@synkro-sh/cli 1.6.43 → 1.6.45

package/dist/bootstrap.js

@@ -350,13 +350,13 @@ function installCursorHooks(hooksJsonPath, config) {
   });
   h.beforeShellExecution.push({
     command: cursorCcCmd(config.cwePrecheckScriptPath),
-    timeout: 60,
+    timeout: 30,
     failClosed: false,
     [SYNKRO_MARKER2]: true
   });
   h.beforeShellExecution.push({
     command: bunRunCmd(config.bashJudgeScriptPath),
-    timeout: 15,
+    timeout: 30,
     failClosed: false,
     [SYNKRO_MARKER2]: true
   });
@@ -371,36 +371,36 @@ function installCursorHooks(hooksJsonPath, config) {
   });
   h.preToolUse.push({
     command: cursorCcCmd(config.cwePrecheckScriptPath),
-    timeout: 60,
+    timeout: 30,
     failClosed: false,
     matcher: "Shell|Bash|terminal|run_terminal_cmd|execute_command",
     [SYNKRO_MARKER2]: true
   });
   h.preToolUse.push({
     command: bunRunCmd(config.bashJudgeScriptPath),
-    timeout: 15,
+    timeout: 30,
     failClosed: false,
     matcher: "Shell|Bash|Read|ReadFile|Grep|Glob|terminal|run_terminal_cmd|execute_command|read_file|grep_search|file_search|list_dir|codebase_search|delete_file",
     [SYNKRO_MARKER2]: true
   });
   pushCcHook(h, "preToolUse", config.editPrecheckScriptPath, {
-    timeout: 15,
+    timeout: 30,
     matcher: "Write|Edit|StrReplace|MultiEdit|NotebookEdit|edit_file|reapply|edit_notebook|ApplyPatch|apply_patch"
   });
   pushCcHook(h, "preToolUse", config.cwePrecheckScriptPath, {
-    timeout: 60,
+    timeout: 30,
     matcher: "Write|Edit|StrReplace|MultiEdit|NotebookEdit|edit_file|reapply|edit_notebook|ApplyPatch|apply_patch"
   });
   pushCcHook(h, "preToolUse", config.cvePrecheckScriptPath, {
-    timeout: 20,
+    timeout: 10,
     matcher: "Write|Edit|StrReplace|MultiEdit|NotebookEdit|edit_file|reapply|edit_notebook|ApplyPatch|apply_patch"
   });
   pushCcHook(h, "preToolUse", config.agentJudgeScriptPath, {
-    timeout: 15,
+    timeout: 30,
     matcher: "Agent|Task"
   });
   pushCcHook(h, "preToolUse", config.planJudgeScriptPath, {
-    timeout: 20,
+    timeout: 45,
     matcher: "ExitPlanMode|SwitchMode|CreatePlan"
   });
   h.afterFileEdit = h.afterFileEdit ?? [];
@@ -1499,7 +1499,12 @@ async function cloudGrade(surface: string, prompt: string, jwt: string, timeoutM
   return String(data.verdict || '');
 }
 
-export async function localGrade(surface: string, prompt: string, timeoutMs = 30000, agentKind: AgentKind = 'claude_code'): Promise<string> {
+// Default 24s \u2014 MUST stay below the CC hook timeout (30s for edit/bash/cwe in
+// ccHookConfig.ts) so the AbortSignal fires and the caller's catch fails open
+// cleanly. If this matches or exceeds the CC budget, CC force-kills the bun
+// process mid-fetch (exit 142 / SIGALRM) and surfaces the in-flight grader
+// prompt as a hook error instead of a clean pass.
+export async function localGrade(surface: string, prompt: string, timeoutMs = 24000, agentKind: AgentKind = 'claude_code'): Promise<string> {
   const jwt = loadJwt();
   if (!jwt) throw new Error('NO_JWT');
   // BYOK grading mode routes the grade through an LLM API instead of the
@@ -1511,7 +1516,10 @@ export async function localGrade(surface: string, prompt: string, timeoutMs = 30
   return channelGrade(ROLE_MAP[surface] || 'grade-edit', prompt, jwt, 18929, timeoutMs, agentKind);
 }
 
