npm - @synkro-sh/cli - Versions diffs - 1.6.8 → 1.6.9 - Mend

@synkro-sh/cli 1.6.8 → 1.6.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/bootstrap.js CHANGED Viewed

@@ -1264,45 +1264,28 @@ export async function runInstallScan(command: string, jwt: string): Promise<Inst
     scanned: false, action: 'allow', blockContext: '', summary: '',
     scannedLabel: '', findings: [], violatedIds: [],
   };
-  const pkgInstallMatch = command.match(
-    /^(?:.*&&\\s*|.*;\\s*)?(?:npm\\s+(?:install|i|add)|pnpm\\s+(?:add|install|i)|yarn\\s+add|bun\\s+(?:add|install|i)|(?:uv\\s+)?pip3?\\s+install|go\\s+get|cargo\\s+add|gem\\s+install|composer\\s+require)\\s+([^|;&><]+)/
-  );
-  if (!pkgInstallMatch) return empty;
-  const isPip = /(?:uv\\s+)?pip3?\\s+install/.test(command);
-  const packages: Array<{ name: string; version: string; ecosystem: string }> = [];
-  const tokens = pkgInstallMatch[1].split(/\\s+/);
-  let skipNext = false;
-  for (const token of tokens) {
-    if (skipNext) { skipNext = false; continue; }
-    if (!token || !/^[@a-zA-Z]/.test(token)) continue;
-    if (token.startsWith('-')) {
-      if (/^--(python|target|prefix|root|constraint|requirement|index-url|extra-index-url|find-links|build|src|cache-dir|filter|workspace)$/.test(token)) skipNext = true;
-      continue;
-    }
-    const ecosystem = isPip ? 'PyPI' : 'npm';
-    if (isPip) {
-      const pipMatch = token.match(/^([a-zA-Z0-9_.-]+)(?:[=~!<>]=?(.+))?$/);
-      if (pipMatch) {
-        packages.push({ name: pipMatch[1], version: pipMatch[2]?.replace(/^=/, '') || '*', ecosystem });
-        continue;
-      }
-    }
-    const atIdx = token.lastIndexOf('@');
-    if (atIdx > 0) packages.push({ name: token.slice(0, atIdx), version: token.slice(atIdx + 1), ecosystem });
-    else packages.push({ name: token, version: '*', ecosystem });
-  }
-  if (packages.length === 0) return empty;
-  const scannedLabel = packages.map(p => p.name + '@' + p.version).join(', ');
+  // Stage 0 \u2014 recall-tuned pre-filter. Cheap, dependency-free, runs on every
+  // Bash command. A false positive only costs a wasted server round-trip; a
+  // false negative would let a vulnerable install through \u2014 so keep it loose.
+  const lc = command.toLowerCase();
+  const HINTS = [
+    'npm', 'pnpm', 'yarn', 'bun', 'pip', 'cargo', 'gem', 'composer',
+    'apt', 'apk', 'brew', 'dnf', 'yum', 'pacman', 'install', 'require',
+    'eval', '$(', '| sh', '| bash', 'curl', 'wget', 'make ',
+  ];
+  if (!HINTS.some(h => lc.includes(h))) return empty;
   try {
     const scanResp = await fetch(GATEWAY_URL + '/api/v1/pkg-scan', {
       method: 'POST',
       headers: { 'Content-Type': 'application/json', Authorization: 'Bearer ' + jwt },
-      body: JSON.stringify({ packages, command }),
-      signal: AbortSignal.timeout(15000),
+      body: JSON.stringify({ command }),
+      signal: AbortSignal.timeout(10000),
     }).then(r => r.json()) as any;
     const action = scanResp?.action || 'allow';
     const pkgResults = Array.isArray(scanResp?.packages) ? scanResp.packages : [];
     const summary = scanResp?.summary || '';
+    const scannedLabel = pkgResults.map((p: any) => p.name + '@' + p.version).join(', ');
     if (action === 'block') {
       const blockSignals = pkgResults
         .flatMap((p: any) => (p.signals || []).filter((s: any) => s.severity === 'critical' || s.severity === 'high'))
@@ -1319,7 +1302,7 @@ export async function runInstallScan(command: string, jwt: string): Promise<Inst
           }
         }
       }
-      const details = blockSignals.map((s: any) => s.detail).join('\\n');
+      const details = blockSignals.map((s: any) => s.detail).join('\\n') || summary;
       return {
         scanned: true, action: 'block',
         blockContext: details + '\\nDo NOT install packages with security risks. Use a patched version or a different package.',
@@ -1332,7 +1315,14 @@ export async function runInstallScan(command: string, jwt: string): Promise<Inst
       blockContext: '', summary, scannedLabel, findings: [], violatedIds: [],
     };
   } catch {
-    return { scanned: true, action: 'allow', blockContext: '', summary: '', scannedLabel, findings: [], violatedIds: [] };
+    // Fail closed \u2014 could not verify the install (timeout / server
+    // unreachable). Blocking an unverified install beats letting a
+    // vulnerable package through.
+    return {
+      scanned: true, action: 'block',
+      blockContext: 'Synkro could not verify this install is safe \u2014 the package scanner timed out or was unreachable. This is a verification failure, not a confirmed vulnerability. Retry once the Synkro server is reachable.',
+      summary: 'install scan unavailable', scannedLabel: '', findings: [], violatedIds: ['scan_unavailable'],
+    };
   }
 }
@@ -3091,6 +3081,7 @@ import {
   extractTranscript, readLastPrompt, appendSessionAction, readSessionLog, compressSessionLog, log,
   outputJson, outputEmpty, setupCursorHookSignals, isShellTool, hookSessionId, GATEWAY_URL,
   logGraderUnavailable, filterRules, normalizeMode, appendLocalTelemetry, isSafeInRepoRead,
+  runInstallScan,
   type HookConfig, type Rule,
 } from './_synkro-common.ts';
@@ -3161,7 +3152,7 @@ async function main() {
         tool_name: toolName,
         command: command.slice(0, 200),
         session_id: sessionId,
-        repo: cwd,
+        repo: gitRepo || cwd,
         cc_model: transcript.ccModel,
         reasoning: 'Safe in-repo read — auto-allowed without an LLM grade.',
       });
@@ -3176,108 +3167,44 @@ async function main() {
     }
     // ─── Install protection: server-side pkg-scan (CVE + typosquat + tarball + reputation) ───
+    // Detection + extraction happen server-side (runInstallScan); the hook
+    // relays the verdict. A block is handed to the grader as an authoritative
+    // concern so the normal ask + consent-carryover flow lets the user
+    // override it on the next turn.
