@synkro-sh/cli 1.5.2 → 1.5.4

package/dist/bootstrap.js

@@ -1854,6 +1854,28 @@ function cursorHookExit(): never {
   process.exit(0);
 }
 
+// \u2500\u2500\u2500 Grader-unavailable diagnostic log \u2500\u2500\u2500
+// Records every time a hook tried to call the local grader and fell open
+// because the call failed. JSONL at ~/.synkro/grader-unavailable.log so the
+// user can pinpoint cause (timeout vs ECONNREFUSED vs HTTP 5xx vs sick pool)
+// instead of guessing from a one-shot system message in the CC UI.
+
+const UNAVAIL_LOG = join(HOME, '.synkro', 'grader-unavailable.log');
+
+export function logGraderUnavailable(hook: string, target: string, errorMessage: string): void {
+  try {
+    const entry = {
+      ts: new Date().toISOString(),
+      hook,
+      target,
+      error: errorMessage.slice(0, 500),
+    };
+    appendFileSync(UNAVAIL_LOG, JSON.stringify(entry) + '\\n', 'utf-8');
+  } catch {
+    // best-effort \u2014 never let logging failure cascade into a hook failure
+  }
+}
+
 // \u2500\u2500\u2500 Output Helpers \u2500\u2500\u2500
 
 export function outputJson(obj: any): void {
@@ -1916,6 +1938,7 @@ import {
   readStdin, extractTranscript, readLastPrompt, findNearestDeps, filePathFromToolInput,
   appendSessionAction, readSessionLog, compressSessionLog, log,
   outputJson, outputEmpty, setupCursorHookSignals, isEditTool, hookSessionId, GATEWAY_URL,
+  logGraderUnavailable,
   type HookConfig, type Rule,
 } from './_synkro-common.ts';
 import { existsSync, readFileSync } from 'node:fs';
@@ -2010,7 +2033,8 @@ async function main() {
       let gradeResp: string;
       try {
         gradeResp = await localGrade('edit', graderPrompt);
-      } catch {
+      } catch (err) {
+        logGraderUnavailable('editGuard', fileShort, (err as Error).message || String(err));
         outputJson({ systemMessage: tagStr + ' editGuard ' + fileShort + ' \u2192 local grader unavailable, skipped' });
         return;
       }
@@ -2133,6 +2157,7 @@ import {
   loadJwt, ensureFreshJwt, detectRepo, loadConfig, cweRoute, tag,
   localGradeCwe, parseVerdict, reconstructContent, readStdin, log,
   outputJson, outputEmpty, setupCursorHookSignals, isEditTool, hookSessionId, filePathFromToolInput, dispatchFinding, dispatchCapture, GATEWAY_URL,
+  logGraderUnavailable,
 } from './_synkro-common.ts';
 import { basename, extname, resolve, join, dirname } from 'node:path';
 import { readFileSync, readdirSync, existsSync } from 'node:fs';
@@ -2403,6 +2428,7 @@ async function main() {
           gradeResponses = [resp1, resp2];
         } catch (gradeErr: any) {
           const reason = gradeErr?.message || String(gradeErr);
+          logGraderUnavailable('cweGuard', fileShort, reason);
           outputJson({ systemMessage: cweTag + ' ' + fileShort + ' \u2192 grader unavailable (' + reason + '), skipped' });
           return;
         }
@@ -2411,6 +2437,7 @@ async function main() {
           gradeResponses = [await localGradeCwe(buildCwePrompt(cweContent))];
         } catch (gradeErr: any) {
           const reason = gradeErr?.message || String(gradeErr);
+          logGraderUnavailable('cweGuard', fileShort, reason);
           outputJson({ systemMessage: cweTag + ' ' + fileShort + ' \u2192 grader unavailable (' + reason + '), skipped' });
           return;
         }
@@ -2777,6 +2804,7 @@ import {
   parseVerdict, dispatchCapture, dispatchFinding, ruleMode, postWithRetry, readStdin,
   extractTranscript, readLastPrompt, appendSessionAction, readSessionLog, compressSessionLog, log,
   outputJson, outputEmpty, setupCursorHookSignals, isShellTool, hookSessionId, GATEWAY_URL,
+  logGraderUnavailable,
   type HookConfig, type Rule,
 } from './_synkro-common.ts';
 
