delimit-cli 4.5.2 → 4.5.4

package/gateway/ai/server.py

@@ -1428,112 +1428,144 @@ def delimit_lint(old_spec: str, new_spec: str, policy_file: Optional[str] = None
     recording evidence, triggering notifications, or enforcing governance.
     Useful for CI preview comments ("what would block") without side effects.
 
+    Spec arguments accept local paths or http(s) URLs. URLs are fetched
+    once into a tempfile (size cap, SSRF guard) and the resolved local
+    path is used for the rest of the pipeline.
+
     Args:
-        old_spec: Path to the old (baseline) OpenAPI spec file.
-        new_spec: Path to the new (proposed) OpenAPI spec file.
+        old_spec: Path or URL to the old (baseline) OpenAPI spec file.
+        new_spec: Path or URL to the new (proposed) OpenAPI spec file.
         policy_file: Optional path to a .delimit/policies.yml file.
         dry_run: If True, return violations without side effects (no evidence, no chains).
     """
     from backends.gateway_core import run_lint, run_semver
+    from ai.remote_resolve import RemoteResolveError, resolve_spec_input
 
-    # Step 1: Core lint
-    lint_result = _safe_call(run_lint, old_spec=old_spec, new_spec=new_spec, policy_file=policy_file)
+    # Resolve any URL inputs up-front. Both contextmanagers share a
+    # single ExitStack so cleanup happens once at the end.
+    import contextlib as _contextlib
+    try:
+        with _contextlib.ExitStack() as stack:
+            old_resolved, old_meta = stack.enter_context(resolve_spec_input(old_spec))
+            new_resolved, new_meta = stack.enter_context(resolve_spec_input(new_spec))
+            resolved_from = [old_meta["resolved_from"], new_meta["resolved_from"]]
+
+            # Step 1: Core lint (against resolved local paths)
+            lint_result = _safe_call(
+                run_lint,
+                old_spec=old_resolved,
+                new_spec=new_resolved,
+                policy_file=policy_file,
+            )
 
-    # Dry-run mode: return raw lint + semver, skip all chains and governance
-    if dry_run:
-        lint_result["dry_run"] = True
-        lint_result["simulated"] = True
-        # Still classify semver (informational, no side effects)
-        semver_result = _safe_call(run_semver, old_spec=old_spec, new_spec=new_spec)
-        if not semver_result.get("error"):
+            # Dry-run mode: return raw lint + semver, skip all chains and governance
+            if dry_run:
+                lint_result["dry_run"] = True
+                lint_result["simulated"] = True
+                # Still classify semver (informational, no side effects)
+                semver_result = _safe_call(run_semver, old_spec=old_resolved, new_spec=new_resolved)
+                if not semver_result.get("error"):
+                    lint_result["semver"] = semver_result
+                lint_result["resolved_from"] = resolved_from
+                return lint_result
+
+            chain: Dict[str, Any] = {"id": "lint_chain", "steps": []}
+
+            if lint_result.get("error"):
+                lint_result["chain"] = chain
+                lint_result["resolved_from"] = resolved_from
+                return _with_next_steps("lint", lint_result)
+
+            # Step 2: Auto-classify semver bump (non-blocking on failure)
+            semver_result = _chain_call("lint", "semver", run_semver,
+                                        required=False, old_spec=old_resolved, new_spec=new_resolved)
+            chain["steps"].append({"step": "semver", "ok": not _chain_is_error(semver_result)})
             lint_result["semver"] = semver_result
-        return lint_result
-
-    chain: Dict[str, Any] = {"id": "lint_chain", "steps": []}
 
-    if lint_result.get("error"):
-        lint_result["chain"] = chain
-        return _with_next_steps("lint", lint_result)
+            if _chain_is_error(semver_result):
+                chain["status"] = "semver_failed_nonfatal"
+                lint_result["chain"] = chain
+                lint_result["resolved_from"] = resolved_from
+                return _with_next_steps("lint", lint_result)
 
