delimit-cli 3.11.8 → 3.11.10

package/README.md

@@ -1,6 +1,6 @@
 # `</>` Delimit
 
-One workspace for every AI coding assistant. Switch models, not context.
+Unify Claude Code, Codex, Cursor, and Gemini CLI with persistent context, governance, and multi-model debate.
 
 [![npm](https://img.shields.io/npm/v/delimit-cli)](https://www.npmjs.com/package/delimit-cli)
 [![GitHub Action](https://img.shields.io/badge/GitHub%20Action-v1.6.0-blue)](https://github.com/marketplace/actions/delimit-api-governance)
@@ -68,26 +68,40 @@ npx delimit-cli setup
 
 No API keys. No account. Installs in 10 seconds.
 
-### CLI commands
+### CLI commands (all free)
 
 ```bash
-npx delimit-cli lint api/openapi.yaml           # Check for breaking changes
+npx delimit-cli setup                            # Install into all AI assistants
+npx delimit-cli setup --dry-run                  # Preview changes first
+npx delimit-cli lint api/openapi.yaml            # Check for breaking changes
 npx delimit-cli diff old.yaml new.yaml           # Compare two specs
 npx delimit-cli explain old.yaml new.yaml        # Generate migration guide
 npx delimit-cli init --preset strict             # Initialize policies
 npx delimit-cli doctor                           # Check setup health
+npx delimit-cli uninstall --dry-run              # Preview removal
 ```
 
 ### What the MCP toolkit adds
 
-When installed into your AI coding assistant, Delimit provides:
+When installed into your AI coding assistant, Delimit provides tools across two tiers:
+
+#### Free (no account needed)
 
 - **API governance** -- lint, diff, policy enforcement, semver classification
-- **Test verification** -- confirms tests actually ran, measures coverage
-- **Security audit** -- scans dependencies, detects secrets and anti-patterns
-- **Persistent ledger** -- tracks tasks across sessions, auto-creates items from governance
-- **Multi-model consensus** -- Grok, Gemini, and Codex debate until they agree
+- **Persistent ledger** -- track tasks across sessions, shared between all AI assistants
 - **Zero-spec extraction** -- generate OpenAPI specs from FastAPI, Express, or NestJS source
+- **Project scan** -- auto-detect specs, frameworks, security issues, and tests
+- **Quickstart** -- guided first-run that proves value in 60 seconds
+
+#### Pro
+
+- **Multi-model deliberation** -- Grok, Gemini, and Codex debate until they agree
+- **Security audit** -- dependency scanning, secret detection, SAST analysis
+- **Test verification** -- confirms tests ran, measures coverage, generates new tests
+- **Memory & vault** -- persistent context and encrypted secrets across sessions
+- **Evidence collection** -- governance audit trail for compliance
+- **Deploy pipeline** -- governed build, publish, and rollback
+- **OS layer** -- agent identity, execution plans, approval gates
 
 ---
 
@@ -149,7 +163,7 @@ rules:
 - [delimit.ai](https://delimit.ai) -- homepage
 - [Docs](https://delimit.ai/docs) -- full documentation
 - [GitHub Action](https://github.com/marketplace/actions/delimit-api-governance) -- Marketplace listing
-- [Quickstart](https://github.com/delimit-ai/delimit-quickstart) -- try it in 2 minutes
+- [Quickstart](https://github.com/delimit-ai/delimit-mcp-server) -- try it in 2 minutes
 - [npm](https://www.npmjs.com/package/delimit-cli) -- CLI package
 - [Pricing](https://delimit.ai/pricing) -- free tier + Pro
 

