delimit-cli 3.14.28 → 3.14.29

package/gateway/core/diff_engine_v2.py

@@ -19,7 +19,14 @@ class ChangeType(Enum):
     TYPE_CHANGED = "type_changed"
     FORMAT_CHANGED = "format_changed"
     ENUM_VALUE_REMOVED = "enum_value_removed"
-    
+    PARAM_TYPE_CHANGED = "param_type_changed"
+    PARAM_REQUIRED_CHANGED = "param_required_changed"
+    RESPONSE_TYPE_CHANGED = "response_type_changed"
+    SECURITY_REMOVED = "security_removed"
+    SECURITY_SCOPE_REMOVED = "security_scope_removed"
+    MAX_LENGTH_DECREASED = "max_length_decreased"
+    MIN_LENGTH_INCREASED = "min_length_increased"
+
     # Non-breaking changes
     ENDPOINT_ADDED = "endpoint_added"
     METHOD_ADDED = "method_added"
@@ -28,6 +35,9 @@ class ChangeType(Enum):
     OPTIONAL_FIELD_ADDED = "optional_field_added"
     ENUM_VALUE_ADDED = "enum_value_added"
     DESCRIPTION_CHANGED = "description_changed"
+    SECURITY_ADDED = "security_added"
+    DEPRECATED_ADDED = "deprecated_added"
+    DEFAULT_CHANGED = "default_changed"
 
 @dataclass
 class Change:
@@ -50,6 +60,13 @@ class Change:
             ChangeType.TYPE_CHANGED,
             ChangeType.FORMAT_CHANGED,
             ChangeType.ENUM_VALUE_REMOVED,
+            ChangeType.PARAM_TYPE_CHANGED,
+            ChangeType.PARAM_REQUIRED_CHANGED,
+            ChangeType.RESPONSE_TYPE_CHANGED,
+            ChangeType.SECURITY_REMOVED,
+            ChangeType.SECURITY_SCOPE_REMOVED,
+            ChangeType.MAX_LENGTH_DECREASED,
+            ChangeType.MIN_LENGTH_INCREASED,
         ]
 
 class OpenAPIDiffEngine:
@@ -57,30 +74,26 @@ class OpenAPIDiffEngine:
     
     def __init__(self):
         self.changes: List[Change] = []
-        self._old_spec: Dict = {}
-        self._new_spec: Dict = {}
-        self._ref_trail: Set[Tuple[str, str]] = set()
-
+    
     def compare(self, old_spec: Dict, new_spec: Dict) -> List[Change]:
         """Compare two OpenAPI specifications and return all changes."""
         self.changes = []
-        self._old_spec = old_spec or {}
-        self._new_spec = new_spec or {}
-        self._ref_trail = set()
+        old_spec = old_spec or {}
+        new_spec = new_spec or {}
 
         # Compare paths
-        self._compare_paths(self._old_spec.get("paths", {}), self._new_spec.get("paths", {}))
+        self._compare_paths(old_spec.get("paths", {}), new_spec.get("paths", {}))
         
         # Compare components/schemas
         self._compare_schemas(
-            self._old_spec.get("components", {}).get("schemas", {}),
-            self._new_spec.get("components", {}).get("schemas", {})
+            old_spec.get("components", {}).get("schemas", {}),
+            new_spec.get("components", {}).get("schemas", {})
         )
         
         # Compare security schemes
         self._compare_security(
-            self._old_spec.get("components", {}).get("securitySchemes", {}),
-            self._new_spec.get("components", {}).get("securitySchemes", {})
+            old_spec.get("components", {}).get("securitySchemes", {}),
+            new_spec.get("components", {}).get("securitySchemes", {})
         )
         
         return self.changes
@@ -167,6 +180,18 @@ class OpenAPIDiffEngine:
                     message=f"Required parameter added: {param['name']} to {operation_id}"
                 ))
         
