delimit-cli 3.15.14 → 4.0.1

package/gateway/ai/swarm.py

@@ -39,7 +39,7 @@ DEFAULT_ROSTER = {
         "fallback_model": "codex-gpt-5.4",
     },
     "ops": {
-        "role": "Strategy, Deliberation, Outreach, Competitive Intel",
+        "role": "Strategy, Deliberation, Community, Analysis",
         "default_model": "grok-4",
         "fallback_model": "gemini-3.1-pro-preview",
     },
@@ -274,7 +274,7 @@ APPROVAL_TIERS = {
     "deploy_staging": "auto_approved",
     "social_post": "founder_email",
     "social_low_risk": "auto_after_consensus",
-    "outreach_issue": "founder_email",
+    "community_issue": "founder_email",
     "ledger_update": "auto_approved",
     "code_commit": "auto_approved",
     "security_audit": "auto_approved",

package/gateway/core/contract_ledger.py

@@ -3,7 +3,7 @@ Delimit Contract Ledger
 Reads, validates, and queries the append-only JSONL event ledger.
 Optional SQLite index for fast lookups (never required for CI).
 
-Per Jamsons Doctrine:
+Per Delimit Stability Contract:
 - Deterministic outputs
 - Append-only artifacts
 - SQLite index is optional, not required for CI

package/gateway/core/dependency_graph.py

@@ -5,7 +5,7 @@ Constructs a deterministic service dependency graph from manifests.
 The graph maps each API/service to its downstream consumers,
 enabling impact analysis when an API contract changes.
 
-Per Jamsons Doctrine:
+Per Delimit Stability Contract:
 - Deterministic outputs (sorted, reproducible)
 - No telemetry
 - Graceful degradation when manifests are missing

package/gateway/core/dependency_manifest.py

@@ -2,7 +2,7 @@
 Delimit Dependency Manifest
 Parses and validates .delimit/dependencies.yaml service dependency declarations.
 
-Per Jamsons Doctrine:
+Per Delimit Stability Contract:
 - Deterministic outputs
 - No credential discovery
 - No telemetry

package/gateway/core/event_backbone.py

@@ -3,7 +3,7 @@ Delimit Event Backbone
 Constructs ledger events, generates SHA-256 hashes, links hash chains,
 and appends to the append-only JSONL ledger.
 
-Per Jamsons Doctrine:
+Per Delimit Stability Contract:
 - Deterministic outputs
 - Append-only artifacts
 - Fail-closed CI behavior (ledger failures never affect CI)
@@ -199,7 +199,7 @@ class EventBackbone:
         This is the primary API for event generation. It is best-effort:
         if the ledger write fails, the event is still returned but not persisted.
 
-        CRITICAL: This method NEVER raises exceptions. Per Jamsons Doctrine,
+        CRITICAL: This method NEVER raises exceptions. Per Delimit Stability Contract,
         ledger failures must not affect CI pass/fail outcome.
 
         Returns:

package/gateway/core/event_schema.py

@@ -1,7 +1,7 @@
 """
 Delimit Event Schema
 Canonical event schema for API contract evolution tracking.
-Deterministic validation and serialization per Jamsons Doctrine.
+Deterministic validation and serialization per Delimit Stability Contract.
 """
 
 import hashlib

package/gateway/core/impact_analyzer.py

@@ -3,7 +3,7 @@ Delimit Impact Analyzer
 Determines downstream consumers affected by an API change
 and produces informational impact summaries for CI output.
 
