@synkro-sh/cli 1.6.8 → 1.6.10

package/dist/bootstrap.js

@@ -1264,45 +1264,28 @@ export async function runInstallScan(command: string, jwt: string): Promise<Inst
     scanned: false, action: 'allow', blockContext: '', summary: '',
     scannedLabel: '', findings: [], violatedIds: [],
   };
-  const pkgInstallMatch = command.match(
-    /^(?:.*&&\\s*|.*;\\s*)?(?:npm\\s+(?:install|i|add)|pnpm\\s+(?:add|install|i)|yarn\\s+add|bun\\s+(?:add|install|i)|(?:uv\\s+)?pip3?\\s+install|go\\s+get|cargo\\s+add|gem\\s+install|composer\\s+require)\\s+([^|;&><]+)/
-  );
-  if (!pkgInstallMatch) return empty;
-  const isPip = /(?:uv\\s+)?pip3?\\s+install/.test(command);
-  const packages: Array<{ name: string; version: string; ecosystem: string }> = [];
-  const tokens = pkgInstallMatch[1].split(/\\s+/);
-  let skipNext = false;
-  for (const token of tokens) {
-    if (skipNext) { skipNext = false; continue; }
-    if (!token || !/^[@a-zA-Z]/.test(token)) continue;
-    if (token.startsWith('-')) {
-      if (/^--(python|target|prefix|root|constraint|requirement|index-url|extra-index-url|find-links|build|src|cache-dir|filter|workspace)$/.test(token)) skipNext = true;
-      continue;
-    }
-    const ecosystem = isPip ? 'PyPI' : 'npm';
-    if (isPip) {
-      const pipMatch = token.match(/^([a-zA-Z0-9_.-]+)(?:[=~!<>]=?(.+))?$/);
-      if (pipMatch) {
-        packages.push({ name: pipMatch[1], version: pipMatch[2]?.replace(/^=/, '') || '*', ecosystem });
-        continue;
-      }
-    }
-    const atIdx = token.lastIndexOf('@');
-    if (atIdx > 0) packages.push({ name: token.slice(0, atIdx), version: token.slice(atIdx + 1), ecosystem });
-    else packages.push({ name: token, version: '*', ecosystem });
-  }
-  if (packages.length === 0) return empty;
-  const scannedLabel = packages.map(p => p.name + '@' + p.version).join(', ');
+  // Stage 0 \u2014 recall-tuned pre-filter. Cheap, dependency-free, runs on every
+  // Bash command. A false positive only costs a wasted server round-trip; a
+  // false negative would let a vulnerable install through \u2014 so keep it loose.
+  const lc = command.toLowerCase();
+  const HINTS = [
+    'npm', 'pnpm', 'yarn', 'bun', 'pip', 'cargo', 'gem', 'composer',
+    'apt', 'apk', 'brew', 'dnf', 'yum', 'pacman', 'install', 'require',
+    'eval', '$(', '| sh', '| bash', 'curl', 'wget', 'make ',
+  ];
+  if (!HINTS.some(h => lc.includes(h))) return empty;
+
   try {
     const scanResp = await fetch(GATEWAY_URL + '/api/v1/pkg-scan', {
       method: 'POST',
       headers: { 'Content-Type': 'application/json', Authorization: 'Bearer ' + jwt },
-      body: JSON.stringify({ packages, command }),
-      signal: AbortSignal.timeout(15000),
+      body: JSON.stringify({ command }),
+      signal: AbortSignal.timeout(10000),
     }).then(r => r.json()) as any;
     const action = scanResp?.action || 'allow';
     const pkgResults = Array.isArray(scanResp?.packages) ? scanResp.packages : [];
     const summary = scanResp?.summary || '';
+    const scannedLabel = pkgResults.map((p: any) => p.name + '@' + p.version).join(', ');
     if (action === 'block') {
       const blockSignals = pkgResults
         .flatMap((p: any) => (p.signals || []).filter((s: any) => s.severity === 'critical' || s.severity === 'high'))
@@ -1319,7 +1302,7 @@ export async function runInstallScan(command: string, jwt: string): Promise<Inst
           }
         }
       }
-      const details = blockSignals.map((s: any) => s.detail).join('\\n');
+      const details = blockSignals.map((s: any) => s.detail).join('\\n') || summary;
       return {
         scanned: true, action: 'block',
         blockContext: details + '\\nDo NOT install packages with security risks. Use a patched version or a different package.',
@@ -1332,7 +1315,14 @@ export async function runInstallScan(command: string, jwt: string): Promise<Inst
       blockContext: '', summary, scannedLabel, findings: [], violatedIds: [],
     };
   } catch {
-    return { scanned: true, action: 'allow', blockContext: '', summary: '', scannedLabel, findings: [], violatedIds: [] };
+    // Fail closed \u2014 could not verify the install (timeout / server
+    // unreachable). Blocking an unverified install beats letting a
+    // vulnerable package through.
+    return {
+      scanned: true, action: 'block',
+      blockContext: 'Synkro could not verify this install is safe \u2014 the package scanner timed out or was unreachable. This is a verification failure, not a confirmed vulnerability. Retry once the Synkro server is reachable.',
+      summary: 'install scan unavailable', scannedLabel: '', findings: [], violatedIds: ['scan_unavailable'],
+    };
   }
 }
 
@@ -3091,6 +3081,7 @@ import {
   extractTranscript, readLastPrompt, appendSessionAction, readSessionLog, compressSessionLog, log,
   outputJson, outputEmpty, setupCursorHookSignals, isShellTool, hookSessionId, GATEWAY_URL,
   logGraderUnavailable, filterRules, normalizeMode, appendLocalTelemetry, isSafeInRepoRead,
+  runInstallScan,
   type HookConfig, type Rule,
 } from './_synkro-common.ts';
 
@@ -3161,7 +3152,7 @@ async function main() {
         tool_name: toolName,
         command: command.slice(0, 200),
         session_id: sessionId,
-        repo: cwd,
+        repo: gitRepo || cwd,
         cc_model: transcript.ccModel,
         reasoning: 'Safe in-repo read — auto-allowed without an LLM grade.',
       });
@@ -3176,108 +3167,44 @@ async function main() {
     }
 
     // ─── Install protection: server-side pkg-scan (CVE + typosquat + tarball + reputation) ───
+    // Detection + extraction happen server-side (runInstallScan); the hook
+    // relays the verdict. A block is handed to the grader as an authoritative
+    // concern so the normal ask + consent-carryover flow lets the user
+    // override it on the next turn.
     let installScanMsg = '';
+    let scanConcern = '';
+    let scanBlockContext = '';
     if (toolName === 'Bash') {
-      const pkgInstallMatch = command.match(
-        /^(?:.*&&\s*|.*;\s*)?(?:npm\s+(?:install|i|add)|pnpm\s+(?:add|install|i)|yarn\s+add|bun\s+(?:add|install|i)|(?:uv\s+)?pip3?\s+install|go\s+get|cargo\s+add|gem\s+install|composer\s+require)\s+([^|;&><]+)/
-      );
-      const isPip = /(?:uv\s+)?pip3?\s+install/.test(command);
-      if (pkgInstallMatch) {
-        const rawArgs = pkgInstallMatch[1];
-        const packages: Array<{ name: string; version: string; ecosystem: string }> = [];
-        const tokens = rawArgs.split(/\s+/);
-        let skipNext = false;
-        for (const token of tokens) {
-          if (skipNext) { skipNext = false; continue; }
-          if (!token || !/^[@a-zA-Z]/.test(token)) continue;
-          if (token.startsWith('-')) {
-            if (/^--(python|target|prefix|root|constraint|requirement|index-url|extra-index-url|find-links|build|src|cache-dir|filter|workspace)$/.test(token)) skipNext = true;
-            continue;
-          }
-          const ecosystem = isPip ? 'PyPI' : 'npm';
-          if (isPip) {
-            const pipMatch = token.match(/^([a-zA-Z0-9_.-]+)(?:[=~!<>]=?(.+))?$/);
-            if (pipMatch) {
-              packages.push({ name: pipMatch[1], version: pipMatch[2]?.replace(/^=/, '') || '*', ecosystem });
-              continue;
-            }
-          }
-          const atIdx = token.lastIndexOf('@');
-          if (atIdx > 0) {
-            packages.push({ name: token.slice(0, atIdx), version: token.slice(atIdx + 1), ecosystem });
-          } else {
-            packages.push({ name: token, version: '*', ecosystem });
-          }
-        }
-
-        if (packages.length > 0) {
-          try {
-            const scanResp = await fetch(GATEWAY_URL + '/api/v1/pkg-scan', {
-              method: 'POST',
-              headers: { 'Content-Type': 'application/json', Authorization: 'Bearer ' + jwt },
-              body: JSON.stringify({ packages, command }),
-              signal: AbortSignal.timeout(15000),
-            }).then(r => r.json()) as any;
-
-            const action = scanResp?.action || 'allow';
-            const pkgResults = Array.isArray(scanResp?.packages) ? scanResp.packages : [];
-            const summary = scanResp?.summary || '';
-
-            if (action === 'block') {
-              const blockSignals = pkgResults
-                .flatMap((p: any) => (p.signals || []).filter((s: any) => s.severity === 'critical' || s.severity === 'high'))
-                .slice(0, 5);
-              const scanMsg = '[synkro:installScan] ' + cmdShort + ' → blocked';
-              const details = blockSignals.map((s: any) => s.detail).join('\n');
-              const ctx = details + '\nDo NOT install packages with security risks. Use a patched version or a different package.';
-
-              const config = await loadConfig(jwt);
-              for (const p of pkgResults) {
-                for (const s of (p.signals || [])) {
-                  if (s.severity === 'critical' || s.severity === 'high') {
-                    const advisoryMatch = (s.detail || '').match(/\\b(GHSA-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{4}|CVE-\\d{4}-\\d+)\\b/i);
-                    const advisoryId = advisoryMatch ? advisoryMatch[1] : s.type;
-                    dispatchFinding(jwt, {
-                      session_id: sessionId,
-                      file_path: command,
-                      finding_type: 'cve' as const,
-                      finding_id: advisoryId + ':' + p.name,
-                      severity: s.severity,
-                      status: 'open',
-                      detail: s.detail,
-                      package_name: p.name,
-                      package_version: p.version,
-                    }, config.captureDepth);
-                  }
-                }
-              }
-
-              const violatedIds = blockSignals.map((s: any) => s.type + ':' + s.detail.slice(0, 40));
-              dispatchCapture(jwt, 'pkg', 'block', 'critical', 'security',
-                'Bash', gitRepo, sessionId, config.captureDepth, {
-                  command,
-                  reasoning: details.slice(0, 200),
-                  violatedRules: violatedIds,
-                  ccModel: transcript.ccModel,
-                });
-
-              outputJson({
-                systemMessage: scanMsg,
-                hookSpecificOutput: { hookEventName: 'PreToolUse', permissionDecision: 'deny', permissionDecisionReason: ctx, additionalContext: ctx },
-              });
-              return;
-            }
-
-            if (action === 'warn') {
-              installScanMsg = '[synkro:installScan] ' + summary;
-            } else {
-              const scannedPkgs = packages.map(p => p.name + '@' + p.version).join(', ');
-              installScanMsg = '[synkro:installScan] ' + scannedPkgs + ' → clean';
-            }
-          } catch (e) {
-            log('bashGuard pkg-scan failed: ' + String(e));
-          }
+      const scan = await runInstallScan(command, jwt);
+      if (scan.action === 'block') {
+        for (const f of scan.findings) {
+          dispatchFinding(jwt, {
+            session_id: sessionId,
+            file_path: command,
+            finding_type: 'cve' as const,
+            finding_id: f.advisoryId + ':' + f.name,
+            severity: f.severity,
+            status: 'open',
+            detail: f.detail,
+            package_name: f.name,
+            package_version: f.version,
+          }, config.captureDepth);
         }
+        dispatchCapture(jwt, 'pkg', 'block', 'critical', 'security',
+          'Bash', gitRepo, sessionId, config.captureDepth, {
+            command,
+            reasoning: scan.blockContext.slice(0, 200),
+            violatedRules: scan.violatedIds,
+            ccModel: transcript.ccModel,
+          });
+        scanBlockContext = scan.blockContext;
+        scanConcern = 'PACKAGE SCANNER FLAG (authoritative — do NOT re-evaluate whether the vulnerability is real): '
+          + scan.blockContext
+          + ' For this concern you MUST return ok=false with rule_id "SYNKRO_PKGSCAN", rule_mode "ask", and the reason above — UNLESS the user has explicitly consented in this conversation to installing this despite the warning, in which case return ok=true.';
+      } else if (scan.scanned && scan.action === 'warn') {
+        installScanMsg = '[synkro:installScan] ' + scan.summary;
+      } else if (scan.scanned) {
+        installScanMsg = '[synkro:installScan] ' + (scan.scannedLabel || cmdShort) + ' → clean';
       }
     }
 
