delimit-cli 4.1.47 → 4.1.49

package/CHANGELOG.md

@@ -1,5 +1,39 @@
 # Changelog
 
+## [4.1.49] - 2026-04-09
+
+### Fixed (full preservation audit follow-up to 4.1.48)
+- **Project `.claude/settings.json` hooks clobber** — `installClaudeHooks` was replacing the project-level `.claude/settings.json` hooks object with the merged-with-global config, propagating global hooks into every project file and wiping any project-local hooks the user had set. Now merges only Delimit-owned hook groups (entries whose command contains `delimit`) into existing project hooks; project-specific user hooks survive.
+- **Gemini `general.defaultApprovalMode` clobber** — `delimit-cli setup` was force-setting Gemini's `defaultApprovalMode` to `auto_edit` on every run, overwriting whatever the user had chosen (e.g. `manual`). Now only sets it when missing.
+- **`~/.claude.json` MCP hooks replacement** — `lib/hooks-installer.js` (opt-in via `delimit-cli hooks install`) replaced `preCommand` / `postCommand` / `authentication` / `audit` keys on every install. Now only fills in missing keys, preserving any user-chosen MCP hook commands.
+
+### Added
+- **`tests/setup-no-clobber.test.js`** — dedicated regression suite that runs setup helpers against synthetic fresh-user HOME directories with pre-populated user customizations (project hooks, Gemini approval mode, custom MCP hook commands) and asserts none get clobbered. 5 tests, all passing.
+
+### Audit results
+- Audited every `fs.writeFileSync` in `bin/delimit-setup.js`, `lib/cross-model-hooks.js`, `lib/hooks-installer.js`, `adapters/cursor-rules.js`, and `scripts/postinstall.js`.
+- All remaining writes are either delimit-owned (shims, hook scripts, generated `delimit.md`), guarded by `!fs.existsSync` (models.json, social_target_config.json, codex empty file), or surgical merges that preserve user content (`.mcp.json` mcpServers, `.claude/settings.json` allowList, `.codex/config.toml` mcp_servers.delimit block, `.cursor/mcp.json` mcpServers, rc-file PATH append).
+- The full preservation contract is now: `delimit-cli setup` may safely run on any user machine, including via the shim auto-update flow, without destroying user state. New installs and upgrades are equivalent for everything except delimit-owned files.
+
+### Tests
+- 129/129 passing (was 124).
+
+## [4.1.48] - 2026-04-09
+
+### Fixed
+- **CRITICAL: CLAUDE.md clobber on upgrade** — `delimit-cli setup` used a loose heuristic (`# Delimit` + `delimit_ledger_context` or `# Delimit AI Guardrails`) to decide whether to replace a user's entire `CLAUDE.md` with the stock template. Any founder-customized CLAUDE.md that happened to mention `delimit_ledger_context` got clobbered on every upgrade — this included 4.1.47's auto-update flow, which destroyed custom auto-trigger rules, paying-customer protection blocks, and incident-derived escalation rules. The clobber path is removed entirely. `upsertDelimitSection` now either upserts between `<!-- delimit:start -->` / `<!-- delimit:end -->` markers (preserving user content above and below), or — if no markers exist — appends the managed section at the bottom, preserving all existing user content verbatim.
+- Same fix applied to `GEMINI.md` in `lib/cross-model-hooks.js` (previously did a whole-file overwrite if it did not contain the detection phrase).
+- Detection marker changed from the prose phrase `Consensus 123` to the stable structural marker `<!-- delimit:start`, so future template copy changes never break preservation logic.
+
+### Security
+- **axios** bumped from `1.13.6` → `1.15.0` to patch GHSA-3p68-rc4w-qgx5 (NO_PROXY hostname normalization bypass → SSRF, severity: critical).
+
+### Changed
+- Stock `CLAUDE.md` template is now minimal (auto-trigger lifecycle, code/commit/deploy gates, audit trail, links). Founder-only sections (Paying Customers, Strategic/Business Operations, Escalation Rules, venture portfolio context) are no longer shipped in the npm package — they belong in `~/.delimit/CLAUDE.md` or `~/.claude/CLAUDE.md` (never touched by `delimit-cli setup`).
+
+### Tests
+- Added two regression tests in `tests/setup-onboarding.test.js` covering (a) the exact legacy-content-preservation case and (b) the founder-customized CLAUDE.md pattern that triggered the 2026-04-09 incident.
+
 ## [4.1.45] - 2026-04-09
 
 ### Fixed

package/bin/delimit-setup.js

@@ -430,9 +430,12 @@ async function main() {
                 cwd: path.join(DELIMIT_HOME, 'server'),
                 env: { PYTHONPATH: path.join(DELIMIT_HOME, 'server') }
             };
-            // Auto-approve all tools — users should not be prompted for every Delimit call
+            // Auto-approve all tools — users should not be prompted for every Delimit call.
+            // Only set if missing — never clobber the user's chosen approval mode on upgrade.
             if (!geminiConfig.general) geminiConfig.general = {};
-            geminiConfig.general.defaultApprovalMode = 'auto_edit';
+            if (!geminiConfig.general.defaultApprovalMode) {
+                geminiConfig.general.defaultApprovalMode = 'auto_edit';
+            }
             fs.writeFileSync(GEMINI_CONFIG, JSON.stringify(geminiConfig, null, 2));
             if (geminiExisted) {
                 await logp(`  ${green('✓')} Updated Delimit paths in Gemini CLI config`);
@@ -1337,9 +1340,16 @@ function getClaudeMdContent() {
 
