delimit-cli 4.5.8 → 4.5.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +6 -6
- package/gateway/ai/governance.py +1 -1
- package/gateway/core/contract_ledger.py +1 -1
- package/gateway/core/dependency_graph.py +1 -1
- package/gateway/core/dependency_manifest.py +1 -1
- package/gateway/core/event_backbone.py +2 -2
- package/gateway/core/event_schema.py +1 -1
- package/gateway/core/impact_analyzer.py +1 -1
- package/package.json +1 -1
package/CHANGELOG.md
CHANGED
|
@@ -219,7 +219,7 @@ Real-world specs can ship malformed shapes. The diff engine now defends against
|
|
|
219
219
|
|
|
220
220
|
### Fixed
|
|
221
221
|
- **Exit-shim counter undercounting** — previously missed commits outside `SESSION_CWD` and dropped Z-suffixed timestamps; both now captured.
|
|
222
|
-
- **Proprietary path leaks** — sync-gateway.sh EXCLUDE list hardened to keep
|
|
222
|
+
- **Proprietary path leaks** — sync-gateway.sh EXCLUDE list hardened to keep portfolio-specific files (social.py, social_target.py, inbox_daemon.py, founding_users.py, deliberation.py) out of the npm bundle.
|
|
223
223
|
|
|
224
224
|
### Tests
|
|
225
225
|
- Gateway: 163/163 passing on changed-file tests (social.py, social_target.py, supabase_sync).
|
|
@@ -610,8 +610,8 @@ Real-world specs can ship malformed shapes. The diff engine now defends against
|
|
|
610
610
|
- Wire local API server into setup flow (STR-057) (223a647d)
|
|
611
611
|
- release: v3.11.4 — CLAUDE.md auto-update with versioned markers (66db96dd)
|
|
612
612
|
- security: remove infect.js, hardcoded paths, stale shell scripts (ddb2b1a8)
|
|
613
|
-
- security: remove all
|
|
614
|
-
- security: remove
|
|
613
|
+
- security: remove all internal doctrine references from gateway stubs (1d802a2b)
|
|
614
|
+
- security: remove holdco adapters from public repo (c976fa8a)
|
|
615
615
|
- release: v3.11.1 — MCP/AI keywords for npm discoverability (ba984f17)
|
|
616
616
|
- release: v3.11.0 — agent identity, secrets broker, approval gates (78557ea8)
|
|
617
617
|
- update: CLI description to match brand positioning (75ff6842)
|
|
@@ -623,7 +623,7 @@ Real-world specs can ship malformed shapes. The diff engine now defends against
|
|
|
623
623
|
- v3.9.1: download Pro modules from delimit.ai CDN (public URL, no auth needed) (b1462fd4)
|
|
624
624
|
- v3.9.0: Pro source removed from public package — compiled modules download at install (e4fe7baf)
|
|
625
625
|
- v3.8.2: Gemini governance trigger + history scrub (116ffb1a)
|
|
626
|
-
- security: remove node_modules and
|
|
626
|
+
- security: remove node_modules and holdco adapters from public repo (f67f3b92)
|
|
627
627
|
- v3.8.1: governance trigger in all instruction files + MCP server description (7c525231)
|
|
628
628
|
- v3.7.1: CLI-first deliberation + gateway sync + path cleanup (1555691d)
|
|
629
629
|
- v3.7.0: cross-model positioning + models configure + release sync (4c9cbcb7)
|
|
@@ -698,7 +698,7 @@ Real-world specs can ship malformed shapes. The diff engine now defends against
|
|
|
698
698
|
- **LED-061**: [P0] DomainVested: Consistency audit — verdict/flip/action must agree
|
|
699
699
|
- **LED-062**: [P1] Brand: Add SVG logo to site, favicon, GitHub org avatar, npm
|
|
700
700
|
- **LED-063**: [P0] Governance trigger shipped in npm — instruction files + MCP description
|
|
701
|
-
- **LED-064**: [P0] Security: removed
|
|
701
|
+
- **LED-064**: [P0] Security: removed holdco adapters + node_modules from public repo
|
|
702
702
|
- **LED-065**: [P0] ChatOps: Build app.delimit.ai into a unified project management interface
|
|
703
703
|
- **LED-066**: [P0] Split repos: free tools public, Pro tools private, npm bundles both
|
|
704
704
|
- **LED-067**: [P0] License: add periodic re-validation (30 day) with 7 day grace period