@@ -3298,6 +3225,7 @@ async function main() {
         'User intent (last human message): ' + (transcript.userIntent || 'none stated'),
         'Last user prompt: ' + (lastPrompt || 'none'),
         'Org rules: ' + JSON.stringify(relevantRules),
+        scanConcern,
         'IMPORTANT: If a rule is violated, ALWAYS return ok=false with the rule_id and reason, regardless of the rule mode. Do NOT pass a command just because the rule mode is "fix". The enforcement layer handles ask vs fix — your job is only to detect violations.',
         'The rules shown were pre-selected as the ones relevant to this command — every rule here IS relevant, do not label any "not relevant". When passing (ok=true), give a terse, specific reason each rule passes. Format: "R003: no secrets in grep args. R005: in-repo path only." Cover every rule shown.',
         'Rules with preconditions (e.g. "run X before Y") are CONSUMED after the protected action completes. Use the session history timestamps to determine ordering: a precondition satisfied before the last occurrence of the protected action does NOT satisfy the next occurrence. Each new protected action needs its precondition re-satisfied.',
@@ -3308,6 +3236,16 @@ async function main() {
         gradeResp = await localGrade('bash', graderPrompt);
       } catch (err) {
         logGraderUnavailable('bashGuard', toolInput.command?.slice(0, 200) || '', (err as Error).message || String(err));
+        if (scanConcern) {
+          // Grader unavailable to run the consent check — fail closed on a
+          // scanner-flagged install (ask-mode so the user can still consent).
+          const ctx = scanBlockContext + ' Synkro flagged this install but the grader is unavailable to check consent — ask the user for explicit consent, then retry.';
+          outputJson({
+            systemMessage: tagStr + ' bashGuard → install blocked (scan flagged; grader unavailable)',
+            hookSpecificOutput: { hookEventName: 'PreToolUse', permissionDecision: 'deny', permissionDecisionReason: ctx, additionalContext: ctx },
+          });
+          return;
+        }
         outputJson({ systemMessage: tagStr + ' bashGuard → local grader unavailable, skipped' });
         return;
       }
@@ -3371,6 +3309,18 @@ async function main() {
       session_summary: transcript.sessionSummary || null,
     };
 
+    if (scanConcern) {
+      // Cloud grading does not carry the package-scanner concern through the
+      // consent flow — block here with ask-mode messaging so the user can
+      // consent and retry.
+      const ctx = scanBlockContext + ' Ask the user for explicit consent before retrying.';
+      outputJson({
+        systemMessage: tagStr + ' bashGuard → install blocked: ' + cmdShort,
+        hookSpecificOutput: { hookEventName: 'PreToolUse', permissionDecision: 'deny', permissionDecisionReason: ctx, additionalContext: ctx },
+      });
+      return;
+    }
+
     const resp = await postWithRetry(GATEWAY_URL + '/api/v1/hook/judge', body, jwt, 8000);
 
     if (!resp) {
@@ -4034,23 +3984,13 @@ async function main() {
       }).catch(() => {});
     }
 
-    if (process.env.SYNKRO_TRANSCRIPT_CONSENT === 'no') { outputEmpty(); return; }
-
+    // Transcript consent gates only CLOUD transmission. Local persistence \u2014
+    // this machine's own PGLite \u2014 is the same category as the local telemetry
+    // already captured for every command, so it always runs.
+    const cloudConsent = process.env.SYNKRO_TRANSCRIPT_CONSENT !== 'no';
     const gitRepo = detectRepo(cwd);
-    if (!gitRepo) { outputEmpty(); return; }
-
-    let captureDepth = 'local_only';
-    try {
-      const r = await fetch(GATEWAY_URL + '/api/v1/hook/config', {
-        headers: { Authorization: 'Bearer ' + jwt },
-        signal: AbortSignal.timeout(3000),
-      });
-      const data = await r.json() as any;
-      captureDepth = data.capture_depth || 'local_only';
-    } catch {}
-
-    if (captureDepth === 'local_only') { outputEmpty(); return; }
 
+    // Offset-tracked extraction of new user/assistant turns from the transcript.
     const offsetDir = join(homedir(), '.synkro', '.transcript-offsets');
     mkdirSync(offsetDir, { recursive: true });
     const offsetFile = join(offsetDir, sessionId);
@@ -4085,7 +4025,7 @@ async function main() {
           }).join(' ').slice(0, 8000);
         }
 
-        const msg: any = { message_index: i, type: entry.type, content: text };
+        const msg: any = { message_index: i, type: entry.type, content: text, ts: entry.timestamp || null };
         if (entry.type === 'assistant') {
           const toolCalls = (Array.isArray(content) ? content : [])
             .filter((c: any) => c?.type === 'tool_use')
@@ -4103,16 +4043,39 @@ async function main() {
 
     if (messages.length === 0) { outputEmpty(); return; }
 
-    const syncBody = {
-      repo: gitRepo,
-      sessions: [{ cc_session_id: sessionId, messages }],
-    };
-    fetch(GATEWAY_URL + '/api/v1/cli/sync-transcripts', {
-      method: 'POST',
-      headers: { 'Content-Type': 'application/json', Authorization: 'Bearer ' + jwt },
-      body: JSON.stringify(syncBody),
-      signal: AbortSignal.timeout(10000),
-    }).catch(() => {});
+    // Local persist \u2014 always. The conversation timeline lives in PGLite.
+    const mcpPort = process.env.SYNKRO_MCP_PORT || '18931';
+    let mcpToken = '';
+    try { mcpToken = readFileSync(join(homedir(), '.synkro', '.mcp-jwt'), 'utf-8').trim(); } catch {}
+    if (mcpToken) {
+      fetch('http://127.0.0.1:' + mcpPort + '/api/conversation-sync', {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json', Authorization: 'Bearer ' + mcpToken },
+        body: JSON.stringify({ session_id: sessionId, repo: gitRepo || '', messages }),
+        signal: AbortSignal.timeout(5000),
+      }).catch(() => {});
+    }
+
+    // Cloud sync \u2014 only when consented and the org isn't local-only.
+    if (cloudConsent && gitRepo) {
+      let captureDepth = 'local_only';
+      try {
+        const r = await fetch(GATEWAY_URL + '/api/v1/hook/config', {
+          headers: { Authorization: 'Bearer ' + jwt },
+          signal: AbortSignal.timeout(3000),
+        });
+        const data = await r.json() as any;
+        captureDepth = data.capture_depth || 'local_only';
+      } catch {}
+      if (captureDepth !== 'local_only') {
+        fetch(GATEWAY_URL + '/api/v1/cli/sync-transcripts', {
+          method: 'POST',
+          headers: { 'Content-Type': 'application/json', Authorization: 'Bearer ' + jwt },
+          body: JSON.stringify({ repo: gitRepo, sessions: [{ cc_session_id: sessionId, messages }] }),
+          signal: AbortSignal.timeout(10000),
+        }).catch(() => {});
+      }
+    }
 
     outputEmpty();
   } catch {
@@ -4295,7 +4258,7 @@ async function main() {
       appendLocalTelemetry({
         capture_type: 'local_verdict', verdict: 'pass', hook_type: 'bash',
         category: 'safe_read', tool_name: toolName, command: command.slice(0, 200),
-        session_id: sessionId, repo: cwd,
+        session_id: sessionId, repo: repo || cwd,
         cc_model: model,
         reasoning: 'Safe in-repo read \u2014 auto-allowed without an LLM grade.',
       });
@@ -4316,6 +4279,10 @@ async function main() {
     const tagStr = tag(rt, config);
 