package/adapters/codex-security.js

@@ -0,0 +1,64 @@
+#!/usr/bin/env node
+/**
+ * Delimit Security Skill for Codex CLI
+ *
+ * Validates that Codex-generated code doesn't introduce security anti-patterns.
+ * Runs as a security validation skill.
+ */
+
+const fs = require('fs');
+const path = require('path');
+
+const SECURITY_PATTERNS = [
+    { pattern: /eval\s*\(/g, severity: 'high', message: 'eval() usage detected — potential code injection' },
+    { pattern: /exec\s*\(/g, severity: 'medium', message: 'exec() usage — verify input sanitization' },
+    { pattern: /shell\s*=\s*True/g, severity: 'high', message: 'subprocess with shell=True — command injection risk' },
+    { pattern: /dangerouslySetInnerHTML/g, severity: 'medium', message: 'dangerouslySetInnerHTML — XSS risk' },
+    { pattern: /password\s*=\s*["'][^"']+["']/gi, severity: 'high', message: 'Hardcoded password detected' },
+    { pattern: /api[_-]?key\s*=\s*["'][A-Za-z0-9]{10,}["']/gi, severity: 'high', message: 'Hardcoded API key detected' },
+];
+
+function checkSecurity(context) {
+    const code = context.code || context.content || '';
+    if (!code) return { status: 'clean', findings: [] };
+
+    const findings = [];
+    for (const { pattern, severity, message } of SECURITY_PATTERNS) {
+        const matches = code.match(pattern);
+        if (matches) {
+            findings.push({ severity, message, count: matches.length });
+        }
+    }
+
+    // Audit
+    try {
+        const auditDir = path.join(process.env.HOME || '', '.delimit', 'audit');
+        fs.mkdirSync(auditDir, { recursive: true });
+        const record = {
+            timestamp: new Date().toISOString(),
+            source: 'codex-security',
+            findings_count: findings.length,
+            high_count: findings.filter(f => f.severity === 'high').length,
+        };
+        const auditFile = path.join(auditDir, `${new Date().toISOString().split('T')[0]}.jsonl`);
+        fs.appendFileSync(auditFile, JSON.stringify(record) + '\n');
+    } catch {}
+
+    const hasHigh = findings.some(f => f.severity === 'high');
+    return {
+        status: hasHigh ? 'flagged' : findings.length > 0 ? 'warnings' : 'clean',
+        findings,
+    };
+}
+
+const context = process.argv[2] ? JSON.parse(process.argv[2]) : {};
+const result = checkSecurity(context);
+
+if (result.status === 'flagged') {
+    for (const f of result.findings) {
+        console.error(`[Delimit Security] ${f.severity.toUpperCase()}: ${f.message}`);
+    }
+    process.exit(1);
+}
+
+process.exit(0);

package/adapters/codex-skill.js

@@ -0,0 +1,78 @@
+#!/usr/bin/env node
+/**
+ * Delimit Governance Skill for Codex CLI
+ *
+ * Runs as a validation skill triggered on pre-code-generation and pre-suggestion.
+ * Checks governance state and policy compliance before Codex executes actions.
+ */
+
+const fs = require('fs');
+const path = require('path');
+
+const DELIMIT_HOME = path.join(process.env.HOME || '', '.delimit');
+const MODE_FILE = path.join(DELIMIT_HOME, 'enforcement_mode');
+
+function getMode() {
+    try {
+        return fs.readFileSync(MODE_FILE, 'utf-8').trim();
+    } catch {
+        return 'guarded'; // Default
+    }
+}
+
+function checkGovernance(context) {
+    const mode = getMode();
+    const warnings = [];
+
+    // Check if governance is initialized
+    const policiesFile = path.join(process.cwd(), '.delimit', 'policies.yml');
+    if (!fs.existsSync(policiesFile)) {
+        warnings.push('No .delimit/policies.yml — run: delimit init');
+    }
+
+    // Check for sensitive file access
+    const sensitivePatterns = ['.env', 'credentials', '.ssh', 'secrets'];
+    const target = context.target || context.file || '';
+    for (const pattern of sensitivePatterns) {
+        if (target.includes(pattern)) {
+            if (mode === 'enforce') {
+                return { status: 'blocked', reason: `Access to sensitive path: ${target}` };
+            }
+            warnings.push(`Accessing sensitive path: ${target}`);
+        }
+    }
+
+    // Audit log
+    try {
+        const auditDir = path.join(DELIMIT_HOME, 'audit');
+        fs.mkdirSync(auditDir, { recursive: true });
+        const record = {
+            timestamp: new Date().toISOString(),
+            source: 'codex-skill',
+            mode,
+            context: typeof context === 'object' ? JSON.stringify(context).slice(0, 200) : String(context).slice(0, 200),
+            warnings,
+        };
+        const auditFile = path.join(auditDir, `${new Date().toISOString().split('T')[0]}.jsonl`);
+        fs.appendFileSync(auditFile, JSON.stringify(record) + '\n');
+    } catch {}
+
+    return { status: 'allowed', mode, warnings };
+}
+
+// Entry point — read context from stdin or args
+const context = process.argv[2] ? JSON.parse(process.argv[2]) : {};
+const result = checkGovernance(context);
+
+if (result.status === 'blocked') {
+    console.error(`[Delimit] BLOCKED: ${result.reason}`);
+    process.exit(1);
+}
+
+if (result.warnings.length > 0) {
+    for (const w of result.warnings) {
+        console.error(`[Delimit] Warning: ${w}`);
+    }
+}
+
+process.exit(0);