|
|
@@ -1064,7 +1064,7 @@ Real-world specs can ship malformed shapes. The diff engine now defends against
|
|
|
1064
1064
|
- GitHub Action smoke test workflow
|
|
1065
1065
|
|
|
1066
1066
|
### Fixed
|
|
1067
|
-
- Gemini deliberation HTTP 400 (ADC credentials +
|
|
1067
|
+
- Gemini deliberation HTTP 400 (ADC credentials + project mismatch)
|
|
1068
1068
|
- Deliberation timeout: parallelized round 1 (46% faster)
|
|
1069
1069
|
- Sensor dedup: titles include repo/issue to prevent duplicates
|
|
1070
1070
|
- Test-mode guard prevents ledger pollution from tests
|
package/gateway/ai/governance.py
CHANGED
|
@@ -49,7 +49,7 @@ NON_DELEGABLE_OPERATION_CLASSES = frozenset({
|
|
|
49
49
|
"constitutional_rewrite", # edits to founder doctrine canon outside managed sections
|
|
50
50
|
"authority_class_expansion", # adding a new class of tool / agent / gate
|
|
51
51
|
"irreversible_capital_commit", # capital commitments above non-delegable threshold
|
|
52
|
-
"venture_kill", # shutting down
|
|
52
|
+
"venture_kill", # shutting down an internal venture
|
|
53
53
|
"permission_escalation", # granting elevated access (sudo, admin, write-as-other)
|
|
54
54
|
"public_truth_claim", # public statement / marketing assertion outrunning evidence
|
|
55
55
|
})
|
|
@@ -3,7 +3,7 @@ Delimit Contract Ledger
|
|
|
3
3
|
Reads, validates, and queries the append-only JSONL event ledger.
|
|
4
4
|
Optional SQLite index for fast lookups (never required for CI).
|
|
5
5
|
|
|
6
|
-
Per
|
|
6
|
+
Per Delimit governance principles:
|
|
7
7
|
- Deterministic outputs
|
|
8
8
|
- Append-only artifacts
|
|
9
9
|
- SQLite index is optional, not required for CI
|
|
@@ -5,7 +5,7 @@ Constructs a deterministic service dependency graph from manifests.
|
|
|
5
5
|
The graph maps each API/service to its downstream consumers,
|
|
6
6
|
enabling impact analysis when an API contract changes.
|
|
7
7
|
|
|
8
|
-
Per
|
|
8
|
+
Per Delimit governance principles:
|
|
9
9
|
- Deterministic outputs (sorted, reproducible)
|
|
10
10
|
- No telemetry
|
|
11
11
|
- Graceful degradation when manifests are missing
|
|
@@ -3,7 +3,7 @@ Delimit Event Backbone
|
|
|
3
3
|
Constructs ledger events, generates SHA-256 hashes, links hash chains,
|
|
4
4
|
and appends to the append-only JSONL ledger.
|
|
5
5
|
|
|
6
|
-
Per
|
|
6
|
+
Per Delimit governance principles:
|
|
7
7
|
- Deterministic outputs
|
|
8
8
|
- Append-only artifacts
|
|
9
9
|
- Fail-closed CI behavior (ledger failures never affect CI)
|
|
@@ -199,7 +199,7 @@ class EventBackbone:
|
|
|
199
199
|
This is the primary API for event generation. It is best-effort:
|
|
200
200
|
if the ledger write fails, the event is still returned but not persisted.
|
|
201
201
|
|
|
202
|
-
CRITICAL: This method NEVER raises exceptions. Per
|
|
202
|
+
CRITICAL: This method NEVER raises exceptions. Per Delimit doctrine,
|
|
203
203
|
ledger failures must not affect CI pass/fail outcome.
|
|
204
204
|
|
|
205
205
|
Returns:
|
|
@@ -3,7 +3,7 @@ Delimit Impact Analyzer
|
|
|
3
3
|
Determines downstream consumers affected by an API change
|
|
4
4
|
and produces informational impact summaries for CI output.
|
|
5
5
|
|
|
6
|
-
Per
|
|
6
|
+
Per Delimit governance principles:
|
|
7
7
|
- Impact analysis is INFORMATIONAL ONLY
|
|
8
8
|
- NEVER affects CI pass/fail outcome
|
|
9
9
|
- Deterministic outputs
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "delimit-cli",
|
|
3
3
|
"mcpName": "io.github.delimit-ai/delimit-mcp-server",
|
|
4
|
-
"version": "4.5.
|
|
4
|
+
"version": "4.5.9",
|
|
5
5
|
"description": "Unify Claude Code, Codex, Cursor, and Gemini CLI with persistent context, governance, and multi-model debate.",
|
|
6
6
|
"main": "index.js",
|
|
7
7
|
"files": [
|