-    # Step 2: Auto-classify semver bump (non-blocking on failure)
-    semver_result = _chain_call("lint", "semver", run_semver,
-                                required=False, old_spec=old_spec, new_spec=new_spec)
-    chain["steps"].append({"step": "semver", "ok": not _chain_is_error(semver_result)})
-    lint_result["semver"] = semver_result
+            bump = str(semver_result.get("bump", "")).upper()
 
-    if _chain_is_error(semver_result):
-        chain["status"] = "semver_failed_nonfatal"
-        lint_result["chain"] = chain
-        return _with_next_steps("lint", lint_result)
-
-    bump = str(semver_result.get("bump", "")).upper()
-
-    # Step 2b: Impact-based notification routing (LED-233, non-blocking)
-    try:
-        from ai.notify import route_by_impact
-        all_changes = lint_result.get("all_changes", lint_result.get("violations", []))
-        if all_changes:
-            routing_result = route_by_impact(all_changes, dry_run=False)
-            chain["steps"].append({"step": "impact_routing", "ok": True})
-            lint_result["impact_routing"] = routing_result
-    except Exception as e:
-        logger.debug("Impact routing non-fatal error: %s", e)
-        chain["steps"].append({"step": "impact_routing", "ok": False, "error": str(e)})
-
-    if bump != "MAJOR":
-        chain["status"] = f"complete_{bump.lower() or 'none'}"
-        lint_result["chain"] = chain
-        return _with_next_steps("lint", lint_result)
-
-    # Step 3: MAJOR bump detected -- evaluate governance
-    # Note: _delimit_gov_impl has its own Pro gate. Free-tier gets lint+semver only.
-    gov_result = _delimit_gov_impl(
-        action="evaluate",
-        eval_action="api_breaking_change",
-        context={
-            "tool": "delimit_lint",
-            "old_spec": old_spec,
-            "new_spec": new_spec,
-            "semver_bump": bump,
-            "breaking_changes": lint_result.get("breaking", []),
-        },
-        repo=".",
-    )
-    chain["steps"].append({"step": "gov_evaluate", "ok": not _chain_is_error(gov_result)})
-    lint_result["gov_evaluate"] = gov_result
-
-    # If Pro gate blocked governance, return gracefully with lint+semver
-    if gov_result.get("status") == "premium_required":
-        chain["status"] = "governance_skipped_free_tier"
-        lint_result["chain"] = chain
-        return _with_next_steps("lint", lint_result)
-
-    # Step 4: If governance blocked, record in ledger (best-effort)
-    gov_blocked = (
-        str(gov_result.get("status", "")).lower() == "blocked"
-        or gov_result.get("governance", {}).get("action") == "policy_blocked"
-    )
+            # Step 2b: Impact-based notification routing (LED-233, non-blocking)
+            try:
+                from ai.notify import route_by_impact
+                all_changes = lint_result.get("all_changes", lint_result.get("violations", []))
+                if all_changes:
+                    routing_result = route_by_impact(all_changes, dry_run=False)
+                    chain["steps"].append({"step": "impact_routing", "ok": True})
+                    lint_result["impact_routing"] = routing_result
+            except Exception as e:
+                logger.debug("Impact routing non-fatal error: %s", e)
+                chain["steps"].append({"step": "impact_routing", "ok": False, "error": str(e)})
+
+            if bump != "MAJOR":
+                chain["status"] = f"complete_{bump.lower() or 'none'}"
+                lint_result["chain"] = chain
+                lint_result["resolved_from"] = resolved_from
+                return _with_next_steps("lint", lint_result)
+
+            # Step 3: MAJOR bump detected -- evaluate governance
+            # Note: _delimit_gov_impl has its own Pro gate. Free-tier gets lint+semver only.
+            # Pass the *original* user inputs (not the tempfile paths) into the
+            # governance context so audit trails capture the real spec source.
+            gov_result = _delimit_gov_impl(
+                action="evaluate",
+                eval_action="api_breaking_change",
+                context={
+                    "tool": "delimit_lint",
+                    "old_spec": old_spec,
+                    "new_spec": new_spec,
+                    "semver_bump": bump,
+                    "breaking_changes": lint_result.get("breaking", []),
+                },
+                repo=".",
+            )
+            chain["steps"].append({"step": "gov_evaluate", "ok": not _chain_is_error(gov_result)})
+            lint_result["gov_evaluate"] = gov_result
+
+            # If Pro gate blocked governance, return gracefully with lint+semver
+            if gov_result.get("status") == "premium_required":
+                chain["status"] = "governance_skipped_free_tier"
+                lint_result["chain"] = chain
+                lint_result["resolved_from"] = resolved_from
+                return _with_next_steps("lint", lint_result)
+
+            # Step 4: If governance blocked, record in ledger (best-effort)
+            gov_blocked = (
+                str(gov_result.get("status", "")).lower() == "blocked"
+                or gov_result.get("governance", {}).get("action") == "policy_blocked"
+            )
 