-export async function localGradeCwe(prompt: string, agentKind: AgentKind = 'claude_code', timeoutMs = 45000): Promise<string> {
+// Default 24s \u2014 was 45000, which EXCEEDED the CC cwe hook timeout (30s) and
+// guaranteed a force-kill on any slow grade. Two cwe chunks grade in parallel
+// within the same CC budget, so each must finish well under it.
+export async function localGradeCwe(prompt: string, agentKind: AgentKind = 'claude_code', timeoutMs = 24000): Promise<string> {
   const jwt = loadJwt();
   if (!jwt) throw new Error('NO_JWT');
   return channelGrade('grade-cwe', prompt, jwt, 18930, timeoutMs, agentKind);
@@ -3210,6 +3218,7 @@ export function isCursorInvokingCcHook(agentKind: string, model: string): boolea
 }
 
 let cursorHookExited = false;
+let hookFinalized = false;
 
 export function setupCursorHookSignals(): void {
   if (!isCursorHookFormat()) return;
@@ -3218,9 +3227,28 @@ export function setupCursorHookSignals(): void {
 
 function cursorHookExit(): never {
   cursorHookExited = true;
+  hookFinalized = true;
   process.exit(0);
 }
 
+// Self-imposed deadline. CC/Cursor kill the hook process at the configured hook
+// timeout with a signal; if a grade fetch is still in flight when that happens,
+// the runtime dumps the in-flight request body (the grader prompt) to stderr and
+// exits non-zero \u2014 surfacing as a "hook error" toast with leaked prompt text.
+// To prevent that, each grading hook arms this watchdog a few seconds UNDER its
+// configured budget: when it fires we emit a clean empty result and exit 0
+// ourselves, so the harness never has to kill us. The timer is unref'd, so a
+// hook that finishes early exits normally and the watchdog never runs.
+export function installHookWatchdog(budgetMs: number): void {
+  const t = setTimeout(() => {
+    if (hookFinalized) return;
+    hookFinalized = true;
+    try { process.stdout.write('{}\\n'); } catch {}
+    process.exit(0);
+  }, budgetMs);
+  if (typeof (t as any).unref === 'function') (t as any).unref();
+}
+
 // \u2500\u2500\u2500 Grader-unavailable diagnostic log \u2500\u2500\u2500
 // Records every time a hook tried to call the local grader and fell open
 // because the call failed. JSONL at ~/.synkro/grader-unavailable.log so the
@@ -3300,6 +3328,8 @@ export function outputJson(obj: any): void {
     outputEmpty();
     return;
   }
+  if (hookFinalized) return;
+  hookFinalized = true;
   console.log(JSON.stringify(obj));
 }
 
@@ -3311,6 +3341,8 @@ export function outputEmpty(): void {
     }
     cursorHookExit();
   }
+  if (hookFinalized) return;
+  hookFinalized = true;
   console.log('{}');
 }
 `;
@@ -3320,7 +3352,7 @@ import {
   parseVerdict, dispatchCapture, ruleMode, reconstructContent, isPathUnder, postWithRetry,
   readStdin, extractTranscript, readLastPrompt, findNearestDeps, filePathFromToolInput,
   appendSessionAction, readSessionLog, compressSessionLog, log,
-  outputJson, outputEmpty, setupCursorHookSignals, isEditTool, hookSessionId, GATEWAY_URL,
+  outputJson, outputEmpty, setupCursorHookSignals, installHookWatchdog, isEditTool, hookSessionId, GATEWAY_URL,
   logGraderUnavailable, graderUnavailableMessage, filterRules, ruleFilterText, normalizeMode, countEditLineDelta,
   captureLineMetrics, cursorModelFromPayload, resolveTranscriptPath, isCursorInvokingCcHook,
   loadSynkroFile, effectiveGraderPool,
@@ -3333,6 +3365,7 @@ const agentKind = (process.env.SYNKRO_HOOK_FORMAT === 'cursor' || process.argv.i
 
