delimit-cli 4.0.3 → 4.0.4

package/gateway/ai/server.py

@@ -19,9 +19,8 @@ All tools follow the Adapter Boundary Contract v1.0:
 - Stateless between calls
 """
 
-# ── Founder Voice Doctrine ──────────────────────────────────────────────
+# ── Output Quality Rules ──────────────────────────────────────────────
 # Applies to ALL outward-facing text generated by any tool in this server.
-# Full doctrine: /home/delimit/delimit-private/style/FOUNDER_VOICE_DOCTRINE.md
 #
 # Core: serious builder/operator, not a marketer. Credibility over persuasion.
 # Truth over excitement. Concrete mechanisms, not vague benefits.
@@ -49,6 +48,7 @@ import os
 import re
 import shutil
 import subprocess
+import threading
 import traceback
 import uuid
 from datetime import datetime, timezone
@@ -257,12 +257,57 @@ def _coerce_dict_arg(
 HIGH_RISK_TOOLS = {
     'deploy_publish', 'deploy_rollback', 'deploy_npm', 'deploy_site',
     'security_scan', 'data_migrate', 'data_backup',
+    # Social/outreach — drafts are fine, but posting/approving requires gate
+    'social_approve', 'content_publish',
+    # Agent dispatch — spawns autonomous work, must be gated
+    'agent_dispatch', 'daemon_run',
+    # Deliberation — burns model quota
+    'deliberate',
 }
 
 CRITICAL_RISK_TOOLS = {
     'deploy_rollback', 'data_migrate',
 }
 
+# Rate limits per tool per hour — prevents runaway loops
+_TOOL_RATE_LIMITS = {
+    'social_post': 10,
+    'social_target': 20,
+    'social_approve': 10,
+    'notify': 15,
+    'deliberate': 5,
+    'agent_dispatch': 5,
+    'ledger_add': 30,
+}
+
+_tool_call_counts: Dict[str, list] = {}
+_tool_rate_lock = threading.Lock()
+
+
+def _check_rate_limit(tool_name: str) -> Optional[Dict]:
+    """Enforce per-tool rate limits. Returns error dict if over limit, None if allowed."""
+    clean = tool_name.replace('delimit_', '')
+    limit = _TOOL_RATE_LIMITS.get(clean)
+    if not limit:
+        return None
+
+    import time as _rl_time
+    now = _rl_time.time()
+    with _tool_rate_lock:
+        calls = _tool_call_counts.setdefault(clean, [])
+        # Prune calls older than 1 hour
+        calls[:] = [t for t in calls if now - t < 3600]
+        if len(calls) >= limit:
+            return {
+                "status": "rate_limited",
+                "reason": f"Tool '{tool_name}' called {len(calls)} times in the last hour (limit: {limit}). "
+                          f"This prevents runaway loops. Wait or check your scan configuration.",
+                "calls_this_hour": len(calls),
+                "limit": limit,
+            }
+        calls.append(now)
+    return None
+
 
 def _classify_risk(tool_name: str) -> str:
     """Classify tool risk level for approval gate decisions."""
@@ -1160,6 +1205,54 @@ def _detect_environment() -> Dict[str, Any]:
 _inbox_daemon_autostarted = False
 _toolcard_cache_autoregistered = False
 
+# MCP response size cap — prevents Node.js heap OOM on all clients (Gemini CLI, Cursor, etc.)
+# FastMCP serializes responses to JSON over stdio; large payloads crash Node's default 1.5GB heap.
+# Cap is set high enough that all normal tool responses (deliberation, audit, ledger) pass through
+# untouched. Only pathological cases (e.g. 910-item scan dumps) get trimmed.
+_MCP_RESPONSE_SIZE_LIMIT = 200_000  # 200KB hard ceiling
+
+# Fields within list items that are safe to truncate — display text, not structured data
+_ITEM_TEXT_FIELDS = {"content_snippet", "body", "text", "rationale", "full_text", "description", "summary"}
+_ITEM_TEXT_MAX = 300  # chars per field within a list item
+
+def _cap_response(result: Dict[str, Any]) -> Dict[str, Any]:
+    """Truncate response payload to _MCP_RESPONSE_SIZE_LIMIT bytes.
+
+    Strategy (least destructive first):
+    1. Trim known text-only fields within list items (content_snippet, body, etc.)
+    2. If still over limit, truncate lists to first 20 items
+    3. If still over limit, add a note — structural data is never silently dropped
+    """
+    import json as _json, copy as _copy
+    if len(_json.dumps(result)) <= _MCP_RESPONSE_SIZE_LIMIT:
+        return result
+    r = _copy.deepcopy(result)
+
+    # Pass 1: trim display-text fields inside list items (safe — these are human-readable snippets)
+    for k, v in r.items():
+        if isinstance(v, list):
+            for item in v:
+                if isinstance(item, dict):
+                    for field in _ITEM_TEXT_FIELDS:
+                        if field in item and isinstance(item[field], str) and len(item[field]) > _ITEM_TEXT_MAX:
+                            item[field] = item[field][:_ITEM_TEXT_MAX] + "…"
+    if len(_json.dumps(r)) <= _MCP_RESPONSE_SIZE_LIMIT:
+        return r
+
+    # Pass 2: truncate lists to first 20 items
+    truncated_keys = [k for k, v in r.items() if isinstance(v, list) and len(v) > 20]
+    for k in truncated_keys:
+        total = len(r[k])
+        r[k] = r[k][:20]
+        r.setdefault("_pagination", {})[k] = {"returned": 20, "total": total, "note": "Use limit= to page"}
+    if len(_json.dumps(r)) <= _MCP_RESPONSE_SIZE_LIMIT:
+        return r
+
+    # Pass 3: last resort — note that response is large but return it anyway
+    # Better to let the client decide than silently drop structured data
+    r["_size_warning"] = f"Response exceeds {_MCP_RESPONSE_SIZE_LIMIT // 1000}KB. Use limit= or action='list' to reduce payload."
+    return r
+
 
