npm - @synkro-sh/cli - Versions diffs - 1.6.14 → 1.6.16 - Mend

@synkro-sh/cli 1.6.14 → 1.6.16

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/bootstrap.js CHANGED Viewed

@@ -116,6 +116,17 @@ function installCCHooks(settingsPath, config) {
   settings.hooks.SessionEnd = settings.hooks.SessionEnd ?? [];
   settings.hooks.SessionStart = settings.hooks.SessionStart ?? [];
   settings.hooks.UserPromptSubmit = settings.hooks.UserPromptSubmit ?? [];
+  settings.hooks.PreToolUse.push({
+    matcher: "Bash",
+    hooks: [
+      {
+        type: "command",
+        command: config.installScanScriptPath,
+        timeout: 8
+      }
+    ],
+    [SYNKRO_MARKER]: true
+  });
   settings.hooks.PreToolUse.push({
     matcher: "Bash|Read|Grep|Glob",
     hooks: [
@@ -319,6 +330,12 @@ function installCursorHooks(hooksJsonPath, config) {
   pushCcHook(h, "beforeSubmitPrompt", config.userPromptSubmitScriptPath, { timeout: 5 });
   pushCcHook(h, "stop", config.transcriptSyncScriptPath, { timeout: 3 });
   h.beforeShellExecution = h.beforeShellExecution ?? [];
+  h.beforeShellExecution.push({
+    command: cursorCcCmd(config.installScanScriptPath),
+    timeout: 8,
+    failClosed: false,
+    [SYNKRO_MARKER2]: true
+  });
   h.beforeShellExecution.push({
     command: bunRunCmd(config.bashJudgeScriptPath),
     timeout: 15,
@@ -327,6 +344,13 @@ function installCursorHooks(hooksJsonPath, config) {
   });
   pushCcHook(h, "afterShellExecution", config.bashFollowupScriptPath, { timeout: 10 });
   h.preToolUse = h.preToolUse ?? [];
+  h.preToolUse.push({
+    command: cursorCcCmd(config.installScanScriptPath),
+    timeout: 8,
+    failClosed: false,
+    matcher: "Shell|Bash|terminal|run_terminal_cmd|execute_command",
+    [SYNKRO_MARKER2]: true
+  });
   h.preToolUse.push({
     command: bunRunCmd(config.bashJudgeScriptPath),
     timeout: 15,
@@ -727,7 +751,7 @@ synkro_post_with_retry() {
 });
 // cli/installer/hookScriptsTs.ts
-var SYNKRO_COMMON_TS, EDIT_PRECHECK_TS, CWE_PRECHECK_TS, CVE_PRECHECK_TS, BASH_JUDGE_TS, AGENT_JUDGE_TS, PLAN_JUDGE_TS, STOP_SUMMARY_TS, SESSION_START_TS, BASH_FOLLOWUP_TS, TRANSCRIPT_SYNC_TS, USER_PROMPT_SUBMIT_TS, CURSOR_BASH_JUDGE_TS, CURSOR_EDIT_CAPTURE_TS;
+var SYNKRO_COMMON_TS, EDIT_PRECHECK_TS, CWE_PRECHECK_TS, CVE_PRECHECK_TS, INSTALL_SCAN_TS, BASH_JUDGE_TS, AGENT_JUDGE_TS, PLAN_JUDGE_TS, STOP_SUMMARY_TS, SESSION_START_TS, BASH_FOLLOWUP_TS, TRANSCRIPT_SYNC_TS, USER_PROMPT_SUBMIT_TS, CURSOR_BASH_JUDGE_TS, CURSOR_EDIT_CAPTURE_TS;
 var init_hookScriptsTs = __esm({
   "cli/installer/hookScriptsTs.ts"() {
     "use strict";
@@ -975,12 +999,19 @@ export function normalizeMode(m?: string): 'ask' | 'fix' {
 // \u2500\u2500\u2500 Config Loading \u2500\u2500\u2500
+export interface RuleExample {
+  text: string;
+  verdict: 'violation' | 'ok';
+  note?: string;
+}
 export interface Rule {
   rule_id: string;
   text: string;
   severity: string;
   category: string;
   mode: string;
+  examples?: RuleExample[];
 }
 export interface HookConfig {
@@ -1032,6 +1063,7 @@ export async function loadConfig(jwt: string, query?: string): Promise<HookConfi
             severity: r.severity || '',
             category: r.category || '',
             mode: normalizeMode(r.mode),
+            examples: Array.isArray(r.examples) ? r.examples : undefined,
           }));
       }
       config.silent = raw.silent === true;
@@ -1072,6 +1104,7 @@ export async function loadConfig(jwt: string, query?: string): Promise<HookConfi
           severity: r.severity || '',
           category: r.category || '',
           mode: normalizeMode(r.mode),
