@synkro-sh/cli 1.6.84 → 1.6.86

package/dist/bootstrap.js

@@ -1846,6 +1846,33 @@ export function ruleFilterText(action: string, userMessage?: string | null): str
 
 export async function filterRules(commandText: string, allRules: Rule[]): Promise<Rule[]> {
   if (allRules.length <= 3) return allRules;
+
+  // Cloud: the embedding index lives server-side (the container grade path can't
+  // reach 127.0.0.1), so ask the gateway for the top-3 relevant rules \u2014 same
+  // CF/BYOK bge-base vectors, same behavior as local. Without this, cloud grades
+  // dumped EVERY rule into the prompt (9KB+), the dominant cause of grade
+  // timeouts. Any failure falls back to all rules (status quo), never blocks.
+  if (!isLocalStorageMode()) {
+    const jwt = loadJwt();
+    if (!jwt) return allRules;
+    try {
+      const resp = await fetch(GATEWAY_URL + '/api/v1/hook/filter-rules', {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json', Authorization: 'Bearer ' + jwt },
+        body: JSON.stringify({ text: commandText, top_k: 3 }),
+        signal: AbortSignal.timeout(2000),
+      });
+      if (!resp.ok) return allRules;
+      const data = await resp.json() as { rules?: Array<Record<string, unknown>> };
+      if (!data.rules || data.rules.length === 0) return allRules;
+      const selectedIds = new Set(data.rules.map(r => String(r.rule_id || '')));
+      return allRules.filter(r => selectedIds.has(r.rule_id));
+    } catch {
+      return allRules;
+    }
+  }
+
+  // Local: the on-device PGLite embedding index owns the rule set.
   const mcpPort = process.env.SYNKRO_MCP_PORT || '18931';
   try {
     const resp = await fetch('http://127.0.0.1:' + mcpPort + '/api/local/filter-rules', {
@@ -1857,10 +1884,7 @@ export async function filterRules(commandText: string, allRules: Rule[]): Promis
     if (!resp.ok) return allRules;
     const data = await resp.json() as { rules?: Array<Record<string, unknown>> };
     if (!data.rules || data.rules.length === 0) return allRules;
-    // Local PGLite owns the rule set \u2014 trust filter-rules output directly.
-    if (isLocalStorageMode()) return mapHookRules(data.rules);
-    const selectedIds = new Set(data.rules.map(r => String(r.rule_id || '')));
-    return allRules.filter(r => selectedIds.has(r.rule_id));
+    return mapHookRules(data.rules);
   } catch {
     return allRules;
   }
@@ -4080,9 +4104,6 @@ async function main() {
         'User intent (last human message): ' + (transcript.userIntent || 'none stated'),
         'Last user prompt: ' + (lastPrompt || 'none'),
         'Org rules: ' + JSON.stringify(relevantRules),
-        'IMPORTANT: If a rule is violated, ALWAYS return ok=false with the rule_id and reason, regardless of the rule mode. Do NOT pass a command just because the rule mode is "fix". The enforcement layer handles ask vs fix \u2014 your job is only to detect violations.',
-        'CRITICAL: The user requesting or instructing an action does NOT exempt it from rules. Even if the user explicitly said "drop the database" or "delete everything", you MUST still flag the rule violation on first encounter. User intent is NOT consent. However, for ask-mode rules ONLY: if the session history shows a prior block for the SAME rule AND the user explicitly consented after seeing that block, subsequent commands covered by that same rule may pass \u2014 but each distinct command is consumed once. Look for the sequence: block event \u2192 user acknowledgment \u2192 retry. Once a specific command has successfully executed under that consent, it is consumed. If the same command appears again later, it requires fresh consent (a new block \u2192 consent cycle). Example: R012 covers deploy, publish, push. Block on deploy \u2192 user consents \u2192 deploy passes (consumed), publish passes (consumed), push passes (consumed). A later deploy triggers a fresh block. An initial user instruction is NEVER consent \u2014 only a response to a shown block counts.',