-    if gov_blocked:
-        from ai.ledger_manager import add_item
-        ledger_result = _chain_call(
-            "lint", "ledger_add", add_item,
-            required=False,
-            title=f"Governance blocked: MAJOR API change in {new_spec}",
-            ledger="ops",
-            item_type="fix",
-            priority="P0",
-            description="MAJOR semver bump detected. Governance blocked the change.",
-            source="chain:lint:gov_blocked",
-        )
-        chain["steps"].append({"step": "ledger_add", "ok": not _chain_is_error(ledger_result)})
-        lint_result["governance_blocked"] = True
-    else:
-        lint_result["governance_blocked"] = False
+            if gov_blocked:
+                from ai.ledger_manager import add_item
+                ledger_result = _chain_call(
+                    "lint", "ledger_add", add_item,
+                    required=False,
+                    title=f"Governance blocked: MAJOR API change in {new_spec}",
+                    ledger="ops",
+                    item_type="fix",
+                    priority="P0",
+                    description="MAJOR semver bump detected. Governance blocked the change.",
+                    source="chain:lint:gov_blocked",
+                )
+                chain["steps"].append({"step": "ledger_add", "ok": not _chain_is_error(ledger_result)})
+                lint_result["governance_blocked"] = True
+            else:
+                lint_result["governance_blocked"] = False
 
-    chain["status"] = "major_change_evaluated"
-    lint_result["chain"] = chain
-    return _with_next_steps("lint", lint_result)
+            chain["status"] = "major_change_evaluated"
+            lint_result["chain"] = chain
+            lint_result["resolved_from"] = resolved_from
+            return _with_next_steps("lint", lint_result)
+    except RemoteResolveError as e:
+        out = e.to_dict()
+        out["old_spec"] = old_spec
+        out["new_spec"] = new_spec
+        return out
 
 
 @mcp.tool()
@@ -2911,49 +2943,79 @@ def delimit_repo_diagnose(target: str = ".") -> Dict[str, Any]:
     return _safe_call(diagnose, target=target)
 
 
+def _run_repo_tool_with_remote(
+    target: str,
+    backend_fn,
+    pro_capability: str,
+) -> Dict[str, Any]:
+    """Shared wrapper for repo-bridge tools with remote-input support (LED-1237).
+
+    Resolves ``target`` (local path, ``owner/repo`` shorthand, or
+    GitHub URL) into a local path, calls the backend, and merges the
+    resolution metadata into the response so panel members can see
+    what got cloned.
+    """
+    from ai.license import require_premium
+    gate = require_premium(pro_capability)
+    if gate:
+        return gate
+
+    from ai.remote_resolve import RemoteResolveError, resolve_repo_target
+
+    try:
+        with resolve_repo_target(target) as (resolved_path, meta):
+            result = _safe_call(backend_fn, target=resolved_path)
+            if isinstance(result, dict):
+                # Don't clobber a backend-supplied resolved_from field.
+                for k, v in meta.items():
+                    result.setdefault(k, v)
+            return result
+    except RemoteResolveError as e:
+        out = e.to_dict()
+        # Preserve the user's original input for debuggability.
+        out["target"] = target
+        return out
+
+
 @mcp.tool()
 def delimit_repo_analyze(target: str = ".") -> Dict[str, Any]:
     """Analyze repository structure and quality (experimental) (Pro).
 