package/adapters/cursor-rules.js

@@ -0,0 +1,97 @@
+#!/usr/bin/env node
+/**
+ * Delimit Governance Rules for Cursor
+ *
+ * Cursor doesn't have a hook system like Claude Code or Codex,
+ * so governance enforcement happens server-side via MCP tool calls.
+ * This adapter manages the .cursorrules and .cursor/rules/ files
+ * that guide Cursor's behavior.
+ */
+
+const fs = require('fs');
+const path = require('path');
+
+const HOME = process.env.HOME || '';
+const CURSOR_DIR = path.join(HOME, '.cursor');
+const CURSOR_RULES_DIR = path.join(CURSOR_DIR, 'rules');
+const CURSORRULES_FILE = path.join(HOME, '.cursorrules');
+
+/**
+ * Install Delimit governance rules into Cursor.
+ * Creates both .cursorrules (legacy) and .cursor/rules/delimit.md (new).
+ */
+function installRules(version) {
+    const rules = getDelimitRules(version);
+
+    // Install to .cursor/rules/delimit.md (new location, Cursor 0.45+)
+    if (fs.existsSync(CURSOR_DIR)) {
+        fs.mkdirSync(CURSOR_RULES_DIR, { recursive: true });
+        const rulesFile = path.join(CURSOR_RULES_DIR, 'delimit.md');
+        fs.writeFileSync(rulesFile, rules);
+    }
+
+    return { installed: true, paths: [CURSORRULES_FILE, path.join(CURSOR_RULES_DIR, 'delimit.md')] };
+}
+
+/**
+ * Remove Delimit rules from Cursor.
+ */
+function uninstallRules() {
+    const removed = [];
+
+    // Remove from .cursor/rules/
+    const rulesFile = path.join(CURSOR_RULES_DIR, 'delimit.md');
+    if (fs.existsSync(rulesFile)) {
+        fs.unlinkSync(rulesFile);
+        removed.push(rulesFile);
+    }
+
+    return { removed };
+}
+
+function getDelimitRules(version) {
+    return `# Delimit Governance (v${version})
+
+## On every session start:
+1. Call \`delimit_ledger_context\` to check for open tasks
+2. Call \`delimit_gov_health\` to check governance status
+
+## After editing code:
+- After editing UI/CSS: call \`delimit_design_validate_responsive\`
+- After editing API specs: call \`delimit_lint\`
+- After editing tests: call \`delimit_test_smoke\`
+
+## Before deploying:
+1. Call \`delimit_security_audit\`
+2. Call \`delimit_test_smoke\`
+3. Call \`delimit_deploy_plan\`
+
+## Before committing:
+- Call \`delimit_repo_diagnose\` to check for common issues
+
+## Governance enforcement:
+- All tool calls route through governance automatically (server-side)
+- Critical actions are blocked until approved
+- High-risk actions require approval in enforce mode
+- Check mode: advisory (warn only), guarded (block critical), enforce (block critical + high-risk)
+
+## Links
+- Docs: https://delimit.ai/docs
+- GitHub: https://github.com/delimit-ai/delimit-mcp-server
+`;
+}
+
+module.exports = { installRules, uninstallRules, getDelimitRules };
+
+// CLI entry point
+if (require.main === module) {
+    const action = process.argv[2] || 'install';
+    const version = process.argv[3] || '3.11.9';
+    if (action === 'install') {
+        const result = installRules(version);
+        console.log(`Installed Delimit rules to Cursor: ${result.paths.join(', ')}`);
+    } else if (action === 'uninstall') {
+        const result = uninstallRules();
+        console.log(`Removed: ${result.removed.join(', ') || 'nothing to remove'}`);
+    }
+}

package/bin/delimit-cli.js

@@ -443,77 +443,181 @@ program
 // Uninstall command
 program
     .command('uninstall')
-    .description('Remove Delimit governance')
+    .description('Remove Delimit governance from all AI assistants')
+    .option('--dry-run', 'Preview what would be removed without making changes')
+    .action(async (options) => {
+        const dryRun = options.dryRun;
+        const HOME = process.env.HOME;
+        const backupDir = path.join(HOME, '.delimit', 'backups', `uninstall-${Date.now()}`);
+        const changes = [];
 
