delimit-cli 2.4.0 → 3.0.0

package/.dockerignore

@@ -0,0 +1,7 @@
+node_modules
+.git
+tests
+junit.xml
+playwright-report
+test-results
+test-results.json

package/.github/workflows/ci.yml

@@ -0,0 +1,22 @@
+name: Tests
+
+on: [push, pull_request]
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        node-version: ['18', '20', '22']
+
+    name: Test Node ${{ matrix.node-version }}
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: actions/setup-node@v4
+        with:
+          node-version: ${{ matrix.node-version }}
+
+      - run: npm install
+
+      - run: npm test

package/CODE_OF_CONDUCT.md

@@ -0,0 +1,48 @@
+# Code of Conduct
+
+## Our Pledge
+
+We as members, contributors, and leaders pledge to make participation in our
+community a harassment-free experience for everyone, regardless of age, body
+size, visible or invisible disability, ethnicity, sex characteristics, gender
+identity and expression, level of experience, education, socio-economic status,
+nationality, personal appearance, race, caste, color, religion, or sexual
+identity and orientation.
+
+## Our Standards
+
+Examples of behavior that contributes to a positive environment:
+
+* Using welcoming and inclusive language
+* Being respectful of differing viewpoints and experiences
+* Gracefully accepting constructive criticism
+* Focusing on what is best for the community
+* Showing empathy towards other community members
+
+Examples of unacceptable behavior:
+
+* The use of sexualized language or imagery
+* Trolling, insulting or derogatory comments, and personal attacks
+* Public or private harassment
+* Publishing others' private information without permission
+* Other conduct which could reasonably be considered inappropriate
+
+## Enforcement Responsibilities
+
+Community leaders are responsible for clarifying and enforcing our standards of
+acceptable behavior and will take appropriate and fair corrective action in
+response to any behavior that they deem inappropriate, threatening, offensive,
+or harmful.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported to the community leaders responsible for enforcement at
+opensource@delimit.ai.
+
+All complaints will be reviewed and investigated promptly and fairly.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant](https://www.contributor-covenant.org/),
+version 2.1.

package/CONTRIBUTING.md

@@ -0,0 +1,67 @@
+# Contributing to Delimit
+
+Thank you for your interest in contributing to Delimit. We welcome contributions from the community.
+
+## How to Contribute
+
+### Reporting Issues
+
+1. Check if the issue already exists
+2. Create a new issue with:
+   - Clear title and description
+   - Steps to reproduce
+   - Expected vs actual behavior
+   - Environment details (OS, Node version, etc.)
+
+### Submitting Pull Requests
+
+1. Fork the repository
+2. Create a feature branch: `git checkout -b feature/your-feature`
+3. Make your changes
+4. Run the test suite
+5. Commit with clear messages
+6. Push to your fork
+7. Open a PR with:
+   - Description of changes
+   - Related issue numbers
+   - Test results
+
+## Development Setup
+
+### CLI (npm)
+
+```bash
+npm install -g delimit-cli
+delimit doctor
+```
+
+### GitHub Action
+
+See [delimit-action](https://github.com/delimit-ai/delimit-action) for CI integration.
+
+## Code Style
+
+- Follow existing conventions in the codebase
+- Use type hints where appropriate
+- Document functions and classes
+- Keep functions focused and small
+
+## Testing
+
+All PRs must:
+- Pass existing tests
+- Include tests for new features
+- Not introduce regressions
+
+## Areas for Contribution
+
+- Documentation improvements
+- Bug fixes
+- New governance rules and policy presets
+- Performance improvements
+- Framework integrations (Zero-Spec extractors)
+
+## Questions?
+
+- Open a [Discussion](https://github.com/delimit-ai/delimit/discussions) on GitHub
+- Email opensource@delimit.ai

package/Dockerfile

@@ -0,0 +1,9 @@
+FROM node:20-slim
+RUN apt-get update && apt-get install -y --no-install-recommends python3 python3-pip && rm -rf /var/lib/apt/lists/*
+RUN pip3 install --break-system-packages pyyaml pydantic packaging
+WORKDIR /app
+COPY package*.json ./
+RUN npm install --production --ignore-scripts
+COPY . .
+ENV DELIMIT_GATEWAY_ROOT=/app/gateway
+ENTRYPOINT ["node", "bin/delimit-cli.js"]

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Delimit AI
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -5,7 +5,6 @@ Catch breaking API changes before they ship.
 [![npm](https://img.shields.io/npm/v/delimit-cli)](https://www.npmjs.com/package/delimit-cli)
 [![GitHub Action](https://img.shields.io/badge/Marketplace-Delimit-blue)](https://github.com/marketplace/actions/delimit-api-governance)
 [![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](https://opensource.org/licenses/MIT)
-[![Tests](https://img.shields.io/badge/tests-299%20passing-brightgreen)](#)
 
 Deterministic diff engine for OpenAPI specs. Detects breaking changes, classifies semver, enforces policy, and posts PR comments with migration guides. No API keys, no external services.
 
