delimit-cli 4.5.1 → 4.5.3

package/scripts/postinstall.js

@@ -1,47 +1,96 @@
 #!/usr/bin/env node
 /**
  * Postinstall — anonymous install ping + setup hint.
+ *
+ * v4.5.2 (LED-1188) install hardening:
+ *   - Top-level try/catch ensures NO postinstall failure can ever block
+ *     `npm install delimit-cli`. Per the customer-protection rule in
+ *     /root/.claude/CLAUDE.md, npm publish is a production deploy and a
+ *     postinstall crash on a Pro user's machine is a customer-facing
+ *     incident regardless of root cause.
+ *   - EROFS / EACCES / EPERM / ENOSPC / ENOENT on stdout writes soft-fail
+ *     silently. (Some sandbox installers redirect stdout to a read-only
+ *     pipe.)
+ *   - Network telemetry stays best-effort; no crash if DNS / TLS / proxy
+ *     misbehaves. DELIMIT_NO_TELEMETRY=1 honored as kill switch.
+ *   - Idempotent — re-running install is a no-op, never corrupts state.
+ *     This file does not write to ~/.delimit/; that's bin/delimit-setup.js.
+ *
  * No PII. Silent fail. Never blocks install.
  */
 
-// Print setup hint with quick start
-const v = require('../package.json').version;
-console.log('');
-console.log('  \x1b[1m\x1b[35mDelimit\x1b[0m v' + v + ' installed');
-console.log('');
-console.log('  Quick start:');
-console.log('    \x1b[32mdelimit doctor\x1b[0m        Check your setup, fix what\'s missing');
-console.log('    \x1b[32mdelimit simulate\x1b[0m      Dry-run: see what governance would block');
-console.log('    \x1b[32mdelimit status\x1b[0m        Visual dashboard of your governance posture');
-console.log('    \x1b[32mdelimit setup\x1b[0m         Install MCP governance for AI assistants');
-console.log('');
-console.log('  Docs:       \x1b[36mhttps://delimit.ai/docs\x1b[0m');
-console.log('  Star us:    \x1b[36mhttps://github.com/delimit-ai/delimit-mcp-server\x1b[0m');
-console.log('');
+(function postinstall() {
+    'use strict';
 