     // Install protection \u2014 scan packages before any npm/pip/cargo/etc. install.
+    // A block is handed to the grader as an authoritative concern so the
+    // normal ask + consent-carryover flow can let the user override it.
+    let scanConcern = '';
+    let scanBlockContext = '';
     if (SHELL_TOOL_NAMES.has(toolName)) {
       const scan = await runInstallScan(command, jwt);
       if (scan.action === 'block') {
@@ -4332,11 +4299,10 @@ async function main() {
             command, reasoning: scan.blockContext.slice(0, 200),
             violatedRules: scan.violatedIds, ccModel: model,
           });
-        finishWith({
-          permission: 'deny',
-          user_message: tagStr + ' installScan \u2192 blocked: ' + cmdShort,
-          agent_message: 'Synkro blocked this install \u2014 flagged package(s). ' + scan.blockContext,
-        });
+        scanBlockContext = scan.blockContext;
+        scanConcern = 'PACKAGE SCANNER FLAG (authoritative \u2014 do NOT re-evaluate whether the vulnerability is real): '
+          + scan.blockContext
+          + ' For this concern you MUST return ok=false with rule_id "SYNKRO_PKGSCAN", rule_mode "ask", and the reason above \u2014 UNLESS the user has explicitly consented in this conversation to installing this despite the warning, in which case return ok=true.';
       } else if (scan.scanned && scan.action === 'warn') {
         log('bashGuard installScan warn: ' + scan.summary);
       }
@@ -4354,6 +4320,7 @@ async function main() {
         'User intent (last human message): ' + (transcript.userIntent || lastPrompt || 'none stated'),
         'Last user prompt: ' + (lastPrompt || 'none'),
         'Org rules: ' + JSON.stringify(relevantRules),
+        scanConcern,
         'IMPORTANT: If a rule is violated, ALWAYS return ok=false with the rule_id and reason, regardless of the rule mode. Do NOT pass a command just because the rule mode is "fix". The enforcement layer handles ask vs fix \u2014 your job is only to detect violations.',
         'The rules shown were pre-selected as the ones relevant to this command \u2014 every rule here IS relevant, do not label any "not relevant". When passing (ok=true), give a terse, specific reason each rule passes. Format: "R003: no secrets in grep args. R005: in-repo path only." Cover every rule shown.',
         'Rules with preconditions (e.g. "run X before Y") are CONSUMED after the protected action completes. Use the session history timestamps to determine ordering: a precondition satisfied before the last occurrence of the protected action does NOT satisfy the next occurrence. Each new protected action needs its precondition re-satisfied.',
@@ -4364,6 +4331,15 @@ async function main() {
         gradeResp = await localGrade('bash', graderPrompt, CURSOR_GRADE_TIMEOUT_MS, 'cursor');
       } catch (e) {
         logGraderUnavailable('bashGuard', command.slice(0, 200), (e as Error).message || String(e));
+        if (scanConcern) {
+          // Grader unavailable to run the consent check \u2014 fail closed on a
+          // scanner-flagged install (ask-mode so the user can still consent).
+          finishWith({
+            permission: 'deny',
+            user_message: tagStr + ' installScan \u2192 blocked (grader unavailable): ' + cmdShort,
+            agent_message: 'Synkro flagged this install: ' + scanBlockContext + ' The grader is unavailable to check consent \u2014 ask the user for explicit consent, then retry.',
+          });
+        }
         log('bashGuard ' + cmdShort + ' \u2192 pass (grade unavailable): ' + String(e));
         finishWith({ permission: 'allow' });
       }
@@ -4402,6 +4378,17 @@ async function main() {
       finishWith({ permission: 'allow' });
     }
 