 /**
  * Upsert the Delimit section in a file using <!-- delimit:start --> / <!-- delimit:end --> markers.
- * If markers exist, replaces only that region (preserving user content above/below).
- * If no markers exist but old Delimit content is detected, replaces the whole file.
- * If no Delimit content at all, appends the section.
+ *
+ * NEVER clobbers user-authored content outside the markers. The previous behavior
+ * replaced the whole file whenever it detected "old Delimit content" heuristically,
+ * which destroyed founder-customized CLAUDE.md files on every upgrade (v4.1.47 incident).
+ *
+ * Behavior:
+ * - File missing → create with just the managed section.
+ * - File has markers → replace only the region between them (user content above/below preserved).
+ * - File has no markers → append the managed section at the bottom (user content at top preserved).
+ *
  * Returns { action: 'created' | 'updated' | 'unchanged' | 'appended' }
  */
 function upsertDelimitSection(filePath) {
@@ -1354,7 +1364,7 @@ function upsertDelimitSection(filePath) {
 
     const existing = fs.readFileSync(filePath, 'utf-8');
 
-    // Check if markers already exist
+    // Check if managed markers already exist
     const startMarkerRe = /<!-- delimit:start[^>]*-->/;
     const endMarker = '<!-- delimit:end -->';
     const hasStart = startMarkerRe.test(existing);
@@ -1367,25 +1377,16 @@ function upsertDelimitSection(filePath) {
         if (currentVersion === version) {
             return { action: 'unchanged' };
         }
-        // Replace only the delimit section
+        // Replace only the managed region — preserve content above/below
         const before = existing.substring(0, existing.search(startMarkerRe));
         const after = existing.substring(existing.indexOf(endMarker) + endMarker.length);
         fs.writeFileSync(filePath, before + newSection + after);
         return { action: 'updated' };
     }
 
-    // No markers — check for old Delimit content that should be replaced
-    const isOldDelimit = existing.includes('# Delimit AI Guardrails') ||
-        existing.includes('delimit_init') ||
-        existing.includes('persistent memory, verified execution') ||
-        (existing.includes('# Delimit') && existing.includes('delimit_ledger_context'));
-
-    if (isOldDelimit) {
-        fs.writeFileSync(filePath, newSection + '\n');
-        return { action: 'updated' };
-    }
-
-    // File exists with user content but no Delimit section — append
+    // No markers present — append the managed section at the bottom.
+    // User content at the top is preserved verbatim. Markers get added so future
+    // upgrades can update just the managed region.
     const separator = existing.endsWith('\n') ? '\n' : '\n\n';
     fs.writeFileSync(filePath, existing + separator + newSection + '\n');
     return { action: 'appended' };