@@ -13,8 +12,6 @@ Deterministic diff engine for OpenAPI specs. Detects breaking changes, classifie
 
 ## GitHub Action (recommended)
 
-Add `.github/workflows/api-check.yml`:
-
 ```yaml
 name: API Contract Check
 on: pull_request
@@ -26,17 +23,12 @@ jobs:
       pull-requests: write
     steps:
       - uses: actions/checkout@v4
-      - uses: actions/checkout@v4
-        with:
-          ref: ${{ github.event.pull_request.base.sha }}
-          path: base
       - uses: delimit-ai/delimit-action@v1
         with:
-          old_spec: base/api/openapi.yaml
-          new_spec: api/openapi.yaml
+          spec: api/openapi.yaml
 ```
 
-Runs in **advisory mode** by default -- posts a PR comment but never fails your build. Set `mode: enforce` when you are ready to block merges on breaking changes.
+One input. Delimit fetches the base branch version automatically. Runs in **advisory mode** by default -- posts a PR comment but does not fail your build. Set `mode: enforce` to block merges on breaking changes.
 
 ---
 
@@ -53,87 +45,44 @@ Or install globally:
 ```bash
 npm install -g delimit-cli
 delimit init --preset default
-delimit lint old.yaml new.yaml
+delimit lint api/openapi.yaml
 ```
 
 ### Commands
 
 | Command | What it does |
 |---------|-------------|
-| `delimit init [--preset]` | Create `.delimit/policies.yml` |
-| `delimit lint <old> <new>` | Diff + policy check. Exit 1 on violations. |
+| `delimit init [--preset]` | Create `.delimit/policies.yml` with a policy preset |
+| `delimit lint <spec>` | Diff + policy check. Exit 1 on violations. |
 | `delimit diff <old> <new>` | Raw diff with `[BREAKING]` / `[safe]` tags |
-| `delimit explain <old> <new>` | Human-readable explanation (7 templates) |
-
----
+| `delimit explain <old> <new>` | Human-readable summary (7 templates) |
 
-## What it catches
-
-10 breaking change types, detected deterministically:
-
-| Breaking change | Example |
-|----------------|---------|
-| Endpoint removed | `DELETE /users/{id}` path deleted |
-| Method removed | `PATCH` dropped from `/orders` |
-| Required parameter added | New required query param on existing endpoint |
-| Parameter removed | `?filter` param deleted |
-| Response removed | `200` response code dropped |
-| Required field added | New required field in request body |
-| Response field removed | `email` field removed from response |
-| Type changed | `age` changed from `string` to `integer` |
-| Format changed | `date` changed to `date-time` |
-| Enum value removed | `status: "pending"` no longer allowed |
-
-Plus 7 non-breaking types (endpoint added, optional field added, etc.) for full change visibility. Every change is classified as `MAJOR`, `MINOR`, `PATCH`, or `NONE`.
-
----
-
-## Policy presets
+### Policy presets
 
 ```bash
-delimit init --preset strict    # All breaking changes are errors. For public/payment APIs.
-delimit init --preset default   # Breaking changes error, type changes warn. For most teams.
-delimit init --preset relaxed   # Everything is a warning. For internal APIs and prototyping.
+delimit init --preset strict    # All breaking changes are errors
+delimit init --preset default   # Breaking = error, type changes = warn
+delimit init --preset relaxed   # Everything is a warning
 ```
 
-Or pass inline: `delimit lint --policy strict old.yaml new.yaml`
+Or inline: `delimit lint --policy strict api/openapi.yaml`
 
 ---
 
-## Custom policies
-
-Create `.delimit/policies.yml`:
-
-```yaml
-override_defaults: false
-
-rules:
-  - id: protect_v1
-    name: Protect V1 API
-    change_types: [endpoint_removed, method_removed, field_removed]
-    severity: error
-    action: forbid
-    conditions:
-      path_pattern: "^/v1/.*"
-    message: "V1 API is frozen. Make changes in V2."
-```
-
----
+## What it catches
 
-## Supported formats
+10 breaking change types (endpoint removed, method removed, required param added, param removed, response removed, required field added, response field removed, type changed, format changed, enum value removed) plus 7 non-breaking types for full visibility. Every change classified as `MAJOR`, `MINOR`, `PATCH`, or `NONE`.
 
