delimit-cli 4.1.44 → 4.1.48

package/bin/delimit-setup.js

@@ -723,6 +723,9 @@ if [ "$DELIMIT_WRAPPED" = "true" ] || [ ! -t 1 ]; then
         [ -x "$c" ] && exec "$c" "$@"
     done
 fi
+# Record session start for exit screen
+SESSION_START=\$(date +%s)
+SESSION_CWD="\$(pwd)"
 # Auto-update in background (non-blocking)
 ( CURR=\$(delimit-cli --version 2>/dev/null); LATE=\$(npm view delimit-cli version 2>/dev/null); \\
   if [ -n "\$LATE" ] && [ "\$LATE" != "\$CURR" ]; then \\
@@ -754,18 +757,93 @@ printf "  \${MAGENTA}\${BOLD}[Delimit]\${RESET} \${MAGENTA}═══════
 sleep 0.08
 printf "  \${GREEN}\${BOLD}[Delimit]\${RESET} \${GREEN}✓ Allowed\${RESET}\\n"
 echo ""
-# Find real binary — check renamed binary first, then common paths
-SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
-# 1. Check for renamed binary (tool-real) next to this shim
-[ -x "$SCRIPT_DIR/${toolName}-real" ] && exec "$SCRIPT_DIR/${toolName}-real" "$@"
-# 2. Check common paths (skip self)
-SELF="$(readlink -f "$0" 2>/dev/null || echo "$0")"
-for c in /usr/local/bin/${toolName}-real /usr/bin/${toolName}-real "$HOME/.local/bin/${toolName}-real" /usr/bin/${toolName} /usr/local/bin/${toolName} "$HOME/.local/bin/${toolName}" "$(npm bin -g 2>/dev/null)/${toolName}"; do
-    [ -x "$c" ] && [ "$(readlink -f "$c" 2>/dev/null)" != "$SELF" ] && exec "$c" "$@"
-done
-# 3. Last resort: search PATH excluding shim directory
+
+# --- Exit screen: session summary after AI exits ---
+delimit_exit_screen() {
+    _EXIT_CODE=\$1
+    # Only show exit screen on interactive terminals
+    [ ! -t 1 ] && return
+    SESSION_END=\$(date +%s)
+    ELAPSED=\$((SESSION_END - SESSION_START))
+    # Format duration
+    if [ \$ELAPSED -ge 3600 ]; then
+        HOURS=\$((ELAPSED / 3600))
+        MINS=\$(( (ELAPSED % 3600) / 60 ))
+        DURATION="\${HOURS}h \${MINS}m"
+    elif [ \$ELAPSED -ge 60 ]; then
+        MINS=\$((ELAPSED / 60))
+        SECS=\$((ELAPSED % 60))
+        DURATION="\${MINS}m \${SECS}s"
+    else
+        DURATION="\${ELAPSED}s"
+    fi
+    # Count git commits made during session
+    COMMITS=0
+    if [ -d "\$SESSION_CWD/.git" ] || git -C "\$SESSION_CWD" rev-parse --git-dir >/dev/null 2>&1; then
+        COMMITS=\$(git -C "\$SESSION_CWD" log --oneline --after="\$SESSION_START" --format="%H" 2>/dev/null | wc -l | tr -d ' ')
+    fi
+    # Count ledger items created during session (by timestamp)
+    LEDGER_DIR="\$DELIMIT_HOME/ledger"
+    LEDGER_ITEMS=0
+    if [ -d "\$LEDGER_DIR" ]; then
+        for lf in "\$LEDGER_DIR"/*.jsonl; do
+            [ -f "\$lf" ] || continue
+            COUNT=\$(awk -v start="\$SESSION_START" '
+                BEGIN { n=0 }
+                {
+                    if (match(\$0, /"(created_at|ts)":"[0-9]{4}-[0-9]{2}-[0-9]{2}T[0-9]{2}:[0-9]{2}:[0-9]{2}/)) {
+                        n++
+                    } else if (match(\$0, /"(created_at|ts)":([0-9]+)/, arr)) {
+                        if (arr[2]+0 >= start+0) n++
+                    }
+                }
+                END { print n }
+            ' "\$lf" 2>/dev/null || echo "0")
+            LEDGER_ITEMS=\$((LEDGER_ITEMS + COUNT))
+        done
+    fi
+    # Count deliberations (governance decisions)
+    DELIBERATIONS=0
+    if [ -f "\$DELIMIT_HOME/deliberations.jsonl" ]; then
+        DELIBERATIONS=\$(awk -v start="\$SESSION_START" '
+            BEGIN { n=0 }
+            { if (match(\$0, /"ts":([0-9]+)/, arr)) { if (arr[1]+0 >= start+0) n++ } }
+            END { print n }
+        ' "\$DELIMIT_HOME/deliberations.jsonl" 2>/dev/null || echo "0")
+    fi
+    # Determine exit status label
+    if [ "\$_EXIT_CODE" -eq 0 ]; then
+        STATUS_LABEL="\${GREEN}clean exit\${RESET}"
+    else
+        STATUS_LABEL="\${ORANGE}exit code \${_EXIT_CODE}\${RESET}"
+    fi
+    echo ""
+    printf "  \${MAGENTA}\${BOLD}[Delimit]\${RESET} \${MAGENTA}═══════════════════════════════════════════\${RESET}\\n"
+    printf "  \${MAGENTA}\${BOLD}[Delimit]\${RESET} \${PURPLE}<\${MAGENTA}/\${ORANGE}>\${RESET} \${BOLD}SESSION COMPLETE: ${displayName.toUpperCase()}\${RESET}\\n"
+    printf "  \${MAGENTA}\${BOLD}[Delimit]\${RESET} \${MAGENTA}═══════════════════════════════════════════\${RESET}\\n"
+    printf "  \${PURPLE}\${BOLD}[Delimit]\${RESET} \${DIM}Duration:\${RESET}       \${WHITE}\${DURATION}\${RESET}\\n"
+    printf "  \${PURPLE}\${BOLD}[Delimit]\${RESET} \${DIM}Status:\${RESET}         \${STATUS_LABEL}\\n"
+    printf "  \${PURPLE}\${BOLD}[Delimit]\${RESET} \${DIM}Git commits:\${RESET}    \${WHITE}\${COMMITS}\${RESET}\\n"
+    printf "  \${PURPLE}\${BOLD}[Delimit]\${RESET} \${DIM}Ledger items:\${RESET}   \${WHITE}\${LEDGER_ITEMS}\${RESET}\\n"
+    printf "  \${PURPLE}\${BOLD}[Delimit]\${RESET} \${DIM}Deliberations:\${RESET}  \${WHITE}\${DELIBERATIONS}\${RESET}\\n"
+    printf "  \${MAGENTA}\${BOLD}[Delimit]\${RESET} \${MAGENTA}═══════════════════════════════════════════\${RESET}\\n"
+    echo ""
+}
+
+# Run real binary and show exit screen (replaces exec to allow post-exit code)
+delimit_run_and_exit() {
+    "\$@"
+    _RC=\$?
+    delimit_exit_screen \$_RC
+    exit \$_RC
+}
+
+# Find real binary by stripping shim dir from PATH.
+# We rely on PATH ordering ($HOME/.delimit/shims first) — no rename hack,
+# no race with npm reinstalls. Previously we used mv tool→tool-real + cp shim,
+# which broke whenever npm/brew clobbered the binary mid-operation.
 REAL=$(PATH=$(echo "$PATH" | tr ':' '\\n' | grep -v '.delimit/shims' | tr '\\n' ':') command -v ${toolName} 2>/dev/null)
-[ -x "$REAL" ] && exec "$REAL" "$@"
+[ -x "$REAL" ] && delimit_run_and_exit "$REAL" "$@"
 echo "[Delimit] ${toolName} not found in PATH" >&2
 case "${toolName}" in
   claude) echo "  Install: npm install -g @anthropic-ai/claude-code" >&2 ;;
@@ -782,59 +860,17 @@ exit 127
                 fs.chmodSync(shimPath, '755');
             }
 
