delimit-cli 4.1.44 → 4.1.47

package/gateway/ai/inbox_daemon_runner.py

@@ -0,0 +1,217 @@
+#!/usr/bin/env python3
+"""
+Standalone runner for the Delimit inbox polling daemon.
+
+Designed for use with systemd or manual invocation. Adds:
+- Structured logging with timestamps
+- Graceful SIGTERM handling for clean systemd stop
+- PID file to prevent duplicate instances
+- Startup validation of required configuration
+
+Usage:
+    # Via systemd (see deploy/inbox-daemon.service)
+    systemctl start delimit-inbox-daemon
+
+    # Manual foreground run
+    python3 ai/inbox_daemon_runner.py
+
+    # Single poll cycle (for testing)
+    python3 ai/inbox_daemon_runner.py --once
+
+Environment variables:
+    DELIMIT_SMTP_PASS              Required. IMAP/SMTP password.
+    DELIMIT_INBOX_POLL_INTERVAL    Poll interval in seconds (default: 300).
+    DELIMIT_HOME                   Delimit config directory (default: ~/.delimit).
+    PYTHONPATH                     Must include the gateway root for ai.* imports.
+"""
+
+import logging
+import os
+import signal
+import sys
+import time
+from datetime import datetime, timezone
+from pathlib import Path
+
+# Ensure the gateway root is on sys.path so ai.* imports work
+_gateway_root = Path(__file__).resolve().parent.parent
+if str(_gateway_root) not in sys.path:
+    sys.path.insert(0, str(_gateway_root))
+
+# PID file to prevent duplicate instances
+PID_DIR = Path(os.environ.get("DELIMIT_HOME", Path.home() / ".delimit"))
+PID_FILE = PID_DIR / "inbox-daemon.pid"
+
+
+def _setup_logging() -> logging.Logger:
+    """Configure structured logging for journald and console."""
+    log_format = "%(asctime)s [%(name)s] %(levelname)s: %(message)s"
+    logging.basicConfig(
+        level=logging.INFO,
+        format=log_format,
+        stream=sys.stdout,
+    )
+    # Suppress noisy libraries
+    logging.getLogger("urllib3").setLevel(logging.WARNING)
+    logging.getLogger("imaplib").setLevel(logging.WARNING)
+    return logging.getLogger("delimit.inbox_daemon_runner")
+
+
+def _write_pid() -> None:
+    """Write PID file. Check for stale processes first."""
+    PID_DIR.mkdir(parents=True, exist_ok=True)
+
+    if PID_FILE.exists():
+        try:
+            old_pid = int(PID_FILE.read_text().strip())
+            # Check if the old process is still running
+            os.kill(old_pid, 0)
+            # Process exists -- abort to prevent duplicates
+            print(
+                f"ERROR: Another inbox daemon is running (PID {old_pid}). "
+                f"Remove {PID_FILE} if stale.",
+                file=sys.stderr,
+            )
+            sys.exit(1)
+        except (ValueError, ProcessLookupError, PermissionError):
+            # Stale PID file -- safe to overwrite
+            pass
+        except OSError:
+            pass
+
+    PID_FILE.write_text(str(os.getpid()))
+
+
+def _remove_pid() -> None:
+    """Remove PID file on clean shutdown."""
+    try:
+        if PID_FILE.exists():
+            current_pid = PID_FILE.read_text().strip()
+            if current_pid == str(os.getpid()):
+                PID_FILE.unlink()
+    except OSError:
+        pass
+
+
+def _validate_config(logger: logging.Logger) -> bool:
+    """Validate required configuration before starting the daemon."""
+    ok = True
+
+    if not os.environ.get("DELIMIT_SMTP_PASS"):
+        # Check if the notify module can load credentials from config
+        try:
+            from ai.notify import _load_smtp_account, IMAP_USER
+            if IMAP_USER:
+                account = _load_smtp_account(IMAP_USER)
+                if account and (account.get("pass") or account.get("password")):
+                    logger.info("SMTP credentials loaded from config for %s", IMAP_USER)
+                else:
+                    logger.error(
+                        "DELIMIT_SMTP_PASS not set and no credentials found in config for %s",
+                        IMAP_USER,
+                    )
+                    ok = False
+            else:
+                logger.error("DELIMIT_SMTP_PASS not set and IMAP_USER not configured")
+                ok = False
+        except ImportError:
+            logger.error("DELIMIT_SMTP_PASS not set and ai.notify module not importable")
+            ok = False
+    else:
+        logger.info("SMTP credentials provided via environment")
+
+    return ok
+
+
+def main() -> None:
+    import argparse
+
+    parser = argparse.ArgumentParser(
+        description="Delimit inbox daemon runner -- persistent email governance polling",
+    )
+    parser.add_argument(
+        "--once",
+        action="store_true",
+        help="Run a single poll cycle and exit",
+    )
+    parser.add_argument(
+        "--interval",
+        type=int,
+        default=None,
+        help="Override poll interval in seconds",
+    )
+    args = parser.parse_args()
+
+    logger = _setup_logging()
+    logger.info(
+        "Delimit inbox daemon runner starting (PID %d, Python %s)",
+        os.getpid(),
+        sys.version.split()[0],
+    )
+
+    # Validate config before doing anything else
+    if not _validate_config(logger):
+        logger.error("Configuration validation failed. Exiting.")
+        sys.exit(1)
+
+    # Import the daemon module (after PYTHONPATH is set up)
+    from ai.inbox_daemon import (
+        _daemon_state,
+        _daemon_loop,
+        poll_once,
+        POLL_INTERVAL,
+    )
+
+    # Override poll interval if requested
+    if args.interval is not None:
+        import ai.inbox_daemon
+        ai.inbox_daemon.POLL_INTERVAL = args.interval
+        logger.info("Poll interval overridden to %d seconds", args.interval)
+
+    # Single-shot mode
+    if args.once:
+        logger.info("Running single poll cycle (--once mode)")
+        result = poll_once()
+        if "error" in result:
+            logger.error("Poll failed: %s", result["error"])
+            sys.exit(1)
+        logger.info(
+            "Poll complete: %d processed, %d forwarded",
+            result.get("processed", 0),
+            result.get("forwarded", 0),
+        )
+        return
+
+    # Write PID file (only for long-running mode)
+    _write_pid()
+
+    # Graceful shutdown handler
+    def _handle_signal(signum, frame):
+        sig_name = signal.Signals(signum).name
+        logger.info("Received %s -- initiating graceful shutdown", sig_name)
+        _daemon_state._stop_event.set()
+
+    signal.signal(signal.SIGTERM, _handle_signal)
+    signal.signal(signal.SIGINT, _handle_signal)
+
+    # Start the daemon loop (blocks until stop event)
+    logger.info(
+        "Inbox daemon entering main loop (poll interval: %ds)",
+        ai.inbox_daemon.POLL_INTERVAL,
+    )
+    _daemon_state.running = True
+    _daemon_state._stop_event.clear()
+
+    try:
+        _daemon_loop()
+    except Exception as e:
+        logger.critical("Daemon loop crashed: %s", e, exc_info=True)
+        sys.exit(1)
+    finally:
+        _daemon_state.running = False
+        _remove_pid()
+        logger.info("Inbox daemon runner exiting cleanly")
+
+
+if __name__ == "__main__":
+    main()