+          examples: Array.isArray(r.examples) ? r.examples : undefined,
         }));
     }
   } catch {}
@@ -1322,9 +1355,15 @@ export async function runInstallScan(command: string, jwt: string): Promise<Inst
     const summary = scanResp?.summary || '';
     const scannedLabel = pkgResults.map((p: any) => p.name + '@' + p.version).join(', ');
     if (action === 'block') {
-      const blockSignals = pkgResults
-        .flatMap((p: any) => (p.signals || []).filter((s: any) => s.severity === 'critical' || s.severity === 'high'))
-        .slice(0, 5);
+      // Every critical/high signal (uncapped) + the true CVE total. The grader
+      // only sees what we put in blockContext \u2014 so the real count must be
+      // STATED here; a bare preview lets it under-report (the count is data,
+      // not something the grader should infer from a truncated list).
+      const highSignals = pkgResults
+        .flatMap((p: any) => (p.signals || []).filter((s: any) => s.severity === 'critical' || s.severity === 'high'));
+      const cveCount = pkgResults
+        .flatMap((p: any) => (p.signals || []))
+        .filter((s: any) => s.type === 'cve').length;
       const findings: InstallScanResult['findings'] = [];
       for (const p of pkgResults) {
         for (const s of (p.signals || [])) {
@@ -1337,10 +1376,20 @@ export async function runInstallScan(command: string, jwt: string): Promise<Inst
           }
         }
       }
-      const details = blockSignals.map((s: any) => s.detail).join('\\n') || summary;
+      // Preview the top 5 detail lines; the headline carries the true total.
+      const blockSignals = highSignals.slice(0, 5);
+      const headline = cveCount > 0
+        ? cveCount + ' known CVE' + (cveCount === 1 ? '' : 's') + ' found in ' + (scannedLabel || 'the requested install') + '.\\n'
+        : '';
+      const preview = blockSignals.map((s: any) => s.detail).join('\\n') || summary;
+      const more = highSignals.length > blockSignals.length
+        ? '\\n(+' + (highSignals.length - blockSignals.length) + ' more critical/high findings not shown)'
+        : '';
       return {
         scanned: true, action: 'block',
-        blockContext: details + '\\nDo NOT install packages with security risks. Use a patched version or a different package.',
+        blockContext: headline + preview + more
+          + '\\nReport the CVE count and fix version exactly as stated above \u2014 do not estimate.'
+          + '\\nDo NOT install packages with security risks. Use a patched version or a different package.',
         summary, scannedLabel, findings,
         violatedIds: blockSignals.map((s: any) => s.type + ':' + (s.detail || '').slice(0, 40)),
       };
@@ -2255,6 +2304,8 @@ import {
 import { existsSync, readFileSync } from 'node:fs';
 import { basename, dirname, join } from 'node:path';
+const agentKind = process.env.SYNKRO_HOOK_FORMAT === 'cursor' ? 'cursor' : 'claude_code';
 async function main() {
   setupCursorHookSignals();
   try {
@@ -2346,7 +2397,7 @@ async function main() {
       let gradeResp: string;
       try {
-        gradeResp = await localGrade('edit', graderPrompt);
+        gradeResp = await localGrade('edit', graderPrompt, undefined, agentKind);
       } catch (err) {
         logGraderUnavailable('editGuard', fileShort, (err as Error).message || String(err));
         outputJson({ systemMessage: tagStr + ' editGuard ' + fileShort + ' \u2192 local grader unavailable, skipped' });
@@ -2467,6 +2518,7 @@ import {
 import { basename, extname, resolve, join, dirname } from 'node:path';
 import { readFileSync, readdirSync, existsSync } from 'node:fs';
