npm - delimit-cli - Versions diffs - 4.0.5 → 4.1.0 - Mend

delimit-cli 4.0.5 → 4.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (14) hide show

package/README.md +2 -2
package/bin/delimit-cli.js +33 -0
package/bin/delimit-os.sh +105 -0
package/gateway/ai/agent_dispatch.py +2 -34
package/gateway/ai/github_scanner.py +1 -1
package/gateway/ai/ledger_manager.py +3 -13
package/gateway/ai/loop_engine.py +372 -175
package/gateway/ai/notify.py +2 -1662
package/gateway/ai/reddit_scanner.py +0 -34
package/gateway/ai/server.py +4 -3
package/gateway/ai/tui.py +377 -0
package/lib/delimit-template.js +0 -5
package/package.json +2 -2
package/scripts/security-check.sh +0 -12

package/gateway/ai/notify.py CHANGED Viewed

@@ -1,1662 +1,2 @@
-"""
-Notification helper for delimit_notify and delimit_notify_inbox tools.
-Supports webhook, Slack, and email channels (outbound).
-Supports impact-based notification routing (LED-233).
-Supports IMAP inbox polling with classification and forwarding (inbound).
-Stores notification history in ~/.delimit/notifications.jsonl.
-Stores inbox routing log in ~/.delimit/inbox_routing.jsonl.
-"""
-import email
-import email.header
-import email.utils
-import imaplib
-import json
-import logging
-import os
-import smtplib
-import urllib.request
-import urllib.error
-from datetime import datetime, timezone
-from email.mime.text import MIMEText
-from pathlib import Path
-from typing import Any, Dict, List, Optional
-import threading
-import time as _time
-try:
-    import yaml as _yaml
-except ImportError:
-    _yaml = None  # type: ignore[assignment]
-# ── Email Throttle (Consensus 123: Storm Prevention) ────────────────
-# - Max 5 immediate emails per hour
-# - Non-P0 notifications batch into 15-minute digests
-# - P0 always sends immediately (bypasses throttle)
-_email_throttle_lock = threading.Lock()
-_email_send_times: list = []  # timestamps of recent sends
-_email_digest_queue: list = []  # batched non-urgent emails
-_EMAIL_MAX_PER_HOUR = 5
-_EMAIL_DIGEST_INTERVAL = 900  # 15 minutes
-_last_digest_flush = 0.0
-logger = logging.getLogger("delimit.ai.notify")
-HISTORY_FILE = Path.home() / ".delimit" / "notifications.jsonl"
-INBOX_ROUTING_FILE = Path.home() / ".delimit" / "inbox_routing.jsonl"
-OWNER_ACTIONS_FILE = Path.home() / ".delimit" / "owner_actions.jsonl"
-def _load_json_file(path: Path) -> Dict[str, Any]:
-    try:
-        if not path.exists():
-            return {}
-        with open(path, "r", encoding="utf-8") as f:
-            data = json.load(f)
-        return data if isinstance(data, dict) else {}
-    except (OSError, json.JSONDecodeError):
-        return {}
-def _load_secret_value(*names: str) -> str:
-    """Load a secret value from ~/.delimit/secrets/<NAME>.json files."""
-    secrets_dir = Path.home() / ".delimit" / "secrets"
-    for name in names:
-        data = _load_json_file(secrets_dir / f"{name}.json")
-        value = data.get("value") or data.get("token") or data.get("access_token") or ""
-        if value:
-            return str(value)
-    return ""
-def _load_inbound_email_config() -> Dict[str, str]:
-    secrets_dir = Path.home() / ".delimit" / "secrets"
-    smtp_accounts = _load_json_file(secrets_dir / "smtp-all.json")
-    defaults = smtp_accounts.get("_defaults", {}) if isinstance(smtp_accounts.get("_defaults"), dict) else {}
-    account_name = str(defaults.get("from_account") or "pro@delimit.ai")
-    account = smtp_accounts.get(account_name, {}) if isinstance(smtp_accounts.get(account_name), dict) else {}
-    forward_cfg = _load_json_file(secrets_dir / "forward-to.json")
-    return {
-        "imap_host": str(account.get("host") or ""),
-        "imap_port": str(account.get("imap_port") or "993"),
-        "imap_user": str(account.get("user") or account_name or ""),
-        "forward_to": str(
-            os.environ.get("DELIMIT_FORWARD_TO", "")
-            or forward_cfg.get("value")
-            or forward_cfg.get("to")
-            or defaults.get("to")
-            or ""
-        ),
-    }
-# ── Inbound email configuration ──────────────────────────────────────
-_INBOUND_CFG = _load_inbound_email_config()
-IMAP_HOST = os.environ.get("DELIMIT_IMAP_HOST", "") or _INBOUND_CFG.get("imap_host", "")
-IMAP_PORT = int(os.environ.get("DELIMIT_IMAP_PORT", "") or _INBOUND_CFG.get("imap_port", "993"))
-IMAP_USER = os.environ.get("DELIMIT_IMAP_USER", "") or _INBOUND_CFG.get("imap_user", "")
-FORWARD_TO = _INBOUND_CFG.get("forward_to", "")
-# Domains/senders whose emails require owner action
-OWNER_ACTION_DOMAINS = {
-    "cooperpress.com",
-    "github.com",
-    "lemon.com",
-    "lemonsqueezy.com",
-    "namecheap.com",
-    "stripe.com",
-    "google.com",
-    "youtube.com",
-    "x.com",
-    "twitter.com",
-    "npmjs.com",
-    "vercel.com",
-    "supabase.io",
-    "supabase.com",
-    "glama.ai",
-    "vultr.com",
-    "digitalocean.com",
-}
-OWNER_ACTION_SENDERS = set(
-    filter(None, [os.environ.get("DELIMIT_OWNER_EMAIL", "")])
-)
-# Subject patterns that indicate owner-action (compiled once)
-import re as _re
-OWNER_ACTION_SUBJECT_PATTERNS = [
-    _re.compile(r"social\s+draft", _re.IGNORECASE),
-    _re.compile(r"show\s+hn", _re.IGNORECASE),
-    _re.compile(r"approval", _re.IGNORECASE),
-    _re.compile(r"action\s+required", _re.IGNORECASE),
-    _re.compile(r"reply|respond", _re.IGNORECASE),
-    _re.compile(r"invoice", _re.IGNORECASE),
-    _re.compile(r"payment", _re.IGNORECASE),
-    _re.compile(r"subscription", _re.IGNORECASE),
-]
-# Sender patterns that are definitely non-owner (automated/bot)
-NON_OWNER_SENDERS = {
-    "noreply@",
-    "no-reply@",
-    "notifications@",
-    "mailer-daemon@",
-    "postmaster@",
-    "donotreply@",
-}
-def _record_notification(entry: Dict[str, Any]) -> None:
-    """Append a notification record to the history file."""
-    try:
-        HISTORY_FILE.parent.mkdir(parents=True, exist_ok=True)
-        with open(HISTORY_FILE, "a", encoding="utf-8") as f:
-            f.write(json.dumps(entry) + "\n")
-    except OSError as e:
-        logger.warning("Failed to record notification: %s", e)
-def record_owner_action(entry: Dict[str, Any]) -> None:
-    """Append an owner-action record for dashboard and async fanout."""
-    try:
-        OWNER_ACTIONS_FILE.parent.mkdir(parents=True, exist_ok=True)
-        payload = {
-            "timestamp": datetime.now(timezone.utc).isoformat(),
-            "status": "open",
-            **entry,
-        }
-        with open(OWNER_ACTIONS_FILE, "a", encoding="utf-8") as f:
-            f.write(json.dumps(payload) + "\n")
-    except OSError as e:
-        logger.warning("Failed to record owner action: %s", e)
-def _post_json(url: str, payload: Dict[str, Any], timeout: int = 10) -> Dict[str, Any]:
-    """POST a JSON payload to a URL. Returns status dict."""
