This release adds 2 notable features for engineering teams evaluating rollout.
✓ No known CVEs patched in this version
Topics
+14 more
ReleasePort's take
Light signalRelease v0.55.52 hardens adversarial review parsing with strict validation and adds richer contextual evidence to reviewer briefs.
Why it matters: Patch immediately if you use adversarial reviewer workflows; the update enforces changed‑file validation, duplicate rejection, and high‑severity evidence requirements for all parsed reviews.
Summary
AI summaryHardened adversarial review parsing with strict validation and additional contextual evidence in reviewer briefs.
Changes in this release
| Type | Severity | Summary | CVE |
|---|---|---|---|
| Security | Medium |
Reject vague blocking findings, malformed review JSON, and findings outside the changed-file set unless they are explicitly marked as cross-file. Reject vague blocking findings, malformed review JSON, and findings outside the changed-file set unless they are explicitly marked as cross-file. Source: llm_adapter@2026-05-21 Confidence: low |
— |
| Security | Medium |
Block reviewer workspace writes under both .ait/workspaces and .ait/worktrees. Block reviewer workspace writes under both .ait/workspaces and .ait/worktrees. Source: llm_adapter@2026-05-21 Confidence: low |
— |
| Breaking | Medium |
Keep the built-in claude-code reviewer pinned to the local claude -p CLI even when repository policy defines a conflicting command override. Keep the built-in claude-code reviewer pinned to the local claude -p CLI even when repository policy defines a conflicting command override. Source: llm_adapter@2026-05-21 Confidence: high |
— |
| Feature | Medium |
Add diff excerpts, prior failed attempts, prior review findings, and structured test evidence to adversarial reviewer briefs. Add diff excerpts, prior failed attempts, prior review findings, and structured test evidence to adversarial reviewer briefs. Source: llm_adapter@2026-05-21 Confidence: high |
— |
| Feature | Medium |
Record Claude Code reviewer CLI provenance, including the resolved binary, timeout, and blocked environment proof. Record Claude Code reviewer CLI provenance, including the resolved binary, timeout, and blocked environment proof. Source: llm_adapter@2026-05-21 Confidence: high |
— |
| Refactor | Medium |
Harden adversarial review parsing with changed-file validation, explicit cross-file findings, duplicate rejection, actionable high-severity evidence requirements, and mitigation or suggested-test requirements. Harden adversarial review parsing with changed-file validation, explicit cross-file findings, duplicate rejection, actionable high-severity evidence requirements, and mitigation or suggested-test requirements. Source: llm_adapter@2026-05-21 Confidence: high |
— |
Full changelog
0.55.52 - 2026-05-12
Added
- Add diff excerpts, prior failed attempts, prior review findings, and structured test evidence to adversarial reviewer briefs.
- Record Claude Code reviewer CLI provenance, including the resolved binary, timeout, and blocked environment proof.
Changed
- Harden adversarial review parsing with changed-file validation, explicit cross-file findings, duplicate rejection, actionable high-severity evidence requirements, and mitigation or suggested-test requirements.
- Keep the built-in claude-code reviewer pinned to the local claude -p CLI even when repository policy defines a conflicting command override.
Safety
- Reject vague blocking findings, malformed review JSON, and findings outside the changed-file set unless they are explicitly marked as cross-file.
- Block reviewer workspace writes under both .ait/workspaces and .ait/worktrees.
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About Ait
All releases →Related context
Related tools
Beta — feedback welcome: [email protected]