+const agentKind = process.env.SYNKRO_HOOK_FORMAT === 'cursor' ? 'cursor' : 'claude_code';
 interface PackageCapability {
   name: string;
@@ -2727,8 +2779,8 @@ async function main() {
         const chunk2 = cweContent.slice(mid - OVERLAP);
         try {
           const [resp1, resp2] = await Promise.all([
-            localGradeCwe(buildCwePrompt(chunk1)),
-            localGradeCwe(buildCwePrompt(chunk2)),
+            localGradeCwe(buildCwePrompt(chunk1), agentKind),
+            localGradeCwe(buildCwePrompt(chunk2), agentKind),
           ]);
           gradeResponses = [resp1, resp2];
         } catch (gradeErr: any) {
@@ -2739,7 +2791,7 @@ async function main() {
         }
       } else {
         try {
-          gradeResponses = [await localGradeCwe(buildCwePrompt(cweContent))];
+          gradeResponses = [await localGradeCwe(buildCwePrompt(cweContent), agentKind)];
         } catch (gradeErr: any) {
           const reason = gradeErr?.message || String(gradeErr);
           logGraderUnavailable('cweGuard', fileShort, reason);
@@ -3100,6 +3152,96 @@ async function main() {
   }
 }
+main();
+`;
+    INSTALL_SCAN_TS = `#!/usr/bin/env bun
+import {
+  loadJwt, ensureFreshJwt, detectRepo, loadConfig, route, tag,
+  readStdin, runInstallScan, dispatchFinding, dispatchCapture, hashCommand,
+  outputJson, outputEmpty, setupCursorHookSignals, isShellTool, hookSessionId, log, GATEWAY_URL,
+} from './_synkro-common.ts';
+import { writeFileSync, mkdirSync } from 'node:fs';
+import { join } from 'node:path';
+const SCAN_CACHE_DIR = (process.env.HOME || '/tmp') + '/.synkro/.scan-cache';
+async function main() {
+  setupCursorHookSignals();
+  try {
+    const input = await readStdin();
+    if (!input.trim()) { outputEmpty(); return; }
+    const payload = JSON.parse(input);
+    const toolName = payload.tool_name || '';
+    if (!isShellTool(toolName)) { outputEmpty(); return; }
+    const toolInput = payload.tool_input || {};
+    const command = typeof payload.command === 'string' ? payload.command : (toolInput.command || '');
+    if (!command) { outputEmpty(); return; }
+    let jwt = loadJwt();
+    if (!jwt) { outputEmpty(); return; }
+    jwt = await ensureFreshJwt(jwt);
+    const scan = await runInstallScan(command, jwt);
+    if (scan.scanned) {
+      try {
+        mkdirSync(SCAN_CACHE_DIR, { recursive: true });
+        writeFileSync(join(SCAN_CACHE_DIR, hashCommand(command)), JSON.stringify(scan), 'utf-8');
+      } catch {}
+    }
+    if (!scan.scanned) { outputEmpty(); return; }
+    const sessionId = hookSessionId(payload);
+    const cwd = payload.cwd || '';
+    const repo = detectRepo(cwd);
+    const config = await loadConfig(jwt);
+    const rt = await route(config);
+    const tagStr = tag(rt, config);
+    if (scan.action === 'block') {
+      for (const f of scan.findings) {
+        dispatchFinding(jwt, {
+          session_id: sessionId,
+          file_path: command,
+          finding_type: 'cve' as const,
+          finding_id: f.advisoryId + ':' + f.name,
+          severity: f.severity,
+          status: 'open',
+          detail: f.detail,
+          package_name: f.name,
+          package_version: f.version,
+        }, config.captureDepth);
+      }
+      dispatchCapture(jwt, 'pkg', 'block', 'critical', 'security',
+        'Bash', repo, sessionId, config.captureDepth, {
+          command, reasoning: scan.blockContext.slice(0, 200),
+          violatedRules: scan.violatedIds,
+        });
+      outputJson({
+        systemMessage: '[synkro:installScan] ' + scan.summary,
