{systemMessage: $m}'
-    synkro_dispatch_capture "bash" "pass" "audit" "\${LOCAL_CAT:-trivial_utility}" "$TOOL_NAME" "$GIT_REPO" "$SESSION_ID" \\
-      "$COMMAND" "$LOCAL_REASON" "\${SYNKRO_RULES:-[]}" "[]" "\${RECENT_USER_MESSAGES:-[]}"
-  fi
-  exit 0
-fi
-# \u2500\u2500\u2500 Cloud grading \u2500\u2500\u2500
-CC_USAGE="{}"
-RECENT_MESSAGES="[]"
-RECENT_ACTIONS="[]"
-SESSION_SUMMARY=""
-if [ -n "$TRANSCRIPT_PATH" ] && [ -f "$TRANSCRIPT_PATH" ]; then
-  _LAST=$(grep '"type":"assistant"' "$TRANSCRIPT_PATH" 2>/dev/null | tail -1)
-  if [ -n "$_LAST" ]; then
-    CC_USAGE=$(echo "$_LAST" | jq -c '{input_tokens:.message.usage.input_tokens,output_tokens:.message.usage.output_tokens,cache_creation_input_tokens:.message.usage.cache_creation_input_tokens,cache_read_input_tokens:.message.usage.cache_read_input_tokens}' 2>/dev/null || echo "{}")
-  fi
-  RECENT_MESSAGES=$(tail -400 "$TRANSCRIPT_PATH" | jq -c -s '[.[] | select(.type == "user" or .type == "assistant") | {type, text: (.message.content | if type == "string" then .[0:500] else ([.[]? | (.text? // "") | .[0:300]] | join(" ")) end)}] | .[-10:]' 2>/dev/null || echo "[]")
-  RECENT_ACTIONS=$(tail -400 "$TRANSCRIPT_PATH" | jq -c -s '[.[] | select(.type == "assistant") | .message.content[]? | select(.type == "tool_use") | {tool: .name, input: (.input // {} | tostring | .[0:200])}] | .[-5:]' 2>/dev/null || echo "[]")
-  SESSION_SUMMARY=$(grep '"type":"summary"' "$TRANSCRIPT_PATH" 2>/dev/null | tail -1 | jq -r '.summary // empty' 2>/dev/null || echo "")
+  echo '{}'; exit 0
 fi
 BODY=$(jq -n \\
-  --arg hook_event "PreToolUse" \\
-  --arg tool_name "$TOOL_NAME" \\
-  --argjson tool_input "$(echo "$PAYLOAD" | jq -c '.tool_input // {}')" \\
-  --arg user_intent "$USER_INTENT" \\
-  --argjson recent_user_messages "$RECENT_USER_MESSAGES" \\
-  --argjson recent_messages "$RECENT_MESSAGES" \\
-  --argjson recent_actions "$RECENT_ACTIONS" \\
+  --arg cmd "$COMMAND" \\
   --arg session_id "$SESSION_ID" \\
-  --arg tool_use_id "$TOOL_USE_ID" \\
   --arg cwd "$CWD" \\
   --arg repo "$GIT_REPO" \\
-  --arg permission_mode "$PERMISSION_MODE" \\
-  --arg cc_model "$CC_MODEL" \\
-  --argjson cc_usage "$CC_USAGE" \\
-  --arg session_summary "$SESSION_SUMMARY" \\
-  --arg last_prompt "\${LAST_PROMPT:-}" \\
   '{
-    hook_event: $hook_event,
-    tool_name: $tool_name,
-    tool_input: $tool_input,
-    user_intent: (if ($user_intent | length) > 0 then $user_intent else null end),
-    last_user_message: (if ($last_prompt | length) > 0 then $last_prompt else null end),
-    recent_user_messages: $recent_user_messages,
-    recent_messages: $recent_messages,
-    recent_actions: $recent_actions,
+    hook_event: "PreToolUse",
+    tool_name: "Bash",
+    tool_input: {command: $cmd},
+    response_format: "cursor",
     session_id: (if ($session_id | length) > 0 then $session_id else null end),
-    tool_use_id: (if ($tool_use_id | length) > 0 then $tool_use_id else null end),
     cwd: (if ($cwd | length) > 0 then $cwd else null end),
-    repo: (if ($repo | length) > 0 then $repo else null end),
-    permission_mode: (if ($permission_mode | length) > 0 then $permission_mode else null end),
-    cc_model: (if ($cc_model | length) > 0 then $cc_model else null end),
-    cc_usage: $cc_usage,
-    session_summary: (if ($session_summary | length) > 0 then $session_summary else null end)
+    repo: (if ($repo | length) > 0 then $repo else null end)
   }')
-RESP=$(synkro_post_with_retry "\${GATEWAY_URL}/api/v1/hook/judge" "$BODY" 8)
+RESP=$(synkro_post_with_retry "\${GATEWAY_URL}/api/v1/hook/judge" "$BODY" 6)
 if [ -z "$RESP" ]; then
   synkro_log "bashGuard $CMD_SHORT \u2192 error (timeout)"
-  echo '{}'
-  exit 0
+  echo '{}'; exit 0
 fi
-if ! echo "$RESP" | jq -e '.hook_response' >/dev/null 2>&1; then
-  synkro_log "bashGuard $CMD_SHORT \u2192 pass (no hook_response)"
+# Server returns cursor-format directly in hook_response
+if echo "$RESP" | jq -e '.hook_response' >/dev/null 2>&1; then
+  echo "$RESP" | jq -c '.hook_response'
+else
   echo '{}'
-  exit 0
 fi
-echo "$RESP" | jq -c '.hook_response'
 exit 0
 `;
-    CC_EDIT_PRECHECK_SCRIPT = `#!/bin/bash
+    CURSOR_EDIT_PRECHECK_SCRIPT = `#!/bin/bash
 SCRIPT_DIR="$(cd "$(dirname "\${BASH_SOURCE[0]}")" && pwd)"
 . "$SCRIPT_DIR/_synkro-common.sh"
@@ -962,245 +689,79 @@ PAYLOAD=$(cat)
 if [ -z "$PAYLOAD" ]; then echo '{}'; exit 0; fi
 TOOL_NAME=$(echo "$PAYLOAD" | jq -r '.tool_name // empty' 2>/dev/null)
-case "$TOOL_NAME" in Edit|Write|MultiEdit|NotebookEdit) ;; *) echo '{}'; exit 0 ;; esac
-TOOL_INPUT=$(echo "$PAYLOAD" | jq -c '.tool_input // {}' 2>/dev/null)
-SESSION_ID=$(echo "$PAYLOAD" | jq -r '.session_id // empty' 2>/dev/null)
-TOOL_USE_ID=$(echo "$PAYLOAD" | jq -r '.tool_use_id // empty' 2>/dev/null)
 CWD=$(echo "$PAYLOAD" | jq -r '.cwd // empty' 2>/dev/null)
+SESSION_ID=$(echo "$PAYLOAD" | jq -r '.conversation_id // empty' 2>/dev/null)
 GIT_REPO=$(synkro_detect_repo "\${CWD:-.}")
-PERMISSION_MODE=$(echo "$PAYLOAD" | jq -r '.permission_mode // empty' 2>/dev/null)
-synkro_detect_cc_model
-FILE_PATH=$(echo "$TOOL_INPUT" | jq -r '.file_path // .notebook_path // .path // empty' 2>/dev/null)
+FILE_PATH=$(echo "$PAYLOAD" | jq -r '.tool_input.file_path // .tool_input.path // .tool_input.target_file // empty' 2>/dev/null)
+CONTENT=$(echo "$PAYLOAD" | jq -r '.tool_input.content // .tool_input.new_string // .tool_input.code_edit // empty' 2>/dev/null)
 if [ -z "$FILE_PATH" ]; then echo '{}'; exit 0; fi
-FILE_SHORT=$(basename "$FILE_PATH")
-synkro_log "editGuard checking: $FILE_SHORT"
-IS_HEADLESS="\${SYNKRO_HEADLESS:-0}"
-case "$PERMISSION_MODE" in acceptEdits|bypassPermissions|plan|auto) IS_HEADLESS="1" ;; esac
-# Read file before edit for reconstruction
-FILE_BEFORE=""
-if [ "$TOOL_NAME" != "Write" ] && [ -n "$FILE_PATH" ] && [ -f "$FILE_PATH" ]; then
-  FILE_BEFORE=$(head -c 65536 "$FILE_PATH" 2>/dev/null || echo "")
-fi
-# Reconstruct proposed content
-case "$TOOL_NAME" in
-  Write) PROPOSED=$(echo "$TOOL_INPUT" | jq -r '.content // ""' 2>/dev/null) ;;
-  Edit|MultiEdit)
-    if [ -n "$FILE_BEFORE" ] && command -v python3 >/dev/null 2>&1; then
-      PROPOSED=$(FILE_BEFORE_LITERAL="$FILE_BEFORE" TOOL_INPUT_LITERAL="$TOOL_INPUT" python3 -c '
-import os, json, sys
-fb = os.environ.get("FILE_BEFORE_LITERAL", "")
-ti = json.loads(os.environ.get("TOOL_INPUT_LITERAL", "{}"))
-result = fb
-if "old_string" in ti and "new_string" in ti:
-    if ti["old_string"]: result = result.replace(ti["old_string"], ti["new_string"], 1)
-elif "edits" in ti and isinstance(ti["edits"], list):
-    for e in ti["edits"]:
-        old = e.get("old_string", "") if isinstance(e, dict) else ""
-        new = e.get("new_string", "") if isinstance(e, dict) else ""
-        if old: result = result.replace(old, new, 1)
-sys.stdout.write(result)
-' 2>/dev/null)
-    fi
-    if [ -z "$PROPOSED" ]; then
-      if [ "$TOOL_NAME" = "MultiEdit" ]; then
-        PROPOSED=$(echo "$TOOL_INPUT" | jq -r '[.edits[]?.new_string // ""] | join("\\n\\n--- chunk ---\\n\\n")' 2>/dev/null)
-      else
-        PROPOSED=$(echo "$TOOL_INPUT" | jq -r '.new_string // ""' 2>/dev/null)
-      fi
-    fi ;;
-  NotebookEdit) PROPOSED=$(echo "$TOOL_INPUT" | jq -r '.new_source // ""' 2>/dev/null) ;;
-esac
-if [ -z "$PROPOSED" ]; then echo '{}'; exit 0; fi
-DIFF_FIELD=$(echo "$TOOL_INPUT" | jq -c '{old_string, new_string, edits} | with_entries(select(.value != null))' 2>/dev/null)
-[ -z "$DIFF_FIELD" ] || [ "$DIFF_FIELD" = "null" ] || [ "$DIFF_FIELD" = "{}" ] && DIFF_FIELD="null"
-# Extract user intent from transcript
-USER_INTENT=""
-RECENT_USER_MESSAGES="[]"
-RECENT_MESSAGES="[]"
-RECENT_ACTIONS="[]"
-TRANSCRIPT_PATH=$(echo "$PAYLOAD" | jq -r '.transcript_path // empty' 2>/dev/null)
-if [ -n "$TRANSCRIPT_PATH" ] && [ -f "$TRANSCRIPT_PATH" ]; then
-  RECENT_USER_MESSAGES=$(tail -400 "$TRANSCRIPT_PATH" | jq -c -s '[.[] | select(.type == "user") | (.message.content | if type == "string" then . else (map(.text? // "") | join(" ")) end) | select(. != null and . != "")] | .[-5:]' 2>/dev/null || echo "[]")
-  USER_INTENT=$(echo "$RECENT_USER_MESSAGES" | jq -r '.[-1] // ""' 2>/dev/null || echo "")
-  RECENT_MESSAGES=$(tail -400 "$TRANSCRIPT_PATH" | jq -c -s '[.[] | select(.type == "user" or .type == "assistant") | {type, text: (.message.content | if type == "string" then .[0:500] else ([.[]? | (.text? // "") | .[0:300]] | join(" ")) end)}] | .[-10:]' 2>/dev/null || echo "[]")
-  RECENT_ACTIONS=$(tail -200 "$TRANSCRIPT_PATH" | jq -c -s '[.[] | select(.type == "assistant") | .message.content[]? | select(.type == "tool_use") | {tool: .name, input: (.input // {} | tostring | .[0:200])}] | .[-5:]' 2>/dev/null || echo "[]")
-fi
-LAST_PROMPT=$(synkro_read_last_prompt)
+BASENAME=$(basename "$FILE_PATH" 2>/dev/null || echo "$FILE_PATH")
+synkro_log "editGuard checking: $BASENAME"
 synkro_load_config
-ROUTE=$(synkro_route)
-TAG=$(synkro_tag "$ROUTE")
 if [ "$SYNKRO_SILENT" = "true" ]; then
-  jq -n --arg m "$TAG editGuard \u2192 skipped (silent mode)" '{systemMessage: $m}'
-  exit 0
-fi
-if [ "$ROUTE" = "local" ]; then
-  # \u2500\u2500\u2500 Local grading (local_only privacy or local-cc channel) \u2500\u2500\u2500
-  GRADER_FILE=$(mktemp -t synkro-edit.XXXXXX)
-  trap "rm -f \\"$GRADER_FILE\\"" EXIT
-  printf 'Working directory: %s\\nRepo: %s\\nFile: %s\\nProposed content (first 4000 chars):\\n%s\\nUser intent (last human message): %s\\nLast user prompt: %s\\nOrg rules: %s\\n' "\${CWD:-.}" "\${GIT_REPO:-unknown}" "$FILE_PATH" "$(printf '%s' "$PROPOSED" | head -c 4000)" "\${USER_INTENT:-none stated}" "\${LAST_PROMPT:-none}" "\${SYNKRO_RULES:-[]}" > "$GRADER_FILE"
-  CC_RESP=$(synkro_local_grade edit < "$GRADER_FILE" 2>&1)
-  if [ $? -ne 0 ]; then
-    jq -n --arg m "$TAG editGuard \u2192 pass: local grader unavailable (run synkro local-cc start)" '{systemMessage: $m}'
-    exit 0
-  fi
-  synkro_parse_local_verdict "$CC_RESP"
-  # Build edit content description and violated rules for full-content capture
-  EDIT_CONTENT="file=$FILE_PATH content=$(printf '%s' "$PROPOSED" | head -c 2000)"
-  VIOLATED_JSON="[]"
-  [ -n "$LOCAL_RULE_ID" ] && VIOLATED_JSON=$(jq -n --arg r "$LOCAL_RULE_ID" '[$r]')
-  if [ "$LOCAL_OK" = "false" ]; then
-    RULE_MODE="\${LOCAL_RULE_MODE:-$(synkro_rule_mode "\${LOCAL_RULE_ID}")}"
-    if [ "$RULE_MODE" = "audit" ]; then
-      REASON="$TAG editGuard $FILE_SHORT \u2192 warning\${LOCAL_RULE_ID:+ ($LOCAL_RULE_ID)}: \${LOCAL_REASON:-policy violation}"
-      jq -n --arg m "$REASON" '{systemMessage: $m}'
-      synkro_dispatch_capture "edit" "warning" "\${LOCAL_SEV}" "\${LOCAL_CAT}" "$TOOL_NAME" "$GIT_REPO" "$SESSION_ID" \\
-        "$EDIT_CONTENT" "$LOCAL_REASON" "\${SYNKRO_RULES:-[]}" "$VIOLATED_JSON" "[]"
-    else
-      REASON="$TAG editGuard $FILE_SHORT \u2192 blocked\${LOCAL_RULE_ID:+ ($LOCAL_RULE_ID)}: \${LOCAL_REASON:-policy violation}. Ask the user for explicit consent before retrying."
