npm - @synkro-sh/cli - Versions diffs - 1.6.4 → 1.6.5 - Mend

@synkro-sh/cli 1.6.4 → 1.6.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/bootstrap.js CHANGED Viewed

@@ -2232,7 +2232,7 @@ async function main() {
         'Last user prompt: ' + (lastPrompt || 'none'),
         'Org rules: ' + JSON.stringify(relevantRules),
         'IMPORTANT: If a rule is violated, ALWAYS return ok=false with the rule_id and reason, regardless of the rule mode. Do NOT pass a command just because the rule mode is "fix". The enforcement layer handles ask vs fix \u2014 your job is only to detect violations.',
-        'When passing (ok=true), for EVERY rule: state whether it is relevant to this edit, and if relevant, why it passes. Format: "R001 (not relevant: no deployment). R003 relevant: no hardcoded secrets in file." Cover ALL rules \u2014 do not skip any. Be terse but specific per rule.',
+        'The rules shown were pre-selected as the ones relevant to this edit \u2014 every rule here IS relevant, do not label any "not relevant". When passing (ok=true), give a terse, specific reason each rule passes. Format: "R003: no hardcoded secrets in file. R005: in-repo path only." Cover every rule shown.',
       ].join('\\n');
       let gradeResp: string;
@@ -3000,7 +3000,7 @@ import {
   parseVerdict, dispatchCapture, dispatchFinding, ruleMode, postWithRetry, readStdin,
   extractTranscript, readLastPrompt, appendSessionAction, readSessionLog, compressSessionLog, log,
   outputJson, outputEmpty, setupCursorHookSignals, isShellTool, hookSessionId, GATEWAY_URL,
-  logGraderUnavailable, isPathUnder, filterRules, normalizeMode,
+  logGraderUnavailable, filterRules, normalizeMode, appendLocalTelemetry, isSafeInRepoRead,
   type HookConfig, type Rule,
 } from './_synkro-common.ts';
@@ -3061,108 +3061,6 @@ async function main() {
       return;
     }
-    // ─── Hook-side short-circuit for safe in-repo reads ───
-    // The judge primer already deterministically allows these, but the round
-    // trip + batch queue still costs 1–25s per call. Skipping the grade for
-    // unambiguously read-only operations removes that latency for ~half of
-    // typical commands (cat/grep/git status/ls/etc.) and unblocks the worker
-    // pool to grade the operations that actually need judgment.
-    // Returning FALSE just means "don't short-circuit — let the LLM grade it."
-    // Never blocks. The judge sees the command, applies rules, returns its
-    // own verdict. Path scoping below: STRICT, only short-circuit when every
-    // absolute path is under the linked repo root.
-    function isSafeBashSegment(seg: string, repoRoot: string): boolean {
-      const UNSAFE_CHARS = ['>', ';', '&', '\`'];
-      for (const ch of UNSAFE_CHARS) { if (seg.indexOf(ch) !== -1) return false; }
-      const padded = ' ' + seg + ' ';
-      const UNSAFE_WORDS = [
-        ' sudo ', ' su ', ' rm ', ' mv ', ' cp ', ' chmod ', ' chown ',
-        ' tee ', ' kill ', ' sed -i', ' sed --in-place',
-        ' sh -c', ' bash -c', ' zsh -c', ' eval ', ' exec ',
-        '\$(',
-      ];
-      for (const w of UNSAFE_WORDS) { if (padded.indexOf(w) !== -1) return false; }
-      // Narrowed verb set. Removed:
-      //   awk:  has system() / |& shell-spawn
-      //   env:  \`env FOO=bar evil_cmd\` runs evil_cmd
-      //   sed:  scripting + -i write capability; not worth parsing
-      const SAFE_VERBS = new Set([
-        'cat','head','tail','less','more','grep','egrep','fgrep','rg','ag',
-        'find','fd','ls','wc','cmp','diff','file','stat','which','whereis','type',
-        'pwd','whoami','id','date','echo','printf','true','false',
-        'jq','yq','sort','uniq','cut','tr','xxd','hexdump','od','column',
-        'node','npm','pnpm','yarn','bun','python','python3','ruby','go','rustc','cargo',
-        'git',
-      ]);
-      const tokens = seg.trim().split(' ').filter(t => t.length > 0);
-      const verb = tokens[0] || '';
-      if (!SAFE_VERBS.has(verb)) return false;
-      // find/fd: reject any execution / mutation action flag.
