delimit-cli 2.3.2 → 3.0.0

package/adapters/codex-jamsons.js

@@ -0,0 +1,142 @@
+#!/usr/bin/env node
+/**
+ * Delimit™ Codex Jamsons Adapter
+ * Layer: Jamsons OS (strategy + operational governance)
+ * Injects portfolio context, logs decisions, surfaces venture/priority state.
+ */
+
+'use strict';
+
+const axios = require('axios');
+const AGENT_URL   = `http://127.0.0.1:${process.env.DELIMIT_AGENT_PORT || 7823}`;
+const JAMSONS_URL = `http://localhost:${process.env.JAMSONS_PORT || 8091}`;
+
+const VENTURES = {
+    delimit:      { priority: 'P0', status: 'active' },
+    domainvested: { priority: 'P2', status: 'maintenance' },
+    'wire.report': { priority: 'held', status: 'held' },
+    'livetube.ai': { priority: 'held', status: 'held' },
+};
+
+class DelimitCodexJamsons {
+    constructor() {
+        this.name = 'delimit-jamsons';
+        this.version = '1.0.0';
+    }
+
+    /**
+     * Before suggestion: inject portfolio context so the model has strategic awareness.
+     */
+    async onBeforeSuggestion(context) {
+        try {
+            const portfolioCtx = await this._getPortfolioContext(context);
+            // Attach context metadata — Codex passes this through to the model
+            context._jamsons = portfolioCtx;
+        } catch (_) { /* fail open */ }
+        return { allow: true };
+    }
+
+    async onAfterAccept(context) {
+        // Log accepted suggestion to Jamsons decision ledger
+        try {
+            await axios.post(`${JAMSONS_URL}/api/chatops/decisions`, {
+                type: 'task',
+                title: `Codex: accepted suggestion in ${context.file || 'unknown file'}`,
+                detail: `Language: ${context.language || 'unknown'} | Tool: codex`,
+                user_id: 'codex-adapter',
+                tags: ['delimit', 'chatops'],
+            }, {
+                headers: { Authorization: `Bearer ${process.env.CHATOPS_AUTH_TOKEN}` },
+                timeout: 2000,
+            });
+        } catch (_) { /* silent */ }
+    }
+
+    async _getPortfolioContext(context) {
+        const [memory, decisions] = await Promise.allSettled([
+            this._searchMemory(context.file || context.language || 'delimit'),
+            this._getPendingDecisions(),
+        ]);
+
+        return {
+            ventures: VENTURES,
+            activeVenture: this._detectVenture(context),
+            memory: memory.status === 'fulfilled' ? memory.value : [],
+            pendingDecisions: decisions.status === 'fulfilled' ? decisions.value : [],
+            timestamp: new Date().toISOString(),
+        };
+    }
+
+    _detectVenture(context) {
+        const path = (context.file || '').toLowerCase();
+        if (path.includes('delimit')) return 'delimit';
+        if (path.includes('domainvested')) return 'domainvested';
+        return 'delimit'; // default active venture
+    }
+
+    async _searchMemory(query) {
+        const r = await axios.get(`${JAMSONS_URL}/api/memory/search`, {
+            params: { q: query, limit: 5 },
+            timeout: 2000,
+        });
+        return r.data?.results || [];
+    }
+
+    async _getPendingDecisions() {
+        const r = await axios.get(`${JAMSONS_URL}/api/chatops/decisions`, {
+            params: { status: 'pending', limit: 5 },
+            headers: { Authorization: `Bearer ${process.env.CHATOPS_AUTH_TOKEN}` },
+            timeout: 2000,
+        });
+        return r.data?.decisions || r.data || [];
+    }
+
+    async handleCommand(command, _args) {
+        const { execSync } = require('child_process');
+        const cmds = {
+            'jamsons': 'delimit status --layer=jamsons',
+            'portfolio': 'delimit portfolio --summary',
+            'decisions': 'delimit decisions --pending',
+            'memory': 'delimit memory --recent',
+        };
+        if (cmds[command]) {
+            try {
+                return execSync(cmds[command], { timeout: 10000 }).toString();
+            } catch (e) {
+                return `[JAMSONS] Command failed: ${e.message}`;
+            }
+        }
+    }
+
+    /**
+     * Returns structured Jamsons context for consensus use.
+     */
+    async getContext() {
+        const [memory, decisions] = await Promise.allSettled([
+            axios.get(`${JAMSONS_URL}/api/memory/search`, {
+                params: { q: 'delimit strategy', limit: 5 },
+                timeout: 3000,
+            }),
+            axios.get(`${JAMSONS_URL}/api/chatops/decisions`, {
+                params: { status: 'pending' },
+                headers: { Authorization: `Bearer ${process.env.CHATOPS_AUTH_TOKEN}` },
+                timeout: 3000,
+            }),
+        ]);
+
+        return {
+            layer: 'jamsons',
+            ventures: VENTURES,
+            memory: memory.status === 'fulfilled' ? (memory.value.data?.results || []) : null,
+            pendingDecisions: decisions.status === 'fulfilled' ? (decisions.value.data || []) : null,
+        };
+    }
+}
+
+if (typeof module !== 'undefined' && module.exports) {
+    module.exports = new DelimitCodexJamsons();
+}
+
+if (typeof registerSkill === 'function') {
+    registerSkill(new DelimitCodexJamsons());
+}