package/gateway/ai/hot_reload.py

@@ -0,0 +1,445 @@
+"""Cross-session MCP hot reload (LED-799).
+
+Solves the pain where one Claude session edits ai/*.py and other sessions
+have to restart the MCP server to pick up the change. There are three
+distinct cases this module handles:
+
+1. **Edited helper module** (e.g. ai/content_intel.py changed):
+   importlib.reload() the module so tools that lazily `from ai.X import Y`
+   inside their function body pick up the new code on the next call.
+
+2. **New helper module** (e.g. ai/foo.py added by another session):
+   importlib.import_module() to bring it into sys.modules so subsequent
+   lazy imports inside tool bodies succeed.
+
+3. **New @mcp.tool() decoration** in a freshly added module (ai/tools/*.py):
+   walk the module globals for fastmcp.tools.tool.FunctionTool instances
+   and add them to the live FastMCP tool_manager via add_tool(). New tool
+   files become callable without a server restart.
+
+Out of scope (still requires restart):
+- Edits to ai/server.py itself. That module is too large, has too many
+  side effects on import, and reloading it would create a NEW FastMCP
+  instance disconnected from the running server. Convention: put NEW
+  tools in ai/tools/<name>.py, not in ai/server.py.
+
+Dead-letter behavior: every reload/import is wrapped in try/except. Failures
+are logged to ~/.delimit/logs/hot_reload.jsonl and never crash the server.
+"""
+
+from __future__ import annotations
+
+import importlib
+import json
+import logging
+import os
+import sys
+import threading
+import time
+import traceback
+from datetime import datetime, timezone
+from pathlib import Path
+from typing import Any, Callable, Dict, List, Optional, Set
+
+logger = logging.getLogger("delimit.ai.hot_reload")
+
+LOG_DIR = Path.home() / ".delimit" / "logs"
+LOG_FILE = LOG_DIR / "hot_reload.jsonl"
+
+# Modules whose reload would do more harm than good. server.py defines the
+# live FastMCP instance — reloading it would create a fresh disconnected
+# instance. Tests confirm reload of these modules creates duplicate state.
+RELOAD_DENY_LIST: Set[str] = {
+    "ai.server",
+    "ai.hot_reload",  # don't reload self
+    "ai",  # the package itself
+}
+
+
+# ── logging ──────────────────────────────────────────────────────────
+
+
+def _log(event: Dict[str, Any]) -> None:
+    """Append a structured event to the hot-reload audit log. Never raises."""
+    try:
+        LOG_DIR.mkdir(parents=True, exist_ok=True)
+        event = {
+            **event,
+            "timestamp": datetime.now(timezone.utc).isoformat(),
+            "pid": os.getpid(),
+        }
+        with open(LOG_FILE, "a", encoding="utf-8") as f:
+            f.write(json.dumps(event) + "\n")
+    except OSError as e:
+        logger.debug("hot_reload log write failed: %s", e)
+
+
+# ── tool re-registration ──────────────────────────────────────────────
+
+
+def _is_function_tool(obj: Any) -> bool:
+    """True if `obj` is a fastmcp FunctionTool (registered tool)."""
+    cls = type(obj)
+    return cls.__module__.startswith("fastmcp.") and cls.__name__ == "FunctionTool"
+
+
+def register_module_tools(mcp: Any, module: Any) -> List[str]:
+    """Walk a module's globals and register every FunctionTool against the live mcp.
+
+    Returns the list of tool keys registered. Existing tools with the same
+    key are *replaced* — that lets edits to a tool's metadata or schema
+    take effect without a restart.
+    """
+    if mcp is None or module is None:
+        return []
+    registered: List[str] = []
+    try:
+        tool_manager = getattr(mcp, "_tool_manager", None)
+        if tool_manager is None or not hasattr(tool_manager, "_tools"):
+            return []
+        for name, value in list(vars(module).items()):
+            if not _is_function_tool(value):
+                continue
+            try:
+                key = getattr(value, "key", name)
+                tool_manager._tools[key] = value
+                registered.append(key)
+            except Exception as e:
+                _log({
+                    "event": "tool_register_failed",
+                    "module": module.__name__,
+                    "name": name,
+                    "error": str(e),
+                })
+    except Exception as e:  # noqa: BLE001
+        _log({
+            "event": "register_module_tools_failed",
+            "module": getattr(module, "__name__", "?"),
+            "error": str(e),
+            "traceback": traceback.format_exc(limit=3),
+        })
+    if registered:
+        _log({
+            "event": "tools_registered",
+            "module": getattr(module, "__name__", "?"),
+            "count": len(registered),
+            "keys": registered,
+        })
+    return registered
+
+
+def reload_module(mcp: Any, module_name: str) -> Dict[str, Any]:
+    """Reload an existing module and re-register any tools it defines.
+
+    Returns a status dict with the module name, whether the reload succeeded,
+    and the list of tool keys registered. Reload failures keep the previous
+    module in place (importlib.reload either replaces atomically or raises).
+    """
+    if module_name in RELOAD_DENY_LIST:
+        return {"module": module_name, "ok": False, "skipped": "deny_list"}
+    if module_name not in sys.modules:
+        return {"module": module_name, "ok": False, "skipped": "not_loaded"}
+    try:
+        module = importlib.reload(sys.modules[module_name])
+        tools = register_module_tools(mcp, module)
+        _log({
+            "event": "module_reloaded",
+            "module": module_name,
+            "tools_registered": tools,
+        })
+        return {"module": module_name, "ok": True, "tools_registered": tools}
+    except Exception as e:  # noqa: BLE001
+        _log({
+            "event": "module_reload_failed",
+            "module": module_name,
+            "error": str(e),
+            "traceback": traceback.format_exc(limit=5),
+        })
+        return {"module": module_name, "ok": False, "error": str(e)}
+
+
+def import_new_module(
+    mcp: Any,
+    file_path: Path,
+    package_root: Path,
+    package_prefix: str = "ai",
+) -> Dict[str, Any]:
+    """Import a freshly added file under the watched package and register its tools.
+
+    `file_path` must live under `package_root`. The module name is derived
+    from the relative path: ai/tools/foo.py → ai.tools.foo.
+    """
+    try:
+        rel = file_path.relative_to(package_root)
+    except ValueError:
+        return {"file": str(file_path), "ok": False, "error": "outside_package_root"}
+
+    parts = list(rel.with_suffix("").parts)
+    if not parts:
+        return {"file": str(file_path), "ok": False, "error": "invalid_path"}
+    if parts[-1] == "__init__":
+        parts = parts[:-1]
+    if package_prefix:
+        # The package_root is the directory CONTAINING the package (e.g. delimit-gateway/),
+        # so the relative path already starts with the package name. If not, prepend.
+        if not parts or parts[0] != package_prefix:
+            parts = [package_prefix] + parts
+    module_name = ".".join(parts)
+
+    if module_name in RELOAD_DENY_LIST:
+        return {"file": str(file_path), "module": module_name, "ok": False, "skipped": "deny_list"}
+
+    try:
+        # Critical: drop cached finders so a new file inside an already-imported
+        # package becomes visible. Without this, importlib's package finder
+        # uses a stale directory listing.
+        importlib.invalidate_caches()
+        if module_name in sys.modules:
+            module = importlib.reload(sys.modules[module_name])
+            action = "reloaded"
+        else:
+            module = importlib.import_module(module_name)
+            action = "imported"
+        tools = register_module_tools(mcp, module)
+        _log({
+            "event": "new_module_handled",
+            "module": module_name,
+            "action": action,
+            "tools_registered": tools,
+        })
+        return {
+            "file": str(file_path),
+            "module": module_name,