package/gateway/ai/ledger_manager.py

@@ -94,6 +94,40 @@ def _register_venture(info: Dict[str, str]):
 CENTRAL_LEDGER_DIR = Path.home() / ".delimit" / "ledger"
 
 
+def _detect_model() -> str:
+    """Auto-detect which AI model is running this session.
+
+    Checks environment variables set by various AI coding assistants:
+    - CLAUDE_MODEL / CLAUDE_CODE_MODEL: Claude Code
+    - CODEX_MODEL: OpenAI Codex CLI
+    - GEMINI_MODEL: Gemini CLI
+    - MCP_CLIENT_NAME: Generic MCP client identifier
+    Falls back to "unknown" if none are set.
+    """
+    # Claude Code
+    for var in ("CLAUDE_MODEL", "CLAUDE_CODE_MODEL"):
+        val = os.environ.get(var)
+        if val:
+            return val
+
+    # OpenAI Codex
+    val = os.environ.get("CODEX_MODEL")
+    if val:
+        return val
+
+    # Gemini
+    val = os.environ.get("GEMINI_MODEL")
+    if val:
+        return val
+
+    # Generic MCP client
+    val = os.environ.get("MCP_CLIENT_NAME")
+    if val:
+        return val
+
+    return "unknown"
+
+
 def _project_ledger_dir(project_path: str = ".") -> Path:
     """Get the ledger directory — ALWAYS uses central ~/.delimit/ledger/.
 
