npm - @synkro-sh/cli - Versions diffs - 1.4.60 → 1.4.62 - Mend

@synkro-sh/cli 1.4.60 → 1.4.62

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/bootstrap.js CHANGED Viewed

@@ -911,63 +911,93 @@ function decodeJwtExp(jwt: string): number {
 }
 export async function refreshJwt(jwt: string): Promise<string> {
-  try {
-    const creds = JSON.parse(readFileSync(CREDS_PATH, 'utf-8'));
-    const rt = creds.refresh_token;
-    if (!rt) return jwt;
+  const creds = JSON.parse(readFileSync(CREDS_PATH, 'utf-8'));
+  const rt = creds.refresh_token;
+  if (!rt) return jwt;
-    const resp = await fetch(GATEWAY_URL + '/api/auth/refresh', {
-      method: 'POST',
-      headers: { 'Content-Type': 'application/json' },
-      body: JSON.stringify({ refresh_token: rt }),
-      signal: AbortSignal.timeout(4000),
-    });
-    const data = await resp.json() as any;
-    const newAt = data.access_token;
-    if (!newAt) return jwt;
-    const newRt = data.refresh_token || rt;
-    const existing = (() => {
-      try { return JSON.parse(readFileSync(CREDS_PATH, 'utf-8')); } catch { return {}; }
-    })();
-    const updated = { ...existing, access_token: newAt, refresh_token: newRt };
-    const tmp = CREDS_PATH + '.synkro.tmp';
-    writeFileSync(tmp, JSON.stringify(updated, null, 2));
-    renameSync(tmp, CREDS_PATH);
-    return newAt;
-  } catch {
+  const resp = await fetch(GATEWAY_URL + '/api/auth/refresh', {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/json' },
+    body: JSON.stringify({ refresh_token: rt }),
+    signal: AbortSignal.timeout(4000),
+  });
+  if (!resp.ok) {
+    log('refresh failed: HTTP ' + resp.status);
     return jwt;
   }
+  const data = await resp.json() as any;
+  const newAt = data.access_token;
+  if (!newAt) return jwt;
+  const newRt = data.refresh_token || rt;
+  const existing = (() => {
+    try { return JSON.parse(readFileSync(CREDS_PATH, 'utf-8')); } catch { return {}; }
+  })();
+  const updated = { ...existing, access_token: newAt, refresh_token: newRt };
+  const tmp = CREDS_PATH + '.synkro.tmp';
+  writeFileSync(tmp, JSON.stringify(updated, null, 2));
+  renameSync(tmp, CREDS_PATH);
+  return newAt;
+}
+function jwtIsExpired(jwt: string): boolean {
+  const exp = decodeJwtExp(jwt);
+  return exp - Math.floor(Date.now() / 1000) < 60;
+}
+function lockIsStale(lockfile: string, maxAgeMs = 8000): boolean {
+  try {
+    const stat = require('node:fs').statSync(lockfile);
+    return Date.now() - stat.mtimeMs > maxAgeMs;
+  } catch {
+    return false;
+  }
 }
 export async function ensureFreshJwt(jwt: string): Promise<string> {
   if (!jwt) return jwt;
-  const exp = decodeJwtExp(jwt);
-  const now = Math.floor(Date.now() / 1000);
-  if (exp - now >= 60) return jwt;
+  if (!jwtIsExpired(jwt)) return jwt;
   const lockfile = CREDS_PATH + '.lock';
+  // Clean stale lock left by a killed hook
+  if (existsSync(lockfile) && lockIsStale(lockfile)) {
+    try { unlinkSync(lockfile); } catch {}
+  }
   let fd = -1;
   try {
     fd = openSync(lockfile, FS_CONSTANTS.O_WRONLY | FS_CONSTANTS.O_CREAT | FS_CONSTANTS.O_EXCL, 0o644);
   } catch {
-    // Another process holds the lock \u2014 wait for it to finish and re-read
-    for (let i = 0; i < 10; i++) {
-      await new Promise(r => setTimeout(r, 300));
+    // Another process is refreshing \u2014 wait for it
+    for (let i = 0; i < 8; i++) {
+      await new Promise(r => setTimeout(r, 500));
       if (!existsSync(lockfile)) break;
     }
+    // Stale lock after full wait \u2014 force-remove
+    if (existsSync(lockfile) && lockIsStale(lockfile)) {
+      try { unlinkSync(lockfile); } catch {}
+    }
+    // Re-read \u2014 the winner should have written a fresh JWT
     const fresh = loadJwt();
-    return fresh || jwt;
+    if (fresh && !jwtIsExpired(fresh)) return fresh;
+    // Winner's refresh failed \u2014 try to acquire lock ourselves
+    try {
+      fd = openSync(lockfile, FS_CONSTANTS.O_WRONLY | FS_CONSTANTS.O_CREAT | FS_CONSTANTS.O_EXCL, 0o644);
+    } catch {
+      return fresh || jwt;
+    }
   }
   try {
-    // Re-check \u2014 another hook may have just refreshed while we waited
+    // Re-check \u2014 another hook may have written fresh creds while we waited for lock
     const freshJwt = loadJwt();
-    if (freshJwt) {
-      const freshExp = decodeJwtExp(freshJwt);
-      if (freshExp - Math.floor(Date.now() / 1000) >= 60) return freshJwt;