package/adapters/codex-security.js

@@ -0,0 +1,94 @@
+#!/usr/bin/env node
+/**
+ * Delimit™ Codex Security Skill Adapter
+ * Layer: Delimit (code governance) — Security surface
+ * Triggered on pre-code-generation and pre-suggestion events
+ */
+
+'use strict';
+
+const axios = require('axios');
+const AGENT_URL = `http://127.0.0.1:${process.env.DELIMIT_AGENT_PORT || 7823}`;
+
+class DelimitCodexSecurity {
+    constructor() {
+        this.name = 'delimit-security';
+        this.version = '1.0.0';
+    }
+
+    async onBeforeSuggestion(context) {
+        try {
+            const { code, language, file } = context;
+            const response = await axios.post(`${AGENT_URL}/security`, {
+                action: 'codex_suggestion',
+                code,
+                language,
+                file,
+                tool: 'codex',
+            }, { timeout: 3000 });
+
+            const { severity, findings } = response.data;
+
+            if (severity === 'critical') {
+                return {
+                    allow: false,
+                    message: `[DELIMIT SECURITY] Blocked — critical finding: ${findings?.[0]?.message || 'see audit log'}`,
+                };
+            }
+
+            if (severity === 'high') {
+                return {
+                    allow: true,
+                    warning: `[DELIMIT SECURITY] High-severity finding: ${findings?.[0]?.message || 'review before accepting'}`,
+                };
+            }
+
+            return { allow: true };
+        } catch (err) {
+            if (err.response?.data?.action === 'block') {
+                return { allow: false, message: `[DELIMIT SECURITY] ${err.response.data.reason}` };
+            }
+            // Fail open — security service unavailable
+            console.warn('[DELIMIT SECURITY] Scan unavailable:', err.message);
+            return { allow: true };
+        }
+    }
+
+    async onAfterAccept(context) {
+        try {
+            await axios.post(`${AGENT_URL}/audit`, {
+                action: 'codex_security_accept',
+                context,
+                timestamp: new Date().toISOString(),
+            }, { timeout: 2000 });
+        } catch (_) { /* silent */ }
+    }
+
+    async handleCommand(command, _args) {
+        if (command === 'security') {
+            const { execSync } = require('child_process');
+            try {
+                return execSync('delimit security --verbose', { timeout: 10000 }).toString();
+            } catch (e) {
+                return `[DELIMIT SECURITY] Command failed: ${e.message}`;
+            }
+        }
+    }
+
+    async getContext() {
+        try {
+            const r = await axios.get(`${AGENT_URL}/security/status`, { timeout: 3000 });
+            return { layer: 'delimit-security', status: 'ok', data: r.data };
+        } catch (_) {
+            return { layer: 'delimit-security', status: 'unavailable' };
+        }
+    }
+}
+
+if (typeof module !== 'undefined' && module.exports) {
+    module.exports = new DelimitCodexSecurity();
+}
+
+if (typeof registerSkill === 'function') {
+    registerSkill(new DelimitCodexSecurity());
+}