-    data = json.dumps(payload).encode("utf-8")
-    req = urllib.request.Request(
-        url,
-        data=data,
-        headers={"Content-Type": "application/json"},
-        method="POST",
-    )
-    try:
-        with urllib.request.urlopen(req, timeout=timeout) as resp:
-            return {
-                "status_code": resp.status,
-                "success": 200 <= resp.status < 300,
-            }
-    except urllib.error.HTTPError as e:
-        return {"status_code": e.code, "success": False, "error": str(e)}
-    except urllib.error.URLError as e:
-        return {"status_code": 0, "success": False, "error": str(e)}
-def send_webhook(
-    webhook_url: str,
-    message: str,
-    event_type: str = "",
-) -> Dict[str, Any]:
-    """Send a generic webhook notification (JSON POST)."""
-    if not webhook_url:
-        return {"error": "webhook_url is required for webhook channel"}
-    timestamp = datetime.now(timezone.utc).isoformat()
-    payload = {
-        "event_type": event_type or "delimit_notification",
-        "message": message,
-        "timestamp": timestamp,
-    }
-    result = _post_json(webhook_url, payload)
-    record = {
-        "channel": "webhook",
-        "event_type": event_type,
-        "message": message,
-        "webhook_url": webhook_url,
-        "timestamp": timestamp,
-        "success": result.get("success", False),
-    }
-    _record_notification(record)
-    return {
-        "channel": "webhook",
-        "delivered": result.get("success", False),
-        "status_code": result.get("status_code"),
-        "timestamp": timestamp,
-        "error": result.get("error"),
-    }
-def send_slack(
-    webhook_url: str,
-    message: str,
-    event_type: str = "",
-) -> Dict[str, Any]:
-    """Send a Slack notification via incoming webhook."""
-    if not webhook_url:
-        return {"error": "webhook_url is required for slack channel"}
-    timestamp = datetime.now(timezone.utc).isoformat()
-    prefix = f"[{event_type}] " if event_type else ""
-    payload = {"text": f"{prefix}{message}"}
-    result = _post_json(webhook_url, payload)
-    record = {
-        "channel": "slack",
-        "event_type": event_type,
-        "message": message,
-        "webhook_url": webhook_url,
-        "timestamp": timestamp,
-        "success": result.get("success", False),
-    }
-    _record_notification(record)
-    return {
-        "channel": "slack",
-        "delivered": result.get("success", False),
-        "status_code": result.get("status_code"),
-        "timestamp": timestamp,
-        "error": result.get("error"),
-    }
-def send_telegram(
-    message: str,
-    event_type: str = "",
-    bot_token: str = "",
-    chat_id: str = "",
-) -> Dict[str, Any]:
-    """Send a Telegram message via bot API."""
-    bot_token = bot_token or os.environ.get("DELIMIT_TELEGRAM_BOT_TOKEN", "") or _load_secret_value("DELIMIT_TELEGRAM_BOT_TOKEN", "TELEGRAM_MONITOR_BOT_TOKEN")
-    chat_id = chat_id or os.environ.get("DELIMIT_TELEGRAM_CHAT_ID", "") or _load_secret_value("DELIMIT_TELEGRAM_CHAT_ID", "TELEGRAM_MONITOR_CHAT_ID")
-    if not bot_token or not chat_id:
-        return {"error": "telegram bot token and chat id are required"}
-    timestamp = datetime.now(timezone.utc).isoformat()
-    prefix = f"[{event_type}] " if event_type else ""
-    payload = {
-        "chat_id": chat_id,
-        "text": f"{prefix}{message}",
-        "disable_web_page_preview": False,
-    }
-    url = f"https://api.telegram.org/bot{bot_token}/sendMessage"
-    result = _post_json(url, payload)
-    _record_notification({
-        "channel": "telegram",
-        "event_type": event_type,
-        "message": message,
-        "timestamp": timestamp,
-        "success": result.get("success", False),
-    })
-    return {
-        "channel": "telegram",
-        "delivered": result.get("success", False),
-        "status_code": result.get("status_code"),
-        "timestamp": timestamp,
-        "error": result.get("error"),
-    }
-def _load_smtp_account(from_account: str) -> Optional[Dict[str, str]]:
-    """Load SMTP credentials from smtp-all.json for a given account.
-    Args:
-        from_account: Email address key in smtp-all.json (e.g. 'pro@delimit.ai').
-    Returns:
-        Dict with host, port, user, pass keys, or None if not found.
-    """
-    secrets_path = Path.home() / ".delimit" / "secrets" / "smtp-all.json"
-    try:
-        if not secrets_path.exists():
-            return None
-        with open(secrets_path, "r", encoding="utf-8") as f:
-            accounts = json.load(f)
-        if from_account in accounts:
-            return accounts[from_account]
-        return None
-    except (OSError, json.JSONDecodeError) as e:
-        logger.warning("Failed to load smtp-all.json: %s", e)
-        return None
-def _flush_email_digest():
-    """Send all queued non-urgent emails as a single digest."""
-    global _email_digest_queue
-    if not _email_digest_queue:
-        return
-    items = list(_email_digest_queue)
-    _email_digest_queue.clear()
-    digest_body = f"Delimit Notification Digest ({len(items)} items)\n{'=' * 50}\n\n"
-    for i, item in enumerate(items, 1):
-        digest_body += f"--- [{i}] {item.get('subject', 'No subject')} ---\n"
-        digest_body += f"{item.get('body', '')[:500]}\n\n"
-    # Send digest as a single email (bypasses throttle since it IS the flush)
-    _email_send_times.append(_time.time())
-    digest_subject = f"[DIGEST] {len(items)} Delimit notifications"
-    timestamp = datetime.now(timezone.utc).isoformat()
-    try:
-        from_acct = items[0].get("from_account", "") if items else ""
-        smtp_to = items[0].get("to", "") if items else ""
-        if not smtp_to:
-            defaults = _load_smtp_account("_defaults") or {}
-            smtp_to = str(defaults.get("to") or os.environ.get("DELIMIT_SMTP_TO", ""))
-        delivered = _send_smtp_direct(
-            to=smtp_to,
-            subject=digest_subject,
-            body=digest_body,
-            from_account=from_acct,
-        )
-        _record_notification({
-            "channel": "email",
-            "event_type": "digest",
-            "to": smtp_to,
-            "from": from_acct or "pro@delimit.ai",
-            "subject": digest_subject,
-            "message": digest_body,
-            "timestamp": timestamp,
-            "success": delivered,
-            "items": len(items),
-        })
-        if delivered:
-            logger.info("Flushed email digest: %d items", len(items))
-        else:
-            logger.warning("Digest flush failed: no SMTP recipient or SMTP send returned false")
-    except Exception as e:
-        logger.warning("Digest flush failed: %s", e)
-def _send_smtp_direct(to: str, subject: str, body: str, from_account: str = "") -> bool:
-    """Low-level SMTP send — used by digest flush and direct sends."""
-    if not from_account:
-        defaults = _load_smtp_account("_defaults")
-        if defaults and defaults.get("from_account"):
-            from_account = str(defaults["from_account"])
-    acct = _load_smtp_account(from_account) if from_account else None
-    smtp_host = (acct or {}).get("host", os.environ.get("DELIMIT_SMTP_HOST", "smtp.gmail.com"))
-    smtp_port = int((acct or {}).get("port", os.environ.get("DELIMIT_SMTP_PORT", "587")))
-    smtp_user = (acct or {}).get("user", os.environ.get("DELIMIT_SMTP_USER", ""))
-    smtp_pass = (acct or {}).get("pass", os.environ.get("DELIMIT_SMTP_PASS", ""))
-    smtp_from = (acct or {}).get("from", smtp_user)
-    if not smtp_pass:
-        return False
-    msg = MIMEText(body, "plain", "utf-8")
-    msg["Subject"] = subject
-    msg["From"] = smtp_from
-    msg["To"] = to
-    try:
-        with smtplib.SMTP(smtp_host, smtp_port, timeout=15) as server:
-            server.starttls()
-            server.login(smtp_user, smtp_pass)
-            server.sendmail(smtp_from, [to], msg.as_string())
-        return True
-    except Exception as e:
-        logger.error("SMTP send failed: %s", e)
-        return False
-def _render_html_email(subject: str, body: str, event_type: str) -> str:
-    """Render a professional HTML email from a plain-text body.
