delimit-cli 4.7.3 → 4.7.4

package/gateway/ai/supabase_sync.py

@@ -159,6 +159,64 @@ def _http_patch(table: str, query: str, data: dict) -> bool:
         return False
 
 
+def _http_upload_storage(
+    bucket: str,
+    object_path: str,
+    body: bytes,
+    content_type: str = "application/json",
+) -> bool:
+    """Upload one object to Supabase Storage using the REST API."""
+    import urllib.parse
+    import urllib.request
+    try:
+        safe_bucket = urllib.parse.quote(bucket.strip("/"), safe="")
+        safe_object = urllib.parse.quote(object_path.strip("/"), safe="/")
+        url = f"{SUPABASE_URL.rstrip('/')}/storage/v1/object/{safe_bucket}/{safe_object}"
+        req = urllib.request.Request(url, data=body, method="POST")
+        req.add_header("Content-Type", content_type)
+        req.add_header("Cache-Control", "3600")
+        req.add_header("apikey", SUPABASE_KEY)
+        req.add_header("Authorization", f"Bearer {SUPABASE_KEY}")
+        req.add_header("x-upsert", "true")
+        urllib.request.urlopen(req, timeout=5)
+        return True
+    except Exception as e:
+        logger.debug(f"Supabase Storage upload failed for {bucket}/{object_path}: {e}")
+        return False
+
+
+def sync_attestation_bundle(
+    bundle_path: str,
+    attestation_id: str = "",
+    bucket: str = "",
+) -> bool:
+    """Best-effort mirror of a signed attestation JSON bundle to Supabase Storage.
+
+    Local files remain the source of truth. This only makes /att/<id> and the
+    dashboard index able to discover bundles without committing static JSON.
+    """
+    try:
+        client = _get_client()
+        if client is None:
+            return False
+        if not bundle_path:
+            return False
+        path = Path(bundle_path)
+        if not path.exists() or not path.is_file():
+            return False
+
+        object_id = attestation_id or path.stem
+        object_path = f"{object_id}.json" if not object_id.endswith(".json") else object_id
+        storage_bucket = bucket or os.environ.get(
+            "DELIMIT_ATTESTATION_BUCKET",
+            "attestations",
+        )
+        return _http_upload_storage(storage_bucket, object_path, path.read_bytes())
+    except Exception as e:
+        logger.debug(f"Attestation bundle sync failed: {e}")
+        return False
+
+
 def sync_event(event: dict):
     """Sync an event to Supabase (fire-and-forget).
 

package/gateway/ai/swarm.py

@@ -964,6 +964,8 @@ def hot_reload(reason: str = "update") -> Dict[str, Any]:
         "ai.reddit_scanner",
         "ai.ledger_manager",
         "ai.backends.repo_bridge",
+        "ai.backends.governance_bridge",
+        "backends.governance_bridge",
         "ai.backends.tools_infra",
         "backends.repo_bridge",  # alias used by server.py lazy imports
         "ai.social_target",  # depends on ai.social

package/gateway/ai/tui.py

@@ -24,6 +24,7 @@ from textual.binding import Binding
 import json
 import os
 import subprocess
+import sqlite3
 import time
 from datetime import datetime, timezone
 from pathlib import Path
@@ -136,6 +137,51 @@ def _load_daemon_state() -> Dict[str, Any]:
         return {"status": "unknown"}
 
