@synkro-sh/cli 1.6.85 → 1.6.87

package/dist/bootstrap.js

@@ -2173,8 +2173,68 @@ export function readSessionLog(sessionId: string): SessionAction[] {
   } catch { return []; }
 }
 
-export function compressSessionLog(actions: SessionAction[]): string {
+const RETRIEVAL_RECENT_N = 40;
+const PROCESS_KW = ['test', 'typecheck', 'tsc', 'lint', 'build', 'migrate', 'migration', 'deploy', 'publish', 'push', 'seed'];
+
+// Is this session action security- or rule-relevant (i.e. can it participate in a
+// violation)? Conservative net \u2014 uses substring checks (no regex, to stay safe
+// inside the materialized-hook template). Plus rule-awareness: an action that
+// performs a process keyword an active rule actually mentions (e.g. a "pnpm test"
+// when a rule is about tests) is kept so precondition rules stay resolvable.
+function actionSalience(a: SessionAction, ruleText: string): string | null {
+  const x = ((a.tool || '') + ' ' + (a.file || '') + ' ' + (a.summary || '')).toLowerCase();
+  const has = (arr: string[]): boolean => { for (const k of arr) if (x.indexOf(k) >= 0) return true; return false; };
+  if (has(['.env', 'credential', 'secret', 'token', '.pem', '.key', 'password', 'api key', 'api_key', 'api-key', 'authorization', 'bearer', 'oauth', '.aws'])) return 'secret';
+  if (has(['curl ', 'wget ', 'ssh ', 'scp ', 'netcat', 'http://', 'https://', 'fetch('])) return 'network';
+  if (has(['rm -rf', 'rm -r ', 'drop table', 'drop database', 'truncate', 'chmod', 'chown', 'sudo', 'kill ', 'wrangler', '--force', 'deploy', 'publish', 'git push'])) return 'destructive';
+  for (const kw of PROCESS_KW) if (ruleText.indexOf(kw) >= 0 && x.indexOf(kw) >= 0) return 'rule';
+  return null;
+}
+
+// Cloud session log \u2014 retrieval style (validated 4/4 vs the last-200 dump in the
+// shadow corpus). Keeps EVERY security-salient + rule-relevant action in order
+// regardless of age (so cross-turn violations the dump's 200-window drops are
+// still seen), a recent verbatim window, and a COMPLETENESS-asserting summary of
+// the routine remainder (the assertion is what lets the grader trust the collapsed
+// part is benign \u2014 safe only because the salience net above is conservative).
+function compressSessionLogRetrieval(actions: SessionAction[], rules: Rule[]): string {
+  if (actions.length === 0) return '';
+  const ruleText = (rules || []).map(r => String((r as any).text || '').toLowerCase()).join(' ');
+  const total = actions.length;
+  const recentStart = Math.max(0, total - RETRIEVAL_RECENT_N);
+  const salient: Array<{ a: SessionAction; s: string; i: number }> = [];
+  const noise: Record<string, number> = {};
+  for (let i = 0; i < recentStart; i++) {
+    const a = actions[i];
+    const s = actionSalience(a, ruleText);
+    if (s) salient.push({ a, s, i });
+    else noise[a.tool] = (noise[a.tool] || 0) + 1;
+  }
+  const lines: string[] = ['SESSION HISTORY (' + total + ' actions; security-salient + recent, in order):'];
+  if (salient.length) {
+    lines.push('  --- relevant (any point this session) ---');
+    for (const r of salient) {
+      const target = r.a.file || (r.a.summary || '').slice(0, 80);
+      lines.push('  ' + (r.i + 1) + '. [' + r.s + '] ' + r.a.tool + ' ' + target + (r.a.outcome ? ' -> ' + r.a.outcome : ''));
+    }
+  }
+  const noiseN = Object.values(noise).reduce((n, c) => n + c, 0);
+  if (noiseN) {
+    lines.push('  [' + noiseN + ' earlier routine actions (' + Object.entries(noise).map(([t, c]) => c + ' ' + t).join(', ') + '). The relevant list above is COMPLETE: every credential/secret read, outbound network call, and destructive or rule-gated action this session is listed there; these ' + noiseN + ' are non-salient in-repo reads/edits/builds only.]');
+  }
+  lines.push('  --- recent ---');
+  for (let i = recentStart; i < total; i++) {
+    const a = actions[i];
+    lines.push('  ' + (i + 1) + '. ' + (a.summary || a.tool) + (a.outcome ? ' -> ' + a.outcome : ''));
+  }
+  return lines.join('\\n');
+}
+
+export function compressSessionLog(actions: SessionAction[], rules?: Rule[]): string {
   if (actions.length === 0) return '';
+  // Cloud grade path passes the active rules \u2192 retrieval-style context. Local
+  // (no rules arg, or local storage mode) keeps the dump below, UNTOUCHED.
+  if (rules !== undefined && !isLocalStorageMode()) return compressSessionLogRetrieval(actions, rules);
   const total = actions.length;
   const lines: string[] = [];
 