+        hookSpecificOutput: { hookEventName: 'PreToolUse', additionalContext: '[synkro:installScan] ' + scan.summary },
+      });
+    } else if (scan.action === 'warn') {
+      outputJson({
+        systemMessage: '[synkro:installScan] ' + scan.summary,
+        hookSpecificOutput: { hookEventName: 'PreToolUse', additionalContext: '[synkro:installScan] ' + scan.summary },
+      });
+    } else {
+      const label = scan.scannedLabel || command.slice(0, 80);
+      outputJson({
+        systemMessage: '[synkro:installScan] ' + label + ' \\u2192 clean',
+        hookSpecificOutput: { hookEventName: 'PreToolUse', additionalContext: '[synkro:installScan] ' + label + ' \\u2192 clean' },
+      });
+    }
+  } catch (err) {
+    process.stderr.write('[synkro] installScan error: ' + String(err) + '\\n');
+    outputEmpty();
+  }
+}
 main();
 `;
     BASH_JUDGE_TS = String.raw`#!/usr/bin/env bun
@@ -3110,9 +3252,43 @@ import {
   extractTranscript, readLastPrompt, appendSessionAction, readSessionLog, compressSessionLog, log,
   outputJson, outputEmpty, setupCursorHookSignals, isShellTool, hookSessionId, GATEWAY_URL,
   logGraderUnavailable, filterRules, normalizeMode, appendLocalTelemetry, isSafeInRepoRead,
-  runInstallScan,
+  hashCommand,
   type HookConfig, type Rule,
 } from './_synkro-common.ts';
+import { createHash } from 'node:crypto';
+import { existsSync, statSync, readFileSync, writeFileSync, mkdirSync, unlinkSync } from 'node:fs';
+import { join } from 'node:path';
+const SCAN_CACHE_DIR = (process.env.HOME || '/tmp') + '/.synkro/.scan-cache';
+function readCachedScan(command: string): any | null {
+  try {
+    const path = join(SCAN_CACHE_DIR, hashCommand(command));
+    if (!existsSync(path)) return null;
+    const data = JSON.parse(readFileSync(path, 'utf-8'));
+    unlinkSync(path);
+    return data;
+  } catch { return null; }
+}
+const DEDUP_DIR = process.env.HOME + '/.synkro/.dedup';
+const DEDUP_TTL_MS = 3000;
+function isDuplicate(command: string, sessionId: string): boolean {
+  const hash = createHash('md5').update(sessionId + ':' + command).digest('hex').slice(0, 12);
+  const marker = DEDUP_DIR + '/' + hash;
+  try {
+    if (existsSync(marker)) {
+      const age = Date.now() - statSync(marker).mtimeMs;
+      if (age < DEDUP_TTL_MS) return true;
+    }
+  } catch {}
+  try {
+    mkdirSync(DEDUP_DIR, { recursive: true });
+    writeFileSync(marker, '', { flag: 'w' });
+  } catch {}
+  return false;
+}
 async function main() {
   setupCursorHookSignals();
@@ -3150,6 +3326,12 @@ async function main() {
     }
     if (!command) { outputEmpty(); return; }
+    if (isDuplicate(command, sessionId)) {
+      log('bashGuard skip (dedup): ' + command.slice(0, 80));
+      outputEmpty();
+      return;
+    }
     const cmdShort = command.slice(0, 80);
     log('bashGuard checking: ' + cmdShort);
@@ -3195,45 +3377,20 @@ async function main() {
       return;
     }
-    // ─── Install protection: server-side pkg-scan (CVE + typosquat + tarball + reputation) ───
-    // Detection + extraction happen server-side (runInstallScan); the hook
-    // relays the verdict. A block is handed to the grader as an authoritative
-    // concern so the normal ask + consent-carryover flow lets the user
-    // override it on the next turn.
-    let installScanMsg = '';
+    // ─── Install protection: read cached scan from the install-scan hook ───
+    // The install-scan hook (INSTALL_SCAN_TS) runs before this hook, calls
+    // runInstallScan(), outputs its own system message, and caches the result.
+    // We just read the cache to feed scanConcern into the grader prompt so
+    // the consent-carryover flow works.
