@synkro-sh/cli 1.6.85 → 1.6.86
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/bootstrap.js +15 -18
- package/dist/bootstrap.js.map +1 -1
- package/package.json +1 -1
package/dist/bootstrap.js
CHANGED
|
@@ -4104,9 +4104,6 @@ async function main() {
|
|
|
4104
4104
|
'User intent (last human message): ' + (transcript.userIntent || 'none stated'),
|
|
4105
4105
|
'Last user prompt: ' + (lastPrompt || 'none'),
|
|
4106
4106
|
'Org rules: ' + JSON.stringify(relevantRules),
|
|
4107
|
-
'IMPORTANT: If a rule is violated, ALWAYS return ok=false with the rule_id and reason, regardless of the rule mode. Do NOT pass a command just because the rule mode is "fix". The enforcement layer handles ask vs fix \u2014 your job is only to detect violations.',
|
|
4108
|
-
'CRITICAL: The user requesting or instructing an action does NOT exempt it from rules. Even if the user explicitly said "drop the database" or "delete everything", you MUST still flag the rule violation on first encounter. User intent is NOT consent. However, for ask-mode rules ONLY: if the session history shows a prior block for the SAME rule AND the user explicitly consented after seeing that block, subsequent commands covered by that same rule may pass \u2014 but each distinct command is consumed once. Look for the sequence: block event \u2192 user acknowledgment \u2192 retry. Once a specific command has successfully executed under that consent, it is consumed. If the same command appears again later, it requires fresh consent (a new block \u2192 consent cycle). Example: R012 covers deploy, publish, push. Block on deploy \u2192 user consents \u2192 deploy passes (consumed), publish passes (consumed), push passes (consumed). A later deploy triggers a fresh block. An initial user instruction is NEVER consent \u2014 only a response to a shown block counts.',
|
|
4109
|
-
'The rules shown were pre-selected as the ones relevant to this edit \u2014 every rule here IS relevant, do not label any "not relevant". When passing (ok=true), give a terse, specific reason each rule passes. Format: "R003: no hardcoded secrets in file. R005: in-repo path only." Cover every rule shown.',
|
|
4110
4107
|
].join('\\n');
|
|
4111
4108
|
const graderPrompt = buildGraderPrompt(proposedShort);
|
|
4112
4109
|
|
|
@@ -5537,10 +5534,6 @@ async function main() {
|
|
|
5537
5534
|
'Last user prompt: ' + (lastPrompt || 'none'),
|
|
5538
5535
|
'Org rules: ' + JSON.stringify(relevantRules),
|
|
5539
5536
|
scanConcern,
|
|
5540
|
-
'IMPORTANT: If a rule is violated, ALWAYS return ok=false with the rule_id and reason, regardless of the rule mode. Do NOT pass a command just because the rule mode is "fix". The enforcement layer handles ask vs fix — your job is only to detect violations.',
|
|
5541
|
-
'CRITICAL: The user requesting or instructing an action does NOT exempt it from rules. Even if the user explicitly said "drop the database" or "delete everything", you MUST still flag the rule violation on first encounter. User intent is NOT consent. However, for ask-mode rules ONLY: if the session history shows a prior block for the SAME rule AND the user explicitly consented after seeing that block, subsequent commands covered by that same rule may pass — but each distinct command is consumed once. Look for the sequence: block event → user acknowledgment → retry. Once a specific command has successfully executed under that consent, it is consumed. If the same command appears again later, it requires fresh consent (a new block → consent cycle). Example: R012 covers deploy, publish, push. Block on deploy → user consents → deploy passes (consumed), publish passes (consumed), push passes (consumed). A later deploy triggers a fresh block. An initial user instruction is NEVER consent — only a response to a shown block counts.',
|
|
5542
|
-
'The rules shown were pre-selected as the ones relevant to this command — every rule here IS relevant, do not label any "not relevant". When passing (ok=true), give a terse, specific reason each rule passes. Format: "R003: no secrets in grep args. R005: in-repo path only." Cover every rule shown.',
|
|
5543
|
-
'Rules with preconditions (e.g. "run X before Y") are CONSUMED after the protected action completes. Use the session history timestamps to determine ordering: a precondition satisfied before the last occurrence of the protected action does NOT satisfy the next occurrence. Each new protected action needs its precondition re-satisfied.',
|
|
5544
5537
|