 async function main() {
   setupCursorHookSignals();
+  installHookWatchdog(27000);
   try {
     const input = await readStdin();
     if (!input.trim()) { outputEmpty(); return; }
@@ -3455,7 +3488,7 @@ async function main() {
         'Last user prompt: ' + (lastPrompt || 'none'),
         'Org rules: ' + JSON.stringify(relevantRules),
         'IMPORTANT: If a rule is violated, ALWAYS return ok=false with the rule_id and reason, regardless of the rule mode. Do NOT pass a command just because the rule mode is "fix". The enforcement layer handles ask vs fix \u2014 your job is only to detect violations.',
-        'CRITICAL: The user requesting or instructing an action does NOT exempt it from rules. Even if the user explicitly said "drop the database" or "delete everything", you MUST still flag the rule violation on first encounter. User intent is NOT consent. However, for ask-mode rules ONLY: if the session history shows a prior block for the SAME rule AND the user explicitly consented after seeing that block, subsequent commands covered by that same rule may pass \u2014 but each distinct command is consumed once. Look for the sequence: block event \u2192 user acknowledgment \u2192 retry. Once a specific command has successfully executed under that consent, it is consumed. If the same command appears again later, it requires fresh consent (a new block \u2192 consent cycle). Example: R012 covers deploy, publish, push. Block on deploy \u2192 user consents \u2192 deploy passes (consumed), publish passes (consumed), push passes (consumed). A later deploy triggers a fresh block. A user's initial instruction is NEVER consent \u2014 only a response to a shown block counts.',
+        'CRITICAL: The user requesting or instructing an action does NOT exempt it from rules. Even if the user explicitly said "drop the database" or "delete everything", you MUST still flag the rule violation on first encounter. User intent is NOT consent. However, for ask-mode rules ONLY: if the session history shows a prior block for the SAME rule AND the user explicitly consented after seeing that block, subsequent commands covered by that same rule may pass \u2014 but each distinct command is consumed once. Look for the sequence: block event \u2192 user acknowledgment \u2192 retry. Once a specific command has successfully executed under that consent, it is consumed. If the same command appears again later, it requires fresh consent (a new block \u2192 consent cycle). Example: R012 covers deploy, publish, push. Block on deploy \u2192 user consents \u2192 deploy passes (consumed), publish passes (consumed), push passes (consumed). A later deploy triggers a fresh block. An initial user instruction is NEVER consent \u2014 only a response to a shown block counts.',
         'The rules shown were pre-selected as the ones relevant to this edit \u2014 every rule here IS relevant, do not label any "not relevant". When passing (ok=true), give a terse, specific reason each rule passes. Format: "R003: no hardcoded secrets in file. R005: in-repo path only." Cover every rule shown.',
       ].join('\\n');
 
@@ -3577,7 +3610,7 @@ main();
 import {
   loadJwt, ensureFreshJwt, detectRepo, loadConfig, cweRoute, tag,
   localGradeCwe, parseVerdict, reconstructContent, readStdin, log,
-  outputJson, outputEmpty, setupCursorHookSignals, isEditTool, isShellTool, isCursorHookFormat,
+  outputJson, outputEmpty, setupCursorHookSignals, installHookWatchdog, isEditTool, isShellTool, isCursorHookFormat,
   extractShellCodeWrites, hookSessionId, filePathFromToolInput, emitBlockScanFindings, dispatchFinding, dispatchCapture, GATEWAY_URL,
   logGraderUnavailable, graderUnavailableMessage, resolveTranscriptPath, isCursorInvokingCcHook,
   loadSynkroFile, effectiveGraderPool,
@@ -3717,6 +3750,7 @@ function scanPackageCapabilities(pkgName: string, cwd: string): PackageCapabilit
 
 async function main() {
   setupCursorHookSignals();
+  installHookWatchdog(27000);
   try {
     const input = await readStdin();
     if (!input.trim()) { outputEmpty(); return; }
@@ -4540,7 +4574,7 @@ import {
   loadJwt, ensureFreshJwt, detectRepo, loadConfig, route, tag, localGrade,
   parseVerdict, dispatchCapture, dispatchFinding, ruleMode, postWithRetry, readStdin,
   extractTranscript, readLastPrompt, appendSessionAction, readSessionLog, compressSessionLog, log,
-  outputJson, outputEmpty, setupCursorHookSignals, isShellTool, hookSessionId, GATEWAY_URL,
+  outputJson, outputEmpty, setupCursorHookSignals, installHookWatchdog, isShellTool, hookSessionId, GATEWAY_URL,
   logGraderUnavailable, graderUnavailableMessage, filterRules, ruleFilterText, normalizeMode, appendLocalTelemetry, isSafeInRepoRead,
   loadSynkroFile, effectiveGraderPool,
   hashCommand, resolveTranscriptPath, isCursorHookFormat,
@@ -4583,6 +4617,7 @@ function isDuplicate(command: string, sessionId: string): boolean {
 