     let installScanMsg = '';
+    let scanConcern = '';
+    let scanBlockContext = '';
     if (toolName === 'Bash') {
-      const pkgInstallMatch = command.match(
-        /^(?:.*&&\s*|.*;\s*)?(?:npm\s+(?:install|i|add)|pnpm\s+(?:add|install|i)|yarn\s+add|bun\s+(?:add|install|i)|(?:uv\s+)?pip3?\s+install|go\s+get|cargo\s+add|gem\s+install|composer\s+require)\s+([^|;&><]+)/
-      );
-      const isPip = /(?:uv\s+)?pip3?\s+install/.test(command);
-      if (pkgInstallMatch) {
-        const rawArgs = pkgInstallMatch[1];
-        const packages: Array<{ name: string; version: string; ecosystem: string }> = [];
-        const tokens = rawArgs.split(/\s+/);
-        let skipNext = false;
-        for (const token of tokens) {
-          if (skipNext) { skipNext = false; continue; }
-          if (!token || !/^[@a-zA-Z]/.test(token)) continue;
-          if (token.startsWith('-')) {
-            if (/^--(python|target|prefix|root|constraint|requirement|index-url|extra-index-url|find-links|build|src|cache-dir|filter|workspace)$/.test(token)) skipNext = true;
-            continue;
-          }
-          const ecosystem = isPip ? 'PyPI' : 'npm';
-          if (isPip) {
-            const pipMatch = token.match(/^([a-zA-Z0-9_.-]+)(?:[=~!<>]=?(.+))?$/);
-            if (pipMatch) {
-              packages.push({ name: pipMatch[1], version: pipMatch[2]?.replace(/^=/, '') || '*', ecosystem });
-              continue;
-            }
-          }
-          const atIdx = token.lastIndexOf('@');
-          if (atIdx > 0) {
-            packages.push({ name: token.slice(0, atIdx), version: token.slice(atIdx + 1), ecosystem });
-          } else {
-            packages.push({ name: token, version: '*', ecosystem });
-          }
-        }
-        if (packages.length > 0) {
-          try {
-            const scanResp = await fetch(GATEWAY_URL + '/api/v1/pkg-scan', {
-              method: 'POST',
-              headers: { 'Content-Type': 'application/json', Authorization: 'Bearer ' + jwt },
-              body: JSON.stringify({ packages, command }),
-              signal: AbortSignal.timeout(15000),
-            }).then(r => r.json()) as any;
-            const action = scanResp?.action || 'allow';
-            const pkgResults = Array.isArray(scanResp?.packages) ? scanResp.packages : [];
-            const summary = scanResp?.summary || '';
-            if (action === 'block') {
-              const blockSignals = pkgResults
-                .flatMap((p: any) => (p.signals || []).filter((s: any) => s.severity === 'critical' || s.severity === 'high'))
-                .slice(0, 5);
-              const scanMsg = '[synkro:installScan] ' + cmdShort + ' → blocked';
-              const details = blockSignals.map((s: any) => s.detail).join('\n');
-              const ctx = details + '\nDo NOT install packages with security risks. Use a patched version or a different package.';
-              const config = await loadConfig(jwt);
-              for (const p of pkgResults) {
-                for (const s of (p.signals || [])) {
-                  if (s.severity === 'critical' || s.severity === 'high') {
-                    const advisoryMatch = (s.detail || '').match(/\\b(GHSA-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{4}|CVE-\\d{4}-\\d+)\\b/i);
-                    const advisoryId = advisoryMatch ? advisoryMatch[1] : s.type;
-                    dispatchFinding(jwt, {
-                      session_id: sessionId,
-                      file_path: command,
-                      finding_type: 'cve' as const,
-                      finding_id: advisoryId + ':' + p.name,
-                      severity: s.severity,
-                      status: 'open',
-                      detail: s.detail,
-                      package_name: p.name,
-                      package_version: p.version,
-                    }, config.captureDepth);
-                  }
-                }
-              }
-              const violatedIds = blockSignals.map((s: any) => s.type + ':' + s.detail.slice(0, 40));
-              dispatchCapture(jwt, 'pkg', 'block', 'critical', 'security',
-                'Bash', gitRepo, sessionId, config.captureDepth, {
-                  command,
-                  reasoning: details.slice(0, 200),
-                  violatedRules: violatedIds,
-                  ccModel: transcript.ccModel,
-                });
-              outputJson({
-                systemMessage: scanMsg,
-                hookSpecificOutput: { hookEventName: 'PreToolUse', permissionDecision: 'deny', permissionDecisionReason: ctx, additionalContext: ctx },
-              });
-              return;
-            }
-            if (action === 'warn') {
-              installScanMsg = '[synkro:installScan] ' + summary;
-            } else {
-              const scannedPkgs = packages.map(p => p.name + '@' + p.version).join(', ');
-              installScanMsg = '[synkro:installScan] ' + scannedPkgs + ' → clean';
-            }
-          } catch (e) {
-            log('bashGuard pkg-scan failed: ' + String(e));
-          }
+      const scan = await runInstallScan(command, jwt);
+      if (scan.action === 'block') {
+        for (const f of scan.findings) {
+          dispatchFinding(jwt, {
+            session_id: sessionId,
+            file_path: command,
+            finding_type: 'cve' as const,
+            finding_id: f.advisoryId + ':' + f.name,
+            severity: f.severity,
+            status: 'open',
+            detail: f.detail,
+            package_name: f.name,
+            package_version: f.version,
+          }, config.captureDepth);
         }
+        dispatchCapture(jwt, 'pkg', 'block', 'critical', 'security',
+          'Bash', gitRepo, sessionId, config.captureDepth, {
+            command,
+            reasoning: scan.blockContext.slice(0, 200),
+            violatedRules: scan.violatedIds,
+            ccModel: transcript.ccModel,
+          });
+        scanBlockContext = scan.blockContext;
+        scanConcern = 'PACKAGE SCANNER FLAG (authoritative — do NOT re-evaluate whether the vulnerability is real): '
+          + scan.blockContext
+          + ' For this concern you MUST return ok=false with rule_id "SYNKRO_PKGSCAN", rule_mode "ask", and the reason above — UNLESS the user has explicitly consented in this conversation to installing this despite the warning, in which case return ok=true.';
+      } else if (scan.scanned && scan.action === 'warn') {
+        installScanMsg = '[synkro:installScan] ' + scan.summary;
+      } else if (scan.scanned) {
+        installScanMsg = '[synkro:installScan] ' + (scan.scannedLabel || cmdShort) + ' → clean';
       }
     }
@@ -3298,6 +3225,7 @@ async function main() {
         'User intent (last human message): ' + (transcript.userIntent || 'none stated'),
         'Last user prompt: ' + (lastPrompt || 'none'),
         'Org rules: ' + JSON.stringify(relevantRules),
+        scanConcern,
         'IMPORTANT: If a rule is violated, ALWAYS return ok=false with the rule_id and reason, regardless of the rule mode. Do NOT pass a command just because the rule mode is "fix". The enforcement layer handles ask vs fix — your job is only to detect violations.',
         'The rules shown were pre-selected as the ones relevant to this command — every rule here IS relevant, do not label any "not relevant". When passing (ok=true), give a terse, specific reason each rule passes. Format: "R003: no secrets in grep args. R005: in-repo path only." Cover every rule shown.',
         'Rules with preconditions (e.g. "run X before Y") are CONSUMED after the protected action completes. Use the session history timestamps to determine ordering: a precondition satisfied before the last occurrence of the protected action does NOT satisfy the next occurrence. Each new protected action needs its precondition re-satisfied.',
@@ -3308,6 +3236,16 @@ async function main() {
         gradeResp = await localGrade('bash', graderPrompt);
       } catch (err) {
         logGraderUnavailable('bashGuard', toolInput.command?.slice(0, 200) || '', (err as Error).message || String(err));
+        if (scanConcern) {
+          // Grader unavailable to run the consent check — fail closed on a
+          // scanner-flagged install (ask-mode so the user can still consent).
+          const ctx = scanBlockContext + ' Synkro flagged this install but the grader is unavailable to check consent — ask the user for explicit consent, then retry.';
+          outputJson({
+            systemMessage: tagStr + ' bashGuard → install blocked (scan flagged; grader unavailable)',
+            hookSpecificOutput: { hookEventName: 'PreToolUse', permissionDecision: 'deny', permissionDecisionReason: ctx, additionalContext: ctx },
+          });
+          return;
+        }
         outputJson({ systemMessage: tagStr + ' bashGuard → local grader unavailable, skipped' });
         return;
       }
@@ -3371,6 +3309,18 @@ async function main() {
       session_summary: transcript.sessionSummary || null,
     };
+    if (scanConcern) {
+      // Cloud grading does not carry the package-scanner concern through the
+      // consent flow — block here with ask-mode messaging so the user can
+      // consent and retry.
+      const ctx = scanBlockContext + ' Ask the user for explicit consent before retrying.';
+      outputJson({
+        systemMessage: tagStr + ' bashGuard → install blocked: ' + cmdShort,
+        hookSpecificOutput: { hookEventName: 'PreToolUse', permissionDecision: 'deny', permissionDecisionReason: ctx, additionalContext: ctx },
+      });
+      return;
+    }
     const resp = await postWithRetry(GATEWAY_URL + '/api/v1/hook/judge', body, jwt, 8000);
     if (!resp) {
@@ -4295,7 +4245,7 @@ async function main() {
       appendLocalTelemetry({
         capture_type: 'local_verdict', verdict: 'pass', hook_type: 'bash',
         category: 'safe_read', tool_name: toolName, command: command.slice(0, 200),
-        session_id: sessionId, repo: cwd,
+        session_id: sessionId, repo: repo || cwd,
         cc_model: model,
         reasoning: 'Safe in-repo read \u2014 auto-allowed without an LLM grade.',
       });
@@ -4316,6 +4266,10 @@ async function main() {
     const tagStr = tag(rt, config);
     // Install protection \u2014 scan packages before any npm/pip/cargo/etc. install.
+    // A block is handed to the grader as an authoritative concern so the
+    // normal ask + consent-carryover flow can let the user override it.
+    let scanConcern = '';
+    let scanBlockContext = '';
     if (SHELL_TOOL_NAMES.has(toolName)) {
       const scan = await runInstallScan(command, jwt);
       if (scan.action === 'block') {
@@ -4332,11 +4286,10 @@ async function main() {
             command, reasoning: scan.blockContext.slice(0, 200),
             violatedRules: scan.violatedIds, ccModel: model,
           });
-        finishWith({
-          permission: 'deny',
-          user_message: tagStr + ' installScan \u2192 blocked: ' + cmdShort,
-          agent_message: 'Synkro blocked this install \u2014 flagged package(s). ' + scan.blockContext,
-        });
+        scanBlockContext = scan.blockContext;
+        scanConcern = 'PACKAGE SCANNER FLAG (authoritative \u2014 do NOT re-evaluate whether the vulnerability is real): '
+          + scan.blockContext
+          + ' For this concern you MUST return ok=false with rule_id "SYNKRO_PKGSCAN", rule_mode "ask", and the reason above \u2014 UNLESS the user has explicitly consented in this conversation to installing this despite the warning, in which case return ok=true.';
       } else if (scan.scanned && scan.action === 'warn') {
         log('bashGuard installScan warn: ' + scan.summary);
       }
@@ -4354,6 +4307,7 @@ async function main() {
         'User intent (last human message): ' + (transcript.userIntent || lastPrompt || 'none stated'),
         'Last user prompt: ' + (lastPrompt || 'none'),
         'Org rules: ' + JSON.stringify(relevantRules),
+        scanConcern,
         'IMPORTANT: If a rule is violated, ALWAYS return ok=false with the rule_id and reason, regardless of the rule mode. Do NOT pass a command just because the rule mode is "fix". The enforcement layer handles ask vs fix \u2014 your job is only to detect violations.',
         'The rules shown were pre-selected as the ones relevant to this command \u2014 every rule here IS relevant, do not label any "not relevant". When passing (ok=true), give a terse, specific reason each rule passes. Format: "R003: no secrets in grep args. R005: in-repo path only." Cover every rule shown.',
         'Rules with preconditions (e.g. "run X before Y") are CONSUMED after the protected action completes. Use the session history timestamps to determine ordering: a precondition satisfied before the last occurrence of the protected action does NOT satisfy the next occurrence. Each new protected action needs its precondition re-satisfied.',
@@ -4364,6 +4318,15 @@ async function main() {
         gradeResp = await localGrade('bash', graderPrompt, CURSOR_GRADE_TIMEOUT_MS, 'cursor');
       } catch (e) {
         logGraderUnavailable('bashGuard', command.slice(0, 200), (e as Error).message || String(e));
+        if (scanConcern) {
+          // Grader unavailable to run the consent check \u2014 fail closed on a
+          // scanner-flagged install (ask-mode so the user can still consent).
