delimit-cli 4.4.0 → 4.5.1

package/gateway/ai/server.py

@@ -2095,6 +2095,7 @@ def delimit_memory_store(
     content: str,
     tags: Optional[Union[str, List[str]]] = None,
     context: Optional[str] = None,
+    hot_load: bool = False,
 ) -> Dict[str, Any]:
     """Store a memory entry for future retrieval.
 
@@ -2105,6 +2106,12 @@ def delimit_memory_store(
         content: The content to remember.
         tags: Optional categorization tags.
         context: Optional context about when/why this was stored.
+        hot_load: LED-1165 Phase 2 #5: when True, mark the entry for
+            one-way projection into the Claude Code auto-memory
+            `MEMORY.md` hot-load index. Existing entries default to False
+            (durable in delimit_memory, not projected). The projection
+            writer that consumes this flag is shipped separately as PR-B;
+            this PR only persists the flag.
     """
     # LED-193: memory_store is now free (basic store)
     try:
@@ -2112,7 +2119,10 @@ def delimit_memory_store(
     except ValueError as e:
         return _with_next_steps("memory_store", {"error": str(e)})
     from backends.memory_bridge import store
-    return _with_next_steps("memory_store", _safe_call(store, content=content, tags=tags, context=context))
+    return _with_next_steps(
+        "memory_store",
+        _safe_call(store, content=content, tags=tags, context=context, hot_load=hot_load),
+    )
 
 
 @mcp.tool()
@@ -2129,6 +2139,50 @@ def delimit_memory_recent(limit: int = 5) -> Dict[str, Any]:
     return _with_next_steps("memory_recent", _safe_call(get_recent, limit=limit))
 
 
+@mcp.tool()
+def delimit_memory_index(
+    target_path: str = "",
+    dry_run: bool = False,
+    limit: int = 200,
+) -> Dict[str, Any]:
+    """Project delimit_memory hot entries into Claude Code's MEMORY.md.
+
+    LED-1165 Phase 2 #5 PR-B. One-way projection of all delimit_memory
+    entries flagged `hot_load=True` into a managed section of the
+    target Markdown file. Lets Claude Code see hot entries on session
+    start without making delimit_memory dependent on Anthropic's
+    auto-memory format.
+
+    Behavior:
+      - If target_path's file has `<!-- delimit:start -->` /
+        `<!-- delimit:end -->` markers, ONLY the content between them
+        is replaced. Anything outside the markers is preserved.
+      - If markers are missing, the managed section is APPENDED to the
+        end of the file (existing content is never touched).
+      - If the file doesn't exist, it's created with just the section.
+      - **One-way projection only.** Reading MEMORY.md back into
+        delimit_memory is explicitly out of scope (Anthropic owns the
+        auto-memory format; format-drift risk).
+
+    Args:
+        target_path: file to write. Empty = default
+            ~/.claude/projects/-root/memory/MEMORY.md.
+        dry_run: True returns the rendered content size without writing.
+        limit: cap on entries projected. Default 200.
+
+    Returns:
+        {target, dry_run, entries, wrote_chars or would_write_chars,
+         had_existing_block, had_existing_file, preserved_user_content}
+    """
+    from backends.memory_bridge import project_to_memory_md
+    from pathlib import Path
+    target = Path(target_path) if target_path else None
+    return _with_next_steps(
+        "memory_index",
+        _safe_call(project_to_memory_md, target_path=target, dry_run=dry_run, limit=limit),
+    )
+
+
 # ─── Vault ──────────────────────────────────────────────────────────────
 
 @mcp.tool()
@@ -5463,26 +5517,309 @@ def delimit_ledger_done(item_id: str, note: str = "", venture: str = "") -> Dict
     return _with_next_steps("ledger_done", result)
 
