@synkro-sh/cli 1.6.22 → 1.6.25

package/dist/bootstrap.js

@@ -389,6 +389,20 @@ function installCursorHooks(hooksJsonPath, config) {
     timeout: 10,
     matcher: "Shell|Bash|terminal|run_terminal_cmd|execute_command|delete_file"
   });
+  h.afterAgentThought = h.afterAgentThought ?? [];
+  h.afterAgentThought.push({
+    command: bunRunCmd(config.agentCaptureScriptPath),
+    timeout: 5,
+    failClosed: false,
+    [SYNKRO_MARKER2]: true
+  });
+  h.afterAgentResponse = h.afterAgentResponse ?? [];
+  h.afterAgentResponse.push({
+    command: bunRunCmd(config.agentCaptureScriptPath),
+    timeout: 5,
+    failClosed: false,
+    [SYNKRO_MARKER2]: true
+  });
   writeHooksFileAtomic(hooksJsonPath, file);
 }
 function uninstallCursorHooks(hooksJsonPath) {
@@ -431,7 +445,9 @@ var init_cursorHookConfig = __esm({
       "afterShellExecution",
       "preToolUse",
       "afterFileEdit",
-      "postToolUse"
+      "postToolUse",
+      "afterAgentThought",
+      "afterAgentResponse"
     ];
   }
 });
@@ -751,7 +767,7 @@ synkro_post_with_retry() {
 });
 
 // cli/installer/hookScriptsTs.ts
-var SYNKRO_COMMON_TS, EDIT_PRECHECK_TS, CWE_PRECHECK_TS, CVE_PRECHECK_TS, INSTALL_SCAN_TS, BASH_JUDGE_TS, AGENT_JUDGE_TS, PLAN_JUDGE_TS, STOP_SUMMARY_TS, SESSION_START_TS, BASH_FOLLOWUP_TS, TRANSCRIPT_SYNC_TS, USER_PROMPT_SUBMIT_TS, CURSOR_BASH_JUDGE_TS, CURSOR_EDIT_CAPTURE_TS;
+var SYNKRO_COMMON_TS, EDIT_PRECHECK_TS, CWE_PRECHECK_TS, CVE_PRECHECK_TS, INSTALL_SCAN_TS, BASH_JUDGE_TS, AGENT_JUDGE_TS, PLAN_JUDGE_TS, STOP_SUMMARY_TS, SESSION_START_TS, BASH_FOLLOWUP_TS, TRANSCRIPT_SYNC_TS, USER_PROMPT_SUBMIT_TS, CURSOR_BASH_JUDGE_TS, CURSOR_EDIT_CAPTURE_TS, CURSOR_AGENT_CAPTURE_TS;
 var init_hookScriptsTs = __esm({
   "cli/installer/hookScriptsTs.ts"() {
     "use strict";
@@ -1297,8 +1313,7 @@ export function ruleFilterText(action: string, userMessage?: string | null): str
   const act = (action || '').trim();
   if (!user) return act.slice(0, 4000);
   if (!act) return user.slice(0, 4000);
-  return (user + '
-' + act).slice(0, 4000);
+  return (user + '\\n' + act).slice(0, 4000);
 }
 
 export async function filterRules(commandText: string, allRules: Rule[]): Promise<Rule[]> {
@@ -1475,15 +1490,21 @@ export async function runInstallScan(command: string, jwt: string): Promise<Inst
         .flatMap((p: any) => (p.signals || []))
         .filter((s: any) => s.type === 'cve').length;
       const findings: InstallScanResult['findings'] = [];
+      const seenFindingKeys = new Set<string>();
       for (const p of pkgResults) {
         for (const s of (p.signals || [])) {
-          if (s.severity === 'critical' || s.severity === 'high') {
-            const advisoryMatch = (s.detail || '').match(/\\b(GHSA-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{4}|CVE-\\d{4}-\\d+)\\b/i);
-            findings.push({
-              advisoryId: advisoryMatch ? advisoryMatch[1] : s.type,
-              name: p.name, version: p.version, severity: s.severity, detail: s.detail,
-            });
-          }
+          const advisoryMatch = (s.detail || '').match(/\\b(GHSA-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{4}|CVE-\\d{4}-\\d+)\\b/i);
+          const advisoryId = advisoryMatch ? advisoryMatch[1] : (s.type === 'cve' ? 'pkg:' + p.name : (s.type || 'signal'));
+          const key = advisoryId + ':' + p.name + '@' + p.version;
+          if (seenFindingKeys.has(key)) continue;
+          seenFindingKeys.add(key);
+          findings.push({
+            advisoryId,
+            name: p.name,
+            version: p.version,
+            severity: s.severity || 'high',
+            detail: s.detail || summary,
+          });
         }
       }
       // Preview the top 5 detail lines; the headline carries the true total.
@@ -1742,11 +1763,13 @@ export function dispatchCapture(
     violatedRules?: string[];
     recentUserMessages?: string[];
     ccModel?: string;
+    linesAdded?: number;
+    linesRemoved?: number;
   },
 ): void {
   // Fire-and-forget
   const eventId = 'evt_' + Date.now() + '_' + process.pid;
-  const model = opts?.ccModel || 'unknown';
+  const model = normalizeCaptureModel(opts?.ccModel || 'unknown');
 
   const body: Record<string, any> = {
     capture_type: 'local_verdict',
@@ -1775,6 +1798,8 @@ export function dispatchCapture(
     if (opts.rulesChecked) localBody.rules_checked = opts.rulesChecked;
     if (opts.violatedRules) localBody.violated_rules = opts.violatedRules;
     if (opts.recentUserMessages) localBody.recent_user_messages = opts.recentUserMessages;
+    if (opts.linesAdded != null) localBody.lines_added = opts.linesAdded;
+    if (opts.linesRemoved != null) localBody.lines_removed = opts.linesRemoved;
   }
   appendLocalTelemetry(localBody);
 
@@ -1935,7 +1960,7 @@ export function reconstructContent(toolName: string, toolInput: any, filePath: s
     case 'apply_patch':
       return contentFromPatch(patchTextFromToolInput(toolInput));
     case 'Write':
-      return toolInput.content || '';
+      return toolInput.content || toolInput.contents || '';
     case 'edit_file':
     case 'reapply':
       return toolInput.content || toolInput.new_string || toolInput.code_edit || '';
@@ -2029,7 +2054,303 @@ export async function readStdin(): Promise<string> {
   return Buffer.concat(chunks).toString('utf-8');
 }
 
-// \u2500\u2500\u2500 Transcript Extraction \u2500\u2500\u2500
+// \u2500\u2500\u2500 Transcript path + message extraction (CC + Cursor) \u2500\u2500\u2500
+
+/** Cursor stores transcripts under ~/.cursor/projects/{slug}/agent-transcripts/ */
+export function cursorProjectSlug(workspaceRoot: string): string {
+  return workspaceRoot.replace(/^/+/, '').replace(/[^a-zA-Z0-9]+/g, '-').replace(/^-+|-+$/g, '');
+}
+
+/** Resolve transcript JSONL \u2014 payload field, CURSOR_TRANSCRIPT_PATH, or Cursor agent-transcripts dir. */
+export function resolveTranscriptPath(payload: Record<string, unknown>): string {
+  const explicit = typeof payload.transcript_path === 'string' ? payload.transcript_path.trim() : '';
+  if (explicit && existsSync(explicit)) return explicit;
+
+  const fromEnv = (process.env.CURSOR_TRANSCRIPT_PATH || '').trim();
+  if (fromEnv && existsSync(fromEnv)) return fromEnv;
+
+  if (!isCursorHookFormat()) return explicit || fromEnv || '';
+
+  const sessionId = hookSessionId(payload);
+  const workspaceRoots = Array.isArray(payload.workspace_roots)
+    ? (payload.workspace_roots as unknown[]).filter((r): r is string => typeof r === 'string')
+    : [];
+  const cwd = (typeof payload.cwd === 'string' && payload.cwd)
+    || workspaceRoots[0]
+    || (process.env.CURSOR_PROJECT_DIR || '');
+  if (!sessionId || !cwd) return explicit || fromEnv || '';
+
+  const base = join(HOME, '.cursor', 'projects', cursorProjectSlug(cwd), 'agent-transcripts');
+  const nested = join(base, sessionId, sessionId + '.jsonl');
+  if (existsSync(nested)) return nested;
+  if (existsSync(join(base, sessionId))) return nested;
+  const flat = join(base, sessionId + '.jsonl');
+  if (existsSync(flat)) return flat;
+
+  return explicit || fromEnv || '';
+}
+
+function transcriptEntryType(entry: Record<string, unknown>): string {
+  return String(entry.type || entry.role || '');
+}
+
+function transcriptContentBlock(entry: Record<string, unknown>): Record<string, unknown> | null {
+  const msg = entry.message as Record<string, unknown> | string | undefined;
+  const content = (msg && typeof msg === 'object' ? msg.content : undefined) ?? entry.content;
+  if (content && typeof content === 'object' && !Array.isArray(content)) {
+    return content as Record<string, unknown>;
+  }
+  return null;
+}
+
+function isProviderRedactedPlaceholder(text: string): boolean {
+  const t = text.trim();
+  if (!t) return false;
+  return t === '[REDACTED]' || /^\\[REDACTED\\](\\s*\\[REDACTED\\])*$/.test(t);
+}
+
+function extractContentBlockText(block: Record<string, unknown>): string {
+  const type = String(block.type || '');
+  if (type === 'text' && typeof block.text === 'string') return block.text;
+  if ((type === 'thinking' || type === 'redacted_thinking') && typeof block.thinking === 'string') {
+    return block.thinking;
+  }
+  if (type === 'tool_result') {
+    const c = block.content;
+    if (typeof c === 'string') return c;
+    if (Array.isArray(c)) {
+      return c.map((part: unknown) => {
+        if (typeof part === 'string') return part;
+        const p = part as Record<string, unknown>;
+        return typeof p.text === 'string' ? p.text : '';
+      }).filter(Boolean).join('\\n');
+    }
+    return '';
+  }
+  return '';
+}
+
+function thoughtOverlayPath(sessionId: string): string {
+  return join(HOME, '.synkro', 'sessions', sessionId, 'thought-overlay.jsonl');
+}
+
+/** Cursor afterAgentThought delivers full thinking; transcript JSONL stores [REDACTED]. Queue for transcript sync. */
+export function appendThoughtOverlay(sessionId: string, text: string): void {
+  const trimmed = text.trim();
+  if (!sessionId || !trimmed || isProviderRedactedPlaceholder(trimmed)) return;
+  const path = thoughtOverlayPath(sessionId);
+  mkdirSync(dirname(path), { recursive: true });
+  appendFileSync(path, JSON.stringify({ text: trimmed, ts: Date.now() }) + '\\n', 'utf-8');
+}
+
+function consumeThoughtOverlay(sessionId: string): string {
+  const path = thoughtOverlayPath(sessionId);
+  if (!existsSync(path)) return '';
+  try {
+    const lines = readFileSync(path, 'utf-8').split('\\n').filter(l => l.trim());
+    if (lines.length === 0) return '';
+    const first = JSON.parse(lines[0]) as { text?: string };
+    const rest = lines.slice(1).join('\\n');
+    if (rest.trim()) writeFileSync(path, rest + (rest.endsWith('\\n') ? '' : '\\n'), 'utf-8');
+    else unlinkSync(path);
+    const text = typeof first.text === 'string' ? first.text.trim() : '';
+    return text && !isProviderRedactedPlaceholder(text) ? text : '';
+  } catch {
+    return '';
+  }
+}
+
+/** Push a single conversation turn (used by Cursor afterAgentThought/afterAgentResponse hooks). */
+export async function pushConversationMessage(
+  sessionId: string,
+  role: 'user' | 'assistant',
+  content: string,
+  opts: { gitRepo?: string; patchRedacted?: boolean; seq?: number } = {},
+): Promise<boolean> {
+  const text = content.trim().slice(0, 8000);
+  if (!sessionId || !text || isProviderRedactedPlaceholder(text)) return false;
+
+  const mcpPort = process.env.SYNKRO_MCP_PORT || '18931';
+  let mcpToken = '';
+  try { mcpToken = readFileSync(join(HOME, '.synkro', '.mcp-jwt'), 'utf-8').trim(); } catch {}
+  if (!mcpToken) return false;
+
+  const seq = typeof opts.seq === 'number'
+    ? opts.seq
+    : Date.now() % 1_000_000_000;
+
+  try {
+    const body: Record<string, unknown> = {
+      session_id: sessionId,
+      repo: opts.gitRepo || '',
+      messages: [{
+        type: role,
+        content: text,
+        ts: new Date().toISOString(),
+        patch_redacted: opts.patchRedacted ?? true,
+      }],
+    };
+    if (!opts.patchRedacted) {
+      (body.messages as Record<string, unknown>[])[0].message_index = seq;
+    }
+    const resp = await fetch('http://127.0.0.1:' + mcpPort + '/api/conversation-sync', {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json', Authorization: 'Bearer ' + mcpToken },
+      body: JSON.stringify(body),
+      signal: AbortSignal.timeout(5000),
+    });
+    return resp.ok;
+  } catch {
+    return false;
+  }
+}
+
+function extractTranscriptEntryText(
+  entry: Record<string, unknown>,
+  maxLen = 8000,
+  sessionId = '',
+): string {
+  const block = transcriptContentBlock(entry);
+  if (block) {
+    const type = String(block.type || '');
+    if (type === 'tool_use' || type === 'tool_call') return '';
+    let text = extractContentBlockText(block);
+    if (isProviderRedactedPlaceholder(text) && sessionId) {
+      const overlay = consumeThoughtOverlay(sessionId);
+      if (overlay) text = overlay;
+    }
+    return text ? text.slice(0, maxLen) : '';
+  }
+
+  const msg = entry.message as Record<string, unknown> | string | undefined;
+  const content = (msg && typeof msg === 'object' ? msg.content : undefined) ?? entry.content;
+  if (typeof content === 'string') {
+    let text = content;
+    if (isProviderRedactedPlaceholder(text) && sessionId) {
+      const overlay = consumeThoughtOverlay(sessionId);
+      if (overlay) text = overlay;
+    }
+    return text ? text.slice(0, maxLen) : '';
+  }
+  if (Array.isArray(content)) {
+    const text = content.map((c: unknown) => {
+      if (typeof c === 'string') return c;
+      const b = c as Record<string, unknown>;
+      const type = String(b?.type || '');
+      if (type === 'tool_use' || type === 'tool_call') return '';
+      return extractContentBlockText(b);
+    }).filter(Boolean).join('\\n\\n').trim();
+    if (!text) return '';
+    if (isProviderRedactedPlaceholder(text) && sessionId) {
+      const overlay = consumeThoughtOverlay(sessionId);
+      if (overlay) return overlay.slice(0, maxLen);
+    }
+    return text.slice(0, maxLen);
+  }
+  if (typeof msg === 'string') return msg.slice(0, maxLen);
+  return '';
+}
+
+/** Offset-tracked ingest of new user/assistant turns into PGLite conversation_messages. */
+export async function syncConversationTranscript(
+  sessionId: string,
+  transcriptPath: string,
+  gitRepo = '',
+): Promise<{ ingested: number; messages: Array<Record<string, unknown>> }> {
+  if (!sessionId || !transcriptPath || !existsSync(transcriptPath)) return { ingested: 0, messages: [] };
+
+  const offsetDir = join(HOME, '.synkro', '.transcript-offsets');
+  mkdirSync(offsetDir, { recursive: true });
+  const offsetFile = join(offsetDir, sessionId);
+  let offset = 0;
+  if (existsSync(offsetFile)) {
+    try { offset = parseInt(readFileSync(offsetFile, 'utf-8').trim(), 10) || 0; } catch {}
+  }
+
+  const raw = readFileSync(transcriptPath, 'utf-8');
+  const allLines = raw.split('\\n').filter(l => l.trim());
+  const totalLines = allLines.length;
+  if (totalLines <= offset) return { ingested: 0, messages: [] };
+
+  let startIdx = offset;
+  const delta = totalLines - offset;
+  if (delta > 200) startIdx = totalLines - 200;
+
+  const messages: Array<Record<string, unknown>> = [];
+  for (let i = startIdx; i < totalLines; i++) {
+    try {
+      const entry = JSON.parse(allLines[i]) as Record<string, unknown>;
+      const kind = transcriptEntryType(entry);
+      if (kind !== 'user' && kind !== 'assistant') continue;
+      const text = extractTranscriptEntryText(entry, 8000, sessionId);
+      if (!text) continue;
+
+      const msgObj = entry.message as Record<string, unknown> | undefined;
+      const content = (msgObj && typeof msgObj === 'object' ? msgObj.content : undefined) ?? entry.content;
+      const singleBlock = transcriptContentBlock(entry);
+      const msg: Record<string, unknown> = {
+        message_index: i,
+        type: kind,
+        content: text,
+        ts: entry.timestamp || null,
+      };
+      if (kind === 'assistant') {
+        const blocks = Array.isArray(content)
+          ? content
+          : (singleBlock ? [singleBlock] : []);
+        const toolCalls = blocks
+          .filter((c: unknown) => {
+            const b = c as Record<string, unknown>;
+            return b?.type === 'tool_use' || b?.type === 'tool_call';
+          })
+          .map((c: unknown) => {
+            const b = c as Record<string, unknown>;
+            return {
+              name: b.name,
+              input: JSON.stringify(b.input || b.arguments || {}).slice(0, 500),
+              id: b.id,
+            };
+          });
+        if (toolCalls.length > 0) msg.tool_calls = toolCalls;
+        if (msgObj && typeof msgObj === 'object') {
+          msg.model = msgObj.model || null;
+          const u = msgObj.usage as Record<string, unknown> | undefined;
+          if (u) {
+            msg.usage = {
+              input_tokens: u.input_tokens,
+              output_tokens: u.output_tokens,
+              cache_creation_input_tokens: u.cache_creation_input_tokens,
+              cache_read_input_tokens: u.cache_read_input_tokens,
+            };
+          }
+        }
+      }
+      messages.push(msg);
+    } catch {}
+  }
+
+  writeFileSync(offsetFile, String(totalLines), 'utf-8');
+  if (messages.length === 0) return { ingested: 0, messages: [] };
+
+  const mcpPort = process.env.SYNKRO_MCP_PORT || '18931';
+  let mcpToken = '';
+  try { mcpToken = readFileSync(join(HOME, '.synkro', '.mcp-jwt'), 'utf-8').trim(); } catch {}
+  if (!mcpToken) return { ingested: 0, messages };
+
+  try {
+    const resp = await fetch('http://127.0.0.1:' + mcpPort + '/api/conversation-sync', {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json', Authorization: 'Bearer ' + mcpToken },
+      body: JSON.stringify({ session_id: sessionId, repo: gitRepo, messages }),
+      signal: AbortSignal.timeout(5000),
+    });
+    if (resp.ok) {
+      const data = await resp.json() as { ingested?: number };
+      return { ingested: data.ingested ?? messages.length, messages };
+    }
+  } catch {}
+  return { ingested: 0, messages };
+}
 
