npm - delimit-cli - Versions diffs - 3.14.27 → 3.14.29 - Mend

delimit-cli 3.14.27 → 3.14.29

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (48) hide show

package/bin/delimit-setup.js +19 -2
package/gateway/ai/backends/deploy_bridge.py +56 -2
package/gateway/ai/backends/gateway_core.py +212 -1
package/gateway/ai/backends/generate_bridge.py +84 -13
package/gateway/ai/backends/governance_bridge.py +63 -16
package/gateway/ai/backends/memory_bridge.py +77 -76
package/gateway/ai/backends/ops_bridge.py +76 -6
package/gateway/ai/backends/os_bridge.py +23 -3
package/gateway/ai/backends/repo_bridge.py +156 -17
package/gateway/ai/backends/tools_design.py +116 -9
package/gateway/ai/backends/tools_infra.py +200 -72
package/gateway/ai/backends/tools_real.py +8 -0
package/gateway/ai/backends/ui_bridge.py +115 -5
package/gateway/ai/backends/vault_bridge.py +69 -114
package/gateway/ai/content_engine.py +1276 -0
package/gateway/ai/context_fs.py +193 -0
package/gateway/ai/daemon.py +500 -0
package/gateway/ai/data_plane.py +291 -0
package/gateway/ai/deliberation.py +1033 -6
package/gateway/ai/events.py +39 -0
package/gateway/ai/founding_users.py +162 -0
package/gateway/ai/governance.py +698 -4
package/gateway/ai/inbox_daemon.py +78 -17
package/gateway/ai/integrations/__init__.py +1 -0
package/gateway/ai/integrations/opensage_wrapper.py +288 -0
package/gateway/ai/key_resolver.py +95 -0
package/gateway/ai/ledger_manager.py +289 -1
package/gateway/ai/license.py +62 -4
package/gateway/ai/license_core.py +208 -7
package/gateway/ai/local_server.py +215 -0
package/gateway/ai/loop_engine.py +408 -0
package/gateway/ai/mcp_bridge.py +178 -0
package/gateway/ai/release_sync.py +2 -2
package/gateway/ai/screen_record.py +374 -0
package/gateway/ai/secrets_broker.py +235 -0
package/gateway/ai/social.py +189 -27
package/gateway/ai/social_target.py +1635 -0
package/gateway/ai/supabase_sync.py +190 -0
package/gateway/ai/tracing.py +195 -0
package/gateway/core/contract_ledger.py +1 -1
package/gateway/core/dependency_graph.py +1 -1
package/gateway/core/dependency_manifest.py +1 -1
package/gateway/core/diff_engine_v2.py +272 -78
package/gateway/core/event_backbone.py +2 -2
package/gateway/core/event_schema.py +1 -1
package/gateway/core/impact_analyzer.py +1 -1
package/gateway/core/policy_engine.py +4 -0
package/package.json +1 -1

