delimit-cli 3.11.9 → 3.11.10

package/adapters/codex-security.js

@@ -0,0 +1,64 @@
+#!/usr/bin/env node
+/**
+ * Delimit Security Skill for Codex CLI
+ *
+ * Validates that Codex-generated code doesn't introduce security anti-patterns.
+ * Runs as a security validation skill.
+ */
+
+const fs = require('fs');
+const path = require('path');
+
+const SECURITY_PATTERNS = [
+    { pattern: /eval\s*\(/g, severity: 'high', message: 'eval() usage detected — potential code injection' },
+    { pattern: /exec\s*\(/g, severity: 'medium', message: 'exec() usage — verify input sanitization' },
+    { pattern: /shell\s*=\s*True/g, severity: 'high', message: 'subprocess with shell=True — command injection risk' },
+    { pattern: /dangerouslySetInnerHTML/g, severity: 'medium', message: 'dangerouslySetInnerHTML — XSS risk' },
+    { pattern: /password\s*=\s*["'][^"']+["']/gi, severity: 'high', message: 'Hardcoded password detected' },
+    { pattern: /api[_-]?key\s*=\s*["'][A-Za-z0-9]{10,}["']/gi, severity: 'high', message: 'Hardcoded API key detected' },
+];
+
+function checkSecurity(context) {
+    const code = context.code || context.content || '';
+    if (!code) return { status: 'clean', findings: [] };
+
+    const findings = [];
+    for (const { pattern, severity, message } of SECURITY_PATTERNS) {
+        const matches = code.match(pattern);
+        if (matches) {
+            findings.push({ severity, message, count: matches.length });
+        }
+    }
+
+    // Audit
+    try {
+        const auditDir = path.join(process.env.HOME || '', '.delimit', 'audit');
+        fs.mkdirSync(auditDir, { recursive: true });
+        const record = {
+            timestamp: new Date().toISOString(),
+            source: 'codex-security',
+            findings_count: findings.length,
+            high_count: findings.filter(f => f.severity === 'high').length,
+        };
+        const auditFile = path.join(auditDir, `${new Date().toISOString().split('T')[0]}.jsonl`);
+        fs.appendFileSync(auditFile, JSON.stringify(record) + '\n');
+    } catch {}
+
+    const hasHigh = findings.some(f => f.severity === 'high');
+    return {
+        status: hasHigh ? 'flagged' : findings.length > 0 ? 'warnings' : 'clean',
+        findings,
+    };
+}
+
+const context = process.argv[2] ? JSON.parse(process.argv[2]) : {};
+const result = checkSecurity(context);
+
+if (result.status === 'flagged') {
+    for (const f of result.findings) {
+        console.error(`[Delimit Security] ${f.severity.toUpperCase()}: ${f.message}`);
+    }
+    process.exit(1);
+}
+
+process.exit(0);

package/adapters/codex-skill.js

@@ -0,0 +1,78 @@
+#!/usr/bin/env node
+/**
+ * Delimit Governance Skill for Codex CLI
+ *
+ * Runs as a validation skill triggered on pre-code-generation and pre-suggestion.
+ * Checks governance state and policy compliance before Codex executes actions.
+ */
+
+const fs = require('fs');
+const path = require('path');
+
+const DELIMIT_HOME = path.join(process.env.HOME || '', '.delimit');
+const MODE_FILE = path.join(DELIMIT_HOME, 'enforcement_mode');
+
+function getMode() {
+    try {
+        return fs.readFileSync(MODE_FILE, 'utf-8').trim();
+    } catch {
+        return 'guarded'; // Default
+    }
+}
+
+function checkGovernance(context) {
+    const mode = getMode();
+    const warnings = [];
+
+    // Check if governance is initialized
+    const policiesFile = path.join(process.cwd(), '.delimit', 'policies.yml');
+    if (!fs.existsSync(policiesFile)) {
+        warnings.push('No .delimit/policies.yml — run: delimit init');
+    }
+
+    // Check for sensitive file access
+    const sensitivePatterns = ['.env', 'credentials', '.ssh', 'secrets'];
+    const target = context.target || context.file || '';
+    for (const pattern of sensitivePatterns) {
+        if (target.includes(pattern)) {
+            if (mode === 'enforce') {
+                return { status: 'blocked', reason: `Access to sensitive path: ${target}` };
+            }
+            warnings.push(`Accessing sensitive path: ${target}`);
+        }
+    }
+
+    // Audit log
+    try {
+        const auditDir = path.join(DELIMIT_HOME, 'audit');
+        fs.mkdirSync(auditDir, { recursive: true });
+        const record = {
+            timestamp: new Date().toISOString(),
+            source: 'codex-skill',
+            mode,
+            context: typeof context === 'object' ? JSON.stringify(context).slice(0, 200) : String(context).slice(0, 200),
+            warnings,
+        };
+        const auditFile = path.join(auditDir, `${new Date().toISOString().split('T')[0]}.jsonl`);
+        fs.appendFileSync(auditFile, JSON.stringify(record) + '\n');
+    } catch {}
+
+    return { status: 'allowed', mode, warnings };
+}
+
+// Entry point — read context from stdin or args
+const context = process.argv[2] ? JSON.parse(process.argv[2]) : {};
+const result = checkGovernance(context);
+
+if (result.status === 'blocked') {
+    console.error(`[Delimit] BLOCKED: ${result.reason}`);
+    process.exit(1);
+}
+
+if (result.warnings.length > 0) {
+    for (const w of result.warnings) {
+        console.error(`[Delimit] Warning: ${w}`);
+    }
+}
+
+process.exit(0);