 
+@mcp.tool()
+def delimit_ledger_bulk(
+    item_ids: str,
+    action: str,
+    dry_run: bool = True,
+    note: str = "",
+    new_status: str = "",
+    new_priority: str = "",
+    tag: str = "",
+    venture: str = "",
+) -> Dict[str, Any]:
+    """Apply one action to many ledger items in a single call.
+
+    LED-1145 Phase 1 PR-B. Default `dry_run=True` returns what would change
+    without writing — callers must explicitly pass `dry_run=False` to apply.
+    Per-item failures don't block other items in the batch.
+
+    Allowed actions:
+      - archive         -> sets status="archived" (soft, replay-preserving)
+      - mark_done       -> sets status="done"
+      - cancel          -> sets status="cancelled"
+      - set_status      -> sets status to `new_status`
+                           (one of open/in_progress/blocked/done/cancelled/archived/completed)
+      - set_priority    -> sets priority to `new_priority`
+                           (one of P0/P1/P2/P3)
+      - add_tag         -> appends `tag` if not already present (idempotent)
+
+    NO hard delete. Items remain in the append-only JSONL forever; archive is
+    a status transition that can be reversed via set_status.
+
+    Args:
+        item_ids: comma-separated LED ids (e.g. "LED-915,LED-916,LED-918")
+            or a JSON array of strings.
+        action: one of the actions above.
+        dry_run: True (default) returns `would_change`; False applies and
+            returns `changed`.
+        note: optional note attached to every successful update event.
+        new_status: required when action="set_status".
+        new_priority: required when action="set_priority".
+        tag: required when action="add_tag".
+        venture: project name or path. Auto-detects if empty.
+    """
+    from ai.ledger_manager import bulk_action
+    project = _resolve_venture(venture)
+    result = bulk_action(
+        item_ids=item_ids,
+        action=action,
+        dry_run=dry_run,
+        note=note or None,
+        new_status=new_status or None,
+        new_priority=new_priority or None,
+        tag=tag or None,
+        project_path=project,
+    )
+    return _with_next_steps("ledger_bulk", result)
+
+
+@mcp.tool()
+def delimit_ledger_auto_close_external(
+    venture: str = "",
+    dry_run: bool = True,
+    max_items: int = 200,
+) -> Dict[str, Any]:
+    """Walk open ledger items, find ones linked to a GitHub issue/PR, and
+    close LEDs whose external counterpart already resolved.
+
+    LED-1145 Phase 2 #1. Fixes the "ledger drifts from external reality"
+    problem (e.g., LED-1023 stayed open even though goharbor/harbor#23089
+    merged 16 days earlier).
+
+    Detection scans description / context / last_note / tags for:
+      - https://github.com/<owner>/<repo>/(issues|pull)/<num>
+      - <owner>/<repo>#<num>  (short form)
+      - gh:<owner>/<repo>/<num>  (explicit tag form)
+
+    Action map (per LED-1146 deliberation):
+      - PR with merged=true → mark_done with merge SHA in note
+      - issue/PR closed with state_reason="completed" → mark_done with closed_at
+      - issue/PR closed with state_reason="not_planned" or no reason → archive
+      - state="open" → leave alone
+      - gh API error / 404 → leave alone, recorded in `errors`
+
+    Implementation re-uses bulk_action() under the hood; nothing new on the
+    write path. dry_run=True (default) returns a plan; dry_run=False applies.
+
+    Args:
+        venture: project name or path. Auto-detects if empty.
+        dry_run: True (default) returns a plan without writing.
+        max_items: hard cap on items processed in one call (default 200).
+            When the candidate set exceeds this, the response is `truncated=True`.
+    """
+    from ai.ledger_manager import auto_close_linked_external
+    project = _resolve_venture(venture)
+    result = auto_close_linked_external(
+        project_path=project,
+        dry_run=dry_run,
+        max_items=max_items,
+    )
+    return _with_next_steps("ledger_auto_close_external", result)
+
+
+@mcp.tool()
+def delimit_ledger_groom(
+    venture: str = "",
+    stale_days: int = 30,
+    dup_min_count: int = 3,
+    max_per_category: int = 50,
+) -> Dict[str, Any]:
+    """Read-only grooming proposal: surfaces stale, duplicate, and
+    garbage-venture items for the founder to review.
+
+    LED-1145 Phase 2 #2. Risky operations (mass-cancellation, dedup-merge)
+    must NOT be a single atomic action — this tool only PROPOSES; the
+    founder applies via `delimit_ledger_bulk` after review. Each proposal
+    in the response includes a copy-pasteable `ready_to_apply` invocation.
+
+    Categories detected:
+      - stale_open: status open|in_progress|blocked AND updated_at older
+        than `stale_days`. Suggested action: archive.
+      - duplicate_titles: groups of >= `dup_min_count` items sharing the
+        same normalised title prefix (50 chars, [BRACKETED] prefixes
+        stripped, lowercased). Suggested: keep the most-recent item;