-        'The rules shown were pre-selected as the ones relevant to this edit \u2014 every rule here IS relevant, do not label any "not relevant". When passing (ok=true), give a terse, specific reason each rule passes. Format: "R003: no hardcoded secrets in file. R005: in-repo path only." Cover every rule shown.',
       ].join('\\n');
       const graderPrompt = buildGraderPrompt(proposedShort);
 
@@ -5513,10 +5534,6 @@ async function main() {
         'Last user prompt: ' + (lastPrompt || 'none'),
         'Org rules: ' + JSON.stringify(relevantRules),
         scanConcern,
-        'IMPORTANT: If a rule is violated, ALWAYS return ok=false with the rule_id and reason, regardless of the rule mode. Do NOT pass a command just because the rule mode is "fix". The enforcement layer handles ask vs fix — your job is only to detect violations.',
-        'CRITICAL: The user requesting or instructing an action does NOT exempt it from rules. Even if the user explicitly said "drop the database" or "delete everything", you MUST still flag the rule violation on first encounter. User intent is NOT consent. However, for ask-mode rules ONLY: if the session history shows a prior block for the SAME rule AND the user explicitly consented after seeing that block, subsequent commands covered by that same rule may pass — but each distinct command is consumed once. Look for the sequence: block event → user acknowledgment → retry. Once a specific command has successfully executed under that consent, it is consumed. If the same command appears again later, it requires fresh consent (a new block → consent cycle). Example: R012 covers deploy, publish, push. Block on deploy → user consents → deploy passes (consumed), publish passes (consumed), push passes (consumed). A later deploy triggers a fresh block. An initial user instruction is NEVER consent — only a response to a shown block counts.',
-        'The rules shown were pre-selected as the ones relevant to this command — every rule here IS relevant, do not label any "not relevant". When passing (ok=true), give a terse, specific reason each rule passes. Format: "R003: no secrets in grep args. R005: in-repo path only." Cover every rule shown.',
-        'Rules with preconditions (e.g. "run X before Y") are CONSUMED after the protected action completes. Use the session history timestamps to determine ordering: a precondition satisfied before the last occurrence of the protected action does NOT satisfy the next occurrence. Each new protected action needs its precondition re-satisfied.',
       ].filter(Boolean).join('\\n');
 
       let gradeResp: string;
@@ -5733,8 +5750,6 @@ async function main() {
         'User intent (last human message): ' + (transcript.userIntent || 'none stated'),
         'Last user prompt: ' + (lastPrompt || 'none'),
         'Org rules: ' + JSON.stringify(relevantRules),
-        'IMPORTANT: If a rule is violated, ALWAYS return ok=false with the rule_id and reason, regardless of the rule mode. Do NOT pass a command just because the rule mode is "fix". The enforcement layer handles ask vs fix \u2014 your job is only to detect violations.',