-// Anonymous telemetry ping — no PII, just "someone installed"
-try {
-    const https = require('https');
-    const data = JSON.stringify({
-        event: 'install',
-        version: require('../package.json').version,
-        node: process.version,
-        platform: process.platform,
-        arch: process.arch,
-        ts: new Date().toISOString()
-    });
-    const req = https.request({
-        hostname: 'delimit.ai',
-        path: '/api/telemetry',
-        method: 'POST',
-        headers: {
-            'Content-Type': 'application/json',
-            'Content-Length': Buffer.byteLength(data)
-        },
-        timeout: 3000
-    });
-    req.on('error', () => {}); // silent fail
-    req.on('timeout', () => { req.destroy(); });
-    req.write(data);
-    req.end();
-} catch (e) { /* silent fail */ }
+    // --- 1. setup hint ------------------------------------------------------
+    // Wrapped in try/catch because console.log can throw on EPIPE / EBADF
+    // when the parent npm process closed stdout early.
+    let pkg;
+    try {
+        pkg = require('../package.json');
+    } catch (e) {
+        // package.json missing or unreadable — nothing to print, nothing
+        // to ping. This is a partial-install state; let the install
+        // complete so `delimit doctor` can diagnose later.
+        return;
+    }
+    const v = (pkg && pkg.version) || '?';
+
+    function safeLog(msg) {
+        try { process.stdout.write(msg + '\n'); }
+        catch (_) { /* EPIPE / EBADF / EROFS on stdout — give up silently */ }
+    }
+
+    try {
+        safeLog('');
+        safeLog('  \x1b[1m\x1b[35mDelimit\x1b[0m v' + v + ' installed');
+        safeLog('');
+        safeLog('  Quick start:');
+        safeLog('    \x1b[32mdelimit doctor\x1b[0m        Check your setup, fix what\'s missing');
+        safeLog('    \x1b[32mdelimit simulate\x1b[0m      Dry-run: see what governance would block');
+        safeLog('    \x1b[32mdelimit status\x1b[0m        Visual dashboard of your governance posture');
+        safeLog('    \x1b[32mdelimit setup\x1b[0m         Install MCP governance for AI assistants');
+        safeLog('');
+        safeLog('  Docs:       \x1b[36mhttps://delimit.ai/docs\x1b[0m');
+        safeLog('  Star us:    \x1b[36mhttps://github.com/delimit-ai/delimit-mcp-server\x1b[0m');
+        safeLog('');
+    } catch (_) { /* never block install on a print failure */ }
+
+    // --- 2. anonymous install telemetry ------------------------------------
+    // Honor opt-out and corporate proxy environments. The HTTPS request is
+    // silent-fail at every level (DNS / TCP / TLS / write / response).
+    const tele = (process.env.DELIMIT_NO_TELEMETRY || '').toLowerCase();
+    if (tele === '1' || tele === 'true' || tele === 'yes') return;
+
+    try {
+        const https = require('https');
+        const data = JSON.stringify({
+            event: 'install',
+            version: v,
+            node: process.version,
+            platform: process.platform,
+            arch: process.arch,
+            ts: new Date().toISOString()
+        });
+        const req = https.request({
+            hostname: 'delimit.ai',
+            path: '/api/telemetry',
+            method: 'POST',
+            headers: {
+                'Content-Type': 'application/json',
+                'Content-Length': Buffer.byteLength(data)
+            },
+            timeout: 3000
+        });
+        // Catch every error class: ENOTFOUND, ECONNREFUSED, ETIMEDOUT,
+        // CERT_HAS_EXPIRED, EPROTO, etc. None should ever propagate.
+        req.on('error', () => {});
+        req.on('timeout', () => { try { req.destroy(); } catch (_) {} });
+        req.write(data);
+        req.end();
+    } catch (_) { /* silent fail — never block install */ }
+})();
+
+// Outermost guard: even if the IIFE above throws synchronously somehow
+// (require() race, V8 bug, etc), don't propagate a non-zero exit code.
+process.on('uncaughtException', () => { /* swallow */ });