+          finishWith({
+            permission: 'deny',
+            user_message: tagStr + ' installScan \u2192 blocked (grader unavailable): ' + cmdShort,
+            agent_message: 'Synkro flagged this install: ' + scanBlockContext + ' The grader is unavailable to check consent \u2014 ask the user for explicit consent, then retry.',
+          });
+        }
         log('bashGuard ' + cmdShort + ' \u2192 pass (grade unavailable): ' + String(e));
         finishWith({ permission: 'allow' });
       }
@@ -4402,6 +4365,17 @@ async function main() {
       finishWith({ permission: 'allow' });
     }
+    if (scanConcern) {
+      // Cloud grading does not carry the package-scanner concern through the
+      // consent flow \u2014 block here with ask-mode messaging so the user can
+      // consent and retry.
+      finishWith({
+        permission: 'deny',
+        user_message: tagStr + ' installScan \u2192 blocked: ' + cmdShort,
+        agent_message: 'Synkro flagged this install: ' + scanBlockContext + ' Ask the user for explicit consent before retrying.',
+      });
+    }
     const body: Record<string, any> = {
       hook_event: 'PreToolUse',
       tool_name: toolName || 'Bash',
@@ -5698,6 +5672,7 @@ __export(macKeychain_exports, {
   readKeychainCreds: () => readKeychainCreds,
   refreshCreds: () => refreshCreds,
   uninstallRefreshAgent: () => uninstallRefreshAgent,
+  validateCursorApiKey: () => validateCursorApiKey,
   writeCursorApiKey: () => writeCursorApiKey,
   writeRefreshAgent: () => writeRefreshAgent
 });
@@ -5742,6 +5717,27 @@ function writeCursorApiKey(key) {
   writeFileSync6(CURSOR_API_KEY_FILE, trimmed, "utf-8");
   chmodSync(CURSOR_API_KEY_FILE, 384);
 }
+async function validateCursorApiKey() {
+  let key;
+  try {
+    key = readFileSync6(CURSOR_API_KEY_FILE, "utf-8").trim();
+  } catch {
+    return null;
+  }
+  if (!key) return null;
+  try {
+    const auth = Buffer.from(`${key}:`).toString("base64");
+    const r = await fetch("https://api.cursor.com/v1/me", {
+      headers: { Authorization: `Basic ${auth}` },
+      signal: AbortSignal.timeout(8e3)
+    });
+    if (r.status === 401 || r.status === 403) return false;
+    if (r.ok) return true;
+    return null;
+  } catch {
+    return null;
+  }
+}
 function credsAreStale() {
   if (!existsSync7(CLAUDE_CREDS_FILE)) return true;
   try {
@@ -5756,7 +5752,7 @@ function writeRefreshAgent(synkroBinPath) {
     throw new KeychainExportError("writeRefreshAgent is darwin-only");
   }
   mkdirSync6(join6(homedir6(), "Library", "LaunchAgents"), { recursive: true });
-  const shellCmd = `export PATH="/opt/homebrew/bin:/usr/local/bin:$PATH" && "${synkroBinPath}" local-cc refresh-creds`;
+  const shellCmd = `export PATH="/opt/homebrew/bin:/usr/local/bin:$PATH" && { "${synkroBinPath}" local-cc refresh-creds || synkro local-cc refresh-creds; }`;
   const plist = `<?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
 <plist version="1.0">
@@ -5946,6 +5942,11 @@ function claudeCredsHostDir() {
   if (needsKeychainBridge()) return CLAUDE_CREDS_DIR;
   return join7(homedir7(), ".claude");
 }
+function resolveSynkroBin() {
+  const which2 = spawnSync2("which", ["synkro"], { encoding: "utf-8", timeout: 5e3 });
+  const resolved = (which2.stdout || "").split("\n")[0].trim();
+  return resolved || "synkro";
+}
 async function dockerInstall(opts = {}) {
   assertDockerAvailable();
   const image = imageTag();
@@ -5979,7 +5980,7 @@ async function dockerInstall(opts = {}) {
       console.warn("    Generate a key at cursor.com \u2192 Settings \u2192 API Keys, then:");
       console.warn(`      echo 'YOUR_KEY' > ~/.synkro/cursor-creds/api-key && chmod 600 ~/.synkro/cursor-creds/api-key`);
     }
-    const plist = writeRefreshAgent("/usr/local/bin/synkro");
+    const plist = writeRefreshAgent(resolveSynkroBin());
     try {
       loadRefreshAgent();
     } catch (err) {
@@ -6324,8 +6325,16 @@ async function promptAgentSelection(detected) {
   return ask2();
 }
 async function promptCursorApiKey(opts) {
-  const { cursorApiKeyConfigured: cursorApiKeyConfigured2, writeCursorApiKey: writeCursorApiKey2 } = await Promise.resolve().then(() => (init_macKeychain(), macKeychain_exports));
-  if (cursorApiKeyConfigured2()) return;
+  const { cursorApiKeyConfigured: cursorApiKeyConfigured2, writeCursorApiKey: writeCursorApiKey2, validateCursorApiKey: validateCursorApiKey2 } = await Promise.resolve().then(() => (init_macKeychain(), macKeychain_exports));
+  if (cursorApiKeyConfigured2()) {
+    const valid = await validateCursorApiKey2();
+    if (valid !== false) {
+      console.log("  \u2713 Cursor API key validated.");
+      return;
+    }
+    console.warn("  \u26A0 The saved Cursor API key was rejected by Cursor (revoked or expired).");
+    console.warn("    Paste a fresh key below, or press Enter to skip (Cursor workers stay idle).");
+  }
   const provided = (opts.cursorApiKey || process.env.SYNKRO_CURSOR_API_KEY || "").trim();
   if (provided) {
     writeCursorApiKey2(provided);
@@ -6450,7 +6459,7 @@ function writeConfigEnv(opts) {
     `SYNKRO_CREDENTIALS_PATH=${shellQuoteSingle(credsPath)}`,
     `SYNKRO_TIER=${shellQuoteSingle(safeTier)}`,
     `SYNKRO_INFERENCE=${shellQuoteSingle(safeInference)}`,
-    `SYNKRO_VERSION=${shellQuoteSingle("1.6.8")}`
+    `SYNKRO_VERSION=${shellQuoteSingle("1.6.9")}`
   ];
   if (safeSynkroBin) lines.push(`SYNKRO_CLI_BIN=${shellQuoteSingle(safeSynkroBin)}`);
   if (safeUserId) lines.push(`SYNKRO_USER_ID=${shellQuoteSingle(safeUserId)}`);
@@ -7181,6 +7190,37 @@ import { existsSync as existsSync10, mkdirSync as mkdirSync9, writeFileSync as w
 import { join as join9 } from "path";
 import { homedir as homedir9 } from "os";
 import { spawnSync as spawnSync3 } from "child_process";
+function writePluginFiles() {
+  for (const c of CHANNELS) {
+    mkdirSync9(c.sessionDir, { recursive: true });
+    mkdirSync9(c.pluginSettingsDir, { recursive: true });
+    writeFileSync8(c.pluginPkgPath, PLUGIN_PACKAGE_JSON, "utf-8");
+    writeFileSync8(
+      c.pluginSettingsPath,
+      JSON.stringify({
+        fastMode: true,
+        enabledMcpjsonServers: ["synkro-local"]
+      }, null, 2) + "\n",
+      "utf-8"
+    );
+    writeFileSync8(c.runScriptPath, c.runScriptSource, "utf-8");
+    chmodSync3(c.runScriptPath, 493);
+  }
+}
+function runBunInstall() {
+  for (const c of CHANNELS) {
+    const r = spawnSync3("bun", ["install", "--silent"], {
+      cwd: c.sessionDir,
+      encoding: "utf-8",
+      timeout: 12e4
+    });
+    if (r.status !== 0) {
+      throw new LocalCCInstallError(
+        `bun install failed in ${c.sessionDir}: ${r.stderr || r.stdout || "unknown"}`
+      );
+    }
+  }
+}
 function safelyMutateClaudeJson(mutator) {
   if (!existsSync10(CLAUDE_JSON_PATH)) {
     return;
@@ -7240,6 +7280,73 @@ function safelyMutateClaudeJson(mutator) {
     );
   }
 }
+function writeProjectMcpJson() {
+  for (const c of CHANNELS) {
+    const mcp = {
+      mcpServers: {
+        [MCP_SERVER_NAME]: {
+          command: "bun",
+          args: [c.pluginPath]
+        }
+      }
+    };
+    writeFileSync8(c.projectMcpPath, JSON.stringify(mcp, null, 2) + "\n", "utf-8");
+  }
+}
+function patchClaudeJson() {
+  safelyMutateClaudeJson((parsed) => {
+    let dirty = false;
+    if (parsed.mcpServers && typeof parsed.mcpServers === "object" && parsed.mcpServers[MCP_SERVER_NAME]) {
+      delete parsed.mcpServers[MCP_SERVER_NAME];
+      dirty = true;
+    }
+    if (!parsed.projects || typeof parsed.projects !== "object") {
+      parsed.projects = {};
+    }
+    const projects = parsed.projects;
+    for (const dir of CHANNELS.map((c) => c.sessionDir)) {
