delimit-cli 3.14.28 → 3.14.29

package/gateway/ai/backends/memory_bridge.py

@@ -1,94 +1,95 @@
 """
-Bridge to delimit-memory package.
-Tier 2 Platform tools — semantic memory search and store.
+Memory bridge — file-based semantic memory store.
+Stores memories as JSON files in ~/.delimit/memory/.
 """
 
-import os
-import sys
 import json
-import asyncio
+import hashlib
 import logging
 from pathlib import Path
-from typing import Any, Dict, Optional
+from datetime import datetime, timezone
+from typing import Any, Dict, List, Optional
 
 logger = logging.getLogger("delimit.ai.memory_bridge")
 
-MEM_PACKAGE = Path(os.environ.get("DELIMIT_HOME", str(Path.home() / ".delimit"))) / "server" / "packages" / "delimit-memory"
-
-_server = None
-
-
-def _run_async(coro):
-    """Run an async coroutine from sync code, handling nested event loops."""
-    try:
-        loop = asyncio.get_running_loop()
-    except RuntimeError:
-        loop = None
-
-    if loop and loop.is_running():
-        # We're inside an async context (e.g., FastMCP) — use a new thread
-        import concurrent.futures
-        with concurrent.futures.ThreadPoolExecutor(max_workers=1) as pool:
-            return pool.submit(asyncio.run, coro).result(timeout=30)
-    else:
-        return asyncio.run(coro)
-
-
-def _get_server():
-    global _server
-    if _server is not None:
-        return _server
-    pkg_path = str(MEM_PACKAGE / "delimit_memory")
-    if pkg_path not in sys.path:
-        sys.path.insert(0, pkg_path)
-    if str(MEM_PACKAGE) not in sys.path:
-        sys.path.insert(0, str(MEM_PACKAGE))
-    try:
-        from delimit_memory.server import DelimitMemoryServer
-        _server = DelimitMemoryServer()
-        _run_async(_server._initialize_engine())
-        return _server
-    except Exception as e:
-        logger.warning(f"Failed to init memory server: {e}")
-        return None
+MEMORY_DIR = Path.home() / ".delimit" / "memory"
 
 
-def search(query: str, limit: int = 10) -> Dict[str, Any]:
-    """Semantic search across conversation memory."""
-    srv = _get_server()
-    if srv is None:
-        return {"error": "Memory server unavailable", "results": []}
-    try:
-        result = _run_async(srv._handle_search({"query": query, "limit": limit}))
-        return json.loads(result) if isinstance(result, str) else result
-    except Exception as e:
-        return {"error": f"Memory search failed: {e}", "results": []}
+def _ensure_dir():
+    MEMORY_DIR.mkdir(parents=True, exist_ok=True)
 
 
 def store(content: str, tags: Optional[list] = None, context: Optional[str] = None) -> Dict[str, Any]:
     """Store a memory entry."""
-    srv = _get_server()
-    if srv is None:
-        return {"error": "Memory server unavailable"}
-    try:
-        args = {"content": content}
-        if tags:
-            args["tags"] = tags
-        if context:
-            args["context"] = context
-        result = _run_async(srv._handle_store(args))
-        return json.loads(result) if isinstance(result, str) else result
-    except Exception as e:
-        return {"error": f"Memory store failed: {e}"}
+    _ensure_dir()
+
+    # Generate ID from content hash
+    mem_id = "mem-" + hashlib.sha256(content[:100].encode()).hexdigest()[:12]
+    ts = datetime.now(timezone.utc).isoformat()
+
+    entry = {
+        "id": mem_id,
+        "content": content,
+        "tags": tags or [],
+        "context": context or "",
+        "created_at": ts,
+    }
+
+    path = MEMORY_DIR / f"{mem_id}.json"
+    path.write_text(json.dumps(entry, indent=2))
+
+    return {"stored": mem_id, "path": str(path), "created_at": ts}
+
+
+def search(query: str, limit: int = 10) -> Dict[str, Any]:
+    """Search memories by keyword matching."""
+    _ensure_dir()
+    query_lower = query.lower()
+    results = []
+
+    for f in sorted(MEMORY_DIR.glob("*.json"), reverse=True):
+        try:
+            entry = json.loads(f.read_text())
+            content = entry.get("content", "").lower()
+            tags = " ".join(entry.get("tags", [])).lower()
+            context = entry.get("context", "").lower()
+
+            # Simple keyword matching
+            if query_lower in content or query_lower in tags or query_lower in context:
+                results.append({
+                    "id": entry.get("id", f.stem),
+                    "content": entry.get("content", "")[:500],
+                    "tags": entry.get("tags", []),
+                    "created_at": entry.get("created_at", ""),
+                    "relevance": content.count(query_lower),
+                })
+
+            if len(results) >= limit:
+                break
+        except Exception:
+            pass
+
+    results.sort(key=lambda r: r.get("relevance", 0), reverse=True)
+    return {"query": query, "results": results, "count": len(results)}
 