+        archive the others.
+      - garbage_venture: items in tmp* / test_* / venture_<letter> /
+        custom-venture buckets. Suggested action: archive.
+
+    Categories NOT detected here (separate tools / future PRs):
+      - linked-external resolved → use `delimit_ledger_auto_close_external`
+      - P0 inflation review
+      - cross-venture orphan cleanup
+
+    Args:
+        venture: project name or path. Auto-detects if empty.
+        stale_days: threshold for stale_open detector (default 30).
+        dup_min_count: minimum group size for duplicate_titles (default 3).
+        max_per_category: cap per category in the response (default 50).
+    """
+    from ai.ledger_manager import groom_proposal
+    project = _resolve_venture(venture)
+    result = groom_proposal(
+        project_path=project,
+        stale_days=stale_days,
+        dup_min_count=dup_min_count,
+        max_per_category=max_per_category,
+    )
+    return _with_next_steps("ledger_groom", result)
+
+
+@mcp.tool()
+def delimit_ledger_auto_cancel_stale(
+    venture: str = "",
+    threshold_days: int = 0,
+    dry_run: bool = True,
+    max_items: int = 200,
+) -> Dict[str, Any]:
+    """Auto-archive open ledger items dormant past the stale-TTL threshold.
+
+    LED-1145 Phase 2 #4. Composes the stale-detector logic with
+    `bulk_action(action="archive")` from Phase 1 PR-B. Same dry_run-default
+    safety pattern as `delimit_ledger_auto_close_external` — caller passes
+    `dry_run=False` to apply.
+
+    Distinct from `delimit_ledger_groom`'s stale_open category:
+      - The threshold is stricter (default 60 days vs groom's 30)
+      - It auto-applies on dry_run=False (groom is purely propose)
+      - Intended for nightly automation / scripted cleanup
+
+    Items go through bulk_action(archive) so the no-hard-delete invariant
+    is preserved — the JSONL append-only log keeps the full record.
+
+    Args:
+        venture: Project name or path. Auto-detects if empty.
+        threshold_days: dormancy threshold in days. 0 = read default
+            (60 from STALE_TTL_DEFAULT_DAYS or DELIMIT_STALE_TTL_DAYS env).
+            Pass an int to override.
+        dry_run: True (default) returns the plan; False applies via
+            bulk_action(archive).
+        max_items: cap items processed per call. When the candidate list
+            exceeds this, response includes truncated=True so the caller
+            can run again to drain.
+    """
+    from ai.ledger_manager import auto_cancel_stale
+    project = _resolve_venture(venture)
+    threshold = threshold_days if threshold_days > 0 else None
+    result = auto_cancel_stale(
+        project_path=project,
+        threshold_days=threshold,
+        dry_run=dry_run,
+        max_items=max_items,
+    )
+    return _with_next_steps("ledger_auto_cancel_stale", result)
+
+
+@mcp.tool()
+def delimit_ledger_health(
+    venture: str = "",
+    stale_days: int = 30,
+    dup_min_count: int = 3,
+) -> Dict[str, Any]:
+    """One-shot ledger health check — composes list_items + groom_proposal
+    + the P0 quota helper into a single traffic-light verdict and a list
+    of concrete next actions.
+
+    LED-1145 capstone — closes the loop on the entire ledger-tooling
+    refactor. Designed for nightly/weekly review or session-start status
+    snapshot. Returns:
+      - totals (unresolved / open / in_progress / blocked)
+      - p0 (count vs quota + health)
+      - stale (count >stale_days + health)
+      - duplicates (group count + total items + health)
+      - garbage_venture (count + health)
+      - overall_health (worst-of: green / yellow / red)
+      - next_actions: pre-formatted list of {reason, tool, args, follow_up}
+
+    All Phase 1+2 tools are referenced in the suggested actions, so the
+    response is self-contained for an AI agent that wants to act on it.
+
+    Args:
+        venture: project name or path. Auto-detects if empty.
+        stale_days: stale-detector threshold passed to groom_proposal.
+        dup_min_count: duplicate-detector threshold passed to groom_proposal.
+    """
+    from ai.ledger_manager import health_summary
+    project = _resolve_venture(venture)
+    result = health_summary(
+        project_path=project,
+        stale_days=stale_days,
+        dup_min_count=dup_min_count,
+    )
+    return _with_next_steps("ledger_health", result)
+
+
 @mcp.tool()
 def delimit_ledger_list(
     venture: str = "",
     ledger: str = "both",
     status: str = "",
     priority: str = "",
+    status_in: str = "",
+    priority_in: str = "",
+    tags_contains_all: str = "",
+    text: str = "",
+    linked_external_id: str = "",
+    created_before: str = "",
+    created_after: str = "",
+    updated_before: str = "",
+    updated_after: str = "",
+    sort: str = "updated_at",
+    order: str = "desc",
+    fields: str = "",
     limit: int = 20,
+    cursor: str = "",
 ) -> Dict[str, Any]:
     """List ledger items for a venture/project.
 