package/gateway/ai/inbox_daemon.py CHANGED Viewed

@@ -4,7 +4,8 @@ Inbox polling daemon for Delimit's email governance system.
 Polls pro@delimit.ai via IMAP every 5 minutes, auto-classifies emails,
 forwards owner-action items, and handles draft approval via email replies.
-Consensus 116: Standalone daemon, fresh IMAP connections, 10-minute cancel window.
+Consensus 116: Standalone daemon, fresh IMAP connections.
+Auto-posting DISABLED — all approved drafts are emailed for manual posting.
 Can run as:
   - Standalone script: python inbox_daemon.py
@@ -127,6 +128,44 @@ _daemon_state = InboxDaemonState()
 # ── Logging ──────────────────────────────────────────────────────────
+def get_pending_directives() -> List[Dict]:
+    """Get founder directives that haven't been completed yet."""
+    directives = []
+    if not ROUTING_LOG.exists():
+        return directives
+    completed = set()
+    for line in ROUTING_LOG.read_text().splitlines():
+        try:
+            entry = json.loads(line)
+            if entry.get("event") == "founder_directive_completed":
+                completed.add(entry.get("directive_subject", ""))
+            elif entry.get("event") == "founder_directive_received":
+                directives.append(entry)
+        except (json.JSONDecodeError, KeyError):
+            continue
+    return [d for d in directives if d.get("subject", "") not in completed]
+def complete_directive(subject: str, result: str) -> None:
+    """Mark a founder directive as completed and send confirmation email."""
+    _log_routing({
+        "event": "founder_directive_completed",
+        "directive_subject": subject,
+        "result": result,
+    })
+    send_email(
+        to=FORWARD_TO,
+        subject=f"[COMPLETED] {subject}",
+        body=(
+            f"Your directive has been completed.\n\n"
+            f"Subject: {subject}\n"
+            f"Result: {result}\n"
+        ),
+        from_account="pro@delimit.ai",
+        event_type="founder_directive_completed",
+    )
 def _log_routing(entry: Dict[str, Any]) -> None:
     """Append a routing decision to the audit trail."""
     try:
@@ -367,22 +406,18 @@ def poll_once() -> Dict[str, Any]:
             elif draft_id and detect_approval_keywords(body_text):
                 # Both draft match AND approval keyword required (consensus)
-                mark_draft_status(draft_id, "approved-pending")
-                _daemon_state.add_pending_approval(draft_id, {
-                    "approved_at": datetime.now(timezone.utc).isoformat(),
-                    "approved_at_ts": time.time(),
-                })
-                # Send cancel-window notification
+                # Auto-posting is DISABLED — mark approved and confirm via email
+                mark_draft_status(draft_id, "approved")
                 send_email(
                     to=FORWARD_TO,
-                    subject=f"Draft {draft_id} approved - posting in 10 minutes",
+                    subject=f"Draft {draft_id} approved - ready for manual posting",
                     body=(
                         f"Draft {draft_id} has been approved via email reply.\n\n"
-                        f"It will be posted in 10 minutes.\n\n"
-                        f"Reply CANCEL to this email to stop the post."
+                        f"Auto-posting is disabled. Please post manually.\n\n"
+                        f"The draft text was included in the original notification email."
                     ),
                     from_account="pro@delimit.ai",
-                    event_type="draft_approval_window",
+                    event_type="draft_approval_confirmed",
                 )
                 action_taken = "approval_detected"
                 approvals.append(draft_id)
@@ -390,11 +425,37 @@ def poll_once() -> Dict[str, Any]:
                 imap.store(msg_id, "+FLAGS", "\\Seen")
             elif classification == "owner-action":
-                success = _forward_email(msg, smtp_pass)
-                if success:
+                # Emails FROM the founder are decisions/action items — acknowledge and track
+                if sender_addr.lower() == FORWARD_TO.lower():
+                    # Create a ledger item to track the founder's directive
+                    _directive_summary = subject[:80] if subject else body_text[:80]
+                    _log_routing({
+                        "event": "founder_directive_received",
+                        "subject": subject,
+                        "body_preview": body_text[:200],
+                        "timestamp": datetime.now(timezone.utc).isoformat(),
+                    })
+                    # Acknowledge receipt
+                    send_email(
+                        to=FORWARD_TO,
+                        subject=f"[RECEIVED] {subject}",
+                        body=(
+                            f"Your directive has been received and logged.\n\n"
+                            f"Subject: {subject}\n"
+                            f"Status: PENDING — will be processed in the next loop iteration.\n\n"
+                            f"You'll receive a [COMPLETED] email when this is done."
+                        ),
+                        from_account="pro@delimit.ai",
+                        event_type="founder_directive_ack",
+                    )
                     imap.store(msg_id, "+FLAGS", "\\Seen")
-                    forwarded += 1
-                action_taken = "forwarded" if success else "forward_failed"
+                    action_taken = "founder_directive_acked"
+                else:
+                    success = _forward_email(msg, smtp_pass)
+                    if success:
+                        imap.store(msg_id, "+FLAGS", "\\Seen")
+                        forwarded += 1
+                    action_taken = "forwarded" if success else "forward_failed"
             else:
                 # Non-owner, mark as seen
@@ -414,8 +475,8 @@ def poll_once() -> Dict[str, Any]:
         imap.logout()
-        # Process pending approval windows (post drafts past the cancel window)
-        posted_drafts = _process_pending_approvals()
+        # Auto-posting disabled — no cancel window processing
+        posted_drafts = []
         _daemon_state.record_success(processed, forwarded)

package/gateway/ai/integrations/__init__.py ADDED Viewed

	@@ -0,0 +1 @@
1	+ """Delimit integrations with external agent frameworks."""