+    if (scanConcern) {
+      // Cloud grading does not carry the package-scanner concern through the
+      // consent flow \u2014 block here with ask-mode messaging so the user can
+      // consent and retry.
+      finishWith({
+        permission: 'deny',
+        user_message: tagStr + ' installScan \u2192 blocked: ' + cmdShort,
+        agent_message: 'Synkro flagged this install: ' + scanBlockContext + ' Ask the user for explicit consent before retrying.',
+      });
+    }
+
     const body: Record<string, any> = {
       hook_event: 'PreToolUse',
       tool_name: toolName || 'Bash',
@@ -5698,6 +5685,7 @@ __export(macKeychain_exports, {
   readKeychainCreds: () => readKeychainCreds,
   refreshCreds: () => refreshCreds,
   uninstallRefreshAgent: () => uninstallRefreshAgent,
+  validateCursorApiKey: () => validateCursorApiKey,
   writeCursorApiKey: () => writeCursorApiKey,
   writeRefreshAgent: () => writeRefreshAgent
 });
@@ -5742,6 +5730,27 @@ function writeCursorApiKey(key) {
   writeFileSync6(CURSOR_API_KEY_FILE, trimmed, "utf-8");
   chmodSync(CURSOR_API_KEY_FILE, 384);
 }
+async function validateCursorApiKey() {
+  let key;
+  try {
+    key = readFileSync6(CURSOR_API_KEY_FILE, "utf-8").trim();
+  } catch {
+    return null;
+  }
+  if (!key) return null;
+  try {
+    const auth = Buffer.from(`${key}:`).toString("base64");
+    const r = await fetch("https://api.cursor.com/v1/me", {
+      headers: { Authorization: `Basic ${auth}` },
+      signal: AbortSignal.timeout(8e3)
+    });
+    if (r.status === 401 || r.status === 403) return false;
+    if (r.ok) return true;
+    return null;
+  } catch {
+    return null;
+  }
+}
 function credsAreStale() {
   if (!existsSync7(CLAUDE_CREDS_FILE)) return true;
   try {
@@ -5756,7 +5765,7 @@ function writeRefreshAgent(synkroBinPath) {
     throw new KeychainExportError("writeRefreshAgent is darwin-only");
   }
   mkdirSync6(join6(homedir6(), "Library", "LaunchAgents"), { recursive: true });
-  const shellCmd = `export PATH="/opt/homebrew/bin:/usr/local/bin:$PATH" && "${synkroBinPath}" local-cc refresh-creds`;
+  const shellCmd = `export PATH="/opt/homebrew/bin:/usr/local/bin:$PATH" && { "${synkroBinPath}" local-cc refresh-creds || synkro local-cc refresh-creds; }`;
   const plist = `<?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
 <plist version="1.0">
@@ -5946,6 +5955,11 @@ function claudeCredsHostDir() {
   if (needsKeychainBridge()) return CLAUDE_CREDS_DIR;
   return join7(homedir7(), ".claude");
 }
+function resolveSynkroBin() {
+  const which2 = spawnSync2("which", ["synkro"], { encoding: "utf-8", timeout: 5e3 });
+  const resolved = (which2.stdout || "").split("\n")[0].trim();
+  return resolved || "synkro";
+}
 async function dockerInstall(opts = {}) {
   assertDockerAvailable();
   const image = imageTag();
@@ -5979,7 +5993,7 @@ async function dockerInstall(opts = {}) {
       console.warn("    Generate a key at cursor.com \u2192 Settings \u2192 API Keys, then:");
       console.warn(`      echo 'YOUR_KEY' > ~/.synkro/cursor-creds/api-key && chmod 600 ~/.synkro/cursor-creds/api-key`);
     }
-    const plist = writeRefreshAgent("/usr/local/bin/synkro");
+    const plist = writeRefreshAgent(resolveSynkroBin());
     try {
       loadRefreshAgent();
     } catch (err) {
@@ -6048,6 +6062,12 @@ async function dockerInstall(opts = {}) {
     ...process.env.SYNKRO_CURSOR_MODEL ? ["-e", `SYNKRO_CURSOR_MODEL=${process.env.SYNKRO_CURSOR_MODEL}`] : [],
     // Connected repo — the server seeds the local app + ruleset named after it.
     ...opts.connectedRepo ? ["-e", `SYNKRO_CONNECTED_REPO=${opts.connectedRepo}`] : [],
+    // Real account identity (from config.env via process.env) — telemetry is
+    // stamped with these instead of a `local-user` placeholder, so the data is
+    // correctly attributed from the first graded command.
+    ...process.env.SYNKRO_ORG_ID ? ["-e", `SYNKRO_ORG_ID=${process.env.SYNKRO_ORG_ID}`] : [],
+    ...process.env.SYNKRO_USER_ID ? ["-e", `SYNKRO_USER_ID=${process.env.SYNKRO_USER_ID}`] : [],
+    ...process.env.SYNKRO_EMAIL ? ["-e", `SYNKRO_EMAIL=${process.env.SYNKRO_EMAIL}`] : [],
     image
   ];
   const run = spawnSync2("docker", args2, { encoding: "utf-8", stdio: "inherit", timeout: 6e4 });
@@ -6270,6 +6290,7 @@ var init_dockerInstall = __esm({
 // cli/commands/install.ts
 var install_exports = {};
 __export(install_exports, {
+  detectGitRepo: () => detectGitRepo2,
   installCommand: () => installCommand,
   parseArgs: () => parseArgs
 });
@@ -6324,8 +6345,16 @@ async function promptAgentSelection(detected) {
   return ask2();
 }
 async function promptCursorApiKey(opts) {
-  const { cursorApiKeyConfigured: cursorApiKeyConfigured2, writeCursorApiKey: writeCursorApiKey2 } = await Promise.resolve().then(() => (init_macKeychain(), macKeychain_exports));
-  if (cursorApiKeyConfigured2()) return;
+  const { cursorApiKeyConfigured: cursorApiKeyConfigured2, writeCursorApiKey: writeCursorApiKey2, validateCursorApiKey: validateCursorApiKey2 } = await Promise.resolve().then(() => (init_macKeychain(), macKeychain_exports));
+  if (cursorApiKeyConfigured2()) {
+    const valid = await validateCursorApiKey2();
+    if (valid !== false) {
+      console.log("  \u2713 Cursor API key validated.");
+      return;
+    }
+    console.warn("  \u26A0 The saved Cursor API key was rejected by Cursor (revoked or expired).");
+    console.warn("    Paste a fresh key below, or press Enter to skip (Cursor workers stay idle).");
+  }
   const provided = (opts.cursorApiKey || process.env.SYNKRO_CURSOR_API_KEY || "").trim();
   if (provided) {
     writeCursorApiKey2(provided);
@@ -6450,7 +6479,7 @@ function writeConfigEnv(opts) {
     `SYNKRO_CREDENTIALS_PATH=${shellQuoteSingle(credsPath)}`,
     `SYNKRO_TIER=${shellQuoteSingle(safeTier)}`,
     `SYNKRO_INFERENCE=${shellQuoteSingle(safeInference)}`,
-    `SYNKRO_VERSION=${shellQuoteSingle("1.6.8")}`
+    `SYNKRO_VERSION=${shellQuoteSingle("1.6.10")}`
   ];
   if (safeSynkroBin) lines.push(`SYNKRO_CLI_BIN=${shellQuoteSingle(safeSynkroBin)}`);
   if (safeUserId) lines.push(`SYNKRO_USER_ID=${shellQuoteSingle(safeUserId)}`);
@@ -6577,6 +6606,11 @@ function assertGatewayAllowed(gatewayUrl) {
   }
 }
 async function installCommand(opts = {}) {
+  if (!detectGitRepo2()) {
+    console.error("Synkro must be installed inside a git repository.");
+    console.error("  `cd` into your project \u2014 a git repo with an `origin` remote \u2014 and re-run `synkro install`.");
+    process.exit(1);
+  }
   const gatewayUrl = opts.gatewayUrl || sanitizeGatewayCandidate(process.env.SYNKRO_GATEWAY_URL) || "https://api.synkro.sh";
   try {
     assertGatewayAllowed(gatewayUrl);
@@ -6916,15 +6950,19 @@ async function installCommand(opts = {}) {
   console.log("\u2713 Synkro installed.");
 }
 function detectGitRepo2() {
-  try {
-    const remoteUrl = execSync5("git remote get-url origin", { encoding: "utf-8", timeout: 5e3 }).trim();
-    const sshMatch = remoteUrl.match(/^git@[^:]+:(.+?)(?:\.git)?$/);
-    const httpMatch = remoteUrl.match(/^https?:\/\/[^/]+\/(.+?)(?:\.git)?$/);
-    const match = sshMatch || httpMatch;
-    return match ? match[1] : null;
-  } catch {
-    return null;
+  const run = (cmd2) => {
+    try {
+      return execSync5(cmd2, { encoding: "utf-8", timeout: 5e3, stdio: ["pipe", "pipe", "pipe"] }).trim();
+    } catch {
+      return "";
+    }
+  };
+  const remoteUrl = run("git remote get-url origin");
+  if (remoteUrl) {
+    return remoteUrl.replace(/^git@[^:]+:/, "").replace(/^https?:\/\/[^/]+\//, "").replace(/\.git$/, "");
   }
+  const root = run("git rev-parse --show-toplevel");
+  return root ? root.split("/").pop() || null : null;
 }
 function getClaudeProjectsFolder() {
   const cwd = process.cwd();
@@ -7181,6 +7219,37 @@ import { existsSync as existsSync10, mkdirSync as mkdirSync9, writeFileSync as w
 import { join as join9 } from "path";
 import { homedir as homedir9 } from "os";
 import { spawnSync as spawnSync3 } from "child_process";
+function writePluginFiles() {
+  for (const c of CHANNELS) {
+    mkdirSync9(c.sessionDir, { recursive: true });
+    mkdirSync9(c.pluginSettingsDir, { recursive: true });
+    writeFileSync8(c.pluginPkgPath, PLUGIN_PACKAGE_JSON, "utf-8");
+    writeFileSync8(
+      c.pluginSettingsPath,
+      JSON.stringify({
+        fastMode: true,
+        enabledMcpjsonServers: ["synkro-local"]
+      }, null, 2) + "\n",
+      "utf-8"
+    );
+    writeFileSync8(c.runScriptPath, c.runScriptSource, "utf-8");
+    chmodSync3(c.runScriptPath, 493);
+  }
+}
+function runBunInstall() {
+  for (const c of CHANNELS) {
+    const r = spawnSync3("bun", ["install", "--silent"], {
+      cwd: c.sessionDir,
+      encoding: "utf-8",
+      timeout: 12e4
+    });
+    if (r.status !== 0) {
+      throw new LocalCCInstallError(
+        `bun install failed in ${c.sessionDir}: ${r.stderr || r.stdout || "unknown"}`
+      );
+    }
+  }
+}
 function safelyMutateClaudeJson(mutator) {
   if (!existsSync10(CLAUDE_JSON_PATH)) {
     return;
@@ -7240,6 +7309,73 @@ function safelyMutateClaudeJson(mutator) {
     );
   }
 }
+function writeProjectMcpJson() {
+  for (const c of CHANNELS) {
+    const mcp = {
+      mcpServers: {
+        [MCP_SERVER_NAME]: {
+          command: "bun",
+          args: [c.pluginPath]
+        }
+      }
+    };
+    writeFileSync8(c.projectMcpPath, JSON.stringify(mcp, null, 2) + "\n", "utf-8");
+  }
+}
+function patchClaudeJson() {
+  safelyMutateClaudeJson((parsed) => {
+    let dirty = false;
+    if (parsed.mcpServers && typeof parsed.mcpServers === "object" && parsed.mcpServers[MCP_SERVER_NAME]) {
+      delete parsed.mcpServers[MCP_SERVER_NAME];
+      dirty = true;
+    }
+    if (!parsed.projects || typeof parsed.projects !== "object") {
+      parsed.projects = {};
+    }
+    const projects = parsed.projects;
+    for (const dir of CHANNELS.map((c) => c.sessionDir)) {
+      const existing = projects[dir] && typeof projects[dir] === "object" ? projects[dir] : {};
+      const wantEnabled = Array.from(/* @__PURE__ */ new Set([
+        ...existing.enabledMcpjsonServers ?? [],
+        MCP_SERVER_NAME
+      ]));
+      const next = {
+        ...existing,
+        hasTrustDialogAccepted: true,
+        hasCompletedProjectOnboarding: true,
+        enabledMcpjsonServers: wantEnabled
+      };
+      if (existing.hasTrustDialogAccepted !== true || existing.hasCompletedProjectOnboarding !== true || JSON.stringify(existing.enabledMcpjsonServers ?? []) !== JSON.stringify(wantEnabled)) {
+        projects[dir] = next;
+        dirty = true;
+      }
+    }
+    return dirty;
+  });
+}
+function installLocalCC() {
+  let bunCheck = spawnSync3("bun", ["--version"], { encoding: "utf-8" });
+  if (bunCheck.status !== 0) {
+    if (process.platform === "darwin") {
+      console.log("  Installing bun via brew...");
+      const brewR = spawnSync3("brew", ["install", "oven-sh/bun/bun"], { encoding: "utf-8", stdio: "inherit", timeout: 12e4 });
+      if (brewR.status !== 0) {
+        throw new LocalCCInstallError("bun auto-install failed. Install manually: curl -fsSL https://bun.sh/install | bash");
+      }
+      bunCheck = spawnSync3("bun", ["--version"], { encoding: "utf-8" });
+      if (bunCheck.status !== 0) {
+        throw new LocalCCInstallError("bun installed but not found on PATH. Restart your terminal and re-run install.");
+      }
+    } else {
+      throw new LocalCCInstallError("bun is required. Install it: curl -fsSL https://bun.sh/install | bash");
+    }
+  }
+  writePluginFiles();
+  runBunInstall();
+  writeProjectMcpJson();
+  patchClaudeJson();
+  return { sessionDir: SESSION_DIR, pluginPath: PLUGIN_PATH };
+}
 function uninstallLocalCC() {
   safelyMutateClaudeJson((parsed) => {
     let dirty = false;
@@ -7725,6 +7861,86 @@ function appendTurn(args2) {
   } catch {
   }
 }
+function readRecentTurns(n = 20) {
+  if (!existsSync12(TURN_LOG_PATH)) return [];
+  try {
+    const size = statSync2(TURN_LOG_PATH).size;
+    if (size === 0) return [];
+    const text = readFileSync9(TURN_LOG_PATH, "utf-8");
+    const lines = text.split("\n").filter(Boolean);
+    const lastN = lines.slice(-n).reverse();
+    return lastN.map((line) => {
+      try {
+        return JSON.parse(line);
+      } catch {
+        return null;
+      }
+    }).filter((x) => x !== null);
+  } catch {
+    return [];
+  }
+}
+function followTurns(onEntry) {
+  try {
+    mkdirSync10(dirname5(TURN_LOG_PATH), { recursive: true });
+    if (!existsSync12(TURN_LOG_PATH)) {
+      appendFileSync(TURN_LOG_PATH, "", "utf-8");
+    }
+  } catch {
+  }
+  let lastSize = (() => {
+    try {
+      return statSync2(TURN_LOG_PATH).size;
+    } catch {
+      return 0;
+    }
+  })();
+  let pendingPartial = "";
+  const drainNewBytes = (from, to) => {
+    if (to <= from) return;
+    let fd = null;
+    try {
+      fd = openSync2(TURN_LOG_PATH, "r");
+      const len = to - from;
+      const buf = Buffer.alloc(len);
+      readSync(fd, buf, 0, len, from);
+      const text = pendingPartial + buf.toString("utf-8");
+      const lastNewline = text.lastIndexOf("\n");
+      if (lastNewline === -1) {
+        pendingPartial = text;
+        return;
+      }
+      const complete = text.slice(0, lastNewline);
+      pendingPartial = text.slice(lastNewline + 1);
+      for (const line of complete.split("\n")) {
+        if (!line) continue;
+        try {
+          onEntry(JSON.parse(line));
+        } catch {
+        }
+      }
+    } catch {
+    } finally {
+      if (fd !== null) {
+        try {
+          closeSync2(fd);
+        } catch {
+        }
+      }
+    }
+  };
+  watchFile(TURN_LOG_PATH, { interval: 250 }, (curr, prev) => {
+    if (curr.size < lastSize) {
+      lastSize = 0;
+      pendingPartial = "";
+    }
+    if (curr.size > lastSize) {
+      drainNewBytes(lastSize, curr.size);
+      lastSize = curr.size;
+    }
+  });
+  return () => unwatchFile(TURN_LOG_PATH);
+}
 var TURN_LOG_PATH, PREVIEW_MAX;
 var init_turnLog = __esm({
   "cli/local-cc/turnLog.ts"() {
@@ -7794,6 +8010,21 @@ async function submitToChannel(role, payload, opts = {}) {
     throw err;
   }
 }
+function isChannelAvailable(port = CHANNEL_PORT, timeoutMs = 500) {
+  return new Promise((resolve3) => {
+    const sock = connect(port, CHANNEL_HOST);
+    const done = (ok) => {
+      try {
+        sock.destroy();
+      } catch {
+      }
+      resolve3(ok);
+    };
+    sock.once("connect", () => done(true));
+    sock.once("error", () => done(false));
+    sock.setTimeout(timeoutMs, () => done(false));
+  });
+}
 var CHANNEL_HOST, CHANNEL_PORT, DEFAULT_TIMEOUT_MS, LocalCCError;
 var init_client = __esm({
   "cli/local-cc/client.ts"() {
@@ -7862,6 +8093,795 @@ var init_grade = __esm({
   }
 });
 