@@ -2821,6 +2849,59 @@ async function main() {
     const cmdShort = command.slice(0, 80);
     log('bashGuard checking: ' + cmdShort);
 
+    // ─── Hook-side short-circuit for safe in-repo reads ───
+    // The judge primer already deterministically allows these, but the round
+    // trip + batch queue still costs 1–25s per call. Skipping the grade for
+    // unambiguously read-only operations removes that latency for ~half of
+    // typical commands (cat/grep/git status/ls/etc.) and unblocks the worker
+    // pool to grade the operations that actually need judgment.
+    function isSafeInRepoRead(tName: string, cmd: string): boolean {
+      // CC's native read tools are inherently safe.
+      if (tName === 'Read' || tName === 'Grep' || tName === 'Glob') return true;
+      if (tName !== 'Bash' && tName !== 'Shell' && tName !== 'terminal' &&
+          tName !== 'run_terminal_cmd' && tName !== 'execute_command') return false;
+      // Reject any shell metacharacter that could turn a "read" into a write
+      // or chain to an unsafe consumer: redirects, pipes, sequencing, command
+      // substitution, sudo/su.
+      if (/[>;&|\\\`]|\\$\\(|<<|\\bsudo\\b|\\bsu\\b|\\brm\\b|\\bmv\\b|\\bcp\\b|\\bchmod\\b|\\bchown\\b|\\btee\\b|\\bsed\\s+-i\\b|\\bkill\\b/.test(cmd)) return false;
+      const SAFE_VERBS = new Set([
+        'cat','head','tail','less','more','grep','egrep','fgrep','rg','ag',
+        'find','fd','ls','wc','cmp','diff','file','stat','which','whereis','type',
+        'pwd','whoami','id','date','echo','printf','env','true','false',
+        'jq','yq','awk','sort','uniq','cut','tr','xxd','hexdump','od','column',
+        'node','npm','pnpm','yarn','bun','python','python3','ruby','go','rustc','cargo',
+        'git',
+      ]);
+      const tokens = cmd.trim().split(/\\s+/);
+      const verb = tokens[0] || '';
+      if (!SAFE_VERBS.has(verb)) return false;
+      // For multi-mode tools, only allow read subcommands / version flags.
+      if (verb === 'git') {
+        const SAFE_GIT = new Set(['log','show','diff','blame','status','branch','tag','remote','config','rev-parse','ls-files','ls-tree','cat-file','shortlog','reflog','describe','symbolic-ref']);
+        const sub = tokens[1] || '';
+        return SAFE_GIT.has(sub);
+      }
+      if (['npm','pnpm','yarn','bun','cargo','go'].includes(verb)) {
+        // Only allow plain version/info/list/why probes — block install/add/update/run/exec.
+        const sub = tokens[1] || '';
+        const SAFE_PKG = new Set(['--version','-v','version','list','ls','why','view','show','info','outdated','-h','--help','help']);
+        return SAFE_PKG.has(sub);
+      }
+      if (['node','python','python3','ruby','rustc'].includes(verb)) {
+        const sub = tokens[1] || '';
+        return sub === '--version' || sub === '-v' || sub === '-V';
+      }
+      // sed without -i flag is read-only by definition; we already excluded
+      // sed -i above. Anything else with a SAFE_VERB and no metachars is fine.
+      return true;
+    }
+
+    if (isSafeInRepoRead(toolName, command)) {
+      log('bashGuard ' + cmdShort + ' → instant allow (safe in-repo read)');
+      outputJson({ hookSpecificOutput: { hookEventName: 'PreToolUse', additionalContext: 'Synkro: safe in-repo read, deterministic allow.' } });
+      return;
+    }
+
     let jwt = loadJwt();
     if (!jwt) { outputEmpty(); return; }
     jwt = await ensureFreshJwt(jwt);
@@ -2961,7 +3042,8 @@ async function main() {
       let gradeResp: string;
       try {
         gradeResp = await localGrade('bash', graderPrompt);
-      } catch {
+      } catch (err) {
+        logGraderUnavailable('bashGuard', toolInput.command?.slice(0, 200) || '', (err as Error).message || String(err));
         outputJson({ systemMessage: tagStr + ' bashGuard → local grader unavailable, skipped' });
         return;
       }
@@ -2973,8 +3055,12 @@ async function main() {
         const mode = verdict.ruleMode || ruleMode(verdict.ruleId, config.rules);
         const guardReason = (verdict.ruleId ? '(' + verdict.ruleId + ') ' : '') + (verdict.reason || 'policy violation');
 