 def _with_next_steps(tool_name: str, result: Dict[str, Any]) -> Dict[str, Any]:
     """Route every tool result through governance. This IS the loop.
@@ -1223,6 +1316,12 @@ def _with_next_steps(tool_name: str, result: Dict[str, Any]) -> Dict[str, Any]:
                 f"Rewrite with concrete mechanisms, not vague benefits."
             )
 
+    # Rate limit check — prevents runaway loops from any model
+    rate_gate = _check_rate_limit(tool_name)
+    if rate_gate:
+        _emit_event(tool_name, rate_gate)
+        return _cap_response(rate_gate)
+
     # Emit event for real-time dashboard
     _emit_event(tool_name, result)
 
@@ -1231,7 +1330,7 @@ def _with_next_steps(tool_name: str, result: Dict[str, Any]) -> Dict[str, Any]:
     if policy_gate:
         policy_gate["original_result"] = result
         policy_gate["governance"] = {"action": "policy_blocked", "reason": policy_gate["reason"]}
-        return policy_gate
+        return _cap_response(policy_gate)
 
     # LED-195: Prompt injection detection on tool inputs
     if isinstance(result, dict):
@@ -1248,12 +1347,12 @@ def _with_next_steps(tool_name: str, result: Dict[str, Any]) -> Dict[str, Any]:
     # Route through governance loop
     try:
         from ai.governance import govern
-        return govern(tool_name, result)
+        return _cap_response(govern(tool_name, result))
     except Exception:
         # Fallback: just add next_steps from registry
         steps = NEXT_STEPS_REGISTRY.get(tool_name, [])
         result["next_steps"] = steps
-        return result
+        return _cap_response(result)
 
 
 # ═══════════════════════════════════════════════════════════════════════
@@ -2077,7 +2176,6 @@ def delimit_deploy_publish(app: str = "", git_ref: Optional[str] = None) -> Dict
     return _delimit_deploy_impl(action="publish", app=app, git_ref=git_ref)
 
 
-@_experimental_tool()  # HIDDEN: stub/pass-through (LED-044)
 @mcp.tool()
 def delimit_deploy_verify(app: str = "", env: str = "", git_ref: Optional[str] = None) -> Dict[str, Any]:
     """Verify deployment health (experimental) (Pro)."""
@@ -2180,7 +2278,6 @@ def delimit_intel_query(
 
 # ─── Generate ───────────────────────────────────────────────────────────
 
-@_internal_tool()
 @mcp.tool()
 def delimit_generate_template(
     template_type: str,
@@ -2207,7 +2304,6 @@ def delimit_generate_template(
     return _with_next_steps("generate_template", _safe_call(template, template_type=template_type, name=name, framework=framework, features=features, target=target))
 
 
-@_internal_tool()
 @mcp.tool()
 def delimit_generate_scaffold(
     project_type: str,
@@ -2231,7 +2327,6 @@ def delimit_generate_scaffold(
 
 # ─── Repo (RepoDoctor + ConfigSentry) ──────────────────────────────────
 
-@_experimental_tool()  # HIDDEN: stub/pass-through (LED-044)
 @mcp.tool()
 def delimit_repo_diagnose(target: str = ".") -> Dict[str, Any]:
     """Diagnose repository health issues (experimental) (Pro).
@@ -2247,7 +2342,6 @@ def delimit_repo_diagnose(target: str = ".") -> Dict[str, Any]:
     return _safe_call(diagnose, target=target)
 
 
-@_experimental_tool()  # HIDDEN: stub/pass-through (LED-044)
 @mcp.tool()
 def delimit_repo_analyze(target: str = ".") -> Dict[str, Any]:
     """Analyze repository structure and quality (experimental) (Pro).
@@ -2263,7 +2357,6 @@ def delimit_repo_analyze(target: str = ".") -> Dict[str, Any]:
     return _safe_call(analyze, target=target)
 
 
-@_experimental_tool()  # HIDDEN: stub/pass-through (LED-044)
 @mcp.tool()
 def delimit_repo_config_validate(target: str = ".") -> Dict[str, Any]:
     """Validate configuration files (experimental) (Pro).
@@ -2279,7 +2372,6 @@ def delimit_repo_config_validate(target: str = ".") -> Dict[str, Any]:
     return _safe_call(config_validate, target=target)
 
 
-@_experimental_tool()  # HIDDEN: stub/pass-through (LED-044)
 @mcp.tool()
 def delimit_repo_config_audit(target: str = ".") -> Dict[str, Any]:
     """Audit configuration compliance (experimental) (Pro).
@@ -2673,6 +2765,55 @@ def delimit_security_deliberate(
     })
 
