delimit-cli 4.1.48 → 4.1.50

package/CHANGELOG.md

@@ -1,5 +1,44 @@
 # Changelog
 
+## [4.1.50] - 2026-04-09
+
+### Fixed (CRITICAL — CLAUDE.md in-prose marker clobber)
+- **`upsertDelimitSection` regex was unanchored** — `bin/delimit-setup.js` used `/<!-- delimit:start[^>]*-->/` (no line anchors) to detect the managed-section markers. If a user *quoted* the markers inside backticks in a documentation bullet (e.g. `Use managed-section markers (\`<!-- delimit:start -->\` / \`<!-- delimit:end -->\`)`), the regex matched the prose mention. On the next `delimit setup` run the upsert sliced everything between the prose start and prose end markers and replaced it with a fresh stock template — the exact "never clobber user-customized files" failure mode 4.1.48 / 4.1.49 were written to prevent. Reproduced on `/root/CLAUDE.md` 2026-04-09.
+- Both markers are now anchored to start-of-line with the multiline flag, allow optional leading horizontal whitespace (`/^[ \t]*<!-- delimit:start[^>]*-->[ \t]*$/m`), and the file is BOM-stripped before matching. Result: documentation prose that quotes the markers inside backticks, blockquotes (`> `), or bullets (`- `, `* `) is never matched, while genuine markers — flush-left, indented, or BOM-prefixed — still are. Same fix applied to the test mirror in `tests/setup-onboarding.test.js`.
+
+### Added
+- **Regression tests** in `tests/setup-onboarding.test.js` covering five failure modes the v4.1.49 regex would have matched incorrectly:
+  - Markers quoted in a bullet via inline backticks (the exact /root/CLAUDE.md 2026-04-09 incident)
+  - Markers with a CRLF (`\r\n`) line ending
+  - File starting with a UTF-8 BOM
+  - Tab- and space-indented real markers (must still be recognized)
+  - Bullet- and blockquote-prefixed markers (must NOT be recognized)
+  Each test asserts both the first-run behavior (`appended` vs `updated`) and that user content survives a subsequent version-bump upgrade verbatim.
+
+### Scope
+- Single-purpose patch: CLAUDE.md preservation only. Unrelated gateway fixes (e.g. `loop_engine` LED-814) deferred to 4.1.51 per multi-model deliberation, since 4.1.48 and 4.1.49 both shipped with the regression bug undetected and 4.1.50 must stay laser-focused.
+
+### Tests
+- 134/134 npm CLI tests passing (was 129). New regression suite (`does not match markers quoted in prose`, CRLF, BOM, indented, bullet/blockquote-prefixed) covers every edge case the multi-model deliberation surfaced.
+
+## [4.1.49] - 2026-04-09
+
+### Fixed (full preservation audit follow-up to 4.1.48)
+- **Project `.claude/settings.json` hooks clobber** — `installClaudeHooks` was replacing the project-level `.claude/settings.json` hooks object with the merged-with-global config, propagating global hooks into every project file and wiping any project-local hooks the user had set. Now merges only Delimit-owned hook groups (entries whose command contains `delimit`) into existing project hooks; project-specific user hooks survive.
+- **Gemini `general.defaultApprovalMode` clobber** — `delimit-cli setup` was force-setting Gemini's `defaultApprovalMode` to `auto_edit` on every run, overwriting whatever the user had chosen (e.g. `manual`). Now only sets it when missing.
+- **`~/.claude.json` MCP hooks replacement** — `lib/hooks-installer.js` (opt-in via `delimit-cli hooks install`) replaced `preCommand` / `postCommand` / `authentication` / `audit` keys on every install. Now only fills in missing keys, preserving any user-chosen MCP hook commands.
+
+### Added
+- **`tests/setup-no-clobber.test.js`** — dedicated regression suite that runs setup helpers against synthetic fresh-user HOME directories with pre-populated user customizations (project hooks, Gemini approval mode, custom MCP hook commands) and asserts none get clobbered. 5 tests, all passing.
+
+### Audit results
+- Audited every `fs.writeFileSync` in `bin/delimit-setup.js`, `lib/cross-model-hooks.js`, `lib/hooks-installer.js`, `adapters/cursor-rules.js`, and `scripts/postinstall.js`.
+- All remaining writes are either delimit-owned (shims, hook scripts, generated `delimit.md`), guarded by `!fs.existsSync` (models.json, social_target_config.json, codex empty file), or surgical merges that preserve user content (`.mcp.json` mcpServers, `.claude/settings.json` allowList, `.codex/config.toml` mcp_servers.delimit block, `.cursor/mcp.json` mcpServers, rc-file PATH append).
+- The full preservation contract is now: `delimit-cli setup` may safely run on any user machine, including via the shim auto-update flow, without destroying user state. New installs and upgrades are equivalent for everything except delimit-owned files.
+
+### Tests
+- 129/129 passing (was 124).
+
 ## [4.1.48] - 2026-04-09
 