-      jq -n --arg reason "$REASON" \\
-        '{systemMessage:$reason,hookSpecificOutput:{hookEventName:"PreToolUse",permissionDecision:"deny",permissionDecisionReason:$reason,additionalContext:$reason}}'
-      synkro_dispatch_capture "edit" "block" "\${LOCAL_SEV}" "\${LOCAL_CAT}" "$TOOL_NAME" "$GIT_REPO" "$SESSION_ID" \\
-        "$EDIT_CONTENT" "$LOCAL_REASON" "\${SYNKRO_RULES:-[]}" "$VIOLATED_JSON" "[]"
-    fi
-  else
-    jq -n --arg m "$TAG editGuard $FILE_SHORT \u2192 pass: \${LOCAL_REASON:-no policy violations detected}" '{systemMessage: $m}'
-    synkro_dispatch_capture "edit" "pass" "audit" "\${LOCAL_CAT:-trivial_edit}" "$TOOL_NAME" "$GIT_REPO" "$SESSION_ID" \\
-      "$EDIT_CONTENT" "$LOCAL_REASON" "\${SYNKRO_RULES:-[]}" "[]" "[]"
-  fi
-  exit 0
+  echo '{}'; exit 0
 fi
-# \u2500\u2500\u2500 Cloud grading \u2500\u2500\u2500
 BODY=$(jq -n \\
-  --arg hook_event "PreToolUse" \\
-  --arg tool_name "$TOOL_NAME" \\
-  --argjson tool_input "$TOOL_INPUT" \\
   --arg file_path "$FILE_PATH" \\
-  --arg content "$PROPOSED" \\
-  --arg file_before "$FILE_BEFORE" \\
-  --argjson diff "$DIFF_FIELD" \\
-  --arg user_intent "$USER_INTENT" \\
-  --argjson recent_user_messages "$RECENT_USER_MESSAGES" \\
-  --argjson recent_messages "$RECENT_MESSAGES" \\
-  --argjson recent_actions "$RECENT_ACTIONS" \\
+  --arg content "$CONTENT" \\
   --arg session_id "$SESSION_ID" \\
-  --arg tool_use_id "$TOOL_USE_ID" \\
   --arg cwd "$CWD" \\
   --arg repo "$GIT_REPO" \\
-  --arg permission_mode "$PERMISSION_MODE" \\
-  --arg headless_flag "\${SYNKRO_HEADLESS:-0}" \\
-  --arg last_prompt "\${LAST_PROMPT:-}" \\
   '{
-    hook_event: $hook_event,
-    tool_name: $tool_name,
-    tool_input: $tool_input,
+    hook_event: "PreToolUse",
+    tool_name: "Edit",
+    tool_input: {file_path: $file_path, content: $content},
     file_path: $file_path,
     content: $content,
-    file_before: (if ($file_before | length) > 0 then $file_before else null end),
-    diff: $diff,
-    user_intent: (if ($user_intent | length) > 0 then $user_intent else null end),
-    last_user_message: (if ($last_prompt | length) > 0 then $last_prompt else null end),
-    recent_user_messages: $recent_user_messages,
-    recent_messages: $recent_messages,
-    recent_actions: $recent_actions,
+    response_format: "cursor",
     session_id: (if ($session_id | length) > 0 then $session_id else null end),
-    tool_use_id: (if ($tool_use_id | length) > 0 then $tool_use_id else null end),
     cwd: (if ($cwd | length) > 0 then $cwd else null end),
-    repo: (if ($repo | length) > 0 then $repo else null end),
-    permission_mode: (if ($permission_mode | length) > 0 then $permission_mode else null end),
-    headless: ($headless_flag == "1")
+    repo: (if ($repo | length) > 0 then $repo else null end)
   }')
 RESP=$(synkro_post_with_retry "\${GATEWAY_URL}/api/v1/hook/judge" "$BODY" 8)
 if [ -z "$RESP" ]; then
-  synkro_log "editGuard $FILE_SHORT \u2192 error (timeout)"
-  echo '{}'
-  exit 0
-fi
-if ! echo "$RESP" | jq -e 'type == "object"' >/dev/null 2>&1; then
-  synkro_log "editGuard $FILE_SHORT \u2192 error (bad response)"
-  echo '{}'
-  exit 0
+  synkro_log "editGuard $BASENAME \u2192 error (timeout)"
+  echo '{}'; exit 0
 fi
-DECISION=$(echo "$RESP" | jq -r '.hook_response.hookSpecificOutput.permissionDecision // "allow"' 2>/dev/null)
-if [ "$DECISION" = "deny" ] || [ "$DECISION" = "ask" ]; then
-  synkro_log "editGuard $FILE_SHORT \u2192 BLOCKED"
+if echo "$RESP" | jq -e '.hook_response' >/dev/null 2>&1; then
   echo "$RESP" | jq -c '.hook_response'
 else
-  REASON=$(echo "$RESP" | jq -r '.hook_response.reason // empty' 2>/dev/null)
-  if [ -n "$REASON" ]; then
-    synkro_log "editGuard $FILE_SHORT \u2192 pass: $REASON"
-  else
-    synkro_log "editGuard $FILE_SHORT \u2192 pass"
-  fi
-  echo "$RESP" | jq -c '.hook_response // {}'
+  echo '{}'
 fi
 exit 0
 `;
-    CC_EDIT_CAPTURE_SCRIPT = `#!/bin/bash
+    CURSOR_EDIT_CAPTURE_SCRIPT = `#!/bin/bash
 SCRIPT_DIR="$(cd "$(dirname "\${BASH_SOURCE[0]}")" && pwd)"
 . "$SCRIPT_DIR/_synkro-common.sh"
 JWT=$(synkro_load_jwt)
 if [ -z "$JWT" ]; then echo '{}'; exit 0; fi
-synkro_ensure_fresh_jwt
 PAYLOAD=$(cat)
 if [ -z "$PAYLOAD" ]; then echo '{}'; exit 0; fi
-TOOL_NAME=$(echo "$PAYLOAD" | jq -r '.tool_name // empty' 2>/dev/null)
-case "$TOOL_NAME" in Edit|Write|MultiEdit|NotebookEdit) ;; *) echo '{}'; exit 0 ;; esac
+FILE_PATH=$(echo "$PAYLOAD" | jq -r '.file_path // empty' 2>/dev/null)
+if [ -z "$FILE_PATH" ]; then echo '{}'; exit 0; fi
-TOOL_INPUT=$(echo "$PAYLOAD" | jq -c '.tool_input // {}' 2>/dev/null)
-SESSION_ID=$(echo "$PAYLOAD" | jq -r '.session_id // empty' 2>/dev/null)
-TOOL_USE_ID=$(echo "$PAYLOAD" | jq -r '.tool_use_id // empty' 2>/dev/null)
-CWD=$(echo "$PAYLOAD" | jq -r '.cwd // empty' 2>/dev/null)
+CWD=$(echo "$PAYLOAD" | jq -r '.cwd // .workspace_roots[0] // empty' 2>/dev/null)
+SESSION_ID=$(echo "$PAYLOAD" | jq -r '.conversation_id // empty' 2>/dev/null)
 GIT_REPO=$(synkro_detect_repo "\${CWD:-.}")
-synkro_detect_cc_model
-# Correction followup (backgrounded)
-if [ -n "$SESSION_ID" ] && [ -n "$TOOL_USE_ID" ]; then
-  (
-    BODY=$(jq -n --arg tid "$TOOL_USE_ID" --arg sid "$SESSION_ID" '{capture_type:"correction_followup",tool_use_id:$tid,session_id:$sid,decision:"allow"}')
-    curl -sS -X POST "\${GATEWAY_URL}/api/v1/hook/capture" \\
-      -H "Content-Type: application/json" -H "Authorization: Bearer $JWT" \\
-      -d "$BODY" --max-time 2 >/dev/null 2>&1
-  ) &
-fi
-# Fire-and-forget: POST edit scan to /v1/hook/judge (PostToolUse)
-FILE_PATH=$(echo "$TOOL_INPUT" | jq -r '.file_path // .notebook_path // .path // empty' 2>/dev/null)
-if [ -z "$FILE_PATH" ] || [ ! -f "$FILE_PATH" ]; then echo '{}'; exit 0; fi
-BASENAME=$(basename "$FILE_PATH")
-synkro_log "editScan: $BASENAME"
-FILE_CONTENT=$(head -c 65536 "$FILE_PATH" 2>/dev/null || echo "")
-if [ -z "$FILE_CONTENT" ]; then echo '{}'; exit 0; fi
+BASENAME=$(basename "$FILE_PATH" 2>/dev/null || echo "$FILE_PATH")
-DIFF_FIELD=$(echo "$TOOL_INPUT" | jq -c '{old_string, new_string, edits} | with_entries(select(.value != null))' 2>/dev/null || echo "null")
-[ -z "$DIFF_FIELD" ] || [ "$DIFF_FIELD" = "null" ] || [ "$DIFF_FIELD" = "{}" ] && DIFF_FIELD="null"
+FULL_PATH="$FILE_PATH"
+[ -n "$CWD" ] && FULL_PATH="$CWD/$FILE_PATH"
+FULL_CONTENT=""
+[ -f "$FULL_PATH" ] && FULL_CONTENT=$(head -c 50000 "$FULL_PATH" 2>/dev/null || true)
 DEPS_JSON="{}"
-_PKG_DIR=$(dirname "$FILE_PATH")
+_PKG_DIR="\${CWD:-.}"
 while [ "$_PKG_DIR" != "/" ]; do
   if [ -f "$_PKG_DIR/package.json" ]; then
     DEPS_JSON=$(jq -c '(.dependencies // {}) + (.devDependencies // {})' "$_PKG_DIR/package.json" 2>/dev/null || echo "{}")
@@ -1209,907 +770,1961 @@ while [ "$_PKG_DIR" != "/" ]; do
   _PKG_DIR=$(dirname "$_PKG_DIR")
 done
-synkro_load_config
-ROUTE=$(synkro_route)
-TAG=$(synkro_tag "$ROUTE")
-if [ "$SYNKRO_SILENT" = "true" ]; then
-  echo '{}'; exit 0
-fi
-if [ "$ROUTE" = "local" ]; then
-  # \u2500\u2500\u2500 Local edit scan (local_only privacy or local-cc channel) \u2500\u2500\u2500
-  GRADER_FILE=$(mktemp -t synkro-escan.XXXXXX)
-  trap "rm -f \\"$GRADER_FILE\\"" EXIT
-  printf 'Working directory: %s\\nRepo: %s\\nFile: %s\\nContent (first 4000 chars):\\n%s\\nOrg rules: %s\\n' "\${CWD:-.}" "\${GIT_REPO:-unknown}" "$FILE_PATH" "$(printf '%s' "$FILE_CONTENT" | head -c 4000)" "\${SYNKRO_RULES:-[]}" > "$GRADER_FILE"
-  CC_RESP=$(synkro_local_grade edit < "$GRADER_FILE" 2>&1)
-  if [ $? -ne 0 ]; then
-    echo '{}'; exit 0
-  fi
-  synkro_parse_local_verdict "$CC_RESP"
-  SCAN_CONTENT="file=$FILE_PATH"
-  SCAN_VIOLATED="[]"
-  [ -n "$LOCAL_RULE_ID" ] && SCAN_VIOLATED=$(jq -n --arg r "$LOCAL_RULE_ID" '[$r]')
-  if [ "$LOCAL_OK" = "false" ]; then
-    RULE_MODE="\${LOCAL_RULE_MODE:-$(synkro_rule_mode "\${LOCAL_RULE_ID}")}"
-    if [ "$RULE_MODE" = "audit" ]; then
-      REASON="$TAG editScan $BASENAME \u2192 warning\${LOCAL_RULE_ID:+ ($LOCAL_RULE_ID)}: \${LOCAL_REASON:-policy violation}"
-      jq -n --arg m "$REASON" '{systemMessage: $m}'
-      synkro_dispatch_capture "edit_scan" "warning" "\${LOCAL_SEV}" "\${LOCAL_CAT}" "$TOOL_NAME" "$GIT_REPO" "$SESSION_ID" \\
-        "$SCAN_CONTENT" "$LOCAL_REASON" "\${SYNKRO_RULES:-[]}" "$SCAN_VIOLATED" "[]"
-    else
-      REASON="$TAG editScan $BASENAME \u2192 block: \${LOCAL_REASON:-policy violation}"
-      jq -n --arg m "$REASON" '{systemMessage: $m, additionalContext: $m}'
-      synkro_dispatch_capture "edit_scan" "block" "\${LOCAL_SEV}" "\${LOCAL_CAT}" "$TOOL_NAME" "$GIT_REPO" "$SESSION_ID" \\
-        "$SCAN_CONTENT" "$LOCAL_REASON" "\${SYNKRO_RULES:-[]}" "$SCAN_VIOLATED" "[]"
-    fi
-  else
-    jq -n --arg m "$TAG editScan $BASENAME \u2192 pass: \${LOCAL_REASON:-no policy violations detected}" '{systemMessage: $m}'
-    synkro_dispatch_capture "edit_scan" "pass" "audit" "\${LOCAL_CAT:-trivial_edit}" "$TOOL_NAME" "$GIT_REPO" "$SESSION_ID" \\
-      "$SCAN_CONTENT" "$LOCAL_REASON" "\${SYNKRO_RULES:-[]}" "[]" "[]"
-  fi
-  exit 0
-fi
-# \u2500\u2500\u2500 Cloud edit scan \u2500\u2500\u2500
-BODY=$(jq -n \\
-  --arg hook_event "PostToolUse" \\
-  --arg tool_name "$TOOL_NAME" \\
-  --argjson tool_input "$TOOL_INPUT" \\
-  --arg file_path "$FILE_PATH" \\
-  --arg content "$FILE_CONTENT" \\
-  --argjson diff "$DIFF_FIELD" \\
-  --argjson dependencies "$DEPS_JSON" \\
-  --arg session_id "$SESSION_ID" \\
-  --arg tool_use_id "$TOOL_USE_ID" \\
-  --arg cwd "$CWD" \\
-  --arg repo "$GIT_REPO" \\
-  '{
-    hook_event: $hook_event,
-    tool_name: $tool_name,
-    tool_input: $tool_input,
-    file_path: $file_path,
-    content: $content,
-    diff: $diff,
-    dependencies: $dependencies,
-    session_id: (if ($session_id | length) > 0 then $session_id else null end),
-    tool_use_id: (if ($tool_use_id | length) > 0 then $tool_use_id else null end),
-    cwd: (if ($cwd | length) > 0 then $cwd else null end),
-    repo: (if ($repo | length) > 0 then $repo else null end)
-  }')
-RESP=$(synkro_post_with_retry "\${GATEWAY_URL}/api/v1/hook/judge" "$BODY" 12)
+synkro_log "editScan $BASENAME"
-if [ -z "$RESP" ] || ! echo "$RESP" | jq -e 'type == "object"' >/dev/null 2>&1; then
-  synkro_log "editScan $BASENAME \u2192 error (no response)"
-  echo '{}'
-  exit 0
-fi
+(
+  BODY=$(jq -n \\
+    --arg file_path "$FILE_PATH" --arg content "$FULL_CONTENT" \\
+    --arg session_id "$SESSION_ID" --arg cwd "$CWD" --arg repo "$GIT_REPO" \\
+    --argjson deps "$DEPS_JSON" \\
+    '{capture_type:"edit_scan",tool_input:{file_path:$file_path,content:$content},edit_verdict:{ok:true},dependencies:$deps}
+      + (if ($session_id | length) > 0 then {session_id:$session_id} else {} end)
+      + (if ($cwd | length) > 0 then {cwd:$cwd} else {} end)
+      + (if ($repo | length) > 0 then {repo:$repo} else {} end)')
+  curl -sS -X POST "\${GATEWAY_URL}/api/v1/hook/capture" \\
+    -H "Content-Type: application/json" -H "Authorization: Bearer $JWT" \\
+    -d "$BODY" --max-time 10 >/dev/null 2>&1 || true
+) &
+disown 2>/dev/null || true
-if echo "$RESP" | jq -e '.hook_response' >/dev/null 2>&1; then
-  echo "$RESP" | jq -c '.hook_response'
-else
-  echo '{}'
-fi
+echo '{}'
 exit 0
 `;
-    CC_PLAN_JUDGE_SCRIPT = `#!/bin/bash
+    CURSOR_BASH_FOLLOWUP_SCRIPT = `#!/bin/bash
 SCRIPT_DIR="$(cd "$(dirname "\${BASH_SOURCE[0]}")" && pwd)"
 . "$SCRIPT_DIR/_synkro-common.sh"
 JWT=$(synkro_load_jwt)
 if [ -z "$JWT" ]; then echo '{}'; exit 0; fi
-synkro_ensure_fresh_jwt
 PAYLOAD=$(cat)
-if [ -z "$PAYLOAD" ]; then echo '{}'; exit 0; fi
 TOOL_NAME=$(echo "$PAYLOAD" | jq -r '.tool_name // empty' 2>/dev/null)
-if [ "$TOOL_NAME" != "ExitPlanMode" ]; then echo '{}'; exit 0; fi
-# ExitPlanMode's tool_input contains {allowedPrompts:[...]}, not plan content.
-# Read from the most recently modified plan file instead.
-PLANS_DIR="$HOME/.claude/plans"
-PLAN_FILE=$(ls -t "$PLANS_DIR"/*.md 2>/dev/null | head -1)
-if [ -z "$PLAN_FILE" ] || [ ! -f "$PLAN_FILE" ]; then echo '{}'; exit 0; fi
-PLAN=$(cat "$PLAN_FILE" 2>/dev/null)
-if [ -z "$PLAN" ] || [ \${#PLAN} -lt 20 ]; then echo '{}'; exit 0; fi
-SESSION_ID=$(echo "$PAYLOAD" | jq -r '.session_id // empty' 2>/dev/null)
-CWD=$(echo "$PAYLOAD" | jq -r '.cwd // empty' 2>/dev/null)
-GIT_REPO=$(synkro_detect_repo "\${CWD:-.}")
-synkro_detect_cc_model
-PLAN_SHORT=$(printf '%s' "$PLAN" | head -c 80)
-synkro_log "planReview checking: $PLAN_SHORT..."
-# Write review verdict into the plan file so it survives ExitPlanMode rejection
-append_review_to_plan() {
-  local verdict="$1"
-  local tmp="\${PLAN_FILE}.synkro.tmp"
-  sed '/^<!-- synkro-plan-review -->$/,/^<!-- \\/synkro-plan-review -->$/d' "$PLAN_FILE" | sed -e :a -e '/^\\n*$/{$d;N;ba' -e '}' > "$tmp" 2>/dev/null
-  printf '\\n\\n<!-- synkro-plan-review -->\\n\\n---\\n\\n**Synkro Plan Review** \u2014 %s\\n\\n%s\\n\\n<!-- /synkro-plan-review -->\\n' "$(date '+%Y-%m-%d %H:%M')" "$verdict" >> "$tmp"
-  mv "$tmp" "$PLAN_FILE" 2>/dev/null
-}
+case "$TOOL_NAME" in Shell|Bash|terminal|run_terminal_cmd|execute_command) ;; *) echo '{}'; exit 0 ;; esac
-synkro_load_config
-ROUTE=$(synkro_route)
-TAG=$(synkro_tag "$ROUTE")
+SESSION_ID=$(echo "$PAYLOAD" | jq -r '.conversation_id // empty' 2>/dev/null)
+TOOL_USE_ID=$(echo "$PAYLOAD" | jq -r '.tool_use_id // empty' 2>/dev/null)
-if [ "$SYNKRO_SILENT" = "true" ]; then
-  jq -n --arg m "$TAG planReview \u2192 skipped (silent mode)" '{systemMessage: $m}'
-  exit 0
+IS_ERROR=$(echo "$PAYLOAD" | jq -r '.tool_result.is_error // false' 2>/dev/null)
+CMD=$(echo "$PAYLOAD" | jq -r '.tool_input.command // empty' 2>/dev/null)
+CMD_HASH=""
+if [ -n "$CMD" ]; then
+  CMD_HASH=$(printf '%s' "$CMD" | shasum -a 256 | cut -c1-16)
 fi
-if [ "$ROUTE" = "local" ]; then
-  GRADER_FILE=$(mktemp -t synkro-plan.XXXXXX)
-  trap "rm -f \\"$GRADER_FILE\\"" EXIT
-  printf 'Working directory: %s\\nRepo: %s\\nPlan:\\n%s\\nOrg rules: %s\\n' "\${CWD:-.}" "\${GIT_REPO:-unknown}" "$(printf '%s' "$PLAN" | head -c 8000)" "\${SYNKRO_RULES:-[]}" > "$GRADER_FILE"
-  CC_RESP=$(synkro_local_grade plan < "$GRADER_FILE" 2>&1)
-  if [ $? -ne 0 ]; then
-    echo '{}'; exit 0
-  fi
-  synkro_parse_local_verdict "$CC_RESP"
-  PLAN_CONTENT=$(printf '%s' "$PLAN" | head -c 2000)
-  PLAN_VIOLATED="[]"
-  [ -n "$LOCAL_RULE_ID" ] && PLAN_VIOLATED=$(jq -n --arg r "$LOCAL_RULE_ID" '[$r]')
-  if [ "$LOCAL_OK" = "false" ]; then
-    VCOUNT=$(printf '%s' "$CC_RESP" | grep -c '<violation>' 2>/dev/null || echo "0")
-    [ "$VCOUNT" = "0" ] && VCOUNT="1"
-    REVIEW_MSG="\${VCOUNT} rule(s) relevant\${LOCAL_RULE_ID:+ (first: $LOCAL_RULE_ID)}: \${LOCAL_REASON:-check org rules during implementation}"
-    append_review_to_plan "\u26A0\uFE0F Advisory \u2014 $REVIEW_MSG"
-    MSG="$TAG planReview \u2192 $REVIEW_MSG"
-    jq -n --arg m "$MSG" '{systemMessage: $m}'
-    synkro_dispatch_capture "plan_review" "advisory" "\${LOCAL_SEV}" "\${LOCAL_CAT}" "ExitPlanMode" "$GIT_REPO" "$SESSION_ID" \\
-      "$PLAN_CONTENT" "$LOCAL_REASON" "\${SYNKRO_RULES:-[]}" "$PLAN_VIOLATED" "[]"
+if [ -n "$CMD_HASH" ] && [ -n "$SESSION_ID" ]; then
+  if [ "$IS_ERROR" = "false" ]; then
+    synkro_consent_consume "$SESSION_ID" "$CMD_HASH"
   else
-    REVIEW_MSG="Clean \u2014 \${LOCAL_REASON:-no relevant org rules for this plan}"
-    append_review_to_plan "\u2705 $REVIEW_MSG"
-    jq -n --arg m "$TAG planReview \u2192 clean: \${LOCAL_REASON:-no relevant org rules for this plan}" '{systemMessage: $m}'
-    synkro_dispatch_capture "plan_review" "clean" "audit" "\${LOCAL_CAT:-general}" "ExitPlanMode" "$GIT_REPO" "$SESSION_ID" \\
-      "$PLAN_CONTENT" "$LOCAL_REASON" "\${SYNKRO_RULES:-[]}" "[]" "[]"
+    if ! synkro_consent_has_active "$SESSION_ID" "$CMD_HASH"; then
+      synkro_consent_grant "$SESSION_ID" "$CMD_HASH"
+    fi
   fi
-  exit 0
 fi
-# \u2500\u2500\u2500 Cloud grading \u2500\u2500\u2500
-BODY=$(jq -n \\
-  --arg hook_event "PreToolUse" \\
-  --arg tool_name "ExitPlanMode" \\
-  --arg plan "$(printf '%s' "$PLAN" | head -c 16000)" \\
-  --arg session_id "$SESSION_ID" \\
-  --arg cwd "$CWD" \\
-  --arg repo "$GIT_REPO" \\
-  '{
-    hook_event: $hook_event,
-    tool_name: $tool_name,
-    tool_input: {plan: $plan},
-    session_id: (if ($session_id | length) > 0 then $session_id else null end),
-    cwd: (if ($cwd | length) > 0 then $cwd else null end),
-    repo: (if ($repo | length) > 0 then $repo else null end)
-  }')
-RESP=$(synkro_post_with_retry "\${GATEWAY_URL}/api/v1/hook/judge" "$BODY" 12)
-if [ -z "$RESP" ]; then
-  synkro_log "planReview \u2192 error (timeout)"
-  echo '{}'
-  exit 0
-fi
-if ! echo "$RESP" | jq -e '.hook_response' >/dev/null 2>&1; then
-  echo '{}'
-  exit 0
+if [ -n "$SESSION_ID" ] && [ -n "$TOOL_USE_ID" ]; then
+  (
+    BODY=$(jq -n --arg sid "$SESSION_ID" --arg tid "$TOOL_USE_ID" \\
+      --argjson err "$IS_ERROR" --arg ch "$CMD_HASH" \\
+      '{capture_type:"bash_followup",session_id:$sid,tool_use_id:$tid,is_error:$err,command_hash:$ch}')
+    curl -sS -X POST "\${GATEWAY_URL}/api/v1/hook/capture" \\
+      -H "Content-Type: application/json" -H "Authorization: Bearer $JWT" \\
+      -d "$BODY" --max-time 3 >/dev/null 2>&1 || true
+  ) &
+  disown 2>/dev/null || true
 fi
-# Force advisory: convert any blocking decision to systemMessage
-HR=$(echo "$RESP" | jq -c '.hook_response')
-if echo "$HR" | jq -e '.hookSpecificOutput.permissionDecision' >/dev/null 2>&1; then
-  REASON=$(echo "$HR" | jq -r '.hookSpecificOutput.permissionDecisionReason // "check org rules"' 2>/dev/null)
-  append_review_to_plan "\u26A0\uFE0F Advisory \u2014 $REASON"
-  jq -n --arg m "$TAG planReview \u2192 advisory: $REASON" '{systemMessage: $m}'
-else
-  CLOUD_MSG=$(echo "$HR" | jq -r '.systemMessage // empty' 2>/dev/null)
-  [ -n "$CLOUD_MSG" ] && append_review_to_plan "\u2705 $CLOUD_MSG"
-  echo "$HR"
-fi
+echo '{}'
 exit 0
 `;
-    CC_STOP_SUMMARY_SCRIPT = `#!/bin/bash
-SCRIPT_DIR="$(cd "$(dirname "\${BASH_SOURCE[0]}")" && pwd)"
-. "$SCRIPT_DIR/_synkro-common.sh"
+  }
+});
-JWT=$(synkro_load_jwt)
-if [ -z "$JWT" ]; then echo '{}'; exit 0; fi
+// cli/installer/hookScriptsTs.ts
+var SYNKRO_COMMON_TS, EDIT_PRECHECK_TS, CWE_PRECHECK_TS, CVE_PRECHECK_TS, BASH_JUDGE_TS, PLAN_JUDGE_TS, STOP_SUMMARY_TS, SESSION_START_TS, BASH_FOLLOWUP_TS, TRANSCRIPT_SYNC_TS, USER_PROMPT_SUBMIT_TS;
+var init_hookScriptsTs = __esm({
+  "cli/installer/hookScriptsTs.ts"() {
+    "use strict";
+    SYNKRO_COMMON_TS = `
+// Shared Synkro hook utilities \u2014 imported by all hook scripts.