 
+@mcp.tool()
+def delimit_siem(action: str = "status", integration: str = "",
+                  settings: str = "", enabled: str = "",
+                  event: str = "") -> Dict[str, Any]:
+    """Manage SIEM streaming — forward audit events to Splunk, Datadog, EventBridge, or webhooks.
+
+    Actions:
+      status: Show all SIEM integrations and delivery stats
+      configure: Update integration settings (pass integration name + settings JSON)
+      test: Send a test event to all enabled integrations
+      forward: Forward a specific event (used internally by audit trail)
+
+    Args:
+        action: status, configure, test, or forward
+        integration: splunk, datadog, eventbridge, or webhook (for configure)
+        settings: JSON string of settings to update (for configure)
+        enabled: "true" or "false" to enable/disable (for configure)
+        event: JSON string of event to forward (for forward/test)
+    """
+    from ai.siem_streaming import configure, get_status, forward_event
+
+    if action == "status":
+        return _with_next_steps("siem", get_status())
+    if action == "configure":
+        parsed_settings = {}
+        if settings:
+            try:
+                parsed_settings = json.loads(settings)
+            except json.JSONDecodeError:
+                return _with_next_steps("siem", {"error": "Invalid JSON in settings"})
+        is_enabled = None
+        if enabled:
+            is_enabled = enabled.lower() in ("true", "1", "yes")
+        return _with_next_steps("siem", configure(
+            integration=integration,
+            settings=parsed_settings if parsed_settings else None,
+            enabled=is_enabled,
+        ))
+    if action in ("test", "forward"):
+        test_event = {"type": "test", "timestamp": time.time(), "source": "siem_test"}
+        if event:
+            try:
+                test_event = json.loads(event)
+            except json.JSONDecodeError:
+                pass
+        return _with_next_steps("siem", forward_event(test_event))
+    return _with_next_steps("siem", {"error": f"Unknown action: {action}"})
+
+
 @mcp.tool()
 def delimit_security_audit(target: str = ".") -> Dict[str, Any]:
     """Audit security: dependency vulnerabilities, anti-patterns, and secret detection.
@@ -2925,14 +3066,12 @@ def delimit_release_status(environment: str = "production") -> Dict[str, Any]:
     return _delimit_release_impl(action="status", environment=environment)
 
 
-@_experimental_tool()  # HIDDEN: stub/pass-through (LED-044)
 @mcp.tool()
 def delimit_release_rollback(environment: str, version: str, to_version: str) -> Dict[str, Any]:
     """Rollback deployment to previous version (experimental)."""
     return _delimit_release_impl(action="rollback", environment=environment, version=version, to_version=to_version)
 
 
-@_experimental_tool()  # HIDDEN: stub/pass-through (LED-044)
 @mcp.tool()
 def delimit_release_history(environment: str, limit: int = 10) -> Dict[str, Any]:
     """Show release history (experimental)."""
@@ -3036,7 +3175,6 @@ def delimit_cost_controls(
 
 # ─── DataSteward (Governance Primitive) ────────────────────────────────
 
-@_internal_tool()
 @mcp.tool()
 def delimit_data_validate(target: str = ".") -> Dict[str, Any]:
     """Validate data files: JSON parse, CSV structure, SQLite integrity check.
@@ -3048,7 +3186,6 @@ def delimit_data_validate(target: str = ".") -> Dict[str, Any]:
     return _with_next_steps("data_validate", _safe_call(data_validate, target=target))
 
 
-@_internal_tool()
 @mcp.tool()
 def delimit_data_migrate(target: str = ".") -> Dict[str, Any]:
     """Check for migration files (alembic, Django, Prisma, Knex) and report status.
@@ -3060,7 +3197,6 @@ def delimit_data_migrate(target: str = ".") -> Dict[str, Any]:
     return _with_next_steps("data_migrate", _safe_call(data_migrate, target=target))
 
 
-@_internal_tool()
 @mcp.tool()
 def delimit_data_backup(target: str = ".") -> Dict[str, Any]:
     """Back up SQLite and JSON data files to ~/.delimit/backups/ with timestamp.
@@ -3151,7 +3287,6 @@ def delimit_obs_logs(query: str, time_range: str = "1h", source: Optional[str] =
     return _delimit_obs_impl(action="logs", query=query, time_range=time_range, source=source)
 
 
-@_experimental_tool()  # HIDDEN: stub/pass-through (LED-044)
 @mcp.tool()
 def delimit_obs_alerts(action: str, alert_rule: Optional[Dict[str, Any]] = None, rule_id: Optional[str] = None) -> Dict[str, Any]:
     """Manage alerting rules (experimental)."""
@@ -3166,7 +3301,6 @@ def delimit_obs_status() -> Dict[str, Any]:
 
 # ─── DesignSystem (UI Tooling) ──────────────────────────────────────────
 
-@_internal_tool()
 @mcp.tool()
 def delimit_design_extract_tokens(
     figma_file_key: Optional[str] = None,
@@ -3192,7 +3326,6 @@ def delimit_design_extract_tokens(
     return _with_next_steps("design_extract_tokens", _safe_call(design_extract_tokens, figma_file_key=figma_file_key, token_types=token_types, project_path=project_path))
 
