delimit-cli 4.6.1 → 4.7.0

package/CHANGELOG.md

@@ -1,6 +1,86 @@
 # Changelog
 
 
+## [4.7.0] - 2026-06-03
+
+Feature release: fold the open-core Delimit Seal verifier into delimit-cli.
+
+### Added
+
+- **`delimit seal-verify <receipt.json>`** + MCP tool **`delimit_seal_verify`**
+  (Free tier): verify a Delimit Seal receipt's Ed25519 signature and content-pin
+  against the bundled, content-hashed Layer-0 constitution — with no access to the
+  engine or the signing key. Bundles `gateway/ai/seal/` (verifier, constitution,
+  public key, sample receipt). Honest about what it does NOT attest.
+- The verifier **lazy-imports `cryptography` and fails closed** if it is absent
+  (returns verification_unavailable) — it never blocks install or any other tool.
+  To enable seal verification: `pip install cryptography`.
+
+### Notes
+
+- Purely additive — no existing tool, command, or behavior changed.
+
+
+## [4.6.1] - 2026-05-22
+
+Patch release: bundle hygiene + gateway sync carrying 7 upstream improvements.
+
+### Fixed
+
+- **`delimit setup hooks`** (LED-1207, #100): bypass broken `npx` fallback in
+  the pre-commit / pre-push hook generator. Fresh installs now produce hooks
+  that work even when the npm-resolved `delimit` shim is absent from `PATH`
+  (the fallback used to fail silently and produce no-op hooks).
+
+### Improved (carried from the gateway)
+
+These ship inside the gateway/ tree that bundles with delimit-cli. They are
+in effect for anyone running the MCP server from a 4.6.1 install:
+
+- **Cross-post dedup for Reddit drafts** — same-author + same-normalized-title
+  within a 7-day window dedupes manual re-submits across subreddits. Reddit's
+  native `crosspost_parent` field is *also* now captured: when set, an O(1)
+  fingerprint lookup catches the native cross-post case before the heuristic.
+  Two-layer coverage: native UI cross-posts (rare, O(1)) + manual re-submits
+  (common, O(N)).
+
+- **Inline follow-up draft in reply-alert emails** — both Reddit reply-alerts
+  and GitHub outreach-reply-alerts now ship with a pre-composed, voice-matched
+  follow-up reply inside the email body. The original "Draft a follow-up
+  reply and post from mobile" sentinel remains as graceful degradation if
+  the drafter falls through. Designed for mobile copy-paste-and-post flow.
+
+- **STR-195 binding founder decisions auto-injected into `delimit_deliberate`** —
+  when a panel question touches a venture name or decision keyword, matching
+  `feedback_*.md` memories surface as a `BINDING FOUNDER DECISIONS — CANNOT BE
+  RE-LITIGATED` block prepended to the panel context. Closed decisions stop
+  getting re-argued every deliberation. Memory walk is mtime-cached; portfolio
+  anchors can be extended via `~/.delimit/social_target_ventures.json` for
+  Pro users whose ventures aren't in the default delimit-portfolio set.
+
+- **`delimit_security_audit` false-positive elimination** (LED-1278 (c)):
+  token-handling code (`const token = readCurrentToken()`,
+  `const token = (options.token || process.env.X)`) no longer trips the
+  `generic_secret` detector. Provider-specific detectors (aws_access_key,
+  github_token, jwt_token, sk-proj API key) remain fully armed. Verified
+  against a regression-guard test set including real AKIA, ghp_, JWT, and
+  bearer-token literal shapes.
+
+### Chores
+
+- **Excluded dev-only build scripts from the customer tarball** (#101):
+  `build-license-core.sh`, `security-check.sh`, and `test-license-core-so.sh`
+  are publish-time hooks invoked from `prepublishOnly`; they never ran on
+  customer installs. Removed from the published bundle (166 → 163 files,
+  ~10KB unpacked) and closed the meta-leak where the scripts' own
+  leak-detection grep patterns contained the patterns they protected against.
+
+### Documentation
+
+- **Retract incorrect 4.6.0 'known issue' line** (LED-1403): the prior
+  CHANGELOG entry referenced a regression that did not actually ship.
+
+
 ## [4.6.0] - 2026-05-15
 