+    LED-1145 Phase 1 PR-A: extended with multi-value filters, sort + projection,
+    and cursor pagination. Single-value `status` / `priority` remain for
+    backward compatibility — old callers continue to work unchanged.
+
     Args:
         venture: Project name or path. Auto-detects if empty.
-        ledger: "ops", "strategy", or "both".
-        status: Filter by status - "open", "done", "in_progress", or empty for all.
-        priority: Filter by priority - "P0", "P1", "P2", or empty for all.
-        limit: Max items to return.
+        ledger: "ops" | "strategy" | "both".
+        status: single-value status filter (back-compat).
+        priority: single-value priority filter (back-compat).
+        status_in: comma-separated statuses (e.g. "open,blocked,in_progress").
+        priority_in: comma-separated priorities (e.g. "P0,P1").
+        tags_contains_all: comma-separated tags; item must contain ALL.
+        text: case-insensitive substring match against title + description.
+        linked_external_id: substring match in description / tags / context
+            (e.g. a github URL, a Linear ticket id, a Discord thread).
+        created_before / created_after / updated_before / updated_after:
+            ISO-8601 timestamp boundaries (e.g. "2026-04-01T00:00:00Z").
+        sort: "updated_at" | "created_at" | "priority". Default updated_at.
+        order: "asc" | "desc". Default desc.
+        fields: response projection. "" or "*" = full (default, back-compat).
+            "slim" = id+title+status+priority+type+venture+updated_at only.
+            CSV of field names = those only. Unknown field names → ERROR.
+        limit: page size (default 20).
+        cursor: opaque pagination token from a prior call's `next_cursor`.
+            Cursor is invalidated when filters change between calls.
     """
     from ai.ledger_manager import list_items
     project = _resolve_venture(venture)
-    result = list_items(ledger=ledger, status=status or None, priority=priority or None, limit=limit, project_path=project)
+    result = list_items(
+        ledger=ledger,
+        status=status or None,
+        priority=priority or None,
+        status__in=status_in or None,
+        priority__in=priority_in or None,
+        tags__contains_all=tags_contains_all or None,
+        text=text or None,
+        linked_external_id=linked_external_id or None,
+        created_before=created_before or None,
+        created_after=created_after or None,
+        updated_before=updated_before or None,
+        updated_after=updated_after or None,
+        sort=sort,
+        order=order,
+        fields=fields or None,
+        limit=limit,
+        cursor=cursor or None,
+        project_path=project,
+    )
     return _with_next_steps("ledger_list", result)
 