 
+
+def _load_pending_approvals(limit: int = 20) -> List[Dict]:
+    """Load pending drafts from the SQLite registry (LED-1129)."""
+    db_path = DELIMIT_HOME / "drafts.db"
+    if not db_path.exists():
+        return []
+    
+    approvals = []
+    try:
+        # Connect read-only to avoid locking issues with the daemon
+        with sqlite3.connect(f"file:{db_path}?mode=ro", uri=True) as conn:
+            conn.row_factory = sqlite3.Row
+            cursor = conn.execute(
+                "SELECT * FROM drafts WHERE status IN ('pending', 'waiting_for_approval') "
+                "ORDER BY created_at DESC LIMIT ?",
+                (limit,)
+            )
+            for row in cursor:
+                d = dict(row)
+                # Parse target_json for a summary
+                try:
+                    target = json.loads(d.get("target_json", "{}"))
+                    d["target_summary"] = target.get("repo", target.get("venture", "unknown"))
+                    if "issue" in target:
+                        d["target_summary"] += f" #{target['issue']}"
+                except:
+                    d["target_summary"] = "unknown"
+                
+                # Calculate age
+                created_at = d.get("created_at", 0)
+                if created_at:
+                    diff = int(time.time()) - created_at
+                    if diff < 60: d["age_str"] = f"{diff}s"
+                    elif diff < 3600: d["age_str"] = f"{diff//60}m"
+                    elif diff < 86400: d["age_str"] = f"{diff//3600}h"
+                    else: d["age_str"] = f"{diff//86400}d"
+                else:
+                    d["age_str"] = "n/a"
+                
+                approvals.append(d)
+    except Exception:
+        pass
+    return approvals
+
+
 def _load_process_list() -> List[Dict[str, Any]]:
     """Build a list of known daemons with status from state files and alerts."""
     processes = []
@@ -488,6 +534,33 @@ def _channel_color(channel: str) -> str:
     return colors.get(channel, "white")
 
 
+
+class ApprovalsPanel(Static):
+    """Pending approvals view -- shows items from drafts.db."""
+
+    def compose(self) -> ComposeResult:
+        yield DataTable(id="approvals-table")
+
+    def on_mount(self) -> None:
+        table = self.query_one("#approvals-table", DataTable)
+        table.add_columns("ID", "Kind", "Target", "Status", "Age")
+        table.cursor_type = "row"
+        self._refresh_data()
+        self.set_interval(10, self._refresh_data)
+
+    def _refresh_data(self) -> None:
+        table = self.query_one("#approvals-table", DataTable)
+        table.clear()
+        for item in _load_pending_approvals(25):
+            table.add_row(
+                item.get("draft_id", "")[:12],
+                item.get("draft_kind", ""),
+                item.get("target_summary", "")[:40],
+                item.get("status", ""),
+                item.get("age_str", ""),
+            )
+
+
 class FilesystemPanel(Static):
     """Filesystem browser -- navigate .delimit/ directory tree."""
 
@@ -774,6 +847,7 @@ class DelimitOS(App):
     BINDINGS = [
         Binding("q", "quit", "Quit", key_display="Q"),
         Binding("l", "focus_ledger", "Ledger", key_display="L"),
+        Binding("a", "focus_approvals", "Approvals", key_display="A"),
         Binding("s", "focus_swarm", "Swarm", key_display="S"),
         Binding("n", "focus_notifications", "Notifications", key_display="N"),
         Binding("f", "focus_files", "Files", key_display="F"),
@@ -788,6 +862,8 @@ class DelimitOS(App):
     def compose(self) -> ComposeResult:
         yield GovernanceBar()
         with TabbedContent():
+            with TabPane("Approvals", id="tab-approvals"):
+                yield ApprovalsPanel()
             with TabPane("Ledger", id="tab-ledger"):
                 yield LedgerPanel()
             with TabPane("Swarm", id="tab-swarm"):
@@ -806,6 +882,9 @@ class DelimitOS(App):
 
     # -- Tab focus actions -----------------------------------------------------
 
+    def action_focus_approvals(self) -> None:
+        self.query_one(TabbedContent).active = "tab-approvals"
+
     def action_focus_ledger(self) -> None:
         self.query_one(TabbedContent).active = "tab-ledger"
 
@@ -831,6 +910,8 @@ class DelimitOS(App):
 
     def action_refresh(self) -> None:
         """Refresh all panels."""
+        for panel in self.query(ApprovalsPanel):
+            panel._refresh_data()
         for panel in self.query(LedgerPanel):
             panel._refresh_data()
         for panel in self.query(SwarmPanel):

package/gateway/core/ci_formatter.py

@@ -100,89 +100,117 @@ class CIFormatter:
         decision = result.get("decision", "unknown")
         violations = result.get("violations", [])
         summary = result.get("summary", {})
-        semver = result.get("semver")  # optional dict from semver_classifier
+        semver = result.get("semver")
+        all_changes = result.get("all_changes", [])
+        migration = result.get("migration")
 