 
 def get_recent(limit: int = 5) -> Dict[str, Any]:
-    """Get recent work summary."""
-    srv = _get_server()
-    if srv is None:
-        return {"error": "Memory server unavailable", "results": []}
-    try:
-        result = _run_async(srv._handle_get_recent_work({"limit": limit}))
-        return json.loads(result) if isinstance(result, str) else result
-    except Exception as e:
-        return {"error": f"Recent work failed: {e}", "results": []}
+    """Get recent memory entries."""
+    _ensure_dir()
+    entries = []
+
+    for f in sorted(MEMORY_DIR.glob("*.json"), key=lambda p: p.stat().st_mtime, reverse=True):
+        if len(entries) >= limit:
+            break
+        try:
+            entry = json.loads(f.read_text())
+            entries.append({
+                "id": entry.get("id", f.stem),
+                "content": entry.get("content", "")[:500],
+                "tags": entry.get("tags", []),
+                "created_at": entry.get("created_at", ""),
+            })
+        except Exception:
+            pass
+
+    return {"results": entries, "count": len(entries)}

package/gateway/ai/backends/ops_bridge.py

@@ -48,33 +48,72 @@ def _call(pkg: str, factory_name: str, method: str, args: Dict, tool_label: str)
 # ─── ReleasePilot (Governance Primitive) ────────────────────────────────
 
 def release_plan(environment: str, version: str, repository: str, services: Optional[List[str]] = None) -> Dict[str, Any]:
+    """Generate a release plan for the given environment and version."""
     return _call("releasepilot", "create_releasepilot_server", "_tool_plan",
                  {"environment": environment, "version": version, "repository": repository, "services": services or []}, "release.plan")
 
 
 def release_validate(environment: str, version: str) -> Dict[str, Any]:
-    return _call("releasepilot", "create_releasepilot_server", "_tool_validate",
-                 {"environment": environment, "version": version}, "release.validate")
+    """Validate release readiness by checking git tags, CHANGELOG, and package.json."""
+    import subprocess
+    checks = []
+    try:
+        tags = subprocess.run(["git", "tag", "-l"], capture_output=True, text=True, timeout=10)
+        tag_list = tags.stdout.strip().splitlines() if tags.returncode == 0 else []
+        has_tag = any(version in t for t in tag_list)
+        checks.append({"check": "git_tag", "passed": has_tag, "detail": f"Tag for {version} {'found' if has_tag else 'not found'}"})
+    except Exception:
+        checks.append({"check": "git_tag", "passed": False, "detail": "git not available"})
+    cl = Path("CHANGELOG.md")
+    checks.append({"check": "changelog", "passed": cl.exists(), "detail": str(cl) if cl.exists() else "CHANGELOG.md not found"})
+    pkg = Path("package.json")
+    if pkg.exists():
+        try:
+            data = json.loads(pkg.read_text())
+            pkg_ver = data.get("version", "")
+            match = pkg_ver == version.lstrip("v")
+            checks.append({"check": "package_version", "passed": match, "detail": f"package.json version={pkg_ver}"})
+        except Exception:
+            checks.append({"check": "package_version", "passed": False, "detail": "Failed to read package.json"})
+    passed = all(c["passed"] for c in checks)
+    return {"tool": "release.validate", "status": "pass" if passed else "fail", "environment": environment, "version": version, "checks": checks}
 
 
 def release_status(environment: str) -> Dict[str, Any]:
+    """Get current release status for the environment."""
     return _call("releasepilot", "create_releasepilot_server", "_tool_status",
                  {"environment": environment}, "release.status")
 