+      const existing = projects[dir] && typeof projects[dir] === "object" ? projects[dir] : {};
+      const wantEnabled = Array.from(/* @__PURE__ */ new Set([
+        ...existing.enabledMcpjsonServers ?? [],
+        MCP_SERVER_NAME
+      ]));
+      const next = {
+        ...existing,
+        hasTrustDialogAccepted: true,
+        hasCompletedProjectOnboarding: true,
+        enabledMcpjsonServers: wantEnabled
+      };
+      if (existing.hasTrustDialogAccepted !== true || existing.hasCompletedProjectOnboarding !== true || JSON.stringify(existing.enabledMcpjsonServers ?? []) !== JSON.stringify(wantEnabled)) {
+        projects[dir] = next;
+        dirty = true;
+      }
+    }
+    return dirty;
+  });
+}
+function installLocalCC() {
+  let bunCheck = spawnSync3("bun", ["--version"], { encoding: "utf-8" });
+  if (bunCheck.status !== 0) {
+    if (process.platform === "darwin") {
+      console.log("  Installing bun via brew...");
+      const brewR = spawnSync3("brew", ["install", "oven-sh/bun/bun"], { encoding: "utf-8", stdio: "inherit", timeout: 12e4 });
+      if (brewR.status !== 0) {
+        throw new LocalCCInstallError("bun auto-install failed. Install manually: curl -fsSL https://bun.sh/install | bash");
+      }
+      bunCheck = spawnSync3("bun", ["--version"], { encoding: "utf-8" });
+      if (bunCheck.status !== 0) {
+        throw new LocalCCInstallError("bun installed but not found on PATH. Restart your terminal and re-run install.");
+      }
+    } else {
+      throw new LocalCCInstallError("bun is required. Install it: curl -fsSL https://bun.sh/install | bash");
+    }
+  }
+  writePluginFiles();
+  runBunInstall();
+  writeProjectMcpJson();
+  patchClaudeJson();
+  return { sessionDir: SESSION_DIR, pluginPath: PLUGIN_PATH };
+}
 function uninstallLocalCC() {
   safelyMutateClaudeJson((parsed) => {
     let dirty = false;
@@ -7725,6 +7832,86 @@ function appendTurn(args2) {
   } catch {
   }
 }
+function readRecentTurns(n = 20) {
+  if (!existsSync12(TURN_LOG_PATH)) return [];
+  try {
+    const size = statSync2(TURN_LOG_PATH).size;
+    if (size === 0) return [];
+    const text = readFileSync9(TURN_LOG_PATH, "utf-8");
+    const lines = text.split("\n").filter(Boolean);
+    const lastN = lines.slice(-n).reverse();
+    return lastN.map((line) => {
+      try {
+        return JSON.parse(line);
+      } catch {
+        return null;
+      }
+    }).filter((x) => x !== null);
+  } catch {
+    return [];
+  }
+}
+function followTurns(onEntry) {
+  try {
+    mkdirSync10(dirname5(TURN_LOG_PATH), { recursive: true });
+    if (!existsSync12(TURN_LOG_PATH)) {
+      appendFileSync(TURN_LOG_PATH, "", "utf-8");
+    }
+  } catch {
+  }
+  let lastSize = (() => {
+    try {
+      return statSync2(TURN_LOG_PATH).size;
+    } catch {
+      return 0;
+    }
+  })();
+  let pendingPartial = "";
+  const drainNewBytes = (from, to) => {
+    if (to <= from) return;
+    let fd = null;
+    try {
+      fd = openSync2(TURN_LOG_PATH, "r");
+      const len = to - from;
+      const buf = Buffer.alloc(len);
+      readSync(fd, buf, 0, len, from);
+      const text = pendingPartial + buf.toString("utf-8");
+      const lastNewline = text.lastIndexOf("\n");
+      if (lastNewline === -1) {
+        pendingPartial = text;
+        return;
+      }
+      const complete = text.slice(0, lastNewline);
+      pendingPartial = text.slice(lastNewline + 1);
+      for (const line of complete.split("\n")) {
+        if (!line) continue;
+        try {
+          onEntry(JSON.parse(line));
+        } catch {
+        }
+      }
+    } catch {
+    } finally {
+      if (fd !== null) {
+        try {
+          closeSync2(fd);
+        } catch {
+        }
+      }
+    }
+  };
+  watchFile(TURN_LOG_PATH, { interval: 250 }, (curr, prev) => {
+    if (curr.size < lastSize) {
+      lastSize = 0;
+      pendingPartial = "";
+    }
+    if (curr.size > lastSize) {
+      drainNewBytes(lastSize, curr.size);
+      lastSize = curr.size;
+    }
+  });
+  return () => unwatchFile(TURN_LOG_PATH);
+}
 var TURN_LOG_PATH, PREVIEW_MAX;
 var init_turnLog = __esm({
   "cli/local-cc/turnLog.ts"() {
@@ -7794,6 +7981,21 @@ async function submitToChannel(role, payload, opts = {}) {
     throw err;
   }
 }
+function isChannelAvailable(port = CHANNEL_PORT, timeoutMs = 500) {
+  return new Promise((resolve3) => {
+    const sock = connect(port, CHANNEL_HOST);
+    const done = (ok) => {
+      try {
+        sock.destroy();
+      } catch {
+      }
+      resolve3(ok);
+    };
+    sock.once("connect", () => done(true));
+    sock.once("error", () => done(false));
+    sock.setTimeout(timeoutMs, () => done(false));
+  });
+}
 var CHANNEL_HOST, CHANNEL_PORT, DEFAULT_TIMEOUT_MS, LocalCCError;
 var init_client = __esm({
   "cli/local-cc/client.ts"() {
@@ -7862,6 +8064,795 @@ var init_grade = __esm({
   }
 });
+// cli/local-cc/pueue.ts
+import { execFileSync, spawnSync as spawnSync5, spawn } from "child_process";
+import { homedir as homedir12 } from "os";
+import { join as join12 } from "path";
+import { connect as connect2 } from "net";
+function pueueAvailable() {
+  const r = spawnSync5("pueue", ["--version"], { encoding: "utf-8" });
+  if (r.status !== 0) {
+    throw new PueueError("pueue CLI not found on PATH. Install pueue (https://github.com/Nukesor/pueue) and start `pueued`.");
+  }
+}
+function statusJson() {
+  pueueAvailable();
+  const r = spawnSync5("pueue", ["status", "--json"], { encoding: "utf-8" });
+  if (r.status !== 0) {
+    throw new PueueError(`pueue status failed: ${r.stderr || r.stdout || "unknown error"} \u2014 is pueued running?`);
+  }
+  try {
+    return JSON.parse(r.stdout);
+  } catch (err) {
+    throw new PueueError(`pueue status returned non-JSON output: ${r.stdout.slice(0, 200)}`, err);
+  }
+}
+function statusName(s) {
+  if (typeof s === "string") return s;
+  if (s && typeof s === "object") {
+    if ("Running" in s) return "Running";
+    if ("Done" in s) {
+      const result = s.Done?.result;
+      if (typeof result === "string") return `Done (${result})`;
+      if (result && typeof result === "object") return `Done (${Object.keys(result)[0] ?? "unknown"})`;
+      return "Done";
+    }
+    return Object.keys(s)[0] ?? "unknown";
+  }
+  return "unknown";
+}
+function findTask(channel = CHANNEL_PRIMARY) {
+  const data = statusJson();
+  for (const [id, t] of Object.entries(data.tasks)) {
+    if (t.label === channel.taskLabel) {
+      return {
+        id: Number(id),
+        label: t.label,
+        status: statusName(t.status),
+        command: t.command,
+        cwd: t.path
+      };
+    }
+  }
+  return null;
+}
+function startTask(opts = {}) {
+  const ch = opts.channel ?? CHANNEL_PRIMARY;
+  const cwd = opts.cwd ?? ch.sessionDir;
+  let existing = findTask(ch);
+  while (existing) {
+    if (existing.status === "Running" || existing.status === "Queued") {
+      spawnSync5("tmux", ["kill-session", "-t", `=${ch.tmuxSession}`], { encoding: "utf-8" });
+      spawnSync5("pueue", ["kill", String(existing.id)], { encoding: "utf-8" });
+      for (let i = 0; i < 10; i++) {
+        const check = findTask(ch);
+        if (!check || check.id !== existing.id || check.status !== "Running" && check.status !== "Queued") break;
+        spawnSync5("sleep", ["0.5"], { encoding: "utf-8" });
+      }
+    }
+    spawnSync5("pueue", ["remove", String(existing.id)], { encoding: "utf-8" });
+    existing = findTask(ch);
+  }
+  const runScript = join12(cwd, "run-claude.sh");
+  const args2 = [
+    "add",
+    "--label",
+    ch.taskLabel,
+    "--working-directory",
+    cwd,
+    "--",
+    "bash",
+    runScript
+  ];
+  const r = spawnSync5("pueue", args2, { encoding: "utf-8" });
+  if (r.status !== 0) {