-Per Jamsons Doctrine:
+Per Delimit Stability Contract:
 - Impact analysis is INFORMATIONAL ONLY
 - NEVER affects CI pass/fail outcome
 - Deterministic outputs

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "delimit-cli",
   "mcpName": "io.github.delimit-ai/delimit-mcp-server",
-  "version": "3.15.14",
+  "version": "4.0.1",
   "description": "Unify Claude Code, Codex, Cursor, and Gemini CLI with persistent context, governance, and multi-model debate.",
   "main": "index.js",
   "files": [
@@ -21,6 +21,9 @@
     "!gateway/ai/handoff_receipts.py",
     "!gateway/ai/toolcard_cache.py",
     "scripts/",
+    "!scripts/security-check.sh",
+    "!scripts/weekly-tweet.py",
+    "!scripts/crosspost_devto.py",
     "server.json",
     "README.md",
     "LICENSE",

package/scripts/crosspost_devto.py

@@ -1,304 +0,0 @@
-#!/usr/bin/env python3
-"""
-Cross-post markdown articles to Dev.to.
-
-Reads articles from a content directory, publishes or updates them
-on Dev.to via the Forem API. Idempotent — tracks published article
-IDs in a local manifest to support updates.
-
-Usage:
-    # Publish all articles (dry run):
-    python scripts/crosspost_devto.py --dir /home/delimit/delimit-private/blog --dry-run
-
-    # Publish all articles:
-    DEV_TO_API_KEY=your_key python scripts/crosspost_devto.py --dir /home/delimit/delimit-private/blog
-
-    # Publish a single article:
-    DEV_TO_API_KEY=your_key python scripts/crosspost_devto.py --file /home/delimit/delimit-private/blog/01-catch-breaking-api-changes.md
-
-    # List published articles:
-    DEV_TO_API_KEY=your_key python scripts/crosspost_devto.py --list
-
-Requires:
-    DEV_TO_API_KEY environment variable (get from https://dev.to/settings/extensions)
-"""
-
-import argparse
-import json
-import os
-import re
-import sys
-from pathlib import Path
-
-try:
-    import requests
-except ImportError:
-    print("ERROR: 'requests' package required. Install with: pip install requests")
-    sys.exit(1)
-
-API_BASE = "https://dev.to/api"
-MANIFEST_FILE = ".devto_manifest.json"
-
-
-def get_api_key():
-    key = os.environ.get("DEV_TO_API_KEY")
-    if not key:
-        print("ERROR: DEV_TO_API_KEY environment variable not set.")
-        print("Get your key from: https://dev.to/settings/extensions")
-        sys.exit(1)
-    return key
-
-
-def load_manifest(content_dir):
-    """Load the manifest that maps filenames to Dev.to article IDs."""
-    manifest_path = Path(content_dir) / MANIFEST_FILE
-    if manifest_path.exists():
-        with open(manifest_path) as f:
-            return json.load(f)
-    return {}
-
-
-def save_manifest(content_dir, manifest):
-    """Save the manifest after publishing."""
-    manifest_path = Path(content_dir) / MANIFEST_FILE
-    with open(manifest_path, "w") as f:
-        json.dump(manifest, f, indent=2)
-    print(f"  Manifest saved: {manifest_path}")
-
-
-def parse_frontmatter(filepath):
-    """Parse YAML-ish frontmatter from a markdown file.
-
-    Returns (frontmatter_dict, body_markdown).
-    """
-    text = Path(filepath).read_text(encoding="utf-8")
-
-    # Match frontmatter block
-    match = re.match(r"^---\s*\n(.*?)\n---\s*\n(.*)", text, re.DOTALL)
-    if not match:
-        print(f"  WARNING: No frontmatter found in {filepath}")
-        return {}, text
-
-    fm_text = match.group(1)
-    body = match.group(2).strip()
-
-    # Simple key: value parser (handles quoted and unquoted values)
-    fm = {}