 
 def release_rollback(environment: str, version: str, to_version: str) -> Dict[str, Any]:
+    """Roll back to a previous version in the specified environment."""
     return _call("releasepilot", "create_releasepilot_server", "_tool_rollback",
                  {"environment": environment, "version": version, "to_version": to_version}, "release.rollback")
 
 
 def release_history(environment: str, limit: int = 10) -> Dict[str, Any]:
-    return _call("releasepilot", "create_releasepilot_server", "_tool_history",
-                 {"environment": environment, "limit": limit}, "release.history")
+    """Show recent release history from git log."""
+    import subprocess
+    try:
+        result = subprocess.run(
+            ["git", "log", "--oneline", "--decorate", f"-{limit}"],
+            capture_output=True, text=True, timeout=10,
+        )
+        if result.returncode != 0:
+            return {"tool": "release.history", "status": "error", "error": result.stderr.strip()}
+        commits = result.stdout.strip().splitlines()
+        tags = subprocess.run(["git", "tag", "-l", "--sort=-creatordate"], capture_output=True, text=True, timeout=10)
+        tag_list = tags.stdout.strip().splitlines()[:limit] if tags.returncode == 0 else []
+        return {"tool": "release.history", "status": "ok", "environment": environment,
+                "recent_commits": commits, "tags": tag_list, "total_commits": len(commits)}
+    except Exception as e:
+        return {"tool": "release.history", "status": "error", "error": str(e)}
 
 
 # ─── CostGuard (Governance Primitive) ──────────────────────────────────
 
 def cost_analyze(target: str = ".", options: Optional[Dict] = None) -> Dict[str, Any]:
+    """Analyze cloud infrastructure costs for the target path."""
     result = _call("costguard", "create_costguard_server", "_tool_analyze",
                    {"target": target, **(options or {})}, "cost.analyze")
     # Guard against hardcoded fake AWS cost data from stub implementation
@@ -85,11 +124,13 @@ def cost_analyze(target: str = ".", options: Optional[Dict] = None) -> Dict[str,
 
 
 def cost_optimize(target: str = ".", options: Optional[Dict] = None) -> Dict[str, Any]:
+    """Identify cost optimization opportunities for the target infrastructure."""
     return _call("costguard", "create_costguard_server", "_tool_optimize",
                  {"target": target, **(options or {})}, "cost.optimize")
 
 
 def cost_alert(action: str = "list", options: Optional[Dict] = None) -> Dict[str, Any]:
+    """Manage cost alerts (list, create, delete)."""
     return _call("costguard", "create_costguard_server", "_tool_alerts",
                  {"action": action, **(options or {})}, "cost.alert")
 
@@ -97,6 +138,7 @@ def cost_alert(action: str = "list", options: Optional[Dict] = None) -> Dict[str
 # ─── DataSteward (Governance Primitive) ────────────────────────────────
 
 def data_validate(target: str = ".", options: Optional[Dict] = None) -> Dict[str, Any]:
+    """Run data integrity and validation checks on the target database."""
     result = _call("datasteward", "create_datasteward_server", "_tool_integrity_check",
                    {"database_url": target, **(options or {})}, "data.validate")
     # Guard against stub that returns "passed" with 0 tables checked
@@ -107,11 +149,13 @@ def data_validate(target: str = ".", options: Optional[Dict] = None) -> Dict[str
 
 
 def data_migrate(target: str = ".", options: Optional[Dict] = None) -> Dict[str, Any]:
+    """Check for pending database migrations and reporting status."""
     return _call("datasteward", "create_datasteward_server", "_tool_migration_status",
                  {"database_url": target, **(options or {})}, "data.migrate")
 
 
 def data_backup(target: str = ".", options: Optional[Dict] = None) -> Dict[str, Any]:
+    """Create a backup plan or execute backup for the target database."""
     return _call("datasteward", "create_datasteward_server", "_tool_backup_plan",
                  {"database_url": target, **(options or {})}, "data.backup")
 
