This release includes 1 security fix for security teams reviewing exposed deployments.
Topics
+8 more
Affected surfaces
Summary
AI summaryFixes false‑positive security findings and prevents pytest from running in Node‑only repos.
Full changelog
Second release shipped through the dogfood chain. Clears the known-debt tail from v4.3.3.
Dogfood evidence chain
| Gate | Result |
|---|---|
| delimit_repo_diagnose | ✓ |
| delimit_security_audit (direct-python, bypassing MCP cache) | ✓ 22 findings → 1 (upstream npm-audit moderate; 21 pattern false positives suppressed by new nosec-aware scanner) |
| delimit_test_smoke | ✓ 165/165 |
| delimit_changelog | ✓ |
| delimit_deploy_plan | ✓ |
| CI (Node 18 / 20 / 22 + CodeQL + API Check) | ✓ 9/9 green on PR #61 |
| delimit wrap — live verify | ✓ att_a05050eb8e13277e — signed attestation of npm view [email protected] version → 4.3.4 |
Fixes
- Nosec-aware anti-pattern scanner (
gateway/ai/backends/tools_infra.py). The scanner now honors industry-standard suppression markers:# nosec,// nosec,# delimit:nosec,// delimit:nosec. Matches bandit's convention. Strictly more permissive than before — never adds findings, only suppresses matched ones. Direct-python verification: 22 findings → 1 (the remaining is an upstream npm-audit moderate, not a pattern hit). delimit wrappytest-detection (lib/wrap-engine.js). The bundled test-smoke gate no longer runs pytest against Node-only repos. Previously anytests/directory would trigger pytest. Now requires a Python-specific signal:pytest.ini,setup.py,pyproject.tomlmentioning pytest, orsetup.cfgwith[pytest]/[tool:pytest]. Fixes the✗ test_smoke:pytestline that appeared in the v4.3.3 verification attestation.- 18 inline
# nosec/// nosecannotations on legitimateeval/exec/yaml.load/subprocess_shellusages in MCP dynamic dispatch, regex pattern definitions (scanner scanning itself), and user-local config parsing. Each annotation includes the reason inline:gateway/ai/swarm.py:849— MCP tool dispatch eval/execgateway/ai/mcp_bridge.py:31— shell=True for user-configured CLIgateway/ai/backends/tools_infra.py:78-81— self-scanner pattern defsgateway/ai/workers/executor.py:514— approved-script spawngateway/core/zero_spec/express_extractor.py:70— sandboxed AST execbin/delimit-cli.js:381, 3833, 4196, 4311— user-local YAML parselib/agent.js:127, 142, 320— agent config YAML parselib/cross-model-hooks.js:157— hook YAML parseadapters/codex-security.js:13, 14, 16— scanner pattern defs
Compatibility
Not a behavior change for users. The nosec-aware scanner is strictly more permissive than before (never adds findings, only suppresses matched ones), and the pytest-detection fix only prevents incorrect pytest invocations.
Known state
delimit_security_auditvia MCP still shows the pre-fix findings because the MCP server process caches Python modules on startup. Source truth is correct and was verified via direct-python subprocess. Fix activates on next MCP restart.
Full context: LED-1075 (regression tests), LED-1076 (false-positive fix), LED-1077 (test-smoke fix), LED-1079 (dogfood milestone), LED-1080 (nosec-aware scanner).
Security Fixes
- Nosec‑aware scanner now honors suppression markers (`# nosec`, `// nosec`, `# delimit:nosec`, `// delimit:nosec`) reducing false positives from 22 to 1.
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About delimit-ai/delimit
API governance server that detects breaking changes in OpenAPI specs. Diffs two spec versions, applies configurable policy rules (strict/default/relaxed), and returns structured pass/fail verdicts. 23 change types, 10 breaking. Supports OpenAPI 3.0, 3.1, and Swagger 2.0.
Related context
Beta — feedback welcome: [email protected]