+    throw new PueueError(`pueue add failed: ${r.stderr || r.stdout}`);
+  }
+  const created = findTask(ch);
+  if (!created) {
+    throw new PueueError(`pueue add succeeded but no task with label ${ch.taskLabel} found`);
+  }
+  return created;
+}
+function stopTask(channel = CHANNEL_PRIMARY) {
+  spawnSync5("tmux", ["kill-session", "-t", `=${channel.tmuxSession}`], { encoding: "utf-8" });
+  let t = findTask(channel);
+  while (t) {
+    if (t.status === "Running" || t.status === "Queued") {
+      spawnSync5("pueue", ["kill", String(t.id)], { encoding: "utf-8" });
+      for (let i = 0; i < 10; i++) {
+        const check = findTask(channel);
+        if (!check || check.id !== t.id || check.status !== "Running" && check.status !== "Queued") break;
+        spawnSync5("sleep", ["0.5"], { encoding: "utf-8" });
+      }
+    }
+    spawnSync5("pueue", ["remove", String(t.id)], { encoding: "utf-8" });
+    t = findTask(channel);
+  }
+}
+function tailLogs(lines = 80, channel = CHANNEL_PRIMARY) {
+  const t = findTask(channel);
+  if (!t) return `(no ${channel.taskLabel} task)`;
+  const r = spawnSync5("pueue", ["log", "--lines", String(lines), String(t.id)], { encoding: "utf-8" });
+  return r.stdout || r.stderr || "(no output)";
+}
+function ensureRunning(opts = {}) {
+  const ch = opts.channel ?? CHANNEL_PRIMARY;
+  const t = findTask(ch);
+  if (t && t.status === "Running") return t;
+  return startTask(opts);
+}
+function probePort(host, port, timeoutMs = 500) {
+  return new Promise((resolve3) => {
+    const sock = connect2(port, host);
+    const done = (ok) => {
+      try {
+        sock.destroy();
+      } catch {
+      }
+      resolve3(ok);
+    };
+    sock.once("connect", () => done(true));
+    sock.once("error", () => done(false));
+    sock.setTimeout(timeoutMs, () => done(false));
+  });
+}
+function tmuxDismissPrompts(tmuxSession = TMUX_SESSION) {
+  spawnSync5("tmux", ["send-keys", "-t", tmuxSession, "1"], { encoding: "utf-8" });
+  spawnSync5("tmux", ["send-keys", "-t", tmuxSession, "Enter"], { encoding: "utf-8" });
+}
+async function waitForChannelReady(port, timeoutMs = 6e4, host = "127.0.0.1", tmuxSession = TMUX_SESSION) {
+  const deadline = Date.now() + timeoutMs;
+  while (Date.now() < deadline) {
+    if (await probePort(host, port)) return true;
+    tmuxDismissPrompts(tmuxSession);
+    await new Promise((r) => setTimeout(r, 1e3));
+  }
+  return probePort(host, port);
+}
+function brewInstall(pkg) {
+  const brew = spawnSync5("brew", ["--version"], { encoding: "utf-8" });
+  if (brew.status !== 0) return false;
+  console.log(`  Installing ${pkg} via brew...`);
+  const r = spawnSync5("brew", ["install", pkg], { encoding: "utf-8", stdio: "inherit", timeout: 12e4 });
+  return r.status === 0;
+}
+function assertPueueInstalled() {
+  let r = spawnSync5("pueue", ["--version"], { encoding: "utf-8" });
+  if (r.status !== 0) {
+    if (process.platform === "darwin" && brewInstall("pueue")) {
+      r = spawnSync5("pueue", ["--version"], { encoding: "utf-8" });
+      if (r.status !== 0) throw new PueueError("pueue install succeeded but binary not found on PATH.");
+    } else {
+      throw new PueueError("pueue not found. Install it: brew install pueue (macOS) or https://github.com/Nukesor/pueue");
+    }
+  }
+  const status = spawnSync5("pueue", ["status", "--json"], { encoding: "utf-8", timeout: 5e3 });
+  if (status.status !== 0) {
+    console.log("  Starting pueued daemon...");
+    const child = spawn("pueued", ["-d"], { stdio: "ignore", detached: true });
+    child.unref();
+    spawnSync5("sleep", ["1"]);
+    const retry = spawnSync5("pueue", ["status", "--json"], { encoding: "utf-8", timeout: 5e3 });
+    if (retry.status !== 0) {
+      throw new PueueError("pueue daemon not reachable after starting pueued. Check `pueued` manually.");
+    }
+  }
+  spawnSync5("pueue", ["parallel", "2"], { encoding: "utf-8" });
+}
+function assertClaudeInstalled() {
+  const r = spawnSync5("claude", ["--version"], { encoding: "utf-8" });
+  if (r.status !== 0) {
+    throw new PueueError("claude CLI not found on PATH. Install Claude Code first: https://docs.claude.com/claude-code");
+  }
+}
+function assertTmuxInstalled() {
+  let r = spawnSync5("tmux", ["-V"], { encoding: "utf-8" });
+  if (r.status !== 0) {
+    if (process.platform === "darwin" && brewInstall("tmux")) {
+      r = spawnSync5("tmux", ["-V"], { encoding: "utf-8" });
+      if (r.status !== 0) throw new PueueError("tmux install succeeded but binary not found on PATH.");
+    } else {
+      throw new PueueError("tmux not found. Install it: brew install tmux (macOS) or apt install tmux (Linux)");
+    }
+  }
+}
+var TASK_LABEL, TMUX_SESSION, SESSION_DIR2, TASK_LABEL_2, TMUX_SESSION_2, SESSION_DIR_22, SESSION_DIR_32, SESSION_DIR_42, PueueError, CHANNEL_PRIMARY, CHANNEL_SECONDARY;
+var init_pueue = __esm({
+  "cli/local-cc/pueue.ts"() {
+    "use strict";
+    TASK_LABEL = "synkro-local-cc";
+    TMUX_SESSION = "synkro-local-cc";
+    SESSION_DIR2 = join12(homedir12(), ".synkro", "cc_sessions");
+    TASK_LABEL_2 = "synkro-local-cc-2";
+    TMUX_SESSION_2 = "synkro-local-cc-2";
+    SESSION_DIR_22 = join12(homedir12(), ".synkro", "cc_sessions_2");
+    SESSION_DIR_32 = join12(homedir12(), ".synkro", "cc_sessions_3");
+    SESSION_DIR_42 = join12(homedir12(), ".synkro", "cc_sessions_4");
+    PueueError = class extends Error {
+      constructor(message, cause) {
+        super(message);
+        this.cause = cause;
+        this.name = "PueueError";
+      }
+      cause;
+    };
+    CHANNEL_PRIMARY = { taskLabel: TASK_LABEL, tmuxSession: TMUX_SESSION, sessionDir: SESSION_DIR2 };
+    CHANNEL_SECONDARY = { taskLabel: TASK_LABEL_2, tmuxSession: TMUX_SESSION_2, sessionDir: SESSION_DIR_22 };
+  }
+});
+// cli/local-cc/settings.ts
+import { existsSync as existsSync13, readFileSync as readFileSync10 } from "fs";
+import { homedir as homedir13 } from "os";
+import { join as join13 } from "path";
+function isLocalCCEnabled() {
+  if (!existsSync13(CONFIG_PATH3)) return false;
+  try {
+    const content = readFileSync10(CONFIG_PATH3, "utf-8");
+    const match = content.match(/^SYNKRO_LOCAL_INFERENCE='([^']*)'/m);
+    return match?.[1] === "yes";
+  } catch {
+    return false;
+  }
+}
+var CONFIG_PATH3;
+var init_settings = __esm({
+  "cli/local-cc/settings.ts"() {
+    "use strict";
+    CONFIG_PATH3 = join13(homedir13(), ".synkro", "config.env");
+  }
+});
+// cli/commands/localCc.ts
+var localCc_exports = {};
+__export(localCc_exports, {
+  localCcCommand: () => localCcCommand
+});
+import { spawnSync as spawnSync6 } from "child_process";
+import { homedir as homedir14 } from "os";
+import { join as join14 } from "path";
+import { readFileSync as fsReadFileSync, existsSync as fsExistsSync } from "fs";
+import { existsSync as existsSync14, readFileSync as readFileSync11, writeFileSync as writeFileSync9 } from "fs";
+function deploymentMode() {
+  const env = (process.env.SYNKRO_DEPLOYMENT_MODE || "").toLowerCase();
+  if (env === "docker") return "docker";
+  if (env === "bare-host") return "bare-host";
+  try {
+    if (fsExistsSync(SYNKRO_CONFIG_PATH)) {
+      const m = fsReadFileSync(SYNKRO_CONFIG_PATH, "utf-8").match(/^SYNKRO_DEPLOYMENT_MODE='([^']*)'/m);
+      if (m && m[1] === "docker") return "docker";
+    }
+  } catch {
+  }
+  return "bare-host";
+}
+function inDockerMode() {
+  return deploymentMode() === "docker";
+}
+function printHelp() {
+  console.log(`synkro local-cc \u2014 manage the local Claude Code inference session
+OVERVIEW
+  Routes Synkro's grading and intent-classification work through a long-running
+  Claude Code session on this machine instead of remote Inngest+Gemini.