-            // Rename+wrap: place shim at the real binary's location
-            // so it works immediately without PATH changes
-            for (const tool of ['claude', 'codex', 'gemini']) {
-                try {
-                    // Find real binary location
-                    let realPath = null;
-                    const searchPaths = [
-                        `/usr/local/bin/${tool}`,
-                        `/usr/bin/${tool}`,
-                        path.join(os.homedir(), '.local', 'bin', tool),
-                    ];
-                    // Also check npm global bin
-                    try {
-                        const npmBin = execSync('npm bin -g 2>/dev/null', { encoding: 'utf-8', timeout: 3000 }).trim();
-                        if (npmBin) searchPaths.push(path.join(npmBin, tool));
-                    } catch {}
-
-                    for (const p of searchPaths) {
-                        try {
-                            if (fs.existsSync(p) && fs.statSync(p).isFile()) {
-                                // Check it's the real binary, not already our shim
-                                const content = fs.readFileSync(p, 'utf-8').substring(0, 200);
-                                if (!content.includes('Delimit Governance Shim')) {
-                                    realPath = p;
-                                    break;
-                                }
-                            }
-                        } catch {}
-                    }
-
-                    if (realPath) {
-                        const dir = path.dirname(realPath);
-                        const realDest = path.join(dir, `${tool}-real`);
-                        // Only rename if not already renamed
-                        if (!fs.existsSync(realDest)) {
-                            fs.renameSync(realPath, realDest);
-                        }
-                        // Place our shim at the original location
-                        const shimContent = fs.readFileSync(path.join(shimsDir, tool), 'utf-8');
-                        // Update shim to also check for tool-real in same directory
-                        const patchedShim = shimContent.replace(
-                            `echo "[Delimit] ${tool} not found in PATH"`,
-                            `# Check for renamed binary next to shim\n` +
-                            `SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"\n` +
-                            `[ -x "$SCRIPT_DIR/${tool}-real" ] && exec "$SCRIPT_DIR/${tool}-real" "$@"\n` +
-                            `echo "[Delimit] ${tool} not found in PATH"`
-                        );
-                        fs.writeFileSync(realPath, patchedShim);
-                        fs.chmodSync(realPath, '755');
-                        log(`  ${green('✓')} ${tool}: wrapped at ${dim(realPath)}`);
-                    }
-                } catch {}
-            }
+            // Governance is enforced via PATH ordering — $HOME/.delimit/shims
+            // is prepended to PATH (see below), so `claude`/`codex`/`gemini`
+            // resolve to our shim first, and the shim then PATH-strips itself
+            // and execs the real binary.
+            //
+            // We deliberately do NOT mv /usr/bin/claude → claude-real and copy
+            // the shim into /usr/bin/claude. That rename+wrap approach raced
+            // with npm reinstalls (which clobber /usr/bin/claude back to a
+            // symlink), leaving users with "[Delimit] claude not found in PATH"
+            // when the rename ran but the shim copy failed or the symlink got
+            // re-created mid-operation. PATH ordering is the durable contract.
 