     let scanConcern = '';
     let scanBlockContext = '';
     if (toolName === 'Bash') {
-      const scan = await runInstallScan(command, jwt);
-      if (scan.action === 'block') {
-        for (const f of scan.findings) {
-          dispatchFinding(jwt, {
-            session_id: sessionId,
-            file_path: command,
-            finding_type: 'cve' as const,
-            finding_id: f.advisoryId + ':' + f.name,
-            severity: f.severity,
-            status: 'open',
-            detail: f.detail,
-            package_name: f.name,
-            package_version: f.version,
-          }, config.captureDepth);
-        }
-        dispatchCapture(jwt, 'pkg', 'block', 'critical', 'security',
-          'Bash', gitRepo, sessionId, config.captureDepth, {
-            command,
-            reasoning: scan.blockContext.slice(0, 200),
-            violatedRules: scan.violatedIds,
-            ccModel: transcript.ccModel,
-          });
-        scanBlockContext = scan.blockContext;
+      const scan = readCachedScan(command);
+      if (scan && scan.action === 'block') {
+        scanBlockContext = scan.blockContext || '';
         scanConcern = 'PACKAGE SCANNER FLAG (authoritative — do NOT re-evaluate whether the vulnerability is real): '
-          + scan.blockContext
+          + scanBlockContext
           + ' For this concern you MUST return ok=false with rule_id "SYNKRO_PKGSCAN", rule_mode "ask", and the reason above — UNLESS the user has explicitly consented in this conversation to installing this despite the warning, in which case return ok=true.';
-      } else if (scan.scanned && scan.action === 'warn') {
-        installScanMsg = '[synkro:installScan] ' + scan.summary;
-      } else if (scan.scanned) {
-        installScanMsg = '[synkro:installScan] ' + (scan.scannedLabel || cmdShort) + ' → clean';
       }
     }
@@ -3289,10 +3446,9 @@ async function main() {
         const blockMsg = mode === 'fix'
           ? tagStr + ' bashGuard → blocked' + (verdict.ruleId ? ' (' + verdict.ruleId + ')' : '') + ': ' + (verdict.reason || 'policy violation') + '. Fix this before retrying — do not ask the user.'
           : tagStr + ' bashGuard → blocked' + (verdict.ruleId ? ' (' + verdict.ruleId + ')' : '') + ': ' + (verdict.reason || 'policy violation') + '. Ask the user for explicit consent before retrying.';
-        const combined = (installScanMsg ? installScanMsg + '\\n' : '') + blockMsg;
         outputJson({
-          systemMessage: combined,
-          hookSpecificOutput: { hookEventName: 'PreToolUse', permissionDecision: 'deny', permissionDecisionReason: blockMsg, additionalContext: combined },
+          systemMessage: blockMsg,
+          hookSpecificOutput: { hookEventName: 'PreToolUse', permissionDecision: 'deny', permissionDecisionReason: blockMsg, additionalContext: blockMsg },
         });
         dispatchCapture(jwt, 'bash', 'block', verdict.severity || 'critical', verdict.category || 'security',
           toolName, gitRepo, sessionId, config.captureDepth, {
@@ -3301,8 +3457,10 @@ async function main() {
           });
       } else {
         const reason = tagStr + ' bashGuard → pass: ' + (verdict.reason || 'no policy violations detected');
-        const combined = (installScanMsg ? installScanMsg + '\\n' : '') + reason;
-        outputJson({ systemMessage: combined, hookSpecificOutput: { hookEventName: 'PreToolUse', additionalContext: combined } });
+        outputJson({
+          systemMessage: reason,
+          hookSpecificOutput: { hookEventName: 'PreToolUse', additionalContext: reason },
+        });
         dispatchCapture(jwt, 'bash', 'pass', 'clean', verdict.category || 'trivial_utility',
           toolName, gitRepo, sessionId, config.captureDepth, {
             command, reasoning: verdict.reason || 'no policy violations detected',
@@ -3354,30 +3512,16 @@ async function main() {
     if (!resp) {
       log('bashGuard ' + cmdShort + ' → error (timeout)');
-      if (installScanMsg) {
-        outputJson({ systemMessage: installScanMsg, hookSpecificOutput: { hookEventName: 'PreToolUse', additionalContext: installScanMsg } });
-      } else { outputEmpty(); }
+      outputEmpty();
       return;
     }