+import { readFileSync, writeFileSync, mkdirSync, rmdirSync, existsSync, renameSync } from 'node:fs';
+import { join, dirname, basename, extname } from 'node:path';
+import { homedir } from 'node:os';
+import { execSync, spawn } from 'node:child_process';
-PAYLOAD=$(cat)
-SESSION_ID=$(echo "$PAYLOAD" | jq -r '.session_id // empty' 2>/dev/null)
-if [ -z "$SESSION_ID" ]; then echo '{}'; exit 0; fi
+// \u2500\u2500\u2500 Config \u2500\u2500\u2500
-CWD=$(echo "$PAYLOAD" | jq -r '.cwd // empty' 2>/dev/null)
-TRANSCRIPT_PATH=$(echo "$PAYLOAD" | jq -r '.transcript_path // empty' 2>/dev/null)
-GIT_REPO=$(synkro_detect_repo "\${CWD:-.}")
+const HOME = homedir();
+const CONFIG_PATH = join(HOME, '.synkro', 'config.env');
-# Aggregate token usage across all assistant turns in the transcript and POST silently
-if [ -n "$TRANSCRIPT_PATH" ] && [ -f "$TRANSCRIPT_PATH" ]; then
-  (
-    _LAST=$(grep '"type":"assistant"' "$TRANSCRIPT_PATH" 2>/dev/null | tail -1)
-    CC_MODEL=$(echo "$_LAST" | jq -r '.message.model // empty' 2>/dev/null)
-    TOTALS=$(grep '"type":"assistant"' "$TRANSCRIPT_PATH" 2>/dev/null \\
-      | jq -c '.message.usage' 2>/dev/null \\
-      | jq -s '{in:(map(.input_tokens//0)|add//0),out:(map(.output_tokens//0)|add//0),cw:(map(.cache_creation_input_tokens//0)|add//0),cr:(map(.cache_read_input_tokens//0)|add//0)}' 2>/dev/null \\
-      || echo '{"in":0,"out":0,"cw":0,"cr":0}')
-    TOK_IN=$(echo "$TOTALS" | jq -r '.in // 0')
-    TOK_OUT=$(echo "$TOTALS" | jq -r '.out // 0')
-    TOK_CW=$(echo "$TOTALS" | jq -r '.cw // 0')
-    TOK_CR=$(echo "$TOTALS" | jq -r '.cr // 0')
-    HAS_TOKENS=$(( TOK_IN + TOK_OUT ))
-    if [ "$HAS_TOKENS" != "0" ]; then
-      CC_USAGE="{"input_tokens":$TOK_IN,"output_tokens":$TOK_OUT,"cache_creation_input_tokens":$TOK_CW,"cache_read_input_tokens":$TOK_CR}"
-      BODY=$(jq -n \\
-        --arg event_id "usage_$(date +%s)_$$" \\
-        --arg hook_type "stop" --arg verdict "allow" --arg severity "none" \\
-        --arg model "\${CC_MODEL:-unknown}" \\
-        --arg cc_model "\${CC_MODEL:-}" \\
-        --arg repo "\${GIT_REPO:-}" --arg session_id "$SESSION_ID" \\
-        --argjson cc_usage "$CC_USAGE" \\
-        '{capture_type:"local_verdict",event_id:$event_id,hook_type:$hook_type,verdict:$verdict,severity:$severity,model:$model,cc_usage:$cc_usage}
-          + (if $repo != "" then {repo:$repo} else {} end)
-          + (if $session_id != "" then {session_id:$session_id} else {} end)
-          + (if $cc_model != "" then {cc_model:$cc_model} else {} end)')
-      curl -sS -X POST "\${GATEWAY_URL}/api/v1/hook/capture" \\
-        -H "Content-Type: application/json" -H "Authorization: Bearer $JWT" \\
-        -d "$BODY" --max-time 2 >/dev/null 2>&1
-    fi
-  ) &
-fi
+// Load config.env into process.env
+if (existsSync(CONFIG_PATH)) {
+  try {
+    const lines = readFileSync(CONFIG_PATH, 'utf-8').split('\\n');
+    for (const line of lines) {
+      const trimmed = line.trim();
+      if (!trimmed || trimmed.startsWith('#')) continue;
+      const eqIdx = trimmed.indexOf('=');
+      if (eqIdx < 1) continue;
+      const key = trimmed.slice(0, eqIdx).trim();
+      let val = trimmed.slice(eqIdx + 1).trim();
+      // Strip surrounding quotes
+      if ((val.startsWith('"') && val.endsWith('"')) || (val.startsWith("'") && val.endsWith("'"))) {
+        val = val.slice(1, -1);
+      }
+      process.env[key] = val;
+    }
+  } catch {}
+}
-RESP=$(curl -sS -G "\${GATEWAY_URL}/api/v1/cli/session-summary" \\
-  --data-urlencode "session_id=$SESSION_ID" \\
-  -H "Authorization: Bearer $JWT" --max-time 2 2>/dev/null || echo "")
+export const GATEWAY_URL = process.env.SYNKRO_GATEWAY_URL || 'https://api.synkro.sh';
+export const CREDS_PATH = process.env.SYNKRO_CREDENTIALS_PATH || join(HOME, '.synkro', 'credentials.json');
+const LAST_PROMPT_FILE = join(HOME, '.synkro', '.last-prompt');
-if [ -z "$RESP" ]; then echo '{}'; exit 0; fi
+// \u2500\u2500\u2500 Logging \u2500\u2500\u2500
-EDITS=$(echo "$RESP" | jq -r '.edits_scanned // 0' 2>/dev/null)
-FINDINGS=$(echo "$RESP" | jq -r '.findings // 0' 2>/dev/null)
-AUTO_FIXED=$(echo "$RESP" | jq -r '.auto_fixed // 0' 2>/dev/null)
-OPEN=$(echo "$RESP" | jq -r '.open // 0' 2>/dev/null)
+export function log(msg: string): void {
+  process.stderr.write('[synkro] ' + msg + '\\n');
+}
-if [ "\${EDITS:-0}" = "0" ] || [ -z "$EDITS" ]; then echo '{}'; exit 0; fi
+// \u2500\u2500\u2500 JWT Management \u2500\u2500\u2500
-synkro_load_config
-TAG=$(synkro_tag)
-if [ "\${FINDINGS:-0}" = "0" ] || [ -z "$FINDINGS" ]; then
-  SYS_MSG="$TAG stop \u2192 0 issues across \${EDITS} edit(s), session complete"
-else
-  SYS_MSG="$TAG stop \u2192 \${FINDINGS} finding(s): \${AUTO_FIXED} auto-fixed, \${OPEN} open"
-fi
+export function loadJwt(): string | null {
+  try {
+    if (!existsSync(CREDS_PATH)) return null;
+    const creds = JSON.parse(readFileSync(CREDS_PATH, 'utf-8'));
+    return creds.access_token || null;
+  } catch {
+    return null;
+  }
+}
-jq -n --arg m "$SYS_MSG" '{systemMessage: $m}'
-exit 0
-`;
-    CC_SESSION_START_SCRIPT = `#!/bin/bash
-SCRIPT_DIR="$(cd "$(dirname "\${BASH_SOURCE[0]}")" && pwd)"
-. "$SCRIPT_DIR/_synkro-common.sh"
+function decodeJwtExp(jwt: string): number {
+  try {
+    const parts = jwt.split('.');
+    if (parts.length < 2) return 0;
+    let payload = parts[1].replace(/-/g, '+').replace(/_/g, '/');
+    while (payload.length % 4) payload += '=';
+    const decoded = Buffer.from(payload, 'base64').toString('utf-8');
+    const obj = JSON.parse(decoded);
+    return obj.exp || 0;
+  } catch {
+    return 0;
+  }
+}
-JWT=$(synkro_load_jwt)
+export async function refreshJwt(jwt: string): Promise<string> {
+  try {
+    const creds = JSON.parse(readFileSync(CREDS_PATH, 'utf-8'));
+    const rt = creds.refresh_token;
+    if (!rt) return jwt;
-# Route preamble
-SYNKRO_PORT="\${SYNKRO_CHANNEL_PORT:-8929}"
-PAYLOAD=$(cat)
-CWD=$(echo "$PAYLOAD" | jq -r '.cwd // empty' 2>/dev/null)
-SESSION_ID=$(echo "$PAYLOAD" | jq -r '.session_id // empty' 2>/dev/null)
-GIT_REPO=$(synkro_detect_repo "\${CWD:-.}")
+    const resp = await fetch(GATEWAY_URL + '/api/auth/refresh', {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify({ refresh_token: rt }),
+      signal: AbortSignal.timeout(4000),
+    });
+    const data = await resp.json() as any;
+    const newAt = data.access_token;
+    if (!newAt) return jwt;
+    const newRt = data.refresh_token || rt;
+    const existing = (() => {
+      try { return JSON.parse(readFileSync(CREDS_PATH, 'utf-8')); } catch { return {}; }
+    })();
+    const updated = { ...existing, access_token: newAt, refresh_token: newRt };
+    const tmp = CREDS_PATH + '.synkro.tmp';
+    writeFileSync(tmp, JSON.stringify(updated, null, 2));
+    renameSync(tmp, CREDS_PATH);
+    return newAt;
+  } catch {
+    return jwt;
+  }
+}
-RESP=""
-if [ -n "$JWT" ]; then
-  RESP=$(curl -sS -G "\${GATEWAY_URL}/api/v1/hook/config" \\
-    --data-urlencode "session_id=\${SESSION_ID:-}" \\
-    --data-urlencode "repo=\${GIT_REPO:-}" \\
-    -H "Authorization: Bearer $JWT" --max-time 3 2>/dev/null || echo "")
-  if [ -n "$RESP" ]; then
-    SYNKRO_SILENT=$(echo "$RESP" | jq -r '.silent_mode // false' 2>/dev/null)
-    SYNKRO_POLICY_NAME=$(echo "$RESP" | jq -r '.active_policy_name // empty' 2>/dev/null)
-  fi
-fi
+export async function ensureFreshJwt(jwt: string): Promise<string> {
+  if (!jwt) return jwt;
+  const exp = decodeJwtExp(jwt);
+  const now = Math.floor(Date.now() / 1000);
+  if (exp - now >= 60) return jwt;
-if (exec 3<>/dev/tcp/127.0.0.1/"$SYNKRO_PORT") 2>/dev/null; then
-  exec 3<&- 3>&- 2>/dev/null || true
-  TAG=$(synkro_tag "local")
-  ROUTE_LINE="$TAG inference: local-cc (channel reachable on 127.0.0.1:$SYNKRO_PORT)"
-else
-  TAG=$(synkro_tag "cloud")
-  ROUTE_LINE="$TAG inference: cloud (local-cc channel not reachable)"
-fi
+  const lockdir = CREDS_PATH + '.lockdir';
+  let acquired = false;
+  try {
+    mkdirSync(lockdir);
+    acquired = true;
+  } catch {
+    // Another process is refreshing \u2014 wait and re-read
+    for (let i = 0; i < 5; i++) {
+      await new Promise(r => setTimeout(r, 500));
+      if (!existsSync(lockdir)) break;
+    }
+    // Re-read creds
+    const fresh = loadJwt();
+    return fresh || jwt;
+  }
-if [ -z "$JWT" ]; then
-  jq -n --arg m "$ROUTE_LINE" '{systemMessage: $m}'
-  exit 0
-fi
+  try {
+    // Re-check \u2014 another hook may have just refreshed
+    const freshJwt = loadJwt();
+    if (freshJwt) {
+      const freshExp = decodeJwtExp(freshJwt);
+      if (freshExp - Math.floor(Date.now() / 1000) >= 60) return freshJwt;
+    }
+    return await refreshJwt(jwt);
+  } finally {
+    if (acquired) {
+      try { rmdirSync(lockdir); } catch {}
+    }
+  }
+}
-OPEN=0
-if [ -n "$RESP" ]; then
-  OPEN=$(echo "$RESP" | jq -r '.session_context.open_findings // 0' 2>/dev/null)
-fi
+// \u2500\u2500\u2500 Repo Detection \u2500\u2500\u2500
-if [ "$OPEN" = "0" ] || [ -z "$OPEN" ]; then
-  jq -n --arg m "$ROUTE_LINE" '{systemMessage: $m}'
-else
-  if [ "$OPEN" = "1" ]; then
-    SYS_MSG="$ROUTE_LINE"$'\\n'"$TAG session start \u2192 1 open finding in this repo from a prior session."
-  else
-    SYS_MSG="$ROUTE_LINE"$'\\n'"$TAG session start \u2192 \${OPEN} open findings in this repo from prior sessions."
-  fi
-  jq -n --arg m "$SYS_MSG" '{systemMessage: $m}'
-fi
-exit 0
-`;
-    CC_BASH_FOLLOWUP_SCRIPT = `#!/bin/bash
-SCRIPT_DIR="$(cd "$(dirname "\${BASH_SOURCE[0]}")" && pwd)"
-. "$SCRIPT_DIR/_synkro-common.sh"
+export function detectRepo(cwd: string): string {
+  try {
+    const url = execSync('git remote get-url origin', { cwd, timeout: 3000, encoding: 'utf-8' }).trim();
+    if (!url) return '';
+    return url
+      .replace(/^git@[^:]+:/, '')
+      .replace(/^https?:\\/\\/[^/]+\\//, '')
+      .replace(/\\.git$/, '');
+  } catch {
+    return '';
+  }
+}
-JWT=$(synkro_load_jwt)
-if [ -z "$JWT" ]; then echo '{}'; exit 0; fi
+// \u2500\u2500\u2500 Channel Health \u2500\u2500\u2500
-PAYLOAD=$(cat)
-TOOL_NAME=$(echo "$PAYLOAD" | jq -r '.tool_name // empty' 2>/dev/null)
-if [ "$TOOL_NAME" != "Bash" ]; then echo '{}'; exit 0; fi
+export async function channelUp(port = 8929): Promise<boolean> {
+  try {
+    await fetch('http://127.0.0.1:' + port, { signal: AbortSignal.timeout(500) });
+    return true;
+  } catch (e: any) {
+    // If we got a connection error vs a response error, check:
+    // fetch throws TypeError for connection refused, but any HTTP response means the port is open
+    if (e?.name === 'TimeoutError') return false;
+    if (e?.cause?.code === 'ECONNREFUSED' || e?.code === 'ECONNREFUSED') return false;
+    // Any other error (like bad response) means the port is actually open
+    return true;
+  }
+}
-SESSION_ID=$(echo "$PAYLOAD" | jq -r '.session_id // empty' 2>/dev/null)
-TOOL_USE_ID=$(echo "$PAYLOAD" | jq -r '.tool_use_id // empty' 2>/dev/null)
-if [ -z "$SESSION_ID" ] || [ -z "$TOOL_USE_ID" ]; then echo '{}'; exit 0; fi
+export async function cweChannelUp(): Promise<boolean> {
+  return channelUp(8930);
+}
-# Extract is_error from tool_result and compute command hash for consent tracking
-IS_ERROR=$(echo "$PAYLOAD" | jq -r '.tool_result.is_error // false' 2>/dev/null)
-CMD=$(echo "$PAYLOAD" | jq -r '.tool_input.command // empty' 2>/dev/null)
-CMD_HASH=""
-if [ -n "$CMD" ]; then
-  CMD_HASH=$(printf '%s' "$CMD" | shasum -a 256 | cut -c1-16)
-fi
+// \u2500\u2500\u2500 Config Loading \u2500\u2500\u2500
-BODY=$(jq -n --arg sid "$SESSION_ID" --arg tid "$TOOL_USE_ID" \\
-  --argjson err "$IS_ERROR" --arg ch "$CMD_HASH" \\
-  '{capture_type:"bash_followup",session_id:$sid,tool_use_id:$tid,is_error:$err,command_hash:$ch}')
+export interface Rule {
+  rule_id: string;
+  text: string;
+  severity: string;
+  category: string;
+  mode: string;
+}
-# Local consent tracking: command ran = user consented
-# On success \u2192 consume (next attempt blocks fresh)
-# On failure \u2192 grant active (retry allowed)
-# Consent tracking: on success \u2192 consume (next run blocks fresh), on error \u2192 grant (retry allowed)
-if [ -n "$CMD_HASH" ] && [ -n "$SESSION_ID" ]; then
-  if [ "$IS_ERROR" = "false" ]; then
-    synkro_consent_consume "$SESSION_ID" "$CMD_HASH"
-  else
-    if ! synkro_consent_has_active "$SESSION_ID" "$CMD_HASH"; then
-      synkro_consent_grant "$SESSION_ID" "$CMD_HASH"
-    fi
-  fi
-fi
+export interface HookConfig {
+  captureDepth: string;
+  tier: string;
+  silent: boolean;
+  policyName: string;
+  rules: Rule[];
+}
-curl -sS -X POST "\${GATEWAY_URL}/api/v1/hook/capture" \\
-  -H "Content-Type: application/json" -H "Authorization: Bearer $JWT" \\
-  -d "$BODY" --max-time 2 >/dev/null 2>&1 || true
+export async function loadConfig(jwt: string, query?: string): Promise<HookConfig> {
+  const config: HookConfig = {
+    captureDepth: 'local_only',
+    tier: 'standard',
+    silent: false,
+    policyName: '',
+    rules: [],
+  };
+  try {
+    const url = GATEWAY_URL + '/api/v1/hook/config' + (query ? '?' + query : '');
+    const resp = await fetch(url, {
+      headers: { Authorization: 'Bearer ' + jwt },
+      signal: AbortSignal.timeout(4000),
+    });
+    const data = await resp.json() as any;
+    config.captureDepth = data.capture_depth || 'local_only';
+    config.tier = data.tier || 'standard';
+    config.silent = data.silent_mode === true || data.silent_mode === 'true';
+    config.policyName = data.active_policy_name || '';
+    if (Array.isArray(data.rules)) {
+      config.rules = data.rules
+        .filter((r: any) => r.hook_stage === 'pre' || r.hook_stage === 'both' || r.hook_stage == null)
+        .map((r: any) => ({
+          rule_id: r.rule_id || '',
+          text: r.text || '',
+          severity: r.severity || '',
+          category: r.category || '',
+          mode: r.mode || 'blocking',
+        }));
+    }
+  } catch {}
+  return config;
+}
-echo '{}'
-exit 0
-`;
-    CC_CVE_SCAN_SCRIPT = `#!/bin/bash
-SCRIPT_DIR="$(cd "$(dirname "\${BASH_SOURCE[0]}")" && pwd)"
-. "$SCRIPT_DIR/_synkro-common.sh"
+// \u2500\u2500\u2500 Routing \u2500\u2500\u2500
-JWT=$(synkro_load_jwt)
-if [ -z "$JWT" ]; then echo '{}'; exit 0; fi
-synkro_ensure_fresh_jwt
+export async function route(config: HookConfig): Promise<'local' | 'cloud'> {
+  if (config.captureDepth === 'local_only') return 'local';
+  if (await channelUp()) return 'local';
+  return 'cloud';
+}
-PAYLOAD=$(cat)
-if [ -z "$PAYLOAD" ]; then echo '{}'; exit 0; fi
+export async function cweRoute(config: HookConfig): Promise<'local' | 'cloud'> {
+  if (config.captureDepth === 'local_only') return 'local';
+  if (await cweChannelUp()) return 'local';
+  return 'cloud';
+}
-TOOL_NAME=$(echo "$PAYLOAD" | jq -r '.tool_name // empty' 2>/dev/null)
-case "$TOOL_NAME" in Edit|Write|MultiEdit|NotebookEdit) ;; *) echo '{}'; exit 0 ;; esac
+// \u2500\u2500\u2500 Tag Building \u2500\u2500\u2500
-TOOL_INPUT=$(echo "$PAYLOAD" | jq -c '.tool_input // {}' 2>/dev/null)
-CWD=$(echo "$PAYLOAD" | jq -r '.cwd // empty' 2>/dev/null)
+export function tag(rt: string, config: HookConfig): string {
+  if (config.silent) return '[synkro:silent]';
+  const rs = config.policyName || 'all';
+  return '[synkro:' + rt + ':' + rs + ']';
+}
-FILE_PATH=$(echo "$TOOL_INPUT" | jq -r '.file_path // .notebook_path // .path // empty' 2>/dev/null)
-if [ -z "$FILE_PATH" ] || [ ! -f "$FILE_PATH" ]; then echo '{}'; exit 0; fi
+// \u2500\u2500\u2500 Local Grading \u2500\u2500\u2500
-FILE_CONTENT=$(head -c 65536 "$FILE_PATH" 2>/dev/null || echo "")
-if [ -z "$FILE_CONTENT" ]; then echo '{}'; exit 0; fi
+function spawnGrade(surface: string, prompt: string, envOverride?: Record<string, string>, timeoutMs = 22000): Promise<string> {
+  return new Promise((resolve, reject) => {
+    const cliBin = process.env.SYNKRO_CLI_BIN;
+    let cmd: string;
+    let args: string[];
-DEPS_JSON="{}"
-_PKG_DIR=$(dirname "$FILE_PATH")
-while [ "$_PKG_DIR" != "/" ]; do
-  if [ -f "$_PKG_DIR/package.json" ]; then
-    DEPS_JSON=$(jq -c '(.dependencies // {}) + (.devDependencies // {})' "$_PKG_DIR/package.json" 2>/dev/null || echo "{}")
-    break
-  fi
-  _PKG_DIR=$(dirname "$_PKG_DIR")
-done
+    if (cliBin && existsSync(cliBin)) {
+      // Use the CLI binary directly with bun/node
+      cmd = 'node';
+      args = [cliBin, 'grade', surface];
+    } else {
+      cmd = 'synkro';
+      args = ['grade', surface];
+    }
-synkro_load_config
-ROUTE=$(synkro_route)
-TAG=$(synkro_tag "$ROUTE")
+    const child = spawn(cmd, args, {
+      stdio: ['pipe', 'pipe', 'pipe'],
+      env: { ...process.env, ...envOverride },
+    });
-if [ "$SYNKRO_SILENT" = "true" ]; then echo '{}'; exit 0; fi
+    let stdout = '';
+    let stderr = '';
+    child.stdout.on('data', (d: Buffer) => { stdout += d.toString(); });
+    child.stderr.on('data', (d: Buffer) => { stderr += d.toString(); });
+    child.stdin.write(prompt);
+    child.stdin.end();
+    const timer = setTimeout(() => {
+      child.kill();
+      reject(new Error('SYNKRO_GRADE_TIMEOUT'));
+    }, timeoutMs);
+    child.on('close', (code: number | null) => {
+      clearTimeout(timer);
+      if (code === 0) resolve(stdout);
+      else reject(new Error(stderr || 'exit ' + code));
+    });
+    child.on('error', (err: Error) => { clearTimeout(timer); reject(err); });
+  });
+}
-BASENAME=$(basename "$FILE_PATH")
+export async function localGrade(surface: string, prompt: string): Promise<string> {
+  if (!(await channelUp())) throw new Error('SYNKRO_CHANNEL_DOWN');
+  return spawnGrade(surface, prompt);
+}
-BODY=$(jq -n --arg fp "$FILE_PATH" --arg c "$FILE_CONTENT" --argjson deps "$DEPS_JSON" \\
-  '{file_path:$fp, content:$c, dependencies:$deps}')
+export async function localGradeCwe(prompt: string): Promise<string> {
+  if (!(await cweChannelUp())) throw new Error('SYNKRO_CHANNEL_DOWN');
+  return spawnGrade('cwe', prompt, { SYNKRO_CHANNEL_PORT: '8930' }, 12000);
+}
-RESP=$(curl -sS -X POST "\${GATEWAY_URL}/api/v1/cve-scan" \\
-  -H "Content-Type: application/json" -H "Authorization: Bearer $JWT" \\
-  -d "$BODY" --max-time 6 2>/dev/null || echo "")
+// \u2500\u2500\u2500 Verdict Parsing \u2500\u2500\u2500
-if [ -z "$RESP" ] || ! echo "$RESP" | jq -e 'type == "object"' >/dev/null 2>&1; then
-  echo '{}'; exit 0
-fi
+export interface Verdict {
+  ok: boolean;
+  reason: string;
+  ruleId: string;
+  ruleMode: string;
+  severity: string;
+  category: string;
+}
-CVE_COUNT=$(echo "$RESP" | jq -r '.findings | length' 2>/dev/null || echo "0")
-if [ "$CVE_COUNT" -gt 0 ] 2>/dev/null; then
-  CVE_CRIT=$(echo "$RESP" | jq '[.findings[] | select((.severity | tonumber? // 0) >= 7.0)] | length' 2>/dev/null || echo "0")
-  CRIT_PKGS=$(echo "$RESP" | jq -r '[.findings[] | select((.severity | tonumber? // 0) >= 7.0) | .package] | unique | .[:3] | join(", ")' 2>/dev/null || echo "")
-  ALL_PKGS=$(echo "$RESP" | jq -r '[.findings[].package] | unique | .[:3] | join(", ")' 2>/dev/null || echo "")
-  ALL_TOTAL=$(echo "$RESP" | jq -r '[.findings[].package] | unique | length' 2>/dev/null || echo "0")
-  [ "$CVE_COUNT" = "1" ] && LABEL="advisory" || LABEL="advisories"
-  if [ "$CVE_CRIT" -gt 0 ]; then
-    [ "$ALL_TOTAL" -gt 3 ] && CRIT_PKGS="\${CRIT_PKGS}, ..."