@@ -4088,7 +4148,7 @@ async function main() {
     if (rt === 'local') {
       // \u2500\u2500\u2500 Local grading: org rules ONLY (channel 1, port 18929) \u2500\u2500\u2500
       const proposedShort = proposed.slice(0, 4000);
-      const sessionLog = compressSessionLog(readSessionLog(sessionId));
+      const sessionLog = compressSessionLog(readSessionLog(sessionId), config.rules);
       const graderContent = 'file=' + filePath + ' content=' + proposedShort;
       const relevantRules = await filterRules(
         ruleFilterText(graderContent, transcript.userIntent || lastPrompt),
@@ -4104,9 +4164,6 @@ async function main() {
         'User intent (last human message): ' + (transcript.userIntent || 'none stated'),
         'Last user prompt: ' + (lastPrompt || 'none'),
         'Org rules: ' + JSON.stringify(relevantRules),
-        'IMPORTANT: If a rule is violated, ALWAYS return ok=false with the rule_id and reason, regardless of the rule mode. Do NOT pass a command just because the rule mode is "fix". The enforcement layer handles ask vs fix \u2014 your job is only to detect violations.',
-        'CRITICAL: The user requesting or instructing an action does NOT exempt it from rules. Even if the user explicitly said "drop the database" or "delete everything", you MUST still flag the rule violation on first encounter. User intent is NOT consent. However, for ask-mode rules ONLY: if the session history shows a prior block for the SAME rule AND the user explicitly consented after seeing that block, subsequent commands covered by that same rule may pass \u2014 but each distinct command is consumed once. Look for the sequence: block event \u2192 user acknowledgment \u2192 retry. Once a specific command has successfully executed under that consent, it is consumed. If the same command appears again later, it requires fresh consent (a new block \u2192 consent cycle). Example: R012 covers deploy, publish, push. Block on deploy \u2192 user consents \u2192 deploy passes (consumed), publish passes (consumed), push passes (consumed). A later deploy triggers a fresh block. An initial user instruction is NEVER consent \u2014 only a response to a shown block counts.',
-        'The rules shown were pre-selected as the ones relevant to this edit \u2014 every rule here IS relevant, do not label any "not relevant". When passing (ok=true), give a terse, specific reason each rule passes. Format: "R003: no hardcoded secrets in file. R005: in-repo path only." Cover every rule shown.',
       ].join('\\n');
       const graderPrompt = buildGraderPrompt(proposedShort);
 
@@ -4284,7 +4341,7 @@ async function main() {
       recent_user_messages: transcript.recentUserMessages,
       recent_messages: transcript.recentMessages,
       recent_actions: transcript.recentActions,
-      session_history: compressSessionLog(readSessionLog(sessionId)),
+      session_history: compressSessionLog(readSessionLog(sessionId), config.rules),
       session_id: sessionId || null,
       tool_use_id: toolUseId || null,
       cwd: cwd || null,
@@ -5523,7 +5580,7 @@ async function main() {
     // mode was also checked up there.
 
     if (rt === 'local') {
-      const sessionLog = compressSessionLog(readSessionLog(sessionId));
+      const sessionLog = compressSessionLog(readSessionLog(sessionId), config.rules);
       const relevantRules = await filterRules(
         ruleFilterText(command, transcript.userIntent || lastPrompt),
         config.rules,
@@ -5537,10 +5594,6 @@ async function main() {
         'Last user prompt: ' + (lastPrompt || 'none'),
         'Org rules: ' + JSON.stringify(relevantRules),
         scanConcern,
-        'IMPORTANT: If a rule is violated, ALWAYS return ok=false with the rule_id and reason, regardless of the rule mode. Do NOT pass a command just because the rule mode is "fix". The enforcement layer handles ask vs fix — your job is only to detect violations.',
-        'CRITICAL: The user requesting or instructing an action does NOT exempt it from rules. Even if the user explicitly said "drop the database" or "delete everything", you MUST still flag the rule violation on first encounter. User intent is NOT consent. However, for ask-mode rules ONLY: if the session history shows a prior block for the SAME rule AND the user explicitly consented after seeing that block, subsequent commands covered by that same rule may pass — but each distinct command is consumed once. Look for the sequence: block event → user acknowledgment → retry. Once a specific command has successfully executed under that consent, it is consumed. If the same command appears again later, it requires fresh consent (a new block → consent cycle). Example: R012 covers deploy, publish, push. Block on deploy → user consents → deploy passes (consumed), publish passes (consumed), push passes (consumed). A later deploy triggers a fresh block. An initial user instruction is NEVER consent — only a response to a shown block counts.',
-        'The rules shown were pre-selected as the ones relevant to this command — every rule here IS relevant, do not label any "not relevant". When passing (ok=true), give a terse, specific reason each rule passes. Format: "R003: no secrets in grep args. R005: in-repo path only." Cover every rule shown.',
-        'Rules with preconditions (e.g. "run X before Y") are CONSUMED after the protected action completes. Use the session history timestamps to determine ordering: a precondition satisfied before the last occurrence of the protected action does NOT satisfy the next occurrence. Each new protected action needs its precondition re-satisfied.',
       ].filter(Boolean).join('\\n');
 