package/adapters/codex-security.js

@@ -1,64 +0,0 @@
-#!/usr/bin/env node
-/**
- * Delimit Security Skill for Codex CLI
- *
- * Validates that Codex-generated code doesn't introduce security anti-patterns.
- * Runs as a security validation skill.
- */
-
-const fs = require('fs');
-const path = require('path');
-
-const SECURITY_PATTERNS = [
-    { pattern: /eval\s*\(/g, severity: 'high', message: 'eval() usage detected — potential code injection' },  // nosec B-eval_usage: regex-pattern DEFINITION string for security scanner
-    { pattern: /exec\s*\(/g, severity: 'medium', message: 'exec() usage — verify input sanitization' },  // nosec B-exec_usage: regex-pattern DEFINITION string for security scanner
-    { pattern: /shell\s*=\s*True/g, severity: 'high', message: 'subprocess with shell=True — command injection risk' },
-    { pattern: /dangerouslySetInnerHTML/g, severity: 'medium', message: 'dangerouslySetInnerHTML — XSS risk' },  // nosec B-dangerous_innerHTML: regex-pattern DEFINITION string
-    { pattern: /password\s*=\s*["'][^"']+["']/gi, severity: 'high', message: 'Hardcoded password detected' },
-    { pattern: /api[_-]?key\s*=\s*["'][A-Za-z0-9]{10,}["']/gi, severity: 'high', message: 'Hardcoded API key detected' },
-];
-
-function checkSecurity(context) {
-    const code = context.code || context.content || '';
-    if (!code) return { status: 'clean', findings: [] };
-
-    const findings = [];
-    for (const { pattern, severity, message } of SECURITY_PATTERNS) {
-        const matches = code.match(pattern);
-        if (matches) {
-            findings.push({ severity, message, count: matches.length });
-        }
-    }
-
-    // Audit
-    try {
-        const auditDir = path.join(process.env.HOME || '', '.delimit', 'audit');
-        fs.mkdirSync(auditDir, { recursive: true });
-        const record = {
-            timestamp: new Date().toISOString(),
-            source: 'codex-security',
-            findings_count: findings.length,
-            high_count: findings.filter(f => f.severity === 'high').length,
-        };
-        const auditFile = path.join(auditDir, `${new Date().toISOString().split('T')[0]}.jsonl`);
-        fs.appendFileSync(auditFile, JSON.stringify(record) + '\n');
-    } catch {}
-
-    const hasHigh = findings.some(f => f.severity === 'high');
-    return {
-        status: hasHigh ? 'flagged' : findings.length > 0 ? 'warnings' : 'clean',
-        findings,
-    };
-}
-
-const context = process.argv[2] ? JSON.parse(process.argv[2]) : {};
-const result = checkSecurity(context);
-
-if (result.status === 'flagged') {
-    for (const f of result.findings) {
-        console.error(`[Delimit Security] ${f.severity.toUpperCase()}: ${f.message}`);
-    }
-    process.exit(1);
-}
-
-process.exit(0);

package/adapters/codex-skill.js

@@ -1,78 +0,0 @@
-#!/usr/bin/env node
-/**
- * Delimit Governance Skill for Codex CLI
- *
- * Runs as a validation skill triggered on pre-code-generation and pre-suggestion.
- * Checks governance state and policy compliance before Codex executes actions.
- */
-
-const fs = require('fs');
-const path = require('path');
-
-const DELIMIT_HOME = path.join(process.env.HOME || '', '.delimit');
-const MODE_FILE = path.join(DELIMIT_HOME, 'enforcement_mode');
-
-function getMode() {
-    try {
-        return fs.readFileSync(MODE_FILE, 'utf-8').trim();
-    } catch {
-        return 'guarded'; // Default
-    }
-}
-
-function checkGovernance(context) {
-    const mode = getMode();
-    const warnings = [];
-
-    // Check if governance is initialized
-    const policiesFile = path.join(process.cwd(), '.delimit', 'policies.yml');
-    if (!fs.existsSync(policiesFile)) {
-        warnings.push('No .delimit/policies.yml — run: delimit init');
-    }
-
-    // Check for sensitive file access
-    const sensitivePatterns = ['.env', 'credentials', '.ssh', 'secrets'];
-    const target = context.target || context.file || '';
-    for (const pattern of sensitivePatterns) {
-        if (target.includes(pattern)) {
-            if (mode === 'enforce') {
-                return { status: 'blocked', reason: `Access to sensitive path: ${target}` };
-            }
-            warnings.push(`Accessing sensitive path: ${target}`);
-        }
-    }
-
-    // Audit log
-    try {
-        const auditDir = path.join(DELIMIT_HOME, 'audit');
-        fs.mkdirSync(auditDir, { recursive: true });
-        const record = {
-            timestamp: new Date().toISOString(),
-            source: 'codex-skill',
-            mode,
-            context: typeof context === 'object' ? JSON.stringify(context).slice(0, 200) : String(context).slice(0, 200),
-            warnings,
-        };
-        const auditFile = path.join(auditDir, `${new Date().toISOString().split('T')[0]}.jsonl`);
-        fs.appendFileSync(auditFile, JSON.stringify(record) + '\n');
-    } catch {}
-
-    return { status: 'allowed', mode, warnings };
-}
-
-// Entry point — read context from stdin or args
-const context = process.argv[2] ? JSON.parse(process.argv[2]) : {};
-const result = checkGovernance(context);
-
-if (result.status === 'blocked') {
-    console.error(`[Delimit] BLOCKED: ${result.reason}`);
-    process.exit(1);
-}
-
-if (result.warnings.length > 0) {
-    for (const w of result.warnings) {
-        console.error(`[Delimit] Warning: ${w}`);
-    }
-}
-
-process.exit(0);

