Ait

v1.5.1 Bugfix

This release fixes issues for SREs watching stability and regressions.

Published 5d AI Agents & Assistants

✓ No known CVEs patched

✓ No known CVEs patched in this version

Topics

agent-harness agent-isolation agentic ai-agents ai-coding ai-tools

+14 more

aider claude-code code-provenance codex coding-assistant cursor developer-tools gemini-cli git git-worktree llm-agents python vcs worktree

Summary

AI summary

Fixed adversarial reviewer not seeing reviewed code by materializing a read‑only git worktree with the complete diff.

Type	Severity	Summary	CVE
Bugfix	Medium	Reviewer now operates on a complete read‑only git worktree of the reviewed commit. Reviewer now operates on a complete read‑only git worktree of the reviewed commit. Source: llm_adapter@2026-05-29 Confidence: low	—
Bugfix	Low	Fixture builders updated to use real commit OIDs instead of synthetic values. Fixture builders updated to use real commit OIDs instead of synthetic values. Source: granite4.1:30b@2026-05-29-audit Confidence: low	—
Refactor	Low	Brief output reduced to metadata, facts, test evidence, and snapshot pointer only. Brief output reduced to metadata, facts, test evidence, and snapshot pointer only. Source: granite4.1:30b@2026-05-29-audit Confidence: low	—

Full changelog

Adversarial reviewer now sees the code under review. Previously the
reviewer ran in an empty cwd with workspace reads denied; its only view
of the change was a per-tier truncated diff embedded in the brief,
which routinely dropped whole files and produced non-actionable
"can't read the implementation" findings.

Root-cause fix: before launching the reviewer, AIT materializes the
attempt's reviewed commit as a pinned read-only git worktree at
.ait/reviewer-runs/<review_id>/src/ and writes the complete
base..head diff to <run>/diff.patch. The reviewer can open ANY
file at the reviewed commit, trace callers, and recompute the diff
itself.

The brief becomes small and stable — metadata + facts + test evidence
- a pointer to the snapshot and the base/head refs — with no
  character budget left to tune. The snapshot is cleaned up on every
  exit path (success or failure).

962 tests passing.
Two fixture builders updated to use real commit OIDs (synthetic
'0'*40 / '1'*40 OIDs would have made the new snapshot materialization
reject).
See CHANGELOG for the full entry and code references.

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Track Ait

Get notified when new releases ship.

About Ait

v0.55.52 Keep the built-in claude-code reviewer pinned to the local claude -p CLI even when repository policy defines a conflicting command override.