-        'CRITICAL: The user requesting or instructing an action does NOT exempt it from rules. Even if the user explicitly said "drop the database" or "delete everything", you MUST still flag the rule violation on first encounter. User intent is NOT consent. However, for ask-mode rules ONLY: if the session history shows a prior block for the SAME rule AND the user explicitly consented after seeing that block, subsequent commands covered by that same rule may pass \u2014 but each distinct command is consumed once. Look for the sequence: block event \u2192 user acknowledgment \u2192 retry. Once a specific command has successfully executed under that consent, it is consumed. If the same command appears again later, it requires fresh consent (a new block \u2192 consent cycle). Example: R012 covers deploy, publish, push. Block on deploy \u2192 user consents \u2192 deploy passes (consumed), publish passes (consumed), push passes (consumed). A later deploy triggers a fresh block. An initial user instruction is NEVER consent \u2014 only a response to a shown block counts.',
       ].filter(Boolean).join('\\n');
 
       let gradeResp: string;
@@ -6559,10 +6574,6 @@ async function main() {
         'Last user prompt: ' + (lastPrompt || 'none'),
         'Org rules: ' + JSON.stringify(relevantRules),
         scanConcern,
-        'IMPORTANT: If a rule is violated, ALWAYS return ok=false with the rule_id and reason, regardless of the rule mode. Do NOT pass a command just because the rule mode is "fix". The enforcement layer handles ask vs fix \u2014 your job is only to detect violations.',
-        'CRITICAL: The user requesting or instructing an action does NOT exempt it from rules. Even if the user explicitly said "drop the database" or "delete everything", you MUST still flag the rule violation on first encounter. User intent is NOT consent. However, for ask-mode rules ONLY: if the session history shows a prior block for the SAME rule AND the user explicitly consented after seeing that block, subsequent commands covered by that same rule may pass \u2014 but each distinct command is consumed once. Look for the sequence: block event \u2192 user acknowledgment \u2192 retry. Once a specific command has successfully executed under that consent, it is consumed. If the same command appears again later, it requires fresh consent (a new block \u2192 consent cycle). Example: R012 covers deploy, publish, push. Block on deploy \u2192 user consents \u2192 deploy passes (consumed), publish passes (consumed), push passes (consumed). A later deploy triggers a fresh block. An initial user instruction is NEVER consent \u2014 only a response to a shown block counts.',
-        'The rules shown were pre-selected as the ones relevant to this command \u2014 every rule here IS relevant, do not label any "not relevant". When passing (ok=true), give a terse, specific reason each rule passes. Format: "R003: no secrets in grep args. R005: in-repo path only." Cover every rule shown.',
-        'Rules with preconditions (e.g. "run X before Y") are CONSUMED after the protected action completes. Use the session history timestamps to determine ordering: a precondition satisfied before the last occurrence of the protected action does NOT satisfy the next occurrence. Each new protected action needs its precondition re-satisfied.',
       ].filter(Boolean).join('\\n');
 
       let gradeResp: string;
@@ -10516,6 +10527,7 @@ __export(install_exports, {
   getOrMintCloudToken: () => getOrMintCloudToken,
   installCommand: () => installCommand,
   parseArgs: () => parseArgs,
+  readFullSynkroFile: () => readFullSynkroFile,
   reconcileDeployLocation: () => reconcileDeployLocation,
   reconcileHarness: () => reconcileHarness,
   recycleCloudContainer: () => recycleCloudContainer,
@@ -10844,7 +10856,7 @@ function writeConfigEnv(opts) {
     `SYNKRO_CREDENTIALS_PATH=${shellQuoteSingle(credsPath)}`,
     `SYNKRO_TIER=${shellQuoteSingle(safeTier)}`,
     `SYNKRO_INFERENCE=${shellQuoteSingle(safeInference)}`,
-    `SYNKRO_VERSION=${shellQuoteSingle("1.6.84")}`
+    `SYNKRO_VERSION=${shellQuoteSingle("1.6.86")}`
   ];
   if (safeSynkroBin) lines.push(`SYNKRO_CLI_BIN=${shellQuoteSingle(safeSynkroBin)}`);
   if (safeUserId) lines.push(`SYNKRO_USER_ID=${shellQuoteSingle(safeUserId)}`);