 async function main() {
   setupCursorHookSignals();
+  installHookWatchdog(27000);
   try {
     const input = await readStdin();
     if (!input.trim()) { outputEmpty(); return; }
@@ -4714,7 +4749,7 @@ async function main() {
         'Org rules: ' + JSON.stringify(relevantRules),
         scanConcern,
         'IMPORTANT: If a rule is violated, ALWAYS return ok=false with the rule_id and reason, regardless of the rule mode. Do NOT pass a command just because the rule mode is "fix". The enforcement layer handles ask vs fix — your job is only to detect violations.',
-        'CRITICAL: The user requesting or instructing an action does NOT exempt it from rules. Even if the user explicitly said "drop the database" or "delete everything", you MUST still flag the rule violation on first encounter. User intent is NOT consent. However, for ask-mode rules ONLY: if the session history shows a prior block for the SAME rule AND the user explicitly consented after seeing that block, subsequent commands covered by that same rule may pass — but each distinct command is consumed once. Look for the sequence: block event → user acknowledgment → retry. Once a specific command has successfully executed under that consent, it is consumed. If the same command appears again later, it requires fresh consent (a new block → consent cycle). Example: R012 covers deploy, publish, push. Block on deploy → user consents → deploy passes (consumed), publish passes (consumed), push passes (consumed). A later deploy triggers a fresh block. A user\'s initial instruction is NEVER consent — only a response to a shown block counts.',
+        'CRITICAL: The user requesting or instructing an action does NOT exempt it from rules. Even if the user explicitly said "drop the database" or "delete everything", you MUST still flag the rule violation on first encounter. User intent is NOT consent. However, for ask-mode rules ONLY: if the session history shows a prior block for the SAME rule AND the user explicitly consented after seeing that block, subsequent commands covered by that same rule may pass — but each distinct command is consumed once. Look for the sequence: block event → user acknowledgment → retry. Once a specific command has successfully executed under that consent, it is consumed. If the same command appears again later, it requires fresh consent (a new block → consent cycle). Example: R012 covers deploy, publish, push. Block on deploy → user consents → deploy passes (consumed), publish passes (consumed), push passes (consumed). A later deploy triggers a fresh block. An initial user instruction is NEVER consent — only a response to a shown block counts.',
         'The rules shown were pre-selected as the ones relevant to this command — every rule here IS relevant, do not label any "not relevant". When passing (ok=true), give a terse, specific reason each rule passes. Format: "R003: no secrets in grep args. R005: in-repo path only." Cover every rule shown.',
         'Rules with preconditions (e.g. "run X before Y") are CONSUMED after the protected action completes. Use the session history timestamps to determine ordering: a precondition satisfied before the last occurrence of the protected action does NOT satisfy the next occurrence. Each new protected action needs its precondition re-satisfied.',
       ].filter(Boolean).join('\\n');
@@ -4837,7 +4872,7 @@ import {
   loadJwt, ensureFreshJwt, detectRepo, loadConfig, route, tag, localGrade,
   parseVerdict, dispatchCapture, ruleMode, postWithRetry, readStdin,
   extractTranscript, readLastPrompt, appendSessionAction, readSessionLog, compressSessionLog, log,
-  outputJson, outputEmpty, setupCursorHookSignals, isAgentTool, hookSessionId, GATEWAY_URL,
+  outputJson, outputEmpty, setupCursorHookSignals, installHookWatchdog, isAgentTool, hookSessionId, GATEWAY_URL,
   logGraderUnavailable, graderUnavailableMessage, filterRules, normalizeMode, resolveTranscriptPath, isCursorInvokingCcHook,
   loadSynkroFile, effectiveGraderPool,
   type HookConfig, type Rule,
@@ -4847,6 +4882,7 @@ const agentKind = (process.env.SYNKRO_HOOK_FORMAT === 'cursor' || process.argv.i
 