@@ -119,20 +163,46 @@ def data_backup(target: str = ".", options: Optional[Dict] = None) -> Dict[str,
 # ─── ObservabilityOps (Internal OS) ────────────────────────────────────
 
 def obs_metrics(query: str, time_range: str = "1h", source: Optional[str] = None) -> Dict[str, Any]:
+    """Query live system metrics (CPU, memory, disk, network)."""
     return _call("observabilityops", "create_observabilityops_server", "_tool_metrics",
                  {"query": query, "time_range": time_range, "source": source}, "obs.metrics")
 
 
 def obs_logs(query: str, time_range: str = "1h", source: Optional[str] = None) -> Dict[str, Any]:
+    """Search and retrieve system or application logs."""
     return _call("observabilityops", "create_observabilityops_server", "_tool_logs",
                  {"query": query, "time_range": time_range, "source": source}, "obs.logs")
 
 
 def obs_alerts(action: str, alert_rule: Optional[Dict] = None, rule_id: Optional[str] = None) -> Dict[str, Any]:
-    return _call("observabilityops", "create_observabilityops_server", "_tool_alerts",
-                 {"action": action, "alert_rule": alert_rule, "rule_id": rule_id}, "obs.alerts")
+    """File-based alert management using ~/.delimit/alerts/."""
+    alerts_dir = Path(os.environ.get("DELIMIT_HOME", str(Path.home() / ".delimit"))) / "alerts"
+    alerts_dir.mkdir(parents=True, exist_ok=True)
+    if action == "list":
+        alerts = []
+        for fp in sorted(alerts_dir.glob("*.json")):
+            try:
+                alerts.append(json.loads(fp.read_text()))
+            except Exception:
+                pass
+        return {"tool": "obs.alerts", "status": "ok", "action": "list", "alerts": alerts, "total": len(alerts)}
+    elif action == "create" and alert_rule:
+        import time as _time
+        aid = f"alert-{int(_time.time())}"
+        alert_rule["id"] = aid
+        alert_rule["created_at"] = _time.time()
+        (alerts_dir / f"{aid}.json").write_text(json.dumps(alert_rule, indent=2))
+        return {"tool": "obs.alerts", "status": "created", "alert": alert_rule}
+    elif action == "delete" and rule_id:
+        fp = alerts_dir / f"{rule_id}.json"
+        if fp.exists():
+            fp.unlink()
+            return {"tool": "obs.alerts", "status": "deleted", "rule_id": rule_id}
+        return {"tool": "obs.alerts", "status": "not_found", "rule_id": rule_id}
+    return {"tool": "obs.alerts", "status": "unknown_action", "action": action}
 
 
 def obs_status() -> Dict[str, Any]:
+    """Get overall system health and observability status."""
     return _call("observabilityops", "create_observabilityops_server", "_tool_status",
                  {}, "obs.status")

package/gateway/ai/backends/os_bridge.py

@@ -22,14 +22,30 @@ _NOT_INIT_MSG = (
     "or run the delimit_init tool with your project path."
 )
 
+_DEPENDENCY_MSG = "delimit-os backend is not installed or not available in this environment."
+
+
+def _is_initialized(path: str = ".") -> bool:
+    """A project is initialized if .delimit/policies.yml exists."""
+    return (Path(path).resolve() / ".delimit" / "policies.yml").is_file()
+
 
 def _ensure_os_path():
     if str(OS_PACKAGE) not in sys.path:
         sys.path.insert(0, str(OS_PACKAGE))
 
 
+def _backend_unavailable(path: Optional[str] = None) -> Dict[str, Any]:
+    """Return a truthful error for missing OS backend support."""
+    if path and not _is_initialized(path):
+        return {"error": _NOT_INIT_MSG, "fallback": True}
+    return {"error": _DEPENDENCY_MSG, "fallback": True}
+
+
 def create_plan(operation: str, target: str, parameters: Optional[Dict] = None, require_approval: bool = True) -> Dict[str, Any]:
     """Create an execution plan via delimit-os."""
+    if not OS_PACKAGE.exists():
+        return _backend_unavailable(target)
     _ensure_os_path()
     try:
         from server import PLANS
@@ -54,11 +70,13 @@ def create_plan(operation: str, target: str, parameters: Optional[Dict] = None,
         PLANS[plan_id] = plan
         return plan
     except ImportError:
-        return {"error": _NOT_INIT_MSG, "fallback": True}
+        return _backend_unavailable(target)
 
 
 def get_status() -> Dict[str, Any]:
     """Get current OS status."""
+    if not OS_PACKAGE.exists():
+        return {"status": "unavailable", "error": _DEPENDENCY_MSG}
     _ensure_os_path()
     try:
         from server import PLANS, TASKS, TOKENS
@@ -69,11 +87,13 @@ def get_status() -> Dict[str, Any]:
             "tokens": len(TOKENS),
         }
     except ImportError:
-        return {"status": "unavailable", "error": _NOT_INIT_MSG}
+        return {"status": "unavailable", "error": _DEPENDENCY_MSG}
 
