delimit-cli 3.15.6 → 3.15.7

package/gateway/ai/server.py

@@ -3631,6 +3631,255 @@ STANDARD_WORKFLOWS = [
 ]
 
 
+@mcp.tool()
+def delimit_swarm(action: str = "status", venture: str = "",
+                   agent_id: str = "", repo_path: str = "",
+                   deploy_target: str = "", target_path: str = "",
+                   access_action: str = "read") -> Dict[str, Any]:
+    """Manage the agent swarm — ventures, personas, namespace isolation.
+
+    Each venture gets 5 AI agent roles (Architect, Senior Dev, Reviewer, QA, Ops)
+    with namespace isolation and model binding per Agent Swarm Standard v1.2.
+
+    Actions:
+      status: Full swarm overview (ventures, agents, health)
+      register: Register a new venture with agent team
+      venture: Get venture details + its agents
+      agent: Get agent details
+      check: Check namespace access for an agent
+      approve: Check approval tier for an action
+      guide: Get usage documentation
+      rules: Get escalation rules
+
+    Args:
+        action: "status", "register", "venture", "agent", "check", "approve", "guide", or "rules".
+        venture: Venture name (for register/venture).
+        agent_id: Agent ID like "delimit-architect-01" (for agent/check).
+        repo_path: Repo path for venture registration.
+        deploy_target: Deploy target for venture registration.
+        target_path: File path to check access for (check action).
+        access_action: Action name — for check: "read"/"write"/"deploy". For approve: "deploy_production"/"deploy_staging"/"social_post" etc.
+    """
+    from ai.swarm import (register_venture, get_venture, get_agent,
+                           check_namespace_access, get_swarm_status,
+                           check_approval, get_escalation_rules, get_usage_guide)
+
+    if action == "register":
+        return _with_next_steps("swarm", _safe_call(
+            register_venture, name=venture, repo_path=repo_path, deploy_target=deploy_target,
+        ))
+    if action == "venture":
+        return _with_next_steps("swarm", _safe_call(get_venture, name=venture))
+    if action == "agent":
+        return _with_next_steps("swarm", _safe_call(get_agent, agent_id=agent_id))
+    if action == "approve":
+        return _with_next_steps("swarm", _safe_call(
+            check_approval, action=access_action, venture=venture, agent_id=agent_id,
+        ))
+    if action == "guide":
+        return _with_next_steps("swarm", _safe_call(get_usage_guide))
+    if action == "rules":
+        return _with_next_steps("swarm", _safe_call(get_escalation_rules))
+    if action == "check":
+        return _with_next_steps("swarm", _safe_call(
+            check_namespace_access, agent_id=agent_id, target_path=target_path, action=access_action,
+        ))
+    return _with_next_steps("swarm", _safe_call(get_swarm_status))
+
+
+@mcp.tool()
+def delimit_review(diff: str = "", file_path: str = "",
+                    context: str = "", pr_url: str = "") -> Dict[str, Any]:
+    """Run a multi-model code review on a diff or file.
+
+    Sends the code change to multiple AI models and consolidates their
+    feedback into a single structured review. The output can be posted
+    as a GitHub PR comment.
+
+    Provide either a diff string or a file path to review.
+
+    Args:
+        diff: Git diff or code to review. Takes priority over file_path.
+        file_path: Path to file to review (reads current content).
+        context: Additional context about the change (what it does, why).
+        pr_url: GitHub PR URL for linking the review.
