npm - @synkro-sh/cli - Versions diffs - 1.6.29 → 1.6.31 - Mend

@synkro-sh/cli 1.6.29 → 1.6.31

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/bootstrap.js CHANGED Viewed

@@ -1906,6 +1906,21 @@ export function appendLocalTelemetry(body: Record<string, any>): void {
   try {
     appendFileSync(TELEMETRY_SPOOL, JSON.stringify(event) + '\\n');
   } catch {}
+  // Realtime: fire-and-forget POST to the local server so events appear
+  // in the dashboard immediately. Spool file remains the durable fallback.
+  try {
+    const port = process.env.SYNKRO_MCP_PORT || '18931';
+    let token = '';
+    try { token = readFileSync(join(HOME, '.synkro', '.mcp-jwt'), 'utf-8').trim(); } catch {}
+    if (token) {
+      fetch('http://127.0.0.1:' + port + '/api/ingest', {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json', Authorization: 'Bearer ' + token },
+        body: JSON.stringify(event),
+        signal: AbortSignal.timeout(3000),
+      }).catch(() => {});
+    }
+  } catch {}
 }
 function tryAcquireDrainLock(): boolean {
@@ -2336,12 +2351,10 @@ export async function pushConversationMessage(
         type: role,
         content: text,
         ts: new Date().toISOString(),
+        message_index: seq,
         patch_redacted: opts.patchRedacted ?? true,
       }],
     };
-    if (!opts.patchRedacted) {
-      (body.messages as Record<string, unknown>[])[0].message_index = seq;
-    }
     const resp = await fetch('http://127.0.0.1:' + mcpPort + '/api/conversation-sync', {
       method: 'POST',
       headers: { 'Content-Type': 'application/json', Authorization: 'Bearer ' + mcpToken },
@@ -2478,10 +2491,13 @@ export async function syncConversationTranscript(
     } catch {}
   }
-  writeFileSync(offsetFile, String(totalLines), 'utf-8');
-  if (messages.length === 0) return { ingested: 0, messages: [] };
+  if (messages.length === 0) {
+    writeFileSync(offsetFile, String(totalLines), 'utf-8');
+    return { ingested: 0, messages: [] };
+  }
-  const mcpPort = process.env.SYNKRO_MCP_PORT || '18931';
+  const rawPort = parseInt(process.env.SYNKRO_MCP_PORT || '18931', 10);
+  const mcpPort = (rawPort > 0 && rawPort < 65536) ? rawPort : 18931;
   let mcpToken = '';
   try { mcpToken = readFileSync(join(HOME, '.synkro', '.mcp-jwt'), 'utf-8').trim(); } catch {}
   if (!mcpToken) return { ingested: 0, messages };
@@ -2494,6 +2510,7 @@ export async function syncConversationTranscript(
       signal: AbortSignal.timeout(5000),
     });
     if (resp.ok) {
+      writeFileSync(offsetFile, String(totalLines), 'utf-8');
       const data = await resp.json() as { ingested?: number };
       return { ingested: data.ingested ?? messages.length, messages };
     }
@@ -3027,7 +3044,17 @@ export function hookSessionId(payload: Record<string, unknown>): string {
 }
 export function isCursorHookFormat(): boolean {
-  return process.env.SYNKRO_HOOK_FORMAT === 'cursor';
+  return process.env.SYNKRO_HOOK_FORMAT === 'cursor' || process.argv.includes('--cursor');
+}
+// Cursor reads CC hooks from ~/.claude/settings.json and fires them alongside
+// its own ~/.cursor/hooks.json entries. When that happens, agentKind is
+// 'claude_code' but the payload model is non-Claude (e.g. gpt-5.5).
+// Return true so the CC hook can bail out and let Cursor's hooks handle it.