-    jq -n --arg m "[synkro:\${ROUTE}:cveScan] \${CVE_COUNT} \${LABEL}, \${CVE_CRIT} critical/high (\${CRIT_PKGS})" '{systemMessage: $m}'
-  else
-    [ "$ALL_TOTAL" -gt 3 ] && ALL_PKGS="\${ALL_PKGS}, ..."
-    jq -n --arg m "[synkro:\${ROUTE}:cveScan] \${CVE_COUNT} \${LABEL} (\${ALL_PKGS})" '{systemMessage: $m}'
-  fi
-else
-  jq -n --arg m "[synkro:\${ROUTE}:cveScan] clean" '{systemMessage: $m}'
-fi
-exit 0
-`;
-    CC_CWE_SCAN_SCRIPT = `#!/bin/bash
-SCRIPT_DIR="$(cd "$(dirname "\${BASH_SOURCE[0]}")" && pwd)"
-. "$SCRIPT_DIR/_synkro-common.sh"
+export function parseVerdict(resp: string): Verdict {
+  const verdict: Verdict = {
+    ok: true,
+    reason: '',
+    ruleId: '',
+    ruleMode: '',
+    severity: 'low',
+    category: 'clean',
+  };
-JWT=$(synkro_load_jwt)
-if [ -z "$JWT" ]; then echo '{}'; exit 0; fi
-synkro_ensure_fresh_jwt
+  // Flatten newlines for easier regex
+  const flat = resp.replace(/\\n/g, ' ');
+  const outerMatch = flat.match(/<synkro-verdict>(.*)<\\/synkro-verdict>/);
+  if (!outerMatch) return verdict;
+  const inner = outerMatch[1];
-PAYLOAD=$(cat)
-if [ -z "$PAYLOAD" ]; then echo '{}'; exit 0; fi
+  const okMatch = inner.match(/<ok>(.*?)<\\/ok>/);
+  if (okMatch) verdict.ok = okMatch[1].trim() !== 'false';
-TOOL_NAME=$(echo "$PAYLOAD" | jq -r '.tool_name // empty' 2>/dev/null)
-case "$TOOL_NAME" in Edit|Write|MultiEdit|NotebookEdit) ;; *) echo '{}'; exit 0 ;; esac
+  const reasonMatch = inner.match(/<reason>(.*?)<\\/reason>/) || inner.match(/<reasoning>(.*?)<\\/reasoning>/);
+  if (reasonMatch) verdict.reason = reasonMatch[1].trim();
-TOOL_INPUT=$(echo "$PAYLOAD" | jq -c '.tool_input // {}' 2>/dev/null)
-CWD=$(echo "$PAYLOAD" | jq -r '.cwd // empty' 2>/dev/null)
+  if (!verdict.ok) {
+    const ruleIdMatch = inner.match(/<rule_id>(.*?)<\\/rule_id>/);
+    const ruleModeMatch = inner.match(/<rule_mode>(.*?)<\\/rule_mode>/);
+    const sevMatch = inner.match(/<risk_level>(.*?)<\\/risk_level>/);
+    if (ruleIdMatch) {
+      verdict.ruleId = ruleIdMatch[1].trim();
+    } else {
+      // Try to find inside a <violation> block
+      const violationMatch = inner.match(/<violation>(.*?)<\\/violation>/);
+      if (violationMatch) {
+        const vBlock = violationMatch[1];
+        const vRuleId = vBlock.match(/<rule_id>(.*?)<\\/rule_id>/);
+        if (vRuleId) verdict.ruleId = vRuleId[1].trim();
+        if (!verdict.reason) {
+          const vReason = vBlock.match(/<reason>(.*?)<\\/reason>/);
+          if (vReason) verdict.reason = vReason[1].trim();
+        }
+        if (!sevMatch) {
+          const vSev = vBlock.match(/<severity>(.*?)<\\/severity>/);
+          if (vSev) verdict.severity = vSev[1].trim();
+        }
+      }
+    }
-FILE_PATH=$(echo "$TOOL_INPUT" | jq -r '.file_path // .notebook_path // .path // empty' 2>/dev/null)
-if [ -z "$FILE_PATH" ] || [ ! -f "$FILE_PATH" ]; then echo '{}'; exit 0; fi
+    if (ruleModeMatch) verdict.ruleMode = ruleModeMatch[1].trim();
+    if (sevMatch) verdict.severity = sevMatch[1].trim();
+    verdict.severity = verdict.severity || 'high';
-FILE_CONTENT=$(head -c 65536 "$FILE_PATH" 2>/dev/null || echo "")
-if [ -z "$FILE_CONTENT" ]; then echo '{}'; exit 0; fi
+    const catMatch = inner.match(/<category>(.*?)<\\/category>/);
+    verdict.category = catMatch ? catMatch[1].trim() : 'uncategorized';
-synkro_load_config
-ROUTE=$(synkro_route)
-TAG=$(synkro_tag "$ROUTE")
+    // Fallback: extract rule ID from reason text
+    if (!verdict.ruleId && verdict.reason) {
+      const rMatch = verdict.reason.match(/[Rr]\\d{3}/);
+      if (rMatch) verdict.ruleId = rMatch[0];
+    }
+  }
-if [ "$SYNKRO_SILENT" = "true" ]; then echo '{}'; exit 0; fi
+  return verdict;
+}
+// \u2500\u2500\u2500 Telemetry Dispatch \u2500\u2500\u2500
+export function dispatchCapture(
+  jwt: string,
+  hookType: string,
+  verdictStr: string,
+  severity: string,
+  category: string,
+  toolName: string,
+  repo: string,
+  sessionId: string,
+  captureDepth: string,
+  opts?: {
+    command?: string;
+    reasoning?: string;
+    rulesChecked?: Rule[] | string;
+    violatedRules?: string[];
+    recentUserMessages?: string[];
+    ccModel?: string;
+  },
+): void {
+  // Fire-and-forget
+  const eventId = 'evt_' + Date.now() + '_' + process.pid;
+  const model = opts?.ccModel || 'unknown';
+  const sendFull =
+    captureDepth === 'full' ||
+    (captureDepth === 'evidence_on_violation' && ['block', 'warning', 'deny'].includes(verdictStr));
+  const body: Record<string, any> = {
+    capture_type: 'local_verdict',
+    event_id: eventId,
+    hook_type: hookType,
+    verdict: verdictStr,
+    severity,
+    category,
+    cc_model: model,
+    model,
+    tool_name: toolName,
+  };
+  if (repo) body.repo = repo;
+  if (sessionId) body.session_id = sessionId;
-BASENAME=$(basename "$FILE_PATH")
-FILE_EXT=".\${FILE_PATH##*.}"
+  if (sendFull && opts) {
+    body.capture_depth = captureDepth;
+    if (opts.command) body.command = opts.command;
+    if (opts.reasoning) body.reasoning = opts.reasoning;
+    if (opts.rulesChecked) body.rules_checked = opts.rulesChecked;
+    if (opts.violatedRules) body.violated_rules = opts.violatedRules;
+    if (opts.recentUserMessages) body.recent_user_messages = opts.recentUserMessages;
+  }
-# \u2500\u2500\u2500 Helper: format CWE findings into system message \u2500\u2500\u2500
-format_cwe_result() {
-  local count="$1" crit="$2" ids="$3" total="$4"
-  [ "$count" = "1" ] && local label="match" || local label="matches"
-  if [ "$crit" -gt 0 ] 2>/dev/null; then
-    [ "$total" -gt 3 ] && ids="\${ids}, ..."
-    jq -n --arg m "[synkro:\${ROUTE}:cweScan] \${count} CWE \${label}, \${crit} critical (\${ids})" '{systemMessage: $m}'
-  else
-    [ "$total" -gt 3 ] && ids="\${ids}, ..."
-    jq -n --arg m "[synkro:\${ROUTE}:cweScan] \${count} CWE \${label} (\${ids})" '{systemMessage: $m}'
-  fi
+  fetch(GATEWAY_URL + '/api/v1/hook/capture', {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/json', Authorization: 'Bearer ' + jwt },
+    body: JSON.stringify(body),
+    signal: AbortSignal.timeout(3000),
+  }).catch(() => {});
 }
-if [ "$ROUTE" = "local" ]; then
-  # \u2500\u2500\u2500 Local CWE scan: deterministic Top 25 filter + local-cc grader \u2500\u2500\u2500
-  CWE_RULES=$(curl -sS -X GET "\${GATEWAY_URL}/api/v1/cwe-rules?ext=$FILE_EXT" \\
-    -H "Authorization: Bearer $JWT" --max-time 4 2>/dev/null || echo "")
-  CWE_LIST=$(echo "$CWE_RULES" | jq -c '.rules // []' 2>/dev/null || echo "[]")
-  CWE_RULE_COUNT=$(echo "$CWE_LIST" | jq 'length' 2>/dev/null || echo "0")
-  if [ "$CWE_RULE_COUNT" -eq 0 ] 2>/dev/null; then
-    jq -n --arg m "[synkro:\${ROUTE}:cweScan] clean (no CWEs for $FILE_EXT)" '{systemMessage: $m}'
-    exit 0
-  fi
-  GRADER_FILE=$(mktemp -t synkro-cwescan.XXXXXX)
-  trap "rm -f \\"$GRADER_FILE\\"" EXIT
-  printf 'File: %s\\nContent (first 4000 chars):\\n%s\\n\\nCWE rules to check against:\\n%s\\n' "$FILE_PATH" "$(printf '%s' "$FILE_CONTENT" | head -c 4000)" "$CWE_LIST" > "$GRADER_FILE"
+// \u2500\u2500\u2500 Rule Mode Lookup \u2500\u2500\u2500
-  CC_RESP=$(synkro_local_grade_cwe < "$GRADER_FILE" 2>&1)
-  if [ $? -ne 0 ]; then
-    jq -n --arg m "[synkro:\${ROUTE}:cweScan] pass: local grader unavailable" '{systemMessage: $m}'
-    exit 0
-  fi
-  synkro_parse_local_verdict "$CC_RESP"
-  if [ "$LOCAL_OK" = "false" ]; then
-    CWE_IDS=""
-    CWE_COUNT=0
-    CWE_CRIT=0
-    while IFS= read -r vid; do
-      [ -z "$vid" ] && continue
-      CWE_COUNT=$((CWE_COUNT + 1))
-      cwe_tag=$(printf '%s' "$CC_RESP" | tr '\\n' ' ' | grep -oE "<violation>[^<]*<rule_id>$vid</rule_id>[^<]*<severity>[^<]*</severity>" | head -1)
-      sev=$(printf '%s' "$cwe_tag" | sed -nE 's|.*<severity>(.*)</severity>.*|\\1|p')
-      [ "$sev" = "critical" ] && CWE_CRIT=$((CWE_CRIT + 1))
-      CWE_ID=$(echo "$vid" | sed 's/cwe-/CWE-/')
-      [ "$CWE_COUNT" -le 3 ] && { [ -n "$CWE_IDS" ] && CWE_IDS="$CWE_IDS, $CWE_ID" || CWE_IDS="$CWE_ID"; }
-    done <<< "$(printf '%s' "$CC_RESP" | tr '\\n' ' ' | grep -oE '<rule_id>[^<]+</rule_id>' | sed 's/<[^>]*>//g')"
-    if [ "$CWE_COUNT" -gt 0 ]; then
-      format_cwe_result "$CWE_COUNT" "$CWE_CRIT" "$CWE_IDS" "$CWE_COUNT"
-    else
-      jq -n --arg m "[synkro:\${ROUTE}:cweScan] clean" '{systemMessage: $m}'
-    fi
-  else
-    jq -n --arg m "[synkro:\${ROUTE}:cweScan] clean" '{systemMessage: $m}'
-  fi
-  exit 0
-fi
+export function ruleMode(ruleId: string, rules: Rule[]): 'blocking' | 'audit' {
+  if (!ruleId || !rules.length) return 'blocking';
+  const matched = rules.filter(r => r.rule_id === ruleId);
+  if (matched.some(r => r.mode === 'blocking')) return 'blocking';
+  return (matched[0]?.mode as 'blocking' | 'audit') || 'blocking';
+}
-# \u2500\u2500\u2500 Cloud CWE scan: cosine similarity against full CWE catalog \u2500\u2500\u2500
-BODY=$(jq -n --arg fp "$FILE_PATH" --arg c "$FILE_CONTENT" \\
-  '{file_path:$fp, content:$c}')
+// \u2500\u2500\u2500 Content Reconstruction \u2500\u2500\u2500
-RESP=$(curl -sS -X POST "\${GATEWAY_URL}/api/v1/cwe-scan" \\
-  -H "Content-Type: application/json" -H "Authorization: Bearer $JWT" \\
-  -d "$BODY" --max-time 8 2>/dev/null || echo "")
+export function reconstructContent(toolName: string, toolInput: any, filePath: string): string {
+  switch (toolName) {
+    case 'Write':
+      return toolInput.content || '';
+    case 'Edit': {
+      let content = '';
+      try {
+        if (filePath && existsSync(filePath)) {
+          content = readFileSync(filePath, 'utf-8').slice(0, 65536);
+        }
+      } catch {}
+      const oldStr = toolInput.old_string || '';
+      const newStr = toolInput.new_string || '';
+      if (oldStr && content.includes(oldStr)) {
+        return content.replace(oldStr, newStr);
+      }
+      return content || newStr;
+    }
+    case 'MultiEdit': {
+      let content = '';
+      try {
+        if (filePath && existsSync(filePath)) {
+          content = readFileSync(filePath, 'utf-8').slice(0, 65536);
+        }
+      } catch {}
+      const edits = Array.isArray(toolInput.edits) ? toolInput.edits : [];
+      for (const edit of edits) {
+        if (!edit || typeof edit !== 'object') continue;
+        const old = edit.old_string || '';
+        const nw = edit.new_string || '';
+        if (old && content.includes(old)) {
+          content = content.replace(old, nw);
+        }
+      }
+      return content;
+    }
+    case 'NotebookEdit':
+      return toolInput.new_source || '';
+    default:
+      return '';
+  }
+}
-if [ -z "$RESP" ] || ! echo "$RESP" | jq -e 'type == "object"' >/dev/null 2>&1; then
-  echo '{}'; exit 0
-fi
+// \u2500\u2500\u2500 HTTP with Retry \u2500\u2500\u2500
-CWE_COUNT=$(echo "$RESP" | jq -r '.findings | length' 2>/dev/null || echo "0")
-if [ "$CWE_COUNT" -gt 0 ] 2>/dev/null; then
-  CWE_CRIT=$(echo "$RESP" | jq '[.findings[] | select(.severity == "critical" or .mode == "blocking")] | length' 2>/dev/null || echo "0")
-  CWE_IDS=$(echo "$RESP" | jq -r '[.findings[:3][] | .cwe] | join(", ")' 2>/dev/null || echo "")
-  CWE_TOTAL=$(echo "$RESP" | jq -r '.findings | length' 2>/dev/null || echo "0")
-  format_cwe_result "$CWE_COUNT" "$CWE_CRIT" "$CWE_IDS" "$CWE_TOTAL"
-else
-  jq -n --arg m "[synkro:\${ROUTE}:cweScan] clean" '{systemMessage: $m}'
-fi
-exit 0
-`;
-    CC_TRANSCRIPT_SYNC_SCRIPT = `#!/bin/bash
-SCRIPT_DIR="$(cd "$(dirname "\${BASH_SOURCE[0]}")" && pwd)"
-. "$SCRIPT_DIR/_synkro-common.sh"
+export async function postWithRetry(url: string, body: any, jwt: string, timeout = 8000): Promise<any> {
+  let currentJwt = jwt;
+  let resp: Response;
+  try {
+    resp = await fetch(url, {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json', Authorization: 'Bearer ' + currentJwt },
+      body: JSON.stringify(body),
+      signal: AbortSignal.timeout(timeout),
+    });
+  } catch {
+    return null;
+  }
-JWT=$(synkro_load_jwt)
-if [ -z "$JWT" ]; then echo '{}'; exit 0; fi
+  let data: any;
+  try { data = await resp.json(); } catch { return null; }
-PAYLOAD=$(cat)
-SESSION_ID=$(echo "$PAYLOAD" | jq -r '.session_id // empty' 2>/dev/null)
-TRANSCRIPT_PATH=$(echo "$PAYLOAD" | jq -r '.transcript_path // empty' 2>/dev/null)
-CWD=$(echo "$PAYLOAD" | jq -r '.cwd // empty' 2>/dev/null)
+  // Retry on token expiry
+  if (data?.detail && (data.detail.includes('Token has expired') || data.detail.includes('Invalid or expired token'))) {
+    try {
+      currentJwt = await refreshJwt(currentJwt);
+      const resp2 = await fetch(url, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json', Authorization: 'Bearer ' + currentJwt },
+        body: JSON.stringify(body),
+        signal: AbortSignal.timeout(timeout),
+      });
+      data = await resp2.json();
+    } catch {
+      return null;
+    }
+  }
-if [ -z "$SESSION_ID" ] || [ -z "$TRANSCRIPT_PATH" ] || [ ! -f "$TRANSCRIPT_PATH" ]; then
-  echo '{}'; exit 0
-fi
+  return data;
+}
-# Usage telemetry \u2014 last turn only (metadata, ungated by privacy/consent)
-_LAST_ASST=$(grep '"type":"assistant"' "$TRANSCRIPT_PATH" 2>/dev/null | tail -1)
-if [ -n "$_LAST_ASST" ]; then
-  _CC_MODEL=$(echo "$_LAST_ASST" | jq -r '.message.model // empty' 2>/dev/null)
-  _TI=$(echo "$_LAST_ASST" | jq -r '.message.usage.input_tokens // 0' 2>/dev/null)
-  _TO=$(echo "$_LAST_ASST" | jq -r '.message.usage.output_tokens // 0' 2>/dev/null)
-  _TCW=$(echo "$_LAST_ASST" | jq -r '.message.usage.cache_creation_input_tokens // 0' 2>/dev/null)
-  _TCR=$(echo "$_LAST_ASST" | jq -r '.message.usage.cache_read_input_tokens // 0' 2>/dev/null)
-  if [ "\${_TI:-0}" != "0" ] || [ "\${_TO:-0}" != "0" ]; then
-    (
-      _USAGE="{\\"input_tokens\\":$_TI,\\"output_tokens\\":$_TO,\\"cache_creation_input_tokens\\":$_TCW,\\"cache_read_input_tokens\\":$_TCR}"
-      _BODY=$(jq -n \\
-        --arg event_id "usage_$(date +%s)_$$" \\
-        --arg hook_type "stop" --arg verdict "allow" --arg severity "none" \\
-        --arg model "\${_CC_MODEL:-unknown}" \\
-        --arg cc_model "\${_CC_MODEL:-}" \\
-        --arg session_id "$SESSION_ID" \\
-        --argjson cc_usage "$_USAGE" \\
-        '{capture_type:"usage_tick",event_id:$event_id,hook_type:$hook_type,verdict:$verdict,severity:$severity,model:$model,cc_usage:$cc_usage,session_id:$session_id}
-          + (if $cc_model != "" then {cc_model:$cc_model} else {} end)')
-      curl -sS -X POST "\${GATEWAY_URL}/api/v1/hook/capture" \\
-        -H "Content-Type: application/json" -H "Authorization: Bearer $JWT" \\
-        -d "$_BODY" --max-time 2 >/dev/null 2>&1
-    ) &
-  fi
-fi
+// \u2500\u2500\u2500 Read Stdin \u2500\u2500\u2500
-# Transcript sync below is gated by consent + capture depth
-if [ "\${SYNKRO_TRANSCRIPT_CONSENT:-yes}" = "no" ]; then echo '{}'; exit 0; fi
+export async function readStdin(): Promise<string> {
+  const chunks: Buffer[] = [];
+  for await (const chunk of process.stdin) {
+    chunks.push(Buffer.isBuffer(chunk) ? chunk : Buffer.from(chunk));
+  }
+  return Buffer.concat(chunks).toString('utf-8');
+}
-GIT_REPO=$(synkro_detect_repo "\${CWD:-.}")
-if [ -z "$GIT_REPO" ]; then echo '{}'; exit 0; fi
+// \u2500\u2500\u2500 Transcript Extraction \u2500\u2500\u2500
-# Check capture depth \u2014 skip in local_only
-CONFIG_RESP=$(curl -sS "\${GATEWAY_URL}/api/v1/hook/config" -H "Authorization: Bearer $JWT" --max-time 3 2>/dev/null || echo "")
-CAPTURE_DEPTH=$(echo "$CONFIG_RESP" | jq -r '.capture_depth // "local_only"' 2>/dev/null)
-if [ "$CAPTURE_DEPTH" = "local_only" ]; then echo '{}'; exit 0; fi
+export interface TranscriptContext {
+  userIntent: string;
+  recentUserMessages: string[];
+  recentMessages: Array<{ type: string; text: string }>;
+  recentActions: Array<{ tool: string; input: string }>;
+  sessionSummary: string;
+  ccModel: string;
+  ccUsage: Record<string, any>;
+}
-OFFSET_DIR="$HOME/.synkro/.transcript-offsets"
-mkdir -p "$OFFSET_DIR" 2>/dev/null || true
-OFFSET_FILE="$OFFSET_DIR/$SESSION_ID"
-OFFSET=0
-[ -f "$OFFSET_FILE" ] && OFFSET=$(cat "$OFFSET_FILE" 2>/dev/null || echo "0")
+export function extractTranscript(transcriptPath: string | undefined): TranscriptContext {
+  const ctx: TranscriptContext = {
+    userIntent: '',
+    recentUserMessages: [],