 ### Fixed

package/bin/delimit-setup.js

@@ -430,9 +430,12 @@ async function main() {
                 cwd: path.join(DELIMIT_HOME, 'server'),
                 env: { PYTHONPATH: path.join(DELIMIT_HOME, 'server') }
             };
-            // Auto-approve all tools — users should not be prompted for every Delimit call
+            // Auto-approve all tools — users should not be prompted for every Delimit call.
+            // Only set if missing — never clobber the user's chosen approval mode on upgrade.
             if (!geminiConfig.general) geminiConfig.general = {};
-            geminiConfig.general.defaultApprovalMode = 'auto_edit';
+            if (!geminiConfig.general.defaultApprovalMode) {
+                geminiConfig.general.defaultApprovalMode = 'auto_edit';
+            }
             fs.writeFileSync(GEMINI_CONFIG, JSON.stringify(geminiConfig, null, 2));
             if (geminiExisted) {
                 await logp(`  ${green('✓')} Updated Delimit paths in Gemini CLI config`);
@@ -1359,24 +1362,38 @@ function upsertDelimitSection(filePath) {
         return { action: 'created' };
     }
 
-    const existing = fs.readFileSync(filePath, 'utf-8');
-
-    // Check if managed markers already exist
-    const startMarkerRe = /<!-- delimit:start[^>]*-->/;
-    const endMarker = '<!-- delimit:end -->';
-    const hasStart = startMarkerRe.test(existing);
-    const hasEnd = existing.includes(endMarker);
+    const rawExisting = fs.readFileSync(filePath, 'utf-8');
+    // Strip a UTF-8 BOM if present so the start-of-line anchor still matches
+    // the very first line of the file. We write back the stripped form to keep
+    // serialization deterministic.
+    const existing = rawExisting.replace(/^\uFEFF/, '');
+
+    // Check if managed markers already exist.
+    // Markers MUST be on their own line — anchored with the multiline flag — so
+    // that documentation prose that quotes the markers (e.g. inside backticks,
+    // bullets, or blockquotes) does NOT get mistaken for a real managed section.
+    // The v4.1.49 unanchored regex caused exactly this clobber on /root/CLAUDE.md.
+    // We allow optional leading horizontal whitespace ([ \t]*) so genuinely
+    // indented markers still match, but NOT a leading "- ", "> ", "`", "*", etc.
+    const startMarkerRe = /^[ \t]*<!-- delimit:start[^>]*-->[ \t]*$/m;
+    const endMarkerRe = /^[ \t]*<!-- delimit:end -->[ \t]*$/m;
+    const startMatch = existing.match(startMarkerRe);
+    const endMatch = existing.match(endMarkerRe);
+    const hasStart = !!startMatch;
+    const hasEnd = !!endMatch;
 
     if (hasStart && hasEnd) {
-        // Extract current version from the marker
-        const versionMatch = existing.match(/<!-- delimit:start v([^ ]+) -->/);
+        // Extract current version from the marker (also anchored, allows indent)
+        const versionMatch = existing.match(/^[ \t]*<!-- delimit:start v([^ ]+) -->[ \t]*$/m);
         const currentVersion = versionMatch ? versionMatch[1] : '';
         if (currentVersion === version) {
             return { action: 'unchanged' };
         }
         // Replace only the managed region — preserve content above/below
-        const before = existing.substring(0, existing.search(startMarkerRe));
-        const after = existing.substring(existing.indexOf(endMarker) + endMarker.length);
+        const startIdx = startMatch.index;
+        const endIdx = endMatch.index + endMatch[0].length;
+        const before = existing.substring(0, startIdx);
+        const after = existing.substring(endIdx);
         fs.writeFileSync(filePath, before + newSection + after);
         return { action: 'updated' };
     }

package/gateway/ai/backends/gateway_core.py

@@ -23,11 +23,10 @@ if str(GATEWAY_ROOT) not in sys.path:
 
 
 def _load_specs(spec_path: str) -> Dict[str, Any]:
-    """Load an API spec (OpenAPI or JSON Schema) from a file path.
+    """Load an OpenAPI spec from a file path.
 