package/gateway/ai/content_grounding/__init__.py

@@ -1,98 +0,0 @@
-"""
-Delimit content grounding layer — LED-1084 Week 1.
-
-Purpose: normalize ledger entries, attestations, and git history into
-evidence-backed `GroundedEvent` records with typed atomic `Claim`s.
-Every downstream generator (blog, social drafter, storyline) consumes
-this layer and MUST NOT fabricate claims that aren't backed by an
-evidence_ref.
-
-Architectural amendments (per 2026-04-24 adversarial rebuttal,
-/home/delimit/delimit-private/strategy/CONTENT_GROUNDING_REBUTTAL_2026_04.md):
-
-  A3. Week 1 is strictly NON-PUBLISHING. Publish endpoints are
-      hard-disabled at the code level (see `_PUBLISH_DISABLED` below).
-  A5. Claims are typed atomic objects with explicit evidence_refs,
-      visibility, and optional versioned inference_rule.
-  A6. Hard bans during Week 1/2: comparative, adoption, customer,
-      aggregate, roadmap claims reject unless exact text whitelisted
-      or (for aggregates) backed by structured numeric evidence.
-  A9. Deterministic extraction gate: extract → classify → map to
-      allowed claim IDs → reject on any unmatched/uncertain claim →
-      persist audit record. All content passes through this gate.
-  A10. One-strike kill semantics: any externally published ungrounded
-      claim reverts ALL generators to manual-only mode.
-
-This module never generates public content. It only produces the
-grounded event + claim records that generators consume.
-"""
-from .schemas import (
-    ClaimType,
-    Visibility,
-    EventType,
-    EvidenceRef,
-    Claim,
-    GroundedEvent,
-    GroundingIndex,
-)
-from .build import (
-    build_grounding_index,
-    load_grounded_events,
-    validate_claims,
-    persist_grounding_index,
-)
-from .consume import (
-    GroundingBundle,
-    fetch_grounding_bundle,
-    build_allowed_claim_set,
-    load_feature_whitelist,
-    unreleased_feature_detector,
-    score_draft_grounding,
-)
-from .features import (
-    build_feature_set,
-    build_and_persist_features,
-    extract_mcp_tools,
-    extract_cli_commands,
-)
-from .telemetry import (
-    summarize as summarize_gate_telemetry,
-    recent_samples as recent_gate_samples,
-)
-
-__all__ = [
-    # schemas
-    "ClaimType",
-    "Visibility",
-    "EventType",
-    "EvidenceRef",
-    "Claim",
-    "GroundedEvent",
-    "GroundingIndex",
-    # build
-    "build_grounding_index",
-    "load_grounded_events",
-    "validate_claims",
-    "persist_grounding_index",
-    # consume (Week 2)
-    "GroundingBundle",
-    "fetch_grounding_bundle",
-    "build_allowed_claim_set",
-    "load_feature_whitelist",
-    "unreleased_feature_detector",
-    "score_draft_grounding",
-    # features whitelist builder (Week 2)
-    "build_feature_set",
-    "build_and_persist_features",
-    "extract_mcp_tools",
-    "extract_cli_commands",
-    # telemetry (Week 2 → Week 3 bridge)
-    "summarize_gate_telemetry",
-    "recent_gate_samples",
-]
-
-# A3: publish paths are OFF. Any attempt to publish grounded content
-# externally during Week 1 raises. Flip to True only after Week 2
-# hardening (claim-type classifiers, implication detection) and explicit
-# founder approval.
-_PUBLISH_DISABLED = True