 async function main() {
   setupCursorHookSignals();
+  installHookWatchdog(27000);
   try {
     const input = await readStdin();
     if (!input.trim()) { outputEmpty(); return; }
@@ -4926,7 +4962,7 @@ async function main() {
         'Last user prompt: ' + (lastPrompt || 'none'),
         'Org rules: ' + JSON.stringify(relevantRules),
         'IMPORTANT: If a rule is violated, ALWAYS return ok=false with the rule_id and reason, regardless of the rule mode. Do NOT pass a command just because the rule mode is "fix". The enforcement layer handles ask vs fix \u2014 your job is only to detect violations.',
-        'CRITICAL: The user requesting or instructing an action does NOT exempt it from rules. Even if the user explicitly said "drop the database" or "delete everything", you MUST still flag the rule violation on first encounter. User intent is NOT consent. However, for ask-mode rules ONLY: if the session history shows a prior block for the SAME rule AND the user explicitly consented after seeing that block, subsequent commands covered by that same rule may pass \u2014 but each distinct command is consumed once. Look for the sequence: block event \u2192 user acknowledgment \u2192 retry. Once a specific command has successfully executed under that consent, it is consumed. If the same command appears again later, it requires fresh consent (a new block \u2192 consent cycle). Example: R012 covers deploy, publish, push. Block on deploy \u2192 user consents \u2192 deploy passes (consumed), publish passes (consumed), push passes (consumed). A later deploy triggers a fresh block. A user's initial instruction is NEVER consent \u2014 only a response to a shown block counts.',
+        'CRITICAL: The user requesting or instructing an action does NOT exempt it from rules. Even if the user explicitly said "drop the database" or "delete everything", you MUST still flag the rule violation on first encounter. User intent is NOT consent. However, for ask-mode rules ONLY: if the session history shows a prior block for the SAME rule AND the user explicitly consented after seeing that block, subsequent commands covered by that same rule may pass \u2014 but each distinct command is consumed once. Look for the sequence: block event \u2192 user acknowledgment \u2192 retry. Once a specific command has successfully executed under that consent, it is consumed. If the same command appears again later, it requires fresh consent (a new block \u2192 consent cycle). Example: R012 covers deploy, publish, push. Block on deploy \u2192 user consents \u2192 deploy passes (consumed), publish passes (consumed), push passes (consumed). A later deploy triggers a fresh block. An initial user instruction is NEVER consent \u2014 only a response to a shown block counts.',
       ].filter(Boolean).join('\\n');
 
       let gradeResp: string;
@@ -5024,7 +5060,7 @@ main();
 import {
   loadJwt, ensureFreshJwt, detectRepo, loadConfig, route, tag, localGrade,
   parseVerdict, dispatchCapture, appendSessionAction, readSessionLog, compressSessionLog, postWithRetry, readStdin, log,
-  outputJson, outputEmpty, setupCursorHookSignals, isPlanTool, hookSessionId, GATEWAY_URL,
+  outputJson, outputEmpty, setupCursorHookSignals, installHookWatchdog, isPlanTool, hookSessionId, GATEWAY_URL,
   filterRules, graderUnavailableMessage, resolveTranscriptPath, isCursorInvokingCcHook,
   loadSynkroFile, effectiveGraderPool,
 } from './_synkro-common.ts';
@@ -5076,6 +5112,7 @@ function appendReviewToPlan(planFile: string, verdict: string): void {
 
 async function main() {
   setupCursorHookSignals();
+  installHookWatchdog(42000);
   try {
     const input = await readStdin();
     if (!input.trim()) { outputEmpty(); return; }
@@ -5582,8 +5619,10 @@ function isDuplicate(command: string, sessionId: string): boolean {
   return false;
 }
 