+export function isCursorInvokingCcHook(agentKind: string, model: string): boolean {
+  if (agentKind === 'cursor') return false;
+  if (!model || model === 'unknown' || model === '') return false;
+  return !model.startsWith('claude-');
 }
 let cursorHookExited = false;
@@ -3127,13 +3154,13 @@ import {
   appendSessionAction, readSessionLog, compressSessionLog, log,
   outputJson, outputEmpty, setupCursorHookSignals, isEditTool, hookSessionId, GATEWAY_URL,
   logGraderUnavailable, filterRules, ruleFilterText, normalizeMode, countEditLineDelta,
-  captureLineMetrics, cursorModelFromPayload, resolveTranscriptPath,
+  captureLineMetrics, cursorModelFromPayload, resolveTranscriptPath, isCursorInvokingCcHook,
   type HookConfig, type Rule,
 } from './_synkro-common.ts';
 import { existsSync, readFileSync } from 'node:fs';
 import { basename, join } from 'node:path';
-const agentKind = process.env.SYNKRO_HOOK_FORMAT === 'cursor' ? 'cursor' : 'claude_code';
+const agentKind = (process.env.SYNKRO_HOOK_FORMAT === 'cursor' || process.argv.includes('--cursor')) ? 'cursor' : 'claude_code';
 async function main() {
   setupCursorHookSignals();
@@ -3220,6 +3247,8 @@ async function main() {
       ? cursorModelFromPayload(payload)
       : (transcript.ccModel || String(payload.model ?? payload.model_id ?? ''));
+    if (isCursorInvokingCcHook(agentKind, captureModel)) { outputEmpty(); return; }
     // Model detection: prefer transcript (CC), fall back to payload (Cursor)
     if (!transcript.ccModel) {
       transcript.ccModel = captureModel;
@@ -3377,12 +3406,12 @@ import {
   localGradeCwe, parseVerdict, reconstructContent, readStdin, log,
   outputJson, outputEmpty, setupCursorHookSignals, isEditTool, isShellTool, isCursorHookFormat,
   extractShellCodeWrites, hookSessionId, filePathFromToolInput, emitBlockScanFindings, dispatchFinding, dispatchCapture, GATEWAY_URL,
-  logGraderUnavailable, resolveTranscriptPath,
+  logGraderUnavailable, resolveTranscriptPath, isCursorInvokingCcHook,
 } from './_synkro-common.ts';
 import { basename, extname, resolve, join, dirname } from 'node:path';
 import { readFileSync, readdirSync, existsSync } from 'node:fs';
-const agentKind = process.env.SYNKRO_HOOK_FORMAT === 'cursor' ? 'cursor' : 'claude_code';
+const agentKind = (process.env.SYNKRO_HOOK_FORMAT === 'cursor' || process.argv.includes('--cursor')) ? 'cursor' : 'claude_code';
 function detectModel(payload: Record<string, unknown>): string {
   const raw = String(payload.model ?? payload.model_id ?? '');
@@ -3528,6 +3557,8 @@ async function main() {
     const shellCommand = typeof payload.command === 'string' ? payload.command.trim() : '';
     const ccModel = detectModel(payload);
+    if (isCursorInvokingCcHook(agentKind, ccModel)) { outputEmpty(); return; }
     const targets: CweScanTarget[] = [];
     if (isCursorHookFormat() && (shellCommand || isShellTool(toolName))) {
@@ -3931,6 +3962,7 @@ import {
   loadJwt, ensureFreshJwt, detectRepo, loadConfig, route, tag,
   reconstructContent, readStdin, findNearestDeps, filePathFromToolInput, log,
   outputJson, outputEmpty, setupCursorHookSignals, isEditTool, hookSessionId, dispatchFinding, dispatchCapture, dispatchScanResult, extractTranscript, emitBlockScanFindings, resolveTranscriptPath, GATEWAY_URL,
+  isCursorHookFormat,
 } from './_synkro-common.ts';