@@ -11660,7 +11672,12 @@ async function installCommand(opts = {}) {
   } catch (err) {
     console.warn(`  \u26A0 Could not cache judge prompts: ${err.message}`);
   }
-  writeSynkroFileIfMissing({ hasClaudeCode, hasCursor, gradingMode, deployLocation });
+  if (deployLocation !== "cloud") {
+    writeSynkroFileIfMissing({ hasClaudeCode, hasCursor, gradingMode, deployLocation });
+  } else {
+    console.log("  Cloud mode: standards + grader pool are configured in the dashboard");
+    console.log("  (Settings \u2192 Standards / Pool) \u2014 no synkro.toml needed.");
+  }
   console.log();
   let cloudGradeOk = null;
   if (useLocalMcp) {
@@ -11961,6 +11978,7 @@ function readFullSynkroFile() {
       ruleset: parsed.ruleset || "default",
       skills: Array.isArray(parsed.skills) ? parsed.skills.filter((s) => typeof s === "string" && s.endsWith(".md")) : [],
       scanning: { cwe: parsed.scanning?.cwe !== false, cve: parsed.scanning?.cve !== false },
+      standards: parsed.standards && typeof parsed.standards === "object" ? Object.fromEntries(Object.entries(parsed.standards).filter(([k, v]) => typeof v === "string" && k.includes("/")).map(([k, v]) => [k, String(v)])) : {},
       _repoRoot: root
     };
   } catch {
@@ -14425,6 +14443,182 @@ var init_import = __esm({
   }
 });
 
+// cli/installer/packVerify.ts
+import crypto from "crypto";
+function stableStringify(value) {
+  if (value === null || typeof value !== "object") return JSON.stringify(value);
+  if (Array.isArray(value)) return "[" + value.map(stableStringify).join(",") + "]";
+  const obj = value;
+  const keys = Object.keys(obj).sort();
+  return "{" + keys.map((k) => JSON.stringify(k) + ":" + stableStringify(obj[k])).join(",") + "}";
+}
+function canonicalize(pack) {
+  return stableStringify({
+    rules: pack.rules ?? [],
+    docs: pack.docs ?? []
+  });
+}
+function computeDigest(canonical) {
+  return "sha256:" + crypto.createHash("sha256").update(canonical, "utf8").digest("hex");
+}
+function verifySignature(digest, signatureB64, publicKeyPem) {
+  try {
+    const key = crypto.createPublicKey(publicKeyPem);
+    return crypto.verify(null, Buffer.from(digest, "utf8"), key, Buffer.from(signatureB64, "base64"));
+  } catch {
+    return false;
+  }
+}
+function verifyPack(pack, claimedDigest, signatureB64, publicKeyPem) {
+  const recomputed = computeDigest(canonicalize(pack));
+  if (recomputed !== claimedDigest) return false;
+  return verifySignature(claimedDigest, signatureB64, publicKeyPem);
+}
+var init_packVerify = __esm({
+  "cli/installer/packVerify.ts"() {
+    "use strict";
+  }
+});
+
+// cli/installer/lockfile.ts
+import { existsSync as existsSync18, readFileSync as readFileSync16, writeFileSync as writeFileSync11 } from "fs";
+import { join as join18 } from "path";
+function lockPath(repoRoot) {
+  return join18(repoRoot, LOCK_FILE);
+}
+function writeLockfile(repoRoot, entries) {
+  const sorted = [...entries].sort((a, b) => a.ref.localeCompare(b.ref));
+  const body = [
+    "# synkro.lock \u2014 generated by `synkro sync`. Commit this file.",
+    "# Pins each subscribed pack to its verified, attested digest.",
+    "",
+    ...sorted.flatMap((e) => [
+      "[[pack]]",
+      `ref = "${e.ref}"`,
+      `version = "${e.version}"`,
+      `digest = "${e.digest}"`,
+      `signature = "${e.signature}"`,
+      `signing_key_id = "${e.signingKeyId}"`,
+      ""
+    ])
+  ].join("\n");
+  writeFileSync11(lockPath(repoRoot), body, "utf-8");
+}
+var LOCK_FILE;
+var init_lockfile = __esm({
+  "cli/installer/lockfile.ts"() {
+    "use strict";
+    LOCK_FILE = "synkro.lock";
+  }
+});
+
+// cli/commands/sync.ts
+var sync_exports = {};
+__export(sync_exports, {
+  syncCommand: () => syncCommand
+});