     Performs a non-fatal version compatibility check (LED-290) so that
     unknown OpenAPI versions log a warning instead of silently parsing.
-    JSON Schema documents skip the OpenAPI version assert.
     """
     import yaml
 
@@ -42,146 +41,15 @@ def _load_specs(spec_path: str) -> Dict[str, Any]:
         spec = json.loads(content)
 
     # LED-290: warn (non-fatal) if version is outside the validated set.
-    # Only applies to OpenAPI/Swagger documents — bare JSON Schema files
-    # have no "openapi"/"swagger" key and would otherwise trip the assert.
     try:
-        if isinstance(spec, dict) and ("openapi" in spec or "swagger" in spec):
-            from core.openapi_version import assert_supported
-            assert_supported(spec, strict=False)
+        from core.openapi_version import assert_supported
+        assert_supported(spec, strict=False)
     except Exception as exc:  # pragma: no cover -- defensive only
         logger.debug("openapi version check skipped: %s", exc)
 
     return spec
 
 
-# ---------------------------------------------------------------------------
-# LED-713: JSON Schema spec-type dispatch helpers
-# ---------------------------------------------------------------------------
-
-
-def _spec_type(doc: Any) -> str:
-    """Classify a loaded spec doc. 'openapi' or 'json_schema'."""
-    from core.spec_detector import detect_spec_type
-    t = detect_spec_type(doc)
-    # Fallback to openapi for unknown so we never break existing flows.
-    return "json_schema" if t == "json_schema" else "openapi"
-
-
-def _json_schema_changes_to_dicts(changes: List[Any]) -> List[Dict[str, Any]]:
-    return [
-        {
-            "type": c.type.value,
-            "path": c.path,
-            "message": c.message,
-            "is_breaking": c.is_breaking,
-            "details": c.details,
-        }
-        for c in changes
-    ]
-
-
-def _json_schema_semver(changes: List[Any]) -> Dict[str, Any]:
-    """Build an OpenAPI-compatible semver result from JSON Schema changes.
-
-    Mirrors core.semver_classifier.classify_detailed shape so downstream
-    consumers (PR comment, CI formatter, ledger) don't need to branch.
-    """
-    breaking = [c for c in changes if c.is_breaking]
-    non_breaking = [c for c in changes if not c.is_breaking]
-    if breaking:
-        bump = "major"
-    elif non_breaking:
-        bump = "minor"
-    else:
-        bump = "none"
-    return {
-        "bump": bump,
-        "is_breaking": bool(breaking),
-        "counts": {
-            "breaking": len(breaking),
-            "non_breaking": len(non_breaking),
-            "total": len(changes),
-        },
-    }
-
-
-def _bump_semver_version(current: str, bump: str) -> Optional[str]:
-    """Minimal semver bump for JSON Schema path (core.semver_classifier
-    only understands OpenAPI ChangeType enums)."""
-    if not current:
-        return None
-    try:
-        parts = current.lstrip("v").split(".")
-        major, minor, patch = (int(parts[0]), int(parts[1]), int(parts[2]))
-    except Exception:
-        return None
-    if bump == "major":
-        return f"{major + 1}.0.0"
-    if bump == "minor":
-        return f"{major}.{minor + 1}.0"
-    if bump == "patch":
-        return f"{major}.{minor}.{patch + 1}"
-    return current
-
-
-def _run_json_schema_lint(
-    old_doc: Dict[str, Any],
-    new_doc: Dict[str, Any],
-    current_version: Optional[str] = None,
-    api_name: Optional[str] = None,
-) -> Dict[str, Any]:
-    """Build an evaluate_with_policy-compatible result for JSON Schema.
-
-    Policy rules in Delimit are defined against OpenAPI ChangeType values,
-    so they do not apply here. We return zero violations and rely on the
-    breaking-change count + semver bump to drive the governance gate.
-    """
-    from core.json_schema_diff import JSONSchemaDiffEngine
-
-    engine = JSONSchemaDiffEngine()
-    changes = engine.compare(old_doc, new_doc)
-    semver = _json_schema_semver(changes)
-
-    if current_version:
-        semver["current_version"] = current_version
-        semver["next_version"] = _bump_semver_version(current_version, semver["bump"])
-
-    breaking_count = semver["counts"]["breaking"]
-    total = semver["counts"]["total"]
-
-    decision = "pass"
-    exit_code = 0
-    # No policy rules apply to JSON Schema, but breaking changes still
-    # flag MAJOR semver and the downstream gate uses that to block.
-    # Mirror the shape of evaluate_with_policy so the action/CLI renderers
-    # need no JSON Schema-specific branch.
-    result: Dict[str, Any] = {
-        "spec_type": "json_schema",
-        "api_name": api_name or new_doc.get("title") or old_doc.get("title") or "JSON Schema",
-        "decision": decision,
-        "exit_code": exit_code,
-        "violations": [],
-        "summary": {
-            "total_changes": total,
-            "breaking_changes": breaking_count,
-            "violations": 0,
-            "errors": 0,
-            "warnings": 0,
-        },
-        "all_changes": [
-            {
-                "type": c.type.value,
-                "path": c.path,
-                "message": c.message,
-                "is_breaking": c.is_breaking,
-            }
-            for c in changes
-        ],
-        "semver": semver,
-    }
-    return result
-
-
 def _read_jsonl(path: Path) -> List[Dict[str, Any]]:
     """Read JSONL entries from a file, skipping malformed lines."""
     items: List[Dict[str, Any]] = []
@@ -247,51 +115,29 @@ def run_lint(old_spec: str, new_spec: str, policy_file: Optional[str] = None) ->
     """Run the full lint pipeline: diff + policy evaluation.
 