-    Converts markdown-like patterns to HTML:
-    - Lines starting with "---" become <hr>
-    - Lines with ALL CAPS become section headers
-    - Lines starting with "- " become list items
-    - URLs become clickable links
-    - Draft text in quotes gets styled as blockquotes
-    - "approve/reject" instructions get styled as action buttons
-    """
-    import re
-    import html as _html
-    # Determine accent color from event type
-    color_map = {
-        "social_draft": "#7C3AED",   # purple — approval needed
-        "outreach": "#7C3AED",
-        "deploy": "#059669",          # green — deploy/success
-        "gate_failure": "#DC2626",    # red — failure/alert
-        "digest": "#2563EB",          # blue — informational
-        "info": "#2563EB",
-    }
-    accent = color_map.get(event_type, "#7C3AED")
-    # Parse subject for badge
-    badge = ""
-    badge_match = re.match(r'\[([A-Z]+)\]', subject)
-    if badge_match:
-        badge = badge_match.group(1)
-    def _render_copy_block(label: str, text: str) -> str:
-        escaped_text = _html.escape(text.strip("\n"))
-        escaped_label = _html.escape(label)
-        return (
-            f'<div style="margin:14px 0">'
-            f'<div style="background:{accent};color:white;padding:8px 12px;'
-            f'border-radius:8px 8px 0 0;font-size:12px;font-weight:700;letter-spacing:0.3px">'
-            f'{escaped_label}</div>'
-            f'<div style="border:1px solid #D1D5DB;border-top:none;border-radius:0 0 8px 8px;'
-            f'background:#F9FAFB;padding:12px">'
-            f'<div style="font-size:11px;color:#6B7280;margin-bottom:8px">'
-            f'Tap and hold inside this block to copy.</div>'
-            f'<pre style="margin:0;white-space:pre-wrap;word-break:break-word;'
-            f'font:13px/1.55 SFMono-Regular,Consolas,Monaco,monospace;color:#111827">'
-            f'{escaped_text}</pre>'
-            f'</div>'
-            f'</div>'
-        )
-    # Convert body lines to HTML
-    lines = body.split("\n")
-    html_lines = []
-    in_list = False
-    active_copy_label = None
-    active_copy_lines = []
-    for line in lines:
-        stripped = line.strip()
-        if stripped.startswith("--- COPY BELOW THIS LINE ---"):
-            if in_list:
-                html_lines.append("</ul>")
-                in_list = False
-            active_copy_label = "Manual Post Text"
-            active_copy_lines = []
-            continue
-        if stripped.startswith("--- TITLE (paste in title field) ---"):
-            if in_list:
-                html_lines.append("</ul>")
-                in_list = False
-            active_copy_label = "Post Title"
-            active_copy_lines = []
-            continue
-        if stripped.startswith("--- BODY (paste in body field) ---"):
-            if active_copy_label and active_copy_lines:
-                html_lines.append(_render_copy_block(active_copy_label, "\n".join(active_copy_lines)))
-            if in_list:
-                html_lines.append("</ul>")
-                in_list = False
-            active_copy_label = "Post Body"
-            active_copy_lines = []
-            continue
-        if stripped.startswith("--- SOURCE POST TITLE ---"):
-            if active_copy_label and active_copy_lines:
-                html_lines.append(_render_copy_block(active_copy_label, "\n".join(active_copy_lines)))
-            if in_list:
-                html_lines.append("</ul>")
-                in_list = False
-            active_copy_label = "Source Post Title"
-            active_copy_lines = []
-            continue
-        if stripped.startswith("--- SOURCE POST BODY ---"):
-            if active_copy_label and active_copy_lines:
-                html_lines.append(_render_copy_block(active_copy_label, "\n".join(active_copy_lines)))
-            if in_list:
-                html_lines.append("</ul>")
-                in_list = False
-            active_copy_label = "Source Post Body"
-            active_copy_lines = []
-            continue
-        if stripped == "--- END ---" and active_copy_label is not None:
-            html_lines.append(_render_copy_block(active_copy_label, "\n".join(active_copy_lines)))
-            active_copy_label = None
-            active_copy_lines = []
-            continue
-        if active_copy_label is not None:
-            active_copy_lines.append(line)
-            continue
-        if not stripped:
-            if in_list:
-                html_lines.append("</ul>")
-                in_list = False
-            html_lines.append("<br>")
-            continue
-        # Draft block headers: "--- Draft <id> (platform) ---"
-        if stripped.startswith("--- Draft ") and stripped.endswith("---"):
-            if in_list:
-                html_lines.append("</ul>")
-                in_list = False
-            draft_label = _html.escape(stripped.strip("- ").strip())
-            html_lines.append(
-                f'<div style="background:{accent};color:white;padding:8px 14px;'
-                f'border-radius:6px 6px 0 0;margin-top:16px;font-size:13px;font-weight:700">'
-                f'{draft_label}</div>'
-                f'<div style="background:#F9FAFB;border:1px solid #E5E7EB;border-top:none;'
-                f'border-radius:0 0 6px 6px;padding:12px 14px;margin-bottom:4px">'
-            )
-            # The next lines until the next "---" or "To approve" will be inside this box
-            # We'll close it when we hit the next separator
-            continue
-        # Horizontal rules / separators
-        if stripped.startswith("---") or stripped.startswith("==="):
-            if in_list:
-                html_lines.append("</ul>")
-                in_list = False
-            # Close any open draft box
-            html_lines.append('</div>')
-            html_lines.append(f'<hr style="border:none;border-top:1px solid #E5E7EB;margin:16px 0">')
-            continue
-        # Section headers (ALL CAPS lines or lines ending with colon that are short)
-        if (stripped.isupper() and len(stripped) > 3 and len(stripped) < 60) or \
-           (stripped.endswith(":") and len(stripped) < 50 and stripped[:-1].replace(" ", "").replace("-", "").isalpha()):
-            if in_list:
-                html_lines.append("</ul>")
-                in_list = False
-            html_lines.append(
-                f'<h3 style="color:{accent};font-size:13px;font-weight:700;'