+  When enabled, three call sites switch over:
+    \u2022 security grading on edit/bash hooks
+    \u2022 intent classification (agent input \u2192 structured intent)
+    \u2022 remediate intent classification
+  The session is hosted in a detached tmux session managed by a pueue task.
+  The CLI talks to it via Claude Code's channels API: a Bun MCP plugin that
+  pushes events into the session and receives Claude's responses through a
+  \`reply\` MCP tool.
+USAGE
+  synkro local-cc <subcommand> [args]
+SUBCOMMANDS
+  enable                Install plugin, start pueue task, flip toggle to local-cc
+  disable               Flip toggle back to inngest (pueue task left running)
+  status                Show provider toggle, pueue task state, channel reachability
+  start                 Idempotently bring up the pueue task + wait for the channel
+  stop                  Kill the tmux session and remove the pueue task
+  restart               stop, then start
+  install               Regenerate ~/.synkro/cc_sessions/ files (plugin, runner, settings)
+  logs [N] [--raw] [--live]
+                        Show the last N (default 20) channel turns: when, role,
+                        duration, severity, request preview.
+                        --raw / -r   include full request/response payloads
+                        --live / -f  tail the log; print new turns as they arrive
+                                     (Ctrl-C to exit)
+                        --tmux       escape hatch \u2014 print the raw pueue/tmux
+                                     pane log instead
+  attach [--readonly]   Attach to the tmux session hosting claude (Ctrl-B D to detach;
+                        --readonly / -r to attach view-only)
+  test                  Send a smoke-test classification through the channel
+  help                  Show this message
+CONFIGURATION
+  Provider toggle:
+    Stored server-side in your inference settings (gradingProvider).
+    Toggle via:  synkro local-cc enable / disable
+    Or via dashboard inference settings (set grading provider to claude-code).
+  Claude Code session settings (scoped to ~/.synkro/cc_sessions only):
+    ${PLUGIN_SETTINGS_PATH}
+    Currently sets {"fastMode": true}. Edit to add other CC settings for this
+    session without affecting your other CC projects.
+  MCP server registration (for the channel plugin):
+    ${CLAUDE_JSON_PATH}
+    A 'synkro-local' entry under mcpServers, pointing at:
+      bun ${PLUGIN_PATH}
+    Workspace trust is also pre-accepted under projects[\`${SESSION_DIR}\`].
+  Channel runtime files:
+    ${RUN_SCRIPT_PATH}
+      bash wrapper that pueue invokes; owns the tmux session lifecycle.
+    ${PLUGIN_PATH}
+      Bun MCP channel plugin (auto-generated, do not edit).
+    127.0.0.1:${CHANNEL_PORT}
+      Loopback TCP endpoint the CLI POSTs to in order to submit a request.
+ENVIRONMENT VARIABLES
+  SYNKRO_CHANNEL_PORT       Override the TCP port used by both the plugin and
+                            the CLI client (loopback only). Default: 8929
+  SYNKRO_CHANNEL_TIMEOUT_MS Per-request timeout inside the channel plugin
+                            (default: 120000)
+REQUIRED TOOLS
+  claude    Claude Code CLI, authenticated to your subscription
+  pueue     pueue + pueued (https://github.com/Nukesor/pueue) running
+  tmux      For detached pty around claude
+  bun       Runtime for the MCP channel plugin
+TROUBLESHOOTING
+  \u2022 Channel unreachable after \`enable\`?
+      synkro local-cc logs           # check pueue task output
+      tmux attach -t ${TMUX_SESSION_NAME}    # see what claude is showing
+  \u2022 Stale state after a crash:
+      synkro local-cc stop && synkro local-cc start
+  \u2022 Want to inspect or interact with the live session:
+      synkro local-cc attach
+`);
+}
+function readGatewayUrl() {
+  if (existsSync14(CONFIG_PATH4)) {
+    const m = readFileSync11(CONFIG_PATH4, "utf-8").match(/^SYNKRO_GATEWAY_URL='([^']*)'/m);
+    if (m) return m[1];
+  }
+  return "https://api.synkro.sh";
+}
+function updateLocalInferenceFlag(enabled) {
+  if (!existsSync14(CONFIG_PATH4)) return;
+  let content = readFileSync11(CONFIG_PATH4, "utf-8");
+  const flag = enabled ? "yes" : "no";
+  if (content.includes("SYNKRO_LOCAL_INFERENCE=")) {
+    content = content.replace(/^SYNKRO_LOCAL_INFERENCE='[^']*'/m, `SYNKRO_LOCAL_INFERENCE='${flag}'`);
+  } else {
+    content = content.trimEnd() + `
+SYNKRO_LOCAL_INFERENCE='${flag}'
+`;
+  }
+  writeFileSync9(CONFIG_PATH4, content, "utf-8");
+}
+async function setServerGradingProvider(provider) {
+  await ensureValidToken();
+  const jwt2 = getAccessToken();
+  if (!jwt2) throw new Error("Not authenticated. Run `synkro install` first.");
+  const gatewayUrl = readGatewayUrl();
+  const body = provider ? { roles: { grading: { provider, model: "default" } } } : { roles: { grading: { provider: null, model: null } } };
+  const resp = await fetch(`${gatewayUrl}/api/settings/inference?scope=user`, {
+    method: "PUT",
+    headers: { "Authorization": `Bearer ${jwt2}`, "Content-Type": "application/json" },
+    body: JSON.stringify(body)
+  });
+  if (!resp.ok) {
+    const text = await resp.text().catch(() => "");
+    throw new Error(`Failed to update inference settings: ${resp.status} ${text.slice(0, 200)}`);
+  }
+}
+async function cmdStatus() {
+  console.log(`Local inference: ${isLocalCCEnabled() ? "enabled" : "disabled"}`);
+  console.log(`Deployment mode: ${deploymentMode()}`);
+  if (inDockerMode()) {
+    const status = dockerStatus();
+    if (!status.running) {
+      console.log("synkro-server container: not running");
+      console.log("Run `synkro install` (with SYNKRO_DEPLOYMENT_MODE=docker) to provision.");
+    } else {
+      console.log(`synkro-server container: running (${status.image})`);
+      try {
+        const r = await fetch(`${status.healthz}healthz`, { signal: AbortSignal.timeout(3e3) });
+        console.log(`Health probe: ${r.ok ? "ok" : `HTTP ${r.status}`}`);
+      } catch (err) {
+        console.log(`Health probe: ${err.message}`);
+      }
+    }
+    if (needsKeychainBridge()) {
+      console.log(`Keychain creds: ${credsAreStale() ? "STALE \u2014 run `synkro local-cc refresh-creds`" : "fresh"}`);
+    }
+    return;
+  }
+  try {
+    assertPueueInstalled();
+  } catch (err) {
+    console.log(`Pueue: NOT AVAILABLE (${err.message})`);
+    return;
+  }
+  const t = findTask(CHANNEL_PRIMARY);
+  if (!t) {
+    console.log("Channel 1 (judge) pueue task: not present");
+  } else {
+    console.log(`Channel 1 (judge) pueue task: id=${t.id} status=${t.status}`);
+  }
+  const ch1Up = await isChannelAvailable();
+  console.log(`Channel 1 ${CHANNEL_HOST}:${CHANNEL_PORT}: ${ch1Up ? "reachable" : "unreachable"}`);
+  const tmux1 = spawnSync6("tmux", ["has-session", "-t", `=${TMUX_SESSION_NAME}`], { encoding: "utf-8" });
+  console.log(`tmux '${TMUX_SESSION_NAME}': ${tmux1.status === 0 ? "live" : "absent"}`);
+  const t2 = findTask(CHANNEL_SECONDARY);
+  if (!t2) {
+    console.log("Channel 2 (CWE) pueue task: not present");
+  } else {
+    console.log(`Channel 2 (CWE) pueue task: id=${t2.id} status=${t2.status}`);
+  }
+  const ch2Up = await isChannelAvailable(CHANNEL_2_PORT);
+  console.log(`Channel 2 ${CHANNEL_HOST}:${CHANNEL_2_PORT}: ${ch2Up ? "reachable" : "unreachable"}`);
+  const tmux2 = spawnSync6("tmux", ["has-session", "-t", `=${TMUX_SESSION_NAME_2}`], { encoding: "utf-8" });
+  console.log(`tmux '${TMUX_SESSION_NAME_2}': ${tmux2.status === 0 ? "live" : "absent"}`);
+}
+async function cmdEnable() {
+  assertClaudeInstalled();
+  assertPueueInstalled();
+  assertTmuxInstalled();
+  console.log("Installing local-CC channel plugin...");
+  const r = installLocalCC();
+  console.log(`  plugin: ${r.pluginPath}`);
+  console.log(`  cwd:    ${r.sessionDir}`);
+  console.log("Starting channel 1 (judge)...");
+  const t1 = ensureRunning({ channel: CHANNEL_PRIMARY });
+  console.log(`  task: id=${t1.id} status=${t1.status}`);
+  console.log("Starting channel 2 (CWE)...");
+  const t2 = ensureRunning({ channel: CHANNEL_SECONDARY });
+  console.log(`  task: id=${t2.id} status=${t2.status}`);
+  console.log("Waiting for channels (auto-confirming any CC prompts)...");
+  const [ready1, ready2] = await Promise.all([
+    waitForChannelReady(CHANNEL_PORT, 6e4, CHANNEL_HOST, CHANNEL_PRIMARY.tmuxSession),
+    waitForChannelReady(CHANNEL_2_PORT, 6e4, CHANNEL_HOST, CHANNEL_SECONDARY.tmuxSession)
+  ]);
+  if (ready1) console.log(`  channel 1 ready at ${CHANNEL_HOST}:${CHANNEL_PORT}`);
+  else console.warn(`  \u26A0 channel 1 did not come up within 60s \u2014 check \`synkro local-cc logs\``);
+  if (ready2) console.log(`  channel 2 ready at ${CHANNEL_HOST}:${CHANNEL_2_PORT}`);
+  else console.warn(`  \u26A0 channel 2 (CWE) did not come up within 60s`);
+  console.log("Updating inference settings...");
+  await setServerGradingProvider("claude-code");
+  updateLocalInferenceFlag(true);
+  console.log("Grading provider set to claude-code (local inference enabled).");
+}
+async function cmdDisable() {
+  console.log("Updating inference settings...");
+  await setServerGradingProvider(null);
+  updateLocalInferenceFlag(false);
+  console.log("Grading provider cleared (remote inference restored). Pueue task left running \u2014 use `synkro local-cc stop` to terminate.");
+}
+async function warmChannels(ready1, ready2) {
+  const warmups = [];
+  if (ready1) {
+    warmups.push(
+      submitToChannel("grade-bash", "Proposed command: echo hello\nUser intent: warmup\nRecent user messages: []\nRecent actions: []\nOrg rules: []\n", { timeoutMs: 3e4 }).then(() => console.log("  channel 1 warm.")).catch(() => console.log("  channel 1 warmup skipped (non-fatal)."))