+    """
+    from ai.multi_review import generate_review_prompt, consolidate_reviews, save_review
+
+    # Get the diff content
+    if not diff and file_path:
+        try:
+            from subprocess import run as _run
+            result = _run(
+                ["git", "diff", "HEAD", "--", file_path],
+                capture_output=True, text=True, timeout=10,
+            )
+            diff = result.stdout or Path(file_path).read_text()[:5000]
+        except Exception:
+            try:
+                diff = Path(file_path).read_text()[:5000]
+            except Exception as e:
+                return {"error": f"Could not read {file_path}: {e}"}
+
+    if not diff:
+        return {"error": "Provide either diff text or file_path to review"}
+
+    prompt = generate_review_prompt(diff, context)
+
+    # Run through deliberation engine for multi-model feedback
+    try:
+        from ai.deliberation import get_models_config
+        config = get_models_config()
+        enabled = {k: v for k, v in config.items() if v.get("enabled")}
+
+        if len(enabled) < 2:
+            return {
+                "error": "Need at least 2 AI models for multi-model review",
+                "tip": "Configure models in ~/.delimit/models.json",
+            }
+
+        reviews = []
+        from ai.deliberation import _call_model
+        import time as _time
+
+        for model_id, model_config in list(enabled.items())[:3]:
+            start = _time.time()
+            try:
+                response = _call_model(model_id, model_config, prompt,
+                    system_prompt="You are a senior code reviewer. Be concise and actionable.")
+                duration = int((_time.time() - start) * 1000)
+                reviews.append({
+                    "model": model_config.get("name", model_id),
+                    "content": response,
+                    "duration_ms": duration,
+                })
+            except Exception as e:
+                reviews.append({
+                    "model": model_config.get("name", model_id),
+                    "content": f"Review failed: {e}",
+                    "duration_ms": 0,
+                })
+
+        report = consolidate_reviews(reviews)
+        result = save_review(diff, report, pr_url)
+
+        return _with_next_steps("review", {
+            "status": "complete",
+            "models_used": report["models_used"],
+            "review_count": len(reviews),
+            "pr_comment": result["pr_comment"],
+            "review_id": result["review_id"],
+        })
+
+    except ImportError:
+        return {"error": "Deliberation engine required for multi-model review"}
+
+
+@mcp.tool()
+def delimit_redact(action: str = "scan", text: str = "",
+                    categories: str = "") -> Dict[str, Any]:
+    """Scan or redact sensitive data (API keys, secrets, PII) from text.
+
+    Use before sending prompts to external LLMs to prevent data leakage.
+    Detects: API keys (OpenAI, xAI, Google, GitHub, npm), passwords,
+    bearer tokens, emails, phone numbers, SSNs, credit cards, IPs, DB URLs.
+
+    Actions:
+      scan: Preview what would be redacted (non-destructive)
+      redact: Replace sensitive data with [REDACTED_TYPE_N] tokens
+
+    Args:
+        action: "scan" or "redact".
+        text: Text to scan/redact.
+        categories: Comma-separated categories (api_key, secret, pii, infra). Empty = all.
+    """
+    from ai.pii_redact import scan as pii_scan, redact as pii_redact
+
+    cat_list = [c.strip() for c in categories.split(",") if c.strip()] if categories else None
+
+    if action == "redact":
+        result = pii_redact(text, categories=cat_list)
+        # Never expose token_map through MCP — keep it local
+        return _with_next_steps("redact", {
+            "redacted": result["redacted"],
+            "findings": result["findings"],
+            "token_count": result["token_count"],
+        })
+
+    return _with_next_steps("redact", _safe_call(pii_scan, text=text))
+
+
+@mcp.tool()
+def delimit_prompt_drift(action: str = "check", prompt: str = "",
+                          model: str = "", result_summary: str = "",
+                          success: str = "true", task_type: str = "") -> Dict[str, Any]:
+    """Detect prompt drift — when the same task behaves differently across models.
+
+    Track how prompts perform across Claude, Codex, and Gemini.
+    Find which model is best for each task type on YOUR codebase.
+
+    Actions:
+      record: Log a prompt result (model, success, duration)
+      check: Detect drift across models for a prompt or task type
+      rank: Rank models by success rate and speed
+
+    Args:
+        action: "record", "check", or "rank".
+        prompt: The prompt text (for record/check).
+        model: AI model name (for record).
+        result_summary: Brief description of the result (for record).
+        success: Whether the result was good ("true"/"false").
+        task_type: Task category (refactoring/testing/debugging/docs).
