This release adds 2 notable features for engineering teams evaluating rollout.
✓ No known CVEs patched in this version
Topics
+8 more
Summary
AI summaryAdds delimit seal-verify CLI command and MCP tool to verify Delimit Seal receipts.
Changes in this release
| Type | Severity | Summary | CVE |
|---|---|---|---|
| Security | Medium |
Verifier lazy-imports cryptography and fails closed if absent. Verifier lazy-imports cryptography and fails closed if absent. Source: granite4.1:30b@2026-06-04-audit Confidence: low |
— |
| Feature | Low |
Adds `delimit seal-verify <receipt>` CLI command and `delimit_seal_verify` MCP tool for verifying Delimit Seal receipts. Adds `delimit seal-verify <receipt>` CLI command and `delimit_seal_verify` MCP tool for verifying Delimit Seal receipts. Source: llm_adapter@2026-06-04 Confidence: high |
— |
Full changelog
Adds the free delimit seal-verify <receipt> CLI command and delimit_seal_verify MCP tool: verify a Delimit Seal receipt's Ed25519 signature and content-pin against a bundled, content-hashed constitution. Verifier lazy-imports cryptography and fails closed if absent. Purely additive.
Published to npm as [email protected] (registry integrity sha512-XkBQSJ…). Note: this release was published via npm CLI (not the CI provenance pipeline, which was blocked by an expired NPM_TOKEN — see LED-2297), so it carries no sigstore provenance attestation.
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About delimit-ai/delimit
API governance server that detects breaking changes in OpenAPI specs. Diffs two spec versions, applies configurable policy rules (strict/default/relaxed), and returns structured pass/fail verdicts. 23 change types, 10 breaking. Supports OpenAPI 3.0, 3.1, and Swagger 2.0.
Related context
Beta — feedback welcome: [email protected]