+    recentMessages: [],
+    recentActions: [],
+    sessionSummary: '',
+    ccModel: '',
+    ccUsage: {},
+  };
-TOTAL_LINES=$(wc -l < "$TRANSCRIPT_PATH" 2>/dev/null | tr -d ' ')
-if [ -z "$TOTAL_LINES" ] || [ "$TOTAL_LINES" -le "$OFFSET" ] 2>/dev/null; then echo '{}'; exit 0; fi
+  if (!transcriptPath || !existsSync(transcriptPath)) return ctx;
-DELTA=$((TOTAL_LINES - OFFSET))
-START_LINE=$((OFFSET + 1))
-[ "$DELTA" -gt 200 ] && START_LINE=$((TOTAL_LINES - 199))
+  try {
+    const raw = readFileSync(transcriptPath, 'utf-8');
+    const lines = raw.split('\\n').filter(l => l.trim());
+    // Take the last 400 lines
+    const tail = lines.slice(-400);
+    const parsed: any[] = [];
+    for (const line of tail) {
+      try { parsed.push(JSON.parse(line)); } catch {}
+    }
-MESSAGES=$(tail -n +"$START_LINE" "$TRANSCRIPT_PATH" 2>/dev/null | jq -c --argjson base_idx "$((START_LINE - 1))" '
-  . as $line |
-  if ($line.type == "user" or $line.type == "assistant") then
-    {
-      message_index: (input_line_number + $base_idx),
-      type: $line.type,
-      content: (if $line.type == "user" then ($line.message.content | if type == "string" then .[0:8000] else ([.[]? | if type == "string" then . elif (type == "object" and .type == "text") then (.text // "") else "" end] | join(" ") | .[0:8000]) end) else ([$line.message.content[]? | select(type == "object" and .type == "text") | .text // ""] | join(" ") | .[0:8000]) end),
-      tool_calls: (if $line.type == "assistant" then [$line.message.content[]? | select(.type == "tool_use") | {name, input: (.input | tostring | .[0:500]), id}] else null end | if . == null or length == 0 then null else . end),
-      model: ($line.message.model // null),
-      usage: (if $line.type == "assistant" and $line.message.usage then {input_tokens: $line.message.usage.input_tokens, output_tokens: $line.message.usage.output_tokens, cache_creation_input_tokens: $line.message.usage.cache_creation_input_tokens, cache_read_input_tokens: $line.message.usage.cache_read_input_tokens} else null end)
-    }
-  else empty end
-' 2>/dev/null | jq -s '.' 2>/dev/null)
-if [ -z "$MESSAGES" ] || [ "$MESSAGES" = "[]" ] || [ "$MESSAGES" = "null" ]; then
-  printf '%s' "$TOTAL_LINES" > "$OFFSET_FILE" 2>/dev/null || true
-  echo '{}'; exit 0
-fi
+    // Recent user messages (last 5)
+    const userMsgs: string[] = [];
+    for (const entry of parsed) {
+      if (entry.type !== 'user') continue;
+      const content = entry.message?.content;
+      let text = '';
+      if (typeof content === 'string') text = content;
+      else if (Array.isArray(content)) text = content.map((c: any) => c.text || '').join(' ');
+      if (text) userMsgs.push(text);
+    }
+    ctx.recentUserMessages = userMsgs.slice(-5);
+    ctx.userIntent = ctx.recentUserMessages[ctx.recentUserMessages.length - 1] || '';
+    // Recent messages (last 10, user + assistant)
+    const msgs: Array<{ type: string; text: string }> = [];
+    for (const entry of parsed) {
+      if (entry.type !== 'user' && entry.type !== 'assistant') continue;
+      const content = entry.message?.content;
+      let text = '';
+      if (typeof content === 'string') text = content.slice(0, 500);
+      else if (Array.isArray(content)) text = content.map((c: any) => (c.text || '').slice(0, 300)).join(' ');
+      msgs.push({ type: entry.type, text });
+    }
+    ctx.recentMessages = msgs.slice(-10);
+    // Recent tool calls (last 5)
+    const actions: Array<{ tool: string; input: string }> = [];
+    for (const entry of parsed) {
+      if (entry.type !== 'assistant') continue;
+      const content = entry.message?.content;
+      if (!Array.isArray(content)) continue;
+      for (const block of content) {
+        if (block.type !== 'tool_use') continue;
+        actions.push({
+          tool: block.name || '',
+          input: JSON.stringify(block.input || {}).slice(0, 200),
+        });
+      }
+    }
+    ctx.recentActions = actions.slice(-5);
+    // Session summary
+    for (const entry of parsed) {
+      if (entry.type === 'summary' && entry.summary) {
+        ctx.sessionSummary = entry.summary;
+      }
+    }
+    // CC model
+    const assistantEntries = parsed.filter(e => e.type === 'assistant');
+    if (assistantEntries.length > 0) {
+      const last = assistantEntries[assistantEntries.length - 1];
+      ctx.ccModel = last.message?.model || '';
+      const usage = last.message?.usage;
+      if (usage) {
+        ctx.ccUsage = {
+          input_tokens: usage.input_tokens,
+          output_tokens: usage.output_tokens,
+          cache_creation_input_tokens: usage.cache_creation_input_tokens,
+          cache_read_input_tokens: usage.cache_read_input_tokens,
+        };
+      }
+    }
+  } catch {}
+  return ctx;
+}
+// \u2500\u2500\u2500 Last Prompt \u2500\u2500\u2500
+export function readLastPrompt(): string {
+  try {
+    if (!existsSync(LAST_PROMPT_FILE)) return '';
+    return readFileSync(LAST_PROMPT_FILE, 'utf-8').trim();
+  } catch {
+    return '';
+  }
+}
+// \u2500\u2500\u2500 Find Nearest Package Dependencies \u2500\u2500\u2500
+export function findNearestDeps(filePath: string): Record<string, string> {
+  let dir = dirname(filePath);
+  while (dir !== '/' && dir !== '.') {
+    const pkg = join(dir, 'package.json');
+    if (existsSync(pkg)) {
+      try {
+        const data = JSON.parse(readFileSync(pkg, 'utf-8'));
+        return { ...(data.dependencies || {}), ...(data.devDependencies || {}) };
+      } catch {}
+    }
+    const parent = dirname(dir);
+    if (parent === dir) break;
+    dir = parent;
+  }
+  return {};
+}
+// \u2500\u2500\u2500 Consent Tracking \u2500\u2500\u2500
+const CONSENT_FILE = join(HOME, '.synkro', '.local-consent');
+export function consentGrant(sessionId: string, hash: string): void {
+  try {
+    const dir = dirname(CONSENT_FILE);
+    if (!existsSync(dir)) mkdirSync(dir, { recursive: true });
+    const line = sessionId + '\\t' + hash + '\\tactive\\n';
+    const { appendFileSync } = require('node:fs');
+    appendFileSync(CONSENT_FILE, line, 'utf-8');
+  } catch {}
+}
+export function consentHasActive(sessionId: string, hash: string): boolean {
+  try {
+    if (!existsSync(CONSENT_FILE)) return false;
+    const content = readFileSync(CONSENT_FILE, 'utf-8');
+    return content.includes(sessionId + '\\t' + hash + '\\tactive');
+  } catch {
+    return false;
+  }
+}
+export function consentConsume(sessionId: string, hash: string): void {
+  try {
+    if (!existsSync(CONSENT_FILE)) return;
+    const content = readFileSync(CONSENT_FILE, 'utf-8');
+    const target = sessionId + '\\t' + hash + '\\tactive';
+    const replacement = sessionId + '\\t' + hash + '\\tconsumed';
+    const updated = content.split('\\n').map(l => l === target ? replacement : l).join('\\n');
+    writeFileSync(CONSENT_FILE, updated, 'utf-8');
+  } catch {}
+}
+// \u2500\u2500\u2500 Crypto Hash \u2500\u2500\u2500
+export function hashCommand(cmd: string): string {
+  const { createHash } = require('node:crypto');
+  return createHash('sha256').update(cmd).digest('hex').slice(0, 16);
+}
+// \u2500\u2500\u2500 Transcript Usage Aggregation \u2500\u2500\u2500
+export function aggregateUsage(transcriptPath: string): { model: string; totals: Record<string, number> } {
+  const result = { model: '', totals: { in: 0, out: 0, cw: 0, cr: 0 } };
+  if (!transcriptPath || !existsSync(transcriptPath)) return result;
+  try {
+    const raw = readFileSync(transcriptPath, 'utf-8');
+    const lines = raw.split('\\n').filter(l => l.trim());
+    for (const line of lines) {
+      try {
+        const entry = JSON.parse(line);
+        if (entry.type !== 'assistant') continue;
+        result.model = entry.message?.model || result.model;
+        const u = entry.message?.usage;
+        if (u) {
+          result.totals.in += u.input_tokens || 0;
+          result.totals.out += u.output_tokens || 0;
+          result.totals.cw += u.cache_creation_input_tokens || 0;
+          result.totals.cr += u.cache_read_input_tokens || 0;
+        }
+      } catch {}
+    }
+  } catch {}
+  return result;
+}
+// \u2500\u2500\u2500 Output Helpers \u2500\u2500\u2500
+export function outputJson(obj: any): void {
+  console.log(JSON.stringify(obj));
+}
+export function outputEmpty(): void {
+  console.log('{}');
+}
+`;
+    EDIT_PRECHECK_TS = `#!/usr/bin/env bun
+import {
+  loadJwt, ensureFreshJwt, detectRepo, loadConfig, route, tag, localGrade,
+  parseVerdict, dispatchCapture, ruleMode, reconstructContent, postWithRetry,
+  readStdin, extractTranscript, readLastPrompt, findNearestDeps, log,
+  outputJson, outputEmpty, GATEWAY_URL,
+  type HookConfig, type Rule,
+} from './_synkro-common.ts';
+import { existsSync, readFileSync } from 'node:fs';
+import { basename, dirname, join } from 'node:path';
+async function main() {
+  try {
+    const input = await readStdin();
+    if (!input.trim()) { outputEmpty(); return; }
+    const payload = JSON.parse(input);
+    const toolName = payload.tool_name || '';
+    if (!['Edit', 'Write', 'MultiEdit', 'NotebookEdit'].includes(toolName)) {
+      outputEmpty();
+      return;
+    }
+    const toolInput = payload.tool_input || {};
+    const sessionId = payload.session_id || '';
+    const toolUseId = payload.tool_use_id || '';
+    const cwd = payload.cwd || '';
+    const permissionMode = payload.permission_mode || '';
+    const transcriptPath = payload.transcript_path || '';
+    const filePath = toolInput.file_path || toolInput.notebook_path || toolInput.path || '';
+    if (!filePath) { outputEmpty(); return; }
+    const fileShort = basename(filePath);
+    log('editGuard checking: ' + fileShort);
+    const gitRepo = detectRepo(cwd || '.');
+    let jwt = loadJwt();
+    if (!jwt) { outputEmpty(); return; }
+    jwt = await ensureFreshJwt(jwt);
+    // Reconstruct proposed content
+    const proposed = reconstructContent(toolName, toolInput, filePath);
+    if (!proposed) { outputEmpty(); return; }
+    // Build diff field
+    let diffField: any = null;
+    if (toolInput.old_string != null || toolInput.new_string != null || toolInput.edits != null) {
+      diffField = {};
+      if (toolInput.old_string != null) diffField.old_string = toolInput.old_string;
+      if (toolInput.new_string != null) diffField.new_string = toolInput.new_string;
+      if (toolInput.edits != null) diffField.edits = toolInput.edits;
+    }
+    // Read file before edit for cloud payload
+    let fileBefore = '';
+    if (toolName !== 'Write' && filePath && existsSync(filePath)) {
+      try { fileBefore = readFileSync(filePath, 'utf-8').slice(0, 65536); } catch {}
+    }
+    // Extract transcript context
+    const transcript = extractTranscript(transcriptPath);
+    const lastPrompt = readLastPrompt();
+    // Load config and decide route
+    const config = await loadConfig(jwt);
+    const rt = await route(config);
+    const tagStr = tag(rt, config);
+    if (config.silent) {
+      outputJson({ systemMessage: tagStr + ' editGuard \\u2192 skipped (silent mode)' });
+      return;
+    }
+    if (rt === 'local') {
+      // \u2500\u2500\u2500 Local grading: org rules ONLY (channel 1, port 8929) \u2500\u2500\u2500
+      const proposedShort = proposed.slice(0, 4000);
+      const graderPrompt = [
+        'Working directory: ' + (cwd || '.'),
+        'Repo: ' + (gitRepo || 'unknown'),
+        'File: ' + filePath,
+        'Proposed content (first 4000 chars):',
+        proposedShort,
+        'User intent (last human message): ' + (transcript.userIntent || 'none stated'),
+        'Last user prompt: ' + (lastPrompt || 'none'),
+        'Org rules: ' + JSON.stringify(config.rules),
+      ].join('\\n');
+      let gradeResp: string;
+      try {
+        gradeResp = await localGrade('edit', graderPrompt);
+      } catch {
+        outputEmpty();
+        return;
+      }
+      const verdict = parseVerdict(gradeResp);
+      const editContent = 'file=' + filePath + ' content=' + proposed.slice(0, 2000);
+      const violatedRules = verdict.ruleId ? [verdict.ruleId] : [];
+      if (!verdict.ok) {
+        const mode = verdict.ruleMode || ruleMode(verdict.ruleId, config.rules);
+        const guardReason = (verdict.ruleId ? '(' + verdict.ruleId + ') ' : '') + (verdict.reason || 'policy violation');
+        if (mode !== 'audit') {
+          const denyReason = 'Guard: ' + guardReason + '\\nFix all issues before retrying.';
+          dispatchCapture(jwt, 'edit', 'block', verdict.severity || 'critical', verdict.category || 'security',
+            toolName, gitRepo, sessionId, config.captureDepth, {
+              command: editContent, reasoning: guardReason,
+              rulesChecked: config.rules, violatedRules,
+              ccModel: transcript.ccModel,
+            });
+          outputJson({
+            systemMessage: tagStr + ' editGuard ' + fileShort + ' \\u2192 blocked: ' + guardReason,
+            hookSpecificOutput: { hookEventName: 'PreToolUse', additionalContext: denyReason },
+          });
+          return;
+        }
+        // Audit mode \u2014 warn but allow
+        dispatchCapture(jwt, 'edit', 'warning', verdict.severity || 'medium', verdict.category || 'security',
+          toolName, gitRepo, sessionId, config.captureDepth, {
+            command: editContent, reasoning: guardReason,
+            rulesChecked: config.rules, violatedRules,
+            ccModel: transcript.ccModel,
+          });
+        outputJson({ systemMessage: tagStr + ' editGuard ' + fileShort + ' \\u2192 warning: ' + guardReason });
+        return;
+      }
+      // Clean
+      dispatchCapture(jwt, 'edit', 'pass', 'audit', verdict.category || 'trivial_edit',
+        toolName, gitRepo, sessionId, config.captureDepth, {
+          command: editContent, reasoning: verdict.reason || 'no policy violations detected',
+          rulesChecked: config.rules, violatedRules: [],
+          ccModel: transcript.ccModel,
+        });
+      outputJson({ systemMessage: tagStr + ' editGuard ' + fileShort + ' \\u2192 pass: ' + (verdict.reason || 'no policy violations detected') });
+      return;
+    }
+    // \u2500\u2500\u2500 Cloud grading \u2500\u2500\u2500
+    const deps = findNearestDeps(filePath);
+    const isHeadless = ['acceptEdits', 'bypassPermissions', 'plan', 'auto'].includes(permissionMode)
+      || process.env.SYNKRO_HEADLESS === '1';
+    const body = {
+      hook_event: 'PreToolUse',
+      tool_name: toolName,
+      tool_input: toolInput,
+      file_path: filePath,
+      content: proposed,
+      file_before: fileBefore || null,
+      diff: diffField,
+      dependencies: deps,
+      user_intent: transcript.userIntent || null,
+      last_user_message: lastPrompt || null,
+      recent_user_messages: transcript.recentUserMessages,
+      recent_messages: transcript.recentMessages,
+      recent_actions: transcript.recentActions,
+      session_id: sessionId || null,
+      tool_use_id: toolUseId || null,
+      cwd: cwd || null,
+      repo: gitRepo || null,
+      permission_mode: permissionMode || null,
+      headless: isHeadless,
+    };
+    const resp = await postWithRetry(GATEWAY_URL + '/api/v1/hook/judge', body, jwt, 8000);
+    if (!resp) {
+      log('editGuard ' + fileShort + ' \\u2192 error (timeout)');
+      outputEmpty();
+      return;
+    }
+    if (!resp.hook_response || typeof resp.hook_response !== 'object') {
+      log('editGuard ' + fileShort + ' \\u2192 pass (no hook_response)');
+      outputEmpty();
+      return;
+    }
+    const hookResp = resp.hook_response;
+    const decision = hookResp?.hookSpecificOutput?.permissionDecision;
+    if (decision === 'deny' || decision === 'ask') {
+      log('editGuard ' + fileShort + ' \\u2192 BLOCKED');
+      // Strip permissionDecision \u2014 we use systemMessage only
+      const cleaned = { ...hookResp };
+      if (cleaned.hookSpecificOutput) {
+        cleaned.hookSpecificOutput = { ...cleaned.hookSpecificOutput };
+        delete cleaned.hookSpecificOutput.permissionDecision;
+        delete cleaned.hookSpecificOutput.permissionDecisionReason;
+      }
+      outputJson(cleaned);
