@synkro-sh/cli 1.4.57 → 1.4.59

package/dist/bootstrap.js

@@ -834,7 +834,7 @@ var init_hookScriptsTs = __esm({
     "use strict";
     SYNKRO_COMMON_TS = `
 // Shared Synkro hook utilities \u2014 imported by all hook scripts.
-import { readFileSync, writeFileSync, mkdirSync, rmdirSync, existsSync, renameSync } from 'node:fs';
+import { readFileSync, writeFileSync, appendFileSync, mkdirSync, rmdirSync, existsSync, renameSync } from 'node:fs';
 import { join, dirname, basename, extname } from 'node:path';
 import { homedir } from 'node:os';
 import { execSync, spawn } from 'node:child_process';
@@ -1014,6 +1014,7 @@ export interface HookConfig {
   silent: boolean;
   policyName: string;
   rules: Rule[];
+  scanExemptions: string[];
 }
 
 export async function loadConfig(jwt: string, query?: string): Promise<HookConfig> {
@@ -1023,6 +1024,7 @@ export async function loadConfig(jwt: string, query?: string): Promise<HookConfi
     silent: false,
     policyName: '',
     rules: [],
+    scanExemptions: [],
   };
   try {
     const url = GATEWAY_URL + '/api/v1/hook/config' + (query ? '?' + query : '');
@@ -1035,6 +1037,9 @@ export async function loadConfig(jwt: string, query?: string): Promise<HookConfi
     config.tier = data.tier || 'standard';
     config.silent = data.silent_mode === true || data.silent_mode === 'true';
     config.policyName = data.active_policy_name || '';
+    if (Array.isArray(data.scan_exemptions)) {
+      config.scanExemptions = data.scan_exemptions.filter((s: any) => typeof s === 'string');
+    }
     if (Array.isArray(data.rules)) {
       config.rules = data.rules
         .filter((r: any) => r.hook_stage === 'pre' || r.hook_stage === 'both' || r.hook_stage == null)
@@ -1250,6 +1255,8 @@ export function dispatchCapture(
     if (opts.recentUserMessages) body.recent_user_messages = opts.recentUserMessages;
   }
 
+  appendLocalTelemetry(body);
+
   fetch(GATEWAY_URL + '/api/v1/hook/capture', {
     method: 'POST',
     headers: { 'Content-Type': 'application/json', Authorization: 'Bearer ' + jwt },
@@ -1258,6 +1265,13 @@ export function dispatchCapture(
   }).catch(() => {});
 }
 
+export function appendLocalTelemetry(body: Record<string, any>): void {
+  try {
+    const telPath = join(HOME, '.synkro', 'telemetry.jsonl');
+    appendFileSync(telPath, JSON.stringify({ ...body, _ts: new Date().toISOString() }) + '\\n', 'utf-8');
+  } catch {}
+}
+
 // \u2500\u2500\u2500 Rule Mode Lookup \u2500\u2500\u2500
 
 export function ruleMode(ruleId: string, rules: Rule[]): 'blocking' | 'audit' {
@@ -1827,6 +1841,11 @@ async function main() {
     const config = await loadConfig(jwt);
     const rt = await cweRoute(config);
 
+    // Check scan exemptions from server
+    if (config.scanExemptions.length > 0 && config.scanExemptions.some(ex => filePath.includes(ex))) {
+      outputEmpty(); return;
+    }
+
     if (config.silent) {
       outputJson({ systemMessage: '[synkro:' + rt + ':cweScan] ' + fileShort + ' \\u2192 skipped (silent mode)' });
       return;
@@ -2008,7 +2027,8 @@ async function main() {
         const pkg = f.package || '?';
         const ver = f.version || '?';
         const title = f.title || f.summary || 'vulnerable';
-        return '[' + id + '] ' + pkg + '@' + ver + ': ' + title;
+        const fix = f.fixed ? ' (fix: >=' + f.fixed + ')' : ' (no safe version \u2014 use an alternative)';
+        return '[' + id + '] ' + pkg + '@' + ver + ': ' + title + fix;
       }).join('; ');
 
       const count = findings.length;
@@ -5093,7 +5113,7 @@ function writeConfigEnv(opts) {
     `SYNKRO_CREDENTIALS_PATH=${shellQuoteSingle(credsPath)}`,
     `SYNKRO_TIER=${shellQuoteSingle(safeTier)}`,
     `SYNKRO_INFERENCE=${shellQuoteSingle(safeInference)}`,
-    `SYNKRO_VERSION=${shellQuoteSingle("1.4.57")}`
+    `SYNKRO_VERSION=${shellQuoteSingle("1.4.59")}`
   ];
   if (safeSynkroBin) lines.push(`SYNKRO_CLI_BIN=${shellQuoteSingle(safeSynkroBin)}`);
   if (safeUserId) lines.push(`SYNKRO_USER_ID=${shellQuoteSingle(safeUserId)}`);