     if (!resp.hook_response || typeof resp.hook_response !== 'object') {
       log('bashGuard ' + cmdShort + ' → pass (no hook_response)');
-      if (installScanMsg) {
-        outputJson({ systemMessage: installScanMsg, hookSpecificOutput: { hookEventName: 'PreToolUse', additionalContext: installScanMsg } });
-      } else { outputEmpty(); }
+      outputEmpty();
       return;
     }
-    if (installScanMsg) {
-      const existing = resp.hook_response.systemMessage || '';
-      resp.hook_response.systemMessage = installScanMsg + (existing ? '\\n' + existing : '');
-      if (resp.hook_response.hookSpecificOutput) {
-        const existingCtx = resp.hook_response.hookSpecificOutput.additionalContext || '';
-        resp.hook_response.hookSpecificOutput.additionalContext = installScanMsg + (existingCtx ? '\\n' + existingCtx : '');
-      } else {
-        resp.hook_response.hookSpecificOutput = { hookEventName: 'PreToolUse', additionalContext: resp.hook_response.systemMessage };
-      }
-    }
     outputJson(resp.hook_response);
   } catch (err) {
     process.stderr.write('[synkro] bashGuard error: ' + String(err) + '\\n');
@@ -3397,6 +3541,8 @@ import {
   type HookConfig, type Rule,
 } from './_synkro-common.ts';
+const agentKind = process.env.SYNKRO_HOOK_FORMAT === 'cursor' ? 'cursor' : 'claude_code';
 async function main() {
   setupCursorHookSignals();
   try {
@@ -3466,7 +3612,7 @@ async function main() {
       let gradeResp: string;
       try {
-        gradeResp = await localGrade('bash', graderPrompt);
+        gradeResp = await localGrade('bash', graderPrompt, undefined, agentKind);
       } catch (err) {
         logGraderUnavailable('agentGuard', subagentType || (description || '').slice(0, 100), (err as Error).message || String(err));
         outputJson({ systemMessage: tagStr + ' agentGuard \u2192 local grader unavailable, skipped' });
@@ -3565,6 +3711,8 @@ import { existsSync, readFileSync, writeFileSync, readdirSync, statSync } from '
 import { join } from 'node:path';
 import { homedir } from 'node:os';
+const agentKind = process.env.SYNKRO_HOOK_FORMAT === 'cursor' ? 'cursor' : 'claude_code';
 function findLatestPlanInDir(plansDir: string): string | null {
   if (!existsSync(plansDir)) return null;
   try {
@@ -3656,7 +3804,7 @@ async function main() {
       let gradeResp: string;
       try {
-        gradeResp = await localGrade('plan', graderPrompt);
+        gradeResp = await localGrade('plan', graderPrompt, undefined, agentKind);
       } catch {
         outputJson({ systemMessage: tagStr + ' planReview \u2192 local grader unavailable, skipped' });
         return;
@@ -4147,13 +4295,26 @@ main();
 import {
   loadJwt, ensureFreshJwt, detectRepo, loadConfig, route, tag, localGrade,
   parseVerdict, dispatchCapture, dispatchFinding, ruleMode, normalizeMode, filterRules,
-  isSafeInRepoRead, runInstallScan, postWithRetry, readStdin,
+  isSafeInRepoRead, postWithRetry, readStdin, hashCommand,
   extractTranscript, readLastPrompt, readSessionLog, compressSessionLog,
   appendLocalTelemetry, logGraderUnavailable, log, GATEWAY_URL,
   type Rule,
 } from './_synkro-common.ts';
 import { createHash } from 'node:crypto';
-import { existsSync, statSync, writeFileSync, mkdirSync } from 'node:fs';
+import { existsSync, statSync, readFileSync, writeFileSync, mkdirSync, unlinkSync } from 'node:fs';
+import { join } from 'node:path';
+const SCAN_CACHE_DIR = (process.env.HOME || '/tmp') + '/.synkro/.scan-cache';
+function readCachedScan(command: string): any | null {
+  try {
+    const path = join(SCAN_CACHE_DIR, hashCommand(command));
+    if (!existsSync(path)) return null;
+    const data = JSON.parse(readFileSync(path, 'utf-8'));
+    unlinkSync(path);
+    return data;
+  } catch { return null; }
+}
 const DEDUP_DIR = process.env.HOME + '/.synkro/.dedup';
 const DEDUP_TTL_MS = 3000;
@@ -4282,33 +4443,16 @@ async function main() {
     const rt = await route(config);
     const tagStr = tag(rt, config);
-    // Install protection \u2014 scan packages before any npm/pip/cargo/etc. install.
-    // A block is handed to the grader as an authoritative concern so the
-    // normal ask + consent-carryover flow can let the user override it.
