delimit-cli 4.3.3 → 4.4.0

package/gateway/ai/content_grounding/schemas/claim.schema.json

@@ -0,0 +1,40 @@
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$id": "https://delimit.ai/schemas/grounding/claim.schema.json",
+  "title": "Claim",
+  "type": "object",
+  "required": ["claim_id", "type", "text", "evidence_refs", "visibility"],
+  "additionalProperties": false,
+  "properties": {
+    "claim_id":     { "type": "string", "pattern": "^CLM-.+" },
+    "type":         { "enum": ["feature", "capability", "incident", "comparative", "adoption", "customer", "aggregate", "roadmap", "process"] },
+    "text":         { "type": "string", "minLength": 1 },
+    "evidence_refs": {
+      "type": "array",
+      "minItems": 1,
+      "items":  { "type": "string", "pattern": "^(LED-|sha256:|git:|attest:|url:).+" }
+    },
+    "visibility":   { "enum": ["public", "internal", "private"] },
+    "inference_rule":         { "type": ["string", "null"] },
+    "inference_rule_version": { "type": ["string", "null"] },
+    "numeric_evidence": {
+      "type": ["object", "null"],
+      "properties": {
+        "value":      { "type": ["number", "string"] },
+        "unit":       { "type": ["string", "null"] },
+        "commit_sha": { "type": "string" }
+      },
+      "required": ["value", "commit_sha"]
+    }
+  },
+  "allOf": [
+    {
+      "if":   { "properties": { "type": { "const": "aggregate" } } },
+      "then": { "required": ["numeric_evidence"] }
+    },
+    {
+      "if":   { "required": ["inference_rule"], "properties": { "inference_rule": { "type": "string" } } },
+      "then": { "required": ["inference_rule_version"] }
+    }
+  ]
+}

package/gateway/ai/content_grounding/schemas/event.schema.json

@@ -0,0 +1,23 @@
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$id": "https://delimit.ai/schemas/grounding/event.schema.json",
+  "title": "GroundedEvent",
+  "type": "object",
+  "required": ["event_id", "type", "date", "venture", "evidence_refs", "visibility"],
+  "additionalProperties": false,
+  "properties": {
+    "event_id":     { "type": "string", "pattern": "^evt-[a-z]+-.+" },
+    "type":         { "enum": ["feature_shipped", "release", "incident", "incident_resolved", "decision", "outreach_event", "attestation", "commit"] },
+    "date":         { "type": "string", "format": "date-time" },
+    "venture":      { "enum": ["delimit", "domainvested", "wirereport", "livetube"] },
+    "evidence_refs": {
+      "type": "array",
+      "minItems": 1,
+      "items":  { "type": "string", "pattern": "^(LED-|sha256:|git:|attest:|url:).+" }
+    },
+    "claims":       { "type": "array", "items": { "$ref": "claim.schema.json" } },
+    "visibility":   { "enum": ["public", "internal", "private"] },
+    "source":       { "type": ["string", "null"] },
+    "raw":          { "type": ["object", "null"] }
+  }
+}

package/gateway/ai/content_grounding/schemas.py

@@ -0,0 +1,276 @@
+"""
+Typed schemas for the content grounding layer (LED-1084 Week 1, A5 + A6).
+
+Design constraints (from 2026-04-24 adversarial rebuttal):
+
+  - Atomic typed claims (not prose arrays). Each claim names its type,
+    carries evidence_refs, has a visibility flag, and optionally names a
+    versioned inference rule.
+  - Hard bans through Week 2: comparative, adoption, customer, and
+    roadmap claim types fail-closed unless the exact text is whitelisted.
+    Aggregate claims require a structured numeric_evidence field linked
+    to a commit SHA.
+  - Evidence refs are strings in a documented namespace:
+      LED-<id>       → ledger item
+      sha256:<hex>   → content hash
+      git:<sha>      → commit SHA on delimit-gateway
+      attest:<id>    → attestation bundle ID (att_…)
+      url:<https…>   → public URL (for outreach events)
+    Unknown prefixes fail-closed.