     This is the Tier 1 primary tool — combines diff detection with
-    policy enforcement into a single pass/fail decision. Auto-detects
-    spec type (OpenAPI vs JSON Schema, LED-713) and dispatches to the
-    matching engine.
+    policy enforcement into a single pass/fail decision.
     """
     from core.policy_engine import evaluate_with_policy
 
     old = _load_specs(old_spec)
     new = _load_specs(new_spec)
 
-    # LED-713: JSON Schema dispatch. Policy rules are OpenAPI-specific,
-    # so JSON Schema takes the no-policy (breaking-count + semver) path.
-    if _spec_type(new) == "json_schema" or _spec_type(old) == "json_schema":
-        return _run_json_schema_lint(old, new)
-
     return evaluate_with_policy(old, new, policy_file)
 
 
 def run_diff(old_spec: str, new_spec: str) -> Dict[str, Any]:
-    """Run diff engine only — no policy evaluation.
+    """Run diff engine only — no policy evaluation."""
+    from core.diff_engine_v2 import OpenAPIDiffEngine
 
-    Auto-detects OpenAPI vs JSON Schema and dispatches (LED-713).
-    """
     old = _load_specs(old_spec)
     new = _load_specs(new_spec)
 
-    if _spec_type(new) == "json_schema" or _spec_type(old) == "json_schema":
-        from core.json_schema_diff import JSONSchemaDiffEngine
-        engine = JSONSchemaDiffEngine()
-        changes = engine.compare(old, new)
-        breaking = [c for c in changes if c.is_breaking]
-        return {
-            "spec_type": "json_schema",
-            "total_changes": len(changes),
-            "breaking_changes": len(breaking),
-            "changes": _json_schema_changes_to_dicts(changes),
-        }
-
-    from core.diff_engine_v2 import OpenAPIDiffEngine
     engine = OpenAPIDiffEngine()
     changes = engine.compare(old, new)
 
     breaking = [c for c in changes if c.is_breaking]
 
     return {
-        "spec_type": "openapi",
         "total_changes": len(changes),
         "breaking_changes": len(breaking),
         "changes": [
@@ -318,20 +164,13 @@ def run_changelog(
     Uses the diff engine to detect changes, then formats them into
     a human-readable changelog grouped by category.
     """
+    from core.diff_engine_v2 import OpenAPIDiffEngine
     from datetime import datetime, timezone
 
     old = _load_specs(old_spec)
     new = _load_specs(new_spec)
 