-    for line in fm_text.strip().split("\n"):
-        line = line.strip()
-        if not line or ":" not in line:
-            continue
-        key, _, value = line.partition(":")
-        key = key.strip()
-        value = value.strip().strip('"').strip("'")
-        # Parse boolean
-        if value.lower() == "true":
-            value = True
-        elif value.lower() == "false":
-            value = False
-        fm[key] = value
-
-    return fm, body
-
-
-def build_article_payload(filepath, publish=False):
-    """Build the Dev.to article creation/update payload."""
-    fm, body = parse_frontmatter(filepath)
-
-    if not fm.get("title"):
-        print(f"  ERROR: Article {filepath} has no title in frontmatter.")
-        return None
-
-    # Parse tags from comma-separated string
-    tags = []
-    if fm.get("tags"):
-        if isinstance(fm["tags"], str):
-            tags = [t.strip() for t in fm["tags"].split(",")]
-        else:
-            tags = fm["tags"]
-    # Dev.to allows max 4 tags
-    tags = tags[:4]
-
-    payload = {
-        "article": {
-            "title": fm["title"],
-            "body_markdown": body,
-            "published": publish,
-            "tags": tags,
-        }
-    }
-
-    if fm.get("description"):
-        payload["article"]["description"] = fm["description"]
-    if fm.get("canonical_url"):
-        payload["article"]["canonical_url"] = fm["canonical_url"]
-    if fm.get("cover_image"):
-        payload["article"]["cover_image"] = fm["cover_image"]
-    if fm.get("series"):
-        payload["article"]["series"] = fm["series"]
-
-    return payload
-
-
-def create_article(api_key, payload):
-    """Create a new article on Dev.to."""
-    resp = requests.post(
-        f"{API_BASE}/articles",
-        headers={
-            "api-key": api_key,
-            "Content-Type": "application/json",
-        },
-        json=payload,
-        timeout=30,
-    )
-    resp.raise_for_status()
-    return resp.json()
-
-
-def update_article(api_key, article_id, payload):
-    """Update an existing article on Dev.to."""
-    resp = requests.put(
-        f"{API_BASE}/articles/{article_id}",
-        headers={
-            "api-key": api_key,
-            "Content-Type": "application/json",
-        },
-        json=payload,
-        timeout=30,
-    )
-    resp.raise_for_status()
-    return resp.json()
-
-
-def list_articles(api_key):
-    """List the authenticated user's articles."""
-    resp = requests.get(
-        f"{API_BASE}/articles/me/all",
-        headers={"api-key": api_key},
-        timeout=30,
-    )
-    resp.raise_for_status()
-    return resp.json()
-
-
-def publish_file(api_key, filepath, manifest, content_dir, dry_run=False, publish=False):
-    """Publish or update a single article."""
-    filename = Path(filepath).name
-    print(f"\nProcessing: {filename}")
-
-    payload = build_article_payload(filepath, publish=publish)
-    if not payload:
-        return False
-
-    title = payload["article"]["title"]
-    existing_id = manifest.get(filename, {}).get("id")
-
-    if dry_run:
-        action = "UPDATE" if existing_id else "CREATE"
-        status = "published" if publish else "draft"
-        print(f"  [DRY RUN] Would {action} ({status}): {title}")
-        if existing_id:
-            print(f"  [DRY RUN] Existing article ID: {existing_id}")
-        print(f"  [DRY RUN] Tags: {payload['article'].get('tags', [])}")
-        return True