 ### Added — Codex CLI + Gemini CLI auto-trigger directives (LED-1399)

package/bin/delimit-cli.js

@@ -69,7 +69,7 @@ function normalizeNaturalLanguageArgs(argv) {
     const explicitCommands = new Set([
         'install', 'mode', 'status', 'session', 'build', 'ask', 'policy', 'auth', 'audit',
         'explain-decision', 'uninstall', 'proxy', 'hook', 'version', 'vault', 'deliberate',
-        'remember', 'recall', 'forget', 'report', 'signin', 'signout', 'activate'
+        'remember', 'recall', 'forget', 'report', 'signin', 'signout', 'activate', 'seal-verify'
     ]);
     if (explicitCommands.has((raw[0] || '').toLowerCase())) {
         return raw;
@@ -6916,12 +6916,43 @@ program
             results = results.filter(m => m.tags && m.tags.some(t => t.includes(tagFilter)));
         }
 
-        // Filter by query (case-insensitive substring on text + tags)
+        // Filter by query — tokenized OR-match on text + tags + context.
+        // Previously this required the entire query as one contiguous
+        // substring (haystack.includes(query)), so any multi-word query
+        // returned zero hits. Now we split on whitespace and keep an entry
+        // if it matches at least one token, then rank by the number of
+        // distinct tokens matched (descending), tie-broken by recency.
         if (query) {
-            results = results.filter(m => {
-                const haystack = (m.text + ' ' + (m.tags || []).join(' ')).toLowerCase();
-                return haystack.includes(query);
+            const tokens = query.split(/\s+/).filter(Boolean);
+            const scored = [];
+            for (const m of results) {
+                const haystack = (
+                    (m.text || '') + ' ' +
+                    (m.tags || []).join(' ') + ' ' +
+                    (m.context || '')
+                ).toLowerCase();
+                let matched = 0;
+                let occurrences = 0;
+                for (const tok of tokens) {
+                    const c = haystack.split(tok).length - 1;
+                    if (c > 0) {
+                        matched += 1;
+                        occurrences += c;
+                    }
+                }
+                if (matched >= 1) {
+                    scored.push({ mem: m, matched, occurrences });
+                }
+            }
+            // Rank: most tokens matched, then most occurrences, then recency.
+            scored.sort((a, b) => {
+                if (b.matched !== a.matched) return b.matched - a.matched;
+                if (b.occurrences !== a.occurrences) return b.occurrences - a.occurrences;
+                const at = new Date(a.mem.created_at || a.mem.created || 0).getTime();
+                const bt = new Date(b.mem.created_at || b.mem.created || 0).getTime();
+                return bt - at;
             });
+            results = scored.map(s => s.mem);
         }
 
         // Unless --all, limit to last 10
@@ -6930,8 +6961,13 @@ program
             results = results.slice(-10);
         }
 
-        // Display newest first
-        results.reverse();
+        // Display order: newest-first for the unfiltered/tag views (memories
+        // arrive newest-first, so reverse only when NOT ranking by query).
+        // Query results are already ordered best-match-first by the ranking
+        // above and must not be reversed.
+        if (!query) {
+            results.reverse();
+        }
 
         console.log(chalk.bold('\n  Delimit Memories\n'));
 
@@ -6964,5 +7000,55 @@ program
         }
     });
 