package/adapters/gemini-forge.js

@@ -0,0 +1,120 @@
+#!/usr/bin/env node
+/**
+ * Delimit™ Gemini CLI Forge Adapter
+ * Layer: Forge (execution governance)
+ * Used as: command handler called from Gemini CLI hooks and @commands
+ */
+
+'use strict';
+
+const axios = require('axios');
+const AGENT_URL = `http://127.0.0.1:${process.env.DELIMIT_AGENT_PORT || 7823}`;
+
+class DelimitGeminiForge {
+    constructor() {
+        this.id = 'delimit-forge';
+        this.version = '1.0.0';
+    }
+
+    /**
+     * Pre-generation: surface test failures and deploy locks to Gemini before it generates code.
+     */
+    async beforeCodeGeneration(request) {
+        const [testState, deployState, releaseState] = await Promise.allSettled([
+            axios.get(`${AGENT_URL}/test/status`, { timeout: 3000 }),
+            axios.get(`${AGENT_URL}/deploy/status`, { timeout: 3000 }),
+            axios.get(`${AGENT_URL}/release/status`, { timeout: 3000 }),
+        ]);
+
+        const warnings = [];
+
+        if (testState.status === 'fulfilled') {
+            const t = testState.value.data;
+            if (t?.failing > 0) warnings.push(`[FORGE] ${t.failing} test(s) failing`);
+        }
+
+        if (deployState.status === 'fulfilled') {
+            const d = deployState.value.data;
+            if (d?.locked) warnings.push(`[FORGE] Deploy locked: ${d.reason || 'release in progress'}`);
+        }
+
+        if (releaseState.status === 'fulfilled') {
+            const rel = releaseState.value.data;
+            if (rel?.in_progress) warnings.push(`[FORGE] Release in progress: ${rel.version || 'unknown'}`);
+        }
+
+        if (warnings.length > 0) {
+            console.warn(warnings.join('\n'));
+            // Inject warnings into system prompt context
+            request._forgeWarnings = warnings;
+        }
+
+        return request;
+    }
+
+    async afterResponse(response) {
+        try {
+            await axios.post(`${AGENT_URL}/audit`, {
+                action: 'gemini_forge_response',
+                response: {
+                    model: response.model,
+                    tokens: response.usage,
+                    timestamp: new Date().toISOString(),
+                },
+            }, { timeout: 2000 });
+        } catch (_) { /* silent */ }
+        return response;
+    }
+
+    async handleCommand(command, _args) {
+        const { execSync } = require('child_process');
+        const commands = {
+            '@forge':   'delimit status --layer=forge',
+            '@tests':   'delimit test --summary',
+            '@deploy':  'delimit deploy --status',
+            '@release': 'delimit release --status',
+        };
+        if (commands[command]) {
+            try {
+                return execSync(commands[command], { timeout: 10000 }).toString();
+            } catch (e) {
+                return `[FORGE] Command failed: ${e.message}`;
+            }
+        }
+    }
+
+    /**
+     * Structured context for consensus — call this from hooks or consensus runners.
+     */
+    async getContext() {
+        const [tests, deploy, release] = await Promise.allSettled([
+            axios.get(`${AGENT_URL}/test/status`, { timeout: 3000 }),
+            axios.get(`${AGENT_URL}/deploy/status`, { timeout: 3000 }),
+            axios.get(`${AGENT_URL}/release/status`, { timeout: 3000 }),
+        ]);
+        return {
+            layer: 'forge',
+            tool: 'gemini',
+            tests: tests.status === 'fulfilled' ? tests.value.data : null,
+            deploy: deploy.status === 'fulfilled' ? deploy.value.data : null,
+            release: release.status === 'fulfilled' ? release.value.data : null,
+        };
+    }
+}
+
+module.exports = new DelimitGeminiForge();
+
+if (typeof registerExtension === 'function') {
+    registerExtension(new DelimitGeminiForge());
+}
+
+// CLI entrypoint for Gemini hook invocation
+if (require.main === module) {
+    const instance = new DelimitGeminiForge();
+    instance.getContext()
+        .then(ctx => {
+            process.stdout.write(JSON.stringify(ctx) + '\n');
+            process.exit(0);
+        })
+        .catch(() => process.exit(0)); // fail open
+}