-                f'text-transform:uppercase;letter-spacing:0.5px;margin:20px 0 8px 0;'
-                f'border-bottom:2px solid {accent};padding-bottom:4px">'
-                f'{_html.escape(stripped)}</h3>'
-            )
-            continue
-        # List items
-        if stripped.startswith("- ") or stripped.startswith("* "):
-            if not in_list:
-                html_lines.append('<ul style="margin:4px 0;padding-left:20px">')
-                in_list = True
-            item = _html.escape(stripped[2:])
-            # Bold draft IDs
-            item = re.sub(r'([0-9a-f]{12})', r'<code style="background:#F3F4F6;padding:1px 4px;border-radius:3px;font-size:12px">\1</code>', item)
-            html_lines.append(f'<li style="margin:4px 0;color:#374151">{item}</li>')
-            continue
-        if in_list:
-            html_lines.append("</ul>")
-            in_list = False
-        escaped = _html.escape(stripped)
-        # Convert URLs to clickable links
-        escaped = re.sub(
-            r'(https?://[^\s<>&"]+)',
-            r'<a href="\1" style="color:{};text-decoration:underline">\1</a>'.format(accent),
-            escaped,
-        )
-        # Style quoted draft text
-        if escaped.startswith('"') and escaped.endswith('"'):
-            html_lines.append(
-                f'<blockquote style="border-left:3px solid {accent};margin:8px 0;'
-                f'padding:8px 12px;background:#F9FAFB;color:#374151;font-style:italic">'
-                f'{escaped}</blockquote>'
-            )
-            continue
-        # Style approve/reject instructions as action callouts
-        if any(kw in stripped.lower() for kw in ("to approve", "reply with", "reply \"approve")):
-            html_lines.append(
-                f'<div style="background:#F0FDF4;border:1px solid #BBF7D0;border-radius:6px;'
-                f'padding:10px 14px;margin:12px 0;font-weight:600;color:#166534">'
-                f'{escaped}</div>'
-            )
-            continue
-        if any(kw in stripped.lower() for kw in ("to reject", "reply \"reject")):
-            html_lines.append(
-                f'<div style="background:#FEF2F2;border:1px solid #FECACA;border-radius:6px;'
-                f'padding:10px 14px;margin:12px 0;color:#991B1B">'
-                f'{escaped}</div>'
-            )
-            continue
-        # Protocol warnings
-        if "PROTOCOL WARNING" in stripped:
-            html_lines.append(
-                f'<div style="background:#FEF3C7;border:1px solid #FDE68A;border-radius:6px;'
-                f'padding:10px 14px;margin:12px 0;color:#92400E;font-size:12px">'
-                f'{escaped}</div>'
-            )
-            continue
-        # Regular paragraph
-        html_lines.append(f'<p style="margin:6px 0;color:#374151;line-height:1.5">{escaped}</p>')
-    if in_list:
-        html_lines.append("</ul>")
-    body_html = "\n".join(html_lines)
-    # Build full HTML email
-    badge_html = ""
-    if badge:
-        badge_colors = {
-            "APPROVE": ("#7C3AED", "#EDE9FE"),
-            "ACTION": ("#D97706", "#FEF3C7"),
-            "ALERT": ("#DC2626", "#FEE2E2"),
-            "URGENT": ("#DC2626", "#FEE2E2"),
-            "GATE": ("#DC2626", "#FEE2E2"),
-            "DIGEST": ("#2563EB", "#DBEAFE"),
-            "INFO": ("#6B7280", "#F3F4F6"),
-            "OUTREACH": ("#7C3AED", "#EDE9FE"),
-            "DEPLOY": ("#059669", "#D1FAE5"),
-        }
-        fg, bg = badge_colors.get(badge, ("#6B7280", "#F3F4F6"))
-        badge_html = (
-            f'<span style="display:inline-block;background:{bg};color:{fg};'
-            f'font-size:11px;font-weight:700;padding:2px 8px;border-radius:4px;'
-            f'letter-spacing:0.5px;margin-bottom:8px">{badge}</span><br>'
-        )
-    # Clean subject for display (remove bracket prefix)
-    display_subject = re.sub(r'^\[[A-Z]+\]\s*', '', subject)
-    return f"""<!DOCTYPE html>
-<html>
-<head><meta charset="utf-8"><meta name="viewport" content="width=device-width,initial-scale=1"></head>
-<body style="margin:0;padding:0;background:#F9FAFB;font-family:-apple-system,BlinkMacSystemFont,'Segoe UI',Roboto,sans-serif">
-<table width="100%" cellpadding="0" cellspacing="0" style="background:#F9FAFB;padding:20px 0">
-<tr><td align="center">
-<table width="600" cellpadding="0" cellspacing="0" style="background:#FFFFFF;border-radius:8px;box-shadow:0 1px 3px rgba(0,0,0,0.1);overflow:hidden">
-<!-- Header bar -->
-<tr><td style="background:{accent};padding:16px 24px">
-  <table width="100%" cellpadding="0" cellspacing="0"><tr>
-    <td><span style="color:white;font-size:14px;font-weight:700;letter-spacing:0.5px">DELIMIT</span></td>
-    <td align="right"><span style="color:rgba(255,255,255,0.8);font-size:11px">{event_type or 'notification'}</span></td>
-  </tr></table>
-</td></tr>
-<!-- Body -->
-<tr><td style="padding:24px">
-  {badge_html}
-  <h2 style="margin:0 0 16px 0;color:#111827;font-size:18px;font-weight:600;line-height:1.3">{_html.escape(display_subject)}</h2>
-  {body_html}
-</td></tr>
-<!-- Footer -->
-<tr><td style="background:#F9FAFB;padding:12px 24px;border-top:1px solid #E5E7EB">
-  <table width="100%" cellpadding="0" cellspacing="0"><tr>
-    <td><span style="color:#9CA3AF;font-size:11px">Sent by Delimit governance layer</span></td>
-    <td align="right"><a href="https://delimit.ai" style="color:#9CA3AF;font-size:11px;text-decoration:none">delimit.ai</a></td>
-  </tr></table>
-</td></tr>
-</table>
-</td></tr>
-</table>
-</body>
-</html>"""
-def send_email(
-    to: str = "",
-    subject: str = "",
-    body: str = "",
-    from_account: str = "",
-    message: str = "",
-    event_type: str = "",
-) -> Dict[str, Any]:
-    """Send an email notification via SMTP.
-    Args:
-        to: Recipient email address. Falls back to DELIMIT_SMTP_TO or
-            owner@example.com.
-        subject: Email subject line.
-        body: Email body text (preferred). Falls back to 'message' for
-            backward compatibility.
-        from_account: Sender account key in ~/.delimit/secrets/smtp-all.json
-            (e.g. 'pro@delimit.ai', 'admin@wire.report'). If provided, SMTP
-            credentials are loaded from that file instead of env vars.
-        message: Email body text (legacy parameter, use 'body' instead).
-        event_type: Event category for filtering/logging.