+    Accepts a local path, an ``owner/repo`` shorthand
+    (e.g. ``calcom/cal.com``), or a full GitHub URL. Remote inputs
+    are shallow-cloned into a tempdir for the duration of the call.
+
     Args:
-        target: Repository path.
+        target: Repository path, owner/repo, or GitHub URL.
     """
-    from ai.license import require_premium
-    gate = require_premium("repo_analyze")
-    if gate:
-        return gate
     from backends.repo_bridge import analyze
-    return _safe_call(analyze, target=target)
+    return _run_repo_tool_with_remote(target, analyze, "repo_analyze")
 
 
 @mcp.tool()
 def delimit_repo_config_validate(target: str = ".") -> Dict[str, Any]:
     """Validate configuration files (experimental) (Pro).
 
+    Accepts a local path, ``owner/repo`` shorthand, or a GitHub URL.
+
     Args:
-        target: Repository or config path.
+        target: Repository or config path, owner/repo, or GitHub URL.
     """
-    from ai.license import require_premium
-    gate = require_premium("repo_config_validate")
-    if gate:
-        return gate
     from backends.repo_bridge import config_validate
-    return _safe_call(config_validate, target=target)
+    return _run_repo_tool_with_remote(target, config_validate, "repo_config_validate")
 
 
 @mcp.tool()
 def delimit_repo_config_audit(target: str = ".") -> Dict[str, Any]:
     """Audit configuration compliance (experimental) (Pro).
 
+    Accepts a local path, ``owner/repo`` shorthand, or a GitHub URL.
+
     Args:
-        target: Repository or config path.
+        target: Repository or config path, owner/repo, or GitHub URL.
     """
-    from ai.license import require_premium
-    gate = require_premium("repo_config_audit")
-    if gate:
-        return gate
     from backends.repo_bridge import config_audit
-    return _safe_call(config_audit, target=target)
+    return _run_repo_tool_with_remote(target, config_audit, "repo_config_audit")
 
 
 # ─── Security ───────────────────────────────────────────────────────────

package/gateway/ai/social_capability/capability_validator.py

@@ -1,9 +1,25 @@
-"""Capability-currency validator (LED-216 Phase 1).
+"""Capability-currency validator (LED-216 Phase 1, tightened LED-1240).
 
 Validates social drafts against ``current_capabilities.yaml``. The validator
-hard-fails any draft that names a banned surface (literal or regex), and
-warns when a draft references the Delimit product but no canonical phrase
-appears.
+hard-fails any draft that:
+
+  * names a banned surface (literal or regex), OR
+  * mentions the Delimit product without anchoring to ground truth (no
+    canonical phrase AND no matched_claim from allowed_claims), OR
+  * mentions the Delimit product on a long-form platform (reddit, hn, devto,
+    etc.) without a delimit.ai URL anchor.
+
+The 2026-05-05 tightening (LED-1240) was a response to founder feedback that
+generic-claim drafts were leaking through with only a soft warning. The fix
+reclassifies "mentions product, names no specific claim, links no artifact"
+as a hard-fail — drafts that talk about Delimit must either (a) name a
+mechanism from allowed_claims, or (b) link to a delimit.ai resource (the
+methodology, a worked-example report, the attestation replay UI, etc.).
+
+Twitter (and other ≤280-char platforms) gets a deliberate carve-out: a URL
+won't always fit, so for ``platform="twitter"`` the URL requirement is
+relaxed to "draft must contain at least one matched_claim". Reddit, HN,
+devto, and any unspecified platform keep the URL requirement.
 