package/adapters/gemini-jamsons.js

@@ -0,0 +1,152 @@
+#!/usr/bin/env node
+/**
+ * Delimit™ Gemini CLI Jamsons Adapter
+ * Layer: Jamsons OS (strategy + operational governance)
+ * Injects portfolio context, logs decisions, surfaces venture/priority state.
+ */
+
+'use strict';
+
+const axios = require('axios');
+const AGENT_URL   = `http://127.0.0.1:${process.env.DELIMIT_AGENT_PORT || 7823}`;
+const JAMSONS_URL = `http://localhost:${process.env.JAMSONS_PORT || 8091}`;
+
+const VENTURES = {
+    delimit:       { priority: 'P0', status: 'active' },
+    domainvested:  { priority: 'P2', status: 'maintenance' },
+    'wire.report': { priority: 'held', status: 'held' },
+    'livetube.ai': { priority: 'held', status: 'held' },
+};
+
+class DelimitGeminiJamsons {
+    constructor() {
+        this.id = 'delimit-jamsons';
+        this.version = '1.0.0';
+    }
+
+    /**
+     * Pre-generation: inject portfolio and decision context into request.
+     */
+    async beforeCodeGeneration(request) {
+        try {
+            const portfolioCtx = await this._getPortfolioContext(request);
+            request._jamsons = portfolioCtx;
+        } catch (_) { /* fail open */ }
+        return request;
+    }
+
+    async afterResponse(response) {
+        try {
+            await axios.post(`${JAMSONS_URL}/api/chatops/decisions`, {
+                type: 'task',
+                title: `Gemini: session response logged`,
+                detail: `Model: ${response.model || 'unknown'} | Tool: gemini`,
+                user_id: 'gemini-adapter',
+                tags: ['delimit', 'chatops'],
+            }, {
+                headers: { Authorization: `Bearer ${process.env.CHATOPS_AUTH_TOKEN}` },
+                timeout: 2000,
+            });
+        } catch (_) { /* silent */ }
+        return response;
+    }
+
+    async _getPortfolioContext(request) {
+        const [memory, decisions] = await Promise.allSettled([
+            this._searchMemory(request.prompt || 'delimit'),
+            this._getPendingDecisions(),
+        ]);
+
+        return {
+            ventures: VENTURES,
+            activeVenture: this._detectVenture(request),
+            memory: memory.status === 'fulfilled' ? memory.value : [],
+            pendingDecisions: decisions.status === 'fulfilled' ? decisions.value : [],
+            timestamp: new Date().toISOString(),
+        };
+    }
+
+    _detectVenture(request) {
+        const text = (request.prompt || request.context || '').toLowerCase();
+        if (text.includes('delimit')) return 'delimit';
+        if (text.includes('domainvested')) return 'domainvested';
+        return 'delimit';
+    }
+
+    async _searchMemory(query) {
+        const r = await axios.get(`${JAMSONS_URL}/api/memory/search`, {
+            params: { q: query, limit: 5 },
+            timeout: 2000,
+        });
+        return r.data?.results || [];
+    }
+
+    async _getPendingDecisions() {
+        const r = await axios.get(`${JAMSONS_URL}/api/chatops/decisions`, {
+            params: { status: 'pending', limit: 5 },
+            headers: { Authorization: `Bearer ${process.env.CHATOPS_AUTH_TOKEN}` },
+            timeout: 2000,
+        });
+        return r.data?.decisions || r.data || [];
+    }
+
+    async handleCommand(command, _args) {
+        const { execSync } = require('child_process');
+        const commands = {
+            '@jamsons':   'delimit status --layer=jamsons',
+            '@portfolio': 'delimit portfolio --summary',
+            '@decisions': 'delimit decisions --pending',
+            '@memory':    'delimit memory --recent',
+        };
+        if (commands[command]) {
+            try {
+                return execSync(commands[command], { timeout: 10000 }).toString();
+            } catch (e) {
+                return `[JAMSONS] Command failed: ${e.message}`;
+            }
+        }
+    }
+
+    /**
+     * Structured context for consensus — call from hooks or consensus runners.
+     */
+    async getContext() {
+        const [memory, decisions] = await Promise.allSettled([
+            axios.get(`${JAMSONS_URL}/api/memory/search`, {
+                params: { q: 'delimit strategy', limit: 5 },
+                timeout: 3000,
+            }),
+            axios.get(`${JAMSONS_URL}/api/chatops/decisions`, {
+                params: { status: 'pending' },
+                headers: { Authorization: `Bearer ${process.env.CHATOPS_AUTH_TOKEN}` },
+                timeout: 3000,
+            }),
+        ]);
+
+        return {
+            layer: 'jamsons',
+            tool: 'gemini',
+            ventures: VENTURES,
+            memory: memory.status === 'fulfilled' ? (memory.value.data?.results || []) : null,
+            pendingDecisions: decisions.status === 'fulfilled' ? (decisions.value.data || []) : null,
+        };
+    }
+}
+
+module.exports = new DelimitGeminiJamsons();
+
+if (typeof registerExtension === 'function') {
+    registerExtension(new DelimitGeminiJamsons());
+}
+
+// CLI entrypoint for Gemini hook invocation
+if (require.main === module) {
+    const instance = new DelimitGeminiJamsons();
+    const event = process.argv[2] || 'before-agent';
+    instance.getContext()
+        .then(ctx => {
+            process.stdout.write(JSON.stringify(ctx) + '\n');
+            process.exit(0);
+        })
+        .catch(() => process.exit(0)); // fail open
+}