 export interface TranscriptContext {
   userIntent: string;
@@ -2068,11 +2389,8 @@ export function extractTranscript(transcriptPath: string | undefined): Transcrip
     // Recent user messages (last 5)
     const userMsgs: string[] = [];
     for (const entry of parsed) {
-      if (entry.type !== 'user') continue;
-      const content = entry.message?.content;
-      let text = '';
-      if (typeof content === 'string') text = content;
-      else if (Array.isArray(content)) text = content.map((c: any) => c.text || '').join(' ');
+      if (transcriptEntryType(entry) !== 'user') continue;
+      const text = extractTranscriptEntryText(entry);
       if (text) userMsgs.push(text);
     }
     ctx.recentUserMessages = userMsgs.slice(-5);
@@ -2081,26 +2399,25 @@ export function extractTranscript(transcriptPath: string | undefined): Transcrip
     // Recent messages (last 10, user + assistant)
     const msgs: Array<{ type: string; text: string }> = [];
     for (const entry of parsed) {
-      if (entry.type !== 'user' && entry.type !== 'assistant') continue;
-      const content = entry.message?.content;
-      let text = '';
-      if (typeof content === 'string') text = content.slice(0, 500);
-      else if (Array.isArray(content)) text = content.map((c: any) => (c.text || '').slice(0, 300)).join(' ');
-      msgs.push({ type: entry.type, text });
+      const kind = transcriptEntryType(entry);
+      if (kind !== 'user' && kind !== 'assistant') continue;
+      const text = extractTranscriptEntryText(entry, 500);
+      if (text) msgs.push({ type: kind, text });
     }
     ctx.recentMessages = msgs.slice(-10);
 
     // Recent tool calls (last 5)
     const actions: Array<{ tool: string; input: string }> = [];
     for (const entry of parsed) {
-      if (entry.type !== 'assistant') continue;
-      const content = entry.message?.content;
+      if (transcriptEntryType(entry) !== 'assistant') continue;
+      const msg = entry.message;
+      const content = msg?.content ?? entry.content;
       if (!Array.isArray(content)) continue;
       for (const block of content) {
-        if (block.type !== 'tool_use') continue;
+        if (block.type !== 'tool_use' && block.type !== 'tool_call') continue;
         actions.push({
           tool: block.name || '',
-          input: JSON.stringify(block.input || {}).slice(0, 200),
+          input: JSON.stringify(block.input || block.arguments || {}).slice(0, 200),
         });
       }
     }
@@ -2114,7 +2431,7 @@ export function extractTranscript(transcriptPath: string | undefined): Transcrip
     }
 
     // CC model
-    const assistantEntries = parsed.filter(e => e.type === 'assistant');
+    const assistantEntries = parsed.filter(e => transcriptEntryType(e) === 'assistant');
     if (assistantEntries.length > 0) {
       const last = assistantEntries[assistantEntries.length - 1];
       ctx.ccModel = last.message?.model || '';
@@ -2209,39 +2526,254 @@ export function hashCommand(cmd: string): string {
   return createHash('sha256').update(cmd).digest('hex').slice(0, 16);
 }
 
-// \u2500\u2500\u2500 Transcript Usage Aggregation \u2500\u2500\u2500
+// \u2500\u2500\u2500 Edit line delta + transcript usage \u2500\u2500\u2500
+
+export function countTextLines(text: string): number {
+  if (!text) return 0;
+  return text.split('\\n').length;
+}
+
+/** Count lines added/removed from a write, search-replace, or multi-edit payload. */
+export function countEditLineDelta(source: {
+  writeContent?: string;
+  /** When set, Write counts net delta vs the file on disk instead of full file length. */
+  existingContent?: string;
+  old_string?: string;
+  new_string?: string;
+  edits?: Array<{ old_string?: string; new_string?: string }>;
+}): { linesAdded: number; linesRemoved: number } {
+  let linesAdded = 0;
+  let linesRemoved = 0;
+  if (source.writeContent != null && source.writeContent !== '') {
+    const newLines = countTextLines(String(source.writeContent));
+    if (source.existingContent != null && source.existingContent !== '') {
+      const oldLines = countTextLines(String(source.existingContent));
+      return {
+        linesAdded: Math.max(0, newLines - oldLines),
+        linesRemoved: Math.max(0, oldLines - newLines),
+      };
+    }
+    return { linesAdded: newLines, linesRemoved: 0 };
+  }
+  if (source.old_string != null && source.new_string != null) {
+    const oldLines = countTextLines(String(source.old_string));
+    const newLines = countTextLines(String(source.new_string));
+    return {
+      linesAdded: Math.max(0, newLines - oldLines),
+      linesRemoved: Math.max(0, oldLines - newLines),
+    };
+  }
+  if (Array.isArray(source.edits)) {
+    for (const e of source.edits) {
+      if (!e || typeof e !== 'object') continue;
+      const oldLines = countTextLines(String(e.old_string || ''));
+      const newLines = countTextLines(String(e.new_string || ''));
+      linesAdded += Math.max(0, newLines - oldLines);
+      linesRemoved += Math.max(0, oldLines - newLines);
+    }
+  }
+  return { linesAdded, linesRemoved };
+}
+
+/** Normalize model names so the same Cursor session doesn't split across agent buckets. */
+export function normalizeCaptureModel(model: string): string {
+  const m = (model || '').trim();
+  if (!m || m === 'unknown') return 'unknown';
+  if (m.startsWith('cursor/') || m.startsWith('claude-') || m.startsWith('gpt-') || m.startsWith('gemini-')) return m;
+  if (/^composer/i.test(m) || m === 'auto' || m === 'default') return 'cursor/' + m;
+  return m;
+}
 
-export function aggregateUsage(transcriptPath: string): { model: string; totals: Record<string, number> } {
-  const result = { model: '', totals: { in: 0, out: 0, cw: 0, cr: 0 } };
+/** Line metrics for guard_checks \u2014 Cursor Edit/StrReplace post deltas via afterFileEdit. */
+export function captureLineMetrics(
+  agentKind: 'cursor' | 'claude_code',
+  toolName: string,
+  linesAdded: number,
+  linesRemoved: number,
+): { linesAdded?: number; linesRemoved?: number } {
+  if (agentKind === 'cursor' && toolName !== 'Write') return {};
+  return { linesAdded, linesRemoved };
+}
+
+function usageTextFromTranscriptEntry(entry: Record<string, unknown>): string {
+  const msg = entry.message as Record<string, unknown> | undefined;
+  const content = (msg && typeof msg === 'object' ? msg.content : undefined) ?? entry.content;
+  if (typeof content === 'string') return content;
+  if (content && typeof content === 'object' && !Array.isArray(content)) {
+    const block = content as Record<string, unknown>;
+    if (block.type === 'text' && typeof block.text === 'string') return block.text;
+    if (typeof block.text === 'string') return block.text;
+    return '';
+  }
+  if (!Array.isArray(content)) return '';
+  return content.map((c: unknown) => {
+    if (typeof c === 'string') return c;
+    const b = c as Record<string, unknown>;
+    if (b?.type === 'text' && typeof b.text === 'string') return b.text;
+    if (typeof b?.text === 'string') return b.text;
+    if (b?.type === 'tool_use' || b?.type === 'tool_call') {
+      return JSON.stringify(b.input || b.arguments || {});
+    }
+    return '';
+  }).join('\\n');
+}
+
+function addUsageBlock(
+  result: { model: string; totals: Record<string, number> },
+  u: Record<string, unknown> | null | undefined,
+): boolean {
+  if (!u) return false;
+  const inp = Number(u.input_tokens ?? u.inputTokens ?? 0) || 0;
+  const out = Number(u.output_tokens ?? u.outputTokens ?? 0) || 0;
+  const cw = Number(u.cache_creation_input_tokens ?? u.cacheCreationInputTokens ?? 0) || 0;
+  const cr = Number(u.cache_read_input_tokens ?? u.cacheReadInputTokens ?? 0) || 0;
+  if (inp + out + cw + cr <= 0) return false;
+  result.totals.in += inp;
+  result.totals.out += out;
+  result.totals.cw += cw;
+  result.totals.cr += cr;
+  return true;
+}
+
+function msgModel(entry: Record<string, unknown>): string {
+  const msg = entry.message as Record<string, unknown> | undefined;
+  return typeof msg?.model === 'string' ? msg.model : '';
+}
+
+/** Sum token usage from CC or Cursor agent-transcript JSONL. */
+export function aggregateUsage(
+  transcriptPath: string,
+  opts?: { modelFallback?: string },
+): { model: string; totals: Record<string, number> } {
+  const result = { model: opts?.modelFallback || '', totals: { in: 0, out: 0, cw: 0, cr: 0 } };
   if (!transcriptPath || !existsSync(transcriptPath)) return result;
   try {
     const raw = readFileSync(transcriptPath, 'utf-8');
-    const lines = raw.split('\\n').filter(l => l.trim());
-    for (const line of lines) {
-      try {
-        const entry = JSON.parse(line);
-        if (entry.type !== 'assistant') continue;
-        result.model = entry.message?.model || result.model;
-        const u = entry.message?.usage;
-        if (u) {
-          result.totals.in += u.input_tokens || 0;
-          result.totals.out += u.output_tokens || 0;
-          result.totals.cw += u.cache_creation_input_tokens || 0;
-          result.totals.cr += u.cache_read_input_tokens || 0;
-        }
-      } catch {}
+    const entries: Record<string, unknown>[] = [];
+    for (const line of raw.split('\\n')) {
+      if (!line.trim()) continue;
+      try { entries.push(JSON.parse(line) as Record<string, unknown>); } catch {}
+    }
+
+    let sawExplicit = false;
+    for (const entry of entries) {
+      const tokenCount = (entry.tokenCount ?? entry.token_count) as Record<string, unknown> | undefined;
+      const msg = entry.message as Record<string, unknown> | undefined;
+      if (addUsageBlock({ model: '', totals: { in: 0, out: 0, cw: 0, cr: 0 } }, tokenCount)) sawExplicit = true;
+      if (addUsageBlock({ model: '', totals: { in: 0, out: 0, cw: 0, cr: 0 } }, msg?.usage as Record<string, unknown>)) sawExplicit = true;
+      if (addUsageBlock({ model: '', totals: { in: 0, out: 0, cw: 0, cr: 0 } }, entry.usage as Record<string, unknown>)) sawExplicit = true;
+    }
+
+    for (const entry of entries) {
+      const role = String(entry.role || entry.type || '');
+      const modelInfo = entry.modelInfo as Record<string, unknown> | undefined;
+      const model = (typeof modelInfo?.modelName === 'string' && modelInfo.modelName)
+        || (typeof modelInfo?.model === 'string' && modelInfo.model)
+        || (typeof entry.model === 'string' && entry.model)
+        || msgModel(entry);
+      if (model) result.model = model;
+
+      const tokenCount = (entry.tokenCount ?? entry.token_count) as Record<string, unknown> | undefined;
+      const msg = entry.message as Record<string, unknown> | undefined;
+      const hadLine = addUsageBlock(result, tokenCount)
+        || addUsageBlock(result, msg?.usage as Record<string, unknown>)
+        || addUsageBlock(result, entry.usage as Record<string, unknown>);
+
+      if (hadLine || sawExplicit) continue;
+
+      const text = usageTextFromTranscriptEntry(entry);
+      if (!text) continue;
+      const est = Math.ceil(text.length / 4);
+      if (role === 'user' || entry.type === 'user') result.totals.in += est;
+      else if (role === 'assistant' || entry.type === 'assistant') result.totals.out += est;
     }
   } catch {}
   return result;
 }
 