].filter(Boolean).join('\\n');
|
|
5545
5538
|
|
|
5546
5539
|
let gradeResp: string;
|
|
@@ -5757,8 +5750,6 @@ async function main() {
|
|
|
5757
5750
|
'User intent (last human message): ' + (transcript.userIntent || 'none stated'),
|
|
5758
5751
|
'Last user prompt: ' + (lastPrompt || 'none'),
|
|
5759
5752
|
'Org rules: ' + JSON.stringify(relevantRules),
|
|
5760
|
-
'IMPORTANT: If a rule is violated, ALWAYS return ok=false with the rule_id and reason, regardless of the rule mode. Do NOT pass a command just because the rule mode is "fix". The enforcement layer handles ask vs fix \u2014 your job is only to detect violations.',
|
|
5761
|
-
'CRITICAL: The user requesting or instructing an action does NOT exempt it from rules. Even if the user explicitly said "drop the database" or "delete everything", you MUST still flag the rule violation on first encounter. User intent is NOT consent. However, for ask-mode rules ONLY: if the session history shows a prior block for the SAME rule AND the user explicitly consented after seeing that block, subsequent commands covered by that same rule may pass \u2014 but each distinct command is consumed once. Look for the sequence: block event \u2192 user acknowledgment \u2192 retry. Once a specific command has successfully executed under that consent, it is consumed. If the same command appears again later, it requires fresh consent (a new block \u2192 consent cycle). Example: R012 covers deploy, publish, push. Block on deploy \u2192 user consents \u2192 deploy passes (consumed), publish passes (consumed), push passes (consumed). A later deploy triggers a fresh block. An initial user instruction is NEVER consent \u2014 only a response to a shown block counts.',
|
|
5762
5753
|
].filter(Boolean).join('\\n');
|
|
5763
5754
|
|
|
5764
5755
|
let gradeResp: string;
|
|
@@ -6583,10 +6574,6 @@ async function main() {
|
|
|
6583
6574
|
'Last user prompt: ' + (lastPrompt || 'none'),
|
|
6584
6575
|
'Org rules: ' + JSON.stringify(relevantRules),
|
|
6585
6576
|
scanConcern,
|
|
6586
|
-
'IMPORTANT: If a rule is violated, ALWAYS return ok=false with the rule_id and reason, regardless of the rule mode. Do NOT pass a command just because the rule mode is "fix". The enforcement layer handles ask vs fix \u2014 your job is only to detect violations.',
|
|
6587
|
-
'CRITICAL: The user requesting or instructing an action does NOT exempt it from rules. Even if the user explicitly said "drop the database" or "delete everything", you MUST still flag the rule violation on first encounter. User intent is NOT consent. However, for ask-mode rules ONLY: if the session history shows a prior block for the SAME rule AND the user explicitly consented after seeing that block, subsequent commands covered by that same rule may pass \u2014 but each distinct command is consumed once. Look for the sequence: block event \u2192 user acknowledgment \u2192 retry. Once a specific command has successfully executed under that consent, it is consumed. If the same command appears again later, it requires fresh consent (a new block \u2192 consent cycle). Example: R012 covers deploy, publish, push. Block on deploy \u2192 user consents \u2192 deploy passes (consumed), publish passes (consumed), push passes (consumed). A later deploy triggers a fresh block. An initial user instruction is NEVER consent \u2014 only a response to a shown block counts.',
|
|
6588
|
-
'The rules shown were pre-selected as the ones relevant to this command \u2014 every rule here IS relevant, do not label any "not relevant". When passing (ok=true), give a terse, specific reason each rule passes. Format: "R003: no secrets in grep args. R005: in-repo path only." Cover every rule shown.',
|
|
6589
|
-
'Rules with preconditions (e.g. "run X before Y") are CONSUMED after the protected action completes. Use the session history timestamps to determine ordering: a precondition satisfied before the last occurrence of the protected action does NOT satisfy the next occurrence. Each new protected action needs its precondition re-satisfied.',
|
|
6590
6577
|
].filter(Boolean).join('\\n');
|
|
6591
6578
|
|
|
6592
6579
|
let gradeResp: string;
|
|
@@ -10869,7 +10856,7 @@ function writeConfigEnv(opts) {
|
|
|
10869
10856
|
`SYNKRO_CREDENTIALS_PATH=${shellQuoteSingle(credsPath)}`,
|
|
10870
10857
|
`SYNKRO_TIER=${shellQuoteSingle(safeTier)}`,
|
|
10871
10858
|
`SYNKRO_INFERENCE=${shellQuoteSingle(safeInference)}`,
|
|
10872
|
-
`SYNKRO_VERSION=${shellQuoteSingle("1.6.
