@synkro-sh/cli 1.4.53 → 1.4.55
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/bootstrap.js +13 -7
- package/dist/bootstrap.js.map +1 -1
- package/package.json +1 -1
package/dist/bootstrap.js
CHANGED
|
@@ -1617,6 +1617,8 @@ async function main() {
|
|
|
1617
1617
|
const filePath = toolInput.file_path || toolInput.notebook_path || toolInput.path || '';
|
|
1618
1618
|
if (!filePath) { outputEmpty(); return; }
|
|
1619
1619
|
|
|
1620
|
+
if (filePath.includes('/.synkro/hooks/')) { outputEmpty(); return; }
|
|
1621
|
+
|
|
1620
1622
|
const fileShort = basename(filePath);
|
|
1621
1623
|
log('editGuard checking: ' + fileShort);
|
|
1622
1624
|
|
|
@@ -1690,7 +1692,7 @@ async function main() {
|
|
|
1690
1692
|
const guardReason = (verdict.ruleId ? '(' + verdict.ruleId + ') ' : '') + (verdict.reason || 'policy violation');
|
|
1691
1693
|
|
|
1692
1694
|
if (mode !== 'audit') {
|
|
1693
|
-
const denyReason = 'Guard: ' + guardReason + '\\nFix all issues before retrying.';
|
|
1695
|
+
const denyReason = 'Guard: ' + guardReason + '\\nFix all issues before retrying. Do NOT ask the user to make the edit manually \u2014 resolve the violation in code yourself.';
|
|
1694
1696
|
dispatchCapture(jwt, 'edit', 'block', verdict.severity || 'critical', verdict.category || 'security',
|
|
1695
1697
|
toolName, gitRepo, sessionId, config.captureDepth, {
|
|
1696
1698
|
command: editContent, reasoning: guardReason,
|
|
@@ -1699,7 +1701,7 @@ async function main() {
|
|
|
1699
1701
|
});
|
|
1700
1702
|
outputJson({
|
|
1701
1703
|
systemMessage: tagStr + ' editGuard ' + fileShort + ' \\u2192 blocked: ' + guardReason,
|
|
1702
|
-
hookSpecificOutput: { hookEventName: 'PreToolUse', additionalContext: denyReason },
|
|
1704
|
+
hookSpecificOutput: { hookEventName: 'PreToolUse', permissionDecision: 'deny', permissionDecisionReason: denyReason, additionalContext: denyReason },
|
|
1703
1705
|
});
|
|
1704
1706
|
return;
|
|
1705
1707
|
}
|
|
@@ -1821,6 +1823,8 @@ async function main() {
|
|
|
1821
1823
|
const filePath = toolInput.file_path || toolInput.notebook_path || toolInput.path || '';
|
|
1822
1824
|
if (!filePath) { outputEmpty(); return; }
|
|
1823
1825
|
|
|
1826
|
+
if (filePath.includes('/.synkro/hooks/')) { outputEmpty(); return; }
|
|
1827
|
+
|
|
1824
1828
|
const fileShort = basename(filePath);
|
|
1825
1829
|
const fileExt = extname(filePath); // e.g. ".ts"
|
|
1826
1830
|
|
|
@@ -1892,11 +1896,11 @@ async function main() {
|
|
|
1892
1896
|
const label = count === 1 ? 'match' : 'matches';
|
|
1893
1897
|
const cweMsg = cweTag + ' ' + fileShort + ' \\u2192 ' + count + ' CWE ' + label + ' (' + displayIds + ')';
|
|
1894
1898
|
const denyDetail = '[' + displayIds + '] ' + (verdict.reason || 'code weakness detected');
|
|
1895
|
-
const ctx = 'CWE: ' + denyDetail + '\\nFix all issues before retrying.';
|
|
1899
|
+
const ctx = 'CWE: ' + denyDetail + '\\nFix all issues before retrying. Do NOT ask the user to make the edit manually \u2014 resolve the weakness in code yourself.';
|
|
1896
1900
|
|
|
1897
1901
|
outputJson({
|
|
1898
1902
|
systemMessage: cweMsg,
|
|
1899
|
-
hookSpecificOutput: { hookEventName: 'PreToolUse', additionalContext: ctx },
|
|
1903
|
+
hookSpecificOutput: { hookEventName: 'PreToolUse', permissionDecision: 'deny', permissionDecisionReason: ctx, additionalContext: ctx },
|
|
1900
1904
|
});
|
|
1901
1905
|
return;
|
|
1902
1906
|
}
|
|
@@ -1955,6 +1959,8 @@ async function main() {
|
|
|
1955
1959
|
const filePath = toolInput.file_path || toolInput.notebook_path || toolInput.path || '';
|
|
1956
1960
|
if (!filePath) { outputEmpty(); return; }
|
|
1957
1961
|
|
|
1962
|
+
if (filePath.includes('/.synkro/hooks/')) { outputEmpty(); return; }
|
|
1963
|
+
|
|
1958
1964
|
const fileShort = basename(filePath);
|
|
1959
1965
|
|
|
1960
1966
|
let jwt = loadJwt();
|
|
@@ -2020,11 +2026,11 @@ async function main() {
|
|
|
2020
2026
|
const count = findings.length;
|
|
2021
2027
|
const label = count === 1 ? 'advisory' : 'advisories';
|
|
2022
2028
|
const cveMsg = cveTag + ' ' + fileShort + ' \\u2192 ' + count + ' ' + label;
|
|
2023
|
-
const ctx = 'CVE: ' + top3 + '\\nFix all issues before retrying.';
|
|
2029
|
+
const ctx = 'CVE: ' + top3 + '\\nFix all issues before retrying. Do NOT ask the user to make the edit manually \u2014 upgrade the vulnerable dependencies yourself.';
|
|
2024
2030
|
|
|
2025
2031
|
outputJson({
|
|
2026
2032
|
systemMessage: cveMsg,
|
|
2027
|
-
hookSpecificOutput: { hookEventName: 'PreToolUse', additionalContext: ctx },
|
|
2033
|
+
hookSpecificOutput: { hookEventName: 'PreToolUse', permissionDecision: 'deny', permissionDecisionReason: ctx, additionalContext: ctx },
|
|
2028
2034
|
});
|
|
2029
2035
|
return;
|
|
2030
2036
|
}
|
|
@@ -5045,7 +5051,7 @@ function writeConfigEnv(opts) {
|
|
|
5045
5051
|
`SYNKRO_CREDENTIALS_PATH=${shellQuoteSingle(credsPath)}`,
|
|
5046
5052
|
`SYNKRO_TIER=${shellQuoteSingle(safeTier)}`,
|
|
5047
5053
|
`SYNKRO_INFERENCE=${shellQuoteSingle(safeInference)}`,
|
|
5048
|
-
`SYNKRO_VERSION=${shellQuoteSingle("1.4.
|
|
5054
|
+
`SYNKRO_VERSION=${shellQuoteSingle("1.4.55")}`
|
|
5049
5055
|
];
|
|
5050
5056
|
if (safeSynkroBin) lines.push(`SYNKRO_CLI_BIN=${shellQuoteSingle(safeSynkroBin)}`);
|
|
5051
5057
|
if (safeUserId) lines.push(`SYNKRO_USER_ID=${shellQuoteSingle(safeUserId)}`);
|