+    """
+    from ai.prompt_drift import record_result, check_drift, get_model_rankings
+
+    if action == "record":
+        return _with_next_steps("prompt_drift", _safe_call(
+            record_result, prompt=prompt, model=model,
+            result_summary=result_summary,
+            success=success.lower().strip() in ("true", "1", "yes"),
+            task_type=task_type,
+        ))
+    if action == "rank":
+        return _with_next_steps("prompt_drift", _safe_call(
+            get_model_rankings, task_type=task_type,
+        ))
+    return _with_next_steps("prompt_drift", _safe_call(
+        check_drift, prompt=prompt, task_type=task_type,
+    ))
+
+
+@mcp.tool()
+def delimit_collision_check(action: str = "check", file_path: str = "",
+                             model: str = "", task_id: str = "") -> Dict[str, Any]:
+    """Detect and prevent two AI models from editing the same file.
+
+    Call before editing a file to check if another model is already working on it.
+
+    Actions:
+      check: Show all active file locks and hotspots
+      claim: Claim a file before editing (returns collision if held)
+      release: Release a file lock after done editing
+
+    Args:
+        action: "check", "claim", or "release".
+        file_path: File to claim/release (required for claim/release).
+        model: AI model name (claude/codex/gemini).
+        task_id: Optional task ID for tracking.
+    """
+    from ai.collision_detect import claim_file, release_file, check_collisions
+
+    if action == "claim":
+        return _with_next_steps("collision", _safe_call(
+            claim_file, file_path=file_path, model=model, task_id=task_id,
+        ))
+    if action == "release":
+        return _with_next_steps("collision", _safe_call(
+            release_file, file_path=file_path, model=model,
+        ))
+    return _with_next_steps("collision", _safe_call(check_collisions, model=model))
+
+
 @mcp.tool()
 def delimit_project_config(action: str = "load", project_path: str = ".",
                             mode: str = "advisory", preset: str = "default",

package/gateway/ai/swarm.py

@@ -0,0 +1,397 @@
+"""Agent Swarm — persona registry, namespace isolation, and venture management.
+
+Implements Agent Swarm Standard v1.2 (4-party consent achieved 2026-03-30).
+Each venture gets 5 agent roles bound to AI models with namespace isolation.
+
+Config: ~/.delimit/swarm/config.yml
+"""
+
+import json
+import time
+from pathlib import Path
+from typing import Any, Dict, List, Optional
+
+SWARM_DIR = Path.home() / ".delimit" / "swarm"
+REGISTRY_FILE = SWARM_DIR / "agent_registry.json"
+VENTURES_FILE = SWARM_DIR / "ventures.json"
+SWARM_LOG = SWARM_DIR / "swarm_log.jsonl"
+
+# Default roster from Agent Swarm Standard v1.2
+DEFAULT_ROSTER = {
+    "architect": {
+        "role": "System Design, Architecture, Complex Problem Solving",
+        "default_model": "claude-opus-4.6",
+        "fallback_model": "grok-4",
+    },
+    "senior_dev": {
+        "role": "Implementation, Code Generation, Feature Building",
+        "default_model": "claude-opus-4.6",
+        "fallback_model": "codex-gpt-5.4",
+    },
+    "reviewer": {
+        "role": "Code Review, PR Analysis, Bug Detection",
+        "default_model": "gemini-3.1-pro-preview",
+        "fallback_model": "grok-4",
+    },
+    "qa": {
+        "role": "Quality Assurance, Testing, CI Verification",
+        "default_model": "gemini-3.1-pro-preview",
+        "fallback_model": "codex-gpt-5.4",
+    },
+    "ops": {
+        "role": "Strategy, Deliberation, Outreach, Competitive Intel",
+        "default_model": "grok-4",
+        "fallback_model": "gemini-3.1-pro-preview",
+    },
+}
+
+
+def _ensure_dir():
+    SWARM_DIR.mkdir(parents=True, exist_ok=True)
+
+
+def _load_registry() -> Dict[str, Any]:
+    if not REGISTRY_FILE.exists():
+        return {"agents": {}, "version": "1.2"}
+    try:
+        return json.loads(REGISTRY_FILE.read_text())