package/gateway/ai/integrations/opensage_wrapper.py ADDED Viewed

@@ -0,0 +1,288 @@
+"""
+Delimit GovernanceWrapper for OpenSage Agent Framework.
+Middleware that intercepts OpenSage agent tool calls and routes them
+through Delimit's policy kernel for governance enforcement.
+Usage:
+    from delimit.integrations.opensage import GovernanceWrapper
+    # Wrap an OpenSage agent with governance
+    agent = OpenSageAgent(config)
+    governed_agent = GovernanceWrapper(agent)
+    # Or use as a feature plugin
+    agent = OpenSageAgent(config, features=[GovernanceWrapper()])
+Integration points:
+    1. Pre-tool: validate tool call against policy before execution
+    2. Post-tool: audit trail + ledger tracking
+    3. Tool creation: validate agent-created tools before registration
+    4. Session: persistent context across agent runs
+Requires: delimit-mcp >= 3.2.1
+"""
+import json
+import logging
+import time
+from datetime import datetime, timezone
+from pathlib import Path
+from typing import Any, Callable, Dict, List, Optional
+logger = logging.getLogger("delimit.integrations.opensage")
+DELIMIT_HOME = Path.home() / ".delimit"
+AUDIT_DIR = DELIMIT_HOME / "audit"
+POLICY_FILE = DELIMIT_HOME / "enforcement_mode"
+def _get_mode() -> str:
+    """Read current enforcement mode."""
+    try:
+        return POLICY_FILE.read_text().strip()
+    except Exception:
+        return "guarded"
+def _classify_tool_risk(tool_name: str, args: dict) -> str:
+    """Classify risk level of a tool call."""
+    HIGH_RISK_PATTERNS = [
+        "deploy", "publish", "push", "delete", "remove", "drop",
+        "exec", "shell", "run_command", "write_file",
+    ]
+    CRITICAL_PATTERNS = [
+        "rm_rf", "force_push", "drop_table", "revoke",
+    ]
+    name_lower = tool_name.lower()
+    for pattern in CRITICAL_PATTERNS:
+        if pattern in name_lower:
+            return "critical"
+    for pattern in HIGH_RISK_PATTERNS:
+        if pattern in name_lower:
+            return "high"
+    return "low"
+def _check_sensitive_paths(args: dict) -> Optional[str]:
+    """Check if any argument references a sensitive path."""
+    SENSITIVE = ["/etc/", "/.ssh/", "/.aws/", "/credentials/", "/.env"]
+    for key, value in args.items():
+        if isinstance(value, str):
+            for pattern in SENSITIVE:
+                if pattern in value:
+                    return f"Argument '{key}' references sensitive path: {pattern}"
+    return None
+def _audit_log(entry: dict, audit_dir: Optional[Path] = None) -> None:
+    """Append to audit trail."""
+    try:
+        d = audit_dir or AUDIT_DIR
+        d.mkdir(parents=True, exist_ok=True)
+        date = datetime.now(timezone.utc).strftime("%Y-%m-%d")
+        audit_file = d / f"opensage-{date}.jsonl"
+        with open(audit_file, "a") as f:
+            f.write(json.dumps(entry, default=str) + "\n")
+    except Exception:
+        pass
+class GovernancePolicy:
+    """Policy rules for OpenSage tool governance."""
+    def __init__(self, rules: Optional[List[dict]] = None, mode: Optional[str] = None):
+        self.rules = rules or []
+        self._mode_override = mode
+    def check(self, tool_name: str, args: dict) -> dict:
+        """Check a tool call against all policy rules.
+        Returns:
+            {"allowed": True} or {"allowed": False, "reason": "...", "rule": "..."}
+        """
+        mode = self._mode_override or _get_mode()
+        if mode == "advisory":
+            return {"allowed": True, "mode": mode}
+        # Check sensitive paths
+        path_issue = _check_sensitive_paths(args)
+        if path_issue:
+            if mode == "enforce":
+                return {"allowed": False, "reason": path_issue, "mode": mode}
+            logger.warning("Governance warning: %s", path_issue)
+        # Check risk level
+        risk = _classify_tool_risk(tool_name, args)
+        if risk == "critical":
+            return {
+                "allowed": False,
+                "reason": f"Critical action '{tool_name}' requires approval",
+                "risk": risk,
+                "mode": mode,
+            }
+        if risk == "high" and mode == "enforce":
+            return {
+                "allowed": False,
+                "reason": f"High-risk action '{tool_name}' blocked in enforce mode",
+                "risk": risk,
+                "mode": mode,
+            }
+        # Check custom rules
+        for rule in self.rules:
+            if rule.get("tool_pattern") and rule["tool_pattern"] in tool_name:
+                if rule.get("action") == "forbid":
+                    return {
+                        "allowed": False,
+                        "reason": rule.get("message", f"Rule '{rule.get('name')}' blocks this"),
+                        "rule": rule.get("name"),
+                    }
+        return {"allowed": True, "risk": risk, "mode": mode}
+class GovernanceWrapper:
+    """Wraps OpenSage agent tool execution with Delimit governance.
+    Can be used as:
+    1. A wrapper around an existing agent
+    2. A standalone policy checker
+    3. A feature plugin for OpenSage
+    """
+    def __init__(
+        self,