             // Add to PATH in shell rc files (create if missing)
             const pathLine = `export PATH="${shimsDir}:$PATH"  # Delimit governance wrapping`;
@@ -1301,9 +1337,16 @@ function getClaudeMdContent() {
 
 /**
  * Upsert the Delimit section in a file using <!-- delimit:start --> / <!-- delimit:end --> markers.
- * If markers exist, replaces only that region (preserving user content above/below).
- * If no markers exist but old Delimit content is detected, replaces the whole file.
- * If no Delimit content at all, appends the section.
+ *
+ * NEVER clobbers user-authored content outside the markers. The previous behavior
+ * replaced the whole file whenever it detected "old Delimit content" heuristically,
+ * which destroyed founder-customized CLAUDE.md files on every upgrade (v4.1.47 incident).
+ *
+ * Behavior:
+ * - File missing → create with just the managed section.
+ * - File has markers → replace only the region between them (user content above/below preserved).
+ * - File has no markers → append the managed section at the bottom (user content at top preserved).
+ *
  * Returns { action: 'created' | 'updated' | 'unchanged' | 'appended' }
  */
 function upsertDelimitSection(filePath) {
@@ -1318,7 +1361,7 @@ function upsertDelimitSection(filePath) {
 
     const existing = fs.readFileSync(filePath, 'utf-8');
 