       let gradeResp: string;
@@ -5609,7 +5662,7 @@ async function main() {
       recent_user_messages: transcript.recentUserMessages,
       recent_messages: transcript.recentMessages,
       recent_actions: transcript.recentActions,
-      session_history: compressSessionLog(readSessionLog(sessionId)),
+      session_history: compressSessionLog(readSessionLog(sessionId), config.rules),
       session_id: sessionId || null,
       tool_use_id: toolUseId || null,
       cwd: cwd || null,
@@ -5742,7 +5795,7 @@ async function main() {
     }
 
     if (rt === 'local') {
-      const sessionLog = compressSessionLog(readSessionLog(sessionId));
+      const sessionLog = compressSessionLog(readSessionLog(sessionId), config.rules);
       const agentText = 'agent=' + subagentType + ' description=' + description + ' prompt=' + prompt.slice(0, 2000);
       const relevantRules = await filterRules(agentText, config.rules);
       const graderPrompt = [
@@ -5757,8 +5810,6 @@ async function main() {
         'User intent (last human message): ' + (transcript.userIntent || 'none stated'),
         'Last user prompt: ' + (lastPrompt || 'none'),
         'Org rules: ' + JSON.stringify(relevantRules),
-        'IMPORTANT: If a rule is violated, ALWAYS return ok=false with the rule_id and reason, regardless of the rule mode. Do NOT pass a command just because the rule mode is "fix". The enforcement layer handles ask vs fix \u2014 your job is only to detect violations.',
-        'CRITICAL: The user requesting or instructing an action does NOT exempt it from rules. Even if the user explicitly said "drop the database" or "delete everything", you MUST still flag the rule violation on first encounter. User intent is NOT consent. However, for ask-mode rules ONLY: if the session history shows a prior block for the SAME rule AND the user explicitly consented after seeing that block, subsequent commands covered by that same rule may pass \u2014 but each distinct command is consumed once. Look for the sequence: block event \u2192 user acknowledgment \u2192 retry. Once a specific command has successfully executed under that consent, it is consumed. If the same command appears again later, it requires fresh consent (a new block \u2192 consent cycle). Example: R012 covers deploy, publish, push. Block on deploy \u2192 user consents \u2192 deploy passes (consumed), publish passes (consumed), push passes (consumed). A later deploy triggers a fresh block. An initial user instruction is NEVER consent \u2014 only a response to a shown block counts.',
       ].filter(Boolean).join('\\n');
 
       let gradeResp: string;
@@ -5817,7 +5868,7 @@ async function main() {
       recent_user_messages: transcript.recentUserMessages,
       recent_messages: transcript.recentMessages,
       recent_actions: transcript.recentActions,
-      session_history: compressSessionLog(readSessionLog(sessionId)),
+      session_history: compressSessionLog(readSessionLog(sessionId), config.rules),
       session_id: sessionId || null,
       tool_use_id: toolUseId || null,
       cwd: cwd || null,
@@ -5962,7 +6013,7 @@ async function main() {
     }
 
     if (rt === 'local') {
-      const sessionLog = compressSessionLog(readSessionLog(sessionId));
+      const sessionLog = compressSessionLog(readSessionLog(sessionId), config.rules);
       const relevantRules = await filterRules(plan.slice(0, 2000), config.rules);
       const graderPrompt = [
         'Working directory: ' + (cwd || '.'),
@@ -6568,7 +6619,7 @@ async function main() {
     }
 