@@ -161,6 +195,7 @@ def add_item(
     context: str = "",
     tools_needed: Optional[List[str]] = None,
     estimated_complexity: str = "",
+    worked_by: str = "",
 ) -> Dict[str, Any]:
     """Add a new item to the project's strategy or operational ledger.
 
@@ -191,6 +226,7 @@ def add_item(
         "venture": venture["name"],
         "status": "open",
         "tags": tags or [],
+        "worked_by": worked_by or _detect_model(),
     }
     # LED-189: Optional acceptance criteria
     if acceptance_criteria:
@@ -244,6 +280,7 @@ def update_item(
     blocked_by: Optional[str] = None,
     blocks: Optional[str] = None,
     project_path: str = ".",
+    worked_by: str = "",
 ) -> Dict[str, Any]:
     """Update an existing ledger item's fields."""
     _ensure(project_path)
@@ -281,6 +318,7 @@ def update_item(
             "id": item_id,
             "type": "update",
             "updated_at": time.strftime("%Y-%m-%dT%H:%M:%SZ"),
+            "worked_by": worked_by or _detect_model(),
         }
         if status:
             update["status"] = status
@@ -348,6 +386,8 @@ def list_items(
                         state[item_id]["last_note"] = item["note"]
                     if "priority" in item:
                         state[item_id]["priority"] = item["priority"]
+                    if "worked_by" in item:
+                        state[item_id]["last_worked_by"] = item["worked_by"]
                     state[item_id]["updated_at"] = item.get("updated_at")
             else:
                 state[item_id] = {**item}

package/gateway/ai/license.py

@@ -14,6 +14,9 @@ try:
         check_premium as is_premium,
         gate_tool as require_premium,
         activate as activate_license,
+        needs_revalidation,
+        revalidate_license,
+        is_license_valid,
         PRO_TOOLS as _CORE_PRO_TOOLS,
         FREE_TRIAL_LIMITS,
     )
@@ -78,17 +81,114 @@ except ImportError:
     })
     FREE_TRIAL_LIMITS = {"delimit_deliberate": 3}
 
+    REVALIDATION_INTERVAL = 30 * 86400  # 30 days
+    GRACE_PERIOD = 7 * 86400
+    HARD_BLOCK = 14 * 86400
+
     def get_license() -> dict:
         if not LICENSE_FILE.exists():
             return {"tier": "free", "valid": True}
         try:
-            return json.loads(LICENSE_FILE.read_text())
+            data = json.loads(LICENSE_FILE.read_text())
+            if data.get("expires_at") and data["expires_at"] < time.time():
+                return {"tier": "free", "valid": True, "expired": True}
+            if data.get("tier") in ("pro", "enterprise") and data.get("valid"):
+                if needs_revalidation(data):
+                    result = revalidate_license(data)
+                    data = result["updated_data"]
+                    if result["status"] == "expired":
+                        return {"tier": "free", "valid": True, "revoked": True,
+                                "reason": result.get("reason", "License expired.")}
+            return data
         except Exception:
             return {"tier": "free", "valid": True}
 