+        policy: Optional[GovernancePolicy] = None,
+        audit: bool = True,
+        ledger_tracking: bool = True,
+        audit_dir: Optional[Path] = None,
+    ):
+        self.policy = policy or GovernancePolicy()
+        self.audit = audit
+        self.ledger_tracking = ledger_tracking
+        self.audit_dir = audit_dir
+        self._call_count = 0
+        self._blocked_count = 0
+    def pre_tool_call(self, tool_name: str, args: dict) -> dict:
+        """Check policy before a tool executes.
+        Returns:
+            {"proceed": True} or {"proceed": False, "reason": "..."}
+        """
+        self._call_count += 1
+        check = self.policy.check(tool_name, args)
+        if self.audit:
+            _audit_log({
+                "event": "pre_tool_call",
+                "tool": tool_name,
+                "args_summary": {k: str(v)[:100] for k, v in args.items()},
+                "decision": "allowed" if check["allowed"] else "blocked",
+                "reason": check.get("reason"),
+                "risk": check.get("risk", "low"),
+                "mode": check.get("mode", "unknown"),
+                "timestamp": datetime.now(timezone.utc).isoformat(),
+            }, audit_dir=self.audit_dir)
+        if not check["allowed"]:
+            self._blocked_count += 1
+            return {"proceed": False, "reason": check["reason"]}
+        return {"proceed": True, "risk": check.get("risk", "low")}
+    def post_tool_call(self, tool_name: str, args: dict, result: Any, duration_ms: int) -> None:
+        """Record tool execution in audit trail."""
+        if self.audit:
+            _audit_log({
+                "event": "post_tool_call",
+                "tool": tool_name,
+                "duration_ms": duration_ms,
+                "success": not isinstance(result, Exception),
+                "timestamp": datetime.now(timezone.utc).isoformat(),
+            }, audit_dir=self.audit_dir)
+    def validate_tool_creation(self, tool_name: str, tool_schema: dict) -> dict:
+        """Validate an agent-created tool before registration.
+        Checks:
+        - Tool name doesn't conflict with system tools
+        - Schema doesn't expose sensitive parameters
+        - Tool doesn't request unrestricted permissions
+        Returns:
+            {"valid": True} or {"valid": False, "reason": "..."}
+        """
+        RESERVED_PREFIXES = ["system_", "admin_", "delimit_", "opensage_"]
+        for prefix in RESERVED_PREFIXES:
+            if tool_name.startswith(prefix):
+                return {
+                    "valid": False,
+                    "reason": f"Tool name '{tool_name}' uses reserved prefix '{prefix}'",
+                }
+        # Check for sensitive parameter names
+        params = tool_schema.get("parameters", {}).get("properties", {})
+        SENSITIVE_PARAMS = ["password", "secret", "token", "api_key", "private_key"]
+        for param_name in params:
+            if any(s in param_name.lower() for s in SENSITIVE_PARAMS):
+                return {
+                    "valid": False,
+                    "reason": f"Tool parameter '{param_name}' exposes sensitive data",
+                }
+        if self.audit:
+            _audit_log({
+                "event": "tool_creation_validated",
+                "tool": tool_name,
+                "schema_keys": list(tool_schema.keys()),
+                "param_count": len(params),
+                "timestamp": datetime.now(timezone.utc).isoformat(),
+            }, audit_dir=self.audit_dir)
+        return {"valid": True}
+    def wrap_tool(self, tool_fn: Callable) -> Callable:
+        """Wrap a tool function with governance checks.
+        Usage:
+            original_tool = agent.get_tool("my_tool")
+            governed_tool = wrapper.wrap_tool(original_tool)
+        """
+        def governed_tool(*args, **kwargs):
+            tool_name = getattr(tool_fn, "__name__", "unknown")
+            check = self.pre_tool_call(tool_name, kwargs)
+            if not check["proceed"]:
+                return {"error": "governance_blocked", "reason": check["reason"]}
+            start = time.time()
+            try:
+                result = tool_fn(*args, **kwargs)
+                duration_ms = int((time.time() - start) * 1000)
+                self.post_tool_call(tool_name, kwargs, result, duration_ms)
+                return result
+            except Exception as e:
+                duration_ms = int((time.time() - start) * 1000)
+                self.post_tool_call(tool_name, kwargs, e, duration_ms)
+                raise
+        governed_tool.__name__ = getattr(tool_fn, "__name__", "unknown")
+        governed_tool.__doc__ = getattr(tool_fn, "__doc__", "")
+        governed_tool._governance_wrapped = True
+        return governed_tool
+    def get_stats(self) -> dict:
+        """Return governance statistics for this session."""
+        return {
+            "total_calls": self._call_count,
+            "blocked_calls": self._blocked_count,
+            "block_rate": f"{(self._blocked_count / max(self._call_count, 1)) * 100:.1f}%",
+            "mode": _get_mode(),
+        }