+/** Emit a usage_tick telemetry row when transcript usage is non-zero. */
+export function emitUsageTick(params: {
+  sessionId: string;
+  usage: { model: string; totals: Record<string, number> };
+  hookType: string;
+  gitRepo?: string;
+  modelFallback?: string;
+}): void {
+  const { sessionId, usage, hookType, gitRepo, modelFallback } = params;
+  if (!sessionId || usage.totals.in + usage.totals.out <= 0) return;
+  let model = usage.model || modelFallback || 'unknown';
+  if (modelFallback && !usage.model) model = modelFallback;
+  if (isCursorHookFormat() && model && !model.startsWith('cursor/') && model !== 'cursor') {
+    model = 'cursor/' + model;
+  }
+  appendLocalTelemetry({
+    capture_type: 'usage_tick',
+    event_id: 'usage_' + Date.now() + '_' + process.pid,
+    hook_type: hookType,
+    verdict: 'allow',
+    severity: 'none',
+    session_id: sessionId,
+    model,
+    cc_model: model,
+    cc_usage: {
+      input_tokens: usage.totals.in,
+      output_tokens: usage.totals.out,
+      cache_creation_input_tokens: usage.totals.cw,
+      cache_read_input_tokens: usage.totals.cr,
+    },
+    ...(gitRepo ? { repo: gitRepo } : {}),
+  });
+}
+
+export function cursorModelFromPayload(payload: Record<string, unknown>): string {
+  const rawModel = String(payload.model ?? payload.model_id ?? '');
+  if (!rawModel) return 'cursor';
+  return rawModel.startsWith('cursor/') ? rawModel : 'cursor/' + rawModel;
+}
+
 // \u2500\u2500\u2500 Scan Finding Dispatch \u2500\u2500\u2500
 
+export type ScanFindingInput = {
+  finding_type: 'cwe' | 'cve';
+  finding_id: string;
+  severity?: string;
+  detail?: string;
+  description?: string;
+  package_name?: string;
+  package_version?: string;
+  fixed_version?: string;
+  aliases?: string[];
+  references?: Array<{ type: string; url: string }>;
+  cwe_name?: string;
+};
+
+/** Persist open scan_findings rows for a block and flush the telemetry spool. */
+export function emitBlockScanFindings(
+  jwt: string,
+  captureDepth: string,
+  ctx: { session_id: string; file_path: string; repo?: string },
+  findings: ScanFindingInput[],
+  fallback?: ScanFindingInput,
+): void {
+  const rows = findings.length > 0 ? findings : (fallback ? [fallback] : []);
+  for (const f of rows) {
+    dispatchFinding(jwt, {
+      session_id: ctx.session_id,
+      file_path: ctx.file_path,
+      repo: ctx.repo,
+      status: 'open',
+      ...f,
+    }, captureDepth);
+  }
+  if (rows.length > 0) drainSpool().catch(() => {});
+}
+
 export function dispatchFinding(
   jwt: string,
   finding: {
     session_id: string;
     file_path: string;
+    repo?: string;
     finding_type: 'cwe' | 'cve';
     finding_id: string;
     severity?: string;
@@ -2271,6 +2803,7 @@ export function dispatchFinding(
     status: finding.status,
     session_id: finding.session_id,
     file_path: finding.file_path,
+    repo: finding.repo,
     package_name: finding.package_name,
     package_version: finding.package_version,
     fixed_version: finding.fixed_version,
@@ -2412,11 +2945,12 @@ import {
   readStdin, extractTranscript, readLastPrompt, findNearestDeps, filePathFromToolInput,
   appendSessionAction, readSessionLog, compressSessionLog, log,
   outputJson, outputEmpty, setupCursorHookSignals, isEditTool, hookSessionId, GATEWAY_URL,
-  logGraderUnavailable, filterRules, ruleFilterText, normalizeMode,
+  logGraderUnavailable, filterRules, ruleFilterText, normalizeMode, countEditLineDelta,
+  captureLineMetrics, cursorModelFromPayload,
   type HookConfig, type Rule,
 } from './_synkro-common.ts';
 import { existsSync, readFileSync } from 'node:fs';
-import { basename, dirname, join } from 'node:path';
+import { basename, join } from 'node:path';
 
 const agentKind = process.env.SYNKRO_HOOK_FORMAT === 'cursor' ? 'cursor' : 'claude_code';
 
@@ -2439,7 +2973,7 @@ async function main() {
     const workspaceRoots = Array.isArray(payload.workspace_roots) ? payload.workspace_roots as string[] : [];
     const cwd = payload.cwd || workspaceRoots[0] || '';
     const permissionMode = payload.permission_mode || '';
-    const transcriptPath = payload.transcript_path || '';
+    const transcriptPath = resolveTranscriptPath(payload);
 
     const filePath = filePathFromToolInput(toolInput);
     if (!filePath) { outputEmpty(); return; }
@@ -2470,21 +3004,44 @@ async function main() {
       if (toolInput.edits != null) diffField.edits = toolInput.edits;
     }
 
+    const fullPath = filePath.startsWith('/') ? filePath : (cwd ? join(cwd, filePath) : filePath);
+    let existingContent = '';
+    if (toolName === 'Write' && existsSync(fullPath)) {
+      try { existingContent = readFileSync(fullPath, 'utf-8'); } catch {}
+    }
+
+    // Compute lines added/removed (Write = net delta vs file on disk)
+    const { linesAdded, linesRemoved } = countEditLineDelta(
+      toolName === 'Write'
+        ? {
+            writeContent: toolInput.content || toolInput.contents || '',
+            existingContent,
+          }
+        : {
+            old_string: toolInput.old_string,
+            new_string: toolInput.new_string,
+            edits: Array.isArray(toolInput.edits) ? toolInput.edits : undefined,
+          },
+    );
+    const lineMetrics = captureLineMetrics(agentKind, toolName, linesAdded, linesRemoved);
+
     // Read file before edit for cloud payload
     let fileBefore = '';
-    if (toolName !== 'Write' && filePath && isPathUnder(filePath, cwd || '.') && existsSync(filePath)) {
-      try { fileBefore = readFileSync(filePath, 'utf-8').slice(0, 65536); } catch {}
+    if (toolName !== 'Write' && filePath && isPathUnder(filePath, cwd || '.') && existsSync(fullPath)) {
+      try { fileBefore = readFileSync(fullPath, 'utf-8').slice(0, 65536); } catch {}
     }
 
     // Extract transcript context
     const transcript = extractTranscript(transcriptPath);
     const lastPrompt = readLastPrompt(sessionId);
 
+    const captureModel = agentKind === 'cursor'
+      ? cursorModelFromPayload(payload)
+      : (transcript.ccModel || String(payload.model ?? payload.model_id ?? ''));
+
     // Model detection: prefer transcript (CC), fall back to payload (Cursor)
     if (!transcript.ccModel) {
-      const rawModel = String(payload.model ?? payload.model_id ?? '');
-      const KNOWN_MODELS = new Set(['gpt-4', 'gpt-4o', 'gpt-4.1', 'gpt-5', 'o1', 'o3', 'o4-mini', 'claude-sonnet-4-5', 'claude-opus-4-5', 'sonnet-4', 'sonnet-4-thinking', 'gemini-2.5-pro', 'gemini-2.5-flash']);
-      transcript.ccModel = rawModel ? (KNOWN_MODELS.has(rawModel) || rawModel.startsWith('claude-') || rawModel.startsWith('gpt-') || rawModel.startsWith('gemini-') || rawModel.startsWith('o1') || rawModel.startsWith('o3') ? rawModel : 'cursor/' + rawModel) : (agentKind === 'cursor' ? 'cursor' : '');
+      transcript.ccModel = captureModel;
     }
 
     // Load config and decide route
@@ -2543,8 +3100,8 @@ async function main() {
         dispatchCapture(jwt, 'edit', 'block', verdict.severity || 'critical', verdict.category || 'security',
           toolName, gitRepo, sessionId, config.captureDepth, {
             command: editContent, reasoning: guardReason,
-            rulesChecked: config.rules, violatedRules,
-            ccModel: transcript.ccModel,
+            rulesChecked: relevantRules, violatedRules,
+            ccModel: captureModel, ...lineMetrics,
           });
         outputJson({
           systemMessage: tagStr + ' editGuard ' + fileShort + ' \u2192 blocked: ' + guardReason,
@@ -2557,8 +3114,8 @@ async function main() {
       dispatchCapture(jwt, 'edit', 'pass', 'clean', verdict.category || 'trivial_edit',
         toolName, gitRepo, sessionId, config.captureDepth, {
           command: editContent, reasoning: verdict.reason || 'no policy violations detected',
-          rulesChecked: config.rules, violatedRules: [],
-          ccModel: transcript.ccModel,
+          rulesChecked: relevantRules, violatedRules: [],
+          ccModel: captureModel, ...lineMetrics,
         });
       const passLine = tagStr + ' editGuard ' + fileShort + ' \u2192 pass: ' + (verdict.reason || 'no policy violations detected');
       outputJson({ systemMessage: passLine, hookSpecificOutput: { hookEventName: 'PreToolUse', additionalContext: 'Synkro local edit judge. ' + (verdict.reason || 'no policy violations detected') } });
@@ -2637,7 +3194,7 @@ main();
 import {
   loadJwt, ensureFreshJwt, detectRepo, loadConfig, cweRoute, tag,
   localGradeCwe, parseVerdict, reconstructContent, readStdin, log,
-  outputJson, outputEmpty, setupCursorHookSignals, isEditTool, hookSessionId, filePathFromToolInput, dispatchFinding, dispatchCapture, GATEWAY_URL,
+  outputJson, outputEmpty, setupCursorHookSignals, isEditTool, hookSessionId, filePathFromToolInput, emitBlockScanFindings, dispatchFinding, dispatchCapture, GATEWAY_URL,
   logGraderUnavailable,
 } from './_synkro-common.ts';
 import { basename, extname, resolve, join, dirname } from 'node:path';
@@ -2645,6 +3202,12 @@ import { readFileSync, readdirSync, existsSync } from 'node:fs';
 
 const agentKind = process.env.SYNKRO_HOOK_FORMAT === 'cursor' ? 'cursor' : 'claude_code';
 
+function detectModel(payload: Record<string, unknown>): string {
+  const raw = String(payload.model ?? payload.model_id ?? '');
+  if (agentKind === 'cursor') return raw ? (raw.startsWith('cursor/') ? raw : 'cursor/' + raw) : 'cursor';
+  return raw || '';
+}
+
 interface PackageCapability {
   name: string;
   description: string;
@@ -2768,11 +3331,12 @@ async function main() {
     const sessionId = hookSessionId(payload);
     const workspaceRoots = Array.isArray(payload.workspace_roots) ? payload.workspace_roots as string[] : [];
     const cwd = payload.cwd || workspaceRoots[0] || '';
-    const transcriptPath = payload.transcript_path || '';
+    const transcriptPath = resolveTranscriptPath(payload);
 
     const filePath = filePathFromToolInput(toolInput);
     if (!filePath) { outputEmpty(); return; }
     const gitRepo = detectRepo(cwd, transcriptPath, filePath, workspaceRoots);
+    const ccModel = detectModel(payload);
 
     if (filePath.includes('/.synkro/hooks/')) { outputEmpty(); return; }
 
@@ -2982,24 +3546,31 @@ async function main() {
         const fixHint = fixLines.length > 0 ? '\n' + fixLines.join('\n') : '';
         const ctx = 'CWE: ' + denyDetail + fixHint + '\nFix all issues before retrying. Do NOT ask the user to make the edit manually — resolve the weakness in code yourself.';
 