 import { basename } from 'node:path';
 import { readFileSync } from 'node:fs';
@@ -3961,6 +3993,9 @@ async function main() {
       return;
     }
+    const _m = String(payload.model ?? payload.model_id ?? '');
+    if (!isCursorHookFormat() && _m && !_m.startsWith('claude-')) { outputEmpty(); return; }
     const toolInput = payload.tool_input || {};
     const sessionId = hookSessionId(payload);
     const workspaceRoots = Array.isArray(payload.workspace_roots) ? payload.workspace_roots as string[] : [];
@@ -4165,11 +4200,16 @@ async function main() {
       const cveIds = findings.slice(0, 10).map((f: any) =>
         (f.aliases || []).find((a: string) => a.startsWith('CVE-')) || f.id || 'unknown'
       );
+      let cveCcModel: string | undefined = String(payload.model ?? payload.model_id ?? '') || undefined;
+      if (!cveCcModel && transcriptPath) {
+        try { cveCcModel = extractTranscript(transcriptPath).ccModel || undefined; } catch {}
+      }
       dispatchCapture(jwt, 'cve', 'block', 'critical', 'security',
         toolName, gitRepo, sessionId, config.captureDepth, {
           command: 'edit ' + filePath,
           reasoning: top3,
           violatedRules: cveIds,
+          ccModel: cveCcModel,
         });
       dispatchScanResult(jwt, {
         session_id: sessionId, file_path: filePath, scan_type: 'cve',
@@ -4218,6 +4258,9 @@ async function main() {
     if (!input.trim()) { outputEmpty(); return; }
     const payload = JSON.parse(input);
+    const _m = String(payload.model ?? payload.model_id ?? '');
+    if (!isCursorHookFormat() && _m && !_m.startsWith('claude-')) { outputEmpty(); return; }
     const toolInput = payload.tool_input || {};
     const command = typeof payload.command === 'string' ? payload.command : (toolInput.command || '');
     if (!command) { outputEmpty(); return; }
@@ -4320,7 +4363,7 @@ import {
   extractTranscript, readLastPrompt, appendSessionAction, readSessionLog, compressSessionLog, log,
   outputJson, outputEmpty, setupCursorHookSignals, isShellTool, hookSessionId, GATEWAY_URL,
   logGraderUnavailable, filterRules, ruleFilterText, normalizeMode, appendLocalTelemetry, isSafeInRepoRead,
-  hashCommand, resolveTranscriptPath,
+  hashCommand, resolveTranscriptPath, isCursorHookFormat,
   type HookConfig, type Rule,
 } from './_synkro-common.ts';
 import { createHash } from 'node:crypto';
@@ -4371,6 +4414,9 @@ async function main() {
       return;
     }
+    const _m = String(payload.model ?? payload.model_id ?? '');
+    if (!isCursorHookFormat() && _m && !_m.startsWith('claude-')) { outputEmpty(); return; }
     const toolInput = payload.tool_input || {};
     const sessionId = hookSessionId(payload);
     const toolUseId = payload.tool_use_id || '';
@@ -4610,11 +4656,11 @@ import {
   parseVerdict, dispatchCapture, ruleMode, postWithRetry, readStdin,
   extractTranscript, readLastPrompt, appendSessionAction, readSessionLog, compressSessionLog, log,
   outputJson, outputEmpty, setupCursorHookSignals, isAgentTool, hookSessionId, GATEWAY_URL,
-  logGraderUnavailable, filterRules, normalizeMode, resolveTranscriptPath,
+  logGraderUnavailable, filterRules, normalizeMode, resolveTranscriptPath, isCursorInvokingCcHook,
   type HookConfig, type Rule,
 } from './_synkro-common.ts';