-    # LED-713: dispatch on spec type. JSONSchemaChange / Change share the
-    # (.type.value, .path, .message, .is_breaking) duck type.
-    if _spec_type(new) == "json_schema" or _spec_type(old) == "json_schema":
-        from core.json_schema_diff import JSONSchemaDiffEngine
-        engine = JSONSchemaDiffEngine()
-    else:
-        from core.diff_engine_v2 import OpenAPIDiffEngine
-        engine = OpenAPIDiffEngine()
-
+    engine = OpenAPIDiffEngine()
     changes = engine.compare(old, new)
 
     # Categorize changes
@@ -969,26 +808,14 @@ def run_semver(
     """Classify the semver bump for a spec change.
 
     Returns detailed breakdown: bump level, per-category counts,
-    and optionally the bumped version string. Auto-detects OpenAPI vs
-    JSON Schema (LED-713).
+    and optionally the bumped version string.
     """
-    old = _load_specs(old_spec)
-    new = _load_specs(new_spec)
-
-    # LED-713: JSON Schema path
-    if _spec_type(new) == "json_schema" or _spec_type(old) == "json_schema":
-        from core.json_schema_diff import JSONSchemaDiffEngine
-        engine = JSONSchemaDiffEngine()
-        changes = engine.compare(old, new)
-        result = _json_schema_semver(changes)
-        if current_version:
-            result["current_version"] = current_version
-            result["next_version"] = _bump_semver_version(current_version, result["bump"])
-        return result
-
     from core.diff_engine_v2 import OpenAPIDiffEngine
     from core.semver_classifier import classify_detailed, bump_version, classify
 
+    old = _load_specs(old_spec)
+    new = _load_specs(new_spec)
+
     engine = OpenAPIDiffEngine()
     changes = engine.compare(old, new)
     result = classify_detailed(changes)
@@ -1119,6 +946,7 @@ def run_diff_report(
     """
     from datetime import datetime, timezone
 
+    from core.diff_engine_v2 import OpenAPIDiffEngine
     from core.policy_engine import PolicyEngine
     from core.semver_classifier import classify_detailed, classify
     from core.spec_health import score_spec
@@ -1127,43 +955,6 @@ def run_diff_report(
     old = _load_specs(old_spec)
     new = _load_specs(new_spec)
 
-    # LED-713: JSON Schema dispatch — short-circuit to a minimal report
-    # shape compatible with the JSON renderer (HTML renderer remains
-    # OpenAPI-only; JSON Schema callers should use fmt="json").
-    if _spec_type(new) == "json_schema" or _spec_type(old) == "json_schema":
-        from core.json_schema_diff import JSONSchemaDiffEngine
-        js_engine = JSONSchemaDiffEngine()
-        js_changes = js_engine.compare(old, new)
-        js_breaking = [c for c in js_changes if c.is_breaking]
-        js_semver = _json_schema_semver(js_changes)
-        now_js = datetime.now(timezone.utc)
-        return {
-            "format": fmt,
-            "spec_type": "json_schema",
-            "generated_at": now_js.isoformat(),
-            "old_spec": old_spec,
-            "new_spec": new_spec,
-            "old_title": old.get("title", "") if isinstance(old, dict) else "",
-            "new_title": new.get("title", "") if isinstance(new, dict) else "",
-            "semver": js_semver,
-            "changes": _json_schema_changes_to_dicts(js_changes),
-            "breaking_count": len(js_breaking),
-            "non_breaking_count": len(js_changes) - len(js_breaking),
-            "total_changes": len(js_changes),
-            "policy": {
-                "decision": "pass",
-                "violations": [],
-                "errors": 0,
-                "warnings": 0,
-            },
-            "health": None,
-            "migration": "",
-            "output_file": output_file,
-            "note": "JSON Schema report (policy rules and HTML report are OpenAPI-only in v1)",
-        }
-
-    from core.diff_engine_v2 import OpenAPIDiffEngine
-
     # -- Diff --
     engine = OpenAPIDiffEngine()
     changes = engine.compare(old, new)

