Ait

v1.0.1 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 13d AI Agents & Assistants

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

This release patches 1 known CVE

Topics

agent-harness agent-isolation agentic ai-agents ai-coding ai-tools

+14 more

aider claude-code code-provenance codex coding-assistant cursor developer-tools gemini-cli git git-worktree llm-agents python vcs worktree

Affected surfaces

rce_ssrf

ReleasePort's take

Light signal

editorial:auto 13d

Ait v1.0.1 hardens execution paths by requiring opt-in for shell commands, adding subprocess guards, PID safety checks, and SQLite protections. CI workflows restored with Python 3.14 mock compatibility and Git configuration fixes.

Why it matters: Operators requiring shell execution in runner/session-room must enable opt-in; test subprocess and SQLite behavior in dev. Python 3.14 CI compatibility restored; dependency updates address session stability.

Summary

AI summary

Runner and session-room execution paths now require opt‑in for shell commands, adding size/timeout guards and safer SQLite handling.

Changes in this release

Type	Severity	Summary	CVE
Security	Medium	Hardened runner and session-room execution paths for shell opt-in, subprocess guards, PID safety, SQLite checks, and PTY cleanup. Hardened runner and session-room execution paths for shell opt-in, subprocess guards, PID safety, SQLite checks, and PTY cleanup. Source: llm_adapter@2026-05-21 Confidence: low	—
Dependency	Medium	Bumped Python and npm package versions to 1.0.1. Bumped Python and npm package versions to 1.0.1. Source: llm_adapter@2026-05-21 Confidence: low	—
Bugfix	Medium	Restored CI by configuring Git author identity and preserving Python 3.14 mock file-descriptor behavior in session tests. Restored CI by configuring Git author identity and preserving Python 3.14 mock file-descriptor behavior in session tests. Source: llm_adapter@2026-05-21 Confidence: high	—

Full changelog

1.0.1 - 2026-05-21

Security

Harden runner and session-room execution paths so shell execution is opt-in, subprocess output capture has size and timeout guards, PID reuse is less likely to confuse liveness checks, SQLite database files are opened through safer path and mode checks, and PTY/socket cleanup is more robust.

Fixed

Restore CI by configuring Git author identity in the workflow and preserving Python 3.14 mock file-descriptor behaviour in session tests.

Changed

Bump the Python and npm package versions to 1.0.1.

Security Fixes

Runner and session‑room execution paths hardened: shell execution is now opt‑in, subprocess output capture limited by size/timeout, PID reuse reduced to avoid liveness confusion, SQLite file opening uses safer path/mode checks, PTY/socket cleanup improved.

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track Ait

Get notified when new releases ship.

About Ait

All releases →

Related context

Related tools

Earlier breaking changes

v0.55.52 Keep the built-in claude-code reviewer pinned to the local claude -p CLI even when repository policy defines a conflicting command override.