 
-@_internal_tool()
 @mcp.tool()
 def delimit_design_generate_component(component_name: str, figma_node_id: Optional[str] = None, output_path: Optional[str] = None, project_path: Optional[str] = None) -> Dict[str, Any]:
     """Generate a React/Next.js component skeleton with props interface and Tailwind support.
@@ -3207,7 +3340,6 @@ def delimit_design_generate_component(component_name: str, figma_node_id: Option
     return _with_next_steps("design_generate_component", _safe_call(design_generate_component, component_name=component_name, figma_node_id=figma_node_id, output_path=output_path, project_path=project_path))
 
 
-@_internal_tool()
 @mcp.tool()
 def delimit_design_generate_tailwind(figma_file_key: Optional[str] = None, output_path: Optional[str] = None, project_path: Optional[str] = None) -> Dict[str, Any]:
     """Read existing tailwind.config or generate one from detected CSS tokens.
@@ -3221,7 +3353,6 @@ def delimit_design_generate_tailwind(figma_file_key: Optional[str] = None, outpu
     return _with_next_steps("design_generate_tailwind", _safe_call(design_generate_tailwind, figma_file_key=figma_file_key, output_path=output_path, project_path=project_path))
 
 
-@_ops_pack_tool()
 @mcp.tool()
 def delimit_design_validate_responsive(
     project_path: str,
@@ -3243,7 +3374,6 @@ def delimit_design_validate_responsive(
     return _with_next_steps("design_validate_responsive", _safe_call(design_validate_responsive, project_path=project_path, check_types=check_types))
 
 
-@_internal_tool()
 @mcp.tool()
 def delimit_design_component_library(project_path: str, output_format: str = "json") -> Dict[str, Any]:
     """Scan for React/Vue/Svelte components and generate a component catalog.
@@ -3258,7 +3388,6 @@ def delimit_design_component_library(project_path: str, output_format: str = "js
 
 # ─── Story (Component Stories + Visual/A11y Testing) ────────────────────
 
-@_internal_tool()
 @mcp.tool()
 def delimit_story_generate(
     component_path: str,
@@ -3280,7 +3409,6 @@ def delimit_story_generate(
     return _with_next_steps("story_generate", _safe_call(story_generate, component_path=component_path, story_name=story_name, variants=variants))
 
 
-@_internal_tool()
 @mcp.tool()
 def delimit_story_visual_test(url: str, project_path: Optional[str] = None, threshold: float = 0.05) -> Dict[str, Any]:
     """Run visual regression test -- screenshot and compare to baseline.
@@ -3298,7 +3426,6 @@ def delimit_story_visual_test(url: str, project_path: Optional[str] = None, thre
     return _with_next_steps("story_visual_test", _safe_call(story_visual_test, url=url, project_path=project_path, threshold=threshold))
 
 
-@_internal_tool()  # Was experimental (LED-044), promoted to internal (Consensus 120)
 @mcp.tool()
 def delimit_story_build(project_path: str, output_dir: Optional[str] = None) -> Dict[str, Any]:
     """Build Storybook static site.
@@ -3314,7 +3441,6 @@ def delimit_story_build(project_path: str, output_dir: Optional[str] = None) ->
     return _safe_call(story_build, project_path=project_path, output_dir=output_dir)
 
 
-@_internal_tool()
 @mcp.tool()
 def delimit_story_accessibility(project_path: str, standards: str = "WCAG2AA") -> Dict[str, Any]:
     """Run WCAG accessibility checks by scanning HTML/JSX/TSX for common issues.
@@ -3347,7 +3473,6 @@ def delimit_test_generate(project_path: str, source_files: Optional[List[str]] =
     return _with_next_steps("test_generate", _safe_call(test_generate, project_path=project_path, source_files=source_files, framework=framework))
 
 
-@_experimental_tool()  # HIDDEN: stub/pass-through (LED-044)
 @mcp.tool()
 def delimit_test_coverage(project_path: str, threshold: int = 80) -> Dict[str, Any]:
     """Analyze test coverage (experimental) (Pro).
@@ -3381,7 +3506,6 @@ def delimit_test_smoke(project_path: str, test_suite: Optional[str] = None) -> D
 
 # ─── Docs (Real implementations) ─────────────────────────────────────
 
-@_ops_pack_tool()
 @mcp.tool()
 def delimit_docs_generate(target: str = ".") -> Dict[str, Any]:
     """Generate API reference documentation for a project.
@@ -3438,7 +3562,7 @@ async def delimit_sensor_github_issue(
     with new comments, issue state, and severity classification.
 