+    );
+  }
+  if (ready2) {
+    warmups.push(
+      submitToChannel("grade-cwe", 'File: /tmp/warmup.ts\nContent (first 4000 chars):\nconsole.log("hello");\n\nCWE rules to check against:\n[]\n', { timeoutMs: 3e4, port: CHANNEL_2_PORT }).then(() => console.log("  channel 2 warm.")).catch(() => console.log("  channel 2 warmup skipped (non-fatal)."))
+    );
+  }
+  if (warmups.length) {
+    console.log("Warming up inference...");
+    await Promise.all(warmups);
+  }
+}
+async function cmdStart(rest = []) {
+  if (inDockerMode()) {
+    if (rest.length > 0) {
+      const { claudeWorkers, cursorWorkers } = resolveWorkerConfig(rest);
+      console.log(`Starting synkro-server container (${claudeWorkers} claude + ${cursorWorkers} cursor)...`);
+      await dockerUpdate({ claudeWorkers, cursorWorkers });
+      const ready3 = await waitForContainerReady(6e4);
+      console.log(ready3 ? "\u2713 container ready" : "\u26A0 container did not pass /healthz within 60s");
+      return;
+    }
+    const status = dockerStatus();
+    if (!status.running) {
+      console.warn("synkro-server container is not running. Run `synkro install` to provision it.");
+      process.exitCode = 1;
+      return;
+    }
+    console.log("synkro-server container already running \u2014 waiting for /healthz...");
+    const ready = await waitForContainerReady(6e4);
+    console.log(ready ? `\u2713 container ready (${status.healthz})` : "\u26A0 container did not pass /healthz within 60s");
+    return;
+  }
+  assertClaudeInstalled();
+  assertPueueInstalled();
+  assertTmuxInstalled();
+  const t1 = ensureRunning({ channel: CHANNEL_PRIMARY });
+  console.log(`Channel 1 (judge): id=${t1.id} status=${t1.status}`);
+  const t2 = ensureRunning({ channel: CHANNEL_SECONDARY });
+  console.log(`Channel 2 (CWE):   id=${t2.id} status=${t2.status}`);
+  const [ready1, ready2] = await Promise.all([
+    waitForChannelReady(CHANNEL_PORT, 6e4, CHANNEL_HOST, CHANNEL_PRIMARY.tmuxSession),
+    waitForChannelReady(CHANNEL_2_PORT, 6e4, CHANNEL_HOST, CHANNEL_SECONDARY.tmuxSession)
+  ]);
+  console.log(ready1 ? `channel 1 ready (${CHANNEL_PORT}).` : "\u26A0 channel 1 did not come up within 60s.");
+  console.log(ready2 ? `channel 2 ready (${CHANNEL_2_PORT}).` : "\u26A0 channel 2 (CWE) did not come up within 60s.");
+  await warmChannels(ready1, ready2);
+}
+function cmdStop() {
+  if (inDockerMode()) {
+    dockerStop();
+    console.log("synkro-server container stopped and removed.");
+    return;
+  }
+  stopTask(CHANNEL_PRIMARY);
+  stopTask(CHANNEL_SECONDARY);
+  console.log("Both channels stopped.");
+}
+async function cmdRestart(rest = []) {
+  if (inDockerMode()) {
+    const { claudeWorkers, cursorWorkers } = resolveWorkerConfig(rest);
+    console.log(`Restarting synkro-server container (${claudeWorkers} claude + ${cursorWorkers} cursor, pulling latest image)...`);
+    await dockerUpdate({ claudeWorkers, cursorWorkers });
+    const ready = await waitForContainerReady(6e4);
+    console.log(ready ? "\u2713 container ready" : "\u26A0 container did not pass /healthz within 60s");
+    return;
+  }
+  stopTask(CHANNEL_PRIMARY);
+  stopTask(CHANNEL_SECONDARY);
+  const t1 = startTask({ channel: CHANNEL_PRIMARY });
+  const t2 = startTask({ channel: CHANNEL_SECONDARY });
+  console.log(`Channel 1 restarted: id=${t1.id} status=${t1.status}`);
+  console.log(`Channel 2 restarted: id=${t2.id} status=${t2.status}`);
+  const [ready1, ready2] = await Promise.all([
+    waitForChannelReady(CHANNEL_PORT, 6e4, CHANNEL_HOST, CHANNEL_PRIMARY.tmuxSession),
+    waitForChannelReady(CHANNEL_2_PORT, 6e4, CHANNEL_HOST, CHANNEL_SECONDARY.tmuxSession)
+  ]);
+  console.log(ready1 ? `channel 1 ready (${CHANNEL_PORT}).` : "\u26A0 channel 1 did not come up within 60s.");
+  console.log(ready2 ? `channel 2 ready (${CHANNEL_2_PORT}).` : "\u26A0 channel 2 (CWE) did not come up within 60s.");
+  await warmChannels(ready1, ready2);
+}
+function relativeTime(iso) {
+  const ts = new Date(iso).getTime();
+  if (!Number.isFinite(ts)) return iso;
+  const sec = Math.max(0, Math.round((Date.now() - ts) / 1e3));
+  if (sec < 60) return `${sec}s ago`;
+  if (sec < 3600) return `${Math.round(sec / 60)}m ago`;
+  if (sec < 86400) return `${Math.round(sec / 3600)}h ago`;
+  return `${Math.round(sec / 86400)}d ago`;
+}
+function colorize(s, code) {
+  if (!process.stdout.isTTY) return s;
+  return `\x1B[${code}m${s}\x1B[0m`;
+}
+function statusGlyph(t) {
+  if (t.status === "ok") return colorize("\u2713", 32);
+  if (t.status === "timeout") return colorize("\u23F1", 33);
+  return colorize("\u2717", 31);
+}
+function severityCell(t) {
+  if (t.severity) {
+    const sev = t.severity;
+    if (sev === "block" || sev === "violations" || sev === "unclear") return colorize(sev, 33);
+    return colorize(sev, 36);
+  }
+  if (t.error) return colorize(t.error.slice(0, 40), 31);
+  return "\u2014";
+}
+function firstLine(s) {
+  return s.split("\n").find((l) => l.trim().length > 0)?.trim() ?? "";
+}
+function formatTurn(t, raw) {
+  const when = relativeTime(t.ts).padEnd(8);
+  const dur = (t.duration_ms < 1e3 ? `${t.duration_ms}ms` : `${(t.duration_ms / 1e3).toFixed(1)}s`).padStart(7);
+  const role = t.role.padEnd(24);
+  const sev = severityCell(t).padEnd(20);
+  const preview = (() => {
+    const req = firstLine(t.request_preview).slice(0, 60);
+    return colorize(req, 90);
+  })();
+  const head = `${statusGlyph(t)} ${when} ${dur} ${role} ${sev} ${preview}`;
+  if (!raw) return head;
+  const blocks = [head];
+  blocks.push(colorize("  request:", 90));
+  blocks.push("    " + t.request_preview.replace(/\n/g, "\n    "));
+  if (t.response_preview) {
+    blocks.push(colorize("  response:", 90));
+    blocks.push("    " + t.response_preview.replace(/\n/g, "\n    "));
+  }
+  if (t.error) {
+    blocks.push(colorize("  error:", 31) + " " + t.error);
+  }
+  return blocks.join("\n");
+}
+function cmdLogs(rest) {
+  let n = 20;
+  let raw = false;
+  let live = false;
+  if (inDockerMode()) {
+    const followFlag = rest.includes("--live") || rest.includes("-f") ? ["--follow"] : [];
+    const tailArg = (() => {
+      for (const arg of rest) {
+        const parsed = parseInt(arg, 10);
+        if (parsed > 0) return String(parsed);
+      }
+      return "200";
+    })();
+    spawnSync6("docker", ["logs", "--tail", tailArg, ...followFlag, "synkro-server"], { stdio: "inherit" });
+    return;
+  }
+  for (const arg of rest) {
+    if (arg === "--raw" || arg === "-r") raw = true;
+    else if (arg === "--live" || arg === "-f") live = true;
+    else if (arg === "--tmux") {
+      console.log(tailLogs(80));
+      return;
+    } else {
+      const parsed = parseInt(arg, 10);
+      if (parsed > 0) n = parsed;
+    }
+  }