+
+Back-compat: consumers should import from `ai.content_grounding`
+(re-export) rather than this internal module directly.
+"""
+from __future__ import annotations
+
+from dataclasses import dataclass, field, asdict
+from datetime import datetime
+from enum import Enum
+from typing import Any, Dict, List, Optional, Union
+
+
+class ClaimType(str, Enum):
+    """Atomic claim categories. New types require a schema+validator update."""
+    FEATURE = "feature"            # "Delimit wrap emits a signed attestation"
+    CAPABILITY = "capability"      # "The scanner detects 27 breaking-change types"
+    INCIDENT = "incident"          # "LED-1076 caused 4 false positives"
+    COMPARATIVE = "comparative"    # "Faster than openapi-diff" — BANNED unless whitelisted
+    ADOPTION = "adoption"          # "Used by Harbor" — BANNED unless whitelisted
+    CUSTOMER = "customer"          # "X paid Y for Z" — BANNED unless whitelisted
+    AGGREGATE = "aggregate"        # "134 tests passing" — requires numeric_evidence
+    ROADMAP = "roadmap"            # "We're building X next" — BANNED outright
+    PROCESS = "process"            # "Advisory by default, flip to enforcing"
+
+# Claim types that fail-closed during Week 1/2 hardening unless the exact
+# `text` value is present in the canonical phrase whitelist (A6).
+HARD_BANNED_CLAIM_TYPES: frozenset = frozenset({
+    ClaimType.COMPARATIVE,
+    ClaimType.ADOPTION,
+    ClaimType.CUSTOMER,
+    ClaimType.ROADMAP,
+})
+
+
+class Visibility(str, Enum):
+    """Allowlist, not denylist (per consensus privacy model)."""
+    PUBLIC = "public"      # safe to surface on delimit.ai / social / storyline
+    INTERNAL = "internal"  # founder + ops only
+    PRIVATE = "private"    # customer data, never leaves local ledger
+
+
+class EventType(str, Enum):
+    """Normalized event categories ingested from ledger/attestations/git."""
+    FEATURE_SHIPPED = "feature_shipped"
+    RELEASE = "release"
+    INCIDENT = "incident"
+    INCIDENT_RESOLVED = "incident_resolved"
+    DECISION = "decision"
+    OUTREACH_EVENT = "outreach_event"
+    ATTESTATION = "attestation"
+    COMMIT = "commit"
+
+
+# ---------------------------------------------------------------------------
+# EvidenceRef
+# ---------------------------------------------------------------------------
+
+_VALID_EVIDENCE_PREFIXES: tuple = ("LED-", "sha256:", "git:", "attest:", "url:")
+
+
+@dataclass
+class EvidenceRef:
+    """A single evidence pointer. Deterministic namespace."""
+    ref: str
+
+    def validate(self) -> List[str]:
+        errs: List[str] = []
+        if not self.ref:
+            errs.append("evidence_ref: empty string")
+            return errs
+        if not any(self.ref.startswith(p) for p in _VALID_EVIDENCE_PREFIXES):
+            errs.append(
+                f"evidence_ref: unknown prefix '{self.ref}'. "
+                f"Must start with one of: {_VALID_EVIDENCE_PREFIXES}"
+            )
+        return errs
+
+
+# ---------------------------------------------------------------------------
+# Claim
+# ---------------------------------------------------------------------------
+
+@dataclass
+class Claim:
+    """A typed atomic assertion with evidence.
+
+    Per A5, every claim is an object. Generators may only mention facts
+    whose corresponding Claim has:
+      - type in an allowed set for the target surface
+      - non-empty evidence_refs
+      - visibility compatible with the surface (public for outreach)
+      - optional inference_rule (versioned) if derived rather than direct
+
+    `text` is the exact phrasing allowed. Paraphrases are NOT permitted
+    during Week 1/2 — caller must either reuse `text` verbatim or fail.