-    Credential resolution order:
-        1. from_account lookup in ~/.delimit/secrets/smtp-all.json
-        2. DELIMIT_SMTP_* environment variables
-    """
-    # body takes precedence, fall back to message for backward compat
-    email_body = body or message
-    timestamp = datetime.now(timezone.utc).isoformat()
-    event_key = (event_type or "").lower()
-    force_digest = event_key in ("social_draft", "outreach")
-    # ── Throttle: batch non-urgent, always send P0/immediate ──
-    is_urgent = (not force_digest) and any(tag in event_key + (subject or "").lower()
-                    for tag in ("p0", "urgent", "alert", "critical", "social_draft", "approve",
-                                "founder_directive", "gate_failure"))
-    global _last_digest_flush
-    with _email_throttle_lock:
-        now = _time.time()
-        # Prune sends older than 1 hour
-        _email_send_times[:] = [t for t in _email_send_times if now - t < 3600]
-        if force_digest or (not is_urgent and len(_email_send_times) >= _EMAIL_MAX_PER_HOUR):
-            # Queue for digest instead of sending immediately
-            _email_digest_queue.append({
-                "to": to, "subject": subject, "body": email_body,
-                "from_account": from_account, "event_type": event_type,
-                "timestamp": timestamp,
-            })
-            # Flush digest every 15 minutes
-            if now - _last_digest_flush >= _EMAIL_DIGEST_INTERVAL and _email_digest_queue:
-                _flush_email_digest()
-                _last_digest_flush = now
-            return {
-                "channel": "email",
-                "delivered": False,
-                "queued": True,
-                "reason": "Batched for digest." if force_digest else f"Throttled ({len(_email_send_times)}/{_EMAIL_MAX_PER_HOUR} per hour). Batched for digest.",
-                "queue_size": len(_email_digest_queue),
-                "timestamp": timestamp,
-            }
-        _email_send_times.append(now)
-    # Try from_account first, then _defaults, then fall back to env vars
-    if not from_account:
-        defaults = _load_smtp_account("_defaults")
-        if defaults and defaults.get("from_account"):
-            from_account = defaults["from_account"]
-    account_creds = _load_smtp_account(from_account) if from_account else None
-    if account_creds:
-        smtp_host = account_creds.get("host", "")
-        smtp_port = int(account_creds.get("port", 587))
-        smtp_user = account_creds.get("user", "")
-        smtp_pass = account_creds.get("pass", "")
-        smtp_from = account_creds.get("from_alias", from_account)
-    else:
-        smtp_host = os.environ.get("DELIMIT_SMTP_HOST", "")
-        smtp_port = int(os.environ.get("DELIMIT_SMTP_PORT", "587"))
-        smtp_user = os.environ.get("DELIMIT_SMTP_USER", "")
-        smtp_pass = os.environ.get("DELIMIT_SMTP_PASS", "")
-        smtp_from = os.environ.get("DELIMIT_SMTP_FROM", "")
-    # Resolve recipient: explicit > env var > smtp-all.json _defaults
-    smtp_to = to or os.environ.get("DELIMIT_SMTP_TO", "")
-    if not smtp_to:
-        defaults = _load_smtp_account("_defaults")
-        if defaults:
-            smtp_to = defaults.get("to", "")
-    if not all([smtp_host, smtp_from, smtp_to]):
-        record = {
-            "channel": "email",
-            "event_type": event_type,
-            "to": smtp_to,
-            "from": smtp_from,
-            "message": email_body,
-            "subject": subject,
-            "timestamp": timestamp,
-            "success": False,
-            "reason": "smtp_not_configured",
-        }
-        _record_notification(record)
-        return {
-            "channel": "email",
-            "delivered": False,
-            "timestamp": timestamp,
-            "error": "SMTP not configured. Set DELIMIT_SMTP_HOST, DELIMIT_SMTP_FROM, DELIMIT_SMTP_TO environment variables, or use from_account with smtp-all.json.",
-            "intent_logged": True,
-        }
-    subj = subject or f"Delimit: {event_type or 'Notification'}"
-    html_body = _render_html_email(subj, email_body, event_type)
-    msg = MIMEText(html_body, "html")
-    msg["Subject"] = subj
-    msg["From"] = smtp_from
-    msg["To"] = smtp_to
-    # Generate a unique Message-ID for threading support (Consensus 116)
-    import uuid as _uuid
-    domain = smtp_from.split("@", 1)[1] if "@" in smtp_from else "delimit.ai"
-    message_id = f"<{_uuid.uuid4().hex}@{domain}>"
-    msg["Message-ID"] = message_id
-    try:
-        with smtplib.SMTP(smtp_host, smtp_port, timeout=10) as server:
-            if smtp_user and smtp_pass:
-                server.starttls()
-                server.login(smtp_user, smtp_pass)
-            server.sendmail(smtp_from, [smtp_to], msg.as_string())
-        record = {
-            "channel": "email",
-            "event_type": event_type,
-            "to": smtp_to,
-            "from": smtp_from,
-            "subject": subj,
-            "message": email_body,
-            "timestamp": timestamp,
-            "success": True,
-            "message_id": message_id,
-        }
-        _record_notification(record)
-        return {
-            "channel": "email",
-            "delivered": True,
-            "timestamp": timestamp,
-            "subject": subj,
-            "to": smtp_to,
-            "from": smtp_from,
-            "message_id": message_id,
-        }
-    except Exception as e:
-        record = {
-            "channel": "email",
-            "event_type": event_type,
-            "to": smtp_to,
-            "from": smtp_from,
-            "message": email_body,
-            "timestamp": timestamp,
-            "success": False,
-            "error": str(e),
-        }
-        _record_notification(record)
-        return {
-            "channel": "email",
-            "delivered": False,
-            "timestamp": timestamp,
-            "error": str(e),
-        }
-# ═════════════════════════════════════════════════════════════════════
-#  Email Protocol — enforced server-side, model-agnostic
-# ═════════════════════════════════════════════════════════════════════
-# Every email must be self-contained and actionable on mobile.
-# The protocol validates required sections per event_type and rejects
-# or fixes emails that don't meet the standard.
-# Subject line MUST start with one of these brackets:
-_VALID_SUBJECT_PREFIXES = (
-    "[APPROVE]", "[ACTION]", "[INFO]", "[ALERT]", "[DIGEST]",
-    "[URGENT]", "[OUTREACH]", "[DEPLOY]", "[GATE]",
-)
-# Required sections per event_type. Each is a (header, description) tuple.
-_EMAIL_PROTOCOL: Dict[str, List[tuple]] = {
-    "social_draft": [
-        ("THREAD CONTEXT", "subreddit/platform, post topic, engagement stats"),
-        ("DRAFT", "the full draft text, not just an ID"),
-        ("TO APPROVE", "reply instructions with draft_id"),
-    ],
-    "outreach": [
-        ("TARGETS FOUND", "list with platform, title/snippet, URL"),
-        ("DRAFTS", "full draft text for each, with draft_id"),
-        ("TO APPROVE", "reply instructions"),
-    ],
-    "deploy": [
-        ("WHAT CHANGED", "summary of changes being deployed"),
-        ("GATES PASSED", "test, security, lint results"),
-        ("TO APPROVE", "reply instructions or auto-proceed note"),
-    ],
-    "gate_failure": [
-        ("WHAT FAILED", "which gate and why"),
-        ("IMPACT", "what is blocked"),
-        ("TO FIX", "next steps"),
-    ],
-    "digest": [
-        ("COMPLETED", "what was done since last digest"),
-        ("PENDING YOUR ACTION", "items needing founder response"),
-    ],
-}
-def _load_drafts_by_ids(draft_ids: list) -> list:
-    """Load draft entries from social_drafts.jsonl matching the given IDs."""
-    drafts_file = Path.home() / ".delimit" / "social_drafts.jsonl"
-    if not drafts_file.exists():
-        return []
-    results = []
-    id_set = set(draft_ids)
-    try:
-        for line in drafts_file.read_text().splitlines():
-            if not line.strip():
-                continue
-            try:
-                d = json.loads(line)
-                if d.get("draft_id") in id_set and d.get("status") == "pending":
-                    results.append(d)
-            except (json.JSONDecodeError, ValueError):
-                continue
-    except Exception:
-        pass
-    return results
-def _enforce_email_protocol(subject: str, message: str, event_type: str) -> tuple:
-    """Validate and fix email against the protocol. Returns (subject, message, warnings)."""
-    warnings = []
-    # 1. Subject must have a valid prefix bracket
-    if not any(subject.startswith(p) for p in _VALID_SUBJECT_PREFIXES):
-        # Try to infer from event_type
-        prefix_map = {
-            "social_draft": "[APPROVE]",
-            "outreach": "[OUTREACH]",
-            "deploy": "[DEPLOY]",
-            "gate_failure": "[ALERT]",
-            "digest": "[DIGEST]",
-            "info": "[INFO]",
-        }
-        prefix = prefix_map.get(event_type, "[INFO]")
-        subject = f"{prefix} {subject}"
-        warnings.append(f"Subject prefix added: {prefix}")
-    # 2. Check required sections for this event_type
-    required = _EMAIL_PROTOCOL.get(event_type, [])
-    msg_upper = message.upper()
-    missing = []
-    for header, desc in required:
-        # Check if the section header appears (case-insensitive, with or without colon)
-        if header.upper() not in msg_upper:
-            missing.append(f"{header} ({desc})")
-    if missing:
-        # Append a protocol warning to the email body so the founder sees what's missing
-        message += "\n\n" + "=" * 40
-        message += "\nPROTOCOL WARNING — Missing required sections:"
-        for m in missing:
-            message += f"\n  - {m}"
-        message += "\n\nThis email may not be fully actionable. The sending model"
-        message += "\nskipped required context. Check drafts via delimit_social_approve."