-        for (const cweId of activeCweIds) {
-          dispatchFinding(jwt, {
-            session_id: sessionId,
-            file_path: filePath,
-            finding_type: 'cwe',
+        emitBlockScanFindings(
+          jwt,
+          config.captureDepth,
+          { session_id: sessionId, file_path: filePath, repo: gitRepo || undefined },
+          activeCweIds.map((cweId) => ({
+            finding_type: 'cwe' as const,
             finding_id: cweId,
             severity: verdict.severity || 'high',
-            status: 'open',
             detail: verdict.reason || 'code weakness detected',
             cwe_name: cweNameMap.get(cweId.toUpperCase()) || undefined,
-          }, config.captureDepth);
-        }
+          })),
+          {
+            finding_type: 'cwe',
+            finding_id: activeCweIds[0] || 'CWE-UNKNOWN',
+            severity: verdict.severity || 'high',
+            detail: verdict.reason || denyDetail,
+          },
+        );
 
         dispatchCapture(jwt, 'cwe', 'block', verdict.severity || 'high', verdict.category || 'security',
           toolName, gitRepo, sessionId, config.captureDepth, {
             command: 'edit ' + filePath,
             reasoning: denyDetail,
             violatedRules: activeCweIds,
+            ccModel,
           });
 
         outputJson({
@@ -3077,25 +3648,34 @@ async function main() {
       const denyDetail = '[' + displayIds + '] ' + (findings[0]?.reason || 'code weakness detected');
       const ctx = 'CWE: ' + denyDetail + fixHint + '\nFix all issues before retrying. Do NOT ask the user to make the edit manually \u2014 resolve the weakness in code yourself.';
 
-      for (const cweId of activeCweIds) {
-        const f = findings.find((x: any) => x.cwe === cweId);
-        dispatchFinding(jwt, {
-          session_id: sessionId,
-          file_path: filePath,
+      emitBlockScanFindings(
+        jwt,
+        config.captureDepth,
+        { session_id: sessionId, file_path: filePath, repo: gitRepo || undefined },
+        activeCweIds.map((cweId) => {
+          const f = findings.find((x: any) => x.cwe === cweId);
+          return {
+            finding_type: 'cwe' as const,
+            finding_id: cweId,
+            severity: f?.severity || 'high',
+            detail: f?.reason || 'code weakness detected',
+            cwe_name: f?.name || undefined,
+          };
+        }),
+        {
           finding_type: 'cwe',
-          finding_id: cweId,
-          severity: f?.severity || 'high',
-          status: 'open',
-          detail: f?.reason || 'code weakness detected',
-          cwe_name: f?.name || undefined,
-        }, config.captureDepth);
-      }
+          finding_id: activeCweIds[0] || 'CWE-UNKNOWN',
+          severity: findings[0]?.severity || 'high',
+          detail: denyDetail,
+        },
+      );
 
       dispatchCapture(jwt, 'cwe', 'block', findings[0]?.severity || 'high', 'security',
         toolName, gitRepo, sessionId, config.captureDepth, {
           command: 'edit ' + filePath,
           reasoning: denyDetail,
           violatedRules: activeCweIds,
+          ccModel,
         });
 
       outputJson({
@@ -3127,9 +3707,10 @@ main();
 import {
   loadJwt, ensureFreshJwt, detectRepo, loadConfig, route, tag,
   reconstructContent, readStdin, findNearestDeps, filePathFromToolInput, log,
-  outputJson, outputEmpty, setupCursorHookSignals, isEditTool, hookSessionId, dispatchFinding, dispatchCapture, GATEWAY_URL,
+  outputJson, outputEmpty, setupCursorHookSignals, isEditTool, hookSessionId, dispatchFinding, dispatchCapture, extractTranscript, emitBlockScanFindings, GATEWAY_URL,
 } from './_synkro-common.ts';
 import { basename } from 'node:path';
+import { readFileSync } from 'node:fs';
 
 const MANIFEST_NAMES = new Set([
   'package.json', 'requirements.txt', 'requirements-dev.txt', 'requirements-test.txt',
@@ -3161,7 +3742,7 @@ async function main() {
     const sessionId = hookSessionId(payload);
     const workspaceRoots = Array.isArray(payload.workspace_roots) ? payload.workspace_roots as string[] : [];
     const cwd = payload.cwd || workspaceRoots[0] || '';
-    const transcriptPath = payload.transcript_path || '';
+    const transcriptPath = resolveTranscriptPath(payload);
 
     const filePath = filePathFromToolInput(toolInput);
     if (!filePath) { outputEmpty(); return; }
@@ -3200,6 +3781,97 @@ async function main() {
       deps = findNearestDeps(filePath);
     }
 
+    // For package.json edits, diff the proposed content against the file on
+    // disk and scan only the added/upgraded packages. Catches the case the
+    // bash installScan misses: a bare \`pnpm install\` after a manifest bump
+    // arrives with no package tokens on the cmdline, so the install-time
+    // scanner has nothing to feed OSV. By gating at the edit, the install
+    // that follows is implicitly safe \u2014 there's nothing new to scan.
+    if (fileShort === 'package.json') {
+      try {
+        let currentContent = '';
+        try { currentContent = readFileSync(filePath, 'utf-8'); } catch {}
+        const extractMod: any = await import(new URL('./installExtractCore.ts', import.meta.url).href);
+        const deltaPkgs = extractMod.extractPackageJsonDelta(currentContent, proposed) as Array<{ name: string; version: string; ecosystem: string }>;
+        if (deltaPkgs.length > 0) {
+          const pkgScanResp = await fetch(GATEWAY_URL + '/api/v1/pkg-scan', {
+            method: 'POST',
+            headers: { 'Content-Type': 'application/json', Authorization: 'Bearer ' + jwt },
+            body: JSON.stringify({ command: 'edit ' + filePath, packages: deltaPkgs }),
+            signal: AbortSignal.timeout(8000),
+          }).then(r => r.json()).catch(() => null) as any;
+          const action = pkgScanResp?.action || 'allow';
+          if (action === 'block') {
+            const pkgResults = Array.isArray(pkgScanResp?.packages) ? pkgScanResp.packages : [];
+            const summary = pkgScanResp?.summary || (deltaPkgs.length + ' package(s) flagged');
+            const violatedIds: string[] = [];
+            const cveFindings: Array<{
+              finding_type: 'cve'; finding_id: string; severity?: string; detail?: string;
+              description?: string; package_name?: string; package_version?: string;
+              fixed_version?: string; aliases?: string[]; references?: Array<{ type: string; url: string }>;
+            }> = [];
+            for (const p of pkgResults) {
+              if (Array.isArray(p?.findings)) {
+                for (const f of p.findings) {
+                  const aliasCve = Array.isArray(f?.aliases) ? f.aliases.find((a: string) => a.startsWith('CVE-')) : null;
+                  const fid = aliasCve || f?.id || 'unknown';
+                  if (fid && !violatedIds.includes(fid)) violatedIds.push(fid);
+                  cveFindings.push({
+                    finding_type: 'cve',
+                    finding_id: fid,
+                    severity: f?.severity || 'high',
+                    detail: f?.summary || f?.title || 'vulnerable dependency',
+                    description: f?.details || undefined,
+                    package_name: p?.name,
+                    package_version: p?.version,
+                    fixed_version: f?.fixed || undefined,
+                    aliases: f?.aliases || undefined,
+                    references: f?.references || undefined,
+                  });
+                }
+              }
+            }
+            emitBlockScanFindings(
+              jwt,
+              config.captureDepth,
+              { session_id: sessionId, file_path: filePath, repo: gitRepo || undefined },
+              cveFindings,
+              {
+                finding_type: 'cve',
+                finding_id: violatedIds[0] || 'SYNKRO_PKGSCAN',
+                severity: 'critical',
+                detail: summary.slice(0, 500),
+                package_name: deltaPkgs[0]?.name,
+                package_version: deltaPkgs[0]?.version,
+              },
+            );
+            // Model name isn't in the PreToolUse payload \u2014 pull it from the
+            // transcript (last assistant entry's message.model). Matches what
+            // the bash judge does at capture time.
+            let ccModel: string | undefined = String(payload.model ?? payload.model_id ?? '') || undefined;
+            if (!ccModel && transcriptPath) {
+              try { ccModel = extractTranscript(transcriptPath).ccModel || undefined; } catch {}
+            }
+            dispatchCapture(jwt, 'pkg', 'block', 'critical', 'security',
+              toolName, gitRepo, sessionId, config.captureDepth, {
+                command: 'edit ' + filePath, reasoning: summary.slice(0, 200),
+                violatedRules: violatedIds,
+                ccModel,
+              });
+            const tagStr = '[synkro:' + rt + ':pkgScan]';
+            const denyReason = tagStr + ' BLOCKED: ' + summary + '\\nDo not write this version. Pick a fixed/safe version instead.';
+            outputJson({
+              systemMessage: denyReason,
+              hookSpecificOutput: { hookEventName: 'PreToolUse', permissionDecision: 'deny', permissionDecisionReason: denyReason, additionalContext: denyReason },
+            });
+            return;
+          }
+        }
+      } catch (err) {
+        log('pkgDeltaScan error: ' + String(err));
+      }
+    }
+
     // CVE scan via OSV API
     const cveBody = {
       file_path: filePath,
@@ -3223,15 +3895,12 @@ async function main() {
 
     const findings = Array.isArray(cveResp?.findings) ? cveResp.findings : [];
     if (findings.length > 0) {
-      for (const f of findings.slice(0, 10)) {
+      const cveRows = findings.slice(0, 10).map((f: any) => {
         const cveId = (f.aliases || []).find((a: string) => a.startsWith('CVE-')) || f.id || 'unknown';
-        dispatchFinding(jwt, {
-          session_id: sessionId,
-          file_path: filePath,
-          finding_type: 'cve',
+        return {
+          finding_type: 'cve' as const,
           finding_id: cveId,
           severity: f.severity || 'high',
-          status: 'open',
           detail: f.summary || f.title || 'vulnerable dependency',
           description: f.details || undefined,
           package_name: f.package || undefined,
@@ -3239,8 +3908,15 @@ async function main() {
           fixed_version: f.fixed || undefined,
           aliases: f.aliases || undefined,
           references: f.references || undefined,
-        }, config.captureDepth);
-      }
+        };
+      });
+      emitBlockScanFindings(
+        jwt,
+        config.captureDepth,
+        { session_id: sessionId, file_path: filePath, repo: gitRepo || undefined },
+        cveRows,
+        cveRows[0],
+      );
 
       const formatFinding = (f: any): string => {
         const id = (f.aliases || []).find((a: string) => a.startsWith('CVE-')) || f.id || '?';
@@ -3286,8 +3962,9 @@ main();
     INSTALL_SCAN_TS = `#!/usr/bin/env bun
 import {
   loadJwt, ensureFreshJwt, detectRepo, loadConfig, route, tag,
-  readStdin, runInstallScan, dispatchFinding, dispatchCapture, hashCommand,
+  readStdin, runInstallScan, emitBlockScanFindings, dispatchCapture, hashCommand,
   outputJson, outputEmpty, setupCursorHookSignals, isShellTool, hookSessionId, log, GATEWAY_URL,
+  resolveTranscriptPath, isCursorHookFormat,
 } from './_synkro-common.ts';
 import { writeFileSync, mkdirSync } from 'node:fs';
 import { join } from 'node:path';
@@ -3327,30 +4004,41 @@ async function main() {
     const sessionId = hookSessionId(payload);
     const workspaceRoots = Array.isArray(payload.workspace_roots) ? payload.workspace_roots as string[] : [];
     const cwd = payload.cwd || workspaceRoots[0] || '';
-    const transcriptPath = payload.transcript_path || '';
+    const transcriptPath = resolveTranscriptPath(payload);
     const repo = detectRepo(cwd, transcriptPath, command, workspaceRoots);
     const config = await loadConfig(jwt);
     const rt = await route(config);
     const tagStr = tag(rt, config);
 
     const rawModel = String(payload.model ?? payload.model_id ?? '');
-    const KNOWN_MODELS = new Set(['gpt-4', 'gpt-4o', 'gpt-4.1', 'gpt-5', 'o1', 'o3', 'o4-mini', 'claude-sonnet-4-5', 'claude-opus-4-5', 'sonnet-4', 'sonnet-4-thinking', 'gemini-2.5-pro', 'gemini-2.5-flash']);
-    const model = rawModel ? (KNOWN_MODELS.has(rawModel) || rawModel.startsWith('claude-') || rawModel.startsWith('gpt-') || rawModel.startsWith('gemini-') || rawModel.startsWith('o1') || rawModel.startsWith('o3') ? rawModel : 'cursor/' + rawModel) : '';
+    const isCursor = isCursorHookFormat();
+    const model = isCursor ? (rawModel ? (rawModel.startsWith('cursor/') ? rawModel : 'cursor/' + rawModel) : 'cursor') : (rawModel || '');
 
     if (scan.action === 'block') {
-      for (const f of scan.findings) {
-        dispatchFinding(jwt, {
-          session_id: sessionId,
-          file_path: command,
+      const pkgLabel = scan.scannedLabel || '';
+      const pkgName = pkgLabel.split('@')[0] || undefined;
+      const pkgVersion = pkgLabel.includes('@') ? pkgLabel.split('@').slice(1).join('@') : undefined;
+      emitBlockScanFindings(
+        jwt,
+        config.captureDepth,
+        { session_id: sessionId, file_path: command, repo: repo || undefined },
+        scan.findings.map((f) => ({
           finding_type: 'cve' as const,
           finding_id: f.advisoryId + ':' + f.name,
           severity: f.severity,
-          status: 'open',
           detail: f.detail,
           package_name: f.name,
           package_version: f.version,
-        }, config.captureDepth);
-      }
+        })),
+        {
+          finding_type: 'cve',
+          finding_id: 'SYNKRO_PKGSCAN',
+          severity: 'critical',
+          detail: scan.blockContext.slice(0, 500) || scan.summary || 'Blocked package install',
+          package_name: pkgName,
+          package_version: pkgVersion,
+        },
+      );
       dispatchCapture(jwt, 'pkg', 'block', 'critical', 'security',
         'Bash', repo, sessionId, config.captureDepth, {
           command, reasoning: scan.blockContext.slice(0, 200),
@@ -3443,7 +4131,7 @@ async function main() {
     const workspaceRoots = Array.isArray(payload.workspace_roots) ? payload.workspace_roots as string[] : [];
     const cwd = payload.cwd || workspaceRoots[0] || '';
     const permissionMode = payload.permission_mode || '';
-    const transcriptPath = payload.transcript_path || '';
+    const transcriptPath = resolveTranscriptPath(payload);
     const transcript = extractTranscript(transcriptPath);
 
     let command = '';
@@ -3513,20 +4201,20 @@ async function main() {
       return;
     }
 