+    def needs_revalidation(data: dict) -> bool:
+        if data.get("tier") not in ("pro", "enterprise"):
+            return False
+        last_validated = data.get("last_validated_at", data.get("activated_at", 0))
+        if last_validated == 0:
+            return True
+        return (time.time() - last_validated) > REVALIDATION_INTERVAL
+
+    def revalidate_license(data: dict) -> dict:
+        import hashlib
+        import urllib.request
+        key = data.get("key", "")
+        if not key or key.startswith("JAMSONS"):
+            data["last_validated_at"] = time.time()
+            data["validation_status"] = "current"
+            _write_license(data)
+            return {"status": "valid", "updated_data": data}
+
+        last_validated = data.get("last_validated_at", data.get("activated_at", 0))
+        elapsed = time.time() - last_validated
+        machine_hash = data.get("machine_hash", hashlib.sha256(str(Path.home()).encode()).hexdigest()[:16])
+
+        api_valid = None
+        try:
+            req_data = json.dumps({"license_key": key, "instance_name": machine_hash}).encode()
+            req = urllib.request.Request(
+                "https://api.lemonsqueezy.com/v1/licenses/validate",
+                data=req_data,
+                headers={"Content-Type": "application/json", "Accept": "application/json"},
+                method="POST",
+            )
+            with urllib.request.urlopen(req, timeout=10) as resp:
+                result = json.loads(resp.read())
+            api_valid = result.get("valid", False)
+        except Exception:
+            api_valid = None
+
+        if api_valid is True:
+            data["last_validated_at"] = time.time()
+            data["validation_status"] = "current"
+            data.pop("grace_days_remaining", None)
+            _write_license(data)
+            return {"status": "valid", "updated_data": data}
+
+        if elapsed > REVALIDATION_INTERVAL + HARD_BLOCK:
+            data["validation_status"] = "expired"
+            data["valid"] = False
+            _write_license(data)
+            return {"status": "expired", "updated_data": data,
+                    "reason": "License expired — no successful re-validation in 44 days."}
+
+        if elapsed > REVALIDATION_INTERVAL + GRACE_PERIOD:
+            days_left = max(0, int((REVALIDATION_INTERVAL + HARD_BLOCK - elapsed) / 86400))
+            data["validation_status"] = "grace_period"
+            data["grace_days_remaining"] = days_left
+            _write_license(data)
+            return {"status": "grace", "updated_data": data, "grace_days_remaining": days_left}
+
+        data["validation_status"] = "revalidation_pending"
+        _write_license(data)
+        return {"status": "grace", "updated_data": data}
+
+    def is_license_valid(data: dict) -> bool:
+        if data.get("tier") not in ("pro", "enterprise"):
+            return False
+        if not data.get("valid", False):
+            return False
+        key = data.get("key", "")
+        if key.startswith("JAMSONS"):
+            return True
+        last_validated = data.get("last_validated_at", data.get("activated_at", 0))
+        if last_validated == 0:
+            return True
+        elapsed = time.time() - last_validated
+        return elapsed <= (REVALIDATION_INTERVAL + HARD_BLOCK)
+
+    def _write_license(data: dict) -> None:
+        try:
+            LICENSE_FILE.parent.mkdir(parents=True, exist_ok=True)
+            LICENSE_FILE.write_text(json.dumps(data, indent=2))
+        except Exception:
+            pass
+
     def is_premium() -> bool:
         lic = get_license()
-        return lic.get("tier") in ("pro", "enterprise") and lic.get("valid", False)
+        return is_license_valid(lic)
 
     def require_premium(tool_name: str) -> dict | None:
         full_name = tool_name if tool_name.startswith("delimit_") else f"delimit_{tool_name}"
@@ -121,7 +221,8 @@ except ImportError:
         # Store key for offline validation
         license_data = {
             "key": key, "tier": "pro", "valid": True,
-            "activated_at": time.time(), "validated_via": "offline_fallback",
+            "activated_at": time.time(), "last_validated_at": time.time(),
+            "validated_via": "offline_fallback",
         }
         LICENSE_FILE.parent.mkdir(parents=True, exist_ok=True)
         LICENSE_FILE.write_text(json.dumps(license_data, indent=2))

