Skip to content

delimit-ai/delimit

v3.8.1 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 2mo MCP Developer Tools
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 1 known CVE

Topics

ai-governance api-governance breaking-changes claude-code codex cross-model
+8 more
cursor deliberation devtools gemini-cli mcp mcp-server model-context-protocol openapi

Affected surfaces

rce_ssrf

Summary

AI summary

Cross-model continuity lets tasks, memory, and governance persist across Claude Code, Codex, and Gemini CLI.

Full changelog

What's New

Cross-model continuity — Your tasks, memory, and governance carry between Claude Code, Codex, and Gemini CLI. Switch models without losing context.

Project scandelimit_scan discovers OpenAPI specs, frameworks, security issues, and tests in your project. The first-run "aha moment."

CLI-first deliberation — Uses your existing CLI subscriptions (Claude Pro, Codex Pro, Gemini Ultra) instead of separate API keys. No extra cost.

Governance trigger — AI assistants automatically check the ledger on session start. Works across Claude Code, Codex, Cursor, and Gemini CLI.

Security hardening:

  • Pinned Python dependencies with isolated venv
  • Fixed command injection in test_smoke (shell=True removed)
  • All internal paths removed from shipped package
  • Input validation on subprocess calls

GitHub Action v1.5.2:

81 tools including: scan, release_sync, models configure, deploy_npm

Install

npx delimit-cli setup

No API keys. No account. 10 seconds. Works with Claude Code, Codex, Cursor, and Gemini CLI.

Full Changelog: https://github.com/delimit-ai/delimit/commits/main

Security Fixes

  • Fixed command injection in `test_smoke` by removing `shell=True` usage.
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track delimit-ai/delimit

Get notified when new releases ship.

Sign up free

About delimit-ai/delimit

API governance server that detects breaking changes in OpenAPI specs. Diffs two spec versions, applies configurable policy rules (strict/default/relaxed), and returns structured pass/fail verdicts. 23 change types, 10 breaking. Supports OpenAPI 3.0, 3.1, and Swagger 2.0.

All releases →

Related context

Beta — feedback welcome: [email protected]