package/gateway/ai/backends/repo_bridge.py

@@ -158,80 +158,21 @@ def config_audit(target: str = ".", options: Optional[Dict] = None) -> Dict[str,
 # ─── EvidencePack ───────────────────────────────────────────────────────
 
 def evidence_collect(target: str = ".", options: Optional[Dict] = None) -> Dict[str, Any]:
-    """Collect project evidence: git log, test files, configs, governance data.
-
-    Accepts either a local filesystem path (repo directory) or a remote
-    reference (GitHub URL, owner/repo#N, or any non-filesystem string).
-    Remote targets skip the filesystem walk and store reference metadata.
-    """
-    import re
-    import subprocess
-    import time as _time
-
-    opts = options or {}
-    evidence_type = opts.get("evidence_type", "")
-
-    # Detect non-filesystem targets: URLs, owner/repo#N, bare issue refs, etc.
-    is_remote = (
-        "://" in target
-        or target.startswith("http")
-        or re.match(r"^[\w.-]+/[\w.-]+#\d+$", target) is not None
-        or "#" in target
-    )
-
-    evidence: Dict[str, Any] = {"collected_at": _time.time(), "target": target}
-    if evidence_type:
-        evidence["evidence_type"] = evidence_type
-
-    if is_remote:
-        # Remote/reference target — no filesystem walk, just record metadata.
-        evidence["target_type"] = "remote"
+    """Collect project evidence: git log, test files, configs, governance data."""
+    import subprocess, time as _time
+    root = Path(target).resolve()
+    evidence: Dict[str, Any] = {"collected_at": _time.time(), "target": str(root)}
+    # Git log
+    try:
+        r = subprocess.run(["git", "-C", str(root), "log", "--oneline", "-10"], capture_output=True, text=True, timeout=10)
+        evidence["git_log"] = r.stdout.strip().splitlines() if r.returncode == 0 else []
+    except Exception:
         evidence["git_log"] = []
-        evidence["test_directories"] = []
-        evidence["configs"] = []
-        m = re.match(r"^([\w.-]+)/([\w.-]+)#(\d+)$", target)
-        if m:
-            evidence["repo"] = f"{m.group(1)}/{m.group(2)}"
-            evidence["issue_number"] = int(m.group(3))
-    else:
-        root = Path(target).resolve()
-        evidence["target"] = str(root)
-        evidence["target_type"] = "local"
-
-        if not root.exists():
-            return {
-                "tool": "evidence.collect",
-                "status": "error",
-                "error": "target_not_found",
-                "message": f"Path {root} does not exist. For remote targets, pass a URL or owner/repo#N.",
-                "target": target,
-            }
-
-        # Git log (safe for non-git dirs)
-        try:
-            r = subprocess.run(
-                ["git", "-C", str(root), "log", "--oneline", "-10"],
-                capture_output=True, text=True, timeout=10,
-            )
-            evidence["git_log"] = r.stdout.strip().splitlines() if r.returncode == 0 else []
-        except Exception:
-            evidence["git_log"] = []
-
-        # Test dirs + configs (only if target is a directory)
-        if root.is_dir():
-            test_dirs = [d for d in ["tests", "test", "__tests__", "spec"] if (root / d).exists()]
-            evidence["test_directories"] = test_dirs
-            try:
-                evidence["configs"] = [
-                    f.name for f in root.iterdir()
-                    if f.is_file() and (f.suffix in [".json", ".yaml", ".yml", ".toml"] or f.name.startswith("."))
-                ]
-            except (PermissionError, OSError):
-                evidence["configs"] = []
-        else:
-            evidence["test_directories"] = []
-            evidence["configs"] = []
-
+    # Test files
+    test_dirs = [d for d in ["tests", "test", "__tests__", "spec"] if (root / d).exists()]
+    evidence["test_directories"] = test_dirs
+    # Configs
+    evidence["configs"] = [f.name for f in root.iterdir() if f.is_file() and (f.suffix in [".json", ".yaml", ".yml", ".toml"] or f.name.startswith("."))]
     # Save bundle
     ev_dir = Path(os.environ.get("DELIMIT_HOME", str(Path.home() / ".delimit"))) / "evidence"
     ev_dir.mkdir(parents=True, exist_ok=True)
@@ -239,13 +180,8 @@ def evidence_collect(target: str = ".", options: Optional[Dict] = None) -> Dict[
     bundle_path = ev_dir / f"{bundle_id}.json"
     evidence["bundle_id"] = bundle_id
     bundle_path.write_text(json.dumps(evidence, indent=2))
-    return {
-        "tool": "evidence.collect",
-        "status": "ok",
-        "bundle_id": bundle_id,
-        "bundle_path": str(bundle_path),
-        "summary": {k: len(v) if isinstance(v, list) else v for k, v in evidence.items()},
-    }
+    return {"tool": "evidence.collect", "status": "ok", "bundle_id": bundle_id,
+            "bundle_path": str(bundle_path), "summary": {k: len(v) if isinstance(v, list) else v for k, v in evidence.items()}}
 