 Wiring: ``ai.social.save_draft`` calls :func:`validate_draft` after the
 existing tone/length checks but BEFORE the file is appended. On hard-fail
@@ -58,6 +74,21 @@ _PRODUCT_MENTION_RE = re.compile(
     re.IGNORECASE,
 )
 
+# Match a delimit.ai URL anchor — either a recognized known path, or a bare
+# delimit.ai reference. Used for the LED-1240 long-form URL-grounding gate.
+# The known-path list is recognised by the validator and any other
+# delimit.ai/<segment> URL also counts as grounding (we only need to know
+# the draft is anchored to a real artifact on the public site).
+_DELIMIT_URL_RE = re.compile(
+    r"\bdelimit\.ai(?:/(?:methodology|reports|att|docs|trust|pricing)\b|/\S+|\b)",
+    re.IGNORECASE,
+)
+
+# Platforms that get the short-form URL relaxation. Anything not in this set
+# is treated as long-form and must carry a delimit.ai URL anchor when the
+# draft mentions Delimit by name.
+_SHORT_FORM_PLATFORMS = {"twitter", "x"}
+
 
 def _load_capabilities(path: Path) -> Dict[str, Any]:
     """Load and parse the capabilities YAML.
@@ -157,6 +188,17 @@ def _mentions_product(text: str) -> bool:
     return bool(_PRODUCT_MENTION_RE.search(text or ""))
 
 
+def _has_delimit_url(text: str) -> bool:
+    """True iff the draft contains any delimit.ai URL anchor.
+
+    Matches both the curated path list (delimit.ai/methodology, /reports,
+    /att, /docs, /trust, /pricing) and any other delimit.ai/<path> URL.
+    Bare 'delimit.ai' is also accepted — the goal is grounding, not exact
+    path validation.
+    """
+    return bool(_DELIMIT_URL_RE.search(text or ""))
+
+
 def _append_audit(record: Dict[str, Any]) -> None:
     """Append a validation decision to the audit log. Best-effort."""
     try:
@@ -171,6 +213,7 @@ def validate_draft(
     text: str,
     capabilities_path: Optional[Path] = None,
     *,
+    platform: str = "",
     audit_meta: Optional[Dict[str, Any]] = None,
     log: bool = True,
 ) -> Dict[str, Any]:
@@ -181,6 +224,12 @@ def validate_draft(
         capabilities_path: Override path to the capabilities YAML. Defaults
             to the bundled ``current_capabilities.yaml`` next to this
             module.
+        platform: Platform string ("twitter", "reddit", "hn", "devto", ...).
+            Twitter / X get a short-form carve-out: drafts that mention the
+            product without a delimit.ai URL still pass IF they cite a
+            specific allowed_claim. Long-form platforms must carry both a
+            specific claim AND a URL anchor when they mention the product.
+            Empty string defaults to long-form behavior (strictest gate).
         audit_meta: Optional fields to embed in the audit log entry
             (e.g. ``{"draft_id": ..., "platform": ...}``). Never required
             for validation logic.
@@ -189,16 +238,20 @@ def validate_draft(
     Returns:
         Dict with:
           - ``ok`` (bool): False iff a banned surface (literal or pattern)
-            appeared.
+            appeared, OR the draft mentions the product but anchors to no
+            ground truth (LED-1240).
           - ``errors`` (list[str]): Hard-fail reasons.
-          - ``warnings`` (list[str]): Soft-fail reasons (e.g. product
-            mentioned without canonical phrase).
+          - ``warnings`` (list[str]): Soft-fail reasons.
           - ``matched_claims`` (list[str]): IDs of allowed_claims found.
           - ``matched_banned`` (list[str]): Banned surfaces / patterns hit.
           - ``mentions_product`` (bool): Whether the draft references
             Delimit by name or handle.
           - ``has_canonical_phrase`` (bool): Whether at least one canonical
             phrase appears.
+          - ``has_delimit_url`` (bool): Whether the draft contains a
+            delimit.ai URL anchor.
+          - ``platform`` (str): The normalized platform string used for the
+            short-form carve-out decision.
     """
     text = text or ""
     path = capabilities_path or DEFAULT_CAPABILITIES_PATH
@@ -227,14 +280,51 @@ def validate_draft(
 