-        warnings.append(f"Missing sections: {', '.join(m.split(' (')[0] for m in missing)}")
-    # 3. Outreach/social_draft emails — auto-inject full draft text from social_drafts.jsonl
-    if event_type in ("social_draft", "outreach"):
-        import re
-        draft_ids = re.findall(r'[0-9a-f]{12}', message)
-        if draft_ids:
-            drafts = _load_drafts_by_ids(draft_ids)
-            if drafts:
-                message += "\n\n" + "=" * 40
-                message += "\nCOPY-READY DRAFTS"
-                message += "\n" + "=" * 40
-                for d in drafts:
-                    did = d.get("draft_id", "")
-                    text = d.get("text", "")
-                    platform = d.get("platform", "")
-                    ctx = d.get("context", "")
-                    thread_url = d.get("thread_url", "")
-                    reply_to_id = d.get("reply_to_id", "")
-                    # Try to extract URL from context if thread_url is empty
-                    if not thread_url and ctx:
-                        url_match = re.search(r'https?://[^\s]+', ctx)
-                        if url_match:
-                            thread_url = url_match.group(0)
-                    message += f"\n\n--- Draft {did} ({platform}) ---"
-                    message += f"\nWHERE: {platform}"
-                    where_link = thread_url or (f"https://x.com/i/status/{reply_to_id}" if reply_to_id else "")
-                    if where_link:
-                        message += f"\nLINK: {where_link}"
-                    if ctx:
-                        message += f"\nWHY: {ctx}"
-                    message += f"\nWHAT:\nManual Post Text\n{text}"
-                    message += f"\n\nTo approve: reply \"approve {did}\""
-                message += "\n\n" + "=" * 40
-                warnings.append(f"Auto-injected {len(drafts)} draft texts from social_drafts.jsonl")
-    # 4. Always append the standard footer
-    if "delimit.ai" not in message.lower() and "Delimit" not in message:
-        message += "\n\n---\nSent by Delimit governance layer"
-    return subject, message, warnings
-def send_notification(
-    channel: str = "webhook",
-    message: str = "",
-    webhook_url: str = "",
-    subject: str = "",
-    event_type: str = "",
-    to: str = "",
-    from_account: str = "",
-) -> Dict[str, Any]:
-    """Route a notification to the appropriate channel."""
-    if not message:
-        return {"error": "message is required"}
-    # Enforce email protocol for all email notifications
-    protocol_warnings = []
-    if channel == "email":
-        subject, message, protocol_warnings = _enforce_email_protocol(subject, message, event_type)
-    if channel == "webhook":
-        return send_webhook(webhook_url, message, event_type)
-    elif channel == "slack":
-        return send_slack(webhook_url, message, event_type)
-    elif channel == "email":
-        result = send_email(
-            to=to,
-            subject=subject,
-            message=message,
-            from_account=from_account,
-            event_type=event_type,
-        )
-        if protocol_warnings:
-            result["protocol_warnings"] = protocol_warnings
-        return result
-    elif channel == "telegram":
-        return send_telegram(message=message, event_type=event_type)
-    else:
-        return {"error": f"Unknown channel: {channel}. Supported: webhook, slack, email, telegram"}
-# ═════════════════════════════════════════════════════════════════════
-#  LED-233: Impact-Based Notification Routing
-# ═════════════════════════════════════════════════════════════════════
-ROUTING_CONFIG_FILE = Path.home() / ".delimit" / "notify_routing.yaml"
-# Severity aliases — map various input labels to canonical levels
-_SEVERITY_ALIASES: Dict[str, str] = {
-    "critical": "critical",
-    "breaking": "critical",
-    "error": "critical",
-    "major": "critical",
-    "warning": "warning",
-    "non-breaking": "warning",
-    "minor": "warning",
-    "info": "info",
-    "cosmetic": "info",
-    "docs": "info",
-    "patch": "info",
-    "none": "info",
-}
-DEFAULT_ROUTING_CONFIG: Dict[str, Any] = {
-    "routing": {
-        "critical": {
-            "channels": ["email", "webhook"],
-            "email_subject_prefix": "[URGENT]",
-            "webhook_priority": "high",
-        },
-        "warning": {
-            "channels": ["webhook"],
-            "webhook_priority": "normal",
-        },
-        "info": {
-            "channels": [],
-            "digest": True,
-        },
-    },
-}
-def load_routing_config() -> Dict[str, Any]:
-    """Load routing config from ~/.delimit/notify_routing.yaml or return defaults.
-    Returns:
-        The routing configuration dict with a 'routing' key.
-    """
-    if ROUTING_CONFIG_FILE.exists():
-        try:
-            if _yaml is not None:
-                with open(ROUTING_CONFIG_FILE, "r", encoding="utf-8") as f:
-                    config = _yaml.safe_load(f)
-                if isinstance(config, dict) and "routing" in config:
-                    return config
-            else:
-                # Fallback: try JSON (yaml not installed)
-                with open(ROUTING_CONFIG_FILE, "r", encoding="utf-8") as f:
-                    config = json.load(f)
-                if isinstance(config, dict) and "routing" in config:
-                    return config
-        except Exception as e:
-            logger.warning("Failed to load routing config from %s: %s", ROUTING_CONFIG_FILE, e)
-    return DEFAULT_ROUTING_CONFIG
-def save_routing_config(config: Dict[str, Any]) -> Dict[str, Any]:
-    """Save routing config to ~/.delimit/notify_routing.yaml.
-    Args:
-        config: Full routing config dict (must contain 'routing' key).
-    Returns:
-        Status dict with success/error.
-    """
-    if "routing" not in config:
-        return {"error": "Config must contain a 'routing' key."}
-    try:
-        ROUTING_CONFIG_FILE.parent.mkdir(parents=True, exist_ok=True)
-        if _yaml is not None:
-            with open(ROUTING_CONFIG_FILE, "w", encoding="utf-8") as f:
-                _yaml.dump(config, f, default_flow_style=False)
-        else:
-            with open(ROUTING_CONFIG_FILE, "w", encoding="utf-8") as f:
-                json.dump(config, f, indent=2)
-        return {"success": True, "path": str(ROUTING_CONFIG_FILE)}
-    except Exception as e:
-        return {"error": f"Failed to save routing config: {e}"}
-def _classify_severity(change: Dict[str, Any]) -> str:
-    """Map a single change dict to a canonical severity level (critical/warning/info).
-    Inspects these keys in order:
-      - 'severity' (from lint violations)
-      - 'is_breaking' (from diff changes)
-      - 'type' (change type string)
-    """
-    # Direct severity label
-    sev = str(change.get("severity", "")).lower()
-    if sev in _SEVERITY_ALIASES:
-        return _SEVERITY_ALIASES[sev]
-    # Breaking flag from diff engine
-    if change.get("is_breaking"):
-        return "critical"
-    # Change type heuristic
-    ctype = str(change.get("type", "")).lower()
-    if "removed" in ctype or "breaking" in ctype:
-        return "critical"
-    if "added" in ctype or "changed" in ctype:
-        return "warning"
-    return "info"
-def route_by_impact(
-    changes: List[Dict[str, Any]],
-    routing_config: Optional[Dict[str, Any]] = None,
-    webhook_url: str = "",
-    email_to: str = "",
-    from_account: str = "",
-    dry_run: bool = False,
-) -> Dict[str, Any]:
-    """Route notifications based on change severity.
-    Takes a list of changes (from lint/diff output) and sends notifications
-    to the appropriate channels based on severity classification.
-    Args:
-        changes: List of change dicts (from lint violations or diff changes).
-        routing_config: Custom routing config. Uses saved/default if None.
-        webhook_url: Webhook URL for webhook channel delivery.
-        email_to: Email recipient for email channel delivery.
-        from_account: Sender account key for email delivery.
-        dry_run: If True, classify and plan routing but do not send.
-    Returns:
-        Dict with routing decisions and delivery results.