package/gateway/ai/license_core.py

@@ -45,8 +45,162 @@ FREE_TRIAL_LIMITS = {
 }
 
 
+def needs_revalidation(data: dict) -> bool:
+    """Check if a license needs re-validation (30+ days since last check).
+
+    Args:
+        data: License data dict (from license.json).
+
+    Returns:
+        True if 30+ days have elapsed since last_validated_at (or activated_at
+        as fallback). Also returns True if neither timestamp exists (legacy
+        license.json files without last_validated_at).
+    """
+    if data.get("tier") not in ("pro", "enterprise"):
+        return False
+    last_validated = data.get("last_validated_at", data.get("activated_at", 0))
+    if last_validated == 0:
+        return True  # Legacy file — treat as needing validation
+    return (time.time() - last_validated) > REVALIDATION_INTERVAL
+
+
+def revalidate_license(data: dict) -> dict:
+    """Re-validate a license against Lemon Squeezy.
+
+    Privacy-preserving: only sends license_key and instance_name (machine hash).
+    Non-blocking: network failures return offline grace status, never crash.
+
+    Args:
+        data: License data dict (must contain 'key').
+
+    Returns:
+        Dict with 'status' key:
+          - "valid": API confirmed license is active, last_validated_at updated
+          - "grace": API unreachable or returned invalid, but within grace period
+          - "expired": beyond grace + hard block cutoff, Pro tools should be blocked
+        Also includes 'updated_data' with the (possibly modified) license data.
+    """
+    key = data.get("key", "")
+    # Internal/founder keys always pass
+    if not key or key.startswith("JAMSONS"):
+        data["last_validated_at"] = time.time()
+        data["validation_status"] = "current"
+        _write_license(data)
+        return {"status": "valid", "updated_data": data}
+
+    last_validated = data.get("last_validated_at", data.get("activated_at", 0))
+    elapsed = time.time() - last_validated
+
+    # Try API call
+    api_valid = _call_lemon_squeezy(data)
+
+    if api_valid is True:
+        data["last_validated_at"] = time.time()
+        data["validation_status"] = "current"
+        data.pop("grace_days_remaining", None)
+        _write_license(data)
+        return {"status": "valid", "updated_data": data}
+
+    # API said invalid or was unreachable — check grace/expiry windows
+    if elapsed > REVALIDATION_INTERVAL + HARD_BLOCK:
+        data["validation_status"] = "expired"
+        data["valid"] = False
+        _write_license(data)
+        return {
+            "status": "expired",
+            "updated_data": data,
+            "reason": "License expired — no successful re-validation in 44 days. Renew at https://delimit.ai/pricing",
+        }
+
+    if elapsed > REVALIDATION_INTERVAL + GRACE_PERIOD:
+        days_left = max(0, int((REVALIDATION_INTERVAL + HARD_BLOCK - elapsed) / 86400))
+        data["validation_status"] = "grace_period"
+        data["grace_days_remaining"] = days_left
+        _write_license(data)
+        return {
+            "status": "grace",
+            "updated_data": data,
+            "grace_days_remaining": days_left,
+            "message": f"License re-validation failed. {days_left} days until Pro features are disabled.",
+        }
+
+    # Within first 7 days after revalidation interval — soft pending
+    data["validation_status"] = "revalidation_pending"
+    _write_license(data)
+    return {"status": "grace", "updated_data": data}
+
+
+def is_license_valid(data: dict) -> bool:
+    """Check if a license is currently valid for Pro tool access.
+
+    Returns True if:
+      - last_validated_at is within 30 days (current), OR
+      - last_validated_at is within 37 days (30 + 7 grace), OR
+      - last_validated_at is within 44 days (30 + 14 hard cutoff)
+    Returns False if beyond 44 days with no successful re-validation.
+
+    Backwards compatible: missing last_validated_at falls back to activated_at,
+    and missing both returns False (triggers re-validation).
+    """
+    if data.get("tier") not in ("pro", "enterprise"):
+        return False
+    if not data.get("valid", False):
+        return False
+    # Internal/founder keys always valid
+    key = data.get("key", "")
+    if key.startswith("JAMSONS"):
+        return True
+    last_validated = data.get("last_validated_at", data.get("activated_at", 0))
+    if last_validated == 0:
+        return True  # Legacy — allow access but needs_revalidation will trigger check
+    elapsed = time.time() - last_validated
+    return elapsed <= (REVALIDATION_INTERVAL + HARD_BLOCK)
+
+
+def _write_license(data: dict) -> None:
+    """Persist license data to disk."""
+    try:
+        LICENSE_FILE.parent.mkdir(parents=True, exist_ok=True)
+        LICENSE_FILE.write_text(json.dumps(data, indent=2))
+    except Exception:
+        pass  # Non-blocking — don't crash on disk errors
+
+
+def _call_lemon_squeezy(data: dict) -> bool | None:
+    """Call Lemon Squeezy validation API. Privacy-preserving.
+
+    Only sends license_key and instance_name (machine hash).
+
+    Returns:
+        True if valid, False if invalid, None if unreachable.
+    """
+    key = data.get("key", "")
+    machine_hash = data.get("machine_hash", hashlib.sha256(str(Path.home()).encode()).hexdigest()[:16])
+    try:
+        import urllib.request
+        req_data = json.dumps({
+            "license_key": key,
+            "instance_name": machine_hash,
+        }).encode()
+        req = urllib.request.Request(
+            LS_VALIDATE_URL, data=req_data,
+            headers={"Content-Type": "application/json", "Accept": "application/json"},
+            method="POST",
+        )
+        with urllib.request.urlopen(req, timeout=10) as resp:
+            result = json.loads(resp.read())
+        return result.get("valid", False)
+    except Exception:
+        return None  # Unreachable — caller should use grace period
+
+
 def load_license() -> dict:
-    """Load and validate license with re-validation."""
+    """Load and validate license with periodic re-validation.
+
+    Re-validates against Lemon Squeezy every 30 days. On failure, provides
+    a 7-day grace period followed by a 7-day warning period. After 44 days
+    without successful re-validation, Pro tools are blocked.
+    """
     if not LICENSE_FILE.exists():
         return {"tier": "free", "valid": True}
     try:
@@ -55,33 +209,25 @@ def load_license() -> dict:
             return {"tier": "free", "valid": True, "expired": True}
 