+import { existsSync as existsSync19, mkdirSync as mkdirSync12, readdirSync as readdirSync6, rmSync as rmSync2, writeFileSync as writeFileSync12 } from "fs";
+import { homedir as homedir18 } from "os";
+import { join as join19 } from "path";
+function cacheKey(ref, version) {
+  return ref.replace(/\//g, "__").replace(/[^\w.@-]/g, "_") + "@" + version + ".json";
+}
+async function syncCommand(_args = []) {
+  if (process.env.SYNKRO_DEPLOY_LOCATION === "cloud") {
+    console.log("Cloud mode: standards are applied org-wide from the dashboard");
+    console.log("(Settings \u2192 Standards). No synkro.toml or `synkro sync` needed \u2014");
+    console.log("packs enforce automatically wherever Synkro is installed.");
+    return;
+  }
+  const sf = readFullSynkroFile();
+  if (!sf) {
+    console.error("No synkro.toml found in the repo root. Run `synkro install` first.");
+    process.exitCode = 1;
+    return;
+  }
+  const refs = Object.entries(sf.standards);
+  if (refs.length === 0) {
+    console.log("No [standards] subscriptions in synkro.toml \u2014 nothing to sync.");
+    return;
+  }
+  await ensureValidToken();
+  const token = getAccessToken();
+  if (!token) {
+    console.error("Not logged in. Run `synkro login` and try again.");
+    process.exitCode = 1;
+    return;
+  }
+  const gateway = (process.env.SYNKRO_GATEWAY_URL || "https://api.synkro.sh").replace(/\/$/, "");
+  const cloud = process.env.SYNKRO_DEPLOY_LOCATION === "cloud";
+  const cacheDir = join19(homedir18(), ".synkro", "cache", "packs");
+  if (!cloud) mkdirSync12(cacheDir, { recursive: true });
+  console.log(`Syncing ${refs.length} standard(s) from the registry\u2026`);
+  const lock = [];
+  const keptCacheFiles = /* @__PURE__ */ new Set();
+  for (const [ref, version] of refs) {
+    let url = `${gateway}/api/v1/registry/resolve?ref=${encodeURIComponent(ref)}`;
+    if (version && version !== "latest") url += `&version=${encodeURIComponent(version)}`;
+    let data;
+    try {
+      const resp = await fetch(url, { headers: { Authorization: `Bearer ${token}` } });
+      if (!resp.ok) {
+        console.error(`  \u2717 ${ref}: resolve failed (${resp.status} ${resp.statusText})`);
+        continue;
+      }
+      data = await resp.json();
+    } catch (err) {
+      console.error(`  \u2717 ${ref}: ${err.message}`);
+      continue;
+    }
+    const pack = { rules: data.rules ?? [], docs: data.docs ?? [], manifest: data.manifest ?? {} };
+    if (!verifyPack(pack, data.digest, data.signature, data.publicKey)) {
+      console.error(`  \u2717 ${ref}: signature/digest verification FAILED \u2014 refusing to apply.`);
+      continue;
+    }
+    lock.push({ ref, version: data.version, digest: data.digest, signature: data.signature, signingKeyId: data.signingKeyId });
+    if (!cloud) {
+      const fname = cacheKey(ref, data.version);
+      keptCacheFiles.add(fname);
+      writeFileSync12(join19(cacheDir, fname), JSON.stringify({
+        ref,
+        version: data.version,
+        digest: data.digest,
+        rules: pack.rules,
+        docs: pack.docs,
+        manifest: pack.manifest
+      }), "utf-8");
+    }
+    const ruleCount = Array.isArray(pack.rules) ? pack.rules.length : 0;
+    console.log(`  \u2713 ${ref}:${data.version} \u2014 verified (${ruleCount} rule${ruleCount === 1 ? "" : "s"})`);
+  }
+  if (!cloud && existsSync19(cacheDir)) {
+    for (const f of readdirSync6(cacheDir)) {
+      if (f.endsWith(".json") && !keptCacheFiles.has(f)) {
+        try {
+          rmSync2(join19(cacheDir, f));
+        } catch {
+        }
+      }
+    }
+  }
+  if (lock.length > 0) {
+    writeLockfile(sf._repoRoot, lock);
+    console.log(`Wrote synkro.lock (${lock.length} pack${lock.length === 1 ? "" : "s"} pinned).`);
+  } else {
+    console.error("No packs synced successfully.");