-    // ─── Install protection: read cached scan from the install-scan hook ───
-    // The install-scan hook (INSTALL_SCAN_TS) runs before this hook, calls
-    // runInstallScan(), outputs its own system message, and caches the result.
-    // We just read the cache to feed scanConcern into the grader prompt so
-    // the consent-carryover flow works.
+    // ─── Install protection: install-scan runs first and owns block traces ───
     let scanConcern = '';
     let scanBlockContext = '';
     if (toolName === 'Bash') {
       const scan = readCachedScan(command);
-      if (scan && scan.action === 'block') {
-        scanBlockContext = scan.blockContext || '';
-        scanConcern = 'PACKAGE SCANNER FLAG (authoritative — do NOT re-evaluate whether the vulnerability is real): '
-          + scanBlockContext
-          + ' For this concern you MUST return ok=false with rule_id "SYNKRO_PKGSCAN", rule_mode "ask", and the reason above — UNLESS the user has explicitly consented in this conversation to installing this despite the warning, in which case return ok=true.';
+      if (scan?.action === 'block') {
+        log('bashGuard deferring to install-scan block: ' + cmdShort);
+        outputEmpty();
+        return;
+      }
+      if (scan?.action === 'warn') {
+        scanBlockContext = scan.blockContext || scan.summary || '';
+        scanConcern = 'PACKAGE SCANNER WARNING: ' + scanBlockContext
+          + ' Mention this to the user before proceeding.';
       }
     }
 
@@ -3591,7 +4279,7 @@ async function main() {
         });
         dispatchCapture(jwt, 'bash', 'block', verdict.severity || 'critical', verdict.category || 'security',
           toolName, gitRepo, sessionId, config.captureDepth, {
-            command, reasoning: guardReason, rulesChecked: config.rules, violatedRules,
+            command, reasoning: guardReason, rulesChecked: relevantRules, violatedRules,
             recentUserMessages: transcript.recentUserMessages, ccModel: transcript.ccModel,
           });
       } else {
@@ -3603,7 +4291,7 @@ async function main() {
         dispatchCapture(jwt, 'bash', 'pass', 'clean', verdict.category || 'trivial_utility',
           toolName, gitRepo, sessionId, config.captureDepth, {
             command, reasoning: verdict.reason || 'no policy violations detected',
-            rulesChecked: config.rules, violatedRules: [],
+            rulesChecked: relevantRules, violatedRules: [],
             recentUserMessages: transcript.recentUserMessages, ccModel: transcript.ccModel,
           });
       }
@@ -3701,7 +4389,7 @@ async function main() {
     const workspaceRoots = Array.isArray(payload.workspace_roots) ? payload.workspace_roots as string[] : [];
     const cwd = payload.cwd || workspaceRoots[0] || '';
     const permissionMode = payload.permission_mode || '';
-    const transcriptPath = payload.transcript_path || '';
+    const transcriptPath = resolveTranscriptPath(payload);
 
     const prompt = toolInput.prompt || '';
     const description = toolInput.description || '';
@@ -3724,8 +4412,11 @@ async function main() {
 
     if (!transcript.ccModel) {
       const rawModel = String(payload.model ?? payload.model_id ?? '');
-      const KNOWN_MODELS = new Set(['gpt-4', 'gpt-4o', 'gpt-4.1', 'gpt-5', 'o1', 'o3', 'o4-mini', 'claude-sonnet-4-5', 'claude-opus-4-5', 'sonnet-4', 'sonnet-4-thinking', 'gemini-2.5-pro', 'gemini-2.5-flash']);
-      transcript.ccModel = rawModel ? (KNOWN_MODELS.has(rawModel) || rawModel.startsWith('claude-') || rawModel.startsWith('gpt-') || rawModel.startsWith('gemini-') || rawModel.startsWith('o1') || rawModel.startsWith('o3') ? rawModel : 'cursor/' + rawModel) : (agentKind === 'cursor' ? 'cursor' : '');
+      if (agentKind === 'cursor') {
+        transcript.ccModel = rawModel ? (rawModel.startsWith('cursor/') ? rawModel : 'cursor/' + rawModel) : 'cursor';
+      } else {
+        transcript.ccModel = rawModel || '';
+      }
     }
 
     const config = await loadConfig(jwt);
@@ -3783,7 +4474,7 @@ async function main() {
         });
         dispatchCapture(jwt, 'agent', 'block', verdict.severity || 'critical', verdict.category || 'security',
           toolName, gitRepo, sessionId, config.captureDepth, {
-            command: agentContent, reasoning: guardReason, rulesChecked: config.rules, violatedRules,
+            command: agentContent, reasoning: guardReason, rulesChecked: relevantRules, violatedRules,
             recentUserMessages: transcript.recentUserMessages, ccModel: transcript.ccModel,
           });
       } else {
@@ -3792,7 +4483,7 @@ async function main() {
         dispatchCapture(jwt, 'agent', 'pass', 'clean', verdict.category || 'subagent_spawn',
           toolName, gitRepo, sessionId, config.captureDepth, {
             command: agentContent, reasoning: verdict.reason || 'no policy violations detected',
-            rulesChecked: config.rules, violatedRules: [],
+            rulesChecked: relevantRules, violatedRules: [],
             recentUserMessages: transcript.recentUserMessages, ccModel: transcript.ccModel,
           });
       }
@@ -3918,7 +4609,7 @@ async function main() {
     const sessionId = hookSessionId(payload);
     const workspaceRoots = Array.isArray(payload.workspace_roots) ? payload.workspace_roots as string[] : [];
     const cwd = payload.cwd || workspaceRoots[0] || '';
-    const transcriptPath = payload.transcript_path || '';
+    const transcriptPath = resolveTranscriptPath(payload);
     const gitRepo = detectRepo(cwd, transcriptPath, plan, workspaceRoots);
 
     appendSessionAction(sessionId, { ts: new Date().toISOString(), tool: 'ExitPlanMode', summary: 'plan review: ' + plan.slice(0, 80) });
@@ -3931,8 +4622,7 @@ async function main() {
     jwt = await ensureFreshJwt(jwt);
 
     const rawModel = String(payload.model ?? payload.model_id ?? '');
-    const KNOWN_MODELS = new Set(['gpt-4', 'gpt-4o', 'gpt-4.1', 'gpt-5', 'o1', 'o3', 'o4-mini', 'claude-sonnet-4-5', 'claude-opus-4-5', 'sonnet-4', 'sonnet-4-thinking', 'gemini-2.5-pro', 'gemini-2.5-flash']);
-    const ccModel = rawModel ? (KNOWN_MODELS.has(rawModel) || rawModel.startsWith('claude-') || rawModel.startsWith('gpt-') || rawModel.startsWith('gemini-') || rawModel.startsWith('o1') || rawModel.startsWith('o3') ? rawModel : 'cursor/' + rawModel) : (agentKind === 'cursor' ? 'cursor' : '');
+    const ccModel = agentKind === 'cursor' ? (rawModel ? (rawModel.startsWith('cursor/') ? rawModel : 'cursor/' + rawModel) : 'cursor') : (rawModel || '');
 
     const config = await loadConfig(jwt);
     const rt = await route(config);
@@ -3975,7 +4665,7 @@ async function main() {
         dispatchCapture(jwt, 'plan_review', 'advisory', verdict.severity || 'medium', verdict.category || 'general',
           'ExitPlanMode', gitRepo, sessionId, config.captureDepth, {
             command: planContent, reasoning: verdict.reason || 'check org rules',
-            rulesChecked: config.rules, violatedRules, ccModel: ccModel || undefined,
+            rulesChecked: relevantRules, violatedRules, ccModel: ccModel || undefined,
           });
       } else {
         const reviewMsg = verdict.reason || 'no relevant org rules for this plan';
@@ -3985,7 +4675,7 @@ async function main() {
         dispatchCapture(jwt, 'plan_review', 'clean', 'clean', verdict.category || 'general',
           'ExitPlanMode', gitRepo, sessionId, config.captureDepth, {
             command: planContent, reasoning: reviewMsg,
-            rulesChecked: config.rules, violatedRules: [], ccModel: ccModel || undefined,
+            rulesChecked: relevantRules, violatedRules: [], ccModel: ccModel || undefined,
           });
       }
       return;
@@ -4033,7 +4723,8 @@ main();
     STOP_SUMMARY_TS = `#!/usr/bin/env bun
 import {
   loadJwt, detectRepo, loadConfig, tag, readStdin, aggregateUsage, cleanupSessionLog,
-  outputJson, outputEmpty, appendLocalTelemetry, shipCloud, setupCursorHookSignals, hookSessionId, GATEWAY_URL,
+  outputJson, outputEmpty, shipCloud, setupCursorHookSignals, hookSessionId, GATEWAY_URL,
+  resolveTranscriptPath, emitUsageTick, cursorModelFromPayload, log,
 } from './_synkro-common.ts';
 
 async function main() {
@@ -4048,35 +4739,16 @@ async function main() {
 
     const workspaceRoots = Array.isArray(payload.workspace_roots) ? payload.workspace_roots as string[] : [];
     const cwd = payload.cwd || workspaceRoots[0] || '';
-    const transcriptPath = payload.transcript_path || '';
+    const transcriptPath = resolveTranscriptPath(payload);
     const gitRepo = detectRepo(cwd, transcriptPath, '', workspaceRoots);
+    const modelFallback = cursorModelFromPayload(payload);
 
     let jwt = loadJwt();
     if (!jwt) { outputEmpty(); return; }
 
     if (transcriptPath) {
-      const usage = aggregateUsage(transcriptPath);
-      if (usage.totals.in + usage.totals.out > 0) {
-        const usageBody = {
-          capture_type: 'usage_tick',
-          event_id: 'usage_' + Date.now() + '_' + process.pid,
-          hook_type: 'stop',
-          verdict: 'allow',
-          severity: 'none',
-          model: usage.model || 'unknown',
-          cc_model: usage.model || '',
-          cc_usage: {
-            input_tokens: usage.totals.in,
-            output_tokens: usage.totals.out,
-            cache_creation_input_tokens: usage.totals.cw,
-            cache_read_input_tokens: usage.totals.cr,
-          },
-          ...(gitRepo ? { repo: gitRepo } : {}),
-          ...(sessionId ? { session_id: sessionId } : {}),
-        };
-        appendLocalTelemetry(usageBody);
-        shipCloud(jwt, '/api/v1/hook/capture', usageBody);
-      }
+      const usage = aggregateUsage(transcriptPath, { modelFallback });
+      emitUsageTick({ sessionId, usage, hookType: 'session_end', gitRepo, modelFallback });
     }
 
     let resp: any;
@@ -4132,7 +4804,7 @@ async function main() {
     const payload = JSON.parse(input);
     const workspaceRoots = Array.isArray(payload.workspace_roots) ? payload.workspace_roots as string[] : [];
     const cwd = payload.cwd || workspaceRoots[0] || '';
-    const transcriptPath = payload.transcript_path || '';
+    const transcriptPath = resolveTranscriptPath(payload);
     const sessionId = hookSessionId(payload);
     const gitRepo = detectRepo(cwd, transcriptPath, '', workspaceRoots);
     if (gitRepo) writeCachedRepo(gitRepo);
@@ -4264,10 +4936,9 @@ main();
 import {
   loadJwt, detectRepo, readStdin, aggregateUsage, appendLocalTelemetry,
   outputEmpty, setupCursorHookSignals, hookSessionId, GATEWAY_URL, readSessionLog, shipCloud,
+  resolveTranscriptPath, syncConversationTranscript, emitUsageTick, cursorModelFromPayload,
 } from './_synkro-common.ts';
-import { existsSync, readFileSync, writeFileSync, mkdirSync } from 'node:fs';
-import { join, dirname } from 'node:path';
-import { homedir } from 'node:os';
+import { readFileSync } from 'node:fs';
 
 async function main() {
   setupCursorHookSignals();
@@ -4277,11 +4948,11 @@ async function main() {
 
     const payload = JSON.parse(input);
     const sessionId = hookSessionId(payload);
-    const transcriptPath = payload.transcript_path || '';
     const workspaceRoots = Array.isArray(payload.workspace_roots) ? payload.workspace_roots as string[] : [];
     const cwd = payload.cwd || workspaceRoots[0] || '';
+    const transcriptPath = resolveTranscriptPath(payload);
 
-    if (!sessionId || !transcriptPath || !existsSync(transcriptPath)) {
+    if (!sessionId || !transcriptPath) {
       outputEmpty();
       return;
     }
@@ -4289,104 +4960,21 @@ async function main() {
     const jwt = loadJwt();
     if (!jwt) { outputEmpty(); return; }
 
-    const usage = aggregateUsage(transcriptPath);
-    if (usage.totals.in + usage.totals.out > 0) {
-      const usageBody = {
-        capture_type: 'usage_tick',
-        event_id: 'usage_' + Date.now() + '_' + process.pid,
-        hook_type: 'stop',
-        verdict: 'allow',
-        severity: 'none',
-        model: usage.model || 'unknown',
-        cc_model: usage.model || '',
-        cc_usage: {
-          input_tokens: usage.totals.in,
-          output_tokens: usage.totals.out,
-          cache_creation_input_tokens: usage.totals.cw,
-          cache_read_input_tokens: usage.totals.cr,
-        },
-        session_id: sessionId,
-      };
-      appendLocalTelemetry(usageBody);
-      shipCloud(jwt, '/api/v1/hook/capture', usageBody);
-    }
+    const usage = aggregateUsage(transcriptPath, { modelFallback: cursorModelFromPayload(payload) });
+    emitUsageTick({
+      sessionId,
+      usage,
+      hookType: 'stop',
+      gitRepo: detectRepo(cwd, transcriptPath, '', workspaceRoots),
+      modelFallback: cursorModelFromPayload(payload),
+    });
 
