This release includes 5 security fixes for security teams reviewing exposed deployments.
Topics
+14 more
Affected surfaces
Summary
AI summarySecurity hardening measures including message array capping, symlink bypass blocking, revenue validation, header sanitization, API rate limiting, provenance and SBOM additions.
Full changelog
Security hardening
- 6 findings fixed from 10-dog penetration test
- Message array capped at 512 (prevents budget burn)
- Symlink bypass blocked in MCP transcript hook
- Infinity revenue rejected in margin calculator
- Response headers sanitized before reflection
- Public pricing API rate limited (30 RPM/IP)
- SLSA Level 3 provenance on releases (.intoto.jsonl)
- CycloneDX SBOM on releases
- Zero pnpm audit vulnerabilities
- 4 required CI checks (check-and-test, check-python, secrets-scan, semgrep)
Other
- llmkit.sh domain live (dashboard + api.llmkit.sh proxy)
- [email protected] + [email protected] email routing
- ELIZA plugin (@f3d1/plugin-llmkit) for ElizaOS
- Margin calculator for DePIN/Web3 agents
- Framework integrations (LangChain, LlamaIndex, Pydantic AI)
- PyPI 0.1.9, OpenSSF Scorecard 8.6
Signed with Sigstore.
Security Fixes
- Message array capped at 512 entries (prevents budget burn)
- Symlink bypass blocked in MCP transcript hook
- Infinity revenue rejected in margin calculator
- Response headers sanitized before reflection
- Public pricing API rate limited to 30 RPM per IP
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About smigolsmigol/llmkit
AI API cost tracking and budget enforcement across 11 LLM providers. 6 tools for spend analytics, budget monitoring, session summaries, and key management.
Related context
Beta — feedback welcome: [email protected]