-        # Header — include semver badge when available
-        bump_badge = ""
-        if semver:
-            bump = semver.get("bump", "unknown")
-            bump_badge = {"major": " `MAJOR`", "minor": " `MINOR`", "patch": " `PATCH`", "none": ""}.get(bump, "")
+        bc = summary.get("breaking_changes", 0)
+        total = summary.get("total_changes", 0)
+        additive = total - bc
 
-        if decision == "fail":
-            lines.append(f"## 🚨 Delimit: Breaking Changes{bump_badge}\n")
-        elif decision == "warn":
-            lines.append(f"## ⚠️ Delimit: Potential Issues{bump_badge}\n")
+        errors = [v for v in violations if v.get("severity") == "error"]
+        warnings = [v for v in violations if v.get("severity") == "warning"]
+
+        if bc == 0:
+            # ── GREEN PATH ──
+            bump_label = "NONE"
+            if semver:
+                bump_label = semver.get("bump", "none").upper()
+            lines.append("\U0001f6e1\ufe0f **Governance Passed**\n")
+            if total > 0:
+                lines.append(
+                    f"> **No breaking API changes detected.** "
+                    f"{additive} additive change{'s' if additive != 1 else ''} "
+                    f"found \u2014 Semver: **{bump_label}**\n"
+                )
+            else:
+                lines.append("> **No breaking API changes detected.**\n")
+
+            # Additive changes
+            safe_changes = [c for c in all_changes if not c.get("is_breaking")]
+            if safe_changes and len(safe_changes) <= 15:
+                lines.append("<details>")
+                lines.append(f"<summary>\u2705 New additions ({len(safe_changes)})</summary>\n")
+                for c in safe_changes:
+                    lines.append(f"- `{c.get('path', '')}` \u2014 {c.get('message', '')}")
+                lines.append("</details>\n")
         else:
-            lines.append(f"## ✅ API Changes Look Good{bump_badge}\n")
+            # ── RED PATH ──
+            lines.append("\U0001f6e1\ufe0f **Breaking API Changes Detected**\n")
 
-        # Semver + summary table
-        lines.append("| Metric | Value |")
-        lines.append("|--------|-------|")
-        if semver:
-            lines.append(f"| Semver bump | `{semver.get('bump', 'unknown')}` |")
-            if semver.get("next_version"):
-                lines.append(f"| Next version | `{semver['next_version']}` |")
-        lines.append(f"| Total changes | {summary.get('total_changes', 0)} |")
-        lines.append(f"| Breaking | {summary.get('breaking_changes', 0)} |")
-        if summary.get("violations", 0) > 0:
-            lines.append(f"| Policy violations | {summary['violations']} |")
-        lines.append("")
+            # Summary card
+            parts = [f"\U0001f534 **{bc} breaking change{'s' if bc != 1 else ''}**"]
+            parts.append("Semver: **MAJOR**")
+            if semver and semver.get("next_version"):
+                parts.append(f"Next: `{semver['next_version']}`")
+            separator = " \u00b7 "
+            lines.append(f"> {separator.join(parts)}\n")
 
-        # Violations table
-        if violations:
-            errors = [v for v in violations if v.get("severity") == "error"]
-            warnings = [v for v in violations if v.get("severity") == "warning"]
+            # Stats table
+            lines.append("| | Count |")
+            lines.append("|---|---|")
+            lines.append(f"| Total changes | {total} |")
+            lines.append(f"| Breaking | {bc} |")
+            lines.append(f"| Additive | {additive} |")
+            if len(warnings) > 0:
+                lines.append(f"| Warnings | {len(warnings)} |")
+            if summary.get("violations", 0) > 0:
+                lines.append(f"| Policy violations | {summary['violations']} |")
+            lines.append("")
 