+program
+    .command('seal-verify <receipt_path>')
+    .description('Verify a Delimit Seal receipt (Ed25519 signature + content-pin) against the bundled constitution')
+    .option('--json', 'Output the full verification result as JSON')
+    .action((receiptPath, options) => {
+        const resolved = path.resolve(receiptPath);
+        if (!fs.existsSync(resolved)) {
+            console.error(chalk.red(`\n  Receipt not found: ${resolved}\n`));
+            process.exit(1);
+        }
+        const verifier = homeSubpath('server', 'ai', 'seal', 'verifier.py');
+        if (!fs.existsSync(verifier)) {
+            console.error(chalk.yellow('\n  Seal verifier not installed. Run: ') + chalk.cyan('delimit setup') + '\n');
+            process.exit(1);
+        }
+        try {
+            const escaped = resolved.replace(/'/g, "\\'");
+            const pyCmd = `python3 -c "
+import sys, os, json
+sys.path.insert(0, os.path.dirname('${verifier}'))
+from verifier import verify_receipt
+print(json.dumps(verify_receipt('${escaped}'), default=str))
+"`;
+            const out = execSync(pyCmd, {
+                encoding: 'utf-8',
+                timeout: 30000,
+                env: { ...process.env, PYTHONPATH: path.dirname(verifier) },
+            });
+            const r = JSON.parse(out.trim().split('\n').pop());
+            if (options.json) {
+                console.log(JSON.stringify(r, null, 2));
+            } else {
+                console.log(chalk.bold('\n  Delimit Seal — receipt verification\n'));
+                console.log('  ' + (r.valid ? chalk.green('✅ VERIFIED') : chalk.red('❌ FAILED')) +
+                            chalk.gray(`  (${(r.layer0_seed_id || '').slice(0, 20)}…)`));
+                if (r.checks) {
+                    for (const [k, v] of Object.entries(r.checks)) {
+                        console.log(`    [${v ? chalk.green('✓') : chalk.red('✗')}] ${k}`);
+                    }
+                }
+                if (r.error) console.log(chalk.yellow(`    ${r.error}`));
+                console.log(chalk.gray('  Proves the governed process ran — not factual correctness or goodness.\n'));
+            }
+            process.exitCode = r.valid ? 0 : 1;
+        } catch (e) {
+            console.error(chalk.red(`\n  Verification error: ${e.message}\n`));
+            process.exitCode = 2;
+        }
+    });
+
 const normalizedArgs = normalizeNaturalLanguageArgs(process.argv);
 program.parse([process.argv[0], process.argv[1], ...normalizedArgs]);

package/bin/delimit-setup.js

@@ -258,18 +258,22 @@ async function main() {
         const venvPy = fs.existsSync(venvPython) ? venvPython : venvPythonWin;
         if (fs.existsSync(reqFile)) {
             execSync(`"${venvPy}" -m pip install --quiet -r "${reqFile}" 2>/dev/null`, { stdio: 'pipe' });
+            // LED-1564: even when reqFile exists, ensure pytest is present.
+            // Older reqFiles (pre-2026-05-22) didn't list it; without pytest
+            // the delimit_test_smoke deploy-gate step fails to run cleanly.
+            execSync(`"${venvPy}" -m pip install --quiet pytest 2>/dev/null`, { stdio: 'pipe' });
         } else {
-            execSync(`"${venvPy}" -m pip install --quiet fastmcp==3.1.0 pyyaml==6.0.3 pydantic==2.12.5 packaging==26.0 2>/dev/null`, { stdio: 'pipe' });
+            execSync(`"${venvPy}" -m pip install --quiet fastmcp==3.1.0 pyyaml==6.0.3 pydantic==2.12.5 packaging==26.0 pytest 2>/dev/null`, { stdio: 'pipe' });
         }
         python = venvPy;  // Use venv python for MCP config
         await logp(`  ${green('✓')} Python dependencies installed (isolated venv)`);
     } catch {
         log(`  ${yellow('!')} venv install failed — trying global pip`);
         try {
-            execSync(`${python} -m pip install --quiet fastmcp==3.1.0 pyyaml==6.0.3 pydantic==2.12.5 packaging==26.0 2>/dev/null`, { stdio: 'pipe' });
+            execSync(`${python} -m pip install --quiet fastmcp==3.1.0 pyyaml==6.0.3 pydantic==2.12.5 packaging==26.0 pytest 2>/dev/null`, { stdio: 'pipe' });
             await logp(`  ${green('✓')} Python dependencies installed (global)`);
         } catch {
-            log(`  ${yellow('!')} pip install failed — run manually: pip install fastmcp pyyaml pydantic packaging`);
+            log(`  ${yellow('!')} pip install failed — run manually: pip install fastmcp pyyaml pydantic packaging pytest`);
         }
     }
 

package/gateway/ai/backends/gateway_core.py

@@ -358,6 +358,12 @@ def run_diff(old_spec: str, new_spec: str) -> Dict[str, Any]:
             }
             for c in changes
         ],
+        # LED-1588: structured side-channel for fail-open skips (unresolvable
+        # refs, malformed nodes) so a clean `changes` list is not mistaken for
+        # "proven safe". Additive — existing keys are unchanged. The JSON
+        # Schema branch above intentionally omits this (engine does not yet
+        # populate advisories; a misleading empty field would imply it checked).
+        "advisories": engine.advisories,
     }
 