-    // Transcript consent gates only CLOUD transmission. Local persistence \u2014
-    // this machine's own PGLite \u2014 is the same category as the local telemetry
-    // already captured for every command, so it always runs.
     const cloudConsent = process.env.SYNKRO_TRANSCRIPT_CONSENT !== 'no';
     const gitRepo = detectRepo(cwd, transcriptPath, '', workspaceRoots);
 
-    // Offset-tracked extraction of new user/assistant turns from the transcript.
-    const offsetDir = join(homedir(), '.synkro', '.transcript-offsets');
-    mkdirSync(offsetDir, { recursive: true });
-    const offsetFile = join(offsetDir, sessionId);
-    let offset = 0;
-    if (existsSync(offsetFile)) {
-      try { offset = parseInt(readFileSync(offsetFile, 'utf-8').trim(), 10) || 0; } catch {}
-    }
-
-    const raw = readFileSync(transcriptPath, 'utf-8');
-    const allLines = raw.split('\\n').filter(l => l.trim());
-    const totalLines = allLines.length;
-
-    if (totalLines <= offset) { outputEmpty(); return; }
-
-    let startIdx = offset;
-    const delta = totalLines - offset;
-    if (delta > 200) startIdx = totalLines - 200;
-
-    const messages: any[] = [];
-    for (let i = startIdx; i < totalLines; i++) {
-      try {
-        const entry = JSON.parse(allLines[i]);
-        if (entry.type !== 'user' && entry.type !== 'assistant') continue;
-        const content = entry.message?.content;
-        let text = '';
-        if (typeof content === 'string') text = content.slice(0, 8000);
-        else if (Array.isArray(content)) {
-          text = content.map((c: any) => {
-            if (typeof c === 'string') return c;
-            if (c?.type === 'text') return c.text || '';
-            return '';
-          }).join(' ').slice(0, 8000);
-        }
-
-        const msg: any = { message_index: i, type: entry.type, content: text, ts: entry.timestamp || null };
-        if (entry.type === 'assistant') {
-          const toolCalls = (Array.isArray(content) ? content : [])
-            .filter((c: any) => c?.type === 'tool_use')
-            .map((c: any) => ({ name: c.name, input: JSON.stringify(c.input || {}).slice(0, 500), id: c.id }));
-          if (toolCalls.length > 0) msg.tool_calls = toolCalls;
-          msg.model = entry.message?.model || null;
-          const u = entry.message?.usage;
-          if (u) msg.usage = { input_tokens: u.input_tokens, output_tokens: u.output_tokens, cache_creation_input_tokens: u.cache_creation_input_tokens, cache_read_input_tokens: u.cache_read_input_tokens };
-        }
-        messages.push(msg);
-      } catch {}
-    }
-
-    writeFileSync(offsetFile, String(totalLines), 'utf-8');
-
-    if (messages.length === 0) { outputEmpty(); return; }
+    const { messages } = await syncConversationTranscript(sessionId, transcriptPath, gitRepo || '');
 
-    // Local persist \u2014 always. The conversation timeline lives in PGLite.
-    const mcpPort = process.env.SYNKRO_MCP_PORT || '18931';
-    let mcpToken = '';
-    try { mcpToken = readFileSync(join(homedir(), '.synkro', '.mcp-jwt'), 'utf-8').trim(); } catch {}
-    if (mcpToken) {
-      fetch('http://127.0.0.1:' + mcpPort + '/api/conversation-sync', {
-        method: 'POST',
-        headers: { 'Content-Type': 'application/json', Authorization: 'Bearer ' + mcpToken },
-        body: JSON.stringify({ session_id: sessionId, repo: gitRepo || '', messages }),
-        signal: AbortSignal.timeout(5000),
-      }).catch(() => {});
-    }
-
-    // Cloud sync \u2014 only when storage mode is cloud (and transcript consent
-    // wasn't declined). Carries the transcript + the session step-log so cloud
-    // storage matches the local PGLite shape.
-    if (cloudConsent && gitRepo && (process.env.SYNKRO_STORAGE_MODE || 'local') === 'cloud') {
+    if (cloudConsent && gitRepo && messages.length > 0 && (process.env.SYNKRO_STORAGE_MODE || 'local') === 'cloud') {
       fetch(GATEWAY_URL + '/api/v1/cli/sync-transcripts', {
         method: 'POST',
         headers: { 'Content-Type': 'application/json', Authorization: 'Bearer ' + jwt },
@@ -4407,7 +4995,7 @@ async function main() {
 main();
 `;
     USER_PROMPT_SUBMIT_TS = `#!/usr/bin/env bun
-import { readStdin, appendLocalTelemetry, aggregateUsage, outputEmpty, setupCursorHookSignals, hookSessionId } from './_synkro-common.ts';
+import { readStdin, appendLocalTelemetry, aggregateUsage, outputEmpty, setupCursorHookSignals, hookSessionId, detectRepo, resolveTranscriptPath, syncConversationTranscript, emitUsageTick, cursorModelFromPayload } from './_synkro-common.ts';
 import { writeFileSync, mkdirSync } from 'node:fs';
 import { join, dirname } from 'node:path';
 import { homedir } from 'node:os';
@@ -4432,25 +5020,15 @@ async function main() {
     }
 
     const sessionId = hookSessionId(payload);
-    const transcriptPath = payload.transcript_path || '';
+    const workspaceRoots = Array.isArray(payload.workspace_roots) ? payload.workspace_roots as string[] : [];
+    const cwd = payload.cwd || workspaceRoots[0] || '';
+    const transcriptPath = resolveTranscriptPath(payload);
     if (sessionId && transcriptPath) {
-      const usage = aggregateUsage(transcriptPath);
-      if (usage.totals.in + usage.totals.out > 0) {
-        appendLocalTelemetry({
-          capture_type: 'usage_tick',
-          event_id: 'usage_' + Date.now() + '_' + process.pid,
-          hook_type: 'prompt_submit',
-          session_id: sessionId,
-          model: usage.model || 'unknown',
-          cc_model: usage.model || '',
-          cc_usage: {
-            input_tokens: usage.totals.in,
-            output_tokens: usage.totals.out,
-            cache_creation_input_tokens: usage.totals.cw,
-            cache_read_input_tokens: usage.totals.cr,
-          },
-        });
-      }
+      const gitRepo = detectRepo(cwd, transcriptPath, '', workspaceRoots);
+      syncConversationTranscript(sessionId, transcriptPath, gitRepo || '').catch(() => {});
+      const modelFallback = cursorModelFromPayload(payload);
+      const usage = aggregateUsage(transcriptPath, { modelFallback });
+      emitUsageTick({ sessionId, usage, hookType: 'prompt_submit', gitRepo, modelFallback });
     }
     outputEmpty();
   } catch {
@@ -4464,7 +5042,7 @@ main();
 import {
   loadJwt, ensureFreshJwt, detectRepo, loadConfig, route, tag, localGrade,
   parseVerdict, dispatchCapture, dispatchFinding, ruleMode, normalizeMode, filterRules, ruleFilterText,
-  isSafeInRepoRead, postWithRetry, readStdin, hashCommand,
+  isSafeInRepoRead, resolveTranscriptPath, postWithRetry, readStdin, hashCommand,
   extractTranscript, readLastPrompt, readSessionLog, compressSessionLog,
   appendLocalTelemetry, logGraderUnavailable, log, GATEWAY_URL,
   type Rule,
@@ -4577,10 +5155,9 @@ async function main() {
       finishAllow();
     }
 
-    const transcriptPath = typeof payload.transcript_path === 'string' ? payload.transcript_path : '';
+    const transcriptPath = resolveTranscriptPath(payload);
     const rawModel = String(payload.model ?? payload.model_id ?? '');
-    const KNOWN_MODELS = new Set(['gpt-4', 'gpt-4o', 'gpt-4.1', 'gpt-5', 'o1', 'o3', 'o4-mini', 'claude-sonnet-4-5', 'claude-opus-4-5', 'sonnet-4', 'sonnet-4-thinking', 'gemini-2.5-pro', 'gemini-2.5-flash']);
-    const model = rawModel ? (KNOWN_MODELS.has(rawModel) || rawModel.startsWith('claude-') || rawModel.startsWith('gpt-') || rawModel.startsWith('gemini-') || rawModel.startsWith('o1') || rawModel.startsWith('o3') ? rawModel : 'cursor/' + rawModel) : 'cursor';
+    const model = rawModel ? (rawModel.startsWith('cursor/') ? rawModel : 'cursor/' + rawModel) : 'cursor';
     const repo = detectRepo(cwd, transcriptPath, command, workspaceRoots);
 
     const cmdShort = command.slice(0, 80);
@@ -4613,16 +5190,19 @@ async function main() {
     const rt = await route(config);
     const tagStr = tag(rt, config);
 
-    // Install protection \u2014 read cached scan from the install-scan hook.
+    // Install protection \u2014 install-scan runs first and owns block traces.
     let scanConcern = '';
     let scanBlockContext = '';
     if (SHELL_TOOL_NAMES.has(toolName)) {
       const scan = readCachedScan(command);
-      if (scan && scan.action === 'block') {
-        scanBlockContext = scan.blockContext || '';
-        scanConcern = 'PACKAGE SCANNER FLAG (authoritative \u2014 do NOT re-evaluate whether the vulnerability is real): '
-          + scanBlockContext
-          + ' For this concern you MUST return ok=false with rule_id "SYNKRO_PKGSCAN", rule_mode "ask", and the reason above \u2014 UNLESS the user has explicitly consented in this conversation to installing this despite the warning, in which case return ok=true.';
+      if (scan?.action === 'block') {
+        log('bashGuard deferring to install-scan block: ' + cmdShort);
+        finishAllow();
+      }
+      if (scan?.action === 'warn') {
+        scanBlockContext = scan.blockContext || scan.summary || '';
+        scanConcern = 'PACKAGE SCANNER WARNING: ' + scanBlockContext
+          + ' Mention this to the user before proceeding.';
       }
     }
 
@@ -4677,7 +5257,7 @@ async function main() {
         dispatchCapture(jwt, 'bash', 'block', verdict.severity || 'critical', verdict.category || 'security',
           'Bash', repo, sessionId, config.captureDepth, {
             command, reasoning: guardReason,
-            rulesChecked: config.rules, violatedRules: verdict.ruleId ? [verdict.ruleId] : [],
+            rulesChecked: relevantRules, violatedRules: verdict.ruleId ? [verdict.ruleId] : [],
             ccModel: model,
           });
         finishWith({
@@ -4689,7 +5269,7 @@ async function main() {
         dispatchCapture(jwt, 'bash', 'pass', 'clean', verdict.category || 'clean',
           'Bash', repo, sessionId, config.captureDepth, {
             command, reasoning: verdict.reason || 'no policy violations detected',
-            rulesChecked: config.rules, violatedRules: [],
+            rulesChecked: relevantRules, violatedRules: [],
             ccModel: model,
           });
       }
@@ -4756,8 +5336,9 @@ main().catch((e) => {
 });`;
     CURSOR_EDIT_CAPTURE_TS = `#!/usr/bin/env bun
 import {
-  loadJwt, ensureFreshJwt, detectRepo, readStdin,
+  loadJwt, ensureFreshJwt, detectRepo, readStdin, resolveTranscriptPath,
   appendSessionAction, appendLocalTelemetry, shipCloud, log, GATEWAY_URL,
+  countEditLineDelta, dispatchCapture, hookSessionId, cursorModelFromPayload,
 } from './_synkro-common.ts';
 import { existsSync, readFileSync } from 'node:fs';
 import { basename, dirname, join } from 'node:path';
@@ -4780,23 +5361,31 @@ async function main() {
     const input = await readStdin();
     if (!input.trim()) finish();
 
-    const payload = JSON.parse(input);
-    const filePath = payload.file_path || payload.path || payload.target_file || '';
+    const payload = JSON.parse(input) as Record<string, unknown>;
+    const filePath = String(payload.file_path || payload.path || payload.target_file || '');
     if (!filePath) finish();
 
-    const workspaceRoots = Array.isArray(payload.workspace_roots) ? (payload.workspace_roots as unknown[]).filter((r): r is string => typeof r === 'string') : [];
-    const cwd = payload.cwd || workspaceRoots[0] || '';
-    const transcriptPath = typeof payload.transcript_path === 'string' ? payload.transcript_path : '';
-    const sessionId = payload.conversation_id || '';
+    const workspaceRoots = Array.isArray(payload.workspace_roots)
+      ? (payload.workspace_roots as unknown[]).filter((r): r is string => typeof r === 'string')
+      : [];
+    const cwd = (typeof payload.cwd === 'string' && payload.cwd) || workspaceRoots[0] || '';
+    const transcriptPath = resolveTranscriptPath(payload);
+    const sessionId = hookSessionId(payload);
     const repo = detectRepo(cwd, transcriptPath, filePath, workspaceRoots);
+    const model = cursorModelFromPayload(payload);
 
-    const rawModel = String(payload.model ?? payload.model_id ?? '');
-    const KNOWN_MODELS = new Set(['gpt-4', 'gpt-4o', 'gpt-4.1', 'gpt-5', 'o1', 'o3', 'o4-mini', 'claude-sonnet-4-5', 'claude-opus-4-5', 'sonnet-4', 'sonnet-4-thinking', 'gemini-2.5-pro', 'gemini-2.5-flash']);
-    const model = rawModel ? (KNOWN_MODELS.has(rawModel) || rawModel.startsWith('claude-') || rawModel.startsWith('gpt-') || rawModel.startsWith('gemini-') || rawModel.startsWith('o1') || rawModel.startsWith('o3') ? rawModel : 'cursor/' + rawModel) : 'cursor';
+    const edits = Array.isArray(payload.edits) ? payload.edits as Array<{ old_string?: string; new_string?: string }> : [];
+    const { linesAdded, linesRemoved } = countEditLineDelta({ edits });
 
-    log('editScan ' + basename(filePath));
+    log('editScan ' + basename(filePath) + ' +' + linesAdded + '/-' + linesRemoved);
 