-    .action(async () => {
-        const { confirm } = await inquirer.prompt([{
-            type: 'confirm',
-            name: 'confirm',
-            message: 'This will remove all Delimit governance. Continue?',
-            default: false
-        }]);
-        
-        if (!confirm) return;
-        
-        // Remove Git hooks
+        if (dryRun) {
+            console.log(chalk.yellow.bold('\nDRY RUN — No changes will be made\n'));
+        }
+
+        // Collect all changes first
+        // 1. Git hooks
         try {
-            execSync('git config --global --unset core.hooksPath');
-            console.log(chalk.green('✓ Removed Git hooks'));
+            const hooksPath = execSync('git config --global --get core.hooksPath 2>/dev/null', { encoding: 'utf8' }).trim();
+            if (hooksPath && hooksPath.includes('delimit')) {
+                changes.push({ target: 'Git global hooks', action: 'unset core.hooksPath', current: hooksPath });
+            }
         } catch (e) {}
-        
-        // Remove from PATH
+
+        // 2. Shell profiles
         const profiles = ['.bashrc', '.zshrc', '.profile'];
         profiles.forEach(profile => {
-            const profilePath = path.join(process.env.HOME, profile);
+            const profilePath = path.join(HOME, profile);
             if (fs.existsSync(profilePath)) {
-                let content = fs.readFileSync(profilePath, 'utf8');
-                content = content.replace(/# Delimit Governance Layer[\s\S]*?fi\n/g, '');
-                fs.writeFileSync(profilePath, content);
+                const content = fs.readFileSync(profilePath, 'utf8');
+                if (content.includes('# Delimit Governance Layer')) {
+                    changes.push({ target: `~/${profile}`, action: 'Remove Delimit PATH block' });
+                }
             }
         });
-        console.log(chalk.green('✓ Removed PATH modifications'));
 
-        // Remove MCP config from Claude Code
-        const mcpPath = path.join(process.env.HOME, '.mcp.json');
+        // 3. Claude Code MCP
+        const mcpPath = path.join(HOME, '.mcp.json');
         if (fs.existsSync(mcpPath)) {
             try {
                 const mcp = JSON.parse(fs.readFileSync(mcpPath, 'utf8'));
                 if (mcp.mcpServers && mcp.mcpServers.delimit) {
-                    delete mcp.mcpServers.delimit;
-                    fs.writeFileSync(mcpPath, JSON.stringify(mcp, null, 2));
-                    console.log(chalk.green('✓ Removed from Claude Code MCP config'));
+                    changes.push({ target: '~/.mcp.json', action: 'Remove delimit MCP entry' });
                 }
             } catch (e) {}
         }
 
-        // Remove from Codex config
-        const codexConfig = path.join(process.env.HOME, '.codex', 'config.json');
+        // 4. Codex config
+        const codexConfig = path.join(HOME, '.codex', 'config.json');
+        const codexToml = path.join(HOME, '.codex', 'config.toml');
         if (fs.existsSync(codexConfig)) {
             try {
                 const cfg = JSON.parse(fs.readFileSync(codexConfig, 'utf8'));
                 if (cfg.mcpServers && cfg.mcpServers.delimit) {
-                    delete cfg.mcpServers.delimit;
-                    fs.writeFileSync(codexConfig, JSON.stringify(cfg, null, 2));
-                    console.log(chalk.green('✓ Removed from Codex MCP config'));
+                    changes.push({ target: '~/.codex/config.json', action: 'Remove delimit MCP entry' });
+                }
+            } catch (e) {}
+        }
+        if (fs.existsSync(codexToml)) {
+            try {
+                const toml = fs.readFileSync(codexToml, 'utf8');
+                if (toml.includes('[mcp_servers.delimit]')) {
+                    changes.push({ target: '~/.codex/config.toml', action: 'Remove [mcp_servers.delimit] block' });
                 }
             } catch (e) {}
         }
 