+        # Check added optional parameters (non-breaking)
+        for param_key in set(new_params.keys()) - set(old_params.keys()):
+            param = new_params[param_key]
+            if not param.get("required", False):
+                self.changes.append(Change(
+                    type=ChangeType.OPTIONAL_PARAM_ADDED,
+                    path=operation_id,
+                    details={"parameter": param["name"], "in": param["in"]},
+                    severity="low",
+                    message=f"Optional parameter added: {param['name']} to {operation_id}"
+                ))
+
         # Check parameter schema changes
         for param_key in set(old_params.keys()) & set(new_params.keys()):
             self._compare_parameter_schemas(
@@ -174,7 +199,27 @@ class OpenAPIDiffEngine:
                 old_params[param_key],
                 new_params[param_key]
             )
-        
+
+        # Compare operation-level security
+        if "security" in old_op or "security" in new_op:
+            self._compare_operation_security(
+                operation_id,
+                old_op.get("security"),
+                new_op.get("security")
+            )
+
+        # Check deprecated flag
+        old_deprecated = old_op.get("deprecated", False)
+        new_deprecated = new_op.get("deprecated", False)
+        if not old_deprecated and new_deprecated:
+            self.changes.append(Change(
+                type=ChangeType.DEPRECATED_ADDED,
+                path=operation_id,
+                details={"target": "operation"},
+                severity="low",
+                message=f"Operation marked as deprecated: {operation_id}"
+            ))
+
         # Compare request body
         if "requestBody" in old_op or "requestBody" in new_op:
             self._compare_request_body(
@@ -191,30 +236,64 @@ class OpenAPIDiffEngine:
         )
     
     def _compare_parameter_schemas(self, operation_id: str, old_param: Dict, new_param: Dict):
-        """Compare parameter schemas for type changes."""
+        """Compare parameter schemas for type changes, required changes, and constraints."""
         old_schema = old_param.get("schema", {})
         new_schema = new_param.get("schema", {})
+        param_name = old_param["name"]
 
-        # Resolve $ref in parameter schemas
-        if "$ref" in old_schema:
-            old_schema = self._resolve_schema(old_schema, self._old_spec)
-        if "$ref" in new_schema:
-            new_schema = self._resolve_schema(new_schema, self._new_spec)
-        
-        # Check type changes
+        # Check type changes — emit both PARAM_TYPE_CHANGED (specific) and TYPE_CHANGED (legacy)
         if old_schema.get("type") != new_schema.get("type"):
+            self.changes.append(Change(
+                type=ChangeType.PARAM_TYPE_CHANGED,
+                path=operation_id,
+                details={
+                    "parameter": param_name,
+                    "old_type": old_schema.get("type"),
+                    "new_type": new_schema.get("type")
+                },
+                severity="high",
+                message=f"Parameter type changed: {param_name} from {old_schema.get('type')} to {new_schema.get('type')} in {operation_id}"
+            ))
             self.changes.append(Change(
                 type=ChangeType.TYPE_CHANGED,
                 path=operation_id,
                 details={
-                    "parameter": old_param["name"],
+                    "parameter": param_name,
                     "old_type": old_schema.get("type"),
                     "new_type": new_schema.get("type")
                 },
                 severity="high",
-                message=f"Parameter type changed: {old_param['name']} from {old_schema.get('type')} to {new_schema.get('type')}"
+                message=f"Parameter type changed: {param_name} from {old_schema.get('type')} to {new_schema.get('type')}"
             ))
-        
+
+        # Check required changed (optional -> required)
+        old_required = old_param.get("required", False)
+        new_required = new_param.get("required", False)
+        if not old_required and new_required:
+            self.changes.append(Change(
+                type=ChangeType.PARAM_REQUIRED_CHANGED,
+                path=operation_id,
+                details={"parameter": param_name, "old_required": False, "new_required": True},
+                severity="high",
+                message=f"Parameter changed from optional to required: {param_name} in {operation_id}"
+            ))
+
+        # Check constraint changes
+        self._compare_constraints(f"{operation_id}:{param_name}", old_schema, new_schema)
+
+        # Check default value changes
+        if "default" in old_schema or "default" in new_schema:
+            old_default = old_schema.get("default")
+            new_default = new_schema.get("default")
+            if old_default != new_default:
+                self.changes.append(Change(
+                    type=ChangeType.DEFAULT_CHANGED,
+                    path=f"{operation_id}:{param_name}",
+                    details={"old_default": old_default, "new_default": new_default},
+                    severity="low",
+                    message=f"Default value changed for {param_name} from {old_default} to {new_default}"
+                ))
+
         # Check enum changes
         if "enum" in old_schema or "enum" in new_schema:
             self._compare_enums(
@@ -286,58 +365,34 @@ class OpenAPIDiffEngine:
                         new_content[content_type].get("schema", {})
                     )
     