-    // Check if markers already exist
+    // Check if managed markers already exist
     const startMarkerRe = /<!-- delimit:start[^>]*-->/;
     const endMarker = '<!-- delimit:end -->';
     const hasStart = startMarkerRe.test(existing);
@@ -1331,25 +1374,16 @@ function upsertDelimitSection(filePath) {
         if (currentVersion === version) {
             return { action: 'unchanged' };
         }
-        // Replace only the delimit section
+        // Replace only the managed region — preserve content above/below
         const before = existing.substring(0, existing.search(startMarkerRe));
         const after = existing.substring(existing.indexOf(endMarker) + endMarker.length);
         fs.writeFileSync(filePath, before + newSection + after);
         return { action: 'updated' };
     }
 
-    // No markers — check for old Delimit content that should be replaced
-    const isOldDelimit = existing.includes('# Delimit AI Guardrails') ||
-        existing.includes('delimit_init') ||
-        existing.includes('persistent memory, verified execution') ||
-        (existing.includes('# Delimit') && existing.includes('delimit_ledger_context'));
-
-    if (isOldDelimit) {
-        fs.writeFileSync(filePath, newSection + '\n');
-        return { action: 'updated' };
-    }
-
-    // File exists with user content but no Delimit section — append
+    // No markers present — append the managed section at the bottom.
+    // User content at the top is preserved verbatim. Markers get added so future
+    // upgrades can update just the managed region.
     const separator = existing.endsWith('\n') ? '\n' : '\n\n';
     fs.writeFileSync(filePath, existing + separator + newSection + '\n');
     return { action: 'appended' };

package/gateway/ai/activate_helpers.py

@@ -6,8 +6,9 @@ heavy MCP decorator dependencies).
 
 import json
 import os
+import stat
 from pathlib import Path
-from typing import Dict, Any
+from typing import Dict, Any, List
 
 
 def activate_auto_permissions(auto_permissions: bool) -> dict:
@@ -96,6 +97,228 @@ def configure_codex_permissions(config_path: Path) -> dict:
         return {"item": "Permissions", "status": "Pass", "detail": "Codex: delimit section exists"}
 