-        // Remove from Gemini CLI config
-        const geminiConfig = path.join(process.env.HOME, '.gemini', 'settings.json');
+        // 5. Cursor config
+        const cursorConfig = path.join(HOME, '.cursor', 'mcp.json');
+        if (fs.existsSync(cursorConfig)) {
+            try {
+                const cfg = JSON.parse(fs.readFileSync(cursorConfig, 'utf8'));
+                if (cfg.mcpServers && cfg.mcpServers.delimit) {
+                    changes.push({ target: '~/.cursor/mcp.json', action: 'Remove delimit MCP entry' });
+                }
+            } catch (e) {}
+        }
+
+        // 6. Gemini CLI config
+        const geminiConfig = path.join(HOME, '.gemini', 'settings.json');
         if (fs.existsSync(geminiConfig)) {
             try {
                 const cfg = JSON.parse(fs.readFileSync(geminiConfig, 'utf8'));
                 if (cfg.mcpServers && cfg.mcpServers.delimit) {
+                    changes.push({ target: '~/.gemini/settings.json', action: 'Remove delimit MCP entry' });
+                }
+            } catch (e) {}
+        }
+
+        // 7. Shims
+        const shimsDir = path.join(HOME, '.delimit', 'shims');
+        if (fs.existsSync(shimsDir)) {
+            changes.push({ target: '~/.delimit/shims/', action: 'Remove CLI shims directory' });
+        }
+
+        if (changes.length === 0) {
+            console.log(chalk.green('\nNo Delimit integrations found. Nothing to remove.\n'));
+            return;
+        }
+
+        // Show what will be changed
+        console.log(chalk.bold('\nThe following changes will be made:\n'));
+        changes.forEach((c, i) => {
+            console.log(`  ${i + 1}. ${chalk.cyan(c.target)} — ${c.action}`);
+        });
+        console.log('');
+
+        if (dryRun) {
+            console.log(chalk.yellow('Run without --dry-run to apply these changes.\n'));
+            return;
+        }
+
+        const { confirm } = await inquirer.prompt([{
+            type: 'confirm',
+            name: 'confirm',
+            message: `Apply ${changes.length} changes? Backups will be saved to ~/.delimit/backups/`,
+            default: false
+        }]);
+
+        if (!confirm) return;
+
+        // Create backup directory
+        fs.mkdirSync(backupDir, { recursive: true });
+
+        // Execute changes with backups
+        // Git hooks
+        try {
+            execSync('git config --global --unset core.hooksPath 2>/dev/null');
+            console.log(chalk.green('✓ Removed Git hooks'));
+        } catch (e) {}
+
+        // Shell profiles
+        profiles.forEach(profile => {
+            const profilePath = path.join(HOME, profile);
+            if (fs.existsSync(profilePath)) {
+                let content = fs.readFileSync(profilePath, 'utf8');
+                if (content.includes('# Delimit Governance Layer')) {
+                    fs.copyFileSync(profilePath, path.join(backupDir, profile));
+                    content = content.replace(/# Delimit Governance Layer[\s\S]*?fi\n/g, '');
+                    fs.writeFileSync(profilePath, content);
+                }
+            }
+        });
+        console.log(chalk.green('✓ Removed PATH modifications'));
+
+        // Helper to remove delimit from JSON config
+        function removeFromJsonConfig(configPath, label) {
+            if (!fs.existsSync(configPath)) return;
+            try {
+                const cfg = JSON.parse(fs.readFileSync(configPath, 'utf8'));
+                if (cfg.mcpServers && cfg.mcpServers.delimit) {
+                    fs.copyFileSync(configPath, path.join(backupDir, path.basename(configPath) + '.' + label));
                     delete cfg.mcpServers.delimit;
-                    fs.writeFileSync(geminiConfig, JSON.stringify(cfg, null, 2));
-                    console.log(chalk.green('✓ Removed from Gemini CLI MCP config'));
+                    fs.writeFileSync(configPath, JSON.stringify(cfg, null, 2));
+                    console.log(chalk.green(`✓ Removed from ${label}`));
+                }
+            } catch (e) {}
+        }
+
+        removeFromJsonConfig(mcpPath, 'claude-code');
+        removeFromJsonConfig(codexConfig, 'codex');
+        removeFromJsonConfig(cursorConfig, 'cursor');
+        removeFromJsonConfig(geminiConfig, 'gemini');
+
+        // Handle Codex TOML config
+        if (fs.existsSync(codexToml)) {
+            try {
+                let toml = fs.readFileSync(codexToml, 'utf8');
+                if (toml.includes('[mcp_servers.delimit]')) {
+                    fs.copyFileSync(codexToml, path.join(backupDir, 'config.toml.codex'));
+                    toml = toml.replace(/\n\[mcp_servers\.delimit\][\s\S]*?(?=\n\[|$)/, '');
+                    fs.writeFileSync(codexToml, toml);
+                    console.log(chalk.green('✓ Removed from Codex TOML config'));
                 }
             } catch (e) {}
         }
 