+    """
+    claim_id: str
+    type: ClaimType
+    text: str
+    evidence_refs: List[str] = field(default_factory=list)
+    visibility: Visibility = Visibility.INTERNAL
+    inference_rule: Optional[str] = None
+    inference_rule_version: Optional[str] = None
+    numeric_evidence: Optional[Dict[str, Any]] = None  # for AGGREGATE claims
+
+    def validate(self, whitelist: Optional[frozenset] = None) -> List[str]:
+        """Return list of validation errors. Empty = valid."""
+        errs: List[str] = []
+        if not self.claim_id or not self.claim_id.startswith("CLM-"):
+            errs.append(f"claim_id must start with 'CLM-', got '{self.claim_id}'")
+        if not self.text or not self.text.strip():
+            errs.append("text: empty")
+        if not self.evidence_refs:
+            errs.append("evidence_refs: at least one required")
+        else:
+            for ref in self.evidence_refs:
+                errs.extend(EvidenceRef(ref).validate())
+
+        # A6: hard-banned claim types require whitelist match on exact text
+        if self.type in HARD_BANNED_CLAIM_TYPES:
+            allowed = whitelist or frozenset()
+            if self.text not in allowed:
+                errs.append(
+                    f"claim_type '{self.type.value}' is HARD-BANNED in "
+                    f"Week 1/2 unless exact text is whitelisted. "
+                    f"text='{self.text[:80]}...' not in whitelist (size={len(allowed)})"
+                )
+
+        # AGGREGATE claims need structured numeric evidence
+        if self.type == ClaimType.AGGREGATE:
+            if not self.numeric_evidence:
+                errs.append(
+                    "aggregate claim requires numeric_evidence dict with "
+                    "{value, unit, commit_sha} at minimum"
+                )
+            else:
+                for k in ("value", "commit_sha"):
+                    if k not in self.numeric_evidence:
+                        errs.append(f"numeric_evidence missing required key: '{k}'")
+
+        # Inference rules must be versioned
+        if self.inference_rule and not self.inference_rule_version:
+            errs.append(
+                "inference_rule requires inference_rule_version "
+                "(deterministic, versioned, testable)"
+            )
+
+        return errs
+
+    def to_dict(self) -> Dict[str, Any]:
+        d = asdict(self)
+        d["type"] = self.type.value
+        d["visibility"] = self.visibility.value
+        return d
+
+
+# ---------------------------------------------------------------------------
+# GroundedEvent
+# ---------------------------------------------------------------------------
+
+@dataclass
+class GroundedEvent:
+    """One normalized event in the grounding layer.
+
+    Produced by ingesting ledger + attestations + git log. An event
+    carries its own evidence chain and a list of Claims generators
+    may reuse verbatim.
+    """
+    event_id: str
+    type: EventType
+    date: str  # ISO-8601
+    venture: str  # delimit / domainvested / wirereport / livetube
+    evidence_refs: List[str] = field(default_factory=list)
+    claims: List[Claim] = field(default_factory=list)
+    visibility: Visibility = Visibility.INTERNAL
+    source: Optional[str] = None  # where the event was ingested from
+    raw: Optional[Dict[str, Any]] = None  # original record for audit
+
+    def validate(self, whitelist: Optional[frozenset] = None) -> List[str]:
+        errs: List[str] = []
+        if not self.event_id:
+            errs.append("event_id: empty")
+        if not self.date:
+            errs.append("date: empty")
+        else:
+            try:
+                datetime.fromisoformat(self.date.replace("Z", "+00:00"))
+            except ValueError:
+                errs.append(f"date: not ISO-8601: {self.date}")
+        if not self.venture:
+            errs.append("venture: empty")
+        if self.venture not in {"delimit", "domainvested", "wirereport", "livetube"}:
+            errs.append(f"venture: unknown '{self.venture}'")
+        if not self.evidence_refs:
+            errs.append("evidence_refs: at least one required")
+        else:
+            for ref in self.evidence_refs:
+                errs.extend(EvidenceRef(ref).validate())
+        for claim in self.claims:
+            claim_errs = claim.validate(whitelist=whitelist)
+            errs.extend(f"claim {claim.claim_id}: {e}" for e in claim_errs)
+        return errs
+
+    def to_dict(self) -> Dict[str, Any]:
+        return {
+            "event_id": self.event_id,
+            "type": self.type.value,
+            "date": self.date,
+            "venture": self.venture,
+            "evidence_refs": list(self.evidence_refs),
+            "claims": [c.to_dict() for c in self.claims],
+            "visibility": self.visibility.value,
+            "source": self.source,
+            "raw": self.raw,
+        }
+
+
+# ---------------------------------------------------------------------------
+# GroundingIndex
+# ---------------------------------------------------------------------------
+
+@dataclass
+class GroundingIndex:
+    """A point-in-time snapshot of all grounded events for a venture.
