Ait

v0.55.56 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 21d AI Agents & Assistants

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

This release patches 1 known CVE

Topics

agent-harness agent-isolation agentic ai-agents ai-coding ai-tools

+14 more

aider claude-code code-provenance codex coding-assistant cursor developer-tools gemini-cli git git-worktree llm-agents python vcs worktree

Affected surfaces

auth rce_ssrf

ReleasePort's take

Light signal

editorial:auto 13d

Release v0.55.56 fixes wrapped hook paths in Claude Code, Codex, and Gemini for isolated worktrees and stops stale ANTHROPIC_API_KEY values from being inherited by child processes.

Why it matters: Patch to v0.55.56 immediately to correct path wrapping bugs and prevent unintended API key inheritance in child processes.

Summary

AI summary

Fixed path wrapping for Claude Code, Codex, and Gemini hooks in isolated attempt worktrees and prevented inheritance of stale ANTHROPIC_API_KEY.

Changes in this release

Type	Severity	Summary	CVE
Bugfix	Medium	Fix wrapped hook paths in Claude Code, Codex, and Gemini for isolated worktrees. Fix wrapped hook paths in Claude Code, Codex, and Gemini for isolated worktrees. Source: llm_adapter@2026-05-21 Confidence: high	—
Bugfix	Medium	Prevent stale ANTHROPIC_API_KEY values from being inherited by Claude Code child processes. Prevent stale ANTHROPIC_API_KEY values from being inherited by Claude Code child processes. Source: llm_adapter@2026-05-21 Confidence: high	—

Full changelog

Fix wrapped Claude Code, Codex, and Gemini hook paths when AIT runs agent commands inside isolated attempt worktrees. The executable pain-point demos also avoid inheriting stale ANTHROPIC_API_KEY values into Claude Code child processes.