-    }
+    if (freshJwt && !jwtIsExpired(freshJwt)) return freshJwt;
     return await refreshJwt(jwt);
+  } catch {
+    return jwt;
   } finally {
     try { closeSync(fd); } catch {}
     try { unlinkSync(lockfile); } catch {}
@@ -1255,6 +1285,20 @@ export function dispatchCapture(
   if (repo) body.repo = repo;
   if (sessionId) body.session_id = sessionId;
+  // Local telemetry always gets full content \u2014 data never leaves the machine
+  const localBody = { ...body };
+  if (opts) {
+    if (opts.command) localBody.command = opts.command;
+    if (opts.reasoning) localBody.reasoning = opts.reasoning;
+    if (opts.rulesChecked) localBody.rules_checked = opts.rulesChecked;
+    if (opts.violatedRules) localBody.violated_rules = opts.violatedRules;
+    if (opts.recentUserMessages) localBody.recent_user_messages = opts.recentUserMessages;
+  }
+  appendLocalTelemetry(localBody);
+  // local_only: no data leaves the machine
+  if (captureDepth === 'local_only') return;
   if (sendFull && opts) {
     body.capture_depth = captureDepth;
     if (opts.command) body.command = opts.command;
@@ -1264,8 +1308,6 @@ export function dispatchCapture(
     if (opts.recentUserMessages) body.recent_user_messages = opts.recentUserMessages;
   }
-  appendLocalTelemetry(body);
   fetch(GATEWAY_URL + '/api/v1/hook/capture', {
     method: 'POST',
     headers: { 'Content-Type': 'application/json', Authorization: 'Bearer ' + jwt },
@@ -1848,6 +1890,25 @@ async function main() {
     const proposed = reconstructContent(toolName, toolInput, filePath, cwd);
     if (!proposed) { outputEmpty(); return; }
+    // Change-anchored window: for Edit/MultiEdit send context around the diff,
+    // for Write send first 4000 chars (new files have patterns at the top).
+    let cweContent: string;
+    if (toolName === 'Edit' || toolName === 'MultiEdit') {
+      const newStr = toolName === 'Edit'
+        ? (toolInput.new_string || '')
+        : (Array.isArray(toolInput.edits) ? toolInput.edits.map((e: any) => e?.new_string || '').join('\\n') : '');
+      const changeIdx = proposed.indexOf(newStr);
+      if (changeIdx >= 0 && proposed.length > 6000) {
+        const start = Math.max(0, changeIdx - 2000);
+        const end = Math.min(proposed.length, changeIdx + newStr.length + 2000);
+        cweContent = proposed.slice(start, end);
+      } else {
+        cweContent = proposed.slice(0, 6000);
+      }
+    } else {
+      cweContent = proposed.slice(0, 4000);
+    }
     const config = await loadConfig(jwt);
     const rt = await cweRoute(config);
@@ -1885,7 +1946,7 @@ async function main() {
       const graderPrompt = [
         'File: ' + filePath,
         'Content:',
-        proposed,
+        cweContent,
         '',
         'CWE rules to check against:',
         JSON.stringify(cweRules),
@@ -2590,7 +2651,7 @@ main();
 `;
     BASH_FOLLOWUP_TS = `#!/usr/bin/env bun
 import {
-  loadJwt, readStdin, hashCommand, consentGrant, consentHasActive, consentConsume,
+  loadJwt, loadConfig, readStdin, hashCommand, consentGrant, consentHasActive, consentConsume,
   outputEmpty, appendLocalTelemetry, GATEWAY_URL,
 } from './_synkro-common.ts';
@@ -2634,12 +2695,15 @@ async function main() {
     appendLocalTelemetry(body);
-    fetch(GATEWAY_URL + '/api/v1/hook/capture', {
-      method: 'POST',
-      headers: { 'Content-Type': 'application/json', Authorization: 'Bearer ' + jwt },
-      body: JSON.stringify(body),
-      signal: AbortSignal.timeout(3000),
-    }).catch(() => {});
+    const config = await loadConfig(jwt);
+    if (config.captureDepth !== 'local_only') {
+      fetch(GATEWAY_URL + '/api/v1/hook/capture', {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json', Authorization: 'Bearer ' + jwt },
+        body: JSON.stringify(body),
+        signal: AbortSignal.timeout(3000),
+      }).catch(() => {});
+    }
     outputEmpty();
   } catch {
@@ -5137,7 +5201,7 @@ function writeConfigEnv(opts) {
     `SYNKRO_CREDENTIALS_PATH=${shellQuoteSingle(credsPath)}`,
     `SYNKRO_TIER=${shellQuoteSingle(safeTier)}`,
     `SYNKRO_INFERENCE=${shellQuoteSingle(safeInference)}`,
-    `SYNKRO_VERSION=${shellQuoteSingle("1.4.60")}`
+    `SYNKRO_VERSION=${shellQuoteSingle("1.4.62")}`
   ];
   if (safeSynkroBin) lines.push(`SYNKRO_CLI_BIN=${shellQuoteSingle(safeSynkroBin)}`);
   if (safeUserId) lines.push(`SYNKRO_USER_ID=${shellQuoteSingle(safeUserId)}`);