 
 def check_gates(plan_id: str) -> Dict[str, Any]:
     """Check governance gates for a plan."""
+    if not OS_PACKAGE.exists():
+        return {"error": _DEPENDENCY_MSG}
     _ensure_os_path()
     try:
         from server import PLANS
@@ -86,4 +106,4 @@ def check_gates(plan_id: str) -> Dict[str, Any]:
             "status": plan.get("status"),
         }
     except ImportError:
-        return {"error": _NOT_INIT_MSG}
+        return {"error": _DEPENDENCY_MSG}

package/gateway/ai/backends/repo_bridge.py

@@ -49,42 +49,143 @@ def _call(pkg: str, factory_name: str, method: str, args: Dict, tool_label: str)
 # ─── RepoDoctor ────────────────────────────────────────────────────────
 
 def diagnose(target: str = ".", options: Optional[Dict] = None) -> Dict[str, Any]:
-    return _call("repodoctor", "create_repodoctor_server", "_tool_health_check",
-                 {"repository_path": target, **(options or {})}, "repo.diagnose")
+    """Check for common repository issues."""
+    import subprocess
+    root = Path(target).resolve()
+    issues = []
+    if not (root / ".gitignore").exists():
+        issues.append({"severity": "warning", "issue": "No .gitignore file found"})
+    if not any((root / d).exists() for d in ["tests", "test", "__tests__", "spec"]):
+        issues.append({"severity": "warning", "issue": "No test directory found"})
+    if not any((root / f).exists() for f in [".github/workflows", ".gitlab-ci.yml", "Jenkinsfile", ".circleci"]):
+        issues.append({"severity": "info", "issue": "No CI configuration detected"})
+    # Check for large files
+    try:
+        result = subprocess.run(["git", "-C", str(root), "ls-files"], capture_output=True, text=True, timeout=10)
+        if result.returncode == 0:
+            for f in result.stdout.strip().splitlines():
+                fp = root / f
+                if fp.exists() and fp.stat().st_size > 5_000_000:
+                    issues.append({"severity": "warning", "issue": f"Large file ({fp.stat().st_size // 1_000_000}MB): {f}"})
+    except Exception:
+        pass
+    status = "healthy" if not issues else ("warning" if all(i["severity"] != "error" for i in issues) else "unhealthy")
+    return {"tool": "repo.diagnose", "status": status, "target": str(root), "issues": issues, "total_issues": len(issues)}
 
 
 def analyze(target: str = ".", options: Optional[Dict] = None) -> Dict[str, Any]:
-    return _call("repodoctor", "create_repodoctor_server", "_tool_snapshot",
-                 {"repository_path": target, **(options or {})}, "repo.analyze")
+    """Analyze repository structure: file counts by type, configs, health."""
+    root = Path(target).resolve()
+    skip = {"node_modules", "dist", ".next", ".git", "__pycache__", "build", ".cache", "venv", ".venv"}
+    ext_counts: Dict[str, int] = {}
+    total = 0
+    for dirpath, dirnames, filenames in os.walk(root):
+        dirnames[:] = [d for d in dirnames if d not in skip]
+        for f in filenames:
+            ext = Path(f).suffix or "(no ext)"
+            ext_counts[ext] = ext_counts.get(ext, 0) + 1
+            total += 1
+    top = sorted(ext_counts.items(), key=lambda x: -x[1])[:15]
+    configs = {c: (root / c).exists() for c in [
+        ".gitignore", "package.json", "pyproject.toml", "Makefile", "Dockerfile",
+        "tsconfig.json", ".eslintrc.json", "jest.config.js", "pytest.ini", "setup.py",
+    ]}
+    has_tests = any((root / d).exists() for d in ["tests", "test", "__tests__", "spec"])
+    has_ci = any((root / f).exists() for f in [".github/workflows", ".gitlab-ci.yml", "Jenkinsfile"])
+    return {"tool": "repo.analyze", "status": "ok", "target": str(root), "total_files": total,
+            "file_types": dict(top), "configs_found": {k: v for k, v in configs.items() if v},
+            "has_tests": has_tests, "has_ci": has_ci}
 