 

package/gateway/ai/backends/memory_bridge.py

@@ -14,11 +14,131 @@ logger = logging.getLogger("delimit.ai.memory_bridge")
 
 MEMORY_DIR = Path.home() / ".delimit" / "memory"
 
+# Legacy CLI store filename. The npm CLI historically wrote memories as
+# newline-delimited JSON (`memories.jsonl`) using a `text`/`created`/`source`
+# schema, while the MCP store writes one `mem-*.json` file per entry using
+# `content`/`created_at`/`context`. The readers below reconcile both so a
+# customer who created memories via the old CLI still sees them through the
+# MCP tools (FIX C — non-destructive; the .jsonl is never rewritten here).
+LEGACY_JSONL_NAME = "memories.jsonl"
+
 
 def _ensure_dir():
     MEMORY_DIR.mkdir(parents=True, exist_ok=True)
 
 
+def _tokenize(query: str) -> List[str]:
+    """Split a search query into lowercased whitespace-delimited tokens.
+
+    Used by search() for OR-semantics keyword matching: an entry is a hit
+    if it contains at least one token. Empty / whitespace-only queries
+    yield no tokens (callers preserve their own empty-query behavior).
+    """
+    return [t for t in (query or "").lower().split() if t]
+
+
+def _normalize_legacy_entry(raw: Dict[str, Any]) -> Dict[str, Any]:
+    """Normalize a legacy `memories.jsonl` record to the MCP entry shape.
+
+    Legacy CLI schema: {id, text, tags, created, source}
+    MCP schema:        {id, content, tags, context, created_at, hot_load}
+
+    Maps text->content and created->created_at without dropping the
+    original keys, and synthesizes a context from `source` when absent so
+    downstream readers behave uniformly. Mirrors the CLI's readMemories
+    normalization (npm-delimit/bin/delimit-cli.js) for cross-tool parity.
+    """
+    entry = dict(raw)
+    if entry.get("text") and not entry.get("content"):
+        entry["content"] = entry["text"]
+    if entry.get("content") and not entry.get("text"):
+        entry["text"] = entry["content"]
+    if entry.get("created") and not entry.get("created_at"):
+        entry["created_at"] = entry["created"]
+    if entry.get("created_at") and not entry.get("created"):
+        entry["created"] = entry["created_at"]
+    if not entry.get("context") and entry.get("source"):
+        entry["context"] = entry["source"]
+    return entry
+
+
+def _read_legacy_jsonl() -> List[Dict[str, Any]]:
+    """Read and normalize legacy `memories.jsonl` entries, if present.
+
+    Defensive by contract: a missing or malformed file yields an empty
+    list and never raises. Malformed individual lines are skipped so one
+    bad line does not lose the rest of the file.
+    """
+    path = MEMORY_DIR / LEGACY_JSONL_NAME
+    entries: List[Dict[str, Any]] = []
+    try:
+        if not path.exists():
+            return entries
+        text = path.read_text()
+    except OSError:
+        return entries
+    for line in text.splitlines():
+        line = line.strip()
+        if not line:
+            continue
+        try:
+            raw = json.loads(line)
+        except (json.JSONDecodeError, ValueError):
+            continue
+        if isinstance(raw, dict):
+            entries.append(_normalize_legacy_entry(raw))
+    return entries
+
+
+def _load_all_entries() -> List[Dict[str, Any]]:
+    """Load every memory entry from both stores, deduped by id.
+
+    Reads the per-entry `mem-*.json` files (MCP, primary) and the legacy
+    `memories.jsonl` (CLI, backwards-compat). On an id collision the
+    `mem-*.json` entry wins — it is the authoritative MCP store and may
+    carry fields (e.g. hot_load) the legacy record lacks. Entries are
+    returned newest-first by created_at so callers that slice keep the
+    most recent. Fully defensive: unreadable files are skipped.
+
+    FIX C: the legacy `memories.jsonl` is read-only here — never deleted
+    or rewritten — preserving a customer's existing CLI-authored memories.
+    """
+    by_id: Dict[str, Dict[str, Any]] = {}
+    order: List[str] = []
+
+    def _add(entry: Dict[str, Any], key: str, *, overwrite: bool) -> None:
+        if key not in by_id:
+            by_id[key] = entry
+            order.append(key)
+        elif overwrite:
+            by_id[key] = entry
+
+    # Primary store: mem-*.json (authoritative, wins on conflict).
+    for f in MEMORY_DIR.glob("*.json"):
+        try:
+            entry = json.loads(f.read_text())
+        except (OSError, json.JSONDecodeError, ValueError):
+            continue
+        if not isinstance(entry, dict):
+            continue
+        entry.setdefault("id", f.stem)
+        _add(entry, entry.get("id") or f.stem, overwrite=True)
+
+    # Legacy jsonl: only fills ids the primary store does not already have.
+    for entry in _read_legacy_jsonl():
+        key = entry.get("id")
+        if not key:
+            # No id to dedupe on — keep it, it cannot collide.
+            order.append(id(entry))  # unique sentinel key
+            by_id[id(entry)] = entry
+            continue
+        _add(entry, key, overwrite=False)
+
+    entries = [by_id[k] for k in order]
+    entries.sort(key=lambda e: e.get("created_at") or e.get("created") or "", reverse=True)
+    return entries
+
+
 def store(
     content: str,
     tags: Optional[list] = None,
@@ -68,56 +188,97 @@ def store(
 