     mentions_product = _mentions_product(text)
     has_canonical = _has_canonical_phrase(text, required_phrases)
+    has_url = _has_delimit_url(text)
+    platform_norm = (platform or "").strip().lower()
+    is_short_form = platform_norm in _SHORT_FORM_PLATFORMS
 
     warnings: List[str] = []
-    if mentions_product and not has_canonical and required_phrases:
-        warnings.append(
-            "draft mentions Delimit but does not include a canonical phrase "
-            "(merge gate / signed, replayable attestation / AI-written code "
-            "/ AI-assisted merge). Founder review recommended."
-        )
+
+    # ── LED-1240 grounding gate ──────────────────────────────────────
+    # Tightened 2026-05-05: a draft that mentions Delimit but anchors to
+    # no ground truth is now a hard-fail, not a soft warning. The two
+    # rules are:
+    #   (a) Product mention + no canonical phrase + no matched_claim
+    #       ⇒ hard-fail on every platform. The draft is naming the
+    #       product without grounding to anything in the allow list.
+    #   (b) Product mention on a long-form platform without a delimit.ai
+    #       URL anchor ⇒ hard-fail. Twitter / X are exempt because a URL
+    #       won't always fit in 280 chars; for them, a matched_claim is
+    #       sufficient grounding.
+    # The carve-out preserves the existing twitter draft contract while
+    # raising the floor for reddit / HN / devto / etc.
+    if mentions_product and required_phrases:
+        if not has_canonical and not matched_claims:
+            errors.append(
+                "draft mentions Delimit but cites no canonical phrase and no "
+                "specific allowed_claim. Anchor the claim to a mechanism in "
+                "current_capabilities.yaml or rewrite without naming the "
+                "product (LED-1240)."
+            )
+        elif not is_short_form and not has_url:
+            errors.append(
+                "draft mentions Delimit on a long-form platform "
+                f"(platform={platform_norm or 'unspecified'}) without a "
+                "delimit.ai URL anchor. Cite a specific artifact "
+                "(delimit.ai/methodology, /reports, /att, ...) so the claim "
+                "is verifiable (LED-1240)."
+            )
+        elif not has_canonical:
+            # Has a matched_claim but still missing a canonical phrase —
+            # downgrade to a warning (existing soft-fail behavior). The
+            # claim is grounded; the framing isn't on-message yet.
+            warnings.append(
+                "draft mentions Delimit and cites a specific claim but does "
+                "not include a canonical phrase (merge gate / signed, "
+                "replayable attestation / AI-written code / AI-assisted "
+                "merge). Founder review recommended."
+            )
 
     ok = not errors
 
@@ -246,6 +336,8 @@ def validate_draft(
         "matched_banned": matched_banned,
         "mentions_product": mentions_product,
         "has_canonical_phrase": has_canonical,
+        "has_delimit_url": has_url,
+        "platform": platform_norm,
     }
 
     if log:
@@ -258,6 +350,8 @@ def validate_draft(
             "matched_banned": matched_banned,
             "mentions_product": mentions_product,
             "has_canonical_phrase": has_canonical,
+            "has_delimit_url": has_url,
+            "platform": platform_norm,
             "text_len": len(text),
             "capabilities_path": str(path),
         }