-    """
-    if not changes:
-        return {
-            "routed": 0,
-            "suppressed": 0,
-            "decisions": [],
-            "notifications_sent": [],
-        }
-    config = routing_config or load_routing_config()
-    routing_rules = config.get("routing", {})
-    timestamp = datetime.now(timezone.utc).isoformat()
-    # Classify all changes by severity
-    buckets: Dict[str, List[Dict[str, Any]]] = {
-        "critical": [],
-        "warning": [],
-        "info": [],
-    }
-    for change in changes:
-        severity = _classify_severity(change)
-        buckets[severity].append(change)
-    decisions: List[Dict[str, Any]] = []
-    notifications_sent: List[Dict[str, Any]] = []
-    suppressed_count = 0
-    for severity, items in buckets.items():
-        if not items:
-            continue
-        rule = routing_rules.get(severity, {})
-        channels = rule.get("channels", [])
-        is_digest = rule.get("digest", False)
-        if not channels:
-            # Suppressed (or digest-only)
-            suppressed_count += len(items)
-            decisions.append({
-                "severity": severity,
-                "count": len(items),
-                "action": "digest" if is_digest else "suppressed",
-                "channels": [],
-            })
-            continue
-        # Build notification message for this severity bucket
-        subject_prefix = rule.get("email_subject_prefix", "")
-        webhook_priority = rule.get("webhook_priority", "normal")
-        summary_lines = [f"{len(items)} {severity} change(s) detected:"]
-        for item in items[:10]:  # Cap detail lines at 10
-            msg = item.get("message", item.get("name", item.get("type", "change")))
-            path = item.get("path", "")
-            summary_lines.append(f"  - {msg}" + (f" ({path})" if path else ""))
-        if len(items) > 10:
-            summary_lines.append(f"  ... and {len(items) - 10} more")
-        message_body = "\n".join(summary_lines)
-        decision = {
-            "severity": severity,
-            "count": len(items),
-            "action": "notify",
-            "channels": list(channels),
-        }
-        decisions.append(decision)
-        if dry_run:
-            continue
-        # Send to each configured channel
-        for channel in channels:
-            if channel == "email":
-                subject = f"{subject_prefix} Delimit: {severity} API changes".strip()
-                result = send_email(
-                    to=email_to,
-                    subject=subject,
-                    body=message_body,
-                    from_account=from_account,
-                    event_type=f"impact_routing_{severity}",
-                )
-                notifications_sent.append({
-                    "channel": "email",
-                    "severity": severity,
-                    "delivered": result.get("delivered", False),
-                    "error": result.get("error"),
-                })
-            elif channel == "webhook" and webhook_url:
-                # Inject priority into the webhook payload
-                payload = {
-                    "event_type": f"delimit_impact_{severity}",
-                    "message": message_body,
-                    "priority": webhook_priority,
-                    "severity": severity,
-                    "change_count": len(items),
-                    "timestamp": timestamp,
-                }
-                post_result = _post_json(webhook_url, payload)
-                _record_notification({
-                    "channel": "webhook",
-                    "event_type": f"impact_routing_{severity}",
-                    "message": message_body,
-                    "webhook_url": webhook_url,
-                    "priority": webhook_priority,
-                    "timestamp": timestamp,
-                    "success": post_result.get("success", False),
-                })
-                notifications_sent.append({
-                    "channel": "webhook",
-                    "severity": severity,
-                    "priority": webhook_priority,
-                    "delivered": post_result.get("success", False),
-                    "error": post_result.get("error"),
-                })
-            elif channel == "slack" and webhook_url:
-                result = send_slack(webhook_url, message_body, f"impact_{severity}")
-                notifications_sent.append({
-                    "channel": "slack",
-                    "severity": severity,
-                    "delivered": result.get("delivered", False),
-                    "error": result.get("error"),
-                })
-    return {
-        "routed": sum(d["count"] for d in decisions if d["action"] == "notify"),
-        "suppressed": suppressed_count,
-        "decisions": decisions,
-        "notifications_sent": notifications_sent,
-        "timestamp": timestamp,
-        "dry_run": dry_run,
-    }
-# ═════════════════════════════════════════════════════════════════════
-#  INBOUND EMAIL: IMAP polling, classification, and forwarding
-# ═════════════════════════════════════════════════════════════════════
-def _record_inbox_routing(entry: Dict[str, Any]) -> None:
-    """Append a routing record to the inbox routing log."""
-    try:
-        INBOX_ROUTING_FILE.parent.mkdir(parents=True, exist_ok=True)
-        with open(INBOX_ROUTING_FILE, "a", encoding="utf-8") as f:
-            f.write(json.dumps(entry) + "\n")
-    except OSError as e:
-        logger.warning("Failed to record inbox routing: %s", e)
-def _decode_header(raw: str) -> str:
-    """Decode an RFC 2047 encoded email header into a plain string."""
-    if not raw:
-        return ""
-    parts = email.header.decode_header(raw)
-    decoded = []
-    for data, charset in parts:
-        if isinstance(data, bytes):
-            decoded.append(data.decode(charset or "utf-8", errors="replace"))
-        else:
-            decoded.append(data)
-    return " ".join(decoded)
-def _extract_sender_email(from_header: str) -> str:
-    """Extract the bare email address from a From header."""
-    _, addr = email.utils.parseaddr(from_header)
-    return addr.lower()
-def _extract_sender_domain(sender_email: str) -> str:
-    """Extract domain from an email address."""
-    if "@" in sender_email:
-        return sender_email.split("@", 1)[1]
-    return ""
-def classify_email(sender: str, subject: str, from_header: str = "") -> str:
-    """Classify an email as 'owner-action' or 'non-owner'.
-    Returns:
-        'owner-action' if the email needs owner attention.
-        'non-owner' if it can stay in the Delimit inbox.
-    """
-    sender_lower = sender.lower()
-    sender_domain = _extract_sender_domain(sender_lower)
-    # Rule 1: from the owner directly
-    if sender_lower in OWNER_ACTION_SENDERS:
-        return "owner-action"
-    # Rule 2: from a known vendor/partner domain
-    if sender_domain in OWNER_ACTION_DOMAINS:
-        return "owner-action"
-    # Rule 3: subject matches owner-action patterns
-    for pattern in OWNER_ACTION_SUBJECT_PATTERNS:
-        if pattern.search(subject):
-            return "owner-action"
-    # Rule 4: if sender looks like a real person (not noreply), lean owner-action
-    # Only if from_header has a display name that looks personal
-    is_noreply = any(sender_lower.startswith(prefix) for prefix in NON_OWNER_SENDERS)
-    if not is_noreply and sender_domain and sender_domain not in ("pypi.org",):
-        # Check if subject indicates automated content
-        automated_keywords = ["unsubscribe", "newsletter", "digest", "weekly roundup",
-                              "notification", "alert", "automated", "receipt"]
-        subject_lower = subject.lower()
-        if any(kw in subject_lower for kw in automated_keywords):
-            return "non-owner"
-        # Personal email from unknown domain - forward to be safe
-        return "owner-action"
-    return "non-owner"
-def _forward_email(original_msg: email.message.Message, smtp_pass: str) -> bool:
-    """Forward an email to the owner via SMTP."""