 
 # ─── ConfigSentry ───────────────────────────────────────────────────────
 
 def config_validate(target: str = ".", options: Optional[Dict] = None) -> Dict[str, Any]:
-    return _call("configsentry", "create_configsentry_server", "_tool_validate",
-                 {"repository_path": target, **(options or {})}, "config.validate")
+    """Validate JSON/YAML config files parse correctly."""
+    root = Path(target).resolve()
+    results = []
+    for ext, loader in [(".json", "json"), (".yaml", "yaml"), (".yml", "yaml")]:
+        for fp in root.glob(f"*{ext}"):
+            if fp.name.startswith(".") and ext == ".json" and "lock" in fp.name:
+                continue
+            try:
+                text = fp.read_text()
+                if loader == "json":
+                    json.loads(text)
+                else:
+                    try:
+                        import yaml as _yaml
+                        _yaml.safe_load(text)
+                    except ImportError:
+                        pass  # skip YAML validation if pyyaml not installed
+                results.append({"file": fp.name, "valid": True})
+            except Exception as e:
+                results.append({"file": fp.name, "valid": False, "error": str(e)[:200]})
+    valid = sum(1 for r in results if r["valid"])
+    invalid = sum(1 for r in results if not r["valid"])
+    return {"tool": "config.validate", "status": "ok" if invalid == 0 else "issues_found",
+            "target": str(root), "files_checked": len(results), "valid": valid, "invalid": invalid, "details": results}
 
 
 def config_audit(target: str = ".", options: Optional[Dict] = None) -> Dict[str, Any]:
-    return _call("configsentry", "create_configsentry_server", "_tool_env_audit",
-                 {"repository_path": target, **(options or {})}, "config.audit")
+    """Audit config files for security issues and staleness."""
+    root = Path(target).resolve()
+    findings = []
+    # Check for secrets in config files
+    secret_patterns = ["password", "secret", "api_key", "apikey", "token", "private_key"]
+    for ext in [".json", ".yaml", ".yml", ".env", ".toml", ".ini", ".cfg"]:
+        for fp in root.glob(f"*{ext}"):
+            try:
+                text = fp.read_text().lower()
+                for pat in secret_patterns:
+                    if pat in text and fp.name != ".gitignore":
+                        findings.append({"file": fp.name, "severity": "warning",
+                                         "issue": f"Possible secret pattern '{pat}' found"})
+                        break
+            except Exception:
+                pass
+    # Check .env not in .gitignore
+    gitignore = root / ".gitignore"
+    if (root / ".env").exists() and gitignore.exists():
+        gi_text = gitignore.read_text()
+        if ".env" not in gi_text:
+            findings.append({"file": ".env", "severity": "error", "issue": ".env exists but not in .gitignore"})
+    elif (root / ".env").exists() and not gitignore.exists():
+        findings.append({"file": ".env", "severity": "error", "issue": ".env exists with no .gitignore"})
+    return {"tool": "config.audit", "status": "ok" if not findings else "issues_found",
+            "target": str(root), "findings": findings, "total_findings": len(findings)}
 
 
 # ─── EvidencePack ───────────────────────────────────────────────────────
 
 def evidence_collect(target: str = ".", options: Optional[Dict] = None) -> Dict[str, Any]:
-    result = _call("evidencepack", "create_evidencepack_server", "_tool_list",
-                   {"limit": 20, **(options or {})}, "evidence.collect")
-    # Provide a clear message when no evidence bundles exist yet
-    if isinstance(result, dict) and result.get("total_bundles", -1) == 0:
-        result["message"] = (
-            "No evidence collected yet. Use evidence.begin to start a collection, "
-            "evidence.capture to add items, and evidence.finalize to create a bundle."
-        )
-    return result
+    """Collect project evidence: git log, test files, configs, governance data."""
+    import subprocess, time as _time
+    root = Path(target).resolve()
+    evidence: Dict[str, Any] = {"collected_at": _time.time(), "target": str(root)}
+    # Git log
+    try:
+        r = subprocess.run(["git", "-C", str(root), "log", "--oneline", "-10"], capture_output=True, text=True, timeout=10)
+        evidence["git_log"] = r.stdout.strip().splitlines() if r.returncode == 0 else []
+    except Exception:
+        evidence["git_log"] = []
+    # Test files
+    test_dirs = [d for d in ["tests", "test", "__tests__", "spec"] if (root / d).exists()]
+    evidence["test_directories"] = test_dirs
+    # Configs
+    evidence["configs"] = [f.name for f in root.iterdir() if f.is_file() and (f.suffix in [".json", ".yaml", ".yml", ".toml"] or f.name.startswith("."))]
+    # Save bundle
+    ev_dir = Path(os.environ.get("DELIMIT_HOME", str(Path.home() / ".delimit"))) / "evidence"
+    ev_dir.mkdir(parents=True, exist_ok=True)
+    bundle_id = f"ev-{int(_time.time())}"
+    bundle_path = ev_dir / f"{bundle_id}.json"
+    evidence["bundle_id"] = bundle_id
+    bundle_path.write_text(json.dumps(evidence, indent=2))
+    return {"tool": "evidence.collect", "status": "ok", "bundle_id": bundle_id,
+            "bundle_path": str(bundle_path), "summary": {k: len(v) if isinstance(v, list) else v for k, v in evidence.items()}}
 