 
+# ─── LED-269: Filesystem permission auto-config for delimit_init ──────
+#
+# Safety contract:
+#   - Never chmod 777
+#   - Never touch anything outside <project>/.delimit/ or
+#     <project>/.claude/settings.json
+#   - Never modify existing permissions on files we did not create
+#     (we only chmod files/dirs we just created or that match our
+#     known-safe set: .delimit/ itself, .delimit/secrets/* files)
+#   - Idempotent: running twice is a no-op for already-correct state
+#   - Backwards compatible: existing installs work without re-running init
+
+
+# Reasonable default permission allowlist for AI assistants working
+# inside a Delimit-governed project. Mirrors what most projects already
+# grant manually. Conservative — no `Bash(rm:*)`, no wildcards on dangerous
+# commands, no network egress beyond what tools need.
+_DEFAULT_CLAUDE_PROJECT_ALLOW: List[str] = [
+    "Edit",
+    "Write",
+    "Read",
+    "Glob",
+    "Grep",
+    "Bash(git status)",
+    "Bash(git diff:*)",
+    "Bash(git log:*)",
+    "Bash(git add:*)",
+    "Bash(ls:*)",
+    "Bash(cat:*)",
+    "Bash(pwd)",
+    "Bash(delimit:*)",
+    "Bash(npm test:*)",
+    "Bash(npm run:*)",
+    "Bash(pytest:*)",
+    "Bash(python:*)",
+    "Bash(python3:*)",
+    "mcp__delimit__*",
+]
+
+
+def _safe_chmod(path: Path, mode: int) -> bool:
+    """chmod a path defensively. Returns True if applied, False on any error.
+
+    Refuses world-writable bits (0o002) outright. Never raises.
+    """
+    if mode & 0o002:
+        return False
+    try:
+        path.chmod(mode)
+        return True
+    except (OSError, PermissionError):
+        return False
+
+
+def _detect_target_owner(project_root: Path) -> tuple:
+    """If running as root, detect the (uid, gid) of the project owner so
+    we can chown anything we create back to them. Returns (None, None)
+    if not running as root or detection fails.
+    """
+    try:
+        if os.geteuid() != 0:
+            return (None, None)
+    except AttributeError:
+        # Windows or platform without geteuid
+        return (None, None)
+
+    try:
+        st = project_root.stat()
+        # Don't chown to root-owned projects (no-op)
+        if st.st_uid == 0 and st.st_gid == 0:
+            return (None, None)
+        return (st.st_uid, st.st_gid)
+    except OSError:
+        return (None, None)
+
+
+def _safe_chown(path: Path, uid, gid) -> None:
+    """chown a path defensively. Never raises."""
+    if uid is None or gid is None:
+        return
+    try:
+        os.chown(str(path), uid, gid)
+    except (OSError, PermissionError, AttributeError):
+        pass
+
+
+def setup_init_permissions(project_root: Path, no_permissions: bool = False) -> Dict[str, Any]:
+    """LED-269: Configure filesystem permissions for a freshly-initialized
+    Delimit project.
+
+    Performs:
+      1. chmod 755 on <project>/.delimit/ (idempotent)
+      2. chmod 600 on every file under <project>/.delimit/secrets/ (if dir exists)
+      3. Creates <project>/.claude/settings.json with a reasonable Edit/Write/
+         Bash allowlist if it does not already exist (never overwrites)
+      4. If running as root, chowns anything we created back to the project
+         owner so the user can still access their own files
+
+    Args:
+        project_root: Resolved absolute path to the project root.
+        no_permissions: If True, skip everything and return a 'skipped' result.
+
+    Returns:
+        Dict with keys: status, applied (list of changes), skipped (list of
+        items skipped with reason), warnings (list).
+    """
+    result: Dict[str, Any] = {
+        "status": "skipped" if no_permissions else "ok",
+        "applied": [],
+        "skipped": [],
+        "warnings": [],
+    }
+
+    if no_permissions:
+        result["skipped"].append("--no-permissions flag set")
+        return result
+
+    project_root = Path(project_root).resolve()
+    delimit_dir = project_root / ".delimit"
+
+    # Hard safety guard: refuse to operate if .delimit/ doesn't exist.
+    # delimit_init creates it before calling us — if it's missing something
+    # is wrong and we should not silently chmod random paths.
+    if not delimit_dir.is_dir():
+        result["status"] = "error"
+        result["warnings"].append(f".delimit/ not found at {delimit_dir} — refusing to set permissions")
+        return result
+
+    target_uid, target_gid = _detect_target_owner(project_root)
+    running_as_root = target_uid is not None
+
+    # 1. chmod 755 on .delimit/
+    try:
+        current_mode = stat.S_IMODE(delimit_dir.stat().st_mode)
+        if current_mode != 0o755:
+            if _safe_chmod(delimit_dir, 0o755):
+                result["applied"].append(f"chmod 755 {delimit_dir}")
+            else:
+                result["warnings"].append(f"Could not chmod {delimit_dir}")
+        else:
+            result["skipped"].append(f"{delimit_dir} already 755")
+    except OSError as e:
+        result["warnings"].append(f"stat failed on {delimit_dir}: {e}")
+
+    # 2. chmod 600 on secrets files (only if secrets dir exists)
+    secrets_dir = delimit_dir / "secrets"
+    if secrets_dir.is_dir():
+        # Lock the secrets dir itself to 700
+        try:
+            current_mode = stat.S_IMODE(secrets_dir.stat().st_mode)
+            if current_mode != 0o700:
+                if _safe_chmod(secrets_dir, 0o700):
+                    result["applied"].append(f"chmod 700 {secrets_dir}")
+        except OSError:
+            pass
+
+        for entry in secrets_dir.iterdir():
+            if not entry.is_file():
+                continue
+            try:
+                current_mode = stat.S_IMODE(entry.stat().st_mode)
+                if current_mode != 0o600:
+                    if _safe_chmod(entry, 0o600):
+                        result["applied"].append(f"chmod 600 {entry}")
+                    else:
+                        result["warnings"].append(f"Could not chmod {entry}")
+            except OSError:
+                continue
+    else:
+        result["skipped"].append("no secrets/ directory present")
+
+    # 3. Create project-local .claude/settings.json with reasonable allowlist
+    claude_dir = project_root / ".claude"
+    claude_settings = claude_dir / "settings.json"
+    if claude_settings.exists():
+        result["skipped"].append(f"{claude_settings} already exists (not modified)")
+    else:
+        try:
+            claude_dir.mkdir(parents=True, exist_ok=True)
+            settings_payload = {
+                "permissions": {
+                    "allow": list(_DEFAULT_CLAUDE_PROJECT_ALLOW),
+                    "deny": [
+                        "Bash(rm -rf:*)",
+                        "Bash(sudo:*)",
+                    ],
+                },
+                "_generated_by": "delimit_init",
+                "_note": "Edit freely. Delimit will never overwrite this file.",
+            }
+            claude_settings.write_text(json.dumps(settings_payload, indent=2) + "\n")
+            # Lock to 644 (or 600 if it lives in a secrets dir, which it doesn't)
+            _safe_chmod(claude_settings, 0o644)
+            result["applied"].append(f"created {claude_settings}")
+
+            if running_as_root:
+                _safe_chown(claude_dir, target_uid, target_gid)
+                _safe_chown(claude_settings, target_uid, target_gid)
+        except OSError as e:
+            result["warnings"].append(f"Could not create {claude_settings}: {e}")
+
+    # 4. Re-chown .delimit/ tree if we're root and there's a non-root owner
+    if running_as_root:
+        try:
+            for path in [delimit_dir, *delimit_dir.rglob("*")]:
+                # Only chown if currently owned by root — never override
+                # an existing non-root owner
+                try:
+                    if path.stat().st_uid == 0:
+                        _safe_chown(path, target_uid, target_gid)
+                except OSError:
+                    continue
+            result["applied"].append(f"chown -R {target_uid}:{target_gid} {delimit_dir} (root-owned entries)")
+        except OSError:
+            pass
+
+    if not result["applied"] and not result["warnings"]:
+        result["status"] = "noop"
+
+    return result
+
+
 def build_checklist(
     license_key: str,
     project_path: str,
@@ -185,26 +408,49 @@ def build_checklist(
             checklist.append({"item": label, "status": "Skip (Pro)", "detail": "Requires Delimit Pro"})
 