+            # Violations table
             if errors or warnings:
-                lines.append("### Violations\n")
-                lines.append("| Severity | Rule | Description | Location |")
-                lines.append("|----------|------|-------------|----------|")
+                lines.append("### Breaking Changes\n")
+                lines.append("| Severity | Change | Location |")
+                lines.append("|----------|--------|----------|")
 
                 for v in errors:
-                    rule = v.get("name", v.get("rule", "Unknown"))
                     desc = v.get("message", "Unknown violation")
                     location = v.get("path", "-")
-                    lines.append(f"| 🔴 **Error** | {rule} | {desc} | `{location}` |")
+                    lines.append(f"| \U0001f534 Critical | {desc} | `{location}` |")
 
                 for v in warnings:
-                    rule = v.get("name", v.get("rule", "Unknown"))
                     desc = v.get("message", "Unknown warning")
                     location = v.get("path", "-")
-                    lines.append(f"| 🟡 Warning | {rule} | {desc} | `{location}` |")
+                    lines.append(f"| \U0001f7e1 Warning | {desc} | `{location}` |")
 
                 lines.append("")
 
-        # Detailed changes
-        all_changes = result.get("all_changes", [])
-        if all_changes and len(all_changes) <= 10:
-            lines.append("<details>")
-            lines.append("<summary>All changes</summary>\n")
-            lines.append("```")
-            for change in all_changes:
-                breaking = "BREAKING" if change.get("is_breaking") else "safe"
-                lines.append(f"[{breaking}] {change.get('message', 'Unknown change')}")
-            lines.append("```")
-            lines.append("</details>\n")
+            # Migration guidance
+            if migration and decision == "fail":
+                lines.append("<details>")
+                lines.append("<summary>\U0001f4cb Migration guide</summary>\n")
+                lines.append(migration)
+                lines.append("\n</details>\n")
+            elif errors and decision == "fail":
+                lines.append("<details>")
+                lines.append("<summary>\U0001f4cb Migration guide</summary>\n")
+                lines.append("1. **Restore removed endpoints** \u2014 deprecate before removing")
+                lines.append("2. **Make parameters optional** \u2014 don't add required params")
+                lines.append("3. **Use versioning** \u2014 create `/v2/` for breaking changes")
+                lines.append("4. **Gradual migration** \u2014 provide guides and time")
+                lines.append("\n</details>\n")
 
-        # Migration guidance (from explainer) when available
-        migration = result.get("migration")
-        if migration and decision == "fail":
-            lines.append("<details>")
-            lines.append("<summary>Migration guide</summary>\n")
-            lines.append(migration)
-            lines.append("\n</details>\n")
+            # Additive changes
+            safe_changes = [c for c in all_changes if not c.get("is_breaking")]
+            if safe_changes and len(safe_changes) <= 15:
+                lines.append("<details>")
+                lines.append(f"<summary>\u2705 New additions ({len(safe_changes)})</summary>\n")
+                for c in safe_changes:
+                    lines.append(f"- `{c.get('path', '')}` \u2014 {c.get('message', '')}")
+                lines.append("</details>\n")
 
-        # Remediation
-        if violations and decision == "fail" and not migration:
-            lines.append("### 💡 How to Fix\n")
-            lines.append("1. **Restore removed endpoints** — deprecate before removing")
-            lines.append("2. **Make parameters optional** — don't add required params")
-            lines.append("3. **Use versioning** — create `/v2/` for breaking changes")
-            lines.append("4. **Gradual migration** — provide guides and time")
-            lines.append("")
+            lines.append("> **Fix locally:** `npx delimit-cli lint`\n")
 
         lines.append("---")
-        lines.append("*Generated by [Delimit](https://github.com/delimit-ai/delimit) — ESLint for API contracts*")
+        lines.append(
+            "Powered by [Delimit](https://delimit.ai) \u00b7 "
+            "[Docs](https://delimit.ai/docs) \u00b7 "
+            "[Install](https://github.com/marketplace/actions/delimit-api-governance)"
+        )
+
+        if bc == 0:
+            lines.append("\nKeep Building.")
 
         return "\n".join(lines)