+            "action": action,
+            "ok": True,
+            "tools_registered": tools,
+        }
+    except Exception as e:  # noqa: BLE001
+        _log({
+            "event": "new_module_import_failed",
+            "module": module_name,
+            "error": str(e),
+            "traceback": traceback.format_exc(limit=5),
+        })
+        return {
+            "file": str(file_path),
+            "module": module_name,
+            "ok": False,
+            "error": str(e),
+        }
+
+
+# ── file watcher ──────────────────────────────────────────────────────
+
+
+class HotReloadWatcher:
+    """Polling-based file watcher (no inotify dependency).
+
+    Tracks mtimes for every .py file under `watch_dir`. On each tick:
+    - New files trigger import_new_module().
+    - Changed files trigger reload_module() (unless on the deny list).
+    - Deleted files are noted in the log but no action is taken (the
+      cached sys.modules entry stays — that's safer than fighting against
+      another session that may be mid-edit).
+    """
+
+    def __init__(
+        self,
+        mcp: Any,
+        watch_dir: Path,
+        package_root: Path,
+        package_prefix: str = "ai",
+        interval: float = 2.0,
+    ) -> None:
+        self.mcp = mcp
+        self.watch_dir = Path(watch_dir)
+        self.package_root = Path(package_root)
+        self.package_prefix = package_prefix
+        self.interval = interval
+        self._mtimes: Dict[str, float] = {}
+        self._stop = threading.Event()
+        self._thread: Optional[threading.Thread] = None
+        self._snapshot_initial()
+
+    def _snapshot_initial(self) -> None:
+        """Record current mtimes so the first tick doesn't reload everything."""
+        for path in self.watch_dir.rglob("*.py"):
+            try:
+                self._mtimes[str(path)] = path.stat().st_mtime
+            except OSError:
+                pass
+
+    def tick(self) -> Dict[str, Any]:
+        """Run a single scan pass. Returns counts of actions taken."""
+        new_files: List[Path] = []
+        changed_files: List[Path] = []
+        seen: Set[str] = set()
+
+        try:
+            for path in self.watch_dir.rglob("*.py"):
+                key = str(path)
+                seen.add(key)
+                try:
+                    mtime = path.stat().st_mtime
+                except OSError:
+                    continue
+                prev = self._mtimes.get(key)
+                if prev is None:
+                    new_files.append(path)
+                elif mtime > prev:
+                    changed_files.append(path)
+                self._mtimes[key] = mtime
+        except OSError as e:
+            _log({"event": "watch_scan_error", "error": str(e)})
+            return {"new": 0, "changed": 0, "errors": 1}
+
+        results: Dict[str, Any] = {"new": [], "changed": [], "errors": 0}
+        for path in new_files:
+            r = import_new_module(self.mcp, path, self.package_root, self.package_prefix)
+            results["new"].append(r)
+            if not r.get("ok"):
+                results["errors"] += 1
+
+        for path in changed_files:
+            module_name = self._path_to_module(path)
+            if module_name is None:
+                continue
+            if module_name in RELOAD_DENY_LIST:
+                continue
+            r = reload_module(self.mcp, module_name)
+            results["changed"].append(r)
+            if not r.get("ok") and r.get("skipped") is None:
+                results["errors"] += 1
+
+        return results
+
+    def _path_to_module(self, path: Path) -> Optional[str]:
+        try:
+            rel = path.relative_to(self.package_root)
+        except ValueError:
+            return None
+        parts = list(rel.with_suffix("").parts)
+        if not parts:
+            return None
+        if parts[-1] == "__init__":
+            parts = parts[:-1]
+        if self.package_prefix and (not parts or parts[0] != self.package_prefix):
+            parts = [self.package_prefix] + parts
+        return ".".join(parts)
+
+    def _loop(self) -> None:
+        _log({"event": "watcher_started", "watch_dir": str(self.watch_dir), "interval": self.interval})
+        while not self._stop.is_set():
+            try:
+                self.tick()
+            except Exception as e:  # noqa: BLE001
+                _log({
+                    "event": "watcher_tick_error",
+                    "error": str(e),
+                    "traceback": traceback.format_exc(limit=3),
+                })
+            self._stop.wait(timeout=self.interval)
+        _log({"event": "watcher_stopped"})
+
+    def start(self) -> None:
+        if self._thread and self._thread.is_alive():
+            return
+        self._stop.clear()
+        self._thread = threading.Thread(
+            target=self._loop, name="delimit-hot-reload", daemon=True
+        )
+        self._thread.start()
+
+    def stop(self) -> None:
+        self._stop.set()
+        if self._thread:
+            self._thread.join(timeout=5)
+
+
+# ── module-level singleton + bootstrap helper ─────────────────────────
+
+
+_singleton: Optional[HotReloadWatcher] = None
+_singleton_lock = threading.Lock()
+
+
+def start_hot_reload(
+    mcp: Any,
+    watch_dir: Optional[Path] = None,
+    package_root: Optional[Path] = None,
+    interval: float = 2.0,
+) -> Dict[str, Any]:
+    """Start the global hot-reload watcher. Idempotent.
+
+    Args:
+        mcp: The live FastMCP instance from ai/server.py.
+        watch_dir: Directory to watch. Defaults to the directory containing
+            ai/server.py (i.e. the ai/ package directory).
+        package_root: Directory whose first child is the package. Used to
+            derive module names from file paths. Defaults to the parent of
+            watch_dir.
+        interval: Poll interval in seconds. Default 2.0.
+
+    Returns a status dict. Will not raise — failures are logged.
+    """
+    global _singleton
+    with _singleton_lock:
+        if _singleton is not None:
+            return {"status": "already_running"}
+        try:
+            if watch_dir is None:
+                watch_dir = Path(__file__).parent
+            if package_root is None:
+                package_root = Path(watch_dir).parent
+            _singleton = HotReloadWatcher(
+                mcp=mcp,
+                watch_dir=Path(watch_dir),
+                package_root=Path(package_root),
+                interval=interval,
+            )
+            _singleton.start()
+            _log({
+                "event": "hot_reload_started",
+                "watch_dir": str(watch_dir),
+                "package_root": str(package_root),
+                "interval": interval,
+            })
+            return {
+                "status": "started",
+                "watch_dir": str(watch_dir),
+                "package_root": str(package_root),
+                "interval": interval,
+            }
+        except Exception as e:  # noqa: BLE001
+            _log({
+                "event": "hot_reload_start_failed",
+                "error": str(e),
+                "traceback": traceback.format_exc(limit=5),
+            })
+            return {"status": "failed", "error": str(e)}
+
+
+def stop_hot_reload() -> Dict[str, Any]:
+    """Stop the global watcher. Idempotent."""
+    global _singleton
+    with _singleton_lock:
+        if _singleton is None:
+            return {"status": "not_running"}
+        _singleton.stop()
+        _singleton = None
+        _log({"event": "hot_reload_stopped_via_api"})
+        return {"status": "stopped"}
+
+
+def hot_reload_status() -> Dict[str, Any]:
+    """Inspect the watcher state."""
+    with _singleton_lock:
+        if _singleton is None:
+            return {"running": False}
+        return {
+            "running": True,
+            "watch_dir": str(_singleton.watch_dir),
+            "package_root": str(_singleton.package_root),
+            "interval": _singleton.interval,
+            "tracked_files": len(_singleton._mtimes),
+        }