+
+    Produced by `build_grounding_index`. Generators consume a filtered
+    view of this index (e.g. `events where visibility='public' and
+    date within last 7 days`).
+    """
+    venture: str
+    built_at: str  # ISO-8601
+    events: List[GroundedEvent] = field(default_factory=list)
+    feature_whitelist: List[str] = field(default_factory=list)
+    canon_version: Optional[str] = None
+
+    def validate(self, whitelist: Optional[frozenset] = None) -> List[str]:
+        errs: List[str] = []
+        if not self.venture:
+            errs.append("venture: empty")
+        if not self.built_at:
+            errs.append("built_at: empty")
+        else:
+            try:
+                datetime.fromisoformat(self.built_at.replace("Z", "+00:00"))
+            except ValueError:
+                errs.append(f"built_at: not ISO-8601: {self.built_at}")
+        for event in self.events:
+            event_errs = event.validate(whitelist=whitelist)
+            errs.extend(f"event {event.event_id}: {e}" for e in event_errs)
+        return errs
+
+    def public_events(self) -> List[GroundedEvent]:
+        """Events safe to surface publicly. Visibility is allowlist."""
+        return [e for e in self.events if e.visibility == Visibility.PUBLIC]
+
+    def events_by_type(self, event_type: EventType) -> List[GroundedEvent]:
+        return [e for e in self.events if e.type == event_type]

package/gateway/ai/content_grounding/telemetry.py

@@ -0,0 +1,221 @@
+"""
+Gate telemetry viewer for LED-1084 week 2 → week 3 transition.
+
+Reads `[social-grounding-gate]` P3 ledger entries and summarizes:
+  - score distribution (min, median, mean, p95, max)
+  - flagged-vs-clean ratio per model
+  - feature-detector status counts (clean / flagged-no-whitelist /
+    flagged-unknown-specifics / error)
+  - recent failing examples for qualitative review
+
+Purpose: the Week 3 decision to flip `enforce_grounding=True` must be
+data-driven. This tool reads the ledger the gate writes and produces a
+snapshot the founder can review to decide the threshold + timing.
+
+Usage:
+    python -m ai.content_grounding.telemetry summary
+    python -m ai.content_grounding.telemetry summary --days 14
+    python -m ai.content_grounding.telemetry samples --n 5
+
+JSON output for piping:
+    python -m ai.content_grounding.telemetry summary --json
+"""
+from __future__ import annotations
+
+import argparse
+import json
+import logging
+import os
+import re
+import statistics
+import sys
+from datetime import datetime, timezone, timedelta
+from pathlib import Path
+from typing import Any, Dict, List, Optional
+
+logger = logging.getLogger("delimit.ai.content_grounding.telemetry")
+
+LEDGER_DIR = Path(os.environ.get("DELIMIT_LEDGER_DIR", str(Path.home() / ".delimit" / "ledger")))
+
+# Parse the structured fields the gate bakes into its description text.