+    except (json.JSONDecodeError, OSError):
+        return {"agents": {}, "version": "1.2"}
+
+
+def _save_registry(registry: Dict[str, Any]):
+    _ensure_dir()
+    REGISTRY_FILE.write_text(json.dumps(registry, indent=2))
+
+
+def _load_ventures() -> Dict[str, Any]:
+    if not VENTURES_FILE.exists():
+        return {}
+    try:
+        return json.loads(VENTURES_FILE.read_text())
+    except (json.JSONDecodeError, OSError):
+        return {}
+
+
+def _save_ventures(ventures: Dict[str, Any]):
+    _ensure_dir()
+    VENTURES_FILE.write_text(json.dumps(ventures, indent=2))
+
+
+def _log(entry: Dict[str, Any]):
+    _ensure_dir()
+    entry["ts"] = time.strftime("%Y-%m-%dT%H:%M:%SZ")
+    with open(SWARM_LOG, "a") as f:
+        f.write(json.dumps(entry) + "\n")
+
+
+def register_venture(
+    name: str,
+    namespace: str = "",
+    repo_path: str = "",
+    deploy_target: str = "",
+    custom_tools: Optional[List[str]] = None,
+    special_rules: Optional[List[str]] = None,
+) -> Dict[str, Any]:
+    """Register a venture in the swarm with its own namespace and agent team."""
+    if not name:
+        return {"error": "name is required"}
+
+    name = name.strip().lower()
+    namespace = namespace or name.replace(" ", "_").replace("-", "_")
+
+    ventures = _load_ventures()
+    ventures[name] = {
+        "name": name,
+        "namespace": namespace,
+        "repo_path": repo_path,
+        "deploy_target": deploy_target,
+        "custom_tools": custom_tools or [],
+        "special_rules": special_rules or [],
+        "created_at": ventures.get(name, {}).get("created_at", time.strftime("%Y-%m-%dT%H:%M:%SZ")),
+        "updated_at": time.strftime("%Y-%m-%dT%H:%M:%SZ"),
+    }
+    _save_ventures(ventures)
+
+    # Auto-create agents for this venture
+    registry = _load_registry()
+    agents_created = 0
+    for role_key, role_config in DEFAULT_ROSTER.items():
+        agent_id = f"{namespace}-{role_key}-01"
+        if agent_id not in registry["agents"]:
+            registry["agents"][agent_id] = {
+                "id": agent_id,
+                "venture": name,
+                "namespace": namespace,
+                "role": role_key,
+                "role_description": role_config["role"],
+                "model": role_config["default_model"],
+                "fallback_model": role_config["fallback_model"],
+                "permissions": {
+                    "read": f"{namespace}/*",
+                    "write": f"{namespace}/src/*",
+                    "deploy": False,
+                },
+                "status": "active",
+                "created_at": time.strftime("%Y-%m-%dT%H:%M:%SZ"),
+            }
+            agents_created += 1
+
+    _save_registry(registry)
+    _log({"action": "register_venture", "venture": name, "agents_created": agents_created})
+
+    return {
+        "status": "registered",
+        "venture": name,
+        "namespace": namespace,
+        "agents_created": agents_created,
+        "total_agents": len([a for a in registry["agents"].values() if a["venture"] == name]),
+        "message": f"Venture '{name}' registered with {agents_created} new agent(s)",
+    }
+
+
+def get_venture(name: str = "") -> Dict[str, Any]:
+    """Get venture details, or list all ventures."""
+    ventures = _load_ventures()
+
+    if not name:
+        return {
+            "status": "ok",
+            "ventures": list(ventures.values()),
+            "total": len(ventures),
+        }
+
+    name = name.strip().lower()
+    if name not in ventures:
+        return {"error": f"Venture '{name}' not found"}
+
+    venture = ventures[name]
+    registry = _load_registry()
+    agents = [a for a in registry["agents"].values() if a["venture"] == name]
+
+    return {
+        "status": "ok",
+        "venture": venture,
+        "agents": agents,
+        "agent_count": len(agents),
+    }
+
+
+def get_agent(agent_id: str = "") -> Dict[str, Any]:
+    """Get agent details, or list all agents across ventures."""