-    def _resolve_ref(self, ref_string: str, spec: Dict) -> Optional[Dict]:
-        """Resolve a JSON $ref pointer like #/components/schemas/User."""
-        if not ref_string.startswith('#/'):
-            return None
-        parts = ref_string[2:].split('/')
-        current = spec
-        for part in parts:
-            part = part.replace('~1', '/').replace('~0', '~')
-            if isinstance(current, dict) and part in current:
-                current = current[part]
-            else:
-                return None
-        return current if isinstance(current, dict) else None
-
-    def _resolve_schema(self, schema: Dict, spec: Dict, visited: Optional[Set[str]] = None) -> Dict:
-        """Follow $ref chains, detecting circular references."""
-        if visited is None:
-            visited = set()
-        if '$ref' not in schema:
-            return schema
-        ref = schema['$ref']
-        if ref in visited:
-            return schema  # circular — return as-is
-        visited.add(ref)
-        resolved = self._resolve_ref(ref, spec)
-        if resolved is None:
-            return schema  # unresolvable — return as-is
-        if '$ref' in resolved:
-            return self._resolve_schema(resolved, spec, visited)
-        return resolved
-
     def _compare_schema_deep(self, path: str, old_schema: Dict, new_schema: Dict, required_fields: Optional[Set[str]] = None):
         """Deep comparison of schemas including nested objects."""
 
-        # Handle references — resolve before comparing
+        # Handle references
         if "$ref" in old_schema or "$ref" in new_schema:
-            old_resolved = self._resolve_schema(old_schema, self._old_spec) if "$ref" in old_schema else old_schema
-            new_resolved = self._resolve_schema(new_schema, self._new_spec) if "$ref" in new_schema else new_schema
-            # Track ref pairs to avoid infinite loops on circular schemas
-            ref_key = (old_schema.get("$ref", ""), new_schema.get("$ref", ""))
-            if ref_key in self._ref_trail:
-                return
-            self._ref_trail.add(ref_key)
-            # Compare the resolved schemas
-            self._compare_schema_deep(path, old_resolved, new_resolved, required_fields)
+            # TODO: Resolve references properly
             return
-        
+
         # Compare types
         old_type = old_schema.get("type")
         new_type = new_schema.get("type")
-        
+
         if old_type != new_type and old_type is not None:
+            # Determine if this is a response context for RESPONSE_TYPE_CHANGED
+            is_response = bool(
+                ":" in path and any(
+                    code in path for code in
+                    ["200", "201", "202", "204", "301", "400", "401", "403", "404", "500"]
+                )
+            )
+            if is_response:
+                self.changes.append(Change(
+                    type=ChangeType.RESPONSE_TYPE_CHANGED,
+                    path=path,
+                    details={"old_type": old_type, "new_type": new_type},
+                    severity="high",
+                    message=f"Response type changed from {old_type} to {new_type} at {path}"
+                ))
             self.changes.append(Change(
                 type=ChangeType.TYPE_CHANGED,
                 path=path,
@@ -346,14 +401,14 @@ class OpenAPIDiffEngine:
                 message=f"Type changed from {old_type} to {new_type} at {path}"
             ))
             return
-        
+
         # Compare object properties
         if old_type == "object":
             old_props = old_schema.get("properties", {})
             new_props = new_schema.get("properties", {})
             old_required = set(old_schema.get("required", []))
             new_required = set(new_schema.get("required", []))
-            
+
             # Check removed fields
             for prop in set(old_props.keys()) - set(new_props.keys()):
                 if prop in old_required:
@@ -364,7 +419,7 @@ class OpenAPIDiffEngine:
                         severity="high",
                         message=f"Required field '{prop}' removed at {path}"
                     ))
-            
+
             # Check new required fields
             for prop in new_required - old_required:
                 if prop not in old_props:
@@ -375,16 +430,45 @@ class OpenAPIDiffEngine:
                         severity="high",
                         message=f"New required field '{prop}' added at {path}"
                     ))
-            
+
             # Recursively compare nested properties
             for prop in set(old_props.keys()) & set(new_props.keys()):
+                old_prop_schema = old_props[prop]
+                new_prop_schema = new_props[prop]
+
+                # Check deprecated on fields
+                if not old_prop_schema.get("deprecated", False) and new_prop_schema.get("deprecated", False):
+                    self.changes.append(Change(
+                        type=ChangeType.DEPRECATED_ADDED,
+                        path=f"{path}.{prop}",
+                        details={"target": "field", "field": prop},
+                        severity="low",
+                        message=f"Field '{prop}' marked as deprecated at {path}"
+                    ))
+
+                # Check default value changes on fields
+                if "default" in old_prop_schema or "default" in new_prop_schema:
+                    old_default = old_prop_schema.get("default")
+                    new_default = new_prop_schema.get("default")
+                    if old_default != new_default:
+                        self.changes.append(Change(
+                            type=ChangeType.DEFAULT_CHANGED,
+                            path=f"{path}.{prop}",
+                            details={"old_default": old_default, "new_default": new_default},
+                            severity="low",
+                            message=f"Default value changed for '{prop}' from {old_default} to {new_default} at {path}"
+                        ))
+
+                # Check constraint changes on fields
+                self._compare_constraints(f"{path}.{prop}", old_prop_schema, new_prop_schema)
+
                 self._compare_schema_deep(
                     f"{path}.{prop}",
-                    old_props[prop],
-                    new_props[prop],
+                    old_prop_schema,
+                    new_prop_schema,
                     old_required if prop in old_required else None
                 )
-        
+
         # Compare arrays
         elif old_type == "array":
             if "items" in old_schema and "items" in new_schema:
@@ -393,10 +477,14 @@ class OpenAPIDiffEngine:
                     old_schema["items"],
                     new_schema["items"]
                 )
-        
+
         # Compare enums
         if "enum" in old_schema or "enum" in new_schema:
             self._compare_enums(path, old_schema.get("enum", []), new_schema.get("enum", []))
+
+        # Compare constraints at top level of schema (non-object)
+        if old_type != "object":
+            self._compare_constraints(path, old_schema, new_schema)
     