+_SCORE_RE   = re.compile(r"^Score:\s*([0-9.]+)", re.MULTILINE)
+_THRESH_RE  = re.compile(r"threshold:\s*([0-9.]+)", re.IGNORECASE)
+_FEATURE_RE = re.compile(r"^Feature status:\s*(\w+)", re.MULTILINE)
+_MODEL_RE   = re.compile(r"^Model:\s*(\S+)", re.MULTILINE)
+_PLATFORM_RE = re.compile(r"^Platform:\s*(\w+)", re.MULTILINE)
+_VENTURE_RE = re.compile(r"^Venture:\s*(\w+)", re.MULTILINE)
+
+
+def _iter_gate_entries(since: Optional[datetime] = None) -> List[Dict[str, Any]]:
+    """Read every [social-grounding-gate] P3 ledger entry."""
+    entries: List[Dict[str, Any]] = []
+    if not LEDGER_DIR.is_dir():
+        return entries
+    for p in sorted(LEDGER_DIR.glob("*.jsonl")):
+        try:
+            for line in p.read_text(errors="replace").splitlines():
+                line = line.strip()
+                if not line:
+                    continue
+                try:
+                    item = json.loads(line)
+                except json.JSONDecodeError:
+                    continue
+                title = item.get("title", "")
+                if "[social-grounding-gate]" not in title:
+                    continue
+                ts = item.get("created_at") or item.get("timestamp") or ""
+                if since and ts:
+                    try:
+                        dt = datetime.fromisoformat(ts.replace("Z", "+00:00"))
+                        if dt < since:
+                            continue
+                    except ValueError:
+                        pass
+                entries.append(item)
+        except Exception as e:
+            logger.debug("skipping %s: %s", p, e)
+    return entries
+
+
+def _parse_entry(item: Dict[str, Any]) -> Dict[str, Any]:
+    """Extract the structured fields the gate logged in the description."""
+    desc = item.get("description", "")
+    score_m   = _SCORE_RE.search(desc)
+    thresh_m  = _THRESH_RE.search(desc)
+    feat_m    = _FEATURE_RE.search(desc)
+    model_m   = _MODEL_RE.search(desc)
+    platform_m = _PLATFORM_RE.search(desc)
+    venture_m = _VENTURE_RE.search(desc)
+    return {
+        "id":        item.get("id", ""),
+        "timestamp": item.get("created_at") or item.get("timestamp", ""),
+        "score":     float(score_m.group(1)) if score_m else None,
+        "threshold": float(thresh_m.group(1)) if thresh_m else None,
+        "feat_status": feat_m.group(1) if feat_m else None,
+        "model":     model_m.group(1) if model_m else None,
+        "platform":  platform_m.group(1) if platform_m else None,
+        "venture":   venture_m.group(1) if venture_m else None,
+    }
+
+
+def summarize(days: int = 14) -> Dict[str, Any]:
+    """Aggregate stats for the last `days` of gate entries."""
+    since = datetime.now(timezone.utc) - timedelta(days=days)
+    raw = _iter_gate_entries(since=since)
+    parsed = [_parse_entry(e) for e in raw]
+
+    # Score stats (ignore entries with no score)
+    scores = [p["score"] for p in parsed if p["score"] is not None]
+
+    by_model: Dict[str, List[float]] = {}
+    by_feat: Dict[str, int] = {}
+    by_platform: Dict[str, int] = {}
+    for p in parsed:
+        m = p.get("model") or "unknown"
+        by_model.setdefault(m, []).append(p["score"] if p["score"] is not None else 0.0)
+        f = p.get("feat_status") or "unknown"
+        by_feat[f] = by_feat.get(f, 0) + 1
+        plat = p.get("platform") or "unknown"
+        by_platform[plat] = by_platform.get(plat, 0) + 1
+
+    def _stats(vals: List[float]) -> Dict[str, Any]:
+        if not vals:
+            return {"n": 0}
+        return {
+            "n": len(vals),
+            "min": round(min(vals), 3),
+            "median": round(statistics.median(vals), 3),
+            "mean": round(statistics.mean(vals), 3),
+            "p95": round(sorted(vals)[int(len(vals) * 0.95)], 3) if len(vals) > 1 else vals[0],
+            "max": round(max(vals), 3),
+        }
+
+    # Threshold inferred from first entry that has one (default 0.85).