         // Remove shims
-        const shimsDir = path.join(process.env.HOME, '.delimit', 'shims');
         if (fs.existsSync(shimsDir)) {
             try {
                 fs.rmSync(shimsDir, { recursive: true });
@@ -522,6 +626,7 @@ program
         }
 
         console.log(chalk.green('\n  Delimit has been completely removed.'));
+        console.log(chalk.gray(`  Backups saved to: ${backupDir}`));
         console.log(chalk.gray('  Your data in ~/.delimit/ has been preserved.'));
         console.log(chalk.gray('  Delete it manually if you want: rm -rf ~/.delimit\n'));
     });
@@ -1239,8 +1344,54 @@ program
 // Setup command — install MCP governance tools into Claude Code
 program
     .command('setup')
-    .description('Install Delimit MCP governance tools into Claude Code')
-    .action(() => {
+    .description('Install Delimit MCP governance tools into all AI assistants')
+    .option('--dry-run', 'Preview config changes without writing anything')
+    .action((options) => {
+        if (options.dryRun) {
+            const os = require('os');
+            const HOME = os.homedir();
+            console.log(chalk.yellow.bold('\nDRY RUN — Previewing setup changes\n'));
+
+            const configs = [
+                { name: 'Claude Code', path: path.join(HOME, '.mcp.json'), key: 'mcpServers.delimit' },
+                { name: 'Codex', path: path.join(HOME, '.codex', 'config.toml'), key: '[mcp_servers.delimit]' },
+                { name: 'Cursor', path: path.join(HOME, '.cursor', 'mcp.json'), key: 'mcpServers.delimit' },
+                { name: 'Gemini CLI', path: path.join(HOME, '.gemini', 'settings.json'), key: 'mcpServers.delimit' },
+            ];
+
+            console.log(chalk.bold('Files that will be created or modified:\n'));
+            console.log(`  ${chalk.cyan('~/.delimit/')} — Delimit home directory (server, ledger, config)`);
+
+            configs.forEach(cfg => {
+                const exists = fs.existsSync(cfg.path);
+                let hasDelimit = false;
+                if (exists) {
+                    try {
+                        const content = fs.readFileSync(cfg.path, 'utf8');
+                        hasDelimit = content.includes('delimit');
+                    } catch {}
+                }
+                const relPath = cfg.path.replace(HOME, '~');
+                if (hasDelimit) {
+                    console.log(`  ${chalk.green('✓')} ${relPath} — ${cfg.name} already configured`);
+                } else if (exists) {
+                    console.log(`  ${chalk.yellow('+')} ${relPath} — Will add delimit entry to ${cfg.name}`);
+                } else {
+                    const dirExists = fs.existsSync(path.dirname(cfg.path));
+                    if (dirExists || cfg.name === 'Claude Code') {
+                        console.log(`  ${chalk.yellow('+')} ${relPath} — Will create for ${cfg.name}`);
+                    } else {
+                        console.log(`  ${chalk.dim('—')} ${relPath} — ${cfg.name} not installed, skipping`);
+                    }
+                }
+            });
+
+            console.log(`\n  ${chalk.cyan('~/.delimit/venv/')} — Isolated Python virtual environment`);
+            console.log(`  ${chalk.cyan('~/.delimit/ledger/')} — Persistent task ledger`);
+
+            console.log(chalk.yellow('\nRun without --dry-run to apply these changes.\n'));
+            return;
+        }
         require('./delimit-setup.js');
     });
 

package/bin/delimit-setup.js

@@ -415,13 +415,23 @@ Run full governance compliance checks. Verify security, policy compliance, evide
         }
     }
 