-
-    try:
-        if existing_id:
-            print(f"  Updating article {existing_id}: {title}")
-            result = update_article(api_key, existing_id, payload)
-        else:
-            print(f"  Creating article: {title}")
-            result = create_article(api_key, payload)
-
-        article_id = result["id"]
-        article_url = result.get("url", f"https://dev.to/delimit_ai/{result.get('slug', '')}")
-
-        manifest[filename] = {
-            "id": article_id,
-            "url": article_url,
-            "title": title,
-        }
-        save_manifest(content_dir, manifest)
-
-        status = "PUBLISHED" if publish else "DRAFT"
-        print(f"  {status}: {article_url}")
-        return True
-
-    except requests.exceptions.HTTPError as e:
-        print(f"  ERROR: {e}")
-        if e.response is not None:
-            print(f"  Response: {e.response.text[:500]}")
-        return False
-
-
-def main():
-    parser = argparse.ArgumentParser(description="Cross-post articles to Dev.to")
-    parser.add_argument("--dir", help="Directory containing markdown articles")
-    parser.add_argument("--file", help="Single markdown file to publish")
-    parser.add_argument("--list", action="store_true", help="List published articles")
-    parser.add_argument("--dry-run", action="store_true", help="Preview without publishing")
-    parser.add_argument("--publish", action="store_true",
-                        help="Publish articles (default: save as draft)")
-    args = parser.parse_args()
-
-    if args.list:
-        api_key = get_api_key()
-        articles = list_articles(api_key)
-        if not articles:
-            print("No articles found.")
-            return
-        print(f"Found {len(articles)} articles:\n")
-        for a in articles:
-            status = "PUBLISHED" if a.get("published") else "DRAFT"
-            print(f"  [{status}] {a['title']}")
-            print(f"    URL: {a.get('url', 'N/A')}")
-            print(f"    ID:  {a['id']}")
-            print()
-        return
-
-    if not args.dir and not args.file:
-        parser.print_help()
-        print("\nError: specify --dir or --file")
-        sys.exit(1)
-
-    api_key = None
-    if not args.dry_run:
-        api_key = get_api_key()
-
-    content_dir = args.dir or str(Path(args.file).parent)
-    manifest = load_manifest(content_dir)
-
-    files = []
-    if args.file:
-        files = [args.file]
-    else:
-        files = sorted(
-            str(p) for p in Path(args.dir).glob("*.md")
-            if not p.name.startswith(".")
-            and p.name not in ("README.md", "DEVTO_SETUP.md")
-            and not p.name.isupper()  # skip ALL-CAPS docs like DEVTO_SETUP.md
-        )
-
-    if not files:
-        print(f"No markdown files found in {args.dir}")
-        sys.exit(1)
-
-    print(f"Found {len(files)} article(s) to process")
-    if args.dry_run:
-        print("MODE: dry run (no API calls)")
-    elif args.publish:
-        print("MODE: publish (articles will be live)")
-    else:
-        print("MODE: draft (articles saved as drafts on Dev.to)")
-
-    success = 0
-    for filepath in files:
-        if publish_file(api_key, filepath, manifest, content_dir,
-                        dry_run=args.dry_run, publish=args.publish):
-            success += 1
-
-    print(f"\nDone: {success}/{len(files)} articles processed successfully.")
-
-
-if __name__ == "__main__":
-    main()

