npm - @synkro-sh/cli - Versions diffs - 1.4.92 → 1.4.93 - Mend

@synkro-sh/cli 1.4.92 → 1.4.93

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/bootstrap.js CHANGED Viewed

@@ -2297,12 +2297,14 @@ async function main() {
     if (!proposed) { outputEmpty(); return; }
     let cweContent: string;
+    let cweDiffSection = '';
     if (toolName === 'Edit' || toolName === 'MultiEdit' || toolName === 'edit_file' || toolName === 'reapply' || toolName === 'ApplyPatch' || toolName === 'apply_patch') {
       const newStr = toolName === 'Edit' || toolName === 'edit_file' || toolName === 'reapply'
         ? (toolInput.new_string || '')
         : toolName === 'ApplyPatch' || toolName === 'apply_patch'
           ? (toolInput.patch || toolInput.content || toolInput.code_edit || '')
         : (Array.isArray(toolInput.edits) ? toolInput.edits.map((e: any) => e?.new_string || '').join('\n') : '');
+      cweDiffSection = newStr.slice(0, 4000);
       const changeIdx = proposed.indexOf(newStr);
       if (changeIdx >= 0 && proposed.length > 6000) {
         const start = Math.max(0, changeIdx - 2000);
@@ -2333,14 +2335,28 @@ async function main() {
     if (rt === 'local') {
       let cweRules: any[] = [];
+      let cweRuleFetchFailed = false;
       try {
         const resp = await fetch(GATEWAY_URL + '/api/v1/cwe-rules?ext=' + encodeURIComponent(fileExt), {
           headers: { Authorization: 'Bearer ' + jwt },
           signal: AbortSignal.timeout(4000),
         });
-        const data = await resp.json() as any;
-        cweRules = data.rules || [];
-      } catch {}
+        if (!resp.ok) {
+          log('CWE rules fetch failed: HTTP ' + resp.status);
+          cweRuleFetchFailed = true;
+        } else {
+          const data = await resp.json() as any;
+          cweRules = data.rules || [];
+        }
+      } catch (fetchErr: any) {
+        log('CWE rules fetch error: ' + (fetchErr?.message || String(fetchErr)));
+        cweRuleFetchFailed = true;
+      }
+      if (cweRuleFetchFailed) {
+        outputJson({ systemMessage: cweTag + ' ' + fileShort + ' \u2192 CWE rules unavailable \u2014 scan skipped' });
+        return;
+      }
       if (cweRules.length === 0) {
         outputJson({ systemMessage: cweTag + ' ' + fileShort + ' \u2192 clean (no CWE rules for ' + fileExt + ')' });
@@ -2359,40 +2375,86 @@ async function main() {
         }
       }
-      const graderPrompt = [
-        'File: ' + filePath,
-        'Content:',
-        cweContent,
-        '',
-        'CWE rules to check against:',
-        JSON.stringify(cweRules),
-      ].join('\n') + localPkgContext;
-      let gradeResp: string;
-      try {
-        gradeResp = await localGradeCwe(graderPrompt);
-      } catch (gradeErr: any) {
-        const reason = gradeErr?.message || String(gradeErr);
-        outputJson({ systemMessage: cweTag + ' ' + fileShort + ' \u2192 grader unavailable (' + reason + '), skipped' });
-        return;
+      const exemptionNote = exemptedCwes.size > 0
+        ? '\n\nEXEMPTED CWEs (already known, DO NOT report these — focus on NEW weaknesses only): ' + [...exemptedCwes].join(', ')
+        : '';
+      function buildCwePrompt(content: string): string {
+        const diffBlock = cweDiffSection
+          ? '\n\n=== NEW/CHANGED CODE (evaluate THIS for CWE weaknesses) ===\n' + cweDiffSection + '\n=== END NEW CODE ===\n\nThe surrounding content below is CONTEXT ONLY to help you understand imports, variables, and scope. Do NOT report issues found only in the context section.\n'
+          : '';
+        return [
+          'File: ' + filePath,
+          diffBlock,
+          'Full content window:',
+          content,
+          '',
+          'CWE rules to check against:',
+          JSON.stringify(cweRules),
+        ].join('\n') + localPkgContext + exemptionNote;
       }
-      const verdict = parseVerdict(gradeResp);
+      const SPLIT_THRESHOLD = 4000;
+      const OVERLAP = 500;
+      let gradeResponses: string[] = [];
-      if (!verdict.ok) {
-        const ruleIdMatches = gradeResp.match(/<rule_id>([^<]+)<\/rule_id>/g) || [];
-        const cweIds: string[] = [];
-        for (const match of ruleIdMatches.slice(0, 5)) {
-          const id = match.replace(/<\/?rule_id>/g, '').trim().replace(/^cwe-/, 'CWE-');
-          if (id && !cweIds.includes(id)) cweIds.push(id);
+      if (cweContent.length > SPLIT_THRESHOLD) {
+        const mid = Math.floor(cweContent.length / 2);