+    // Install protection \u2014 read cached scan from the install-scan hook.
     let scanConcern = '';
     let scanBlockContext = '';
     if (SHELL_TOOL_NAMES.has(toolName)) {
-      const scan = await runInstallScan(command, jwt);
-      if (scan.action === 'block') {
-        for (const f of scan.findings) {
-          dispatchFinding(jwt, {
-            session_id: sessionId, file_path: command,
-            finding_type: 'cve' as const, finding_id: f.advisoryId + ':' + f.name,
-            severity: f.severity, status: 'open', detail: f.detail,
-            package_name: f.name, package_version: f.version,
-          }, config.captureDepth);
-        }
-        dispatchCapture(jwt, 'pkg', 'block', 'critical', 'security',
-          'Bash', repo, sessionId, config.captureDepth, {
-            command, reasoning: scan.blockContext.slice(0, 200),
-            violatedRules: scan.violatedIds, ccModel: model,
-          });
-        scanBlockContext = scan.blockContext;
+      const scan = readCachedScan(command);
+      if (scan && scan.action === 'block') {
+        scanBlockContext = scan.blockContext || '';
         scanConcern = 'PACKAGE SCANNER FLAG (authoritative \u2014 do NOT re-evaluate whether the vulnerability is real): '
-          + scan.blockContext
+          + scanBlockContext
           + ' For this concern you MUST return ok=false with rule_id "SYNKRO_PKGSCAN", rule_mode "ask", and the reason above \u2014 UNLESS the user has explicitly consented in this conversation to installing this despite the warning, in which case return ok=true.';
-      } else if (scan.scanned && scan.action === 'warn') {
-        log('bashGuard installScan warn: ' + scan.summary);
       }
     }
@@ -5664,8 +5808,6 @@ async function dockerInstall(opts = {}) {
     `127.0.0.1:${HOST_GRADER_PORT}:8929`,
     "-p",
     `127.0.0.1:${HOST_CWE_PORT}:8930`,
-    "-p",
-    `127.0.0.1:${HOST_PG_PORT}:5433`,
     "-v",
     `${PGDATA_PATH}:/data/pgdata`,
     "-v",
@@ -5894,7 +6036,7 @@ function checkPgdata() {
   if (!hasPgControl) return { healthy: false, details: "pg_control/global directory missing" };
   return { healthy: true, details: `${entries.length} entries, WAL present, no stale PID` };
 }
-var SYNKRO_DIR2, MCP_JWT_PATH, PGDATA_PATH, CLAUDE_HOST_STATE_DIR, CLAUDE_HOST_STATE_FILE, HOST_MCP_PORT, HOST_GRADER_PORT, HOST_CWE_PORT, HOST_PG_PORT, CONTAINER_NAME, DEFAULT_IMAGE, DockerInstallError, BACKUP_DIR;
+var SYNKRO_DIR2, MCP_JWT_PATH, PGDATA_PATH, CLAUDE_HOST_STATE_DIR, CLAUDE_HOST_STATE_FILE, HOST_MCP_PORT, HOST_GRADER_PORT, HOST_CWE_PORT, CONTAINER_NAME, DEFAULT_IMAGE, DockerInstallError, BACKUP_DIR;
 var init_dockerInstall = __esm({
   "cli/local-cc/dockerInstall.ts"() {
     "use strict";
@@ -5908,7 +6050,6 @@ var init_dockerInstall = __esm({
     HOST_MCP_PORT = parseInt(process.env.SYNKRO_HOST_MCP_PORT || "18931", 10);
     HOST_GRADER_PORT = parseInt(process.env.SYNKRO_HOST_GRADER_PORT || "18929", 10);
     HOST_CWE_PORT = parseInt(process.env.SYNKRO_HOST_CWE_PORT || "18930", 10);
-    HOST_PG_PORT = parseInt(process.env.SYNKRO_HOST_PG_PORT || "15433", 10);
     CONTAINER_NAME = "synkro-server";
     DEFAULT_IMAGE = "ghcr.io/synkro-sh/synkro-server:latest";
     DockerInstallError = class extends Error {
@@ -6424,6 +6565,7 @@ function writeHookScripts() {
   const userPromptSubmitScriptPath = join8(HOOKS_DIR, "cc-user-prompt-submit.ts");
   const commonScriptPath = join8(HOOKS_DIR, "_synkro-common.ts");