     Args:
-        repo: GitHub repository in owner/repo format (e.g. "activepieces/activepieces").
+        repo: GitHub repository in owner/repo format (e.g. "owner/repo").
         issue_number: The issue number to monitor.
         since_comment_id: Last seen comment ID. Pass 0 to get all comments.
     """
@@ -3650,14 +3774,20 @@ def delimit_swarm(action: str = "status", venture: str = "",
       approve: Check approval tier for an action
       guide: Get usage documentation
       rules: Get escalation rules
+      create_tool: Create a custom MCP tool (architect/senior_dev only)
+      list_tools: List custom tools per venture
+      reload: Hot-reload MCP server to pick up updated modules
+      create_agent: Provision a new specialist agent role (architect only)
+      approve_agent: Activate a pending custom agent (founder only)
+      list_agents: List all agents (built-in + custom)
 
     Args:
-        action: "status", "register", "venture", "agent", "check", "approve", "guide", or "rules".
-        venture: Venture name (for register/venture).
-        agent_id: Agent ID like "delimit-architect-01" (for agent/check).
-        repo_path: Repo path for venture registration.
+        action: See actions above.
+        venture: Venture name (for register/venture/create_agent).
+        agent_id: Agent ID (for agent/check/create_agent/approve_agent).
+        repo_path: Repo path, description, or reason depending on action.
         deploy_target: Deploy target for venture registration.
-        target_path: File path to check access for (check action).
+        target_path: File path, tool name, or role name depending on action.
         access_action: Action name — for check: "read"/"write"/"deploy". For approve: "deploy_production"/"deploy_staging"/"social_post" etc.
     """
     from ai.swarm import (register_venture, get_venture, get_agent,
@@ -3705,6 +3835,34 @@ def delimit_swarm(action: str = "status", venture: str = "",
     if action == "list_tools":
         from ai.swarm import list_custom_tools
         return _with_next_steps("swarm", _safe_call(list_custom_tools, venture=venture))
+    if action == "reload":
+        from ai.swarm import hot_reload
+        return _with_next_steps("swarm", _safe_call(hot_reload, reason=repo_path or "manual"))
+    if action == "create_agent":
+        from ai.swarm import create_agent
+        return _with_next_steps("swarm", _safe_call(
+            create_agent,
+            venture=venture,
+            role_name=target_path,
+            description=repo_path or "",
+            default_model=agent_id or "claude-opus-4.6",
+            creator_agent_id=agent_id,
+        ))
+    if action == "approve_agent":
+        from ai.swarm import approve_agent
+        return _with_next_steps("swarm", _safe_call(approve_agent, agent_id=agent_id))
+    if action == "list_agents":
+        from ai.swarm import list_agents
+        return _with_next_steps("swarm", _safe_call(list_agents, venture=venture))
+    if action == "preflight":
+        from ai.swarm import preflight_check
+        return _with_next_steps("swarm", _safe_call(
+            preflight_check,
+            action=access_action or "general",
+            venture=venture,
+            path=target_path or repo_path or "",
+            agent_id=agent_id,
+        ))
     return _with_next_steps("swarm", _safe_call(get_swarm_status))
 
 
@@ -5681,7 +5839,6 @@ def delimit_webhook_manage(
 # ═══════════════════════════════════════════════════════════════════════
 
 
-@_ops_pack_tool()
 @mcp.tool()
 def delimit_social_post(text: str = "", category: str = "", platform: str = "twitter",
                         account: str = "", quote_tweet_id: str = "",
@@ -5703,9 +5860,9 @@ def delimit_social_post(text: str = "", category: str = "", platform: str = "twi
     IMPORTANT — Platform tone rules (these are DIFFERENT per platform):
     - Twitter: confident technical brand. Direct, professional, ALWAYS POSITIVE.
       Celebrate wins and progress. Never complain or air gaps publicly.
-      No em dashes or en dashes. Include install commands when relevant.
-    - Reddit: proud builder posting as u/delimitdev. Casual, typed-on-phone energy.
-      ALWAYS POSITIVE. Mention Delimit ONLY when genuinely helpful.
+      No em dashes or en dashes. Default to insight-first with no CTA unless source-grounded.
+    - Reddit: helpful builder voice. Grounded, concise, never salesy.
+      Default to no Delimit mention unless directly necessary and source-grounded.
       NO bullet points/lists/bold/em dashes. 2-3 sentences max.
     - LinkedIn: professional hook + insight + CTA
 
@@ -5731,6 +5888,36 @@ def delimit_social_post(text: str = "", category: str = "", platform: str = "twi
     if platform not in ("twitter", "reddit"):
         return {"error": f"Platform '{platform}' not supported yet", "supported": ["twitter", "reddit"]}
 
+    # ── Draft quality gate — reject template stubs and platform mismatches ──
+    _draft_text = text or post.get("text", "")
+    _stub_patterns = [
+        "[DRAFT - needs human writing]",
+        "[DRAFT -",
+        "Engagement opportunity for",
+        "needs human writing",
+    ]
+    if any(pat in _draft_text for pat in _stub_patterns):
+        return {
+            "error": "Draft rejected: template stub detected. Write an actual reply, not a placeholder.",
+            "rejected_text": _draft_text[:200],
+            "hint": "Read the thread, understand the conversation, then write a genuine 2-3 sentence reply. "
+                    "Helpful first, no product pitch, no invented personal story, no generic pep talk.",
+        }
+
+    # Reject drafts shorter than 50 chars (likely not a real reply)
+    if len(_draft_text.strip()) < 50:
+        return {
+            "error": "Draft rejected: too short. Write a substantive reply (50+ characters).",
+            "text_length": len(_draft_text.strip()),
+        }
+
+    # Warn if context field contains a Reddit URL but platform is set to twitter
+    if platform == "twitter" and "reddit.com" in (context or ""):
+        return {
+            "error": "Platform mismatch: context references Reddit but platform is 'twitter'. Set platform='reddit'.",
+            "hint": "When drafting from a Reddit scan target, always set platform='reddit'.",
+        }
+
     draft = True  # Always draft, never auto-post
     entry = save_draft(
         post["text"], platform=platform, account=account,
@@ -5748,18 +5935,26 @@ def delimit_social_post(text: str = "", category: str = "", platform: str = "twi
         _lines = []
 