         if data.get("tier") in ("pro", "enterprise") and data.get("valid"):
-            last_validated = data.get("last_validated_at", data.get("activated_at", 0))
-            elapsed = time.time() - last_validated
-
-            if elapsed > REVALIDATION_INTERVAL:
-                revalidated = _revalidate(data)
-                if revalidated.get("valid"):
-                    data["last_validated_at"] = time.time()
-                    data["validation_status"] = "current"
-                    LICENSE_FILE.write_text(json.dumps(data, indent=2))
-                elif elapsed > REVALIDATION_INTERVAL + HARD_BLOCK:
+            if needs_revalidation(data):
+                result = revalidate_license(data)
+                data = result["updated_data"]
+                if result["status"] == "expired":
                     return {"tier": "free", "valid": True, "revoked": True,
-                            "reason": "License expired. Renew at https://delimit.ai/pricing"}
-                elif elapsed > REVALIDATION_INTERVAL + GRACE_PERIOD:
-                    data["validation_status"] = "grace_period"
-                    days_left = int((REVALIDATION_INTERVAL + HARD_BLOCK - elapsed) / 86400)
-                    data["grace_days_remaining"] = days_left
-                else:
-                    data["validation_status"] = "revalidation_pending"
+                            "reason": result.get("reason", "License expired. Renew at https://delimit.ai/pricing")}
         return data
     except Exception:
         return {"tier": "free", "valid": True}
 
 
 def check_premium() -> bool:
-    """Check if user has a valid premium license."""
+    """Check if user has a valid premium license.
+
+    Uses load_license() which triggers re-validation if needed, then
+    checks is_license_valid() on the result.
+    """
     lic = load_license()
-    return lic.get("tier") in ("pro", "enterprise") and lic.get("valid", False)
+    return is_license_valid(lic)
 
 
 def gate_tool(tool_name: str) -> dict | None:
@@ -164,23 +310,18 @@ def activate(key: str) -> dict:
 
 
 def _revalidate(data: dict) -> dict:
-    """Re-validate against Lemon Squeezy."""
-    key = data.get("key", "")
-    if not key or key.startswith("JAMSONS"):
+    """Re-validate against Lemon Squeezy (legacy wrapper).
+
+    Deprecated: use revalidate_license() for the full status/grace workflow.
+    Kept for backwards compatibility with any external callers.
+    """
+    result = _call_lemon_squeezy(data)
+    if result is True:
         return {"valid": True}
-    try:
-        import urllib.request
-        req_data = json.dumps({"license_key": key}).encode()
-        req = urllib.request.Request(
-            LS_VALIDATE_URL, data=req_data,
-            headers={"Content-Type": "application/json", "Accept": "application/json"},
-            method="POST",
-        )
-        with urllib.request.urlopen(req, timeout=10) as resp:
-            result = json.loads(resp.read())
-        return {"valid": result.get("valid", False)}
-    except Exception:
-        return {"valid": True, "offline": True}
+    if result is False:
+        return {"valid": False}
+    # None = unreachable — grant offline grace
+    return {"valid": True, "offline": True}
 
 
 def _get_monthly_usage(tool_name: str) -> int: