delimit-cli 3.14.43 → 3.14.45

package/gateway/ai/notify.py

@@ -37,7 +37,7 @@ INBOX_ROUTING_FILE = Path.home() / ".delimit" / "inbox_routing.jsonl"
 IMAP_HOST = "mail.spacemail.com"
 IMAP_PORT = 993
 IMAP_USER = "pro@delimit.ai"
-FORWARD_TO = os.environ.get("DELIMIT_FORWARD_TO", "")
+FORWARD_TO = "configured-email@example.com"
 
 # Domains/senders whose emails require owner action
 OWNER_ACTION_DOMAINS = {
@@ -61,7 +61,7 @@ OWNER_ACTION_DOMAINS = {
 }
 
 OWNER_ACTION_SENDERS = {
-    os.environ.get("DELIMIT_FORWARD_TO", ""),
+    "configured-email@example.com",
 }
 
 # Subject patterns that indicate owner-action (compiled once)
@@ -222,7 +222,8 @@ def send_email(
     """Send an email notification via SMTP.
 
     Args:
-        to: Recipient email address. Falls back to DELIMIT_SMTP_TO env var.
+        to: Recipient email address. Falls back to DELIMIT_SMTP_TO or
+            configured-email@example.com.
         subject: Email subject line.
         body: Email body text (preferred). Falls back to 'message' for
             backward compatibility.
@@ -257,7 +258,7 @@ def send_email(
         smtp_pass = os.environ.get("DELIMIT_SMTP_PASS", "")
         smtp_from = os.environ.get("DELIMIT_SMTP_FROM", "")
 
-    smtp_to = to or os.environ.get("DELIMIT_SMTP_TO", "")
+    smtp_to = to or os.environ.get("DELIMIT_SMTP_TO", "configured-email@example.com")
 
     if not all([smtp_host, smtp_from, smtp_to]):
         record = {

package/gateway/ai/server.py

@@ -5886,7 +5886,7 @@ def delimit_notify(channel: str = "webhook", message: str = "",
         subject: Subject line (email only). Use [ACTION], [INFO], [ALERT] prefix.
         event_type: Event category for filtering.
         to: Recipient email address (email only). Overrides default DELIMIT_SMTP_TO.
-            Send to any address — leave empty for default (uses DELIMIT_SMTP_TO env var).
+            Send to any address — leave empty for default (configured-email@example.com).
         from_account: Sender account key from ~/.delimit/secrets/smtp-all.json
             (e.g. 'pro@delimit.ai', '<configured-email>'). Email only.
     """
@@ -5994,7 +5994,7 @@ def delimit_notify_inbox(action: str = "status", limit: int = 10,
     """Check inbound email inbox, classify, and route (Pro).
 
     Polls pro@delimit.ai via IMAP. Classifies emails as owner-action
-    (forwards to configured email) or non-owner (stays in inbox).
+    (forwards to configured-email@example.com) or non-owner (stays in inbox).
 
     Args:
         action: 'status' (show inbox state), 'poll' (classify and optionally forward),

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "delimit-cli",
   "mcpName": "io.github.delimit-ai/delimit-mcp-server",
-  "version": "3.14.43",
+  "version": "3.14.45",
   "description": "Unify Claude Code, Codex, Cursor, and Gemini CLI with persistent context, governance, and multi-model debate.",
   "main": "index.js",
   "files": [
@@ -9,6 +9,10 @@
     "lib/",
     "adapters/",
     "gateway/",
+    "!gateway/ai/social_target.py",
+    "!gateway/ai/social.py",
+    "!gateway/ai/founding_users.py",
+    "!gateway/ai/inbox_daemon.py",
     "scripts/",
     "server.json",
     "README.md",
@@ -21,6 +25,7 @@
   },
   "scripts": {
     "postinstall": "node scripts/postinstall.js",
+    "prepublishOnly": "bash scripts/security-check.sh",
     "test": "node --test tests/setup-onboarding.test.js tests/setup-matrix.test.js tests/config-export-import.test.js tests/cross-model-hooks.test.js tests/golden-path.test.js"
   },
   "keywords": [

package/scripts/security-check.sh

@@ -0,0 +1,66 @@
+#!/bin/bash
+# Pre-publish security check — blocks npm publish if secrets are found
+# Run: bash scripts/security-check.sh
+
+set -euo pipefail
+
+echo "🔍 Delimit pre-publish security scan..."
+
+FAIL=0
+
+# Pack to temp and scan the actual tarball contents
+TMPDIR=$(mktemp -d)
+npm pack --pack-destination "$TMPDIR" --quiet 2>/dev/null
+TARBALL=$(ls "$TMPDIR"/*.tgz)
+tar -xzf "$TARBALL" -C "$TMPDIR"
+
+# 1. Credential patterns
+echo -n "  Credentials... "
+if grep -rEi '(password|passwd|secret|api_key|apikey)\s*[:=]\s*["\x27][^"\x27]{4,}' "$TMPDIR/package/" --include="*.py" --include="*.js" --include="*.json" 2>/dev/null | grep -v 'environ\|getenv\|process\.env\|os\.environ\|<configured\|example\|placeholder\|REDACTED\|\${credentials\|credentials\.\|security-scan-ignore'; then
+    echo "❌ FOUND CREDENTIALS"
+    FAIL=1
+else
+    echo "✅ clean"
+fi
+
+# 2. Blocklist terms
+echo -n "  Blocklist... "
+BLOCKLIST="jamsonsholdings|Bladabah|Domainvested26|Delimit26|home/jamsons|infracore|crypttrx|\.wr_env"
+if grep -rEi "$BLOCKLIST" "$TMPDIR/package/" --include="*.py" --include="*.js" --include="*.json" 2>/dev/null; then
+    echo "❌ BLOCKED TERMS FOUND"
+    FAIL=1
+else
+    echo "✅ clean"
+fi
+
+# 3. PII (email addresses that aren't examples)
+echo -n "  PII... "
+if grep -rEi '[a-z0-9._%+-]+@(gmail|yahoo|hotmail|outlook|proton|jamsons|wire\.report|domainvested)' "$TMPDIR/package/" --include="*.py" --include="*.js" --include="*.json" 2>/dev/null | grep -v "example\|placeholder\|<configured\|noreply"; then
+    echo "❌ PII FOUND"
+    FAIL=1
+else
+    echo "✅ clean"
+fi
+
+# 4. Proprietary files that shouldn't ship
+echo -n "  Proprietary files... "
+PROPRIETARY="social_target\.py|social\.py|founding_users\.py|inbox_daemon\.py"
+if find "$TMPDIR/package/" -name "*.py" | grep -Ei "$PROPRIETARY" 2>/dev/null; then
+    echo "❌ PROPRIETARY FILES IN PACKAGE"
+    FAIL=1
+else
+    echo "✅ clean"
+fi
+
+# Cleanup
+rm -rf "$TMPDIR"
+
+if [ $FAIL -ne 0 ]; then
+    echo ""
+    echo "❌ SECURITY CHECK FAILED — do not publish"
+    exit 1
+fi
+
+echo ""
+echo "✅ All security checks passed"
+exit 0