-    appendSessionAction(sessionId, { ts: new Date().toISOString(), tool: 'Edit', summary: 'wrote ' + basename(filePath), file: filePath, outcome: 'ok' });
+    appendSessionAction(sessionId, {
+      ts: new Date().toISOString(),
+      tool: 'Edit',
+      summary: 'wrote ' + basename(filePath) + (linesAdded || linesRemoved ? (' (+' + linesAdded + '/-' + linesRemoved + ')') : ''),
+      file: filePath,
+      outcome: 'ok',
+    });
 
     let jwt = loadJwt();
     if (!jwt) finish();
@@ -4842,6 +5431,16 @@ async function main() {
     appendLocalTelemetry(captureBody);
     shipCloud(jwt, '/api/v1/hook/capture', captureBody, 10000);
 
+    if (sessionId) {
+      dispatchCapture(jwt, 'edit', 'pass', 'clean', 'trivial_edit', 'Edit', repo, sessionId, 'full', {
+        command: 'file=' + filePath,
+        reasoning: 'Cursor afterFileEdit',
+        ccModel: model,
+        linesAdded,
+        linesRemoved,
+      });
+    }
+
     finish();
   } catch (e) {
     log('editScan error: ' + String(e));
@@ -4853,6 +5452,47 @@ main().catch((e) => {
   log('editScan fatal: ' + String(e));
   finish();
 });`;
+    CURSOR_AGENT_CAPTURE_TS = `#!/usr/bin/env bun
+/** Capture Cursor agent thinking/response text before transcript JSONL redacts it. */
+import {
+  readStdin, outputEmpty, setupCursorHookSignals, hookSessionId, detectRepo,
+  appendThoughtOverlay, pushConversationMessage,
+} from './_synkro-common.ts';
+
+async function main() {
+  setupCursorHookSignals();
+  try {
+    const input = await readStdin();
+    if (!input.trim()) { outputEmpty(); return; }
+    const payload = JSON.parse(input) as Record<string, unknown>;
+    const event = String(payload.hook_event_name || '');
+    const text = typeof payload.text === 'string' ? payload.text.trim() : '';
+    if (!text || text === '[REDACTED]') { outputEmpty(); return; }
+
+    const sessionId = hookSessionId(payload);
+    if (!sessionId) { outputEmpty(); return; }
+
+    const workspaceRoots = Array.isArray(payload.workspace_roots)
+      ? payload.workspace_roots.filter((r): r is string => typeof r === 'string')
+      : [];
+    const cwd = (typeof payload.cwd === 'string' && payload.cwd) || workspaceRoots[0] || '';
+    const gitRepo = detectRepo(cwd, '', '', workspaceRoots);
+
+    if (event === 'afterAgentThought') {
+      appendThoughtOverlay(sessionId, text);
+      await pushConversationMessage(sessionId, 'assistant', text, { gitRepo, patchRedacted: true });
+    } else if (event === 'afterAgentResponse') {
+      await pushConversationMessage(sessionId, 'assistant', text, { gitRepo, patchRedacted: false });
+    }
+
+    outputEmpty();
+  } catch {
+    outputEmpty();
+  }
+}
+
+main();
+`;
   }
 });
 