+        const auditRulesInReason = (config.rules || [])
+          .filter((r: any) => r.mode === 'audit' && r.rule_id && verdict.reason && verdict.reason.includes(r.rule_id))
+          .map((r: any) => r.rule_id);
+
         if (mode === 'audit') {
-          const reason = tagStr + ' bashGuard → warning' + (verdict.ruleId ? ' (' + verdict.ruleId + ')' : '') + ': ' + (verdict.reason || 'policy violation');
+          const reason = tagStr + ' bashGuard → warning' + (verdict.ruleId ? ' (' + verdict.ruleId + ')' : '') + ': ' + (verdict.reason || 'policy violation') + '. Fix this before proceeding — do not ask the user.';
           const combined = (installScanMsg ? installScanMsg + '\\n' : '') + reason;
           outputJson({ systemMessage: combined, hookSpecificOutput: { hookEventName: 'PreToolUse', additionalContext: combined } });
           dispatchCapture(jwt, 'bash', 'warning', verdict.severity || 'medium', verdict.category || 'security',
@@ -2983,11 +3069,14 @@ async function main() {
               recentUserMessages: transcript.recentUserMessages, ccModel: transcript.ccModel,
             });
         } else {
-          const reason = tagStr + ' bashGuard → blocked' + (verdict.ruleId ? ' (' + verdict.ruleId + ')' : '') + ': ' + (verdict.reason || 'policy violation') + '. Ask the user for explicit consent before retrying.';
-          const combined = (installScanMsg ? installScanMsg + '\\n' : '') + reason;
+          let blockMsg = tagStr + ' bashGuard → blocked' + (verdict.ruleId ? ' (' + verdict.ruleId + ')' : '') + ': ' + (verdict.reason || 'policy violation') + '. Ask the user for explicit consent before retrying.';
+          if (auditRulesInReason.length > 0) {
+            blockMsg += '\\nAudit violations (' + auditRulesInReason.join(', ') + '): fix these automatically before retrying — do not ask the user, just resolve them (e.g. run the required precondition).';
+          }
+          const combined = (installScanMsg ? installScanMsg + '\\n' : '') + blockMsg;
           outputJson({
             systemMessage: combined,
-            hookSpecificOutput: { hookEventName: 'PreToolUse', permissionDecision: 'deny', permissionDecisionReason: reason, additionalContext: combined },
+            hookSpecificOutput: { hookEventName: 'PreToolUse', permissionDecision: 'deny', permissionDecisionReason: blockMsg, additionalContext: combined },
           });
           dispatchCapture(jwt, 'bash', 'block', verdict.severity || 'critical', verdict.category || 'security',
             toolName, gitRepo, sessionId, config.captureDepth, {
@@ -3078,6 +3167,7 @@ import {
   parseVerdict, dispatchCapture, ruleMode, postWithRetry, readStdin,
   extractTranscript, readLastPrompt, appendSessionAction, readSessionLog, compressSessionLog, log,
   outputJson, outputEmpty, setupCursorHookSignals, isAgentTool, hookSessionId, GATEWAY_URL,
+  logGraderUnavailable,
   type HookConfig, type Rule,
 } from './_synkro-common.ts';
 