+    registry = _load_registry()
+
+    if not agent_id:
+        agents = list(registry["agents"].values())
+        by_venture = {}
+        for a in agents:
+            by_venture.setdefault(a["venture"], []).append({
+                "id": a["id"],
+                "role": a["role"],
+                "model": a["model"],
+                "status": a["status"],
+            })
+        return {
+            "status": "ok",
+            "total_agents": len(agents),
+            "by_venture": by_venture,
+        }
+
+    agent = registry["agents"].get(agent_id)
+    if not agent:
+        return {"error": f"Agent '{agent_id}' not found"}
+    return {"status": "ok", "agent": agent}
+
+
+def check_namespace_access(
+    agent_id: str,
+    target_path: str,
+    action: str = "read",
+) -> Dict[str, Any]:
+    """Check if an agent has access to a path within namespace isolation rules."""
+    registry = _load_registry()
+    agent = registry["agents"].get(agent_id)
+
+    if not agent:
+        return {"allowed": False, "reason": f"Agent '{agent_id}' not found"}
+
+    namespace = agent["namespace"]
+    ventures = _load_ventures()
+    venture = ventures.get(agent["venture"], {})
+    repo_path = venture.get("repo_path", "")
+
+    # Check if target is within the venture's namespace
+    if repo_path and target_path.startswith(repo_path):
+        if action == "read":
+            return {"allowed": True, "agent": agent_id, "reason": "Within venture namespace"}
+        if action == "write":
+            return {"allowed": True, "agent": agent_id, "reason": "Write within namespace"}
+        if action == "deploy":
+            if agent["permissions"].get("deploy", False):
+                return {"allowed": True, "agent": agent_id, "reason": "Deploy permitted"}
+            return {"allowed": False, "agent": agent_id, "reason": "Deploy requires founder approval"}
+
+    # Cross-venture access blocked by default
+    return {
+        "allowed": False,
+        "agent": agent_id,
+        "target": target_path,
+        "namespace": namespace,
+        "reason": f"Cross-venture access blocked. Agent '{agent_id}' can only access {namespace}/* paths.",
+    }
+
+
+def get_swarm_status() -> Dict[str, Any]:
+    """Get the full swarm status — ventures, agents, health."""
+    ventures = _load_ventures()
+    registry = _load_registry()
+    agents = list(registry["agents"].values())
+
+    return {
+        "status": "ok",
+        "version": registry.get("version", "1.2"),
+        "ventures": len(ventures),
+        "total_agents": len(agents),
+        "active_agents": len([a for a in agents if a["status"] == "active"]),
+        "by_venture": {
+            v: {
+                "agents": len([a for a in agents if a["venture"] == v]),
+                "namespace": ventures[v].get("namespace", v),
+                "repo": ventures[v].get("repo_path", ""),
+            }
+            for v in ventures
+        },
+        "roster": list(DEFAULT_ROSTER.keys()),
+    }
+
+
+# ═══════════════════════════════════════════════════════════════════════
+#  LED-276: Central Governor — tiered approvals + auto-escalation
+# ═══════════════════════════════════════════════════════════════════════
+
+APPROVAL_TIERS = {
+    "deploy_production": "founder_required",
+    "deploy_staging": "auto_approved",
+    "social_post": "founder_email",
+    "social_low_risk": "auto_after_consensus",
+    "outreach_issue": "founder_email",
+    "ledger_update": "auto_approved",
+    "code_commit": "auto_approved",
+    "security_audit": "auto_approved",
+}
+
+ESCALATION_RULES = [
+    {"trigger": "collision_detected", "action": "halt_and_notify", "severity": "high"},
+    {"trigger": "prompt_drift_exceeded", "action": "pause_agent", "severity": "medium"},
+    {"trigger": "unauthorized_deploy", "action": "block_and_alert", "severity": "critical"},
+    {"trigger": "pii_detected_outbound", "action": "redact_and_log", "severity": "high"},
+    {"trigger": "xai_credits_exhausted", "action": "pause_posting", "severity": "medium"},
+    {"trigger": "model_error_rate_high", "action": "switch_to_fallback", "severity": "medium"},
+]
+
+
+def check_approval(action: str, venture: str = "", agent_id: str = "") -> Dict[str, Any]:
+    """Check if an action requires approval or is auto-approved.