package/scripts/security-check.sh

@@ -1,66 +0,0 @@
-#!/bin/bash
-# Pre-publish security check — blocks npm publish if secrets are found
-# Run: bash scripts/security-check.sh
-
-set -euo pipefail
-
-echo "🔍 Delimit pre-publish security scan..."
-
-FAIL=0
-
-# Pack to temp and scan the actual tarball contents
-TMPDIR=$(mktemp -d)
-npm pack --pack-destination "$TMPDIR" --quiet 2>/dev/null
-TARBALL=$(ls "$TMPDIR"/*.tgz)
-tar -xzf "$TARBALL" -C "$TMPDIR"
-
-# 1. Credential patterns
-echo -n "  Credentials... "
-if grep -rEi '(password|passwd|secret|api_key|apikey)\s*[:=]\s*["\x27][^"\x27]{4,}' "$TMPDIR/package/" --include="*.py" --include="*.js" --include="*.json" 2>/dev/null | grep -v 'environ\|getenv\|process\.env\|os\.environ\|<configured\|example\|placeholder\|REDACTED\|\${credentials\|credentials\.\|security-scan-ignore'; then
-    echo "❌ FOUND CREDENTIALS"
-    FAIL=1
-else
-    echo "✅ clean"
-fi
-
-# 2. Blocklist terms
-echo -n "  Blocklist... "
-BLOCKLIST="jamsonsholdings|Bladabah|Domainvested26|Delimit26|home/jamsons|infracore|crypttrx|\.wr_env|delimitdev|typed-on-phone|em dash.*ai tell|PAIN_CATEGORIES|VENTURE_CONFIG|VENTURE_SUBREDDITS|karma_building"
-if grep -rEi "$BLOCKLIST" "$TMPDIR/package/" --include="*.py" --include="*.js" --include="*.json" 2>/dev/null; then
-    echo "❌ BLOCKED TERMS FOUND"
-    FAIL=1
-else
-    echo "✅ clean"
-fi
-
-# 3. PII (email addresses that aren't examples)
-echo -n "  PII... "
-if grep -rEi '[a-z0-9._%+-]+@(gmail|yahoo|hotmail|outlook|proton|jamsons|wire\.report|domainvested)' "$TMPDIR/package/" --include="*.py" --include="*.js" --include="*.json" 2>/dev/null | grep -v "example\|placeholder\|<configured\|noreply\|e\.g\.\|docstring\|Args:\|Credential resolution"; then
-    echo "❌ PII FOUND"
-    FAIL=1
-else
-    echo "✅ clean"
-fi
-
-# 4. Proprietary files that shouldn't ship
-echo -n "  Proprietary files... "
-PROPRIETARY="social_target\.py|social\.py|founding_users\.py|inbox_daemon\.py|deliberation\.py|reddit_scanner\.py|github_scanner\.py|cross_model_audit\.py|session_phoenix\.py|handoff_receipts\.py|toolcard_cache\.py"
-if find "$TMPDIR/package/" -name "*.py" | grep -Ei "$PROPRIETARY" 2>/dev/null; then
-    echo "❌ PROPRIETARY FILES IN PACKAGE"
-    FAIL=1
-else
-    echo "✅ clean"
-fi
-
-# Cleanup
-rm -rf "$TMPDIR"
-
-if [ $FAIL -ne 0 ]; then
-    echo ""
-    echo "❌ SECURITY CHECK FAILED — do not publish"
-    exit 1
-fi
-
-echo ""
-echo "✅ All security checks passed"
-exit 0