 
@@ -7903,7 +8240,11 @@ def delimit_changelog(old_spec: str = "", new_spec: str = "", format: str = "mar
 def delimit_notify(channel: str = "webhook", message: str = "",
                    webhook_url: str = "", subject: str = "",
                    event_type: str = "", to: str = "",
-                   from_account: str = "") -> Dict[str, Any]:
+                   from_account: str = "",
+                   draft_kind: str = "",
+                   draft_payload: Optional[Union[str, Dict[str, Any]]] = None,
+                   draft_target: Optional[Union[str, Dict[str, Any]]] = None,
+                   led_ref: str = "") -> Dict[str, Any]:
     """Send a notification (Pro).
 
     IMPORTANT - AUTO-TRIGGER RULE:
@@ -7932,9 +8273,80 @@ def delimit_notify(channel: str = "webhook", message: str = "",
             Send to any address - leave empty for default.
         from_account: Sender account key from ~/.delimit/secrets/smtp-all.json
             (e.g. 'notifications@example.com'). Email only.
+
+    Optional inbox-executor binding (LED-1129 Phase 1, no auto-execution yet):
+        draft_kind: One of github_comment, social_post, ledger_done,
+            notify_routing_update, deploy_publish_prevalidated_artifact.
+            When set, registers a signed draft in the local SQLite registry
+            so a future executor can match founder Ship-it replies against it.
+        draft_payload: The action contents (e.g. {"body": "..."} for github_comment).
+            JSON string or dict. Required when draft_kind is set.
+        draft_target: Where the action lands (e.g. {"repo":"x/y","issue":1}).
+            JSON string or dict. Required when draft_kind is set.
+        led_ref: Optional LED-XXXX tag tying the draft to its tracking item.
+            Surfaced in subject-line matching by the executor.
+
+    Returns the notify result. When a draft was registered, also includes
+    a `draft` block: {draft_id, draft_kind, signature, registered}.
     """
     from ai.notify import send_notification
-    return _with_next_steps("notify", _safe_call(
+
+    draft_meta: Optional[Dict[str, Any]] = None
+    if draft_kind:
+        # LED-1129 Phase 1: register a signed draft alongside the email
+        # send. Phase 2 will wire the executor to consume these.
+        try:
+            from ai.inbox_drafts import (
+                DraftKind,
+                insert_draft,
+                sign_draft,
+            )
+
+            # Validate kind against the allowlist enum.
+            try:
+                DraftKind(draft_kind)
+            except ValueError:
+                return _with_next_steps("notify", {
+                    "error": (
+                        f"draft_kind must be one of "
+                        f"{[k.value for k in DraftKind]}; got '{draft_kind}'"
+                    ),
+                })
+
+            # Coerce string args to dicts for callers that pass JSON strings.
+            payload = _coerce_dict_arg(draft_payload, "draft_payload",
+                                        string_key="body") if draft_payload is not None else None
+            target = _coerce_dict_arg(draft_target, "draft_target",
+                                       string_key="target") if draft_target is not None else None
+
+            if payload is None or target is None:
+                return _with_next_steps("notify", {
+                    "error": "draft_kind requires both draft_payload and draft_target",
+                })
+
+            signed = sign_draft(
+                draft_kind=draft_kind,
+                target=target,
+                payload=payload,
+            )
+            insert_draft(signed, led_ref=(led_ref or None))
+            draft_meta = {
+                "draft_id": signed.draft_id,
+                "draft_kind": signed.draft_kind,
+                "signature": signed.signature,
+                "registered": True,
+                "led_ref": led_ref or None,
+            }
+        except Exception as e:
+            # Draft registration must not break the notify itself —
+            # the email still goes out, the draft just isn't tracked.
+            # Log the failure in the response so callers can audit.
+            draft_meta = {
+                "registered": False,
+                "error": f"{type(e).__name__}: {e}",
+            }
+
+    result = _safe_call(
         send_notification,
         channel=channel,
         message=message,
@@ -7943,7 +8355,10 @@ def delimit_notify(channel: str = "webhook", message: str = "",
         event_type=event_type,
         to=to,
         from_account=from_account,
-    ))
+    )
+    if draft_meta is not None:
+        result["draft"] = draft_meta
+    return _with_next_steps("notify", result)
 
 
 @mcp.tool()

package/gateway/core/diff_engine_v2.py

@@ -100,6 +100,14 @@ class OpenAPIDiffEngine:
     
     def _compare_paths(self, old_paths: Dict, new_paths: Dict):
         """Compare API paths/endpoints."""
+        # Defend against malformed specs where `paths` is a list rather
+        # than the spec-required dict (Map[string, PathItem]). Same family
+        # as the Kong-class properties-as-list fix; treat as empty rather
+        # than crashing on `.keys()`.
+        if not isinstance(old_paths, dict):
+            old_paths = {}
+        if not isinstance(new_paths, dict):
+            new_paths = {}
         old_set = set(old_paths.keys())
         new_set = set(new_paths.keys())
         