+// cli/local-cc/pueue.ts
+import { execFileSync, spawnSync as spawnSync5, spawn } from "child_process";
+import { homedir as homedir12 } from "os";
+import { join as join12 } from "path";
+import { connect as connect2 } from "net";
+function pueueAvailable() {
+  const r = spawnSync5("pueue", ["--version"], { encoding: "utf-8" });
+  if (r.status !== 0) {
+    throw new PueueError("pueue CLI not found on PATH. Install pueue (https://github.com/Nukesor/pueue) and start `pueued`.");
+  }
+}
+function statusJson() {
+  pueueAvailable();
+  const r = spawnSync5("pueue", ["status", "--json"], { encoding: "utf-8" });
+  if (r.status !== 0) {
+    throw new PueueError(`pueue status failed: ${r.stderr || r.stdout || "unknown error"} \u2014 is pueued running?`);
+  }
+  try {
+    return JSON.parse(r.stdout);
+  } catch (err) {
+    throw new PueueError(`pueue status returned non-JSON output: ${r.stdout.slice(0, 200)}`, err);
+  }
+}
+function statusName(s) {
+  if (typeof s === "string") return s;
+  if (s && typeof s === "object") {
+    if ("Running" in s) return "Running";
+    if ("Done" in s) {
+      const result = s.Done?.result;
+      if (typeof result === "string") return `Done (${result})`;
+      if (result && typeof result === "object") return `Done (${Object.keys(result)[0] ?? "unknown"})`;
+      return "Done";
+    }
+    return Object.keys(s)[0] ?? "unknown";
+  }
+  return "unknown";
+}
+function findTask(channel = CHANNEL_PRIMARY) {
+  const data = statusJson();
+  for (const [id, t] of Object.entries(data.tasks)) {
+    if (t.label === channel.taskLabel) {
+      return {
+        id: Number(id),
+        label: t.label,
+        status: statusName(t.status),
+        command: t.command,
+        cwd: t.path
+      };
+    }
+  }
+  return null;
+}
+function startTask(opts = {}) {
+  const ch = opts.channel ?? CHANNEL_PRIMARY;
+  const cwd = opts.cwd ?? ch.sessionDir;
+  let existing = findTask(ch);
+  while (existing) {
+    if (existing.status === "Running" || existing.status === "Queued") {
+      spawnSync5("tmux", ["kill-session", "-t", `=${ch.tmuxSession}`], { encoding: "utf-8" });
+      spawnSync5("pueue", ["kill", String(existing.id)], { encoding: "utf-8" });
+      for (let i = 0; i < 10; i++) {
+        const check = findTask(ch);
+        if (!check || check.id !== existing.id || check.status !== "Running" && check.status !== "Queued") break;
+        spawnSync5("sleep", ["0.5"], { encoding: "utf-8" });
+      }
+    }
+    spawnSync5("pueue", ["remove", String(existing.id)], { encoding: "utf-8" });
+    existing = findTask(ch);
+  }
+  const runScript = join12(cwd, "run-claude.sh");
+  const args2 = [
+    "add",
+    "--label",
+    ch.taskLabel,
+    "--working-directory",
+    cwd,
+    "--",
+    "bash",
+    runScript
+  ];
+  const r = spawnSync5("pueue", args2, { encoding: "utf-8" });
+  if (r.status !== 0) {
+    throw new PueueError(`pueue add failed: ${r.stderr || r.stdout}`);
+  }
+  const created = findTask(ch);
+  if (!created) {
+    throw new PueueError(`pueue add succeeded but no task with label ${ch.taskLabel} found`);
+  }
+  return created;
+}
+function stopTask(channel = CHANNEL_PRIMARY) {
+  spawnSync5("tmux", ["kill-session", "-t", `=${channel.tmuxSession}`], { encoding: "utf-8" });
+  let t = findTask(channel);
+  while (t) {
+    if (t.status === "Running" || t.status === "Queued") {
+      spawnSync5("pueue", ["kill", String(t.id)], { encoding: "utf-8" });
+      for (let i = 0; i < 10; i++) {
+        const check = findTask(channel);
+        if (!check || check.id !== t.id || check.status !== "Running" && check.status !== "Queued") break;
+        spawnSync5("sleep", ["0.5"], { encoding: "utf-8" });
+      }
+    }
+    spawnSync5("pueue", ["remove", String(t.id)], { encoding: "utf-8" });
+    t = findTask(channel);
+  }
+}
+function tailLogs(lines = 80, channel = CHANNEL_PRIMARY) {
+  const t = findTask(channel);
+  if (!t) return `(no ${channel.taskLabel} task)`;
+  const r = spawnSync5("pueue", ["log", "--lines", String(lines), String(t.id)], { encoding: "utf-8" });
+  return r.stdout || r.stderr || "(no output)";
+}
+function ensureRunning(opts = {}) {
+  const ch = opts.channel ?? CHANNEL_PRIMARY;
+  const t = findTask(ch);
+  if (t && t.status === "Running") return t;
+  return startTask(opts);
+}
+function probePort(host, port, timeoutMs = 500) {
+  return new Promise((resolve3) => {
+    const sock = connect2(port, host);
+    const done = (ok) => {
+      try {
+        sock.destroy();
+      } catch {
+      }
+      resolve3(ok);
+    };
+    sock.once("connect", () => done(true));
+    sock.once("error", () => done(false));
+    sock.setTimeout(timeoutMs, () => done(false));
+  });
+}
+function tmuxDismissPrompts(tmuxSession = TMUX_SESSION) {
+  spawnSync5("tmux", ["send-keys", "-t", tmuxSession, "1"], { encoding: "utf-8" });
+  spawnSync5("tmux", ["send-keys", "-t", tmuxSession, "Enter"], { encoding: "utf-8" });
+}
+async function waitForChannelReady(port, timeoutMs = 6e4, host = "127.0.0.1", tmuxSession = TMUX_SESSION) {
+  const deadline = Date.now() + timeoutMs;
+  while (Date.now() < deadline) {
+    if (await probePort(host, port)) return true;
+    tmuxDismissPrompts(tmuxSession);
+    await new Promise((r) => setTimeout(r, 1e3));
+  }
+  return probePort(host, port);
+}
+function brewInstall(pkg) {
+  const brew = spawnSync5("brew", ["--version"], { encoding: "utf-8" });
+  if (brew.status !== 0) return false;
+  console.log(`  Installing ${pkg} via brew...`);
+  const r = spawnSync5("brew", ["install", pkg], { encoding: "utf-8", stdio: "inherit", timeout: 12e4 });
+  return r.status === 0;
+}
+function assertPueueInstalled() {
+  let r = spawnSync5("pueue", ["--version"], { encoding: "utf-8" });
+  if (r.status !== 0) {
+    if (process.platform === "darwin" && brewInstall("pueue")) {
+      r = spawnSync5("pueue", ["--version"], { encoding: "utf-8" });
+      if (r.status !== 0) throw new PueueError("pueue install succeeded but binary not found on PATH.");
+    } else {
+      throw new PueueError("pueue not found. Install it: brew install pueue (macOS) or https://github.com/Nukesor/pueue");
+    }
+  }
+  const status = spawnSync5("pueue", ["status", "--json"], { encoding: "utf-8", timeout: 5e3 });
+  if (status.status !== 0) {
+    console.log("  Starting pueued daemon...");
+    const child = spawn("pueued", ["-d"], { stdio: "ignore", detached: true });
+    child.unref();
+    spawnSync5("sleep", ["1"]);
+    const retry = spawnSync5("pueue", ["status", "--json"], { encoding: "utf-8", timeout: 5e3 });
+    if (retry.status !== 0) {
+      throw new PueueError("pueue daemon not reachable after starting pueued. Check `pueued` manually.");
+    }
+  }
+  spawnSync5("pueue", ["parallel", "2"], { encoding: "utf-8" });
+}
+function assertClaudeInstalled() {
+  const r = spawnSync5("claude", ["--version"], { encoding: "utf-8" });
+  if (r.status !== 0) {
+    throw new PueueError("claude CLI not found on PATH. Install Claude Code first: https://docs.claude.com/claude-code");
+  }
+}
+function assertTmuxInstalled() {
+  let r = spawnSync5("tmux", ["-V"], { encoding: "utf-8" });
+  if (r.status !== 0) {
+    if (process.platform === "darwin" && brewInstall("tmux")) {
+      r = spawnSync5("tmux", ["-V"], { encoding: "utf-8" });
+      if (r.status !== 0) throw new PueueError("tmux install succeeded but binary not found on PATH.");
+    } else {
+      throw new PueueError("tmux not found. Install it: brew install tmux (macOS) or apt install tmux (Linux)");
+    }
+  }
+}
+var TASK_LABEL, TMUX_SESSION, SESSION_DIR2, TASK_LABEL_2, TMUX_SESSION_2, SESSION_DIR_22, SESSION_DIR_32, SESSION_DIR_42, PueueError, CHANNEL_PRIMARY, CHANNEL_SECONDARY;
+var init_pueue = __esm({
+  "cli/local-cc/pueue.ts"() {
+    "use strict";
+    TASK_LABEL = "synkro-local-cc";
+    TMUX_SESSION = "synkro-local-cc";
+    SESSION_DIR2 = join12(homedir12(), ".synkro", "cc_sessions");
+    TASK_LABEL_2 = "synkro-local-cc-2";
+    TMUX_SESSION_2 = "synkro-local-cc-2";
+    SESSION_DIR_22 = join12(homedir12(), ".synkro", "cc_sessions_2");
+    SESSION_DIR_32 = join12(homedir12(), ".synkro", "cc_sessions_3");
+    SESSION_DIR_42 = join12(homedir12(), ".synkro", "cc_sessions_4");
+    PueueError = class extends Error {
+      constructor(message, cause) {
+        super(message);
+        this.cause = cause;
+        this.name = "PueueError";
+      }
+      cause;
+    };
+    CHANNEL_PRIMARY = { taskLabel: TASK_LABEL, tmuxSession: TMUX_SESSION, sessionDir: SESSION_DIR2 };
+    CHANNEL_SECONDARY = { taskLabel: TASK_LABEL_2, tmuxSession: TMUX_SESSION_2, sessionDir: SESSION_DIR_22 };
+  }
+});
+
+// cli/local-cc/settings.ts
+import { existsSync as existsSync13, readFileSync as readFileSync10 } from "fs";
+import { homedir as homedir13 } from "os";
+import { join as join13 } from "path";
+function isLocalCCEnabled() {
+  if (!existsSync13(CONFIG_PATH3)) return false;
+  try {
+    const content = readFileSync10(CONFIG_PATH3, "utf-8");
+    const match = content.match(/^SYNKRO_LOCAL_INFERENCE='([^']*)'/m);
+    return match?.[1] === "yes";
+  } catch {
+    return false;
+  }
+}
+var CONFIG_PATH3;
+var init_settings = __esm({
+  "cli/local-cc/settings.ts"() {
+    "use strict";
+    CONFIG_PATH3 = join13(homedir13(), ".synkro", "config.env");
+  }
+});
+
+// cli/commands/localCc.ts
+var localCc_exports = {};
+__export(localCc_exports, {
+  localCcCommand: () => localCcCommand
+});
+import { spawnSync as spawnSync6 } from "child_process";
+import { homedir as homedir14 } from "os";
+import { join as join14 } from "path";
+import { readFileSync as fsReadFileSync, existsSync as fsExistsSync } from "fs";
+import { existsSync as existsSync14, readFileSync as readFileSync11, writeFileSync as writeFileSync9 } from "fs";
+function deploymentMode() {
+  const env = (process.env.SYNKRO_DEPLOYMENT_MODE || "").toLowerCase();
+  if (env === "docker") return "docker";
+  if (env === "bare-host") return "bare-host";
+  try {
+    if (fsExistsSync(SYNKRO_CONFIG_PATH)) {
+      const m = fsReadFileSync(SYNKRO_CONFIG_PATH, "utf-8").match(/^SYNKRO_DEPLOYMENT_MODE='([^']*)'/m);
+      if (m && m[1] === "docker") return "docker";
+    }
+  } catch {
+  }
+  return "bare-host";
+}
+function inDockerMode() {
+  return deploymentMode() === "docker";
+}
+function printHelp() {
+  console.log(`synkro local-cc \u2014 manage the local Claude Code inference session
+
+OVERVIEW
+  Routes Synkro's grading and intent-classification work through a long-running
+  Claude Code session on this machine instead of remote Inngest+Gemini.
+
+  When enabled, three call sites switch over:
+    \u2022 security grading on edit/bash hooks
+    \u2022 intent classification (agent input \u2192 structured intent)
+    \u2022 remediate intent classification
+
+  The session is hosted in a detached tmux session managed by a pueue task.
+  The CLI talks to it via Claude Code's channels API: a Bun MCP plugin that
+  pushes events into the session and receives Claude's responses through a
+  \`reply\` MCP tool.
+
+USAGE
+  synkro local-cc <subcommand> [args]
+
+SUBCOMMANDS
+  enable                Install plugin, start pueue task, flip toggle to local-cc
+  disable               Flip toggle back to inngest (pueue task left running)
+  status                Show provider toggle, pueue task state, channel reachability
+  start                 Idempotently bring up the pueue task + wait for the channel