+        const chunk1 = cweContent.slice(0, mid + OVERLAP);
+        const chunk2 = cweContent.slice(mid - OVERLAP);
+        try {
+          const [resp1, resp2] = await Promise.all([
+            localGradeCwe(buildCwePrompt(chunk1)),
+            localGradeCwe(buildCwePrompt(chunk2)),
+          ]);
+          gradeResponses = [resp1, resp2];
+        } catch (gradeErr: any) {
+          const reason = gradeErr?.message || String(gradeErr);
+          outputJson({ systemMessage: cweTag + ' ' + fileShort + ' \u2192 grader unavailable (' + reason + '), skipped' });
+          return;
+        }
+      } else {
+        try {
+          gradeResponses = [await localGradeCwe(buildCwePrompt(cweContent))];
+        } catch (gradeErr: any) {
+          const reason = gradeErr?.message || String(gradeErr);
+          outputJson({ systemMessage: cweTag + ' ' + fileShort + ' \u2192 grader unavailable (' + reason + '), skipped' });
+          return;
         }
+      }
-        const fixMatches = gradeResp.match(/<suggested_fix>([^<]+)<\/suggested_fix>/g) || [];
-        const fixes: Record<string, string> = {};
-        for (let i = 0; i < Math.min(cweIds.length, fixMatches.length); i++) {
-          fixes[cweIds[i]] = fixMatches[i].replace(/<\/?suggested_fix>/g, '').trim();
+      const cweIds: string[] = [];
+      const fixes: Record<string, string> = {};
+      let mergedReason = '';
+      let mergedSeverity = '';
+      let mergedCategory = '';
+      let anyFailed = false;
+      for (const gradeResp of gradeResponses) {
+        const v = parseVerdict(gradeResp);
+        if (!v.ok) {
+          anyFailed = true;
+          if (v.reason) mergedReason = mergedReason || v.reason;
+          if (v.severity) mergedSeverity = mergedSeverity || v.severity;
+          if (v.category) mergedCategory = mergedCategory || v.category;
+          const ruleIdMatches = gradeResp.match(/<rule_id>([^<]+)<\/rule_id>/g) || [];
+          for (const m of ruleIdMatches.slice(0, 5)) {
+            const id = m.replace(/<\/?rule_id>/g, '').trim().replace(/^cwe-/, 'CWE-');
+            if (id && !cweIds.includes(id)) cweIds.push(id);
+          }
+          const fMatches = gradeResp.match(/<suggested_fix>([^<]+)<\/suggested_fix>/g) || [];
+          const respIds = ruleIdMatches.map(rm => rm.replace(/<\/?rule_id>/g, '').trim().replace(/^cwe-/, 'CWE-'));
+          for (let i = 0; i < Math.min(respIds.length, fMatches.length); i++) {
+            if (!fixes[respIds[i]]) fixes[respIds[i]] = fMatches[i].replace(/<\/?suggested_fix>/g, '').trim();
+          }
         }
+      }
+      const verdict = anyFailed
+        ? { ok: false, reason: mergedReason, severity: mergedSeverity, category: mergedCategory }
+        : { ok: true, reason: '', severity: '', category: '' };
+      if (!verdict.ok) {
         const activeCweIds = cweIds.filter(id => !exemptedCwes.has(id.toUpperCase()));
         if (activeCweIds.length === 0) {
@@ -5660,7 +5722,7 @@ function writeConfigEnv(opts) {
     `SYNKRO_CREDENTIALS_PATH=${shellQuoteSingle(credsPath)}`,
     `SYNKRO_TIER=${shellQuoteSingle(safeTier)}`,
     `SYNKRO_INFERENCE=${shellQuoteSingle(safeInference)}`,
-    `SYNKRO_VERSION=${shellQuoteSingle("1.4.92")}`
+    `SYNKRO_VERSION=${shellQuoteSingle("1.4.93")}`
   ];
   if (safeSynkroBin) lines.push(`SYNKRO_CLI_BIN=${shellQuoteSingle(safeSynkroBin)}`);
   if (safeUserId) lines.push(`SYNKRO_USER_ID=${shellQuoteSingle(safeUserId)}`);
@@ -5677,12 +5739,13 @@ function writeConfigEnv(opts) {
   chmodSync2(CONFIG_PATH2, 384);
 }
 function resolveDeploymentMode() {
-  const envOverride = process.env.SYNKRO_DEPLOYMENT_MODE;
-  if (envOverride) return envOverride.toLowerCase();
+  const envOverride = process.env.SYNKRO_DEPLOYMENT_MODE?.toLowerCase();
+  if (envOverride === "bare-host" || envOverride === "docker") return envOverride;
   try {
     if (existsSync9(CONFIG_PATH2)) {
       const m = readFileSync7(CONFIG_PATH2, "utf-8").match(/^SYNKRO_DEPLOYMENT_MODE='([^']*)'/m);
-      if (m && m[1]) return m[1].toLowerCase();
+      const val = m?.[1]?.toLowerCase();
+      if (val === "bare-host" || val === "docker") return val;
     }
   } catch {
   }
@@ -7095,7 +7158,7 @@ var args = process.argv.slice(2);
 var cmd = args[0] || "";
 var subArgs = args.slice(1);
 function printVersion() {
-  console.log("1.4.92");
+  console.log("1.4.93");
 }
 function printHelp() {
   console.log(`Synkro CLI \u2014 runtime safety for AI coding agents