package/gateway/ai/server.py

@@ -8308,6 +8308,53 @@ def delimit_content_intel_weekly(date: str = "") -> Dict[str, Any]:
         return {"error": str(e)}
 
 
+# ═══════════════════════════════════════════════════════════════════════
+#  HOT RELOAD (LED-799) — pick up new tools/modules without restart
+# ═══════════════════════════════════════════════════════════════════════
+
+
+@mcp.tool()
+def delimit_hot_reload(action: str = "status", interval: float = 2.0) -> Dict[str, Any]:
+    """Control the cross-session MCP hot-reload watcher (LED-799).
+
+    The watcher polls ai/*.py for new files and changed mtimes, reloads
+    helper modules in place, and registers any new @mcp.tool() decorations
+    against the live FastMCP instance — so other Claude sessions can pick
+    up your edits without restarting the MCP server.
+
+    Limitation: edits to ai/server.py itself still require a restart.
+    Convention: put new tools in ai/tools/<name>.py instead.
+
+    Args:
+        action: 'start', 'stop', 'status', or 'tick' (run a single scan now).
+        interval: Poll interval in seconds. Only used on start. Default 2.0.
+    """
+    from ai import hot_reload as _hr
+    action = (action or "status").strip().lower()
+    if action == "start":
+        return _hr.start_hot_reload(mcp, interval=interval)
+    if action == "stop":
+        return _hr.stop_hot_reload()
+    if action == "tick":
+        with _hr._singleton_lock:
+            watcher = _hr._singleton
+        if watcher is None:
+            return {"error": "watcher not running"}
+        return watcher.tick()
+    return _hr.hot_reload_status()
+
+
+# Auto-start the watcher unless explicitly disabled. New sessions get the
+# benefit of cross-session reload without any setup. Set DELIMIT_HOT_RELOAD=0
+# to opt out (e.g. for tests that need a stable module table).
+try:
+    if os.environ.get("DELIMIT_HOT_RELOAD", "1") != "0":
+        from ai import hot_reload as _hot_reload_boot
+        _hot_reload_boot.start_hot_reload(mcp)
+except Exception as _e:
+    logger.warning("hot_reload boot failed (non-fatal): %s", _e)
+
+
 @mcp.tool()
 def delimit_reddit_fetch_thread(thread_id: str) -> Dict[str, Any]:
     """Surgically fetch a single Reddit thread by ID (e.g. 'OSKJVH7f35')."""

package/gateway/ai/swarm.py

@@ -952,6 +952,7 @@ def hot_reload(reason: str = "update") -> Dict[str, Any]:
         "ai.social",
         "ai.reddit_scanner",
         "ai.ledger_manager",
+        "ai.deliberation",  # added 2026-04-09 per LED-805 — CLI stdin fix needed hot reload
         "ai.backends.repo_bridge",
         "ai.backends.tools_infra",
         "backends.repo_bridge",  # alias used by server.py lazy imports