-- OpenAPI 3.0 and 3.1
-- Swagger 2.0
-- YAML and JSON
+Supports OpenAPI 3.0, 3.1, and Swagger 2.0 in YAML or JSON.
 
 ---
 
 ## Links
 
-- [delimit.ai](https://delimit.ai) -- Project home
-- [GitHub Action on Marketplace](https://github.com/marketplace/actions/delimit-api-governance) -- Install in one click
-- [delimit-cli on npm](https://www.npmjs.com/package/delimit-cli) -- CLI package
-- [Quickstart repo](https://github.com/delimit-ai/delimit-quickstart) -- Try it in 2 minutes
+- [delimit.ai](https://delimit.ai)
+- [GitHub Action](https://github.com/marketplace/actions/delimit-api-governance)
+- [delimit-cli on npm](https://www.npmjs.com/package/delimit-cli)
+- [Quickstart repo](https://github.com/delimit-ai/delimit-quickstart)
 
 ## License
 

package/SECURITY.md

@@ -0,0 +1,42 @@
+# Security Policy
+
+## Supported Versions
+
+| Version | Supported |
+| ------- | --------- |
+| 2.x     | Yes       |
+| 1.x     | No        |
+
+## Reporting a Vulnerability
+
+We take security seriously at Delimit. If you discover a security vulnerability, please follow these steps:
+
+1. **Do NOT** create a public GitHub issue
+2. Email security@delimit.ai with:
+   - Description of the vulnerability
+   - Steps to reproduce
+   - Potential impact
+   - Your suggested fix (if any)
+
+## Response Timeline
+
+- **Acknowledgment**: Within 24 hours
+- **Initial Assessment**: Within 72 hours
+- **Fix Timeline**: Based on severity
+  - Critical: Within 7 days
+  - High: Within 14 days
+  - Medium: Within 30 days
+  - Low: Next release
+
+## Security Best Practices
+
+When using Delimit:
+
+1. **Never commit API keys or tokens** to your repository
+2. **Use environment variables** for sensitive configuration
+3. **Keep Delimit updated** to the latest version
+4. **Review PR annotations** before merging
+
+## Data Privacy
+
+Delimit processes your API specifications locally. The CLI and GitHub Action do not send your specs to external servers.

package/adapters/gemini-forge.js

@@ -107,3 +107,14 @@ module.exports = new DelimitGeminiForge();
 if (typeof registerExtension === 'function') {
     registerExtension(new DelimitGeminiForge());
 }
+
+// CLI entrypoint for Gemini hook invocation
+if (require.main === module) {
+    const instance = new DelimitGeminiForge();
+    instance.getContext()
+        .then(ctx => {
+            process.stdout.write(JSON.stringify(ctx) + '\n');
+            process.exit(0);
+        })
+        .catch(() => process.exit(0)); // fail open
+}