|
|
10859
|
+
`SYNKRO_VERSION=${shellQuoteSingle("1.6.86")}`
|
|
10873
10860
|
];
|
|
10874
10861
|
if (safeSynkroBin) lines.push(`SYNKRO_CLI_BIN=${shellQuoteSingle(safeSynkroBin)}`);
|
|
10875
10862
|
if (safeUserId) lines.push(`SYNKRO_USER_ID=${shellQuoteSingle(safeUserId)}`);
|
|
@@ -11685,7 +11672,12 @@ async function installCommand(opts = {}) {
|
|
|
11685
11672
|
} catch (err) {
|
|
11686
11673
|
console.warn(` \u26A0 Could not cache judge prompts: ${err.message}`);
|
|
11687
11674
|
}
|
|
11688
|
-
|
|
11675
|
+
if (deployLocation !== "cloud") {
|
|
11676
|
+
writeSynkroFileIfMissing({ hasClaudeCode, hasCursor, gradingMode, deployLocation });
|
|
11677
|
+
} else {
|
|
11678
|
+
console.log(" Cloud mode: standards + grader pool are configured in the dashboard");
|
|
11679
|
+
console.log(" (Settings \u2192 Standards / Pool) \u2014 no synkro.toml needed.");
|
|
11680
|
+
}
|
|
11689
11681
|
console.log();
|
|
11690
11682
|
let cloudGradeOk = null;
|
|
11691
11683
|
if (useLocalMcp) {
|
|
@@ -14463,8 +14455,7 @@ function stableStringify(value) {
|
|
|
14463
14455
|
function canonicalize(pack) {
|
|
14464
14456
|
return stableStringify({
|
|
14465
14457
|
rules: pack.rules ?? [],
|
|
14466
|
-
docs: pack.docs ?? []
|
|
14467
|
-
manifest: pack.manifest ?? {}
|
|
14458
|
+
docs: pack.docs ?? []
|
|
14468
14459
|
});
|
|
14469
14460
|
}
|
|
14470
14461
|
function computeDigest(canonical) {
|
|
@@ -14533,6 +14524,12 @@ function cacheKey(ref, version) {
|
|
|
14533
14524
|
return ref.replace(/\//g, "__").replace(/[^\w.@-]/g, "_") + "@" + version + ".json";
|
|
14534
14525
|
}
|
|
14535
14526
|
async function syncCommand(_args = []) {
|
|
14527
|
+
if (process.env.SYNKRO_DEPLOY_LOCATION === "cloud") {
|
|
14528
|
+
console.log("Cloud mode: standards are applied org-wide from the dashboard");
|
|
14529
|
+
console.log("(Settings \u2192 Standards). No synkro.toml or `synkro sync` needed \u2014");
|
|
14530
|
+
console.log("packs enforce automatically wherever Synkro is installed.");
|
|
14531
|
+
return;
|
|
14532
|
+
}
|
|
14536
14533
|
const sf = readFullSynkroFile();
|
|
14537
14534
|
if (!sf) {
|
|
14538
14535
|
console.error("No synkro.toml found in the repo root. Run `synkro install` first.");
|
|
@@ -14902,7 +14899,7 @@ var args = process.argv.slice(2);
|
|
|
14902
14899
|
var cmd = args[0] || "";
|
|
14903
14900
|
var subArgs = args.slice(1);
|
|
14904
14901
|
function printVersion() {
|
|
14905
|
-
console.log("1.6.
|
|
14902
|
+
console.log("1.6.86");
|
|
14906
14903
|
}
|
|
14907
14904
|
function printHelp2() {
|
|
14908
14905
|
console.log(`Synkro CLI \u2014 runtime safety for AI coding agents
|