-// Cursor beforeShellExecution timeout is 15s; stay under it (JWT refresh + grade).
-const CURSOR_GRADE_TIMEOUT_MS = 12000;
+// Cursor hook timeouts now match CC (30s for bash/edit/agent), so use the same
+// 24s internal grade budget as the CC path \u2014 stays under the 30s hook timeout
+// (JWT refresh + grade) and fails open cleanly via the caller's catch.
+const CURSOR_GRADE_TIMEOUT_MS = 24000;
 const CURSOR_CLOUD_TIMEOUT_MS = 9000;
 
 let hookDone = false;
@@ -5725,7 +5764,7 @@ async function main() {
         'Org rules: ' + JSON.stringify(relevantRules),
         scanConcern,
         'IMPORTANT: If a rule is violated, ALWAYS return ok=false with the rule_id and reason, regardless of the rule mode. Do NOT pass a command just because the rule mode is "fix". The enforcement layer handles ask vs fix \u2014 your job is only to detect violations.',
-        'CRITICAL: The user requesting or instructing an action does NOT exempt it from rules. Even if the user explicitly said "drop the database" or "delete everything", you MUST still flag the rule violation on first encounter. User intent is NOT consent. However, for ask-mode rules ONLY: if the session history shows a prior block for the SAME rule AND the user explicitly consented after seeing that block, subsequent commands covered by that same rule may pass \u2014 but each distinct command is consumed once. Look for the sequence: block event \u2192 user acknowledgment \u2192 retry. Once a specific command has successfully executed under that consent, it is consumed. If the same command appears again later, it requires fresh consent (a new block \u2192 consent cycle). Example: R012 covers deploy, publish, push. Block on deploy \u2192 user consents \u2192 deploy passes (consumed), publish passes (consumed), push passes (consumed). A later deploy triggers a fresh block. A user's initial instruction is NEVER consent \u2014 only a response to a shown block counts.',
+        'CRITICAL: The user requesting or instructing an action does NOT exempt it from rules. Even if the user explicitly said "drop the database" or "delete everything", you MUST still flag the rule violation on first encounter. User intent is NOT consent. However, for ask-mode rules ONLY: if the session history shows a prior block for the SAME rule AND the user explicitly consented after seeing that block, subsequent commands covered by that same rule may pass \u2014 but each distinct command is consumed once. Look for the sequence: block event \u2192 user acknowledgment \u2192 retry. Once a specific command has successfully executed under that consent, it is consumed. If the same command appears again later, it requires fresh consent (a new block \u2192 consent cycle). Example: R012 covers deploy, publish, push. Block on deploy \u2192 user consents \u2192 deploy passes (consumed), publish passes (consumed), push passes (consumed). A later deploy triggers a fresh block. An initial user instruction is NEVER consent \u2014 only a response to a shown block counts.',
         'The rules shown were pre-selected as the ones relevant to this command \u2014 every rule here IS relevant, do not label any "not relevant". When passing (ok=true), give a terse, specific reason each rule passes. Format: "R003: no secrets in grep args. R005: in-repo path only." Cover every rule shown.',
         'Rules with preconditions (e.g. "run X before Y") are CONSUMED after the protected action completes. Use the session history timestamps to determine ordering: a precondition satisfied before the last occurrence of the protected action does NOT satisfy the next occurrence. Each new protected action needs its precondition re-satisfied.',
       ].filter(Boolean).join('\\n');
@@ -8262,7 +8301,7 @@ function writeConfigEnv(opts) {
     `SYNKRO_CREDENTIALS_PATH=${shellQuoteSingle(credsPath)}`,
     `SYNKRO_TIER=${shellQuoteSingle(safeTier)}`,
     `SYNKRO_INFERENCE=${shellQuoteSingle(safeInference)}`,
-    `SYNKRO_VERSION=${shellQuoteSingle("1.6.43")}`
+    `SYNKRO_VERSION=${shellQuoteSingle("1.6.45")}`
   ];
   if (safeSynkroBin) lines.push(`SYNKRO_CLI_BIN=${shellQuoteSingle(safeSynkroBin)}`);