     # --- Score: only count applicable checks (exclude skips) ---
+    # LED-270: explicitly distinguish passed / failed / skipped so callers
+    # (CI, dashboards, CLI summaries) can render them separately. Skipped
+    # checks (premium on free tier, no test framework, no AI assistant)
+    # never count as failures and are excluded from the score denominator.
     applicable = [c for c in checklist if not c["status"].startswith("Skip")]
     passed_total = sum(1 for c in applicable if c["status"] == "Pass")
+    failed_total = sum(1 for c in applicable if c["status"] == "Fail")
+    skipped_total = len(checklist) - len(applicable)
+    # Break out skip reasons so the UI can show "X Pro features locked"
+    # without conflating them with "no test framework"-style skips.
+    skipped_premium = sum(1 for c in checklist if c["status"] == "Skip (Pro)")
+    skipped_other = skipped_total - skipped_premium
     total = len(applicable)
     score = f"{passed_total}/{total}"
 
+    tier = get_license().get("tier", "free")
+
     result: Dict[str, Any] = {
         "tool": "activate",
         "status": "complete",
         "score": score,
         "passed": passed_total,
+        "failed": failed_total,
         "total": total,
-        "skipped": len(checklist) - total,
+        "skipped": skipped_total,
+        "skipped_premium": skipped_premium,
+        "skipped_other": skipped_other,
         "checklist": checklist,
-        "tier": get_license().get("tier", "free"),
+        "tier": tier,
         "project": str(p),
     }
-    if passed_total == total and total > 0:
-        result["message"] = f"All {total} checks passed. Delimit is fully operational."
-    elif passed_total < total:
+    if failed_total == 0 and total > 0:
+        msg = f"All {total} checks passed. Delimit is fully operational."
+        if skipped_premium > 0 and tier == "free":
+            msg += f" ({skipped_premium} Pro features available with upgrade.)"
+        result["message"] = msg
+    elif failed_total > 0:
         failed_items = [c["item"] for c in applicable if c["status"] == "Fail"]
-        result["message"] = f"{passed_total}/{total} checks passed. Fix: {', '.join(failed_items)}"
+        result["message"] = (
+            f"{passed_total}/{total} checks passed, {failed_total} failed. "
+            f"Fix: {', '.join(failed_items)}"
+        )
+    else:
+        result["message"] = f"{passed_total}/{total} checks passed."
 
     return result