+    threshold = next((p["threshold"] for p in parsed if p["threshold"] is not None), 0.85)
+    pass_count = sum(1 for s in scores if s >= threshold)
+    fail_count = len(scores) - pass_count
+
+    return {
+        "window_days": days,
+        "since": since.isoformat(),
+        "total_entries": len(parsed),
+        "threshold_inferred": threshold,
+        "would_pass_count": pass_count,
+        "would_fail_count": fail_count,
+        "pass_rate": round(pass_count / max(1, len(scores)), 3),
+        "score_stats": _stats(scores),
+        "by_model": {m: _stats(v) for m, v in by_model.items()},
+        "by_feat_status": by_feat,
+        "by_platform": by_platform,
+    }
+
+
+def recent_samples(n: int = 5, days: int = 14) -> List[Dict[str, Any]]:
+    """Return the N most-recent gate entries in parsed form."""
+    since = datetime.now(timezone.utc) - timedelta(days=days)
+    raw = _iter_gate_entries(since=since)
+    # Latest last, so grab from the end
+    return [_parse_entry(e) for e in raw[-n:]]
+
+
+def _print_summary_text(s: Dict[str, Any]) -> None:
+    print(f"Gate telemetry — last {s['window_days']} day(s)")
+    print(f"  total entries: {s['total_entries']}")
+    print(f"  threshold:     {s['threshold_inferred']}")
+    print(f"  pass rate:     {s['pass_rate']:.1%}  ({s['would_pass_count']} pass / {s['would_fail_count']} fail)")
+    ss = s.get("score_stats") or {}
+    if ss.get("n"):
+        print(f"  score stats:   n={ss['n']}  min={ss['min']}  median={ss['median']}  mean={ss['mean']}  p95={ss['p95']}  max={ss['max']}")
+    if s.get("by_feat_status"):
+        print("  feat_status:")
+        for k, v in sorted(s["by_feat_status"].items(), key=lambda kv: -kv[1]):
+            print(f"    {k:12}  {v}")
+    if s.get("by_platform"):
+        print("  by platform:")
+        for k, v in sorted(s["by_platform"].items(), key=lambda kv: -kv[1]):
+            print(f"    {k:10}  {v}")
+    if s.get("by_model"):
+        print("  by model:")
+        for m, st in s["by_model"].items():
+            if st.get("n"):
+                print(f"    {m:16}  n={st['n']}  median={st['median']}  mean={st['mean']}")
+
+
+def _main() -> int:
+    parser = argparse.ArgumentParser(prog="ai.content_grounding.telemetry")
+    sub = parser.add_subparsers(dest="cmd", required=True)
+
+    s_sum = sub.add_parser("summary", help="aggregate gate telemetry stats")
+    s_sum.add_argument("--days", type=int, default=14)
+    s_sum.add_argument("--json", action="store_true", help="emit JSON instead of pretty text")
+
+    s_samp = sub.add_parser("samples", help="recent gate entries, parsed")
+    s_samp.add_argument("--days", type=int, default=14)
+    s_samp.add_argument("--n", type=int, default=5)
+    s_samp.add_argument("--json", action="store_true")
+
+    args = parser.parse_args()
+
+    if args.cmd == "summary":
+        s = summarize(days=args.days)
+        if args.json:
+            print(json.dumps(s, indent=2))
+        else:
+            _print_summary_text(s)
+        return 0
+
+    if args.cmd == "samples":
+        samples = recent_samples(n=args.n, days=args.days)
+        if args.json:
+            print(json.dumps(samples, indent=2))
+        else:
+            for s in samples:
+                print(f"- {s['timestamp']}  model={s['model']}  score={s['score']}  feat={s['feat_status']}")
+        return 0
+
+    return 2
+
+
+if __name__ == "__main__":
+    sys.exit(_main())

package/gateway/ai/governance.py

@@ -35,6 +35,95 @@ def _is_test_mode() -> bool:
 logger = logging.getLogger("delimit.governance")
 
 
+# ── STR-183 V2-hardening B-PREREQ-4: non-delegable operation registry ─
+# Per /root/CLAUDE.md "Non-Delegable Decisions" and the 2026-04-07 ruleset-bypass postmortem,
+# these operation classes can never be auto-approved by a generic gate (e.g. "all_gates_passed").