package/adapters/gemini-jamsons.js

@@ -0,0 +1,152 @@
+#!/usr/bin/env node
+/**
+ * Delimit™ Gemini CLI Jamsons Adapter
+ * Layer: Jamsons OS (strategy + operational governance)
+ * Injects portfolio context, logs decisions, surfaces venture/priority state.
+ */
+
+'use strict';
+
+const axios = require('axios');
+const AGENT_URL   = `http://127.0.0.1:${process.env.DELIMIT_AGENT_PORT || 7823}`;
+const JAMSONS_URL = `http://localhost:${process.env.JAMSONS_PORT || 8091}`;
+
+const VENTURES = {
+    delimit:       { priority: 'P0', status: 'active' },
+    domainvested:  { priority: 'P2', status: 'maintenance' },
+    'wire.report': { priority: 'held', status: 'held' },
+    'livetube.ai': { priority: 'held', status: 'held' },
+};
+
+class DelimitGeminiJamsons {
+    constructor() {
+        this.id = 'delimit-jamsons';
+        this.version = '1.0.0';
+    }
+
+    /**
+     * Pre-generation: inject portfolio and decision context into request.
+     */
+    async beforeCodeGeneration(request) {
+        try {
+            const portfolioCtx = await this._getPortfolioContext(request);
+            request._jamsons = portfolioCtx;
+        } catch (_) { /* fail open */ }
+        return request;
+    }
+
+    async afterResponse(response) {
+        try {
+            await axios.post(`${JAMSONS_URL}/api/chatops/decisions`, {
+                type: 'task',
+                title: `Gemini: session response logged`,
+                detail: `Model: ${response.model || 'unknown'} | Tool: gemini`,
+                user_id: 'gemini-adapter',
+                tags: ['delimit', 'chatops'],
+            }, {
+                headers: { Authorization: `Bearer ${process.env.CHATOPS_AUTH_TOKEN}` },
+                timeout: 2000,
+            });
+        } catch (_) { /* silent */ }
+        return response;
+    }
+
+    async _getPortfolioContext(request) {
+        const [memory, decisions] = await Promise.allSettled([
+            this._searchMemory(request.prompt || 'delimit'),
+            this._getPendingDecisions(),
+        ]);
+
+        return {
+            ventures: VENTURES,
+            activeVenture: this._detectVenture(request),
+            memory: memory.status === 'fulfilled' ? memory.value : [],
+            pendingDecisions: decisions.status === 'fulfilled' ? decisions.value : [],
+            timestamp: new Date().toISOString(),
+        };
+    }
+
+    _detectVenture(request) {
+        const text = (request.prompt || request.context || '').toLowerCase();
+        if (text.includes('delimit')) return 'delimit';
+        if (text.includes('domainvested')) return 'domainvested';
+        return 'delimit';
+    }
+
+    async _searchMemory(query) {
+        const r = await axios.get(`${JAMSONS_URL}/api/memory/search`, {
+            params: { q: query, limit: 5 },
+            timeout: 2000,
+        });
+        return r.data?.results || [];
+    }
+
+    async _getPendingDecisions() {
+        const r = await axios.get(`${JAMSONS_URL}/api/chatops/decisions`, {
+            params: { status: 'pending', limit: 5 },
+            headers: { Authorization: `Bearer ${process.env.CHATOPS_AUTH_TOKEN}` },
+            timeout: 2000,
+        });
+        return r.data?.decisions || r.data || [];
+    }
+
+    async handleCommand(command, _args) {
+        const { execSync } = require('child_process');
+        const commands = {
+            '@jamsons':   'delimit status --layer=jamsons',
+            '@portfolio': 'delimit portfolio --summary',
+            '@decisions': 'delimit decisions --pending',
+            '@memory':    'delimit memory --recent',
+        };
+        if (commands[command]) {
+            try {
+                return execSync(commands[command], { timeout: 10000 }).toString();
+            } catch (e) {
+                return `[JAMSONS] Command failed: ${e.message}`;
+            }
+        }
+    }
+
+    /**
+     * Structured context for consensus — call from hooks or consensus runners.
+     */
+    async getContext() {
+        const [memory, decisions] = await Promise.allSettled([
+            axios.get(`${JAMSONS_URL}/api/memory/search`, {
+                params: { q: 'delimit strategy', limit: 5 },
+                timeout: 3000,
+            }),
+            axios.get(`${JAMSONS_URL}/api/chatops/decisions`, {
+                params: { status: 'pending' },
+                headers: { Authorization: `Bearer ${process.env.CHATOPS_AUTH_TOKEN}` },
+                timeout: 3000,
+            }),
+        ]);
+
+        return {
+            layer: 'jamsons',
+            tool: 'gemini',
+            ventures: VENTURES,
+            memory: memory.status === 'fulfilled' ? (memory.value.data?.results || []) : null,
+            pendingDecisions: decisions.status === 'fulfilled' ? (decisions.value.data || []) : null,
+        };
+    }
+}
+
+module.exports = new DelimitGeminiJamsons();
+
+if (typeof registerExtension === 'function') {
+    registerExtension(new DelimitGeminiJamsons());
+}
+
+// CLI entrypoint for Gemini hook invocation
+if (require.main === module) {
+    const instance = new DelimitGeminiJamsons();
+    const event = process.argv[2] || 'before-agent';
+    instance.getContext()
+        .then(ctx => {
+            process.stdout.write(JSON.stringify(ctx) + '\n');
+            process.exit(0);
+        })
+        .catch(() => process.exit(0)); // fail open
+}

package/bin/delimit-cli.js

@@ -1186,6 +1186,14 @@ program
         }
     });
 
+// Setup command — install MCP governance tools into Claude Code
+program
+    .command('setup')
+    .description('Install Delimit MCP governance tools into Claude Code')
+    .action(() => {
+        require('./delimit-setup.js');
+    });
+
 // Hide legacy/internal commands from --help
 ['install', 'mode', 'status', 'policy', 'auth', 'audit',
  'explain-decision', 'uninstall', 'proxy', 'hook'].forEach(name => {