 
 def evidence_verify(bundle_id: Optional[str] = None, bundle_path: Optional[str] = None, options: Optional[Dict] = None) -> Dict[str, Any]:
+    """Verify the integrity and authenticity of a collected evidence bundle."""
     args = {**(options or {})}
     if bundle_id:
         args["bundle_id"] = bundle_id
@@ -92,6 +193,16 @@ def evidence_verify(bundle_id: Optional[str] = None, bundle_path: Optional[str]
         args["bundle_path"] = bundle_path
     if not bundle_id and not bundle_path:
         return {"tool": "evidence.verify", "status": "no_input", "message": "Provide bundle_id or bundle_path to verify"}
+    try:
+        importlib.import_module("evidencepack.server")
+    except (ImportError, ModuleNotFoundError):
+        return {
+            "tool": "evidence.verify",
+            "status": "not_available",
+            "error": "evidencepack backend is not installed or not available in this environment.",
+            "hint": "Install evidencepack to enable evidence bundle verification.",
+            **args,
+        }
     return _call("evidencepack", "create_evidencepack_server", "_tool_validate",
                  args, "evidence.verify")
 
@@ -101,7 +212,29 @@ def evidence_verify(bundle_id: Optional[str] = None, bundle_path: Optional[str]
 _INTERNAL_TOKEN = os.environ.get("DELIMIT_INTERNAL_BRIDGE_TOKEN", "delimit-internal-bridge")
 
 
+def _fallback_security_result(target: str, tool_label: str) -> Dict[str, Any]:
+    """Run the built-in local security audit when securitygate is unavailable."""
+    from .tools_infra import security_audit as local_security_audit
+
+    result = local_security_audit(target=target)
+    result["tool"] = tool_label
+    result.setdefault("status", "ok" if "error" not in result else "error")
+    result["fallback"] = True
+    result["hint"] = (
+        "Running basic security audit (free fallback). "
+        "For enhanced scanning with CVE detection, install securitygate: "
+        "pip install securitygate"
+    )
+    return result
+
+
 def security_scan(target: str = ".", options: Optional[Dict] = None) -> Dict[str, Any]:
+    """Perform an enhanced security scan for CVEs and vulnerabilities."""
+    try:
+        importlib.import_module("securitygate.server")
+    except (ImportError, ModuleNotFoundError):
+        logger.warning("securitygate module not found, falling back to local security audit")
+        return _fallback_security_result(target=target, tool_label="security.scan")
     result = _call("securitygate", "create_securitygate_server", "_tool_scan",
                    {"target": target, "authorization_token": _INTERNAL_TOKEN, **(options or {})}, "security.scan")
     # Guard against fabricated/hardcoded CVE data from stub implementations
@@ -113,5 +246,11 @@ def security_scan(target: str = ".", options: Optional[Dict] = None) -> Dict[str
 
 
 def security_audit(target: str = ".", options: Optional[Dict] = None) -> Dict[str, Any]:
+    """Audit source code for dangerous patterns and hardcoded secrets."""
+    try:
+        importlib.import_module("securitygate.server")
+    except (ImportError, ModuleNotFoundError):
+        logger.warning("securitygate module not found, using built-in security audit")
+        return _fallback_security_result(target=target, tool_label="security.audit")
     return _call("securitygate", "create_securitygate_server", "_tool_audit",
                  {"target": target, "authorization_token": _INTERNAL_TOKEN, **(options or {})}, "security.audit")