-const agentKind = process.env.SYNKRO_HOOK_FORMAT === 'cursor' ? 'cursor' : 'claude_code';
+const agentKind = (process.env.SYNKRO_HOOK_FORMAT === 'cursor' || process.argv.includes('--cursor')) ? 'cursor' : 'claude_code';
 async function main() {
   setupCursorHookSignals();
@@ -4629,6 +4675,9 @@ async function main() {
       return;
     }
+    const _m = String(payload.model ?? payload.model_id ?? '');
+    if (isCursorInvokingCcHook(agentKind, _m)) { outputEmpty(); return; }
     const toolInput = payload.tool_input || {};
     const sessionId = hookSessionId(payload);
     const toolUseId = payload.tool_use_id || '';
@@ -4789,13 +4838,13 @@ import {
   loadJwt, ensureFreshJwt, detectRepo, loadConfig, route, tag, localGrade,
   parseVerdict, dispatchCapture, appendSessionAction, readSessionLog, compressSessionLog, postWithRetry, readStdin, log,
   outputJson, outputEmpty, setupCursorHookSignals, isPlanTool, hookSessionId, GATEWAY_URL,
-  filterRules, resolveTranscriptPath,
+  filterRules, resolveTranscriptPath, isCursorInvokingCcHook,
 } from './_synkro-common.ts';
 import { existsSync, readFileSync, writeFileSync, readdirSync, statSync } from 'node:fs';
 import { join } from 'node:path';
 import { homedir } from 'node:os';
-const agentKind = process.env.SYNKRO_HOOK_FORMAT === 'cursor' ? 'cursor' : 'claude_code';
+const agentKind = (process.env.SYNKRO_HOOK_FORMAT === 'cursor' || process.argv.includes('--cursor')) ? 'cursor' : 'claude_code';
 function findLatestPlanInDir(plansDir: string): string | null {
   if (!existsSync(plansDir)) return null;
@@ -4847,6 +4896,9 @@ async function main() {
     const toolName = payload.tool_name || '';
     if (!isPlanTool(toolName)) { outputEmpty(); return; }
+    const _m = String(payload.model ?? payload.model_id ?? '');
+    if (isCursorInvokingCcHook(agentKind, _m)) { outputEmpty(); return; }
     const planFile = findLatestPlan();
     if (!planFile) { outputEmpty(); return; }
     const plan = readFileSync(planFile, 'utf-8');
@@ -5754,6 +5806,21 @@ main();
 });
 // cli/auth/stub.ts
+var stub_exports = {};
+__export(stub_exports, {
+  authenticate: () => authenticate,
+  clearCredentials: () => clearCredentials,
+  ensureValidToken: () => ensureValidToken,
+  getAccessToken: () => getAccessToken,
+  getCurrentUserId: () => getCurrentUserId,
+  getSecrets: () => getSecrets,
+  getUserInfo: () => getUserInfo,
+  isAuthenticated: () => isAuthenticated,
+  isTokenExpired: () => isTokenExpired,
+  loadCredentials: () => loadCredentials,
+  refreshToken: () => refreshToken,
+  saveCredentials: () => saveCredentials
+});
 import { createServer } from "http";
 import { writeFileSync as writeFileSync4, readFileSync as readFileSync4, existsSync as existsSync4, mkdirSync as mkdirSync4, unlinkSync as unlinkSync2 } from "fs";
 import { homedir as homedir4, platform } from "os";
@@ -5960,6 +6027,17 @@ function isAuthenticated() {
     return true;
   }
 }
+function getCurrentUserId() {
+  const creds = loadCredentials();
+  if (!creds) {
+    throw new Error("Not authenticated");
+  }
+  const decoded = jwt.decode(creds.access_token);
+  if (!decoded?.sub) {
+    throw new Error("Invalid token");
+  }
+  return decoded.sub;
+}
 function getUserInfo() {
   const creds = loadCredentials();
   if (!creds) {
@@ -6044,6 +6122,15 @@ function clearCredentials() {
     unlinkSync2(AUTH_FILE);