-      if (verb === 'find' || verb === 'fd') {
-        const BAD = new Set([
-          '-exec','-execdir','-ok','-okdir','-delete',
-          '-fprint','-fprintf','-fprint0','-fls',
-          '--exec','--exec-batch',
-        ]);
-        for (const t of tokens) { if (BAD.has(t)) return false; }
-      }
-      // git: only pure-read subcommands. branch/tag/remote/config dropped —
-      // each has flag combinations that mutate state.
-      if (verb === 'git') {
-        const SAFE_GIT = new Set([
-          'log','show','diff','blame','status','rev-parse',
-          'ls-files','ls-tree','cat-file','shortlog','reflog',
-          'describe','symbolic-ref','--version',
-        ]);
-        const sub = tokens[1] || '';
-        if (!SAFE_GIT.has(sub)) return false;
-      } else if (['npm','pnpm','yarn','bun','cargo','go'].includes(verb)) {
-        const sub = tokens[1] || '';
-        const SAFE_PKG = new Set([
-          '--version','-v','version','list','ls','why','view','show','info','outdated',
-          '-h','--help','help',
-        ]);
-        if (!SAFE_PKG.has(sub)) return false;
-      } else if (['node','python','python3','ruby','rustc'].includes(verb)) {
-        const sub = tokens[1] || '';
-        if (sub !== '--version' && sub !== '-v' && sub !== '-V') return false;
-      }
-      // STRICT path scoping. Absolute paths MUST resolve under repoRoot.
-      // Home-relative (~/...) paths fall through to the LLM. Relative paths
-      // are implicitly under cwd which is the repo root for the agent session.
-      if (!repoRoot) return false;
-      for (let i = 1; i < tokens.length; i++) {
-        const t = tokens[i];
-        const stripped = t.replace(/^['"]/, '').replace(/['"]$/, '');
-        if (stripped.startsWith('~')) return false;
-        if (stripped.startsWith('/')) {
-          if (!isPathUnder(stripped, repoRoot)) return false;
-        }
-      }
-      return true;
-    }
-    function isSafeInRepoRead(tName: string, cmd: string, repoRoot: string): boolean {
-      if (tName === 'Read' || tName === 'Grep' || tName === 'Glob') return true;
-      if (tName !== 'Bash' && tName !== 'Shell' && tName !== 'terminal' &&
-          tName !== 'run_terminal_cmd' && tName !== 'execute_command') return false;
-      if (!cmd || !repoRoot) return false;
-      // Allow pipes only if EVERY segment is safe on its own. Catches
-      // \`grep ... | head\`, \`cat foo | wc -l\`, \`git log | less\`, etc.
-      // Empty segments (from \`||\`) cause rejection.