+  stop                  Kill the tmux session and remove the pueue task
+  restart               stop, then start
+  install               Regenerate ~/.synkro/cc_sessions/ files (plugin, runner, settings)
+  logs [N] [--raw] [--live]
+                        Show the last N (default 20) channel turns: when, role,
+                        duration, severity, request preview.
+                        --raw / -r   include full request/response payloads
+                        --live / -f  tail the log; print new turns as they arrive
+                                     (Ctrl-C to exit)
+                        --tmux       escape hatch \u2014 print the raw pueue/tmux
+                                     pane log instead
+  attach [--readonly]   Attach to the tmux session hosting claude (Ctrl-B D to detach;
+                        --readonly / -r to attach view-only)
+  test                  Send a smoke-test classification through the channel
+  help                  Show this message
+
+CONFIGURATION
+  Provider toggle:
+    Stored server-side in your inference settings (gradingProvider).
+    Toggle via:  synkro local-cc enable / disable
+    Or via dashboard inference settings (set grading provider to claude-code).
+
+  Claude Code session settings (scoped to ~/.synkro/cc_sessions only):
+    ${PLUGIN_SETTINGS_PATH}
+    Currently sets {"fastMode": true}. Edit to add other CC settings for this
+    session without affecting your other CC projects.
+
+  MCP server registration (for the channel plugin):
+    ${CLAUDE_JSON_PATH}
+    A 'synkro-local' entry under mcpServers, pointing at:
+      bun ${PLUGIN_PATH}
+    Workspace trust is also pre-accepted under projects[\`${SESSION_DIR}\`].
+
+  Channel runtime files:
+    ${RUN_SCRIPT_PATH}
+      bash wrapper that pueue invokes; owns the tmux session lifecycle.
+    ${PLUGIN_PATH}
+      Bun MCP channel plugin (auto-generated, do not edit).
+    127.0.0.1:${CHANNEL_PORT}
+      Loopback TCP endpoint the CLI POSTs to in order to submit a request.
+
+ENVIRONMENT VARIABLES
+  SYNKRO_CHANNEL_PORT       Override the TCP port used by both the plugin and
+                            the CLI client (loopback only). Default: 8929
+  SYNKRO_CHANNEL_TIMEOUT_MS Per-request timeout inside the channel plugin
+                            (default: 120000)
+
+REQUIRED TOOLS
+  claude    Claude Code CLI, authenticated to your subscription
+  pueue     pueue + pueued (https://github.com/Nukesor/pueue) running
+  tmux      For detached pty around claude
+  bun       Runtime for the MCP channel plugin
+
+TROUBLESHOOTING
+  \u2022 Channel unreachable after \`enable\`?
+      synkro local-cc logs           # check pueue task output
+      tmux attach -t ${TMUX_SESSION_NAME}    # see what claude is showing
+  \u2022 Stale state after a crash:
+      synkro local-cc stop && synkro local-cc start
+  \u2022 Want to inspect or interact with the live session:
+      synkro local-cc attach
+`);
+}
+function readGatewayUrl() {
+  if (existsSync14(CONFIG_PATH4)) {
+    const m = readFileSync11(CONFIG_PATH4, "utf-8").match(/^SYNKRO_GATEWAY_URL='([^']*)'/m);
+    if (m) return m[1];
+  }
+  return "https://api.synkro.sh";
+}
+function updateLocalInferenceFlag(enabled) {
+  if (!existsSync14(CONFIG_PATH4)) return;
+  let content = readFileSync11(CONFIG_PATH4, "utf-8");
+  const flag = enabled ? "yes" : "no";
+  if (content.includes("SYNKRO_LOCAL_INFERENCE=")) {
+    content = content.replace(/^SYNKRO_LOCAL_INFERENCE='[^']*'/m, `SYNKRO_LOCAL_INFERENCE='${flag}'`);
+  } else {
+    content = content.trimEnd() + `
+SYNKRO_LOCAL_INFERENCE='${flag}'
+`;
+  }
+  writeFileSync9(CONFIG_PATH4, content, "utf-8");
+}
+async function setServerGradingProvider(provider) {
+  await ensureValidToken();
+  const jwt2 = getAccessToken();
+  if (!jwt2) throw new Error("Not authenticated. Run `synkro install` first.");
+  const gatewayUrl = readGatewayUrl();
+  const body = provider ? { roles: { grading: { provider, model: "default" } } } : { roles: { grading: { provider: null, model: null } } };
+  const resp = await fetch(`${gatewayUrl}/api/settings/inference?scope=user`, {
+    method: "PUT",
+    headers: { "Authorization": `Bearer ${jwt2}`, "Content-Type": "application/json" },
+    body: JSON.stringify(body)
+  });
+  if (!resp.ok) {
+    const text = await resp.text().catch(() => "");
+    throw new Error(`Failed to update inference settings: ${resp.status} ${text.slice(0, 200)}`);
+  }
+}
+async function cmdStatus() {
+  console.log(`Local inference: ${isLocalCCEnabled() ? "enabled" : "disabled"}`);
+  console.log(`Deployment mode: ${deploymentMode()}`);
+  if (inDockerMode()) {
+    const status = dockerStatus();
+    if (!status.running) {
+      console.log("synkro-server container: not running");
+      console.log("Run `synkro install` (with SYNKRO_DEPLOYMENT_MODE=docker) to provision.");
+    } else {
+      console.log(`synkro-server container: running (${status.image})`);
+      try {
+        const r = await fetch(`${status.healthz}healthz`, { signal: AbortSignal.timeout(3e3) });
+        console.log(`Health probe: ${r.ok ? "ok" : `HTTP ${r.status}`}`);
+      } catch (err) {
+        console.log(`Health probe: ${err.message}`);
+      }
+    }
+    if (needsKeychainBridge()) {
+      console.log(`Keychain creds: ${credsAreStale() ? "STALE \u2014 run `synkro local-cc refresh-creds`" : "fresh"}`);
+    }
+    return;
+  }
+  try {
+    assertPueueInstalled();
+  } catch (err) {
+    console.log(`Pueue: NOT AVAILABLE (${err.message})`);
+    return;
+  }
+  const t = findTask(CHANNEL_PRIMARY);
+  if (!t) {
+    console.log("Channel 1 (judge) pueue task: not present");
+  } else {
+    console.log(`Channel 1 (judge) pueue task: id=${t.id} status=${t.status}`);
+  }
+  const ch1Up = await isChannelAvailable();
+  console.log(`Channel 1 ${CHANNEL_HOST}:${CHANNEL_PORT}: ${ch1Up ? "reachable" : "unreachable"}`);
+  const tmux1 = spawnSync6("tmux", ["has-session", "-t", `=${TMUX_SESSION_NAME}`], { encoding: "utf-8" });
+  console.log(`tmux '${TMUX_SESSION_NAME}': ${tmux1.status === 0 ? "live" : "absent"}`);
+  const t2 = findTask(CHANNEL_SECONDARY);
+  if (!t2) {
+    console.log("Channel 2 (CWE) pueue task: not present");
+  } else {
+    console.log(`Channel 2 (CWE) pueue task: id=${t2.id} status=${t2.status}`);
+  }
+  const ch2Up = await isChannelAvailable(CHANNEL_2_PORT);
+  console.log(`Channel 2 ${CHANNEL_HOST}:${CHANNEL_2_PORT}: ${ch2Up ? "reachable" : "unreachable"}`);
+  const tmux2 = spawnSync6("tmux", ["has-session", "-t", `=${TMUX_SESSION_NAME_2}`], { encoding: "utf-8" });
+  console.log(`tmux '${TMUX_SESSION_NAME_2}': ${tmux2.status === 0 ? "live" : "absent"}`);
+}
+async function cmdEnable() {
+  assertClaudeInstalled();
+  assertPueueInstalled();
+  assertTmuxInstalled();
+  console.log("Installing local-CC channel plugin...");
+  const r = installLocalCC();
+  console.log(`  plugin: ${r.pluginPath}`);
+  console.log(`  cwd:    ${r.sessionDir}`);
+  console.log("Starting channel 1 (judge)...");
+  const t1 = ensureRunning({ channel: CHANNEL_PRIMARY });
+  console.log(`  task: id=${t1.id} status=${t1.status}`);
+  console.log("Starting channel 2 (CWE)...");
+  const t2 = ensureRunning({ channel: CHANNEL_SECONDARY });
+  console.log(`  task: id=${t2.id} status=${t2.status}`);
+  console.log("Waiting for channels (auto-confirming any CC prompts)...");
+  const [ready1, ready2] = await Promise.all([
+    waitForChannelReady(CHANNEL_PORT, 6e4, CHANNEL_HOST, CHANNEL_PRIMARY.tmuxSession),
+    waitForChannelReady(CHANNEL_2_PORT, 6e4, CHANNEL_HOST, CHANNEL_SECONDARY.tmuxSession)
+  ]);
+  if (ready1) console.log(`  channel 1 ready at ${CHANNEL_HOST}:${CHANNEL_PORT}`);
+  else console.warn(`  \u26A0 channel 1 did not come up within 60s \u2014 check \`synkro local-cc logs\``);
+  if (ready2) console.log(`  channel 2 ready at ${CHANNEL_HOST}:${CHANNEL_2_PORT}`);
+  else console.warn(`  \u26A0 channel 2 (CWE) did not come up within 60s`);
+  console.log("Updating inference settings...");
+  await setServerGradingProvider("claude-code");
+  updateLocalInferenceFlag(true);
+  console.log("Grading provider set to claude-code (local inference enabled).");
+}
+async function cmdDisable() {
+  console.log("Updating inference settings...");
+  await setServerGradingProvider(null);
+  updateLocalInferenceFlag(false);
+  console.log("Grading provider cleared (remote inference restored). Pueue task left running \u2014 use `synkro local-cc stop` to terminate.");
+}
+async function warmChannels(ready1, ready2) {
+  const warmups = [];
+  if (ready1) {
+    warmups.push(
+      submitToChannel("grade-bash", "Proposed command: echo hello\nUser intent: warmup\nRecent user messages: []\nRecent actions: []\nOrg rules: []\n", { timeoutMs: 3e4 }).then(() => console.log("  channel 1 warm.")).catch(() => console.log("  channel 1 warmup skipped (non-fatal)."))
+    );
+  }
+  if (ready2) {
+    warmups.push(
+      submitToChannel("grade-cwe", 'File: /tmp/warmup.ts\nContent (first 4000 chars):\nconsole.log("hello");\n\nCWE rules to check against:\n[]\n', { timeoutMs: 3e4, port: CHANNEL_2_PORT }).then(() => console.log("  channel 2 warm.")).catch(() => console.log("  channel 2 warmup skipped (non-fatal)."))
+    );
+  }
+  if (warmups.length) {
+    console.log("Warming up inference...");
+    await Promise.all(warmups);
+  }
+}
+async function cmdStart(rest = []) {
+  if (inDockerMode()) {
+    if (rest.length > 0) {
+      const { claudeWorkers, cursorWorkers } = resolveWorkerConfig(rest);
+      console.log(`Starting synkro-server container (${claudeWorkers} claude + ${cursorWorkers} cursor)...`);
+      await dockerUpdate({ claudeWorkers, cursorWorkers });
+      const ready3 = await waitForContainerReady(6e4);
+      console.log(ready3 ? "\u2713 container ready" : "\u26A0 container did not pass /healthz within 60s");
+      return;
+    }
+    const status = dockerStatus();
+    if (!status.running) {
+      console.warn("synkro-server container is not running. Run `synkro install` to provision it.");
+      process.exitCode = 1;
+      return;
+    }
+    console.log("synkro-server container already running \u2014 waiting for /healthz...");
+    const ready = await waitForContainerReady(6e4);
+    console.log(ready ? `\u2713 container ready (${status.healthz})` : "\u26A0 container did not pass /healthz within 60s");
+    return;
+  }
+  assertClaudeInstalled();
+  assertPueueInstalled();
+  assertTmuxInstalled();
+  const t1 = ensureRunning({ channel: CHANNEL_PRIMARY });
+  console.log(`Channel 1 (judge): id=${t1.id} status=${t1.status}`);
+  const t2 = ensureRunning({ channel: CHANNEL_SECONDARY });
+  console.log(`Channel 2 (CWE):   id=${t2.id} status=${t2.status}`);
+  const [ready1, ready2] = await Promise.all([
+    waitForChannelReady(CHANNEL_PORT, 6e4, CHANNEL_HOST, CHANNEL_PRIMARY.tmuxSession),
+    waitForChannelReady(CHANNEL_2_PORT, 6e4, CHANNEL_HOST, CHANNEL_SECONDARY.tmuxSession)
+  ]);
+  console.log(ready1 ? `channel 1 ready (${CHANNEL_PORT}).` : "\u26A0 channel 1 did not come up within 60s.");
+  console.log(ready2 ? `channel 2 ready (${CHANNEL_2_PORT}).` : "\u26A0 channel 2 (CWE) did not come up within 60s.");
+  await warmChannels(ready1, ready2);
+}
+function cmdStop() {
+  if (inDockerMode()) {
+    dockerStop();
+    console.log("synkro-server container stopped and removed.");
+    return;
+  }
+  stopTask(CHANNEL_PRIMARY);