-    // Cursor rules
+    // Cursor rules (legacy .cursorrules + new .cursor/rules/ directory)
     const cursorRules = path.join(os.homedir(), '.cursorrules');
     if (fs.existsSync(path.join(os.homedir(), '.cursor'))) {
         const cursorResult = upsertDelimitSection(cursorRules);
         if (cursorResult.action !== 'unchanged') {
             log(`  ${green('✓')} ${cursorResult.action === 'created' ? 'Created' : 'Updated'} ${cursorRules}`);
         }
+        // Also install to .cursor/rules/delimit.md (Cursor 0.45+)
+        try {
+            const cursorRulesDir = path.join(os.homedir(), '.cursor', 'rules');
+            fs.mkdirSync(cursorRulesDir, { recursive: true });
+            const cursorAdapter = require('../adapters/cursor-rules');
+            cursorAdapter.installRules(pkg.version);
+            log(`  ${green('✓')} Installed governance rules to .cursor/rules/delimit.md`);
+        } catch (e) {
+            log(`  ${dim('  Could not install .cursor/rules: ' + e.message)}`);
+        }
     }
 
     // Silent: auto-detect API keys and configure models.json (no output)
@@ -570,8 +580,97 @@ echo "[Delimit] ${toolName} not found" >&2; exit 127
     }
     log('');
 
-    // Step 8: Done
-    step(8, 'Done!');
+    // Step 8: Post-install config validation (LED-098)
+    step(8, 'Validating config integrity...');
+
+    let validationIssues = 0;
+    const configFiles = [
+        { path: MCP_CONFIG, name: 'Claude Code', format: 'json' },
+        { path: CODEX_CONFIG, name: 'Codex', format: 'toml' },
+        { path: CURSOR_CONFIG, name: 'Cursor', format: 'json' },
+        { path: GEMINI_CONFIG, name: 'Gemini CLI', format: 'json' },
+    ];
+
+    for (const cfg of configFiles) {
+        if (!fs.existsSync(cfg.path)) continue;
+        try {
+            const content = fs.readFileSync(cfg.path, 'utf-8');
+            if (cfg.format === 'json') {
+                const parsed = JSON.parse(content);
+                const servers = parsed.mcpServers || {};
+                const delimitEntry = servers.delimit;
+                if (delimitEntry) {
+                    // Validate the delimit entry points to our server
+                    const cmd = delimitEntry.command || '';
+                    const args = delimitEntry.args || [];
+                    const serverArg = args[0] || '';
+
+                    // Check command is python (not arbitrary binary)
+                    if (!cmd.includes('python') && !cmd.includes('venv')) {
+                        log(`  ${yellow('⚠')} ${cfg.name}: delimit command is not python: ${cmd}`);
+                        validationIssues++;
+                    }
+                    // Check server arg points to our server file
+                    if (serverArg && !serverArg.includes('delimit') && !serverArg.includes('server.py')) {
+                        log(`  ${yellow('⚠')} ${cfg.name}: server path looks unexpected: ${serverArg}`);
+                        validationIssues++;
+                    }
+                    // Check no unexpected MCP servers were added
+                    const knownServers = new Set(['delimit', 'codex', 'gemini', 'gemini-vertexai', 'filesystem', 'brave-search', 'fetch', 'memory', 'puppeteer', 'github', 'slack', 'datadog']);
+                    for (const serverName of Object.keys(servers)) {
+                        if (!knownServers.has(serverName) && !serverName.includes('delimit')) {
+                            // Not necessarily bad, just note it
+                        }
+                    }
+                }
+            } else if (cfg.format === 'toml') {
+                // Basic TOML check — ensure delimit entry has correct structure
+                if (content.includes('[mcp_servers.delimit]')) {
+                    if (!content.match(/command\s*=\s*"[^"]*python[^"]*"/)) {
+                        log(`  ${yellow('⚠')} ${cfg.name}: delimit command may not be python`);
+                        validationIssues++;
+                    }
+                }
+            }
+            log(`  ${green('✓')} ${cfg.name} config valid`);
+        } catch (e) {
+            log(`  ${yellow('⚠')} ${cfg.name}: could not validate — ${e.message}`);
+            validationIssues++;
+        }
+    }
+
+    // Verify server file exists and is our code
+    if (fs.existsSync(actualServer)) {
+        const serverContent = fs.readFileSync(actualServer, 'utf-8').substring(0, 500);
+        if (serverContent.includes('delimit') || serverContent.includes('Delimit')) {
+            log(`  ${green('✓')} Server file verified`);
+        } else {
+            log(`  ${yellow('⚠')} Server file at ${actualServer} does not appear to be Delimit`);
+            validationIssues++;
+        }
+    }
+
+    // Check directory permissions
+    try {
+        const stat = fs.statSync(DELIMIT_HOME);
+        const mode = (stat.mode & 0o777).toString(8);
+        if (mode.endsWith('7') || mode.endsWith('6')) {
+            log(`  ${yellow('⚠')} ~/.delimit/ is world-readable/writable (${mode}) — consider: chmod 700 ~/.delimit`);
+            validationIssues++;
+        } else {
+            log(`  ${green('✓')} Directory permissions OK`);
+        }
+    } catch {}
+
+    if (validationIssues === 0) {
+        log(`  ${green('✓')} All config validations passed`);
+    } else {
+        log(`  ${yellow(`⚠ ${validationIssues} issue(s) found — review above`)}`);
+    }
+    log('');
+
+    // Step 9: Done
+    step(9, 'Done!');
     log('');
     log(`  ${green('Delimit is installed.')} Your AI now has persistent memory and governance.`);
     log('');
@@ -598,7 +697,7 @@ echo "[Delimit] ${toolName} not found" >&2; exit 127
     log(`  ${dim('Agents:')} ${AGENTS_DIR}`);
     log('');
     log(`  ${dim('Docs:')} https://delimit.ai/docs`);
-    log(`  ${dim('GitHub:')} https://github.com/delimit-ai/delimit`);
+    log(`  ${dim('GitHub:')} https://github.com/delimit-ai/delimit-mcp-server`);
     log('');
 }
 