package/scripts/weekly-tweet.py

@@ -1,191 +0,0 @@
-#!/usr/bin/env python3
-"""
-Weekly Activity Tweet for @delimit_ai.
-
-Gathers GitHub activity stats across delimit-ai repos and npm download
-counts, then posts a summary tweet via the Twitter API.
-
-Reads Twitter credentials from environment variables (for GitHub Actions).
-"""
-
-import os
-import sys
-import json
-from datetime import datetime, timedelta, timezone
-
-import requests
-import tweepy
-
-ORG = "delimit-ai"
-NPM_PACKAGE = "delimit-cli"
-GITHUB_API = "https://api.github.com"
-NPM_API = "https://api.npmjs.org"
-
-
-def get_org_repos():
-    """Fetch all public repos for the org."""
-    repos = []
-    page = 1
-    while True:
-        resp = requests.get(
-            f"{GITHUB_API}/orgs/{ORG}/repos",
-            params={"type": "public", "per_page": 100, "page": page},
-        )
-        if resp.status_code != 200:
-            break
-        batch = resp.json()
-        if not batch:
-            break
-        repos.extend(batch)
-        page += 1
-    return repos
-
-
-def get_total_stars(repos):
-    """Sum stargazers across all repos."""
-    return sum(r.get("stargazers_count", 0) for r in repos)
-
-
-def get_commits_last_week(repos):
-    """Count commits in the last 7 days across all repos."""
-    since = (datetime.now(timezone.utc) - timedelta(days=7)).isoformat()
-    total = 0
-    for repo in repos:
-        name = repo["full_name"]
-        page = 1
-        while True:
-            resp = requests.get(
-                f"{GITHUB_API}/repos/{name}/commits",
-                params={"since": since, "per_page": 100, "page": page},
-            )
-            if resp.status_code != 200:
-                break
-            batch = resp.json()
-            if not batch:
-                break
-            total += len(batch)
-            if len(batch) < 100:
-                break
-            page += 1
-    return total
-
-
-def get_prs_merged_last_week(repos):
-    """Count PRs merged in the last 7 days."""
-    since = (datetime.now(timezone.utc) - timedelta(days=7)).isoformat()
-    total = 0
-    for repo in repos:
-        name = repo["full_name"]
-        resp = requests.get(
-            f"{GITHUB_API}/repos/{name}/pulls",
-            params={"state": "closed", "sort": "updated", "direction": "desc", "per_page": 100},
-        )
-        if resp.status_code != 200:
-            continue
-        for pr in resp.json():
-            if pr.get("merged_at") and pr["merged_at"] >= since:
-                total += 1
-    return total
-
-
-def get_issues_stats(repos):
-    """Count issues opened and closed in the last 7 days."""
-    since = (datetime.now(timezone.utc) - timedelta(days=7)).isoformat()
-    opened = 0
-    closed = 0
-    for repo in repos:
-        name = repo["full_name"]
-        # Opened
-        resp = requests.get(
-            f"{GITHUB_API}/repos/{name}/issues",
-            params={"state": "all", "since": since, "per_page": 100},
-        )
-        if resp.status_code == 200:
-            for issue in resp.json():
-                if issue.get("pull_request"):
-                    continue
-                if issue.get("created_at", "") >= since:
-                    opened += 1
-                if issue.get("closed_at") and issue["closed_at"] >= since:
-                    closed += 1
-    return opened, closed
-
-
-def get_npm_downloads():
-    """Get npm download count for the last week."""
-    resp = requests.get(f"{NPM_API}/downloads/point/last-week/{NPM_PACKAGE}")
-    if resp.status_code != 200:
-        return 0
-    return resp.json().get("downloads", 0)
-
-
-def format_tweet(npm_downloads, total_stars, prs_merged, commits):
-    """Format the weekly summary tweet."""
-    lines = ["This week at Delimit:", ""]
-    if npm_downloads > 0:
-        lines.append(f"\U0001f4e6 {npm_downloads:,} npm downloads")
-    if total_stars > 0:
-        lines.append(f"\u2b50 {total_stars:,} stars")
-    if prs_merged > 0:
-        lines.append(f"\U0001f500 {prs_merged:,} PRs merged")
-    if commits > 0:
-        lines.append(f"\U0001f6e0\ufe0f {commits:,} commits")
-    lines.append("")
-    lines.append("Keep Building.")
-    lines.append("")
-    lines.append("delimit.ai")
-    return "\n".join(lines)
-
-
-def post_tweet(text):
-    """Post tweet using tweepy with OAuth 1.0a credentials from env vars."""
-    consumer_key = os.environ.get("TWITTER_CONSUMER_KEY")
-    consumer_secret = os.environ.get("TWITTER_CONSUMER_SECRET")
-    access_token = os.environ.get("TWITTER_ACCESS_TOKEN")
-    access_token_secret = os.environ.get("TWITTER_ACCESS_TOKEN_SECRET")
-
-    if not all([consumer_key, consumer_secret, access_token, access_token_secret]):
-        print("ERROR: Missing Twitter credentials in environment variables.")
-        sys.exit(1)
-
-    client = tweepy.Client(
-        consumer_key=consumer_key,
-        consumer_secret=consumer_secret,
-        access_token=access_token,
-        access_token_secret=access_token_secret,
-    )
-    response = client.create_tweet(text=text)
-    print(f"Tweet posted: https://x.com/delimit_ai/status/{response.data['id']}")
-
-
-def main():
-    print("Gathering weekly stats for delimit-ai...")
-
-    repos = get_org_repos()
-    print(f"  Found {len(repos)} public repos")
-
-    npm_downloads = get_npm_downloads()
-    print(f"  npm downloads (last week): {npm_downloads}")
-
-    total_stars = get_total_stars(repos)
-    print(f"  Total stars: {total_stars}")
-
-    prs_merged = get_prs_merged_last_week(repos)
-    print(f"  PRs merged (last week): {prs_merged}")
-
-    commits = get_commits_last_week(repos)
-    print(f"  Commits (last week): {commits}")
-
-    # Don't tweet if there's nothing to report
-    if npm_downloads == 0 and total_stars == 0 and prs_merged == 0 and commits == 0:
-        print("No activity this week. Skipping tweet.")
-        return
-
-    tweet_text = format_tweet(npm_downloads, total_stars, prs_merged, commits)
-    print(f"\nTweet ({len(tweet_text)} chars):\n{tweet_text}\n")
-
-    post_tweet(tweet_text)
-
-
-if __name__ == "__main__":
-    main()