     def _compare_enums(self, path: str, old_enum: List, new_enum: List):
         """Compare enum values."""
@@ -443,17 +531,123 @@ class OpenAPIDiffEngine:
                 new_schemas[schema_name]
             )
     
+    def _compare_constraints(self, path: str, old_schema: Dict, new_schema: Dict):
+        """Compare schema constraints (maxLength, minLength, maxItems, minItems)."""
+        # maxLength / maxItems decreased = breaking (stricter)
+        for prop in ("maxLength", "maxItems"):
+            old_val = old_schema.get(prop)
+            new_val = new_schema.get(prop)
+            if old_val is not None and new_val is not None and new_val < old_val:
+                self.changes.append(Change(
+                    type=ChangeType.MAX_LENGTH_DECREASED,
+                    path=path,
+                    details={"constraint": prop, "old_value": old_val, "new_value": new_val},
+                    severity="high",
+                    message=f"{prop} decreased from {old_val} to {new_val} at {path}"
+                ))
+            elif old_val is None and new_val is not None:
+                # Adding a max constraint where there was none is also stricter
+                self.changes.append(Change(
+                    type=ChangeType.MAX_LENGTH_DECREASED,
+                    path=path,
+                    details={"constraint": prop, "old_value": None, "new_value": new_val},
+                    severity="high",
+                    message=f"{prop} added ({new_val}) at {path} where none existed"
+                ))
+
+        # minLength / minItems increased = breaking (stricter)
+        for prop in ("minLength", "minItems"):
+            old_val = old_schema.get(prop)
+            new_val = new_schema.get(prop)
+            if old_val is not None and new_val is not None and new_val > old_val:
+                self.changes.append(Change(
+                    type=ChangeType.MIN_LENGTH_INCREASED,
+                    path=path,
+                    details={"constraint": prop, "old_value": old_val, "new_value": new_val},
+                    severity="high",
+                    message=f"{prop} increased from {old_val} to {new_val} at {path}"
+                ))
+            elif old_val is None and new_val is not None and new_val > 0:
+                # Adding a min constraint where there was none is stricter
+                self.changes.append(Change(
+                    type=ChangeType.MIN_LENGTH_INCREASED,
+                    path=path,
+                    details={"constraint": prop, "old_value": None, "new_value": new_val},
+                    severity="high",
+                    message=f"{prop} added ({new_val}) at {path} where none existed"
+                ))
+
+    def _compare_operation_security(self, operation_id: str, old_security: Optional[list], new_security: Optional[list]):
+        """Compare operation-level security requirements."""
+        if old_security is None:
+            old_security = []
+        if new_security is None:
+            new_security = []
+
+        # Build maps: scheme_name -> set of scopes
+        def _security_map(sec_list):
+            result = {}
+            for item in sec_list:
+                for scheme, scopes in item.items():
+                    result[scheme] = set(scopes) if scopes else set()
+            return result
+
+        old_map = _security_map(old_security)
+        new_map = _security_map(new_security)
+
+        # Removed security schemes from operation
+        for scheme in set(old_map.keys()) - set(new_map.keys()):
+            self.changes.append(Change(
+                type=ChangeType.SECURITY_REMOVED,
+                path=operation_id,
+                details={"scheme": scheme},
+                severity="high",
+                message=f"Security scheme '{scheme}' removed from {operation_id}"
+            ))
+
+        # Added security schemes to operation
+        for scheme in set(new_map.keys()) - set(old_map.keys()):
+            self.changes.append(Change(
+                type=ChangeType.SECURITY_ADDED,
+                path=operation_id,
+                details={"scheme": scheme},
+                severity="low",
+                message=f"Security scheme '{scheme}' added to {operation_id}"
+            ))
+
+        # Check scope changes for shared schemes
+        for scheme in set(old_map.keys()) & set(new_map.keys()):
+            removed_scopes = old_map[scheme] - new_map[scheme]
+            for scope in removed_scopes:
+                self.changes.append(Change(
+                    type=ChangeType.SECURITY_SCOPE_REMOVED,
+                    path=operation_id,
+                    details={"scheme": scheme, "scope": scope},
+                    severity="high",
+                    message=f"OAuth scope '{scope}' removed from scheme '{scheme}' at {operation_id}"
+                ))
+
     def _compare_security(self, old_security: Dict, new_security: Dict):
         """Compare security schemes."""
-        # Security scheme changes are usually breaking
+        # Security scheme removal is breaking
         for scheme in set(old_security.keys()) - set(new_security.keys()):
             self.changes.append(Change(
-                type=ChangeType.FIELD_REMOVED,
+                type=ChangeType.SECURITY_REMOVED,
                 path=f"#/components/securitySchemes/{scheme}",
                 details={"scheme": scheme},
                 severity="high",
                 message=f"Security scheme '{scheme}' removed"
             ))
+
+        # Security scheme addition is non-breaking
+        for scheme in set(new_security.keys()) - set(old_security.keys()):
+            self.changes.append(Change(
+                type=ChangeType.SECURITY_ADDED,
+                path=f"#/components/securitySchemes/{scheme}",
+                details={"scheme": scheme},
+                severity="low",
+                message=f"Security scheme '{scheme}' added"
+            ))
     