+  stopTask(CHANNEL_SECONDARY);
+  console.log("Both channels stopped.");
+}
+async function cmdRestart(rest = []) {
+  if (inDockerMode()) {
+    const { claudeWorkers, cursorWorkers } = resolveWorkerConfig(rest);
+    console.log(`Restarting synkro-server container (${claudeWorkers} claude + ${cursorWorkers} cursor, pulling latest image)...`);
+    await dockerUpdate({ claudeWorkers, cursorWorkers });
+    const ready = await waitForContainerReady(6e4);
+    console.log(ready ? "\u2713 container ready" : "\u26A0 container did not pass /healthz within 60s");
+    return;
+  }
+  stopTask(CHANNEL_PRIMARY);
+  stopTask(CHANNEL_SECONDARY);
+  const t1 = startTask({ channel: CHANNEL_PRIMARY });
+  const t2 = startTask({ channel: CHANNEL_SECONDARY });
+  console.log(`Channel 1 restarted: id=${t1.id} status=${t1.status}`);
+  console.log(`Channel 2 restarted: id=${t2.id} status=${t2.status}`);
+  const [ready1, ready2] = await Promise.all([
+    waitForChannelReady(CHANNEL_PORT, 6e4, CHANNEL_HOST, CHANNEL_PRIMARY.tmuxSession),
+    waitForChannelReady(CHANNEL_2_PORT, 6e4, CHANNEL_HOST, CHANNEL_SECONDARY.tmuxSession)
+  ]);
+  console.log(ready1 ? `channel 1 ready (${CHANNEL_PORT}).` : "\u26A0 channel 1 did not come up within 60s.");
+  console.log(ready2 ? `channel 2 ready (${CHANNEL_2_PORT}).` : "\u26A0 channel 2 (CWE) did not come up within 60s.");
+  await warmChannels(ready1, ready2);
+}
+function relativeTime(iso) {
+  const ts = new Date(iso).getTime();
+  if (!Number.isFinite(ts)) return iso;
+  const sec = Math.max(0, Math.round((Date.now() - ts) / 1e3));
+  if (sec < 60) return `${sec}s ago`;
+  if (sec < 3600) return `${Math.round(sec / 60)}m ago`;
+  if (sec < 86400) return `${Math.round(sec / 3600)}h ago`;
+  return `${Math.round(sec / 86400)}d ago`;
+}
+function colorize(s, code) {
+  if (!process.stdout.isTTY) return s;
+  return `\x1B[${code}m${s}\x1B[0m`;
+}
+function statusGlyph(t) {
+  if (t.status === "ok") return colorize("\u2713", 32);
+  if (t.status === "timeout") return colorize("\u23F1", 33);
+  return colorize("\u2717", 31);
+}
+function severityCell(t) {
+  if (t.severity) {
+    const sev = t.severity;
+    if (sev === "block" || sev === "violations" || sev === "unclear") return colorize(sev, 33);
+    return colorize(sev, 36);
+  }
+  if (t.error) return colorize(t.error.slice(0, 40), 31);
+  return "\u2014";
+}
+function firstLine(s) {
+  return s.split("\n").find((l) => l.trim().length > 0)?.trim() ?? "";
+}
+function formatTurn(t, raw) {
+  const when = relativeTime(t.ts).padEnd(8);
+  const dur = (t.duration_ms < 1e3 ? `${t.duration_ms}ms` : `${(t.duration_ms / 1e3).toFixed(1)}s`).padStart(7);
+  const role = t.role.padEnd(24);
+  const sev = severityCell(t).padEnd(20);
+  const preview = (() => {
+    const req = firstLine(t.request_preview).slice(0, 60);
+    return colorize(req, 90);
+  })();
+  const head = `${statusGlyph(t)} ${when} ${dur} ${role} ${sev} ${preview}`;
+  if (!raw) return head;
+  const blocks = [head];
+  blocks.push(colorize("  request:", 90));
+  blocks.push("    " + t.request_preview.replace(/\n/g, "\n    "));
+  if (t.response_preview) {
+    blocks.push(colorize("  response:", 90));
+    blocks.push("    " + t.response_preview.replace(/\n/g, "\n    "));
+  }
+  if (t.error) {
+    blocks.push(colorize("  error:", 31) + " " + t.error);
+  }
+  return blocks.join("\n");
+}
+function cmdLogs(rest) {
+  let n = 20;
+  let raw = false;
+  let live = false;
+  if (inDockerMode()) {
+    const followFlag = rest.includes("--live") || rest.includes("-f") ? ["--follow"] : [];
+    const tailArg = (() => {
+      for (const arg of rest) {
+        const parsed = parseInt(arg, 10);
+        if (parsed > 0) return String(parsed);
+      }
+      return "200";
+    })();
+    spawnSync6("docker", ["logs", "--tail", tailArg, ...followFlag, "synkro-server"], { stdio: "inherit" });
+    return;
+  }
+  for (const arg of rest) {
+    if (arg === "--raw" || arg === "-r") raw = true;
+    else if (arg === "--live" || arg === "-f") live = true;
+    else if (arg === "--tmux") {
+      console.log(tailLogs(80));
+      return;
+    } else {
+      const parsed = parseInt(arg, 10);
+      if (parsed > 0) n = parsed;
+    }
+  }
+  const header = "  " + colorize("status when     dur     role                     severity             request", 90);
+  const turns = readRecentTurns(n);
+  if (turns.length === 0) {
+    if (!live) {
+      console.log(`No turns logged yet at ${TURN_LOG_PATH}.`);
+      console.log("Run a few requests through the channel (synkro local-cc test) and try again.");
+      return;
+    }
+    console.log(`No turns logged yet at ${TURN_LOG_PATH} \u2014 waiting for new entries\u2026 (Ctrl-C to exit)`);
+  } else {
+    console.log(`Last ${turns.length} channel turn(s) (newest first):`);
+    console.log(header);
+    for (const t of turns) console.log("  " + formatTurn(t, raw));
+  }
+  if (!live) {
+    if (!raw) console.log("  " + colorize("(use --raw / -r to see full payloads, --live / -f to follow)", 90));
+    return;
+  }
+  return new Promise((resolve3) => {
+    console.log("  " + colorize("\u2014 following new turns (Ctrl-C to exit) \u2014", 90));
+    const stop = followTurns((t) => {
+      console.log("  " + formatTurn(t, raw));
+    });
+    const onSigint = () => {
+      stop();
+      process.removeListener("SIGINT", onSigint);
+      resolve3();
+    };
+    process.on("SIGINT", onSigint);
+  });
+}
+function cmdAttach(rest) {
+  assertTmuxInstalled();
+  const readonly = rest.some((a) => a === "--readonly" || a === "-r");
+  const has = spawnSync6("tmux", ["has-session", "-t", `=${TMUX_SESSION_NAME}`], { encoding: "utf-8" });
+  if (has.status !== 0) {
+    console.error(`No tmux session '${TMUX_SESSION_NAME}' running. Start it with: synkro local-cc start`);
+    process.exit(1);
+  }
+  if (!process.stdout.isTTY) {
+    console.error("attach requires a TTY. Run this command directly in your terminal, not piped.");
+    process.exit(1);
+  }
+  console.log(`Attaching to tmux session '${TMUX_SESSION_NAME}'${readonly ? " (read-only)" : ""}.`);
+  console.log("Detach with Ctrl-B then D. (Do not press Ctrl-C \u2014 that would interrupt claude.)");
+  console.log();
+  const args2 = readonly ? ["attach-session", "-r", "-t", TMUX_SESSION_NAME] : ["attach-session", "-t", TMUX_SESSION_NAME];
+  const r = spawnSync6("tmux", args2, { stdio: "inherit" });
+  process.exit(r.status ?? 0);
+}
+async function cmdTest() {
+  console.log("Sending smoke-test grading request through the channel...");
+  const result = await submitToChannel(
+    "grade-bash",
+    'Command: echo "hello world"\nIntent: testing channel connectivity'
+  );
+  console.log("Raw reply:");
+  console.log(result);
+}
+function cmdInstall() {
+  const r = installLocalCC();
+  console.log(`Reinstalled plugin at ${r.pluginPath}`);
+}
+function cmdRefreshCreds() {
+  if (!needsKeychainBridge()) {
+    console.log("No-op on this platform \u2014 credentials are already file-based.");
+    return;
+  }
+  const refreshed = refreshCreds();
+  if (refreshed) {
+    console.log(`Exported claude credentials to ${CLAUDE_CREDS_FILE}`);
+  } else {
+    console.warn("No Claude Code credentials found in the keychain.");
+    console.warn("Run `claude login` first, then re-run this command.");
+    process.exitCode = 1;
+  }
+  if (credsAreStale()) {
+    console.warn("\u26A0 Exported credentials are older than the refresh interval.");
+  }
+}
+async function localCcCommand(args2) {
+  const sub = args2[0] ?? "";
+  try {
+    switch (sub) {
+      case "enable":
+        await cmdEnable();
+        break;
+      case "disable":
+        cmdDisable();
+        break;
+      case "status":
+        await cmdStatus();
+        break;
+      case "start":
+        await cmdStart(args2.slice(1));
+        break;
+      case "stop":
+        cmdStop();
+        break;
+      case "restart":
+        await cmdRestart(args2.slice(1));
+        break;
+      case "install":
+        cmdInstall();
+        break;
+      case "logs":
+        await cmdLogs(args2.slice(1));
+        break;
+      case "attach":
+        cmdAttach(args2.slice(1));
+        break;
+      case "test":
+        await cmdTest();
+        break;
+      case "refresh-creds":
+        cmdRefreshCreds();
+        break;
+      case "":
+      case "help":
+      case "--help":
+      case "-h":
+        printHelp();
+        break;
+      default:
+        console.error(`Unknown subcommand: ${sub}`);
+        printHelp();
+        process.exit(1);
+    }
+  } catch (err) {
+    console.error(err.message);
+    process.exit(1);
+  }
+}
+var SYNKRO_CONFIG_PATH, CONFIG_PATH4;
+var init_localCc = __esm({
+  "cli/commands/localCc.ts"() {
+    "use strict";
+    init_install2();
+    init_turnLog();
+    init_pueue();
+    init_settings();
+    init_macKeychain();
+    init_dockerInstall();
+    init_client();
+    init_stub();
+    SYNKRO_CONFIG_PATH = join14(homedir14(), ".synkro", "config.env");
+    CONFIG_PATH4 = join14(homedir14(), ".synkro", "config.env");
+  }
+});
+
 // cli/commands/lifecycle.ts
 var lifecycle_exports = {};
 __export(lifecycle_exports, {
@@ -7870,6 +8890,9 @@ __export(lifecycle_exports, {
   stopCommand: () => stopCommand,
   updateCommand: () => updateCommand
 });
+function resolveConnectedRepo() {
+  return detectGitRepo2() ?? readContainerConfig()?.connectedRepo ?? void 0;
+}
 async function stopCommand() {
   assertDockerAvailable();
   console.log("Synkro: stopping server\n");
@@ -7886,7 +8909,7 @@ async function startCommand(rest = []) {
   if (cfg.explicit) {
     console.log(`Synkro: starting server (${cfg.claudeWorkers} claude + ${cfg.cursorWorkers} cursor)
 `);
-    await dockerUpdate({ claudeWorkers: cfg.claudeWorkers, cursorWorkers: cfg.cursorWorkers });
+    await dockerUpdate({ claudeWorkers: cfg.claudeWorkers, cursorWorkers: cfg.cursorWorkers, connectedRepo: resolveConnectedRepo() });
     const ready = await waitForContainerReady(6e4);
     if (!ready) {
       console.error("\n\u26A0 container did not pass /healthz within 60s");
@@ -7916,7 +8939,7 @@ async function updateCommand() {
   console.log("Synkro: updating to the latest container image");
   console.log(`  preserving pool: ${claudeWorkers} claude + ${cursorWorkers} cursor worker(s)
 `);
-  await dockerUpdate({ claudeWorkers, cursorWorkers, connectedRepo: cfg.connectedRepo });
+  await dockerUpdate({ claudeWorkers, cursorWorkers, connectedRepo: resolveConnectedRepo() });
   const ready = await waitForContainerReady(9e4);
   if (!ready) {
     console.error("\n\u26A0 container did not pass its health check within 90s \u2014 check: docker logs synkro-server");
@@ -7930,7 +8953,7 @@ async function restartCommand(rest = []) {
   if (cfg.explicit) {
     console.log(`Synkro: restarting server (${cfg.claudeWorkers} claude + ${cfg.cursorWorkers} cursor)
 `);
-    await dockerUpdate({ claudeWorkers: cfg.claudeWorkers, cursorWorkers: cfg.cursorWorkers });
+    await dockerUpdate({ claudeWorkers: cfg.claudeWorkers, cursorWorkers: cfg.cursorWorkers, connectedRepo: resolveConnectedRepo() });
     const ready = await waitForContainerReady(6e4);
     if (!ready) {
       console.error("\n\u26A0 container did not pass /healthz within 60s");
@@ -7953,19 +8976,20 @@ var init_lifecycle = __esm({
   "cli/commands/lifecycle.ts"() {
     "use strict";
     init_dockerInstall();
+    init_install();
   }
 });
 