         if platform == "reddit":
-            _lines.append(f"POST FROM: u/{_acct} on REDDIT")
+            _lines.append("WHERE: Reddit")
         else:
-            _lines.append(f"POST FROM: @{_acct} on TWITTER")
+            _lines.append("WHERE: X")
+        _where_link = ""
+        if platform == "reddit":
+            _where_link = entry.get("thread_url", "") or reply_to_id
+        elif reply_to_id:
+            _where_link = f"https://x.com/i/status/{reply_to_id}"
+        elif quote_tweet_id:
+            _where_link = f"https://x.com/i/status/{quote_tweet_id}"
+        if _where_link:
+            _lines.append(f"LINK: {_where_link}")
         _lines.append("")
 
-        # WHY should this be posted?
         _context = entry.get("context", "")
         if _context:
             _lines.append(f"WHY: {_context}")
             _lines.append("")
 
-        # What type of post is this?
+        _lines.append("WHAT:")
         if platform == "reddit":
             _thread_url = entry.get("thread_url", "")
             # Fallback: extract reddit URL from context field
@@ -5770,9 +5965,8 @@ def delimit_social_post(text: str = "", category: str = "", platform: str = "twi
                 if _url_match:
                     _thread_url = _url_match.group(0)
             if reply_to_id or _thread_url:
-                _url = _thread_url or reply_to_id
-                _lines.append(f"ACTION: Reply in thread {_url}")
-                _lines.append("Open the thread, find the comment to reply to, paste the text below.")
+                _lines.append(f"Platform: REDDIT as u/{_acct}")
+                _lines.append("Owner action: Open the thread and reply using the draft below.")
             else:
                 # New Reddit post — extract title from first line of text
                 _post_text = post["text"]
@@ -5783,19 +5977,17 @@ def delimit_social_post(text: str = "", category: str = "", platform: str = "twi
                 else:
                     _reddit_title = _post_text[:100].strip()
                     _reddit_body = _post_text
-                _lines.append("ACTION: New Reddit post")
-                _lines.append("Navigate to the subreddit, create a new post.")
-                _lines.append("")
-                _lines.append("--- TITLE (paste in title field) ---")
+                _lines.append(f"Platform: REDDIT as u/{_acct}")
+                _lines.append("Owner action: Navigate to the subreddit and create a new post.")
                 _lines.append("")
+                _lines.append("Post Title")
+                _lines.append("Tap and hold inside this block to copy.")
                 _lines.append(_reddit_title)
                 _lines.append("")
-                _lines.append("--- BODY (paste in body field) ---")
-                _lines.append("")
+                _lines.append("Post Body")
+                _lines.append("Tap and hold inside this block to copy.")
                 _lines.append(_reddit_body)
                 _lines.append("")
-                _lines.append("--- END ---")
-                _lines.append("")
                 _lines.append(f"Draft ID: {entry['draft_id']}")
                 if entry.get("tone_warnings"):
                     _lines.append("")
@@ -5817,22 +6009,20 @@ def delimit_social_post(text: str = "", category: str = "", platform: str = "twi
                 entry["mode"] = "draft"
                 return _with_next_steps("social_post", entry)
         elif reply_to_id:
-            _lines.append(f"ACTION: Reply to https://x.com/i/status/{reply_to_id}")
-            _lines.append("Open the link above, click Reply, paste the text below.")
+            _lines.append(f"Platform: X as @{_acct}")
+            _lines.append("Owner action: Open the link above, click Reply, paste the draft below.")
         elif quote_tweet_id:
-            _lines.append(f"ACTION: Quote tweet https://x.com/i/status/{quote_tweet_id}")
-            _lines.append("Open the link above, click Repost > Quote, paste the text below.")
+            _lines.append(f"Platform: X as @{_acct}")
+            _lines.append("Owner action: Open the link above, click Repost > Quote, paste the draft below.")
         else:
-            _lines.append("ACTION: New standalone tweet")
-            _lines.append("Open X, compose a new tweet, paste the text below.")
+            _lines.append(f"Platform: X as @{_acct}")
+            _lines.append("Owner action: Open X, compose a new post, paste the draft below.")
 
         _lines.append("")
-        _lines.append("--- COPY BELOW THIS LINE ---")
-        _lines.append("")
+        _lines.append("Manual Post Text")
+        _lines.append("Tap and hold inside this block to copy.")
         _lines.append(post["text"])
         _lines.append("")
-        _lines.append("--- END ---")
-        _lines.append("")
         _lines.append(f"Draft ID: {entry['draft_id']}")
         if entry.get("tone_warnings"):
             _lines.append("")
@@ -5868,7 +6058,6 @@ def delimit_social_post(text: str = "", category: str = "", platform: str = "twi
     return _with_next_steps("social_post", entry)
 
 
-@_ops_pack_tool()
 @mcp.tool()
 def delimit_social_generate(category: str = "tip") -> Dict[str, Any]:
     """Generate a social media post without posting (Pro).
@@ -5882,7 +6071,6 @@ def delimit_social_generate(category: str = "tip") -> Dict[str, Any]:
     return _with_next_steps("social_generate", post)
 