+    } else {
+      const reason = hookResp.reason || '';
+      log('editGuard ' + fileShort + ' \\u2192 pass' + (reason ? ': ' + reason : ''));
+      outputJson(hookResp);
+    }
+  } catch (err) {
+    process.stderr.write('[synkro] editGuard error: ' + String(err) + '\\n');
+    outputEmpty();
+  }
+}
+main();
+`;
+    CWE_PRECHECK_TS = `#!/usr/bin/env bun
+import {
+  loadJwt, ensureFreshJwt, detectRepo, loadConfig, cweRoute, tag,
+  localGradeCwe, parseVerdict, reconstructContent, readStdin, log,
+  outputJson, outputEmpty, GATEWAY_URL,
+} from './_synkro-common.ts';
+import { basename, extname } from 'node:path';
+async function main() {
+  try {
+    const input = await readStdin();
+    if (!input.trim()) { outputEmpty(); return; }
+    const payload = JSON.parse(input);
+    const toolName = payload.tool_name || '';
+    if (!['Edit', 'Write', 'MultiEdit', 'NotebookEdit'].includes(toolName)) {
+      outputEmpty();
+      return;
+    }
+    const toolInput = payload.tool_input || {};
+    const sessionId = payload.session_id || '';
+    const cwd = payload.cwd || '';
+    const gitRepo = detectRepo(cwd || '.');
+    const filePath = toolInput.file_path || toolInput.notebook_path || toolInput.path || '';
+    if (!filePath) { outputEmpty(); return; }
+    const fileShort = basename(filePath);
+    const fileExt = extname(filePath); // e.g. ".ts"
+    let jwt = loadJwt();
+    if (!jwt) { outputEmpty(); return; }
+    jwt = await ensureFreshJwt(jwt);
+    // Reconstruct proposed content
+    const proposed = reconstructContent(toolName, toolInput, filePath);
+    if (!proposed) { outputEmpty(); return; }
+    const config = await loadConfig(jwt);
+    const rt = await cweRoute(config);
+    if (config.silent) {
+      outputJson({ systemMessage: '[synkro:' + rt + ':cweScan] ' + fileShort + ' \\u2192 skipped (silent mode)' });
+      return;
+    }
+    const cweTag = '[synkro:' + rt + ':cweScan]';
+    if (rt === 'local') {
+      // \u2500\u2500\u2500 Local CWE grading on channel 2 (port 8930) \u2500\u2500\u2500
+      let cweRules: any[] = [];
+      try {
+        const resp = await fetch(GATEWAY_URL + '/api/v1/cwe-rules?ext=' + encodeURIComponent(fileExt), {
+          headers: { Authorization: 'Bearer ' + jwt },
+          signal: AbortSignal.timeout(4000),
+        });
+        const data = await resp.json() as any;
+        cweRules = data.rules || [];
+      } catch {}
+      if (cweRules.length === 0) {
+        outputJson({ systemMessage: cweTag + ' ' + fileShort + ' \\u2192 clean (no CWE rules for ' + fileExt + ')' });
+        return;
+      }
+      const proposedShort = proposed.slice(0, 4000);
+      const graderPrompt = [
+        'File: ' + filePath,
+        'Content (first 4000 chars):',
+        proposedShort,
+        '',
+        'CWE rules to check against:',
+        JSON.stringify(cweRules),
+      ].join('\\n');
+      let gradeResp: string;
+      try {
+        gradeResp = await localGradeCwe(graderPrompt);
+      } catch {
+        outputJson({ systemMessage: cweTag + ' ' + fileShort + ' \\u2192 grader unavailable, skipped' });
+        return;
+      }
+      const verdict = parseVerdict(gradeResp);
+      if (!verdict.ok) {
+        // Extract all CWE rule_ids from the raw response
+        const ruleIdMatches = gradeResp.match(/<rule_id>([^<]+)<\\/rule_id>/g) || [];
+        const cweIds: string[] = [];
+        for (const match of ruleIdMatches.slice(0, 5)) {
+          const id = match.replace(/<\\/?rule_id>/g, '').trim().replace(/^cwe-/, 'CWE-');
+          if (id && !cweIds.includes(id)) cweIds.push(id);
+        }
+        const displayIds = cweIds.slice(0, 3).join(', ');
+        const count = cweIds.length;
+        const label = count === 1 ? 'match' : 'matches';
+        const cweMsg = cweTag + ' ' + fileShort + ' \\u2192 ' + count + ' CWE ' + label + ' (' + displayIds + ')';
+        const denyDetail = '[' + displayIds + '] ' + (verdict.reason || 'code weakness detected');
+        const ctx = 'CWE: ' + denyDetail + '\\nFix all issues before retrying.';
+        outputJson({
+          systemMessage: cweMsg,
+          hookSpecificOutput: { hookEventName: 'PreToolUse', additionalContext: ctx },
+        });
+        return;
+      }
+      outputJson({ systemMessage: cweTag + ' ' + fileShort + ' \\u2192 clean' });
+      return;
+    }
+    // \u2500\u2500\u2500 Cloud CWE grading (handled by server) \u2500\u2500\u2500
+    // Cloud edit precheck already includes CWE \u2014 this hook is a no-op for cloud.
+    outputEmpty();
+  } catch (err) {
+    process.stderr.write('[synkro] cweGuard error: ' + String(err) + '\\n');
+    outputEmpty();
+  }
+}
+main();
+`;
+    CVE_PRECHECK_TS = `#!/usr/bin/env bun
+import {
+  loadJwt, ensureFreshJwt, detectRepo, loadConfig, route, tag,
+  reconstructContent, readStdin, findNearestDeps, log,
+  outputJson, outputEmpty, GATEWAY_URL,
+} from './_synkro-common.ts';
+import { basename } from 'node:path';
+const MANIFEST_NAMES = new Set([
+  'package.json', 'requirements.txt', 'requirements-dev.txt', 'requirements-test.txt',
+  'Pipfile', 'go.mod', 'go.sum', 'Gemfile', 'pom.xml', 'Cargo.toml', 'composer.json', 'pyproject.toml',
+]);
+function isManifest(filename: string): boolean {
+  if (MANIFEST_NAMES.has(filename)) return true;
+  if (filename.startsWith('requirements') && filename.endsWith('.txt')) return true;
+  if (filename.startsWith('build.gradle')) return true;
+  if (filename.endsWith('.cabal')) return true;
+  return false;
+}
+async function main() {
+  try {
+    const input = await readStdin();
+    if (!input.trim()) { outputEmpty(); return; }
+    const payload = JSON.parse(input);
+    const toolName = payload.tool_name || '';
+    if (!['Edit', 'Write', 'MultiEdit', 'NotebookEdit'].includes(toolName)) {
+      outputEmpty();
+      return;
+    }
+    const toolInput = payload.tool_input || {};
+    const cwd = payload.cwd || '';
+    const filePath = toolInput.file_path || toolInput.notebook_path || toolInput.path || '';
+    if (!filePath) { outputEmpty(); return; }
+    const fileShort = basename(filePath);
+    let jwt = loadJwt();
+    if (!jwt) { outputEmpty(); return; }
+    jwt = await ensureFreshJwt(jwt);
+    const config = await loadConfig(jwt);
+    const rt = await route(config);
+    if (config.silent) {
+      outputJson({ systemMessage: '[synkro:' + rt + ':cveScan] ' + fileShort + ' \\u2192 skipped (silent mode)' });
+      return;
+    }
+    const cveTag = '[synkro:' + rt + ':cveScan]';
+    // Reconstruct proposed content
+    const proposed = reconstructContent(toolName, toolInput, filePath);
+    if (!proposed) {
+      outputJson({ systemMessage: cveTag + ' ' + fileShort + ' \\u2192 skip (no content)' });
+      return;
+    }
+    const proposedShort = proposed.slice(0, 4000);
+    // For code files, find nearest package.json and extract deps
+    let deps: Record<string, string> = {};
+    if (!isManifest(fileShort)) {
+      deps = findNearestDeps(filePath);
+    }
+    // CVE scan via OSV API
+    const cveBody = {
+      file_path: filePath,
+      content: proposedShort,
+      dependencies: deps,
+    };
+    let cveResp: any;
+    try {
+      const resp = await fetch(GATEWAY_URL + '/api/v1/cve-scan', {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json', Authorization: 'Bearer ' + jwt },
+        body: JSON.stringify(cveBody),
+        signal: AbortSignal.timeout(8000),
+      });
+      cveResp = await resp.json();
+    } catch {
+      outputJson({ systemMessage: cveTag + ' ' + fileShort + ' \\u2192 error (timeout)' });
+      return;
+    }
+    const findings = Array.isArray(cveResp?.findings) ? cveResp.findings : [];
+    if (findings.length > 0) {
+      const top3 = findings.slice(0, 3).map((f: any) => {
+        const id = f.cve || f.id || '?';
+        const pkg = f.package || '?';
+        const ver = f.version || '?';
+        const title = f.title || f.summary || 'vulnerable';
+        return '[' + id + '] ' + pkg + '@' + ver + ': ' + title;
+      }).join('; ');
+      const count = findings.length;
+      const label = count === 1 ? 'advisory' : 'advisories';
+      const cveMsg = cveTag + ' ' + fileShort + ' \\u2192 ' + count + ' ' + label;
+      const ctx = 'CVE: ' + top3 + '\\nFix all issues before retrying.';
+      outputJson({
+        systemMessage: cveMsg,
+        hookSpecificOutput: { hookEventName: 'PreToolUse', additionalContext: ctx },
+      });
+      return;
+    }
+    outputJson({ systemMessage: cveTag + ' ' + fileShort + ' \\u2192 clean' });
+  } catch (err) {
+    process.stderr.write('[synkro] cveGuard error: ' + String(err) + '\\n');
+    outputEmpty();
+  }
+}
+main();
+`;
+    BASH_JUDGE_TS = `#!/usr/bin/env bun
+import {
+  loadJwt, ensureFreshJwt, detectRepo, loadConfig, route, tag, localGrade,
+  parseVerdict, dispatchCapture, ruleMode, postWithRetry, readStdin,
+  extractTranscript, readLastPrompt, log,
+  outputJson, outputEmpty, GATEWAY_URL,
+  type HookConfig, type Rule,
+} from './_synkro-common.ts';
+async function main() {
+  try {
+    const input = await readStdin();
+    if (!input.trim()) { outputEmpty(); return; }
+    const payload = JSON.parse(input);
+    const toolName = payload.tool_name || '';
+    if (!['Bash', 'Read', 'Grep', 'Glob'].includes(toolName)) {
+      outputEmpty();
+      return;
+    }
+    const toolInput = payload.tool_input || {};
+    const sessionId = payload.session_id || '';
+    const toolUseId = payload.tool_use_id || '';
+    const cwd = payload.cwd || '';
+    const permissionMode = payload.permission_mode || '';
+    const transcriptPath = payload.transcript_path || '';
+    const gitRepo = detectRepo(cwd || '.');
+    let command = '';
+    switch (toolName) {
+      case 'Bash': command = toolInput.command || ''; break;
+      case 'Read': command = 'cat ' + (toolInput.file_path || ''); break;
+      case 'Grep': command = "grep -r '" + (toolInput.pattern || '') + "' " + (toolInput.path || '.'); break;
+      case 'Glob': command = "find . -name '" + (toolInput.pattern || '') + "'"; break;
+    }
+    if (!command) { outputEmpty(); return; }
+    const cmdShort = command.slice(0, 80);
+    log('bashGuard checking: ' + cmdShort);
+    let jwt = loadJwt();
+    if (!jwt) { outputEmpty(); return; }
+    jwt = await ensureFreshJwt(jwt);
+    const transcript = extractTranscript(transcriptPath);
+    const lastPrompt = readLastPrompt();
+    const config = await loadConfig(jwt);
+    const rt = await route(config);
+    const tagStr = tag(rt, config);
+    if (config.silent) {
+      outputJson({ systemMessage: tagStr + ' bashGuard \\u2192 skipped (silent mode)' });
+      return;
+    }
+    if (rt === 'local') {
+      const graderPrompt = [
+        'Working directory: ' + (cwd || '.'),
+        'Repo: ' + (gitRepo || 'unknown'),
+        'Command: ' + command,
+        'User intent (last human message): ' + (transcript.userIntent || 'none stated'),
+        'Last user prompt: ' + (lastPrompt || 'none'),
+        'Org rules: ' + JSON.stringify(config.rules),
+      ].join('\\n');
+      let gradeResp: string;
+      try {
+        gradeResp = await localGrade('bash', graderPrompt);
+      } catch {
+        outputEmpty();
+        return;
+      }
+      const verdict = parseVerdict(gradeResp);
+      const violatedRules = verdict.ruleId ? [verdict.ruleId] : [];
+      if (!verdict.ok) {
+        const mode = verdict.ruleMode || ruleMode(verdict.ruleId, config.rules);
+        const guardReason = (verdict.ruleId ? '(' + verdict.ruleId + ') ' : '') + (verdict.reason || 'policy violation');
+        if (mode === 'audit') {
+          const reason = tagStr + ' bashGuard \\u2192 warning' + (verdict.ruleId ? ' (' + verdict.ruleId + ')' : '') + ': ' + (verdict.reason || 'policy violation');
+          outputJson({ systemMessage: reason });
+          dispatchCapture(jwt, 'bash', 'warning', verdict.severity || 'medium', verdict.category || 'security',
+            toolName, gitRepo, sessionId, config.captureDepth, {
+              command, reasoning: guardReason, rulesChecked: config.rules, violatedRules,
+              recentUserMessages: transcript.recentUserMessages, ccModel: transcript.ccModel,
+            });
+        } else {
+          const reason = tagStr + ' bashGuard \\u2192 blocked' + (verdict.ruleId ? ' (' + verdict.ruleId + ')' : '') + ': ' + (verdict.reason || 'policy violation') + '. Ask the user for explicit consent before retrying.';
+          outputJson({
+            systemMessage: reason,
+            hookSpecificOutput: { hookEventName: 'PreToolUse', permissionDecision: 'deny', permissionDecisionReason: reason, additionalContext: reason },
+          });
+          dispatchCapture(jwt, 'bash', 'block', verdict.severity || 'critical', verdict.category || 'security',
+            toolName, gitRepo, sessionId, config.captureDepth, {
+              command, reasoning: guardReason, rulesChecked: config.rules, violatedRules,
+              recentUserMessages: transcript.recentUserMessages, ccModel: transcript.ccModel,
+            });
+        }
+      } else {
+        outputJson({ systemMessage: tagStr + ' bashGuard \\u2192 pass: ' + (verdict.reason || 'no policy violations detected') });
+        dispatchCapture(jwt, 'bash', 'pass', 'audit', verdict.category || 'trivial_utility',
+          toolName, gitRepo, sessionId, config.captureDepth, {
+            command, reasoning: verdict.reason || 'no policy violations detected',
+            rulesChecked: config.rules, violatedRules: [],
+            recentUserMessages: transcript.recentUserMessages, ccModel: transcript.ccModel,
+          });
+      }
+      return;
+    }
+    // \u2500\u2500\u2500 Cloud grading \u2500\u2500\u2500
+    const isHeadless = ['acceptEdits', 'bypassPermissions', 'plan', 'auto'].includes(permissionMode)
+      || process.env.SYNKRO_HEADLESS === '1';
+    const body: Record<string, any> = {
+      hook_event: 'PreToolUse',
+      tool_name: toolName,
+      tool_input: toolInput,
+      user_intent: transcript.userIntent || null,
+      last_user_message: lastPrompt || null,
+      recent_user_messages: transcript.recentUserMessages,
+      recent_messages: transcript.recentMessages,
+      recent_actions: transcript.recentActions,
+      session_id: sessionId || null,
+      tool_use_id: toolUseId || null,
+      cwd: cwd || null,
+      repo: gitRepo || null,
+      permission_mode: permissionMode || null,
+      headless: isHeadless,
+      cc_model: transcript.ccModel || null,
+      cc_usage: transcript.ccUsage || {},
+      session_summary: transcript.sessionSummary || null,
+    };
+    const resp = await postWithRetry(GATEWAY_URL + '/api/v1/hook/judge', body, jwt, 8000);
+    if (!resp) {
+      log('bashGuard ' + cmdShort + ' \\u2192 error (timeout)');
+      outputEmpty();
+      return;
+    }
+    if (!resp.hook_response || typeof resp.hook_response !== 'object') {
+      log('bashGuard ' + cmdShort + ' \\u2192 pass (no hook_response)');
+      outputEmpty();
+      return;
+    }
+    outputJson(resp.hook_response);
+  } catch (err) {
+    process.stderr.write('[synkro] bashGuard error: ' + String(err) + '\\n');
+    outputEmpty();
+  }
+}
+main();
+`;
+    PLAN_JUDGE_TS = `#!/usr/bin/env bun
+import {
+  loadJwt, ensureFreshJwt, detectRepo, loadConfig, route, tag, localGrade,
+  parseVerdict, dispatchCapture, postWithRetry, readStdin, log,
+  outputJson, outputEmpty, GATEWAY_URL,
+} from './_synkro-common.ts';
+import { existsSync, readFileSync, writeFileSync, readdirSync, statSync } from 'node:fs';
+import { join } from 'node:path';
+import { homedir } from 'node:os';
+function findLatestPlan(): string | null {
+  const plansDir = join(homedir(), '.claude', 'plans');
+  if (!existsSync(plansDir)) return null;
+  try {
+    const files = readdirSync(plansDir)
+      .filter(f => f.endsWith('.md'))
+      .map(f => ({ name: f, mtime: statSync(join(plansDir, f)).mtimeMs }))
+      .sort((a, b) => b.mtime - a.mtime);
+    return files.length > 0 ? join(plansDir, files[0].name) : null;
+  } catch {
+    return null;
+  }
+}
