theorydeltaclaim-fidelity audits
built 2026-07-17dossiers: 5last verified 2026-07-09independent · evidence-traced · no vendor influence
← back to Claude Code dossier

DELTA CC-03 / Claude Code

Deny-rule non-enforcement is a recurring regression — three documented instances (v1.0.93 #6699, v2.0.8 #8961, v2.1.49 #27040) with no root-cause fix

openopened 2025-08

Description

  1. UPDATE 2026-07-04: the regression pattern holds. #6699 was closed 'completed' (a real fix, 2025-09) but deny non-enforcement recurred at v2.0.8 (#8961, still open) and v2.1.49 (#27040, since closed stale). TD-executed repro on v2.1.201 shows the recursive-grep deny bypass still fires. Direct-path deny did harden (v2.1.162–163: Bash 'cat' of the exact path now blocked, built-in Glob/Grep tools no longer leak denied files), but no single fix enforces the whole path-deny class across two consecutive releases; criterion not met, delta stays open.

Closes when

A regression-test-backed fix lands and path-specific deny patterns enforce across two consecutive minor releases, re-verified

Evidence

theorydelta.com · 2026independent · evidence-backed · every claim sourced or labelledabout ·glossary ·rss ·mcp ·llms.txt