 // cli/bootstrap.js
-import { readFileSync as readFileSync10, existsSync as existsSync13 } from "fs";
+import { readFileSync as readFileSync12, existsSync as existsSync15 } from "fs";
 import { resolve as resolve2 } from "path";
 var envCandidates = [
   resolve2(process.cwd(), ".env"),
   resolve2(process.env.HOME ?? "", ".synkro", "config.env")
 ];
 for (const envPath of envCandidates) {
-  if (!existsSync13(envPath)) continue;
-  const envContent = readFileSync10(envPath, "utf-8");
+  if (!existsSync15(envPath)) continue;
+  const envContent = readFileSync12(envPath, "utf-8");
   for (const line of envContent.split("\n")) {
     const trimmed = line.trim();
     if (!trimmed || trimmed.startsWith("#")) continue;
@@ -7980,9 +9004,9 @@ var args = process.argv.slice(2);
 var cmd = args[0] || "";
 var subArgs = args.slice(1);
 function printVersion() {
-  console.log("1.6.8");
+  console.log("1.6.10");
 }
-function printHelp() {
+function printHelp2() {
   console.log(`Synkro CLI \u2014 runtime safety for AI coding agents
 
 Usage:
@@ -8025,6 +9049,11 @@ async function main() {
       await gradeCommand2(subArgs);
       break;
     }
+    case "local-cc": {
+      const { localCcCommand: localCcCommand2 } = await Promise.resolve().then(() => (init_localCc(), localCc_exports));
+      await localCcCommand2(subArgs);
+      break;
+    }
     case "version":
     case "--version":
     case "-v": {
@@ -8035,7 +9064,7 @@ async function main() {
     case "--help":
     case "-h":
     case "": {
-      printHelp();
+      printHelp2();
       break;
     }
     case "stop": {
@@ -8060,7 +9089,7 @@ async function main() {
     }
     default: {
       console.error(`Unknown command: ${cmd}`);
-      printHelp();
+      printHelp2();
       process.exit(1);
     }
   }