@@ -133,6 +141,12 @@ class OpenAPIDiffEngine:
 
     def _compare_methods(self, path: str, old_methods: Dict, new_methods: Dict):
         """Compare HTTP methods for an endpoint."""
+        # Same defensive pattern as _compare_paths — methods at a path
+        # MUST be a dict per spec, but malformed inputs see real-world.
+        if not isinstance(old_methods, dict):
+            old_methods = {}
+        if not isinstance(new_methods, dict):
+            new_methods = {}
         old_set = set(m for m in old_methods.keys() if m in self.HTTP_METHODS)
         new_set = set(m for m in new_methods.keys() if m in self.HTTP_METHODS)
         
@@ -327,9 +341,11 @@ class OpenAPIDiffEngine:
             ))
         elif old_body and new_body:
             # Compare content types
-            old_content = old_body.get("content", {})
-            new_content = new_body.get("content", {})
-            
+            raw_old_content = old_body.get("content", {})
+            raw_new_content = new_body.get("content", {})
+            old_content = raw_old_content if isinstance(raw_old_content, dict) else {}
+            new_content = raw_new_content if isinstance(raw_new_content, dict) else {}
+
             for content_type in old_content.keys() & new_content.keys():
                 self._compare_schema_deep(
                     f"{operation_id}:request",
@@ -339,6 +355,11 @@ class OpenAPIDiffEngine:
     
     def _compare_responses(self, operation_id: str, old_responses: Dict, new_responses: Dict):
         """Compare response definitions."""
+        # Defend against malformed specs where `responses` is a list.
+        if not isinstance(old_responses, dict):
+            old_responses = {}
+        if not isinstance(new_responses, dict):
+            new_responses = {}
         old_codes = set(old_responses.keys())
         new_codes = set(new_responses.keys())
         
@@ -360,9 +381,11 @@ class OpenAPIDiffEngine:
             new_resp = new_responses[code]
             
             if "content" in old_resp or "content" in new_resp:
-                old_content = old_resp.get("content", {})
-                new_content = new_resp.get("content", {})
-                
+                raw_old_content = old_resp.get("content", {})
+                raw_new_content = new_resp.get("content", {})
+                old_content = raw_old_content if isinstance(raw_old_content, dict) else {}
+                new_content = raw_new_content if isinstance(raw_new_content, dict) else {}
+
                 for content_type in old_content.keys() & new_content.keys():
                     self._compare_schema_deep(
                         f"{operation_id}:{code}",
@@ -414,10 +437,22 @@ class OpenAPIDiffEngine:
 
         # Compare object properties
         if old_type == "object":
-            old_props = old_schema.get("properties", {})
-            new_props = new_schema.get("properties", {})
-            old_required = set(old_schema.get("required", []))
-            new_required = set(new_schema.get("required", []))
+            raw_old_props = old_schema.get("properties", {})
+            raw_new_props = new_schema.get("properties", {})
+            # Defend against malformed specs where `properties` is a list of
+            # field-objects rather than the spec-required dict (Kong-class:
+            # OpenAPI requires `properties: Map[string, Schema]`, but some
+            # generators emit `properties: [{name: "a", type: "string"}, ...]`).
+            # Treat as empty rather than crashing on `.keys()`.
+            old_props = raw_old_props if isinstance(raw_old_props, dict) else {}
+            new_props = raw_new_props if isinstance(raw_new_props, dict) else {}
+            # Defend against malformed specs where `required` is a bool (legal in
+            # parameter objects but not in object schemas — some real-world specs
+            # leak the parameter-style boolean into nested schemas).
+            raw_old_required = old_schema.get("required", [])
+            raw_new_required = new_schema.get("required", [])
+            old_required = set(raw_old_required) if isinstance(raw_old_required, list) else set()
+            new_required = set(raw_new_required) if isinstance(raw_new_required, list) else set()
 
             # Check removed fields
             for prop in set(old_props.keys()) - set(new_props.keys()):

package/gateway/core/zero_spec/express_extractor.py

@@ -67,7 +67,7 @@ function extractPathParams(routePath) {
   const params = [];
   const re = /:([A-Za-z0-9_]+)/g;
   let m;
-  while ((m = re.exec(routePath)) !== null) {  # nosec B-exec_usage: AST exec of a sandboxed Express route extractor on parsed code
+  while ((m = re.exec(routePath)) !== null) {  // nosec B-exec_usage: AST exec of a sandboxed Express route extractor on parsed code
     params.push(m[1]);
   }
   return params;