 
 def evidence_verify(bundle_id: Optional[str] = None, bundle_path: Optional[str] = None, options: Optional[Dict] = None) -> Dict[str, Any]:

package/gateway/core/spec_detector.py

@@ -3,7 +3,7 @@ Automatic OpenAPI specification detector for zero-config installation.
 """
 
 import os
-from typing import Any, List, Optional, Tuple
+from typing import List, Optional, Tuple
 from pathlib import Path
 import yaml
 
@@ -77,7 +77,7 @@ class SpecDetector:
         """Check if file is a valid OpenAPI specification."""
         if not file_path.is_file():
             return False
-
+        
         try:
             with open(file_path, 'r') as f:
                 data = yaml.safe_load(f)
@@ -86,66 +86,26 @@ class SpecDetector:
                     return 'openapi' in data or 'swagger' in data
         except:
             return False
-
+        
         return False
-
+    
     def get_default_specs(self) -> Tuple[Optional[str], Optional[str]]:
         """
         Get default old_spec and new_spec for auto-detection.
-
+        
         Returns:
             (old_spec, new_spec): Paths or None if not found
         """
         specs, _ = self.detect_specs()
-
+        
         if len(specs) == 0:
             return None, None
-
+        
         # Use the first found spec as both old and new (baseline mode)
         default_spec = specs[0]
         return default_spec, default_spec
 
 
-def detect_spec_type(doc: Any) -> str:
-    """Classify a parsed spec document for engine dispatch (LED-713).
-
-    Returns:
-        "openapi"      — OpenAPI 3.x / Swagger 2.x (route to OpenAPIDiffEngine)
-        "json_schema"  — bare JSON Schema Draft 4+ (route to JSONSchemaDiffEngine)
-        "unknown"      — no recognized markers
-    """
-    if not isinstance(doc, dict):
-        return "unknown"
-    if "openapi" in doc or "swagger" in doc or "paths" in doc:
-        return "openapi"
-    # JSON Schema markers: $schema URL, top-level definitions, or ref-shim root
-    schema_url = doc.get("$schema")
-    if isinstance(schema_url, str) and "json-schema.org" in schema_url:
-        return "json_schema"
-    if isinstance(doc.get("definitions"), dict):
-        return "json_schema"
-    ref = doc.get("$ref")
-    if isinstance(ref, str) and ref.startswith("#/definitions/"):
-        return "json_schema"
-    return "unknown"
-
-
-def get_diff_engine(doc: Any):
-    """Factory: return the right diff engine instance for a parsed doc.
-
-    Callers: action.yml inline Python, policy_engine, npm-delimit api-engine.
-    The returned engine exposes .compare(old, new) -> List[Change].
-    """
-    spec_type = detect_spec_type(doc)
-    if spec_type == "json_schema":
-        from .json_schema_diff import JSONSchemaDiffEngine
-        return JSONSchemaDiffEngine()
-    # Default to OpenAPI for "openapi" and "unknown" (back-compat: existing
-    # specs without explicit markers still hit the OpenAPI engine)
-    from .diff_engine_v2 import OpenAPIDiffEngine
-    return OpenAPIDiffEngine()
-
-
 def auto_detect_specs(root_path: str = ".") -> dict:
     """
     Main entry point for spec auto-detection.