   const commonBashScriptPath = join8(HOOKS_DIR, "_synkro-common.sh");
+  const installScanScriptPath = join8(HOOKS_DIR, "cc-install-scan.ts");
   const cursorBashJudgePath = join8(HOOKS_DIR, "cursor-bash-judge.ts");
   const cursorEditCapturePath = join8(HOOKS_DIR, "cursor-edit-capture.ts");
   const mcpStdioProxyPath = join8(HOOKS_DIR, "mcp-stdio-proxy.ts");
@@ -6440,6 +6582,7 @@ function writeHookScripts() {
   writeFileSync7(userPromptSubmitScriptPath, USER_PROMPT_SUBMIT_TS, "utf-8");
   writeFileSync7(commonScriptPath, SYNKRO_COMMON_TS, "utf-8");
   writeFileSync7(commonBashScriptPath, SYNKRO_COMMON_SCRIPT, "utf-8");
+  writeFileSync7(installScanScriptPath, INSTALL_SCAN_TS, "utf-8");
   writeFileSync7(cursorBashJudgePath, CURSOR_BASH_JUDGE_TS, "utf-8");
   writeFileSync7(cursorEditCapturePath, CURSOR_EDIT_CAPTURE_TS, "utf-8");
   writeFileSync7(mcpStdioProxyPath, MCP_STDIO_PROXY_SRC, "utf-8");
@@ -6456,6 +6599,7 @@ function writeHookScripts() {
   chmodSync2(userPromptSubmitScriptPath, 493);
   chmodSync2(commonScriptPath, 493);
   chmodSync2(commonBashScriptPath, 493);
+  chmodSync2(installScanScriptPath, 493);
   chmodSync2(cursorBashJudgePath, 493);
   chmodSync2(cursorEditCapturePath, 493);
   chmodSync2(mcpStdioProxyPath, 493);
@@ -6471,6 +6615,7 @@ function writeHookScripts() {
     sessionStartScript: sessionStartScriptPath,
     transcriptSyncScript: transcriptSyncScriptPath,
     userPromptSubmitScript: userPromptSubmitScriptPath,
+    installScanScript: installScanScriptPath,
     cursorBashJudgeScript: cursorBashJudgePath,
     cursorEditCaptureScript: cursorEditCapturePath
   };
@@ -6504,7 +6649,7 @@ function writeConfigEnv(opts) {
     `SYNKRO_CREDENTIALS_PATH=${shellQuoteSingle(credsPath)}`,
     `SYNKRO_TIER=${shellQuoteSingle(safeTier)}`,
     `SYNKRO_INFERENCE=${shellQuoteSingle(safeInference)}`,
-    `SYNKRO_VERSION=${shellQuoteSingle("1.6.14")}`
+    `SYNKRO_VERSION=${shellQuoteSingle("1.6.16")}`
   ];
   if (safeSynkroBin) lines.push(`SYNKRO_CLI_BIN=${shellQuoteSingle(safeSynkroBin)}`);
   if (safeUserId) lines.push(`SYNKRO_USER_ID=${shellQuoteSingle(safeUserId)}`);
@@ -6746,6 +6891,7 @@ async function installCommand(opts = {}) {
         sessionStartScriptPath: scripts.sessionStartScript,
         transcriptSyncScriptPath: scripts.transcriptSyncScript,
         userPromptSubmitScriptPath: scripts.userPromptSubmitScript,
+        installScanScriptPath: scripts.installScanScript,
         skipTranscriptSync: !transcriptConsent
       });
       console.log(`Configured ${agent.name} hooks at ${agent.settingsPath}`);
@@ -6763,7 +6909,8 @@ async function installCommand(opts = {}) {
         stopSummaryScriptPath: scripts.stopSummaryScript,
         sessionStartScriptPath: scripts.sessionStartScript,
         userPromptSubmitScriptPath: scripts.userPromptSubmitScript,
-        transcriptSyncScriptPath: scripts.transcriptSyncScript
+        transcriptSyncScriptPath: scripts.transcriptSyncScript,
+        installScanScriptPath: scripts.installScanScript
       });
       console.log(`Configured ${agent.name} hooks at ${agent.settingsPath}`);
     }
@@ -9169,7 +9316,7 @@ var args = process.argv.slice(2);
 var cmd = args[0] || "";
 var subArgs = args.slice(1);
 function printVersion() {
-  console.log("1.6.14");
+  console.log("1.6.16");
 }
 function printHelp2() {
   console.log(`Synkro CLI \u2014 runtime safety for AI coding agents