+
+    Tiered approval system:
+    - deploy_production: always requires founder approval
+    - deploy_staging: auto-approved
+    - social_post: founder email approval
+    - social_low_risk: auto after multi-model consensus
+    - code_commit, ledger_update: auto-approved
+    """
+    tier = APPROVAL_TIERS.get(action, "founder_required")
+
+    result = {
+        "action": action,
+        "tier": tier,
+        "venture": venture,
+        "agent_id": agent_id,
+    }
+
+    if tier == "auto_approved":
+        result["approved"] = True
+        result["message"] = f"'{action}' is auto-approved"
+    elif tier == "auto_after_consensus":
+        result["approved"] = False
+        result["message"] = f"'{action}' requires multi-model consensus before auto-approval"
+        result["next_step"] = "Run delimit_deliberate on the proposed action"
+    elif tier == "founder_email":
+        result["approved"] = False
+        result["message"] = f"'{action}' requires founder email approval"
+        result["next_step"] = "Send via delimit_notify for founder review"
+    else:
+        result["approved"] = False
+        result["message"] = f"'{action}' requires founder approval"
+        result["next_step"] = "Submit for founder review via dashboard or email"
+
+    _log({"action": "approval_check", "requested": action, "result": tier, "venture": venture, "agent": agent_id})
+    return result
+
+
+def get_escalation_rules() -> Dict[str, Any]:
+    """Get the current escalation rules for the central governor."""
+    return {
+        "status": "ok",
+        "rules": ESCALATION_RULES,
+        "approval_tiers": APPROVAL_TIERS,
+    }
+
+
+# ═══════════════════════════════════════════════════════════════════════
+#  Usage Guide
+# ═══════════════════════════════════════════════════════════════════════
+
+USAGE_GUIDE = """
+# Delimit Agent Swarm — Usage Guide
+
+## Quick Start
+
+1. Register your ventures:
+   delimit_swarm(action="register", venture="my-project", repo_path="/path/to/repo")
+
+2. View your swarm:
+   delimit_swarm(action="status")
+
+3. Check agent permissions:
+   delimit_swarm(action="check", agent_id="my_project-architect-01", target_path="/path/to/file")
+
+4. Check approval tier:
+   delimit_swarm(action="approve", action_name="deploy_production")
+
+## Agent Roles
+
+Each venture gets 5 agent roles:
+- architect: System design (default: Claude Opus)
+- senior_dev: Implementation (default: Claude Opus)
+- reviewer: Code review (default: Gemini)
+- qa: Testing (default: Gemini)
+- ops: Strategy & outreach (default: Grok)
+
+## Namespace Isolation
+
+- Agents can only access files within their venture's repo path
+- Cross-venture access is blocked by default
+- Deploy requires founder approval (auto for staging)
+- All actions are logged to ~/.delimit/swarm/swarm_log.jsonl
+
+## Approval Tiers
+
+| Action | Tier |
+|--------|------|
+| deploy_production | Founder approval required |
+| deploy_staging | Auto-approved |
+| social_post | Founder email approval |
+| code_commit | Auto-approved |
+| ledger_update | Auto-approved |
+
+## Escalation
+
+Critical alerts auto-escalate: collision, unauthorized deploy, PII detected.
+Medium alerts: prompt drift, model errors, credit exhaustion.
+"""
+
+
+def get_usage_guide() -> Dict[str, Any]:
+    """Get the swarm usage guide."""
+    return {"guide": USAGE_GUIDE, "version": "1.2"}

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "delimit-cli",
   "mcpName": "io.github.delimit-ai/delimit-mcp-server",
-  "version": "3.15.6",
+  "version": "3.15.7",
   "description": "Unify Claude Code, Codex, Cursor, and Gemini CLI with persistent context, governance, and multi-model debate.",
   "main": "index.js",
   "files": [