+function appendReviewToPlan(planFile: string, verdict: string): void {
+  try {
+    let content = readFileSync(planFile, 'utf-8');
+    content = content.replace(/<!-- synkro-plan-review -->[\\s\\S]*?<!-- \\/synkro-plan-review -->/g, '').trimEnd();
+    const now = new Date().toISOString().replace('T', ' ').slice(0, 16);
+    content += '\\n\\n<!-- synkro-plan-review -->\\n\\n---\\n\\n**Synkro Plan Review** \\u2014 ' + now + '\\n\\n' + verdict + '\\n\\n<!-- /synkro-plan-review -->\\n';
+    writeFileSync(planFile, content, 'utf-8');
+  } catch {}
+}
+async function main() {
+  try {
+    const input = await readStdin();
+    if (!input.trim()) { outputEmpty(); return; }
+    const payload = JSON.parse(input);
+    const toolName = payload.tool_name || '';
+    if (toolName !== 'ExitPlanMode') { outputEmpty(); return; }
+    const planFile = findLatestPlan();
+    if (!planFile) { outputEmpty(); return; }
+    const plan = readFileSync(planFile, 'utf-8');
+    if (plan.length < 20) { outputEmpty(); return; }
+    const sessionId = payload.session_id || '';
+    const cwd = payload.cwd || '';
+    const gitRepo = detectRepo(cwd || '.');
+    const planShort = plan.slice(0, 80);
+    log('planReview checking: ' + planShort + '...');
+    let jwt = loadJwt();
+    if (!jwt) { outputEmpty(); return; }
+    jwt = await ensureFreshJwt(jwt);
+    const config = await loadConfig(jwt);
+    const rt = await route(config);
+    const tagStr = tag(rt, config);
+    if (config.silent) {
+      outputJson({ systemMessage: tagStr + ' planReview \\u2192 skipped (silent mode)' });
+      return;
+    }
+    if (rt === 'local') {
+      const graderPrompt = [
+        'Working directory: ' + (cwd || '.'),
+        'Repo: ' + (gitRepo || 'unknown'),
+        'Plan:',
+        plan.slice(0, 8000),
+        'Org rules: ' + JSON.stringify(config.rules),
+      ].join('\\n');
+      let gradeResp: string;
+      try {
+        gradeResp = await localGrade('plan', graderPrompt);
+      } catch {
+        outputEmpty();
+        return;
+      }
+      const verdict = parseVerdict(gradeResp);
+      const planContent = plan.slice(0, 2000);
+      const violatedRules = verdict.ruleId ? [verdict.ruleId] : [];
+      if (!verdict.ok) {
+        const reviewMsg = (verdict.ruleId ? '(first: ' + verdict.ruleId + ') ' : '') + (verdict.reason || 'check org rules during implementation');
+        appendReviewToPlan(planFile, '\\u26a0\\ufe0f Advisory \\u2014 ' + reviewMsg);
+        outputJson({ systemMessage: tagStr + ' planReview \\u2192 ' + reviewMsg });
+        dispatchCapture(jwt, 'plan_review', 'advisory', verdict.severity || 'medium', verdict.category || 'general',
+          'ExitPlanMode', gitRepo, sessionId, config.captureDepth, {
+            command: planContent, reasoning: verdict.reason || 'check org rules',
+            rulesChecked: config.rules, violatedRules,
+          });
+      } else {
+        const reviewMsg = verdict.reason || 'no relevant org rules for this plan';
+        appendReviewToPlan(planFile, '\\u2705 Clean \\u2014 ' + reviewMsg);
+        outputJson({ systemMessage: tagStr + ' planReview \\u2192 clean: ' + reviewMsg });
+        dispatchCapture(jwt, 'plan_review', 'clean', 'audit', verdict.category || 'general',
+          'ExitPlanMode', gitRepo, sessionId, config.captureDepth, {
+            command: planContent, reasoning: reviewMsg,
+            rulesChecked: config.rules, violatedRules: [],
+          });
+      }
+      return;
+    }
+    // \u2500\u2500\u2500 Cloud grading \u2500\u2500\u2500
+    const body = {
+      hook_event: 'PreToolUse',
+      tool_name: 'ExitPlanMode',
+      tool_input: { plan: plan.slice(0, 16000) },
+      session_id: sessionId || null,
+      cwd: cwd || null,
+      repo: gitRepo || null,
+    };
+    const resp = await postWithRetry(GATEWAY_URL + '/api/v1/hook/judge', body, jwt, 12000);
+    if (!resp) {
+      log('planReview \\u2192 error (timeout)');
+      outputEmpty();
+      return;
+    }
+    const hookResp = resp?.hook_response;
+    if (!hookResp) { outputEmpty(); return; }
+    const decision = hookResp?.hookSpecificOutput?.permissionDecision;
+    if (decision) {
+      const reason = hookResp?.hookSpecificOutput?.permissionDecisionReason || 'check org rules';
+      appendReviewToPlan(planFile, '\\u26a0\\ufe0f Advisory \\u2014 ' + reason);
+      outputJson({ systemMessage: tagStr + ' planReview \\u2192 advisory: ' + reason });
+    } else {
+      const cloudMsg = hookResp.systemMessage || '';
+      if (cloudMsg) appendReviewToPlan(planFile, '\\u2705 ' + cloudMsg);
+      outputJson(hookResp);
+    }
+  } catch (err) {
+    process.stderr.write('[synkro] planReview error: ' + String(err) + '\\n');
+    outputEmpty();
+  }
+}
-BODY=$(jq -n --arg repo "$GIT_REPO" --arg sid "$SESSION_ID" --argjson messages "$MESSAGES" \\
-  '{repo: $repo, sessions: [{cc_session_id: $sid, messages: $messages}]}')
+main();
+`;
+    STOP_SUMMARY_TS = `#!/usr/bin/env bun
+import {
+  loadJwt, detectRepo, loadConfig, tag, readStdin, aggregateUsage,
+  outputJson, outputEmpty, GATEWAY_URL,
+} from './_synkro-common.ts';
-(
-  curl -sS -X POST "\${GATEWAY_URL}/api/v1/cli/sync-transcripts" \\
-    -H "Content-Type: application/json" -H "Authorization: Bearer $JWT" \\
-    -d "$BODY" --max-time 10 >/dev/null 2>&1
-) &
-disown 2>/dev/null || true
+async function main() {
+  try {
+    const input = await readStdin();
+    if (!input.trim()) { outputEmpty(); return; }
+    const payload = JSON.parse(input);
+    const sessionId = payload.session_id || '';
+    if (!sessionId) { outputEmpty(); return; }
+    const cwd = payload.cwd || '';
+    const transcriptPath = payload.transcript_path || '';
+    const gitRepo = detectRepo(cwd || '.');
+    let jwt = loadJwt();
+    if (!jwt) { outputEmpty(); return; }
+    if (transcriptPath) {
+      const usage = aggregateUsage(transcriptPath);
+      if (usage.totals.in + usage.totals.out > 0) {
+        const usageBody = {
+          capture_type: 'local_verdict',
+          event_id: 'usage_' + Date.now() + '_' + process.pid,
+          hook_type: 'stop',
+          verdict: 'allow',
+          severity: 'none',
+          model: usage.model || 'unknown',
+          cc_model: usage.model || '',
+          cc_usage: {
+            input_tokens: usage.totals.in,
+            output_tokens: usage.totals.out,
+            cache_creation_input_tokens: usage.totals.cw,
+            cache_read_input_tokens: usage.totals.cr,
+          },
+          ...(gitRepo ? { repo: gitRepo } : {}),
+          ...(sessionId ? { session_id: sessionId } : {}),
+        };
+        fetch(GATEWAY_URL + '/api/v1/hook/capture', {
+          method: 'POST',
+          headers: { 'Content-Type': 'application/json', Authorization: 'Bearer ' + jwt },
+          body: JSON.stringify(usageBody),
+          signal: AbortSignal.timeout(3000),
+        }).catch(() => {});
+      }
+    }
+    let resp: any;
+    try {
+      const r = await fetch(GATEWAY_URL + '/api/v1/cli/session-summary?session_id=' + encodeURIComponent(sessionId), {
+        headers: { Authorization: 'Bearer ' + jwt },
+        signal: AbortSignal.timeout(3000),
+      });
+      resp = await r.json();
+    } catch {
+      outputEmpty();
+      return;
+    }
+    const edits = resp?.edits_scanned || 0;
+    const findings = resp?.findings || 0;
+    const autoFixed = resp?.auto_fixed || 0;
+    const open = resp?.open || 0;
+    if (!edits) { outputEmpty(); return; }
+    const config = await loadConfig(jwt);
+    const tagStr = tag('local', config);
-printf '%s' "$TOTAL_LINES" > "$OFFSET_FILE" 2>/dev/null || true
-echo '{}'; exit 0
+    if (!findings) {
+      outputJson({ systemMessage: tagStr + ' stop \\u2192 0 issues across ' + edits + ' edit(s), session complete' });
+    } else {
+      outputJson({ systemMessage: tagStr + ' stop \\u2192 ' + findings + ' finding(s): ' + autoFixed + ' auto-fixed, ' + open + ' open' });
+    }
+  } catch (err) {
+    process.stderr.write('[synkro] stopSummary error: ' + String(err) + '\\n');
+    outputEmpty();
+  }
+}
+main();
 `;
-    CURSOR_BASH_JUDGE_SCRIPT = `#!/bin/bash
-SCRIPT_DIR="$(cd "$(dirname "\${BASH_SOURCE[0]}")" && pwd)"
-. "$SCRIPT_DIR/_synkro-common.sh"
+    SESSION_START_TS = `#!/usr/bin/env bun
+import {
+  loadJwt, detectRepo, channelUp, tag, readStdin,
+  outputJson, outputEmpty, GATEWAY_URL,
+  type HookConfig,
+} from './_synkro-common.ts';
-JWT=$(synkro_load_jwt)
-if [ -z "$JWT" ]; then echo '{}'; exit 0; fi
-synkro_ensure_fresh_jwt
+async function main() {
+  try {
+    const input = await readStdin();
+    if (!input.trim()) { outputEmpty(); return; }
-PAYLOAD=$(cat)
-if [ -z "$PAYLOAD" ]; then echo '{}'; exit 0; fi
+    const payload = JSON.parse(input);
+    const cwd = payload.cwd || '';
+    const sessionId = payload.session_id || '';
+    const gitRepo = detectRepo(cwd || '.');
-COMMAND=$(echo "$PAYLOAD" | jq -r '.command // empty' 2>/dev/null)
-if [ -z "$COMMAND" ]; then echo '{}'; exit 0; fi
+    let jwt = loadJwt();
-CWD=$(echo "$PAYLOAD" | jq -r '.cwd // empty' 2>/dev/null)
-SESSION_ID=$(echo "$PAYLOAD" | jq -r '.conversation_id // empty' 2>/dev/null)
-GIT_REPO=$(synkro_detect_repo "\${CWD:-.}")
+    const isChannelUp = await channelUp();
+    const rt = isChannelUp ? 'local' : 'cloud';
-CMD_SHORT=$(printf '%s' "$COMMAND" | head -c 80)
-synkro_log "bashGuard checking: $CMD_SHORT"
+    let policyName = '';
+    let silent = false;
+    let openFindings = 0;
-synkro_load_config
-if [ "$SYNKRO_SILENT" = "true" ]; then
-  echo '{}'; exit 0
-fi
+    if (jwt) {
+      try {
+        const url = GATEWAY_URL + '/api/v1/hook/config?session_id=' + encodeURIComponent(sessionId || '') + '&repo=' + encodeURIComponent(gitRepo || '');
+        const r = await fetch(url, {
+          headers: { Authorization: 'Bearer ' + jwt },
+          signal: AbortSignal.timeout(3000),
+        });
+        const data = await r.json() as any;
+        silent = data.silent_mode === true || data.silent_mode === 'true';
+        policyName = data.active_policy_name || '';
+        openFindings = data.session_context?.open_findings || 0;
+      } catch {}
+    }
-BODY=$(jq -n \\
-  --arg cmd "$COMMAND" \\
-  --arg session_id "$SESSION_ID" \\
-  --arg cwd "$CWD" \\
-  --arg repo "$GIT_REPO" \\
-  '{
-    hook_event: "PreToolUse",
-    tool_name: "Bash",
-    tool_input: {command: $cmd},
-    response_format: "cursor",
-    session_id: (if ($session_id | length) > 0 then $session_id else null end),
-    cwd: (if ($cwd | length) > 0 then $cwd else null end),
-    repo: (if ($repo | length) > 0 then $repo else null end)
-  }')
+    const fakeConfig: HookConfig = { captureDepth: 'local_only', tier: 'standard', silent, policyName, rules: [] };
+    const tagStr = tag(rt, fakeConfig);
+    const routeLine = tagStr + ' inference: ' + (isChannelUp ? 'local-cc (channel reachable on 127.0.0.1:8929)' : 'cloud (local-cc channel not reachable)');
-RESP=$(synkro_post_with_retry "\${GATEWAY_URL}/api/v1/hook/judge" "$BODY" 6)
+    if (!jwt) {
+      outputJson({ systemMessage: routeLine });
+      return;
+    }
-if [ -z "$RESP" ]; then
-  synkro_log "bashGuard $CMD_SHORT \u2192 error (timeout)"
-  echo '{}'; exit 0
-fi
+    if (!openFindings) {
+      outputJson({ systemMessage: routeLine });
+    } else if (openFindings === 1) {
+      outputJson({ systemMessage: routeLine + '\\n' + tagStr + ' session start \\u2192 1 open finding in this repo from a prior session.' });
+    } else {
+      outputJson({ systemMessage: routeLine + '\\n' + tagStr + ' session start \\u2192 ' + openFindings + ' open findings in this repo from prior sessions.' });
+    }
+  } catch (err) {
+    process.stderr.write('[synkro] sessionStart error: ' + String(err) + '\\n');
+    outputEmpty();
+  }
+}
-# Server returns cursor-format directly in hook_response
-if echo "$RESP" | jq -e '.hook_response' >/dev/null 2>&1; then
-  echo "$RESP" | jq -c '.hook_response'
-else
-  echo '{}'
-fi
-exit 0
+main();
 `;
-    CURSOR_EDIT_PRECHECK_SCRIPT = `#!/bin/bash
-SCRIPT_DIR="$(cd "$(dirname "\${BASH_SOURCE[0]}")" && pwd)"
-. "$SCRIPT_DIR/_synkro-common.sh"
+    BASH_FOLLOWUP_TS = `#!/usr/bin/env bun
+import {
+  loadJwt, readStdin, hashCommand, consentGrant, consentHasActive, consentConsume,
+  outputEmpty, GATEWAY_URL,
+} from './_synkro-common.ts';
-JWT=$(synkro_load_jwt)
-if [ -z "$JWT" ]; then echo '{}'; exit 0; fi
-synkro_ensure_fresh_jwt
+async function main() {
+  try {
+    const input = await readStdin();
+    if (!input.trim()) { outputEmpty(); return; }
-PAYLOAD=$(cat)
-if [ -z "$PAYLOAD" ]; then echo '{}'; exit 0; fi
+    const payload = JSON.parse(input);
+    const toolName = payload.tool_name || '';
+    if (toolName !== 'Bash') { outputEmpty(); return; }
-TOOL_NAME=$(echo "$PAYLOAD" | jq -r '.tool_name // empty' 2>/dev/null)
-CWD=$(echo "$PAYLOAD" | jq -r '.cwd // empty' 2>/dev/null)
-SESSION_ID=$(echo "$PAYLOAD" | jq -r '.conversation_id // empty' 2>/dev/null)
-GIT_REPO=$(synkro_detect_repo "\${CWD:-.}")
+    const jwt = loadJwt();
+    if (!jwt) { outputEmpty(); return; }
-FILE_PATH=$(echo "$PAYLOAD" | jq -r '.tool_input.file_path // .tool_input.path // .tool_input.target_file // empty' 2>/dev/null)
-CONTENT=$(echo "$PAYLOAD" | jq -r '.tool_input.content // .tool_input.new_string // .tool_input.code_edit // empty' 2>/dev/null)
-if [ -z "$FILE_PATH" ]; then echo '{}'; exit 0; fi
+    const sessionId = payload.session_id || '';
+    const toolUseId = payload.tool_use_id || '';
+    if (!sessionId || !toolUseId) { outputEmpty(); return; }
-BASENAME=$(basename "$FILE_PATH" 2>/dev/null || echo "$FILE_PATH")
-synkro_log "editGuard checking: $BASENAME"
+    const isError = payload.tool_result?.is_error === true;
+    const cmd = payload.tool_input?.command || '';
+    const cmdHash = cmd ? hashCommand(cmd) : '';
-synkro_load_config
-if [ "$SYNKRO_SILENT" = "true" ]; then
-  echo '{}'; exit 0
-fi
+    if (cmdHash && sessionId) {
+      if (!isError) {
+        consentConsume(sessionId, cmdHash);
+      } else {
+        if (!consentHasActive(sessionId, cmdHash)) {
+          consentGrant(sessionId, cmdHash);
+        }
+      }
+    }
-BODY=$(jq -n \\
-  --arg file_path "$FILE_PATH" \\
-  --arg content "$CONTENT" \\
-  --arg session_id "$SESSION_ID" \\
-  --arg cwd "$CWD" \\
-  --arg repo "$GIT_REPO" \\
-  '{
-    hook_event: "PreToolUse",
-    tool_name: "Edit",
-    tool_input: {file_path: $file_path, content: $content},
-    file_path: $file_path,
-    content: $content,
-    response_format: "cursor",
-    session_id: (if ($session_id | length) > 0 then $session_id else null end),
-    cwd: (if ($cwd | length) > 0 then $cwd else null end),
-    repo: (if ($repo | length) > 0 then $repo else null end)
-  }')
+    const body = {
+      capture_type: 'bash_followup',
+      session_id: sessionId,
+      tool_use_id: toolUseId,
+      is_error: isError,
+      command_hash: cmdHash,
+    };
-RESP=$(synkro_post_with_retry "\${GATEWAY_URL}/api/v1/hook/judge" "$BODY" 8)
+    fetch(GATEWAY_URL + '/api/v1/hook/capture', {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json', Authorization: 'Bearer ' + jwt },
+      body: JSON.stringify(body),
+      signal: AbortSignal.timeout(3000),
+    }).catch(() => {});
-if [ -z "$RESP" ]; then
-  synkro_log "editGuard $BASENAME \u2192 error (timeout)"
-  echo '{}'; exit 0
-fi
+    outputEmpty();
+  } catch {
+    outputEmpty();
+  }
+}
-if echo "$RESP" | jq -e '.hook_response' >/dev/null 2>&1; then
-  echo "$RESP" | jq -c '.hook_response'
-else
-  echo '{}'
-fi
-exit 0
+main();
 `;
-    CURSOR_EDIT_CAPTURE_SCRIPT = `#!/bin/bash
-SCRIPT_DIR="$(cd "$(dirname "\${BASH_SOURCE[0]}")" && pwd)"
-. "$SCRIPT_DIR/_synkro-common.sh"
+    TRANSCRIPT_SYNC_TS = `#!/usr/bin/env bun
+import {
+  loadJwt, detectRepo, readStdin, aggregateUsage,
+  outputEmpty, GATEWAY_URL,
+} from './_synkro-common.ts';
+import { existsSync, readFileSync, writeFileSync, mkdirSync } from 'node:fs';
+import { join, dirname } from 'node:path';
+import { homedir } from 'node:os';
-JWT=$(synkro_load_jwt)
-if [ -z "$JWT" ]; then echo '{}'; exit 0; fi
+async function main() {
+  try {