package/lib/cross-model-hooks.js

@@ -577,14 +577,38 @@ echo ""
     const configJson = JSON.stringify(config, null, 2);
     for (const target of writeTargets) {
         try {
-            // For project settings, merge hooks into existing config
-            if (target !== configPath && fs.existsSync(target)) {
-                const existing = JSON.parse(fs.readFileSync(target, 'utf-8'));
-                existing.hooks = config.hooks;
-                fs.writeFileSync(target, JSON.stringify(existing, null, 2));
-            } else {
+            if (target === configPath) {
+                // Global ~/.claude/settings.json: write the merged config we built
                 fs.writeFileSync(target, configJson);
+                continue;
+            }
+
+            // Project settings (.claude/settings.json in cwd): merge ONLY the
+            // Delimit-added hook entries into existing project hooks. Never
+            // overwrite the project's own hook entries with global ones.
+            // Previous behavior (`existing.hooks = config.hooks`) propagated
+            // every global hook into project files, wiping project-local hooks
+            // and leaking unrelated user customizations across repos.
+            let existing = {};
+            if (fs.existsSync(target)) {
+                try { existing = JSON.parse(fs.readFileSync(target, 'utf-8')); } catch { existing = {}; }
+            }
+            if (!existing.hooks) existing.hooks = {};
+
+            for (const [event, groups] of Object.entries(config.hooks || {})) {
+                if (!Array.isArray(groups)) continue;
+                if (!existing.hooks[event]) existing.hooks[event] = [];
+                for (const group of groups) {
+                    const cmds = (group.hooks || []).map(h => h.command || '');
+                    // Only propagate Delimit-owned hook groups to project files
+                    if (!cmds.some(c => c.includes('delimit'))) continue;
+                    const alreadyHas = existing.hooks[event].some(eg =>
+                        (eg.hooks || []).some(h => cmds.includes(h.command))
+                    );
+                    if (!alreadyHas) existing.hooks[event].push(group);
+                }
             }
+            fs.writeFileSync(target, JSON.stringify(existing, null, 2));
         } catch {}
     }
     return changes;
@@ -666,21 +690,43 @@ function installGeminiHooks(tool, hookConfig) {
         } catch { config = {}; }
     }
 
-    // LED-213: Use canonical Consensus 123 template (condensed for JSON)
+    // LED-213: canonical governance template (condensed for JSON).
+    // Detect via the stable <!-- delimit:start --> marker, not a prose phrase
+    // that may change between versions.
     const govInstructions = getDelimitSectionCondensed();
+    const DELIMIT_MARKER = '<!-- delimit:start';
 
-    if (!config.customInstructions || !config.customInstructions.includes('Consensus 123')) {
+    if (!config.customInstructions || !config.customInstructions.includes(DELIMIT_MARKER)) {
         config.customInstructions = govInstructions;
         changes.push('customInstructions');
     }
 
     fs.writeFileSync(tool.configPath, JSON.stringify(config, null, 2));
 
-    // LED-213: Write GEMINI.md with canonical Consensus 123 template
+    // GEMINI.md: use the same upsert pattern as CLAUDE.md so user content
+    // outside the managed markers is preserved across delimit-cli upgrades.
     const geminiMd = path.join(geminiDir, 'GEMINI.md');
-    if (!fs.existsSync(geminiMd) || !fs.readFileSync(geminiMd, 'utf-8').includes('Consensus 123')) {
-        fs.writeFileSync(geminiMd, getDelimitSection() + '\n');
+    const managedSection = getDelimitSection();
+    if (!fs.existsSync(geminiMd)) {
+        fs.writeFileSync(geminiMd, managedSection + '\n');
         changes.push('GEMINI.md');
+    } else {
+        const existing = fs.readFileSync(geminiMd, 'utf-8');
+        if (existing.includes(DELIMIT_MARKER) && existing.includes('<!-- delimit:end -->')) {
+            // Replace only the managed region
+            const before = existing.substring(0, existing.indexOf(DELIMIT_MARKER));
+            const after = existing.substring(existing.indexOf('<!-- delimit:end -->') + '<!-- delimit:end -->'.length);
+            const updated = before + managedSection + after;
+            if (updated !== existing) {
+                fs.writeFileSync(geminiMd, updated);
+                changes.push('GEMINI.md');
+            }
+        } else {
+            // Append managed section below existing user content
+            const sep = existing.endsWith('\n') ? '\n' : '\n\n';
+            fs.writeFileSync(geminiMd, existing + sep + managedSection + '\n');
+            changes.push('GEMINI.md');
+        }
     }
 
     return changes;

package/lib/delimit-template.js

@@ -21,85 +21,36 @@ function getDelimitSection() {
 
 Unify all AI coding assistants with persistent context, governance, and multi-model debate.
 
-## Auto-Trigger Rules (Consensus 123)
+## What Delimit does
+- **API governance** — lint, diff, semver classification, migration guides
+- **Persistent context** — memory and ledger survive across sessions and models
+- **Security audit** — dependency scanning, secret detection
+- **Test verification** — confirm tests actually ran, measure coverage
+- **Multi-model deliberation** — consensus from multiple AI models (3 free, then BYOK)
 
-These rules fire automatically. The AI MUST call the specified tools without asking permission.
-The founder reviews and approves via email. The AI's job is to draft, send, and chain — not to ask.
+## Auto-Trigger Rules
+
+These rules fire automatically. Call the listed tools without asking permission.
 
 ### Session Lifecycle
-- **Session start**: call \`delimit_revive\` + \`delimit_ledger_context\` + \`delimit_gov_health\` + \`delimit_inbox_daemon(action="start")\` + \`delimit_notify_routing(action="status")\`
-- **Session end or idle**: call \`delimit_soul_capture\` + \`delimit_session_handoff\` to preserve context for next session
+- **Session start**: call \`delimit_revive\` + \`delimit_ledger_context\` + \`delimit_gov_health\`
+- **Session end or idle**: call \`delimit_soul_capture\` + \`delimit_session_handoff\`
 - If returning user, summarize what's pending. If new project, call \`delimit_scan\`.
 