package/gateway/ai/key_resolver.py ADDED Viewed

@@ -0,0 +1,95 @@
+"""Auto-resolve API keys from multiple sources.
+Priority: env var -> secrets broker -> return None (free fallback).
+Every MCP tool that depends on an external service should use this module
+so it works out of the box without API keys, with enhanced functionality
+unlocked when keys are available.
+"""
+import json
+import logging
+import os
+import shutil
+import subprocess
+from pathlib import Path
+from typing import Optional, Tuple
+logger = logging.getLogger("delimit.ai.key_resolver")
+SECRETS_DIR = Path.home() / ".delimit" / "secrets"
+def get_key(name: str, env_var: str = "", _secrets_dir: Optional[Path] = None) -> Tuple[Optional[str], str]:
+    """Get an API key.  Returns (key, source) or (None, "not_found").
+    Sources checked in order:
+    1. Environment variable (explicit *env_var*, then common conventions)
+    2. ~/.delimit/secrets/{name}.json
+    3. None (free fallback)
+    """
+    # 1. Env var — explicit, then common patterns
+    candidates = [env_var] if env_var else []
+    candidates += [
+        f"{name.upper()}_TOKEN",
+        f"{name.upper()}_API_KEY",
+        f"{name.upper()}_KEY",
+    ]
+    for var in candidates:
+        if not var:
+            continue
+        val = os.environ.get(var)
+        if val:
+            return val, "env"
+    # 2. Secrets broker
+    secrets_dir = _secrets_dir if _secrets_dir is not None else SECRETS_DIR
+    secrets_file = secrets_dir / f"{name.lower()}.json"
+    if secrets_file.exists():
+        try:
+            data = json.loads(secrets_file.read_text())
+            for field in ("value", "api_key", "token", "key"):
+                if data.get(field):
+                    return data[field], "secrets_broker"
+        except Exception:
+            logger.debug("Failed to read secrets file %s", secrets_file)
+    # 3. Not found
+    return None, "not_found"
+# ---------------------------------------------------------------------------
+# Convenience wrappers
+# ---------------------------------------------------------------------------
+def get_figma_token() -> Tuple[Optional[str], str]:
+    """Resolve Figma API token."""
+    return get_key("figma", "FIGMA_TOKEN")
+def get_trivy_path() -> Tuple[Optional[str], str]:
+    """Check if Trivy binary is available on PATH."""
+    path = shutil.which("trivy")
+    return (path, "installed") if path else (None, "not_found")
+def get_playwright() -> Tuple[bool, str]:
+    """Check whether Playwright is usable (Python package installed)."""
+    try:
+        import playwright  # noqa: F401
+        return True, "installed"
+    except ImportError:
+        return False, "not_found"
+def get_puppeteer() -> Tuple[bool, str]:
+    """Check whether puppeteer (npx) is available for screenshot fallback."""
+    try:
+        result = subprocess.run(
+            ["npx", "puppeteer", "--version"],
+            capture_output=True,
+            timeout=15,
+        )
+        return (True, "installed") if result.returncode == 0 else (False, "not_found")
+    except Exception:
+        return False, "not_found"