   }
 }
+async function getSecrets(userId, integrationId) {
+  return {
+    AWS_ACCESS_KEY_ID: process.env.USER_AWS_KEY || "",
+    AWS_SECRET_ACCESS_KEY: process.env.USER_AWS_SECRET || "",
+    AWS_REGION: process.env.USER_AWS_REGION || "us-east-1",
+    HF_TOKEN: process.env.USER_HF_TOKEN || "",
+    LANGSMITH_API_KEY: process.env.USER_LANGSMITH_KEY || ""
+  };
+}
 var PORT, RAW_WEB_AUTH_URL, SYNKRO_WEB_AUTH_URL, AUTH_FILE, RAW_API_URL, SYNKRO_API_URL, ERROR_HTML, refreshPromise;
 var init_stub = __esm({
   "cli/auth/stub.ts"() {
@@ -7889,7 +7976,7 @@ function writeConfigEnv(opts) {
     `SYNKRO_CREDENTIALS_PATH=${shellQuoteSingle(credsPath)}`,
     `SYNKRO_TIER=${shellQuoteSingle(safeTier)}`,
     `SYNKRO_INFERENCE=${shellQuoteSingle(safeInference)}`,
-    `SYNKRO_VERSION=${shellQuoteSingle("1.6.29")}`
+    `SYNKRO_VERSION=${shellQuoteSingle("1.6.31")}`
   ];
   if (safeSynkroBin) lines.push(`SYNKRO_CLI_BIN=${shellQuoteSingle(safeSynkroBin)}`);
   if (safeUserId) lines.push(`SYNKRO_USER_ID=${shellQuoteSingle(safeUserId)}`);
@@ -8325,7 +8412,7 @@ async function installCommand(opts = {}) {
         const ingestResp = await fetch(`http://127.0.0.1:${hostMcpPort}/api/ingest`, {
           method: "POST",
           headers: { "Content-Type": "application/json", Authorization: `Bearer ${mcpJwt}` },
-          body: JSON.stringify({ capture_type: "local_verdict", event_id: `healthcheck_${Date.now()}`, verdict: "pass", severity: "clean", hook_type: "install", tool_name: "healthcheck" }),
+          body: JSON.stringify({ capture_type: "healthcheck", event_id: `healthcheck_${Date.now()}` }),
           signal: AbortSignal.timeout(5e3)
         });
         if (ingestResp.ok) {
@@ -10641,7 +10728,6 @@ var init_config = __esm({
 import { readFileSync as readFileSync13, existsSync as existsSync16 } from "fs";
 import { resolve as resolve2 } from "path";
 var envCandidates = [
-  resolve2(process.cwd(), ".env"),
   resolve2(process.env.HOME ?? "", ".synkro", "config.env")
 ];
 for (const envPath of envCandidates) {
@@ -10661,7 +10747,7 @@ var args = process.argv.slice(2);
 var cmd = args[0] || "";
 var subArgs = args.slice(1);
 function printVersion() {
-  console.log("1.6.29");
+  console.log("1.6.31");
 }
 function printHelp2() {
   console.log(`Synkro CLI \u2014 runtime safety for AI coding agents
@@ -10707,6 +10793,23 @@ async function main() {
       disconnectCommand2(subArgs);
       break;
     }
+    case "login": {
+      const { authenticate: authenticate2, isAuthenticated: isAuthenticated2 } = await Promise.resolve().then(() => (init_stub(), stub_exports));
+      if (isAuthenticated2()) {
+        console.log("Already authenticated.");
+      } else {
+        console.log("Opening browser for Synkro auth...");
+        const result = await authenticate2((status) => {
+          if (status.phase === "success") console.log("  \u2713 Authenticated");
+          else if (status.phase === "error") console.error("  \u2717 " + status.message);
+        });
+        if (!result) {
+          console.error("Authentication failed.");
+          process.exit(1);
+        }
+      }
+      break;
+    }
     case "grade": {
       const { gradeCommand: gradeCommand2 } = await Promise.resolve().then(() => (init_grade(), grade_exports));
       await gradeCommand2(subArgs);