 
-@_internal_tool()
 @mcp.tool()
 def delimit_social_accounts() -> Dict[str, Any]:
     """List configured social media accounts (Pro).
@@ -5896,7 +6084,6 @@ def delimit_social_accounts() -> Dict[str, Any]:
     return _with_next_steps("social_accounts", {"accounts": accounts, "count": len(accounts)})
 
 
-@_internal_tool()
 @mcp.tool()
 def delimit_social_history(limit: int = 20, platform: str = "",
                            user: str = "", subreddit: str = "") -> Dict[str, Any]:
@@ -5918,7 +6105,6 @@ def delimit_social_history(limit: int = 20, platform: str = "",
     return _with_next_steps("social_history", {"posts": posts})
 
 
-@_ops_pack_tool()
 @mcp.tool()
 def delimit_social_approve(action: str = "list", draft_id: str = "") -> Dict[str, Any]:
     """Manage social media drafts: list, approve, or reject (Pro).
@@ -6077,7 +6263,6 @@ def delimit_reddit_scan(sort: str = "hot", limit: int = 10) -> Dict[str, Any]:
     return _with_next_steps("social_target", result)
 
 
-@_internal_tool()
 @mcp.tool()
 def delimit_github_scan(
     cadence: str = "pulse",
@@ -6087,12 +6272,12 @@ def delimit_github_scan(
 
     Three cadences:
       pulse: Own repo health (stars, forks, issues, traffic). Fast, run often.
-      hunter: Competitor users, adoption leads, pain threads. Medium, run hourly.
+      hunter: Repository signals, engagement threads. Medium, run hourly.
       deep: Full ecosystem intel. Slow, run daily.
 
     IMPORTANT -- TOOL CHAINING RULE:
     After scanning, the AI MUST process high-score findings:
-    1. Auto-ledger items (score >= 75 competitor users) via delimit_ledger_add
+    1. Auto-ledger high-score findings via delimit_ledger_add
     2. Pain threads with existing_feature relevance via delimit_notify
     Never just return findings and stop. Always chain to the next action.
 
@@ -6115,7 +6300,6 @@ def delimit_github_scan(
 # ═══════════════════════════════════════════════════════════════════════
 
 
-@_internal_tool()
 @mcp.tool()
 def delimit_content_schedule() -> Dict[str, Any]:
     """View the upcoming content schedule: queued tweets, pending videos, recent activity (Pro)."""
@@ -6124,7 +6308,6 @@ def delimit_content_schedule() -> Dict[str, Any]:
     return _with_next_steps("content_schedule", get_content_schedule())
 
 
-@_internal_tool()
 @mcp.tool()
 def delimit_content_publish(content_type: str = "tweet") -> Dict[str, Any]:
     """Manually trigger a content publish: tweet or youtube video (Pro).
@@ -6143,7 +6326,6 @@ def delimit_content_publish(content_type: str = "tweet") -> Dict[str, Any]:
         return {"error": f"Unknown content_type: {content_type}", "supported": ["tweet", "youtube"]}
 
 
-@_internal_tool()
 @mcp.tool()
 def delimit_content_queue(action: str = "status", items: str = "") -> Dict[str, Any]:
     """Manage the tweet and video content queues (Pro).
@@ -6199,6 +6381,31 @@ def delimit_daemon_run(iterations: int = 1, dry_run: bool = True) -> Dict[str, A
         max_iterations=iterations, interval_seconds=5, dry_run=dry_run,
     ))
 
+@mcp.tool()
+def delimit_build_loop(action: str = "run", session_id: str = "") -> Dict[str, Any]:
+    """Execute the governed continuous build loop (LED-239).
+
+    Requirements:
+    - root ledger in /root/.delimit is authoritative
+    - select only build-safe open items
+    - resolve venture + repo before dispatch
+    - use Delimit swarm/governance as control plane
+    - enforce max-iteration, max-error, and max-cost safeguards
+
+    Args:
+        action: 'init' to start a session, 'run' to execute one iteration.
+        session_id: Optional session ID to continue.
+    """
+    from ai.loop_engine import create_governed_session, run_governed_iteration
+
+    if action == "init":
+        return _with_next_steps("build_loop", create_governed_session())
+    else:
+        if not session_id:
+            # Try to pick up existing or create new
+            session_id = create_governed_session()["session_id"]
+        return _with_next_steps("build_loop", run_governed_iteration(session_id))
+
 
 @mcp.tool()
 def delimit_daemon_classify(item_id: str = "") -> Dict[str, Any]:
@@ -6238,7 +6445,6 @@ def delimit_daemon_classify(item_id: str = "") -> Dict[str, Any]:
 # ═══════════════════════════════════════════════════════════════════════
 
 
-@_internal_tool()
 @mcp.tool()
 def delimit_inbox_daemon(action: str = "status") -> Dict[str, Any]:
     """Control the inbox polling daemon for email governance (Pro).
@@ -6261,6 +6467,26 @@ def delimit_inbox_daemon(action: str = "status") -> Dict[str, Any]:
         return _with_next_steps("inbox_daemon", get_daemon_status())
 