+    process.exitCode = 1;
+  }
+}
+var init_sync = __esm({
+  "cli/commands/sync.ts"() {
+    "use strict";
+    init_install();
+    init_stub();
+    init_packVerify();
+    init_lockfile();
+  }
+});
+
 // cli/commands/lifecycle.ts
 var lifecycle_exports = {};
 __export(lifecycle_exports, {
@@ -14537,13 +14731,13 @@ var config_exports = {};
 __export(config_exports, {
   configCommand: () => configCommand
 });
-import { readFileSync as readFileSync16, writeFileSync as writeFileSync11, existsSync as existsSync18 } from "fs";
-import { join as join18 } from "path";
-import { homedir as homedir18 } from "os";
+import { readFileSync as readFileSync17, writeFileSync as writeFileSync13, existsSync as existsSync20 } from "fs";
+import { join as join20 } from "path";
+import { homedir as homedir19 } from "os";
 function readConfigEnv2() {
-  if (!existsSync18(CONFIG_PATH6)) return {};
+  if (!existsSync20(CONFIG_PATH6)) return {};
   const out = {};
-  for (const line of readFileSync16(CONFIG_PATH6, "utf-8").split("\n")) {
+  for (const line of readFileSync17(CONFIG_PATH6, "utf-8").split("\n")) {
     const t = line.trim();
     if (!t || t.startsWith("#")) continue;
     const eq = t.indexOf("=");
@@ -14552,11 +14746,11 @@ function readConfigEnv2() {
   return out;
 }
 function updateConfigValue(key, value) {
-  if (!existsSync18(CONFIG_PATH6)) {
+  if (!existsSync20(CONFIG_PATH6)) {
     console.error("No config found. Run `synkro install` first.");
     process.exit(1);
   }
-  const lines = readFileSync16(CONFIG_PATH6, "utf-8").split("\n");
+  const lines = readFileSync17(CONFIG_PATH6, "utf-8").split("\n");
   const pattern = new RegExp(`^${key}=`);
   let found = false;
   const updated = lines.map((line) => {
@@ -14567,7 +14761,7 @@ function updateConfigValue(key, value) {
     return line;
   });
   if (!found) updated.splice(updated.length - 1, 0, `${key}='${value}'`);
-  writeFileSync11(CONFIG_PATH6, updated.join("\n"), "utf-8");
+  writeFileSync13(CONFIG_PATH6, updated.join("\n"), "utf-8");
 }
 async function reconcileContainer() {
   const cfg = readConfigEnv2();
@@ -14677,20 +14871,20 @@ var init_config = __esm({
   "cli/commands/config.ts"() {
     "use strict";
     init_stub();
-    SYNKRO_DIR7 = join18(homedir18(), ".synkro");
-    CONFIG_PATH6 = join18(SYNKRO_DIR7, "config.env");
+    SYNKRO_DIR7 = join20(homedir19(), ".synkro");
+    CONFIG_PATH6 = join20(SYNKRO_DIR7, "config.env");
   }
 });
 
 // cli/bootstrap.js
-import { readFileSync as readFileSync17, existsSync as existsSync19 } from "fs";
+import { readFileSync as readFileSync18, existsSync as existsSync21 } from "fs";
 import { resolve as resolve3 } from "path";
 var envCandidates = [
   resolve3(process.env.HOME ?? "", ".synkro", "config.env")
 ];
 for (const envPath of envCandidates) {
-  if (!existsSync19(envPath)) continue;
-  const envContent = readFileSync17(envPath, "utf-8");
+  if (!existsSync21(envPath)) continue;
+  const envContent = readFileSync18(envPath, "utf-8");
   for (const line of envContent.split("\n")) {
     const trimmed = line.trim();
     if (!trimmed || trimmed.startsWith("#")) continue;
@@ -14705,7 +14899,7 @@ var args = process.argv.slice(2);
 var cmd = args[0] || "";
 var subArgs = args.slice(1);
 function printVersion() {
-  console.log("1.6.84");
+  console.log("1.6.86");
 }
 function printHelp2() {
   console.log(`Synkro CLI \u2014 runtime safety for AI coding agents
@@ -14784,6 +14978,11 @@ async function main() {
       await importCommand2();
       break;
     }
+    case "sync": {
+      const { syncCommand: syncCommand2 } = await Promise.resolve().then(() => (init_sync(), sync_exports));
+      await syncCommand2(subArgs);
+      break;
+    }
     case "version":
     case "--version":
     case "-v": {