package/package.json

@@ -1,12 +1,13 @@
 {
   "name": "delimit-cli",
-  "mcpName": "io.github.delimit-ai/delimit",
-  "version": "3.11.8",
-  "description": "One workspace for every AI coding assistant. Tasks, memory, and governance carry between Claude Code, Codex, and Gemini CLI.",
+  "mcpName": "io.github.delimit-ai/delimit-mcp-server",
+  "version": "3.11.10",
+  "description": "Unify Claude Code, Codex, Cursor, and Gemini CLI with persistent context, governance, and multi-model debate.",
   "main": "index.js",
   "files": [
     "bin/",
     "lib/",
+    "adapters/",
     "gateway/",
     "server.json",
     "README.md",
@@ -19,7 +20,7 @@
   },
   "scripts": {
     "postinstall": "echo '\\nRun: npx delimit-cli setup\\n'",
-    "test": "node --test tests/setup-onboarding.test.js"
+    "test": "node --test tests/setup-onboarding.test.js tests/setup-matrix.test.js"
   },
   "keywords": [
     "openapi",
@@ -57,7 +58,7 @@
   "homepage": "https://delimit.ai",
   "repository": {
     "type": "git",
-    "url": "https://github.com/delimit-ai/delimit.git"
+    "url": "https://github.com/delimit-ai/delimit-mcp-server.git"
   },
   "dependencies": {
     "axios": "^1.0.0",

package/server.json

@@ -1,10 +1,10 @@
 {
   "$schema": "https://static.modelcontextprotocol.io/schemas/2025-12-11/server.schema.json",
-  "name": "io.github.delimit-ai/delimit",
-  "title": "Delimit",
-  "description": "One workspace for every AI coding assistant. Shared tasks, memory, and governance.",
+  "name": "io.github.delimit-ai/delimit-mcp-server",
+  "title": "Delimit MCP Server",
+  "description": "Unify Claude Code, Codex, Cursor, and Gemini CLI with persistent context, governance, and multi-model debate.",
   "repository": {
-    "url": "https://github.com/delimit-ai/delimit",
+    "url": "https://github.com/delimit-ai/delimit-mcp-server",
     "source": "github"
   },
   "version": "3.11.8",