@@ -6794,6 +7434,7 @@ function writeHookScripts() {
   const installScanScriptPath = join8(HOOKS_DIR, "cc-install-scan.ts");
   const cursorBashJudgePath = join8(HOOKS_DIR, "cursor-bash-judge.ts");
   const cursorEditCapturePath = join8(HOOKS_DIR, "cursor-edit-capture.ts");
+  const cursorAgentCapturePath = join8(HOOKS_DIR, "cursor-agent-capture.ts");
   const mcpStdioProxyPath = join8(HOOKS_DIR, "mcp-stdio-proxy.ts");
   writeFileSync7(bashScriptPath, BASH_JUDGE_TS, "utf-8");
   writeFileSync7(bashFollowupScriptPath, BASH_FOLLOWUP_TS, "utf-8");
@@ -6811,8 +7452,9 @@ function writeHookScripts() {
   writeFileSync7(installScanScriptPath, INSTALL_SCAN_TS, "utf-8");
   writeFileSync7(cursorBashJudgePath, CURSOR_BASH_JUDGE_TS, "utf-8");
   writeFileSync7(cursorEditCapturePath, CURSOR_EDIT_CAPTURE_TS, "utf-8");
+  writeFileSync7(cursorAgentCapturePath, CURSOR_AGENT_CAPTURE_TS, "utf-8");
   writeFileSync7(mcpStdioProxyPath, MCP_STDIO_PROXY_SRC, "utf-8");
-  writeFileSync7(installExtractCorePath, "/**\n * Deterministic install-command extraction \u2014 no LLM, no network.\n * Shared by the API pkg-scan route and the hook scripts (copied to ~/.synkro/hooks/).\n */\nimport { parse as shellParse } from 'shell-quote';\n\nexport interface DeterministicPkgRequest {\n  name: string;\n  version: string;\n  ecosystem: string;\n}\n\ninterface RawInstall {\n  ecosystem: string;\n  name: string;\n  versionSpec: string | null;\n  source: 'registry' | 'git' | 'local' | 'url' | 'unknown';\n}\n\nconst SEPARATOR_OPS = new Set(['&&', '||', ';', '|', '&', '\\n']);\n\n/** Split a shell command into command segments (each an argv string array). */\nexport function segmentCommand(command: string): string[][] {\n  let tokens: unknown[];\n  try {\n    tokens = shellParse(command) as unknown[];\n  } catch {\n    return [command.split(/\\s+/).filter(Boolean)];\n  }\n  const segments: string[][] = [];\n  let current: string[] = [];\n  for (const tok of tokens) {\n    if (typeof tok === 'string') {\n      current.push(tok);\n      continue;\n    }\n    if (tok && typeof tok === 'object') {\n      const op = (tok as { op?: string }).op;\n      const pattern = (tok as { pattern?: string }).pattern;\n      if (op && SEPARATOR_OPS.has(op)) {\n        if (current.length) segments.push(current);\n        current = [];\n      } else if (typeof pattern === 'string') {\n        current.push(pattern);\n      }\n    }\n  }\n  if (current.length) segments.push(current);\n  return segments;\n}\n\nconst PM_TABLE: Record<string, { subs: Set<string>; ecosystem: string }> = {\n  npm:      { subs: new Set(['install', 'i', 'add', 'ci']),  ecosystem: 'npm' },\n  pnpm:     { subs: new Set(['add', 'install', 'i', 'dlx']), ecosystem: 'npm' },\n  yarn:     { subs: new Set(['add', 'install']),             ecosystem: 'npm' },\n  bun:      { subs: new Set(['add', 'install', 'i']),        ecosystem: 'npm' },\n  pip:      { subs: new Set(['install']),                    ecosystem: 'PyPI' },\n  pip3:     { subs: new Set(['install']),                    ecosystem: 'PyPI' },\n  cargo:    { subs: new Set(['add', 'install']),             ecosystem: 'crates.io' },\n  go:       { subs: new Set(['get', 'install']),             ecosystem: 'Go' },\n  gem:      { subs: new Set(['install']),                    ecosystem: 'RubyGems' },\n  composer: { subs: new Set(['require']),                    ecosystem: 'Packagist' },\n};\nconst SYSTEM_PMS = new Set(['apt', 'apt-get', 'apk', 'brew', 'dnf', 'yum', 'pacman']);\nconst SYSTEM_SUBS = new Set(['install', 'add']);\n\nconst WRAPPERS = new Set(['sudo', 'doas', 'command', 'env', 'xargs', 'nice', 'time']);\nconst VALUE_FLAGS = new Set([\n  '--filter', '-F', '-C', '--dir', '--prefix', '--registry', '--tag', '--features',\n  '-v', '--version', '--index-url', '--extra-index-url', '--target', '-t',\n]);\n\nfunction basename(p: string): string {\n  const i = p.lastIndexOf('/');\n  return i >= 0 ? p.slice(i + 1) : p;\n}\n\nfunction stripPrefixes(argv: string[]): string[] {\n  let i = 0;\n  while (i < argv.length) {\n    const t = argv[i];\n    if (WRAPPERS.has(basename(t).toLowerCase())) { i++; continue; }\n    if (/^[A-Za-z_][A-Za-z0-9_]*=/.test(t)) { i++; continue; }\n    break;\n  }\n  return argv.slice(i);\n}\n\nfunction looksLikePath(tok: string): boolean {\n  return tok === '.' || tok === '..' || /^\\.{0,2}\\//.test(tok) || tok.startsWith('~/') || tok.startsWith('file:');\n}\n\n/** Shell redirect fragments (e.g. `2>&1` \u2192 argv `2`, `1`) \u2014 not package names. */\nfunction isRedirectFragment(tok: string): boolean {\n  if (/^\\d+$/.test(tok)) return true;\n  if (/^[<>]|[<>]$/.test(tok)) return true;\n  if (tok === '&' || tok === '|') return true;\n  if (/^\\d*[<>]/.test(tok)) return true;\n  return false;\n}\n\nfunction parsePackageToken(tok: string, ecosystem: string): RawInstall | null {\n  if (/^(https?:)?\\/\\//.test(tok) || tok.startsWith('git+') || tok.startsWith('git:')) {\n    return { ecosystem, name: tok, versionSpec: null, source: tok.includes('git') ? 'git' : 'url' };\n  }\n  if (looksLikePath(tok)) {\n    return { ecosystem, name: basename(tok.replace(/\\/+$/, '')) || tok, versionSpec: null, source: 'local' };\n  }\n  if (ecosystem === 'PyPI') {\n    const noExtras = tok.replace(/\\[[^\\]]*\\]/g, '');\n    const m = noExtras.match(/^([A-Za-z0-9_.-]+)\\s*([=~!<>].*)?$/);\n    if (!m) return null;\n    return { ecosystem, name: m[1], versionSpec: m[2] ? m[2].trim() : null, source: 'registry' };\n  }\n  const at = tok.lastIndexOf('@');\n  if (at > 0) {\n    return { ecosystem, name: tok.slice(0, at), versionSpec: tok.slice(at + 1) || null, source: 'registry' };\n  }\n  return { ecosystem, name: tok, versionSpec: null, source: 'registry' };\n}\n\n/** Deterministic extraction for a single command segment. */\nexport function extractSegment(rawArgv: string[]): RawInstall[] {\n  let argv = stripPrefixes(rawArgv);\n  if (argv.length < 2) return [];\n  let bin = basename(argv[0]).toLowerCase();\n\n  if (bin === 'uv' && argv[1] === 'pip') { argv = argv.slice(1); bin = 'pip'; }\n  if ((bin === 'python' || bin === 'python3') && argv.includes('-m')) {\n    const mi = argv.indexOf('-m');\n    if (argv[mi + 1] === 'pip') { argv = ['pip', ...argv.slice(mi + 2)]; bin = 'pip'; }\n  }\n\n  const isSystem = SYSTEM_PMS.has(bin);\n  const entry = PM_TABLE[bin];\n  if (!entry && !isSystem) return [];\n  const ecosystem = entry ? entry.ecosystem : 'system';\n  const subs = entry ? entry.subs : SYSTEM_SUBS;\n\n  let subIdx = -1;\n  for (let i = 1; i < argv.length; i++) {\n    if (subs.has(argv[i].toLowerCase())) { subIdx = i; break; }\n  }\n  if (subIdx === -1) return [];\n\n  const installs: RawInstall[] = [];\n  for (let i = subIdx + 1; i < argv.length; i++) {\n    const tok = argv[i];\n    if (isRedirectFragment(tok)) break;\n    if (tok.startsWith('-')) {\n      if (VALUE_FLAGS.has(tok)) i++;\n      continue;\n    }\n    const parsed = parsePackageToken(tok, ecosystem);\n    if (parsed) installs.push(parsed);\n  }\n  return installs;\n}\n\nconst ECO_TO_OSV: Record<string, string | null> = {\n  npm: 'npm',\n  pypi: 'PyPI', PyPI: 'PyPI',\n  cargo: 'crates.io', 'crates.io': 'crates.io',\n  go: 'Go', Go: 'Go',\n  rubygems: 'RubyGems', RubyGems: 'RubyGems',\n  packagist: 'Packagist', Packagist: 'Packagist',\n  maven: 'Maven', Maven: 'Maven',\n  nuget: 'NuGet', NuGet: 'NuGet',\n  apt: null, brew: null, system: null, other: null,\n};\n\nfunction normalizeName(name: string, osvEco: string): string {\n  const n = name.trim();\n  if (osvEco === 'npm') return n.toLowerCase();\n  if (osvEco === 'PyPI') return n.toLowerCase().replace(/[-_.]+/g, '-');\n  return n;\n}\n\nfunction concretePin(spec: string | null): string | null {\n  if (!spec) return null;\n  const c = spec.trim().replace(/^[v=\\s]+/, '');\n  if (c.toLowerCase() === 'latest' || c === '') return null;\n  if (/[\\^~><|*\\sx]/i.test(c)) return null;\n  return /^\\d[\\w.\\-+]*$/.test(c) ? c : null;\n}\n\n/**\n * Parse registry installs from a shell command without LLM/network.\n * Unpinned versions use '*' so OSV scans the full advisory history.\n */\nexport function extractDeterministicPkgRequests(command: string): DeterministicPkgRequest[] {\n  const merged = new Map<string, DeterministicPkgRequest>();\n  for (const r of segmentCommand(command).flatMap(extractSegment)) {\n    if (r.source !== 'registry') continue;\n    const osvEco = ECO_TO_OSV[r.ecosystem] ?? ECO_TO_OSV[r.ecosystem.toLowerCase()] ?? null;\n    if (!osvEco) continue;\n    const name = normalizeName(r.name, osvEco);\n    if (!name) continue;\n    const key = osvEco + '|' + name.toLowerCase();\n    const version = concretePin(r.versionSpec) ?? '*';\n    const prev = merged.get(key);\n    if (!prev || (prev.version === '*' && version !== '*')) {\n      merged.set(key, { name, version, ecosystem: osvEco });\n    }\n  }\n  return [...merged.values()];\n}\n", "utf-8");
+  writeFileSync7(installExtractCorePath, "/**\n * Deterministic install-command extraction \u2014 no LLM, no network.\n * Shared by the API pkg-scan route and the hook scripts (copied to ~/.synkro/hooks/).\n */\nimport { parse as shellParse } from 'shell-quote';\n\nexport interface DeterministicPkgRequest {\n  name: string;\n  version: string;\n  ecosystem: string;\n}\n\ninterface RawInstall {\n  ecosystem: string;\n  name: string;\n  versionSpec: string | null;\n  source: 'registry' | 'git' | 'local' | 'url' | 'unknown';\n}\n\nconst SEPARATOR_OPS = new Set(['&&', '||', ';', '|', '&', '\\n']);\n\n/** Split a shell command into command segments (each an argv string array). */\nexport function segmentCommand(command: string): string[][] {\n  let tokens: unknown[];\n  try {\n    tokens = shellParse(command) as unknown[];\n  } catch {\n    return [command.split(/\\s+/).filter(Boolean)];\n  }\n  const segments: string[][] = [];\n  let current: string[] = [];\n  for (const tok of tokens) {\n    if (typeof tok === 'string') {\n      current.push(tok);\n      continue;\n    }\n    if (tok && typeof tok === 'object') {\n      const op = (tok as { op?: string }).op;\n      const pattern = (tok as { pattern?: string }).pattern;\n      if (op && SEPARATOR_OPS.has(op)) {\n        if (current.length) segments.push(current);\n        current = [];\n      } else if (typeof pattern === 'string') {\n        current.push(pattern);\n      }\n    }\n  }\n  if (current.length) segments.push(current);\n  return segments;\n}\n\nconst PM_TABLE: Record<string, { subs: Set<string>; ecosystem: string }> = {\n  npm:      { subs: new Set(['install', 'i', 'add', 'ci']),  ecosystem: 'npm' },\n  pnpm:     { subs: new Set(['add', 'install', 'i', 'dlx']), ecosystem: 'npm' },\n  yarn:     { subs: new Set(['add', 'install']),             ecosystem: 'npm' },\n  bun:      { subs: new Set(['add', 'install', 'i']),        ecosystem: 'npm' },\n  pip:      { subs: new Set(['install']),                    ecosystem: 'PyPI' },\n  pip3:     { subs: new Set(['install']),                    ecosystem: 'PyPI' },\n  cargo:    { subs: new Set(['add', 'install']),             ecosystem: 'crates.io' },\n  go:       { subs: new Set(['get', 'install']),             ecosystem: 'Go' },\n  gem:      { subs: new Set(['install']),                    ecosystem: 'RubyGems' },\n  composer: { subs: new Set(['require']),                    ecosystem: 'Packagist' },\n};\nconst SYSTEM_PMS = new Set(['apt', 'apt-get', 'apk', 'brew', 'dnf', 'yum', 'pacman']);\nconst SYSTEM_SUBS = new Set(['install', 'add']);\n\nconst WRAPPERS = new Set(['sudo', 'doas', 'command', 'env', 'xargs', 'nice', 'time']);\nconst VALUE_FLAGS = new Set([\n  '--filter', '-F', '-C', '--dir', '--prefix', '--registry', '--tag', '--features',\n  '-v', '--version', '--index-url', '--extra-index-url', '--target', '-t',\n]);\n\nfunction basename(p: string): string {\n  const i = p.lastIndexOf('/');\n  return i >= 0 ? p.slice(i + 1) : p;\n}\n\nfunction stripPrefixes(argv: string[]): string[] {\n  let i = 0;\n  while (i < argv.length) {\n    const t = argv[i];\n    if (WRAPPERS.has(basename(t).toLowerCase())) { i++; continue; }\n    if (/^[A-Za-z_][A-Za-z0-9_]*=/.test(t)) { i++; continue; }\n    break;\n  }\n  return argv.slice(i);\n}\n\nfunction looksLikePath(tok: string): boolean {\n  return tok === '.' || tok === '..' || /^\\.{0,2}\\//.test(tok) || tok.startsWith('~/') || tok.startsWith('file:');\n}\n\n/** Shell redirect fragments (e.g. `2>&1` \u2192 argv `2`, `1`) \u2014 not package names. */\nfunction isRedirectFragment(tok: string): boolean {\n  if (/^\\d+$/.test(tok)) return true;\n  if (/^[<>]|[<>]$/.test(tok)) return true;\n  if (tok === '&' || tok === '|') return true;\n  if (/^\\d*[<>]/.test(tok)) return true;\n  return false;\n}\n\nfunction parsePackageToken(tok: string, ecosystem: string): RawInstall | null {\n  if (/^(https?:)?\\/\\//.test(tok) || tok.startsWith('git+') || tok.startsWith('git:')) {\n    return { ecosystem, name: tok, versionSpec: null, source: tok.includes('git') ? 'git' : 'url' };\n  }\n  if (looksLikePath(tok)) {\n    return { ecosystem, name: basename(tok.replace(/\\/+$/, '')) || tok, versionSpec: null, source: 'local' };\n  }\n  if (ecosystem === 'PyPI') {\n    const noExtras = tok.replace(/\\[[^\\]]*\\]/g, '');\n    const m = noExtras.match(/^([A-Za-z0-9_.-]+)\\s*([=~!<>].*)?$/);\n    if (!m) return null;\n    return { ecosystem, name: m[1], versionSpec: m[2] ? m[2].trim() : null, source: 'registry' };\n  }\n  const at = tok.lastIndexOf('@');\n  if (at > 0) {\n    return { ecosystem, name: tok.slice(0, at), versionSpec: tok.slice(at + 1) || null, source: 'registry' };\n  }\n  return { ecosystem, name: tok, versionSpec: null, source: 'registry' };\n}\n\n/** Deterministic extraction for a single command segment. */\nexport function extractSegment(rawArgv: string[]): RawInstall[] {\n  let argv = stripPrefixes(rawArgv);\n  if (argv.length < 2) return [];\n  let bin = basename(argv[0]).toLowerCase();\n\n  if (bin === 'uv' && argv[1] === 'pip') { argv = argv.slice(1); bin = 'pip'; }\n  if ((bin === 'python' || bin === 'python3') && argv.includes('-m')) {\n    const mi = argv.indexOf('-m');\n    if (argv[mi + 1] === 'pip') { argv = ['pip', ...argv.slice(mi + 2)]; bin = 'pip'; }\n  }\n\n  const isSystem = SYSTEM_PMS.has(bin);\n  const entry = PM_TABLE[bin];\n  if (!entry && !isSystem) return [];\n  const ecosystem = entry ? entry.ecosystem : 'system';\n  const subs = entry ? entry.subs : SYSTEM_SUBS;\n\n  let subIdx = -1;\n  for (let i = 1; i < argv.length; i++) {\n    if (subs.has(argv[i].toLowerCase())) { subIdx = i; break; }\n  }\n  if (subIdx === -1) return [];\n\n  const installs: RawInstall[] = [];\n  for (let i = subIdx + 1; i < argv.length; i++) {\n    const tok = argv[i];\n    if (isRedirectFragment(tok)) break;\n    if (tok.startsWith('-')) {\n      if (VALUE_FLAGS.has(tok)) i++;\n      continue;\n    }\n    const parsed = parsePackageToken(tok, ecosystem);\n    if (parsed) installs.push(parsed);\n  }\n  return installs;\n}\n\nconst ECO_TO_OSV: Record<string, string | null> = {\n  npm: 'npm',\n  pypi: 'PyPI', PyPI: 'PyPI',\n  cargo: 'crates.io', 'crates.io': 'crates.io',\n  go: 'Go', Go: 'Go',\n  rubygems: 'RubyGems', RubyGems: 'RubyGems',\n  packagist: 'Packagist', Packagist: 'Packagist',\n  maven: 'Maven', Maven: 'Maven',\n  nuget: 'NuGet', NuGet: 'NuGet',\n  apt: null, brew: null, system: null, other: null,\n};\n\nfunction normalizeName(name: string, osvEco: string): string {\n  const n = name.trim();\n  if (osvEco === 'npm') return n.toLowerCase();\n  if (osvEco === 'PyPI') return n.toLowerCase().replace(/[-_.]+/g, '-');\n  return n;\n}\n\nfunction concretePin(spec: string | null): string | null {\n  if (!spec) return null;\n  const c = spec.trim().replace(/^[v=\\s]+/, '');\n  if (c.toLowerCase() === 'latest' || c === '') return null;\n  if (/[\\^~><|*\\sx]/i.test(c)) return null;\n  return /^\\d[\\w.\\-+]*$/.test(c) ? c : null;\n}\n\nconst PKG_JSON_DEP_FIELDS = ['dependencies', 'devDependencies', 'peerDependencies', 'optionalDependencies'];\n\nfunction safeParseObject(text: string): Record<string, any> | null {\n  try {\n    const v = JSON.parse(text);\n    return v && typeof v === 'object' && !Array.isArray(v) ? v : null;\n  } catch {\n    return null;\n  }\n}\n\n/**\n * Diff two package.json contents and return the registry packages that are\n * newly added or whose version spec changed in the new content. The caller\n * scans these against the vuln DB before letting the edit land \u2014 so a bare\n * `pnpm install` afterwards has nothing left to vet. Non-registry sources\n * (file:, link:, workspace:, git, http, relative paths) are skipped.\n */\nexport function extractPackageJsonDelta(oldText: string, newText: string): DeterministicPkgRequest[] {\n  const newJson = safeParseObject(newText);\n  if (!newJson) return [];\n  const oldJson = safeParseObject(oldText) || {};\n\n  const out = new Map<string, DeterministicPkgRequest>();\n  for (const field of PKG_JSON_DEP_FIELDS) {\n    const oldDeps = (oldJson[field] && typeof oldJson[field] === 'object') ? oldJson[field] : {};\n    const newDeps = (newJson[field] && typeof newJson[field] === 'object') ? newJson[field] : {};\n    for (const [rawName, version] of Object.entries(newDeps)) {\n      if (typeof version !== 'string') continue;\n      if (oldDeps[rawName] === version) continue;\n      const spec = version.trim();\n      if (\n        spec.startsWith('file:') || spec.startsWith('link:') ||\n        spec.startsWith('http') || spec.startsWith('git') ||\n        spec.startsWith('workspace:') || spec.startsWith('catalog:') ||\n        spec.startsWith('npm:') ||\n        spec.startsWith('./') || spec.startsWith('../') ||\n        spec === '' || spec === '*'\n      ) continue;\n      const name = rawName.toLowerCase();\n      out.set(name, {\n        name,\n        version: concretePin(spec) ?? '*',\n        ecosystem: 'npm',\n      });\n    }\n  }\n  return [...out.values()];\n}\n\n/**\n * Parse registry installs from a shell command without LLM/network.\n * Unpinned versions use '*' so OSV scans the full advisory history.\n */\nexport function extractDeterministicPkgRequests(command: string): DeterministicPkgRequest[] {\n  const merged = new Map<string, DeterministicPkgRequest>();\n  for (const r of segmentCommand(command).flatMap(extractSegment)) {\n    if (r.source !== 'registry') continue;\n    const osvEco = ECO_TO_OSV[r.ecosystem] ?? ECO_TO_OSV[r.ecosystem.toLowerCase()] ?? null;\n    if (!osvEco) continue;\n    const name = normalizeName(r.name, osvEco);\n    if (!name) continue;\n    const key = osvEco + '|' + name.toLowerCase();\n    const version = concretePin(r.versionSpec) ?? '*';\n    const prev = merged.get(key);\n    if (!prev || (prev.version === '*' && version !== '*')) {\n      merged.set(key, { name, version, ecosystem: osvEco });\n    }\n  }\n  return [...merged.values()];\n}\n", "utf-8");
   const hooksPkgPath = join8(HOOKS_DIR, "package.json");
   writeFileSync7(hooksPkgPath, JSON.stringify({
     name: "synkro-hooks",
@@ -6840,6 +7482,7 @@ function writeHookScripts() {
   chmodSync2(installScanScriptPath, 493);
   chmodSync2(cursorBashJudgePath, 493);
   chmodSync2(cursorEditCapturePath, 493);
+  chmodSync2(cursorAgentCapturePath, 493);
   chmodSync2(mcpStdioProxyPath, 493);
   chmodSync2(installExtractCorePath, 493);
   return {
@@ -6856,7 +7499,8 @@ function writeHookScripts() {
     userPromptSubmitScript: userPromptSubmitScriptPath,
     installScanScript: installScanScriptPath,
     cursorBashJudgeScript: cursorBashJudgePath,
-    cursorEditCaptureScript: cursorEditCapturePath
+    cursorEditCaptureScript: cursorEditCapturePath,
+    cursorAgentCaptureScript: cursorAgentCapturePath
   };
 }
 function sanitizeConfigValue(raw, maxLen = 256) {
@@ -6888,7 +7532,7 @@ function writeConfigEnv(opts) {
     `SYNKRO_CREDENTIALS_PATH=${shellQuoteSingle(credsPath)}`,
     `SYNKRO_TIER=${shellQuoteSingle(safeTier)}`,
     `SYNKRO_INFERENCE=${shellQuoteSingle(safeInference)}`,
-    `SYNKRO_VERSION=${shellQuoteSingle("1.6.22")}`
+    `SYNKRO_VERSION=${shellQuoteSingle("1.6.25")}`
   ];
   if (safeSynkroBin) lines.push(`SYNKRO_CLI_BIN=${shellQuoteSingle(safeSynkroBin)}`);
   if (safeUserId) lines.push(`SYNKRO_USER_ID=${shellQuoteSingle(safeUserId)}`);
@@ -7139,6 +7783,7 @@ async function installCommand(opts = {}) {
       installCursorHooks(agent.settingsPath, {
         bashJudgeScriptPath: scripts.cursorBashJudgeScript,
         editCaptureScriptPath: scripts.cursorEditCaptureScript,
+        agentCaptureScriptPath: scripts.cursorAgentCaptureScript,
         bashFollowupScriptPath: scripts.bashFollowupScript,
         editPrecheckScriptPath: scripts.editPrecheckScript,
         cwePrecheckScriptPath: scripts.cwePrecheckScript,
@@ -9555,7 +10200,7 @@ var args = process.argv.slice(2);
 var cmd = args[0] || "";
 var subArgs = args.slice(1);
 function printVersion() {
-  console.log("1.6.22");
+  console.log("1.6.25");
 }
 function printHelp2() {
   console.log(`Synkro CLI \u2014 runtime safety for AI coding agents