 
+@mcp.tool()
+def delimit_social_daemon(action: str = "status") -> Dict[str, Any]:
+    """Control the social sensing daemon for Delimit (Pro).
+
+    Runs social discovery scans every 15 minutes, deduplicates findings,
+    and emits HTML draft emails. Also monitors Reddit replies.
+
+    Args:
+        action: 'start' (begin scanning), 'stop' (halt scanning),
+                'status' (show daemon state, last scan, targets found).
+    """
+    from ai.social_daemon import start_daemon, stop_daemon, get_daemon_status
+
+    if action == "start":
+        return _with_next_steps("social_daemon", start_daemon())
+    elif action == "stop":
+        return _with_next_steps("social_daemon", stop_daemon())
+    else:
+        return _with_next_steps("social_daemon", get_daemon_status())
+
 # ═══════════════════════════════════════════════════════════════════════
 #  LED-187: Shareable Governance Config — export / import
 # ═══════════════════════════════════════════════════════════════════════
@@ -6389,7 +6615,6 @@ def delimit_config_import(
 # ═══════════════════════════════════════════════════════════════════════
 
 
-@_ops_pack_tool()
 @mcp.tool()
 def delimit_screen_record(mode: str = "browser", url: str = "", name: str = "recording",
                           duration: int = 30, script: str = "") -> Dict[str, Any]:
@@ -6434,7 +6659,6 @@ def delimit_screen_record(mode: str = "browser", url: str = "", name: str = "rec
     return _with_next_steps("screen_record", result)
 
 
-@_ops_pack_tool()
 @mcp.tool()
 def delimit_screenshot(url: str, name: str = "screenshot") -> Dict[str, Any]:
     """Take a screenshot of a URL using headless Chromium (Pro).
@@ -6488,7 +6712,6 @@ def delimit_changelog(old_spec: str = "", new_spec: str = "", format: str = "mar
     ))
 
 
-@_ops_pack_tool()
 @mcp.tool()
 def delimit_notify(channel: str = "webhook", message: str = "",
                    webhook_url: str = "", subject: str = "",
@@ -6519,9 +6742,9 @@ def delimit_notify(channel: str = "webhook", message: str = "",
         subject: Subject line (email only). Use [ACTION], [INFO], [ALERT] prefix.
         event_type: Event category for filtering.
         to: Recipient email address (email only). Overrides default DELIMIT_SMTP_TO.
-            Send to any address — leave empty for default (owner@example.com).
+            Send to any address — leave empty for default.
         from_account: Sender account key from ~/.delimit/secrets/smtp-all.json
-            (e.g. 'pro@delimit.ai', 'admin@wire.report'). Email only.
+            (e.g. 'notifications@example.com'). Email only.
     """
     from ai.notify import send_notification
     return _with_next_steps("notify", _safe_call(
@@ -6620,7 +6843,6 @@ def delimit_notify_routing(
         })
 
 
-@_internal_tool()
 @mcp.tool()
 def delimit_notify_inbox(action: str = "status", limit: int = 10,
                          process: bool = True) -> Dict[str, Any]:
@@ -6912,6 +7134,27 @@ def delimit_next_task(venture: str = "", max_risk: str = "", session_id: str = "
     return _with_next_steps("next_task", result)
 
 
+@mcp.tool()
+def delimit_ledger_propose(venture: str = "", focus: str = "",
+                            max_items: int = 5) -> Dict[str, Any]:
+    """Propose new ledger items based on signals, completed work, and gaps.
+
+    Analyzes repo state, sensing signals, and completed work to suggest
+    3-5 new items with rationale. Run at end of build loops or when
+    the queue is empty to keep momentum.
+
+    Works across all AI models via MCP.
+
+    Args:
+        venture: Focus on a specific venture (auto-detects if empty).
+        focus: Optional area filter — "outreach", "engineering", "security", etc.
+        max_items: Maximum proposals to generate (default 5).
+    """
+    from ai.ledger_propose import propose_items
+    result = _safe_call(propose_items, venture=venture, focus=focus, max_items=max_items)
+    return _with_next_steps("ledger_propose", result)
+
+
 @mcp.tool()
 def delimit_task_complete(task_id: str, result: str = "", cost_incurred: float = 0.0,
                           error: str = "", session_id: str = "", venture: str = "") -> Dict[str, Any]:
@@ -7242,3 +7485,22 @@ def main():
     """Entry point for `delimit-mcp` console script."""
     import asyncio
     asyncio.run(run_mcp_server(mcp))
+
+@mcp.tool()
+def delimit_reddit_fetch_thread(thread_id: str) -> Dict[str, Any]:
+    """Surgically fetch a single Reddit thread by ID (e.g. 'OSKJVH7f35')."""
+    from ai.reddit_scanner import fetch_thread, score_and_classify
+    
+    # Strip URL parts if user passed a full link
+    if "comments/" in thread_id:
+        parts = thread_id.split("comments/")[1].split("/")
+        thread_id = parts[0]
+    elif thread_id.startswith("http"):
+        thread_id = thread_id.split("/")[-1].split("?")[0]
+
+    thread = fetch_thread(thread_id)
+    if not thread:
+        return {"error": f"Could not find thread with ID {thread_id}"}
+    
+    scored = score_and_classify([thread])
+    return {"thread": scored[0] if scored else thread}