@@ -3149,7 +3239,8 @@ async function main() {
       let gradeResp: string;
       try {
         gradeResp = await localGrade('bash', graderPrompt);
-      } catch {
+      } catch (err) {
+        logGraderUnavailable('agentGuard', subagentType || (description || '').slice(0, 100), (err as Error).message || String(err));
         outputJson({ systemMessage: tagStr + ' agentGuard \u2192 local grader unavailable, skipped' });
         return;
       }
@@ -3599,7 +3690,7 @@ async function main() {
     let isError = payload.tool_result?.is_error === true;
     try {
       const out = JSON.parse(payload.tool_output || '{}');
-      if (out.exitCode !== 0 || out.is_error === true) isError = true;
+      if ((typeof out.exitCode === 'number' && out.exitCode !== 0) || out.is_error === true) isError = true;
     } catch {}
     const cmd = shellCmd;
     const cmdHash = cmd ? hashCommand(cmd) : '';
@@ -5532,6 +5623,9 @@ async function dockerInstall(opts = {}) {
     `${CLAUDE_HOST_STATE_DIR}:/data/claude-host-state:ro`,
     "-e",
     `WORKERS_PER_POOL=${workers}`,
+    // Pass through the batch-size lever if the operator set it. Defaults
+    // inside the container to 5; clamped to [1, 20] by synkro-server.ts.
+    ...process.env.SYNKRO_MAX_BATCH_SIZE ? ["-e", `SYNKRO_MAX_BATCH_SIZE=${process.env.SYNKRO_MAX_BATCH_SIZE}`] : [],
     image
   ];
   const run = spawnSync2("docker", args2, { encoding: "utf-8", stdio: "inherit", timeout: 6e4 });
@@ -5758,7 +5852,7 @@ function writeConfigEnv(opts) {
     `SYNKRO_CREDENTIALS_PATH=${shellQuoteSingle(credsPath)}`,
     `SYNKRO_TIER=${shellQuoteSingle(safeTier)}`,
     `SYNKRO_INFERENCE=${shellQuoteSingle(safeInference)}`,
-    `SYNKRO_VERSION=${shellQuoteSingle("1.5.2")}`
+    `SYNKRO_VERSION=${shellQuoteSingle("1.5.4")}`
   ];
   if (safeSynkroBin) lines.push(`SYNKRO_CLI_BIN=${shellQuoteSingle(safeSynkroBin)}`);
   if (safeUserId) lines.push(`SYNKRO_USER_ID=${shellQuoteSingle(safeUserId)}`);
@@ -6165,7 +6259,7 @@ async function installCommand(opts = {}) {
       process.exit(1);
     }
     console.log("Installing Synkro server container...");
-    const workersPerPool = parseInt(process.env.SYNKRO_WORKERS_PER_POOL || "4", 10);
+    const workersPerPool = parseInt(process.env.SYNKRO_WORKERS_PER_POOL || "8", 10);
     const { image, hostMcpPort, hostGraderPort, hostCwePort } = await dockerInstall({ workersPerPool });
     console.log(`  \u2713 pulled ${image}`);
     console.log(`  container started \u2014 MCP=${hostMcpPort} general=${hostGraderPort} CWE=${hostCwePort}`);
@@ -7148,7 +7242,7 @@ var args = process.argv.slice(2);
 var cmd = args[0] || "";
 var subArgs = args.slice(1);
 function printVersion() {
-  console.log("1.5.2");
+  console.log("1.5.4");
 }
 function printHelp() {
   console.log(`Synkro CLI \u2014 runtime safety for AI coding agents