-    subject = _decode_header(original_msg.get("Subject", ""))
-    from_header = original_msg.get("From", "")
-    # Build forwarded message
-    body_parts = []
-    if original_msg.is_multipart():
-        for part in original_msg.walk():
-            if part.get_content_type() == "text/plain":
-                payload = part.get_payload(decode=True)
-                if payload:
-                    body_parts.append(payload.decode("utf-8", errors="replace"))
-    else:
-        payload = original_msg.get_payload(decode=True)
-        if payload:
-            body_parts.append(payload.decode("utf-8", errors="replace"))
-    body = "\n".join(body_parts) if body_parts else "(no text content)"
-    fwd_text = (
-        f"--- Forwarded from pro@delimit.ai ---\n"
-        f"From: {from_header}\n"
-        f"Subject: {subject}\n"
-        f"Date: {original_msg.get('Date', 'unknown')}\n"
-        f"---\n\n"
-        f"{body}"
-    )
-    fwd_msg = MIMEText(fwd_text)
-    fwd_msg["Subject"] = f"[Fwd] {subject}"
-    fwd_msg["From"] = IMAP_USER
-    fwd_msg["To"] = FORWARD_TO
-    try:
-        with smtplib.SMTP(IMAP_HOST, 587, timeout=10) as server:
-            server.starttls()
-            server.login(IMAP_USER, smtp_pass)
-            server.sendmail(IMAP_USER, [FORWARD_TO], fwd_msg.as_string())
-        return True
-    except Exception as e:
-        logger.error("Failed to forward email: %s", e)
-        return False
-def poll_inbox(
-    smtp_pass: str = "",
-    limit: int = 20,
-    process: bool = True,
-) -> Dict[str, Any]:
-    """Poll the IMAP inbox, classify emails, and optionally forward owner-action items.
-    Args:
-        smtp_pass: SMTP/IMAP password for pro@delimit.ai.
-        limit: Max number of recent messages to check.
-        process: If True, forward owner-action emails and mark as read.
-                 If False, just report classification (dry run).
-    Returns:
-        Summary of inbox state and routing decisions.
-    """
-    if not smtp_pass:
-        smtp_pass = os.environ.get("DELIMIT_SMTP_PASS", "")
-    if not smtp_pass and IMAP_USER:
-        account = _load_smtp_account(IMAP_USER)
-        smtp_pass = str((account or {}).get("pass") or (account or {}).get("password") or "")
-    if not smtp_pass:
-        return {"error": "IMAP password required. Set DELIMIT_SMTP_PASS or pass smtp_pass."}
-    timestamp = datetime.now(timezone.utc).isoformat()
-    try:
-        imap = imaplib.IMAP4_SSL(IMAP_HOST, IMAP_PORT)
-        imap.login(IMAP_USER, smtp_pass)
-    except Exception as e:
-        return {"error": f"IMAP connection failed: {e}"}
-    try:
-        imap.select("INBOX")
-        # Get UNSEEN messages first, then fall back to recent ALL
-        status, unseen_data = imap.search(None, "UNSEEN")
-        unseen_ids = unseen_data[0].split() if unseen_data[0] else []
-        # Also get all message IDs for the summary
-        status, all_data = imap.search(None, "ALL")
-        all_ids = all_data[0].split() if all_data[0] else []
-        # Process unseen messages (up to limit)
-        target_ids = unseen_ids[-limit:] if unseen_ids else []
-        results: List[Dict[str, Any]] = []
-        forwarded = 0
-        skipped = 0
-        for msg_id in target_ids:
-            # Fetch without marking as seen (use BODY.PEEK)
-            status, data = imap.fetch(msg_id, "(BODY.PEEK[])")
-            if status != "OK" or not data or not data[0]:
-                continue
-            raw_email = data[0][1]
-            msg = email.message_from_bytes(raw_email)
-            from_header = _decode_header(msg.get("From", ""))
-            subject = _decode_header(msg.get("Subject", ""))
-            date_str = msg.get("Date", "")
-            sender_addr = _extract_sender_email(from_header)
-            classification = classify_email(sender_addr, subject, from_header)
-            entry = {
-                "msg_id": msg_id.decode(),
-                "from": from_header,
-                "sender": sender_addr,
-                "subject": subject,
-                "date": date_str,
-                "classification": classification,
-                "forwarded": False,
-            }
-            if process and classification == "owner-action":
-                success = _forward_email(msg, smtp_pass)
-                entry["forwarded"] = success
-                if success:
-                    # Mark as seen after successful forward
-                    imap.store(msg_id, "+FLAGS", "\\Seen")
-                    forwarded += 1
-                else:
-                    entry["forward_error"] = True
-            elif process and classification == "non-owner":
-                # Mark as seen (processed, stays in inbox)
-                imap.store(msg_id, "+FLAGS", "\\Seen")
-                skipped += 1
-            results.append(entry)
-            _record_inbox_routing({**entry, "timestamp": timestamp, "process_mode": process})
-        imap.logout()
-        return {
-            "timestamp": timestamp,
-            "total_messages": len(all_ids),
-            "unseen_count": len(unseen_ids),
-            "processed": len(results),
-            "forwarded_to_owner": forwarded,
-            "kept_in_inbox": skipped,
-            "dry_run": not process,
-            "messages": results,
-        }
-    except Exception as e:
-        try:
-            imap.logout()
-        except Exception:
-            pass
-        return {"error": f"Inbox processing failed: {e}"}
-def get_inbox_status(
-    smtp_pass: str = "",
-    limit: int = 10,
-) -> Dict[str, Any]:
-    """Get inbox status and recent routing history without processing.
-    Args:
-        smtp_pass: IMAP password.
-        limit: Number of recent messages to show.
-    Returns:
-        Inbox summary and recent routing log entries.
-    """
-    # Get recent routing history from log
-    routing_history: List[Dict[str, Any]] = []
-    try:
-        if INBOX_ROUTING_FILE.exists():
-            with open(INBOX_ROUTING_FILE, "r", encoding="utf-8") as f:
-                lines = f.readlines()
-            for line in lines[-limit:]:
-                try:
-                    routing_history.append(json.loads(line.strip()))
-                except json.JSONDecodeError:
-                    continue
-    except OSError:
-        pass
-    # Get live inbox state
-    if not smtp_pass:
-        smtp_pass = os.environ.get("DELIMIT_SMTP_PASS", "")
-    if not smtp_pass:
-        return {
-            "routing_history": routing_history,
-            "error": "IMAP password required for live inbox status. Set DELIMIT_SMTP_PASS.",
-        }
-    try:
-        imap = imaplib.IMAP4_SSL(IMAP_HOST, IMAP_PORT)
-        imap.login(IMAP_USER, smtp_pass)
-        imap.select("INBOX")
-        _, all_data = imap.search(None, "ALL")
-        all_ids = all_data[0].split() if all_data[0] else []
-        _, unseen_data = imap.search(None, "UNSEEN")
-        unseen_ids = unseen_data[0].split() if unseen_data[0] else []
-        # Preview recent messages
-        recent_ids = all_ids[-limit:]
-        recent_msgs: List[Dict[str, str]] = []
-        for msg_id in recent_ids:
-            _, data = imap.fetch(msg_id, "(BODY.PEEK[HEADER.FIELDS (FROM SUBJECT DATE)] FLAGS)")
-            if data and data[0]:
-                # Parse flags and headers
-                flags_str = ""
-                header_bytes = b""
-                for part in data:
-                    if isinstance(part, tuple):
-                        if b"FLAGS" in part[0]:
-                            flags_str = part[0].decode(errors="replace")
-                        header_bytes = part[1]
-                header_text = header_bytes.decode("utf-8", errors="replace")
-                tmp_msg = email.message_from_string(header_text)
-                from_h = _decode_header(tmp_msg.get("From", ""))
-                subj_h = _decode_header(tmp_msg.get("Subject", ""))
-                date_h = tmp_msg.get("Date", "")
-                sender = _extract_sender_email(from_h)
-                cls = classify_email(sender, subj_h, from_h)
-                seen = "\\Seen" in flags_str
-                recent_msgs.append({
-                    "from": from_h,
-                    "subject": subj_h,
-                    "date": date_h,
-                    "classification": cls,
-                    "seen": seen,
-                })
-        imap.logout()
-        return {
-            "total_messages": len(all_ids),
-            "unseen_count": len(unseen_ids),
-            "recent_messages": recent_msgs,
-            "routing_history_count": len(routing_history),
-            "routing_history": routing_history[-5:],
-        }
-    except Exception as e:
-        return {
-            "routing_history": routing_history,
-            "error": f"IMAP connection failed: {e}",
-        }
+# notify — Pro module (stubbed in npm package)
+# Full implementation available on delimit.ai server