-      const segments = cmd.split('|');
-      for (const seg of segments) {
-        const t = seg.trim();
-        if (t.length === 0) return false;
-        if (!isSafeBashSegment(t, repoRoot)) return false;
-      }
-      return true;
-    }
     if (isSafeInRepoRead(toolName, command, cwd)) {
       log('bashGuard ' + cmdShort + ' → instant allow (safe in-repo read)');
       appendLocalTelemetry({
@@ -3309,7 +3207,7 @@ async function main() {
         'Last user prompt: ' + (lastPrompt || 'none'),
         'Org rules: ' + JSON.stringify(relevantRules),
         'IMPORTANT: If a rule is violated, ALWAYS return ok=false with the rule_id and reason, regardless of the rule mode. Do NOT pass a command just because the rule mode is "fix". The enforcement layer handles ask vs fix — your job is only to detect violations.',
-        'When passing (ok=true), for EVERY rule: state whether it is relevant to this command, and if relevant, why it passes. Format: "R001 (not relevant: no deployment). R003 relevant: no secrets in grep args. R005 relevant: in-repo path only." Cover ALL rules — do not skip any. Be terse but specific per rule.',
+        'The rules shown were pre-selected as the ones relevant to this command — every rule here IS relevant, do not label any "not relevant". When passing (ok=true), give a terse, specific reason each rule passes. Format: "R003: no secrets in grep args. R005: in-repo path only." Cover every rule shown.',
         'Rules with preconditions (e.g. "run X before Y") are CONSUMED after the protected action completes. Use the session history timestamps to determine ordering: a precondition satisfied before the last occurrence of the protected action does NOT satisfy the next occurrence. Each new protected action needs its precondition re-satisfied.',
       ].filter(Boolean).join('\\n');
@@ -4363,7 +4261,7 @@ async function main() {
         'Last user prompt: ' + (lastPrompt || 'none'),
         'Org rules: ' + JSON.stringify(relevantRules),
         'IMPORTANT: If a rule is violated, ALWAYS return ok=false with the rule_id and reason, regardless of the rule mode. Do NOT pass a command just because the rule mode is "fix". The enforcement layer handles ask vs fix \u2014 your job is only to detect violations.',
-        'When passing (ok=true), for EVERY rule: state whether it is relevant to this command, and if relevant, why it passes. Format: "R001 (not relevant: no deployment). R003 relevant: no secrets in grep args. R005 relevant: in-repo path only." Cover ALL rules \u2014 do not skip any. Be terse but specific per rule.',
+        'The rules shown were pre-selected as the ones relevant to this command \u2014 every rule here IS relevant, do not label any "not relevant". When passing (ok=true), give a terse, specific reason each rule passes. Format: "R003: no secrets in grep args. R005: in-repo path only." Cover every rule shown.',
         'Rules with preconditions (e.g. "run X before Y") are CONSUMED after the protected action completes. Use the session history timestamps to determine ordering: a precondition satisfied before the last occurrence of the protected action does NOT satisfy the next occurrence. Each new protected action needs its precondition re-satisfied.',
       ].filter(Boolean).join('\\n');
@@ -4398,7 +4296,7 @@ async function main() {
         });
       } else {
         dispatchCapture(jwt, 'bash', 'pass', 'clean', verdict.category || 'clean',
-          'Bash', gitRepo, sessionId, config.captureDepth, {
+          'Bash', repo, sessionId, config.captureDepth, {
             command, reasoning: verdict.reason || 'no policy violations detected',
             rulesChecked: config.rules, violatedRules: [],
             ccModel: model,
@@ -6429,7 +6327,7 @@ function writeConfigEnv(opts) {
     `SYNKRO_CREDENTIALS_PATH=${shellQuoteSingle(credsPath)}`,
     `SYNKRO_TIER=${shellQuoteSingle(safeTier)}`,
     `SYNKRO_INFERENCE=${shellQuoteSingle(safeInference)}`,
-    `SYNKRO_VERSION=${shellQuoteSingle("1.6.4")}`
+    `SYNKRO_VERSION=${shellQuoteSingle("1.6.5")}`
   ];
   if (safeSynkroBin) lines.push(`SYNKRO_CLI_BIN=${shellQuoteSingle(safeSynkroBin)}`);
   if (safeUserId) lines.push(`SYNKRO_USER_ID=${shellQuoteSingle(safeUserId)}`);
@@ -7916,7 +7814,7 @@ var args = process.argv.slice(2);
 var cmd = args[0] || "";
 var subArgs = args.slice(1);
 function printVersion() {
-  console.log("1.6.4");
+  console.log("1.6.5");
 }
 function printHelp() {
   console.log(`Synkro CLI \u2014 runtime safety for AI coding agents