 
 def search(query: str, limit: int = 10) -> Dict[str, Any]:
-    """Search memories by keyword matching."""
+    """Search memories by keyword matching.
+
+    FIX A: the query is tokenized on whitespace and matched with OR
+    semantics — an entry is a hit if it contains at least one token in its
+    content, tags, or context. Previously the entire query had to appear as
+    one contiguous substring, so any multi-word query returned zero hits.
+
+    Results are ranked by the number of distinct query tokens matched
+    (descending), tie-broken by recency (created_at descending). The
+    `relevance` field is preserved in the return schema and now carries the
+    matched-token count, the primary ranking signal.
+
+    An empty (or whitespace-only) query preserves the previous behavior of
+    returning no results.
+
+    FIX C: reads both the per-entry `mem-*.json` MCP store and the legacy
+    `memories.jsonl` CLI store (deduped, MCP wins on id conflict).
+    """
     _ensure_dir()
-    query_lower = query.lower()
+    tokens = _tokenize(query)
     results = []
 
-    for f in sorted(MEMORY_DIR.glob("*.json"), reverse=True):
-        try:
-            entry = json.loads(f.read_text())
-            content = entry.get("content", "").lower()
-            tags = " ".join(entry.get("tags", [])).lower()
-            context = entry.get("context", "").lower()
-
-            # Simple keyword matching
-            if query_lower in content or query_lower in tags or query_lower in context:
-                results.append({
-                    "id": entry.get("id", f.stem),
-                    "content": entry.get("content", "")[:500],
-                    "tags": entry.get("tags", []),
-                    "created_at": entry.get("created_at", ""),
-                    "relevance": content.count(query_lower),
-                })
-
-            if len(results) >= limit:
-                break
-        except Exception:
-            pass
-
-    results.sort(key=lambda r: r.get("relevance", 0), reverse=True)
+    # Empty / whitespace-only query: preserve prior behavior (no hits).
+    if not tokens:
+        return {"query": query, "results": results, "count": 0}
+
+    for entry in _load_all_entries():
+        content = (entry.get("content") or "").lower()
+        tags = " ".join(entry.get("tags") or []).lower()
+        context = (entry.get("context") or "").lower()
+        haystacks = (content, tags, context)
+
+        matched_tokens = 0
+        total_occurrences = 0
+        for tok in tokens:
+            hit = False
+            for hay in haystacks:
+                c = hay.count(tok)
+                if c:
+                    hit = True
+                    total_occurrences += c
+            if hit:
+                matched_tokens += 1
+
+        if matched_tokens >= 1:
+            results.append({
+                "id": entry.get("id", ""),
+                "content": (entry.get("content") or "")[:500],
+                "tags": entry.get("tags") or [],
+                "created_at": entry.get("created_at") or entry.get("created") or "",
+                # `relevance` preserved in schema; now = matched-token count
+                # (primary ranking signal). _occurrences is an internal
+                # tie-break aid, dropped before return.
+                "relevance": matched_tokens,
+                "_occurrences": total_occurrences,
+            })
+
+    # Rank: most tokens matched first, then most occurrences, then recency.
+    results.sort(
+        key=lambda r: (r["relevance"], r["_occurrences"], r.get("created_at") or ""),
+        reverse=True,
+    )
+    for r in results:
+        r.pop("_occurrences", None)
+
+    results = results[:limit]
     return {"query": query, "results": results, "count": len(results)}
 