 ### Code Development (debounced per edit batch)
 - After editing UI/CSS: call \`delimit_design_validate_responsive\`
 - After editing API specs: call \`delimit_lint\` + \`delimit_drift_check\`
-- After editing tests: call \`delimit_test_smoke\`
-- After any significant code change: call \`delimit_test_smoke\` if applicable tests exist
+- After editing tests or significant code: call \`delimit_test_smoke\`
 
 ### Pre-Commit / Pre-Deploy Gates
 - Before \`git commit\`: call \`delimit_repo_diagnose\`
-- Deploy requested: \`delimit_security_audit\` then \`delimit_test_smoke\` then \`delimit_changelog\` then \`delimit_deploy_plan\`
+- Deploy requested: \`delimit_security_audit\` → \`delimit_test_smoke\` → \`delimit_changelog\` → \`delimit_deploy_plan\`
 - Deploy succeeds: \`delimit_deploy_verify\` + \`delimit_evidence_collect\`
 - Verify succeeds: \`delimit_ledger_done\` (related task) + \`delimit_notify\`
 
-### Change Management (update docs with every ship)
-- After shipping a feature: update README if CLI commands or tool count changed
-- After version bump: update version badge, tool count, test count on landing page
-- After npm publish: sync gateway server.py to npm bundle, scrub PII, run security-check.sh
-- After changing pricing/tiers: update pricing page and Lemon Squeezy product
-- Before deploy: call \`delimit_swarm(action="docs_check")\` to verify docs freshness
-- Before submitting a PR to an external repo: call \`delimit_deliberate\` on the diff + PR description (Pro only — if using free tier deliberations and quota is exhausted, skip this gate but log a warning)
-
-### Content / Outreach (all drafts, never auto-post)
-- Social content drafted: ALWAYS call \`delimit_social_post\` or \`delimit_notify\` immediately
-- \`delimit_social_target\` scan completes: call \`delimit_notify\` with target summary
-- Screenshot of social thread shared: auto-draft reply + call \`delimit_notify\`
-- During ANY social interaction: scan for competitive signals, integration opportunities, and strategic items. Add to strategy ledger if significant.
-
-### Strategic / Business Operations
-- Strategic opportunity identified: call \`delimit_ledger_add\` immediately
-- \`delimit_ledger_add\` fires (non-P0): \`delimit_notify\` (batched, 15-min digest)
-- \`delimit_ledger_add\` fires (P0): \`delimit_notify\` (immediate) + \`delimit_agent_dispatch\`
-- Conflicting high-severity signals: call \`delimit_deliberate\` for multi-model consensus
-
-### Monitoring / Sensors
-- GitHub issue state change (closed, merged, labeled): \`delimit_ledger_update\` + \`delimit_notify\` (immediate)
-- GitHub issue new comments: \`delimit_ledger_update\` + \`delimit_notify\` (batched digest)
-- \`delimit_drift_check\` finds drift: \`delimit_ledger_add\` + \`delimit_notify\`
-
-### Approval Loop (Email Control Plane)
-- Approval email detected: execute the approved action based on context
-- Rejection email detected: \`delimit_ledger_update\` (mark rejected)
-
 ### Audit Trail
 - After security audit, test run, or deploy: call \`delimit_evidence_collect\`
-- Any gate failure: \`delimit_evidence_collect\` + \`delimit_ledger_add\` + \`delimit_notify\` (immediate)
-
-### Storm Prevention
-- Edit triggers: debounce to once per assistant turn
-- Non-P0 notifications: batch into 15-minute digests
-- Max 5 immediate notifications per hour (overflow to digest)
-- Per-scan fan-out: max 10 targets per notification
-
-## Memory Rules (CRITICAL)
-
-Routine code changes are auto-captured from git on session exit. You do NOT need to call memory_store for normal work.
-
-ONLY use \`memory_store\` to capture:
-- **Failed approaches** — "tried X, it didn't work because Y" (git only shows what survived, not dead ends)
-- **Architecture decisions** — "chose PostgreSQL over Redis for sessions because Z"
-- **Key context** — customer requirements, API constraints, deployment gotchas
-- **Things that will confuse the next session** — non-obvious setups, workarounds, tech debt
-
-Do NOT store: routine code changes, file lists, commit messages, status updates — these are in git.
-
-## What Delimit does:
-- **API governance** -- lint, diff, semver classification, migration guides
-- **Persistent context** -- memory and ledger survive across sessions and models
-- **Security audit** -- dependency scanning, secret detection
-- **Test verification** -- confirm tests actually ran, measure coverage
-- **Multi-model deliberation** -- consensus from multiple AI models (3 free, then BYOK)
+- Any gate failure: \`delimit_evidence_collect\` + \`delimit_ledger_add\` + \`delimit_notify\`
 
 ## GitHub Action
 Add breaking change detection to any repo:
@@ -109,28 +60,11 @@ Add breaking change detection to any repo:
     spec: api/openapi.yaml
 \`\`\`
 