+  const header = "  " + colorize("status when     dur     role                     severity             request", 90);
+  const turns = readRecentTurns(n);
+  if (turns.length === 0) {
+    if (!live) {
+      console.log(`No turns logged yet at ${TURN_LOG_PATH}.`);
+      console.log("Run a few requests through the channel (synkro local-cc test) and try again.");
+      return;
+    }
+    console.log(`No turns logged yet at ${TURN_LOG_PATH} \u2014 waiting for new entries\u2026 (Ctrl-C to exit)`);
+  } else {
+    console.log(`Last ${turns.length} channel turn(s) (newest first):`);
+    console.log(header);
+    for (const t of turns) console.log("  " + formatTurn(t, raw));
+  }
+  if (!live) {
+    if (!raw) console.log("  " + colorize("(use --raw / -r to see full payloads, --live / -f to follow)", 90));
+    return;
+  }
+  return new Promise((resolve3) => {
+    console.log("  " + colorize("\u2014 following new turns (Ctrl-C to exit) \u2014", 90));
+    const stop = followTurns((t) => {
+      console.log("  " + formatTurn(t, raw));
+    });
+    const onSigint = () => {
+      stop();
+      process.removeListener("SIGINT", onSigint);
+      resolve3();
+    };
+    process.on("SIGINT", onSigint);
+  });
+}
+function cmdAttach(rest) {
+  assertTmuxInstalled();
+  const readonly = rest.some((a) => a === "--readonly" || a === "-r");
+  const has = spawnSync6("tmux", ["has-session", "-t", `=${TMUX_SESSION_NAME}`], { encoding: "utf-8" });
+  if (has.status !== 0) {
+    console.error(`No tmux session '${TMUX_SESSION_NAME}' running. Start it with: synkro local-cc start`);
+    process.exit(1);
+  }
+  if (!process.stdout.isTTY) {
+    console.error("attach requires a TTY. Run this command directly in your terminal, not piped.");
+    process.exit(1);
+  }
+  console.log(`Attaching to tmux session '${TMUX_SESSION_NAME}'${readonly ? " (read-only)" : ""}.`);
+  console.log("Detach with Ctrl-B then D. (Do not press Ctrl-C \u2014 that would interrupt claude.)");
+  console.log();
+  const args2 = readonly ? ["attach-session", "-r", "-t", TMUX_SESSION_NAME] : ["attach-session", "-t", TMUX_SESSION_NAME];
+  const r = spawnSync6("tmux", args2, { stdio: "inherit" });
+  process.exit(r.status ?? 0);
+}
+async function cmdTest() {
+  console.log("Sending smoke-test grading request through the channel...");
+  const result = await submitToChannel(
+    "grade-bash",
+    'Command: echo "hello world"\nIntent: testing channel connectivity'
+  );
+  console.log("Raw reply:");
+  console.log(result);
+}
+function cmdInstall() {
+  const r = installLocalCC();
+  console.log(`Reinstalled plugin at ${r.pluginPath}`);
+}
+function cmdRefreshCreds() {
+  if (!needsKeychainBridge()) {
+    console.log("No-op on this platform \u2014 credentials are already file-based.");
+    return;
+  }
+  const refreshed = refreshCreds();
+  if (refreshed) {
+    console.log(`Exported claude credentials to ${CLAUDE_CREDS_FILE}`);
+  } else {
+    console.warn("No Claude Code credentials found in the keychain.");
+    console.warn("Run `claude login` first, then re-run this command.");
+    process.exitCode = 1;
+  }
+  if (credsAreStale()) {
+    console.warn("\u26A0 Exported credentials are older than the refresh interval.");
+  }
+}
+async function localCcCommand(args2) {
+  const sub = args2[0] ?? "";
+  try {
+    switch (sub) {
+      case "enable":
+        await cmdEnable();
+        break;
+      case "disable":
+        cmdDisable();
+        break;
+      case "status":
+        await cmdStatus();
+        break;
+      case "start":
+        await cmdStart(args2.slice(1));
+        break;
+      case "stop":
+        cmdStop();
+        break;
+      case "restart":
+        await cmdRestart(args2.slice(1));
+        break;
+      case "install":
+        cmdInstall();
+        break;
+      case "logs":
+        await cmdLogs(args2.slice(1));
+        break;
+      case "attach":
+        cmdAttach(args2.slice(1));
+        break;
+      case "test":
+        await cmdTest();
+        break;
+      case "refresh-creds":
+        cmdRefreshCreds();
+        break;
+      case "":
+      case "help":
+      case "--help":
+      case "-h":
+        printHelp();
+        break;
+      default:
+        console.error(`Unknown subcommand: ${sub}`);
+        printHelp();
+        process.exit(1);
+    }
+  } catch (err) {
+    console.error(err.message);
+    process.exit(1);
+  }
+}
+var SYNKRO_CONFIG_PATH, CONFIG_PATH4;
+var init_localCc = __esm({
+  "cli/commands/localCc.ts"() {
+    "use strict";
+    init_install2();
+    init_turnLog();
+    init_pueue();
+    init_settings();
+    init_macKeychain();
+    init_dockerInstall();
+    init_client();
+    init_stub();
+    SYNKRO_CONFIG_PATH = join14(homedir14(), ".synkro", "config.env");
+    CONFIG_PATH4 = join14(homedir14(), ".synkro", "config.env");
+  }
+});
 // cli/commands/lifecycle.ts
 var lifecycle_exports = {};
 __export(lifecycle_exports, {
@@ -7957,15 +8948,15 @@ var init_lifecycle = __esm({
 });
 // cli/bootstrap.js
-import { readFileSync as readFileSync10, existsSync as existsSync13 } from "fs";
+import { readFileSync as readFileSync12, existsSync as existsSync15 } from "fs";
 import { resolve as resolve2 } from "path";
 var envCandidates = [
   resolve2(process.cwd(), ".env"),
   resolve2(process.env.HOME ?? "", ".synkro", "config.env")
 ];
 for (const envPath of envCandidates) {
-  if (!existsSync13(envPath)) continue;
-  const envContent = readFileSync10(envPath, "utf-8");
+  if (!existsSync15(envPath)) continue;
+  const envContent = readFileSync12(envPath, "utf-8");
   for (const line of envContent.split("\n")) {
     const trimmed = line.trim();
     if (!trimmed || trimmed.startsWith("#")) continue;
@@ -7980,9 +8971,9 @@ var args = process.argv.slice(2);
 var cmd = args[0] || "";
 var subArgs = args.slice(1);
 function printVersion() {
-  console.log("1.6.8");
+  console.log("1.6.9");
 }
-function printHelp() {
+function printHelp2() {
   console.log(`Synkro CLI \u2014 runtime safety for AI coding agents
 Usage:
@@ -8025,6 +9016,11 @@ async function main() {
       await gradeCommand2(subArgs);
       break;
     }
+    case "local-cc": {
+      const { localCcCommand: localCcCommand2 } = await Promise.resolve().then(() => (init_localCc(), localCc_exports));
+      await localCcCommand2(subArgs);
+      break;
+    }
     case "version":
     case "--version":
     case "-v": {
@@ -8035,7 +9031,7 @@ async function main() {
     case "--help":
     case "-h":
     case "": {
-      printHelp();
+      printHelp2();
       break;
     }
     case "stop": {
@@ -8060,7 +9056,7 @@ async function main() {
     }
     default: {
       console.error(`Unknown command: ${cmd}`);
-      printHelp();
+      printHelp2();
       process.exit(1);
     }
   }