package/bin/delimit-cli.js

@@ -50,7 +50,7 @@ async function ensureAgent() {
 program
     .name('delimit')
     .description('Prevent breaking API changes before they reach production')
-    .version('2.3.0');
+    .version(require('../package.json').version);
 
 // Install command with modes
 program
@@ -803,7 +803,7 @@ program
             const specPath = foundSpecs[0];
             console.log(`  Detected spec: ${chalk.bold(specPath)}`);
             console.log('');
-            console.log(chalk.bold('  Add this to .github/workflows/api-governance.yml:\n'));
+            console.log(chalk.bold('  Workflow template:\n'));
             console.log(chalk.gray(`  name: API Governance
   on:
     pull_request:
@@ -827,6 +827,48 @@ program
             new_spec: ${specPath}
             mode: advisory`));
             console.log('');
+
+            // Auto-write the workflow file
+            const workflowDir = path.join(process.cwd(), '.github', 'workflows');
+            const workflowFile = path.join(workflowDir, 'api-governance.yml');
+
+            if (!fs.existsSync(workflowFile)) {
+                try {
+                    fs.mkdirSync(workflowDir, { recursive: true });
+                    const workflowContent = `name: API Governance
+on:
+  pull_request:
+    paths:
+      - '${specPath}'
+
+permissions:
+  contents: read
+  pull-requests: write
+
+jobs:
+  api-governance:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/checkout@v4
+        with:
+          ref: \${{ github.event.pull_request.base.sha }}
+          path: _base
+      - uses: delimit-ai/delimit@v1
+        with:
+          old_spec: _base/${specPath}
+          new_spec: ${specPath}
+          mode: advisory
+`;
+                    fs.writeFileSync(workflowFile, workflowContent);
+                    console.log(chalk.green(`  Created .github/workflows/api-governance.yml\n`));
+                } catch (err) {
+                    console.log(chalk.yellow(`  Could not write workflow file: ${err.message}`));
+                    console.log(chalk.bold('  Add this to .github/workflows/api-governance.yml manually (shown above)\n'));
+                }
+            } else {
+                console.log(chalk.yellow('  .github/workflows/api-governance.yml already exists — skipped\n'));
+            }
         } else {
             console.log('  No OpenAPI spec file detected.');
             console.log(`  Delimit also supports ${chalk.bold('Zero-Spec Mode')} — run ${chalk.bold('delimit lint')} in a FastAPI/NestJS/Express project.`);
@@ -1144,6 +1186,14 @@ program
         }
     });
 
+// Setup command — install MCP governance tools into Claude Code
+program
+    .command('setup')
+    .description('Install Delimit MCP governance tools into Claude Code')
+    .action(() => {
+        require('./delimit-setup.js');
+    });
+
 // Hide legacy/internal commands from --help
 ['install', 'mode', 'status', 'policy', 'auth', 'audit',
  'explain-decision', 'uninstall', 'proxy', 'hook'].forEach(name => {