     if (rt === 'local') {
-      const sessionLog = compressSessionLog(readSessionLog(sessionId));
+      const sessionLog = compressSessionLog(readSessionLog(sessionId), config.rules);
       const relevantRules = await filterRules(
         ruleFilterText(command, transcript.userIntent || lastPrompt),
         config.rules,
@@ -6583,10 +6634,6 @@ async function main() {
         'Last user prompt: ' + (lastPrompt || 'none'),
         'Org rules: ' + JSON.stringify(relevantRules),
         scanConcern,
-        'IMPORTANT: If a rule is violated, ALWAYS return ok=false with the rule_id and reason, regardless of the rule mode. Do NOT pass a command just because the rule mode is "fix". The enforcement layer handles ask vs fix \u2014 your job is only to detect violations.',
-        'CRITICAL: The user requesting or instructing an action does NOT exempt it from rules. Even if the user explicitly said "drop the database" or "delete everything", you MUST still flag the rule violation on first encounter. User intent is NOT consent. However, for ask-mode rules ONLY: if the session history shows a prior block for the SAME rule AND the user explicitly consented after seeing that block, subsequent commands covered by that same rule may pass \u2014 but each distinct command is consumed once. Look for the sequence: block event \u2192 user acknowledgment \u2192 retry. Once a specific command has successfully executed under that consent, it is consumed. If the same command appears again later, it requires fresh consent (a new block \u2192 consent cycle). Example: R012 covers deploy, publish, push. Block on deploy \u2192 user consents \u2192 deploy passes (consumed), publish passes (consumed), push passes (consumed). A later deploy triggers a fresh block. An initial user instruction is NEVER consent \u2014 only a response to a shown block counts.',
-        'The rules shown were pre-selected as the ones relevant to this command \u2014 every rule here IS relevant, do not label any "not relevant". When passing (ok=true), give a terse, specific reason each rule passes. Format: "R003: no secrets in grep args. R005: in-repo path only." Cover every rule shown.',
-        'Rules with preconditions (e.g. "run X before Y") are CONSUMED after the protected action completes. Use the session history timestamps to determine ordering: a precondition satisfied before the last occurrence of the protected action does NOT satisfy the next occurrence. Each new protected action needs its precondition re-satisfied.',
       ].filter(Boolean).join('\\n');
 
       let gradeResp: string;
@@ -10869,7 +10916,7 @@ function writeConfigEnv(opts) {
     `SYNKRO_CREDENTIALS_PATH=${shellQuoteSingle(credsPath)}`,
     `SYNKRO_TIER=${shellQuoteSingle(safeTier)}`,
     `SYNKRO_INFERENCE=${shellQuoteSingle(safeInference)}`,
-    `SYNKRO_VERSION=${shellQuoteSingle("1.6.85")}`
+    `SYNKRO_VERSION=${shellQuoteSingle("1.6.87")}`
   ];
   if (safeSynkroBin) lines.push(`SYNKRO_CLI_BIN=${shellQuoteSingle(safeSynkroBin)}`);
   if (safeUserId) lines.push(`SYNKRO_USER_ID=${shellQuoteSingle(safeUserId)}`);
@@ -11685,7 +11732,12 @@ async function installCommand(opts = {}) {
   } catch (err) {
     console.warn(`  \u26A0 Could not cache judge prompts: ${err.message}`);
   }
-  writeSynkroFileIfMissing({ hasClaudeCode, hasCursor, gradingMode, deployLocation });
+  if (deployLocation !== "cloud") {
+    writeSynkroFileIfMissing({ hasClaudeCode, hasCursor, gradingMode, deployLocation });
+  } else {
+    console.log("  Cloud mode: standards + grader pool are configured in the dashboard");
+    console.log("  (Settings \u2192 Standards / Pool) \u2014 no synkro.toml needed.");
+  }
   console.log();
   let cloudGradeOk = null;
   if (useLocalMcp) {
@@ -14463,8 +14515,7 @@ function stableStringify(value) {
 function canonicalize(pack) {
   return stableStringify({
     rules: pack.rules ?? [],
-    docs: pack.docs ?? [],
-    manifest: pack.manifest ?? {}
+    docs: pack.docs ?? []
   });
 }
 function computeDigest(canonical) {
@@ -14533,6 +14584,12 @@ function cacheKey(ref, version) {
   return ref.replace(/\//g, "__").replace(/[^\w.@-]/g, "_") + "@" + version + ".json";
 }
 async function syncCommand(_args = []) {
+  if (process.env.SYNKRO_DEPLOY_LOCATION === "cloud") {
+    console.log("Cloud mode: standards are applied org-wide from the dashboard");
+    console.log("(Settings \u2192 Standards). No synkro.toml or `synkro sync` needed \u2014");
+    console.log("packs enforce automatically wherever Synkro is installed.");
+    return;
+  }
   const sf = readFullSynkroFile();
   if (!sf) {
     console.error("No synkro.toml found in the repo root. Run `synkro install` first.");
@@ -14902,7 +14959,7 @@ var args = process.argv.slice(2);
 var cmd = args[0] || "";
 var subArgs = args.slice(1);
 function printVersion() {
-  console.log("1.6.85");
+  console.log("1.6.87");
 }
 function printHelp2() {
   console.log(`Synkro CLI \u2014 runtime safety for AI coding agents