   if (safeUserId) lines.push(`SYNKRO_USER_ID=${shellQuoteSingle(safeUserId)}`);
@@ -8439,28 +8478,59 @@ async function installCommand(opts = {}) {
   const ghToken = null;
   setApiBaseUrl(`${gatewayUrl}/api`);
   await promptRepoConnection({ linkRepo: opts.linkRepo });
+  const existingSynkro = readFullSynkroFile();
   const detected = detectAgents();
-  if (detected.length === 0) {
-    console.error("No supported coding agents detected. Install Claude Code or Cursor first.");
-    process.exit(1);
-  }
-  console.log("Detected agents:");
-  for (const a of detected) {
-    console.log(`  \u2713 ${a.name}${a.version ? ` (${a.version})` : ""}`);
-  }
-  console.log();
-  const agents = await promptAgentSelection(detected);
-  if (agents.length < detected.length) {
-    console.log(`Installing hooks for: ${agents.map((a) => a.name).join(", ")}
+  let agents;
+  let gradingMode;
+  let storageMode;
+  let transcriptConsent = true;
+  if (existingSynkro) {
+    const wantCC = existingSynkro.harness.includes("claude-code");
+    const wantCursor = existingSynkro.harness.includes("cursor");
+    agents = detected.filter(
+      (a) => a.kind === "claude_code" && wantCC || a.kind === "cursor" && wantCursor
+    );
+    if (agents.length === 0 && detected.length > 0) agents = detected;
+    gradingMode = existingSynkro.grader.mode === "byok" ? "byok" : "local";
+    storageMode = "local";
+    console.log(`Using .synkro config:`);
+    console.log(`  harness: ${existingSynkro.harness.join(", ")}`);
+    console.log(`  grading: ${gradingMode}    pool: ${existingSynkro.grader.pool}`);
+    for (const a of agents) {
+      console.log(`  \u2713 ${a.name}${a.version ? ` (${a.version})` : ""}`);
+    }
+    console.log();
+  } else {
+    if (detected.length === 0) {
+      console.error("No supported coding agents detected. Install Claude Code or Cursor first.");
+      process.exit(1);
+    }
+    console.log("Detected agents:");
+    for (const a of detected) {
+      console.log(`  \u2713 ${a.name}${a.version ? ` (${a.version})` : ""}`);
+    }
+    console.log();
+    agents = await promptAgentSelection(detected);
+    if (agents.length < detected.length) {
+      console.log(`Installing hooks for: ${agents.map((a) => a.name).join(", ")}
 `);
-  }
-  const gradingMode = await promptGradingMode();
-  const storageMode = await promptStorageMode();
-  console.log(`  grading: ${gradingMode}    storage: ${storageMode}
+    }
+    gradingMode = await promptGradingMode();
+    storageMode = await promptStorageMode();
+    console.log(`  grading: ${gradingMode}    storage: ${storageMode}
 `);
-  if (gradingMode === "byok") {
-    console.log("  BYOK grading uses your own provider key \u2014 register one in the");
-    console.log("  dashboard under Settings \u2192 Provider Keys if you have not already.\n");
+    if (gradingMode === "byok") {
+      console.log("  BYOK grading uses your own provider key \u2014 register one in the");
+      console.log("  dashboard under Settings \u2192 Provider Keys if you have not already.\n");
+    }
+    if (process.stdin.isTTY) {
+      transcriptConsent = await promptTranscriptConsent();
+      if (transcriptConsent) {
+        console.log("  \u2713 Session import enabled\n");
+      } else {
+        console.log("  \u2717 Session import skipped\n");
+      }
+    }
   }
   ensureSynkroDir();
   const scripts = writeHookScripts();
@@ -8476,15 +8546,6 @@ async function installCommand(opts = {}) {
     } catch {
     }
   }
-  let transcriptConsent = true;
-  if (process.stdin.isTTY) {
-    transcriptConsent = await promptTranscriptConsent();
-    if (transcriptConsent) {
-      console.log("  \u2713 Session import enabled\n");
-    } else {
-      console.log("  \u2717 Session import skipped\n");
-    }
-  }
   let hasClaudeCode = false;
   let hasCursor = false;
   for (const agent of agents) {
@@ -11325,7 +11386,7 @@ var args = process.argv.slice(2);
 var cmd = args[0] || "";
 var subArgs = args.slice(1);
 function printVersion() {
-  console.log("1.6.43");
+  console.log("1.6.45");
 }
 function printHelp2() {
   console.log(`Synkro CLI \u2014 runtime safety for AI coding agents