     def _param_key(self, param: Dict) -> str:
         """Generate unique key for parameter."""

package/gateway/core/event_backbone.py

@@ -3,7 +3,7 @@ Delimit Event Backbone
 Constructs ledger events, generates SHA-256 hashes, links hash chains,
 and appends to the append-only JSONL ledger.
 
-Per Delimit architecture:
+Per Jamsons Doctrine:
 - Deterministic outputs
 - Append-only artifacts
 - Fail-closed CI behavior (ledger failures never affect CI)
@@ -199,7 +199,7 @@ class EventBackbone:
         This is the primary API for event generation. It is best-effort:
         if the ledger write fails, the event is still returned but not persisted.
 
-        CRITICAL: This method NEVER raises exceptions. Per Delimit architecture,
+        CRITICAL: This method NEVER raises exceptions. Per Jamsons Doctrine,
         ledger failures must not affect CI pass/fail outcome.
 
         Returns:

package/gateway/core/event_schema.py

@@ -1,7 +1,7 @@
 """
 Delimit Event Schema
 Canonical event schema for API contract evolution tracking.
-Deterministic validation and serialization per Delimit architecture.
+Deterministic validation and serialization per Jamsons Doctrine.
 """
 
 import hashlib

package/gateway/core/impact_analyzer.py

@@ -3,7 +3,7 @@ Delimit Impact Analyzer
 Determines downstream consumers affected by an API change
 and produces informational impact summaries for CI output.
 
-Per Delimit architecture:
+Per Jamsons Doctrine:
 - Impact analysis is INFORMATIONAL ONLY
 - NEVER affects CI pass/fail outcome
 - Deterministic outputs

package/gateway/core/policy_engine.py

@@ -11,12 +11,16 @@ from pathlib import Path
 
 from core.diff_engine_v2 import OpenAPIDiffEngine, Change, ChangeType
 
+
 class RuleSeverity(Enum):
+    """Severity levels for governance policy rules."""
     ERROR = "error"      # Fails CI
     WARNING = "warning"  # Shows warning but passes
     INFO = "info"        # Informational only
 
+
 class RuleAction(Enum):
+    """Actions to take when a policy rule is triggered."""
     FORBID = "forbid"    # Forbids the change
     ALLOW = "allow"      # Explicitly allows
     WARN = "warn"        # Warns but allows

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "delimit-cli",
   "mcpName": "io.github.delimit-ai/delimit-mcp-server",
-  "version": "3.14.28",
+  "version": "3.14.29",
   "description": "Unify Claude Code, Codex, Cursor, and Gemini CLI with persistent context, governance, and multi-model debate.",
   "main": "index.js",
   "files": [