package/gateway/ai/founding_users.py

@@ -1,163 +0,0 @@
-"""Founding User tracker — manages the 25 founding user slots.
-
-Monitors Supabase for new signups, sends welcome emails,
-tracks slots remaining, and manages the 12-month term.
-"""
-import json
-import os
-import smtplib
-import imaplib
-from email.mime.text import MIMEText
-from email.mime.multipart import MIMEMultipart
-from pathlib import Path
-from datetime import datetime, timezone
-
-SECRETS_DIR = Path.home() / ".delimit" / "secrets"
-FOUNDING_USERS_FILE = Path.home() / ".delimit" / "founding_users.json"
-MAX_FOUNDING_USERS = 25
-SMTP_HOST = "mail.spacemail.com"
-SMTP_PORT = 465
-IMAP_HOST = "mail.spacemail.com"
-EMAIL = "pro@delimit.ai"
-
-
-def _load_creds():
-    """Load email credentials."""
-    return {"email": EMAIL, "password": os.environ.get("DELIMIT_FOUNDING_PASSWORD", "")}
-
-
-def _load_founding_users() -> dict:
-    """Load founding users registry."""
-    if FOUNDING_USERS_FILE.exists():
-        return json.loads(FOUNDING_USERS_FILE.read_text())
-    return {"users": [], "created_at": datetime.now(timezone.utc).isoformat()}
-
-
-def _save_founding_users(data: dict):
-    """Save founding users registry."""
-    FOUNDING_USERS_FILE.parent.mkdir(parents=True, exist_ok=True)
-    FOUNDING_USERS_FILE.write_text(json.dumps(data, indent=2))
-
-
-def get_status() -> dict:
-    """Get founding user program status."""
-    data = _load_founding_users()
-    users = data.get("users", [])
-    return {
-        "total_slots": MAX_FOUNDING_USERS,
-        "claimed": len(users),
-        "remaining": MAX_FOUNDING_USERS - len(users),
-        "users": [{"email": u["email"], "name": u.get("name", ""), "joined": u["joined_at"]} for u in users],
-    }
-
-
-def register_founding_user(email: str, name: str = "", github_username: str = "") -> dict:
-    """Register a new founding user."""
-    data = _load_founding_users()
-    users = data.get("users", [])
-
-    if len(users) >= MAX_FOUNDING_USERS:
-        return {"error": "All 25 founding user spots are claimed.", "remaining": 0}
-
-    if any(u["email"] == email for u in users):
-        return {"error": "Already registered as a founding user.", "email": email}
-
-    user = {
-        "email": email,
-        "name": name,
-        "github_username": github_username,
-        "joined_at": datetime.now(timezone.utc).isoformat(),
-        "term_months": 12,
-        "status": "active",
-    }
-    users.append(user)
-    data["users"] = users
-    _save_founding_users(data)
-
-    # Send welcome email
-    try:
-        _send_welcome_email(email, name)
-    except Exception:
-        pass  # Don't fail registration if email fails
-
-    return {
-        "registered": True,
-        "email": email,
-        "slot": len(users),
-        "remaining": MAX_FOUNDING_USERS - len(users),
-    }
-
-
-def _send_welcome_email(to_email: str, name: str = ""):
-    """Send welcome email to new founding user."""
-    creds = _load_creds()
-    greeting = f"Hi {name}," if name else "Hi,"
-
-    html = f"""
-    <div style="font-family: -apple-system, sans-serif; max-width: 600px; margin: 0 auto; background: #0a0a1a; color: #e5e7eb; padding: 40px; border-radius: 12px;">
-        <div style="text-align: center; margin-bottom: 32px;">
-            <span style="font-size: 32px; font-weight: 800; background: linear-gradient(135deg, #3b82f6, #8b5cf6); -webkit-background-clip: text; -webkit-text-fill-color: transparent;">
-                &lt;/&gt; Delimit
-            </span>
-        </div>
-
-        <h1 style="color: #fff; font-size: 24px; margin-bottom: 16px;">Welcome, Founding User</h1>
-
-        <p>{greeting}</p>
-
-        <p>You're one of 25 founding users getting full access to Delimit for 12 months. That includes:</p>
-
-        <ul style="line-height: 2;">
-            <li>Full enterprise dashboard (app.delimit.ai)</li>
-            <li>106 MCP tools across Claude Code, Codex, Cursor, Gemini CLI</li>
-            <li>Multi-model deliberation</li>
-            <li>Team management, audit trail, policy editor</li>
-            <li>Priority feedback channel</li>
-            <li>Permanent Founding User badge</li>
-        </ul>
-
-        <div style="background: #1a1a2e; border: 1px solid #374151; border-radius: 8px; padding: 16px; margin: 24px 0;">
-            <p style="margin: 0; font-family: monospace; color: #22c55e;">$ npx delimit-cli setup</p>
-        </div>
-
-        <p>Questions? Reply to this email — it goes straight to the founder.</p>
-
-        <p style="color: #9ca3af; font-size: 14px; margin-top: 32px;">
-            — The Delimit Team<br>
-            delimit.ai
-        </p>
-    </div>
-    """
-
-    msg = MIMEMultipart("alternative")
-    msg["From"] = f"Delimit <{EMAIL}>"
-    msg["To"] = to_email
-    msg["Subject"] = "Welcome to Delimit — You're a Founding User"
-    msg.attach(MIMEText(html, "html"))
-
-    with smtplib.SMTP_SSL(SMTP_HOST, SMTP_PORT) as server:
-        server.login(creds["email"], creds["password"])
-        server.send_message(msg)
-
-
-def check_inbox() -> list:
-    """Check pro@delimit.ai inbox for new messages."""
-    creds = _load_creds()
-    try:
-        mail = imaplib.IMAP4_SSL(IMAP_HOST, 993)
-        mail.login(creds["email"], creds["password"])
-        mail.select("inbox")
-        status, messages = mail.search(None, "UNSEEN")
-        if not messages[0]:
-            mail.logout()
-            return []
-
-        results = []
-        for mid in messages[0].split():
-            status, data = mail.fetch(mid, "(BODY[HEADER.FIELDS (FROM SUBJECT DATE)])")
-            header = data[0][1].decode()
-            results.append(header.strip())
-        mail.logout()
-        return results
-    except Exception as e:
-        return [{"error": str(e)}]