package/adapters/cursor-rules.js

@@ -0,0 +1,97 @@
+#!/usr/bin/env node
+/**
+ * Delimit Governance Rules for Cursor
+ *
+ * Cursor doesn't have a hook system like Claude Code or Codex,
+ * so governance enforcement happens server-side via MCP tool calls.
+ * This adapter manages the .cursorrules and .cursor/rules/ files
+ * that guide Cursor's behavior.
+ */
+
+const fs = require('fs');
+const path = require('path');
+
+const HOME = process.env.HOME || '';
+const CURSOR_DIR = path.join(HOME, '.cursor');
+const CURSOR_RULES_DIR = path.join(CURSOR_DIR, 'rules');
+const CURSORRULES_FILE = path.join(HOME, '.cursorrules');
+
+/**
+ * Install Delimit governance rules into Cursor.
+ * Creates both .cursorrules (legacy) and .cursor/rules/delimit.md (new).
+ */
+function installRules(version) {
+    const rules = getDelimitRules(version);
+
+    // Install to .cursor/rules/delimit.md (new location, Cursor 0.45+)
+    if (fs.existsSync(CURSOR_DIR)) {
+        fs.mkdirSync(CURSOR_RULES_DIR, { recursive: true });
+        const rulesFile = path.join(CURSOR_RULES_DIR, 'delimit.md');
+        fs.writeFileSync(rulesFile, rules);
+    }
+
+    return { installed: true, paths: [CURSORRULES_FILE, path.join(CURSOR_RULES_DIR, 'delimit.md')] };
+}
+
+/**
+ * Remove Delimit rules from Cursor.
+ */
+function uninstallRules() {
+    const removed = [];
+
+    // Remove from .cursor/rules/
+    const rulesFile = path.join(CURSOR_RULES_DIR, 'delimit.md');
+    if (fs.existsSync(rulesFile)) {
+        fs.unlinkSync(rulesFile);
+        removed.push(rulesFile);
+    }
+
+    return { removed };
+}
+
+function getDelimitRules(version) {
+    return `# Delimit Governance (v${version})
+
+## On every session start:
+1. Call \`delimit_ledger_context\` to check for open tasks
+2. Call \`delimit_gov_health\` to check governance status
+
+## After editing code:
+- After editing UI/CSS: call \`delimit_design_validate_responsive\`
+- After editing API specs: call \`delimit_lint\`
+- After editing tests: call \`delimit_test_smoke\`
+
+## Before deploying:
+1. Call \`delimit_security_audit\`
+2. Call \`delimit_test_smoke\`
+3. Call \`delimit_deploy_plan\`
+
+## Before committing:
+- Call \`delimit_repo_diagnose\` to check for common issues
+
+## Governance enforcement:
+- All tool calls route through governance automatically (server-side)
+- Critical actions are blocked until approved
+- High-risk actions require approval in enforce mode
+- Check mode: advisory (warn only), guarded (block critical), enforce (block critical + high-risk)
+
+## Links
+- Docs: https://delimit.ai/docs
+- GitHub: https://github.com/delimit-ai/delimit-mcp-server
+`;
+}
+
+module.exports = { installRules, uninstallRules, getDelimitRules };
+
+// CLI entry point
+if (require.main === module) {
+    const action = process.argv[2] || 'install';
+    const version = process.argv[3] || '3.11.9';
+    if (action === 'install') {
+        const result = installRules(version);
+        console.log(`Installed Delimit rules to Cursor: ${result.paths.join(', ')}`);
+    } else if (action === 'uninstall') {
+        const result = uninstallRules();
+        console.log(`Removed: ${result.removed.join(', ') || 'nothing to remove'}`);
+    }
+}

package/bin/delimit-setup.js

@@ -415,13 +415,23 @@ Run full governance compliance checks. Verify security, policy compliance, evide
         }
     }
 
-    // Cursor rules
+    // Cursor rules (legacy .cursorrules + new .cursor/rules/ directory)
     const cursorRules = path.join(os.homedir(), '.cursorrules');
     if (fs.existsSync(path.join(os.homedir(), '.cursor'))) {
         const cursorResult = upsertDelimitSection(cursorRules);
         if (cursorResult.action !== 'unchanged') {
             log(`  ${green('✓')} ${cursorResult.action === 'created' ? 'Created' : 'Updated'} ${cursorRules}`);
         }
+        // Also install to .cursor/rules/delimit.md (Cursor 0.45+)
+        try {
+            const cursorRulesDir = path.join(os.homedir(), '.cursor', 'rules');
+            fs.mkdirSync(cursorRulesDir, { recursive: true });
+            const cursorAdapter = require('../adapters/cursor-rules');
+            cursorAdapter.installRules(pkg.version);
+            log(`  ${green('✓')} Installed governance rules to .cursor/rules/delimit.md`);
+        } catch (e) {
+            log(`  ${dim('  Could not install .cursor/rules: ' + e.message)}`);
+        }
     }
 
     // Silent: auto-detect API keys and configure models.json (no output)

package/package.json

@@ -1,12 +1,13 @@
 {
   "name": "delimit-cli",
   "mcpName": "io.github.delimit-ai/delimit-mcp-server",
-  "version": "3.11.9",
+  "version": "3.11.10",
   "description": "Unify Claude Code, Codex, Cursor, and Gemini CLI with persistent context, governance, and multi-model debate.",
   "main": "index.js",
   "files": [
     "bin/",
     "lib/",
+    "adapters/",
     "gateway/",
     "server.json",
     "README.md",