+# Each invocation requires fresh, named-human attestation at gate-entry time.
+# This constant is the code-level encoding of the constitutional boundary.
+# Do not extend this set without an explicit founder-attested deliberation.
+NON_DELEGABLE_OPERATION_CLASSES = frozenset({
+    "ruleset_disable",       # disabling branch protection / repository rulesets
+    "force_push_shared",     # force-push to main, release branches, or floating tags (v1, latest)
+    "account_switch",        # switching gh / git author identity mid-flow
+    "cross_account_ops",     # operating on one org from another org's identity
+    "constitutional_rewrite",  # edits to founder doctrine canon outside managed sections
+    "authority_class_expansion",  # adding a new class of tool / agent / gate
+    "irreversible_capital_commit",  # capital commitments above non-delegable threshold
+    "venture_kill",          # shutting down a Jamsons venture
+    "permission_escalation",  # granting elevated access (sudo, admin, write-as-other)
+    "public_truth_claim",    # public statement / marketing assertion outrunning evidence
+})
+
+
+def is_non_delegable(operation_class: str) -> bool:
+    """Return True iff the operation class is in the non-delegable registry.
+
+    Per the 2026-04-07 postmortem and the V2 pressure-test (STR-183, unanimous round 3),
+    non-delegable operations cannot pass through any "all_gates_passed" mechanism.
+    They require per-invocation founder attestation, checked live at gate entry.
+    """
+    return operation_class in NON_DELEGABLE_OPERATION_CLASSES
+
+
+def require_founder_attestation(operation_class: str, attestation: Optional[Dict[str, Any]] = None) -> Dict[str, Any]:
+    """Fail-closed gate for non-delegable operations.
+
+    Returns a verdict dict. The caller must refuse to proceed unless verdict["allowed"] is True.
+
+    A valid attestation must include:
+      - "founder_id": the named human performing the attestation
+      - "scope": the exact operation being attested (must match operation_class)
+      - "timestamp": ISO-8601 UTC
+      - "evidence_ref": pointer to the evidence (ledger ID, postmortem path, or signed message)
+
+    Pre-approval of a parent plan does NOT extend to non-delegable escalations
+    (2026-04-07 postmortem rule). Each invocation needs its own attestation.
+    """
+    if not is_non_delegable(operation_class):
+        return {"allowed": True, "operation_class": operation_class, "non_delegable": False}
+
+    if not attestation:
+        return {
+            "allowed": False,
+            "operation_class": operation_class,
+            "non_delegable": True,
+            "reason": (
+                f"{operation_class} is non-delegable (STR-183 / 2026-04-07 postmortem). "
+                "Pre-approval of a parent plan does not extend to this operation. "
+                "Per-invocation founder attestation is required."
+            ),
+        }
+
+    required = {"founder_id", "scope", "timestamp", "evidence_ref"}
+    missing = required - set(attestation.keys())
+    if missing:
+        return {
+            "allowed": False,
+            "operation_class": operation_class,
+            "non_delegable": True,
+            "reason": f"Attestation missing required fields: {sorted(missing)}",
+        }
+
+    if attestation["scope"] != operation_class:
+        return {
+            "allowed": False,
+            "operation_class": operation_class,
+            "non_delegable": True,
+            "reason": (
+                f"Attestation scope mismatch: attested for '{attestation['scope']}' "
+                f"but invocation is for '{operation_class}'. The scope of approval is "
+                "the scope stated, not beyond (CLAUDE.md escalation rule)."
+            ),
+        }
+
+    return {
+        "allowed": True,
+        "operation_class": operation_class,
+        "non_delegable": True,
+        "attestation": attestation,
+    }
+
+
 # ── LED-263: Beta CTA for conversion ────────────────────────────────
 # Tools that should show a beta signup prompt on successful results.
 _BETA_CTA_TOOLS = frozenset({"lint", "scan", "activate", "diff", "quickstart"})