+    const input = await readStdin();
+    if (!input.trim()) { outputEmpty(); return; }
-PAYLOAD=$(cat)
-if [ -z "$PAYLOAD" ]; then echo '{}'; exit 0; fi
+    const payload = JSON.parse(input);
+    const sessionId = payload.session_id || '';
+    const transcriptPath = payload.transcript_path || '';
+    const cwd = payload.cwd || '';
-FILE_PATH=$(echo "$PAYLOAD" | jq -r '.file_path // empty' 2>/dev/null)
-if [ -z "$FILE_PATH" ]; then echo '{}'; exit 0; fi
+    if (!sessionId || !transcriptPath || !existsSync(transcriptPath)) {
+      outputEmpty();
+      return;
+    }
-CWD=$(echo "$PAYLOAD" | jq -r '.cwd // .workspace_roots[0] // empty' 2>/dev/null)
-SESSION_ID=$(echo "$PAYLOAD" | jq -r '.conversation_id // empty' 2>/dev/null)
-GIT_REPO=$(synkro_detect_repo "\${CWD:-.}")
-BASENAME=$(basename "$FILE_PATH" 2>/dev/null || echo "$FILE_PATH")
+    const jwt = loadJwt();
+    if (!jwt) { outputEmpty(); return; }
+    const usage = aggregateUsage(transcriptPath);
+    if (usage.totals.in + usage.totals.out > 0) {
+      const usageBody = {
+        capture_type: 'usage_tick',
+        event_id: 'usage_' + Date.now() + '_' + process.pid,
+        hook_type: 'stop',
+        verdict: 'allow',
+        severity: 'none',
+        model: usage.model || 'unknown',
+        cc_model: usage.model || '',
+        cc_usage: {
+          input_tokens: usage.totals.in,
+          output_tokens: usage.totals.out,
+          cache_creation_input_tokens: usage.totals.cw,
+          cache_read_input_tokens: usage.totals.cr,
+        },
+        session_id: sessionId,
+      };
+      fetch(GATEWAY_URL + '/api/v1/hook/capture', {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json', Authorization: 'Bearer ' + jwt },
+        body: JSON.stringify(usageBody),
+        signal: AbortSignal.timeout(3000),
+      }).catch(() => {});
+    }
-FULL_PATH="$FILE_PATH"
-[ -n "$CWD" ] && FULL_PATH="$CWD/$FILE_PATH"
-FULL_CONTENT=""
-[ -f "$FULL_PATH" ] && FULL_CONTENT=$(head -c 50000 "$FULL_PATH" 2>/dev/null || true)
+    if (process.env.SYNKRO_TRANSCRIPT_CONSENT === 'no') { outputEmpty(); return; }
-DEPS_JSON="{}"
-_PKG_DIR="\${CWD:-.}"
-while [ "$_PKG_DIR" != "/" ]; do
-  if [ -f "$_PKG_DIR/package.json" ]; then
-    DEPS_JSON=$(jq -c '(.dependencies // {}) + (.devDependencies // {})' "$_PKG_DIR/package.json" 2>/dev/null || echo "{}")
-    break
-  fi
-  _PKG_DIR=$(dirname "$_PKG_DIR")
-done
+    const gitRepo = detectRepo(cwd || '.');
+    if (!gitRepo) { outputEmpty(); return; }
-synkro_log "editScan $BASENAME"
+    let captureDepth = 'local_only';
+    try {
+      const r = await fetch(GATEWAY_URL + '/api/v1/hook/config', {
+        headers: { Authorization: 'Bearer ' + jwt },
+        signal: AbortSignal.timeout(3000),
+      });
+      const data = await r.json() as any;
+      captureDepth = data.capture_depth || 'local_only';
+    } catch {}
+    if (captureDepth === 'local_only') { outputEmpty(); return; }
+    const offsetDir = join(homedir(), '.synkro', '.transcript-offsets');
+    mkdirSync(offsetDir, { recursive: true });
+    const offsetFile = join(offsetDir, sessionId);
+    let offset = 0;
+    if (existsSync(offsetFile)) {
+      try { offset = parseInt(readFileSync(offsetFile, 'utf-8').trim(), 10) || 0; } catch {}
+    }
-(
-  BODY=$(jq -n \\
-    --arg file_path "$FILE_PATH" --arg content "$FULL_CONTENT" \\
-    --arg session_id "$SESSION_ID" --arg cwd "$CWD" --arg repo "$GIT_REPO" \\
-    --argjson deps "$DEPS_JSON" \\
-    '{capture_type:"edit_scan",tool_input:{file_path:$file_path,content:$content},edit_verdict:{ok:true},dependencies:$deps}
-      + (if ($session_id | length) > 0 then {session_id:$session_id} else {} end)
-      + (if ($cwd | length) > 0 then {cwd:$cwd} else {} end)
-      + (if ($repo | length) > 0 then {repo:$repo} else {} end)')
-  curl -sS -X POST "\${GATEWAY_URL}/api/v1/hook/capture" \\
-    -H "Content-Type: application/json" -H "Authorization: Bearer $JWT" \\
-    -d "$BODY" --max-time 10 >/dev/null 2>&1 || true
-) &
-disown 2>/dev/null || true
+    const raw = readFileSync(transcriptPath, 'utf-8');
+    const allLines = raw.split('\\n').filter(l => l.trim());
+    const totalLines = allLines.length;
-echo '{}'
-exit 0
-`;
-    CURSOR_BASH_FOLLOWUP_SCRIPT = `#!/bin/bash
-SCRIPT_DIR="$(cd "$(dirname "\${BASH_SOURCE[0]}")" && pwd)"
-. "$SCRIPT_DIR/_synkro-common.sh"
+    if (totalLines <= offset) { outputEmpty(); return; }
-JWT=$(synkro_load_jwt)
-if [ -z "$JWT" ]; then echo '{}'; exit 0; fi
+    let startIdx = offset;
+    const delta = totalLines - offset;
+    if (delta > 200) startIdx = totalLines - 200;
-PAYLOAD=$(cat)
-TOOL_NAME=$(echo "$PAYLOAD" | jq -r '.tool_name // empty' 2>/dev/null)
-case "$TOOL_NAME" in Shell|Bash|terminal|run_terminal_cmd|execute_command) ;; *) echo '{}'; exit 0 ;; esac
+    const messages: any[] = [];
+    for (let i = startIdx; i < totalLines; i++) {
+      try {
+        const entry = JSON.parse(allLines[i]);
+        if (entry.type !== 'user' && entry.type !== 'assistant') continue;
+        const content = entry.message?.content;
+        let text = '';
+        if (typeof content === 'string') text = content.slice(0, 8000);
+        else if (Array.isArray(content)) {
+          text = content.map((c: any) => {
+            if (typeof c === 'string') return c;
+            if (c?.type === 'text') return c.text || '';
+            return '';
+          }).join(' ').slice(0, 8000);
+        }
-SESSION_ID=$(echo "$PAYLOAD" | jq -r '.conversation_id // empty' 2>/dev/null)
-TOOL_USE_ID=$(echo "$PAYLOAD" | jq -r '.tool_use_id // empty' 2>/dev/null)
+        const msg: any = { message_index: i, type: entry.type, content: text };
+        if (entry.type === 'assistant') {
+          const toolCalls = (Array.isArray(content) ? content : [])
+            .filter((c: any) => c?.type === 'tool_use')
+            .map((c: any) => ({ name: c.name, input: JSON.stringify(c.input || {}).slice(0, 500), id: c.id }));
+          if (toolCalls.length > 0) msg.tool_calls = toolCalls;
+          msg.model = entry.message?.model || null;
+          const u = entry.message?.usage;
+          if (u) msg.usage = { input_tokens: u.input_tokens, output_tokens: u.output_tokens, cache_creation_input_tokens: u.cache_creation_input_tokens, cache_read_input_tokens: u.cache_read_input_tokens };
+        }
+        messages.push(msg);
+      } catch {}
+    }
-IS_ERROR=$(echo "$PAYLOAD" | jq -r '.tool_result.is_error // false' 2>/dev/null)
-CMD=$(echo "$PAYLOAD" | jq -r '.tool_input.command // empty' 2>/dev/null)
-CMD_HASH=""
-if [ -n "$CMD" ]; then
-  CMD_HASH=$(printf '%s' "$CMD" | shasum -a 256 | cut -c1-16)
-fi
+    writeFileSync(offsetFile, String(totalLines), 'utf-8');
-if [ -n "$CMD_HASH" ] && [ -n "$SESSION_ID" ]; then
-  if [ "$IS_ERROR" = "false" ]; then
-    synkro_consent_consume "$SESSION_ID" "$CMD_HASH"
-  else
-    if ! synkro_consent_has_active "$SESSION_ID" "$CMD_HASH"; then
-      synkro_consent_grant "$SESSION_ID" "$CMD_HASH"
-    fi
-  fi
-fi
+    if (messages.length === 0) { outputEmpty(); return; }
-if [ -n "$SESSION_ID" ] && [ -n "$TOOL_USE_ID" ]; then
-  (
-    BODY=$(jq -n --arg sid "$SESSION_ID" --arg tid "$TOOL_USE_ID" \\
-      --argjson err "$IS_ERROR" --arg ch "$CMD_HASH" \\
-      '{capture_type:"bash_followup",session_id:$sid,tool_use_id:$tid,is_error:$err,command_hash:$ch}')
-    curl -sS -X POST "\${GATEWAY_URL}/api/v1/hook/capture" \\
-      -H "Content-Type: application/json" -H "Authorization: Bearer $JWT" \\
-      -d "$BODY" --max-time 3 >/dev/null 2>&1 || true
-  ) &
-  disown 2>/dev/null || true
-fi
+    const syncBody = {
+      repo: gitRepo,
+      sessions: [{ cc_session_id: sessionId, messages }],
+    };
+    fetch(GATEWAY_URL + '/api/v1/cli/sync-transcripts', {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json', Authorization: 'Bearer ' + jwt },
+      body: JSON.stringify(syncBody),
+      signal: AbortSignal.timeout(10000),
+    }).catch(() => {});
+    outputEmpty();
+  } catch {
+    outputEmpty();
+  }
+}
-echo '{}'
-exit 0
+main();
 `;
-    CC_USER_PROMPT_SUBMIT_SCRIPT = `#!/bin/bash
-# Synkro UserPromptSubmit hook \u2014 stashes the user's last message so PreToolUse
-# hooks can pass it to the grader for consent detection. No regex matching here;
-# the grader (local or cloud) decides whether the message constitutes consent.
-PROMPT_FILE="$HOME/.synkro/.last-prompt"
-PAYLOAD=$(cat)
-if [ -z "$PAYLOAD" ]; then exit 0; fi
-MSG=$(echo "$PAYLOAD" | jq -r '.message // .prompt // .content // empty' 2>/dev/null)
-if [ -n "$MSG" ]; then
-  printf '%s' "$MSG" > "$PROMPT_FILE" 2>/dev/null || true
-fi
-exit 0
+    USER_PROMPT_SUBMIT_TS = `#!/usr/bin/env bun
+import { readStdin } from './_synkro-common.ts';
+import { writeFileSync, mkdirSync } from 'node:fs';
+import { join, dirname } from 'node:path';
+import { homedir } from 'node:os';
+async function main() {
+  try {
+    const input = await readStdin();
+    if (!input.trim()) return;
+    const payload = JSON.parse(input);
+    const msg = payload.message || payload.prompt || payload.content || '';
+    if (msg) {
+      const promptFile = join(homedir(), '.synkro', '.last-prompt');
+      mkdirSync(dirname(promptFile), { recursive: true });
+      writeFileSync(promptFile, msg, 'utf-8');
+    }
+  } catch {}
+}
+main();
 `;
   }
 });
@@ -4322,34 +4937,36 @@ function ensureSynkroDir() {
   mkdirSync8(OFFSETS_DIR, { recursive: true });
 }
 function writeHookScripts() {
-  const bashScriptPath = join11(HOOKS_DIR, "cc-bash-judge.sh");
-  const bashFollowupScriptPath = join11(HOOKS_DIR, "cc-bash-followup.sh");
+  const bashScriptPath = join11(HOOKS_DIR, "cc-bash-judge.ts");
+  const bashFollowupScriptPath = join11(HOOKS_DIR, "cc-bash-followup.ts");
   const editCaptureScriptPath = join11(HOOKS_DIR, "cc-edit-capture.sh");
-  const editPrecheckScriptPath = join11(HOOKS_DIR, "cc-edit-precheck.sh");
-  const cveScanScriptPath = join11(HOOKS_DIR, "cc-cve-scan.sh");
-  const cweScanScriptPath = join11(HOOKS_DIR, "cc-cwe-scan.sh");
-  const planJudgeScriptPath = join11(HOOKS_DIR, "cc-plan-judge.sh");
-  const stopSummaryScriptPath = join11(HOOKS_DIR, "cc-stop-summary.sh");
-  const sessionStartScriptPath = join11(HOOKS_DIR, "cc-session-start.sh");
-  const transcriptSyncScriptPath = join11(HOOKS_DIR, "cc-transcript-sync.sh");
-  const userPromptSubmitScriptPath = join11(HOOKS_DIR, "cc-user-prompt-submit.sh");
-  const commonScriptPath = join11(HOOKS_DIR, "_synkro-common.sh");
+  const editPrecheckScriptPath = join11(HOOKS_DIR, "cc-edit-precheck.ts");
+  const cwePrecheckScriptPath = join11(HOOKS_DIR, "cc-cwe-precheck.ts");
+  const cvePrecheckScriptPath = join11(HOOKS_DIR, "cc-cve-precheck.ts");
+  const planJudgeScriptPath = join11(HOOKS_DIR, "cc-plan-judge.ts");
+  const stopSummaryScriptPath = join11(HOOKS_DIR, "cc-stop-summary.ts");
+  const sessionStartScriptPath = join11(HOOKS_DIR, "cc-session-start.ts");
+  const transcriptSyncScriptPath = join11(HOOKS_DIR, "cc-transcript-sync.ts");
+  const userPromptSubmitScriptPath = join11(HOOKS_DIR, "cc-user-prompt-submit.ts");
+  const commonScriptPath = join11(HOOKS_DIR, "_synkro-common.ts");
+  const commonBashScriptPath = join11(HOOKS_DIR, "_synkro-common.sh");
   const cursorBashJudgePath = join11(HOOKS_DIR, "cursor-bash-judge.sh");
   const cursorEditPrecheckPath = join11(HOOKS_DIR, "cursor-edit-precheck.sh");
   const cursorEditCapturePath = join11(HOOKS_DIR, "cursor-edit-capture.sh");
   const cursorBashFollowupPath = join11(HOOKS_DIR, "cursor-bash-followup.sh");
-  writeFileSync7(bashScriptPath, CC_BASH_JUDGE_SCRIPT, "utf-8");
-  writeFileSync7(bashFollowupScriptPath, CC_BASH_FOLLOWUP_SCRIPT, "utf-8");
-  writeFileSync7(editCaptureScriptPath, CC_EDIT_CAPTURE_SCRIPT, "utf-8");
-  writeFileSync7(editPrecheckScriptPath, CC_EDIT_PRECHECK_SCRIPT, "utf-8");
-  writeFileSync7(cveScanScriptPath, CC_CVE_SCAN_SCRIPT, "utf-8");
-  writeFileSync7(cweScanScriptPath, CC_CWE_SCAN_SCRIPT, "utf-8");
-  writeFileSync7(planJudgeScriptPath, CC_PLAN_JUDGE_SCRIPT, "utf-8");
-  writeFileSync7(stopSummaryScriptPath, CC_STOP_SUMMARY_SCRIPT, "utf-8");
-  writeFileSync7(sessionStartScriptPath, CC_SESSION_START_SCRIPT, "utf-8");
-  writeFileSync7(transcriptSyncScriptPath, CC_TRANSCRIPT_SYNC_SCRIPT, "utf-8");
-  writeFileSync7(userPromptSubmitScriptPath, CC_USER_PROMPT_SUBMIT_SCRIPT, "utf-8");
-  writeFileSync7(commonScriptPath, SYNKRO_COMMON_SCRIPT, "utf-8");
+  writeFileSync7(bashScriptPath, BASH_JUDGE_TS, "utf-8");
+  writeFileSync7(bashFollowupScriptPath, BASH_FOLLOWUP_TS, "utf-8");
+  writeFileSync7(editCaptureScriptPath, "", "utf-8");
+  writeFileSync7(editPrecheckScriptPath, EDIT_PRECHECK_TS, "utf-8");
+  writeFileSync7(cwePrecheckScriptPath, CWE_PRECHECK_TS, "utf-8");
+  writeFileSync7(cvePrecheckScriptPath, CVE_PRECHECK_TS, "utf-8");
+  writeFileSync7(planJudgeScriptPath, PLAN_JUDGE_TS, "utf-8");
+  writeFileSync7(stopSummaryScriptPath, STOP_SUMMARY_TS, "utf-8");
+  writeFileSync7(sessionStartScriptPath, SESSION_START_TS, "utf-8");
+  writeFileSync7(transcriptSyncScriptPath, TRANSCRIPT_SYNC_TS, "utf-8");
+  writeFileSync7(userPromptSubmitScriptPath, USER_PROMPT_SUBMIT_TS, "utf-8");
+  writeFileSync7(commonScriptPath, SYNKRO_COMMON_TS, "utf-8");
+  writeFileSync7(commonBashScriptPath, SYNKRO_COMMON_SCRIPT, "utf-8");
   writeFileSync7(cursorBashJudgePath, CURSOR_BASH_JUDGE_SCRIPT, "utf-8");
   writeFileSync7(cursorEditPrecheckPath, CURSOR_EDIT_PRECHECK_SCRIPT, "utf-8");
   writeFileSync7(cursorEditCapturePath, CURSOR_EDIT_CAPTURE_SCRIPT, "utf-8");
@@ -4358,14 +4975,15 @@ function writeHookScripts() {
   chmodSync2(bashFollowupScriptPath, 493);
   chmodSync2(editCaptureScriptPath, 493);
   chmodSync2(editPrecheckScriptPath, 493);
-  chmodSync2(cveScanScriptPath, 493);
-  chmodSync2(cweScanScriptPath, 493);
+  chmodSync2(cwePrecheckScriptPath, 493);
+  chmodSync2(cvePrecheckScriptPath, 493);
   chmodSync2(planJudgeScriptPath, 493);
   chmodSync2(stopSummaryScriptPath, 493);
   chmodSync2(sessionStartScriptPath, 493);
   chmodSync2(transcriptSyncScriptPath, 493);
   chmodSync2(userPromptSubmitScriptPath, 493);
   chmodSync2(commonScriptPath, 493);
+  chmodSync2(commonBashScriptPath, 493);
   chmodSync2(cursorBashJudgePath, 493);
   chmodSync2(cursorEditPrecheckPath, 493);
   chmodSync2(cursorEditCapturePath, 493);
@@ -4375,8 +4993,8 @@ function writeHookScripts() {
     bashFollowupScript: bashFollowupScriptPath,
     editCaptureScript: editCaptureScriptPath,
     editPrecheckScript: editPrecheckScriptPath,
-    cveScanScript: cveScanScriptPath,
-    cweScanScript: cweScanScriptPath,
+    cwePrecheckScript: cwePrecheckScriptPath,
+    cvePrecheckScript: cvePrecheckScriptPath,
     planJudgeScript: planJudgeScriptPath,
     stopSummaryScript: stopSummaryScriptPath,
     sessionStartScript: sessionStartScriptPath,
@@ -4417,7 +5035,7 @@ function writeConfigEnv(opts) {
     `SYNKRO_CREDENTIALS_PATH=${shellQuoteSingle(credsPath)}`,
     `SYNKRO_TIER=${shellQuoteSingle(safeTier)}`,
     `SYNKRO_INFERENCE=${shellQuoteSingle(safeInference)}`,
-    `SYNKRO_VERSION=${shellQuoteSingle("1.4.45")}`
+    `SYNKRO_VERSION=${shellQuoteSingle("1.4.47")}`
   ];
   if (safeSynkroBin) lines.push(`SYNKRO_CLI_BIN=${shellQuoteSingle(safeSynkroBin)}`);
   if (safeUserId) lines.push(`SYNKRO_USER_ID=${shellQuoteSingle(safeUserId)}`);
@@ -4725,8 +5343,8 @@ async function installCommand(opts = {}) {
         bashFollowupScriptPath: scripts.bashFollowupScript,
         editCaptureScriptPath: scripts.editCaptureScript,
         editPrecheckScriptPath: scripts.editPrecheckScript,
-        cveScanScriptPath: scripts.cveScanScript,
-        cweScanScriptPath: scripts.cweScanScript,
+        cwePrecheckScriptPath: scripts.cwePrecheckScript,
+        cvePrecheckScriptPath: scripts.cvePrecheckScript,
         planJudgeScriptPath: scripts.planJudgeScript,
         stopSummaryScriptPath: scripts.stopSummaryScript,
         sessionStartScriptPath: scripts.sessionStartScript,
@@ -5131,6 +5749,7 @@ var init_install2 = __esm({
     init_cursorHookConfig();
     init_mcpConfig();
     init_hookScripts();
+    init_hookScriptsTs();
     init_stub();
     init_repoConnect();
     init_projects();