 
 def get_recent(limit: int = 5) -> Dict[str, Any]:
-    """Get recent memory entries."""
+    """Get recent memory entries.
+
+    FIX C: reads both the per-entry `mem-*.json` MCP store and the legacy
+    `memories.jsonl` CLI store. Entries are deduped by id (MCP wins) and
+    ordered newest-first by created_at (legacy `created` is normalized to
+    `created_at`). Legacy entries surface `hot_load=False` since the field
+    pre-dates that schema.
+    """
     _ensure_dir()
     entries = []
 
-    for f in sorted(MEMORY_DIR.glob("*.json"), key=lambda p: p.stat().st_mtime, reverse=True):
+    for entry in _load_all_entries():
         if len(entries) >= limit:
             break
-        try:
-            entry = json.loads(f.read_text())
-            entries.append({
-                "id": entry.get("id", f.stem),
-                "content": entry.get("content", "")[:500],
-                "tags": entry.get("tags", []),
-                "created_at": entry.get("created_at", ""),
-                "hot_load": bool(entry.get("hot_load", False)),
-            })
-        except Exception:
-            pass
+        entries.append({
+            "id": entry.get("id", ""),
+            "content": (entry.get("content") or "")[:500],
+            "tags": entry.get("tags") or [],
+            "created_at": entry.get("created_at") or entry.get("created") or "",
+            "hot_load": bool(entry.get("hot_load", False)),
+        })
 
     return {"results": entries, "count": len(entries)}
 
@@ -143,23 +304,19 @@ def list_hot(limit: int = 200) -> Dict[str, Any]:
     _ensure_dir()
     entries = []
 
-    for f in sorted(MEMORY_DIR.glob("*.json"), key=lambda p: p.stat().st_mtime, reverse=True):
+    for entry in _load_all_entries():
         if len(entries) >= limit:
             break
-        try:
-            entry = json.loads(f.read_text())
-            if not entry.get("hot_load"):
-                continue
-            entries.append({
-                "id": entry.get("id", f.stem),
-                "content": entry.get("content", ""),
-                "tags": entry.get("tags", []),
-                "context": entry.get("context", ""),
-                "created_at": entry.get("created_at", ""),
-                "hot_load": True,
-            })
-        except Exception:
-            pass
+        if not entry.get("hot_load"):
+            continue
+        entries.append({
+            "id": entry.get("id", ""),
+            "content": entry.get("content") or "",
+            "tags": entry.get("tags") or [],
+            "context": entry.get("context") or "",
+            "created_at": entry.get("created_at") or entry.get("created") or "",
+            "hot_load": True,
+        })
 
     return {"results": entries, "count": len(entries)}
 

package/gateway/ai/backends/repo_bridge.py

@@ -318,3 +318,25 @@ def security_audit(target: str = ".", options: Optional[Dict] = None) -> Dict[st
         return _fallback_security_result(target=target, tool_label="security.audit")
     return _call("securitygate", "create_securitygate_server", "_tool_audit",
                  {"target": target, "authorization_token": _INTERNAL_TOKEN, **(options or {})}, "security.audit")
+
+
+def seal_verify(receipt_path: str, options: Optional[Dict] = None) -> Dict[str, Any]:
+    """Verify a Delimit Seal receipt (Free, open-core).
+
+    Delegates to ai.seal.verifier.verify_receipt against the bundled,
+    content-hashed Layer-0 constitution + published Ed25519 public key.
+    The `cryptography` dependency is optional and lazy-imported inside the
+    verifier; a missing wheel returns verification_unavailable, never raises.
+    """
+    try:
+        from ai.seal.verifier import verify_receipt
+    except Exception as e:  # import guard — never break the caller
+        return {"valid": False, "seal_valid": False,
+                "error": f"seal verifier unavailable: {e}"}
+    opts = options or {}
+    return verify_receipt(
+        receipt_path,
+        constitution_path=opts.get("constitution_path"),
+        pubkey_path=opts.get("pubkey_path"),
+        verbose=bool(opts.get("verbose", False)),
+    )