-## Paying Customers (CRITICAL — Read Before Any Change)
-
-Delimit has paying Pro customers. Every code change, MCP tool modification, server update, or API change MUST consider impact on existing users.
-
-### Customer Protection Rules
-- **Before modifying any MCP tool signature** (params, return schema): check if it would break existing Pro users' workflows
-- **Before renaming/removing CLI commands**: these are documented and users depend on them
-- **Before changing license validation**: customers have active license keys (Lemon Squeezy)
-- **Before modifying server.py tool definitions**: Pro users have the MCP server installed locally at ~/.delimit/server/
-- **Before changing JSONL/JSON storage formats**: memory, ledger, evidence files may exist on customer machines
-- **npm publish is a production deploy**: every publish goes to real users, not just us
-- **Gateway → npm sync**: when syncing server.py to the npm bundle, verify no breaking tool changes
-- **Test with \`delimit doctor\`** before any publish to catch config/setup breaks
-- **Backwards compatibility**: new features must not break existing installations. Add, don't remove.
-
-### What Constitutes a Breaking Change for Users
-- MCP tool parameter renamed or removed
-- CLI command renamed or removed
-- Storage format change (memories.jsonl, ledger, evidence, license.json)
-- Python import path changes in server.py
-- Hook format changes in settings.json
-- Default behavior changes (e.g., changing what \`delimit scan\` does with no args)
+## Project-specific overrides
+
+You can add your own rules anywhere **outside** the \`<!-- delimit:start -->\` / \`<!-- delimit:end -->\` markers in this file — \`delimit-cli\` upgrades only touch content between the markers and preserve everything else.
+
+For user-global overrides (rules that apply to every project and every Claude Code session on this machine), put them in \`~/.claude/CLAUDE.md\` or \`~/.delimit/CLAUDE.md\`. Those files are never shipped in the npm package and never overwritten by \`delimit-cli setup\`.
 
 ## Links
 - Docs: https://delimit.ai/docs

package/lib/hooks-installer.js

@@ -185,29 +185,37 @@ class DelimitHooksInstaller {
     
     async configureClaudeCode() {
         const claudeConfigPath = path.join(process.env.HOME, '.claude.json');
-        
+
         if (fs.existsSync(claudeConfigPath)) {
             try {
                 const config = JSON.parse(fs.readFileSync(claudeConfigPath, 'utf8'));
-                
-                // Add Delimit governance hooks
+
+                // Preserve any existing hooks the user has set. Only fill in
+                // Delimit MCP hooks if those specific keys are missing —
+                // never overwrite a user-chosen preCommand/postCommand.
                 if (!config.hooks) {
                     config.hooks = {};
                 }
-                
-                config.hooks.preCommand = path.join(this.mcpHooksDir, 'pre-mcp-call');
-                config.hooks.postCommand = path.join(this.mcpHooksDir, 'post-mcp-call');
-                config.hooks.authentication = path.join(this.mcpHooksDir, 'mcp-auth');
-                config.hooks.audit = path.join(this.mcpHooksDir, 'mcp-audit');
-                
-                // Add Delimit governance settings
+                const delimitHooks = {
+                    preCommand: path.join(this.mcpHooksDir, 'pre-mcp-call'),
+                    postCommand: path.join(this.mcpHooksDir, 'post-mcp-call'),
+                    authentication: path.join(this.mcpHooksDir, 'mcp-auth'),
+                    audit: path.join(this.mcpHooksDir, 'mcp-audit'),
+                };
+                for (const [key, value] of Object.entries(delimitHooks)) {
+                    if (!config.hooks[key]) {
+                        config.hooks[key] = value;
+                    }
+                }
+
+                // Add Delimit governance settings (own namespace, safe to set)
                 config.delimitGovernance = {
                     enabled: true,
                     agent: 'http://127.0.0.1:7823',
                     mode: 'auto',
                     hooks: this.mcpHooks.map(h => path.join(this.mcpHooksDir, h))
                 };
-                
+
                 fs.writeFileSync(claudeConfigPath, JSON.stringify(config, null, 2));
                 console.log(chalk.green('  ✓ Claude Code configuration updated'));
             } catch (e) {

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "delimit-cli",
   "mcpName": "io.github.delimit-ai/delimit-mcp-server",
-  "version": "4.1.47",
+  "version": "4.1.49",
   "description": "Unify Claude Code, Codex, Cursor, and Gemini CLI with persistent context, governance, and multi-model debate.",
   "main": "index.js",
   "files": [
@@ -35,7 +35,7 @@
     "postinstall": "node scripts/postinstall.js",
     "sync-gateway": "bash scripts/sync-gateway.sh",
     "prepublishOnly": "bash scripts/publish-ci-guard.sh && npm run sync-gateway && bash scripts/security-check.sh",
-    "test": "node --test tests/setup-onboarding.test.js tests/setup-matrix.test.js tests/config-export-import.test.js tests/cross-model-hooks.test.js tests/golden-path.test.js tests/v420-features.test.js"
+    "test": "node --test tests/setup-onboarding.test.js tests/setup-matrix.test.js tests/setup-no-clobber.test.js tests/config-export-import.test.js tests/cross-model-hooks.test.js tests/golden-path.test.js tests/v420-features.test.js"
   },
   "keywords": [
     "openapi",
@@ -76,7 +76,7 @@
     "url": "https://github.com/delimit-ai/delimit-mcp-server.git"
   },
   "dependencies": {
-    "axios": "1.13.6",
+    "axios": "1.15.0",
     "chalk": "^4.1.2",
     "commander": "^12.1.0",
     "express": "^4.18.0",